Report - do0d.co/d/baPG1JWqb1h

Report Overview

Submitted URL
do0d.co/d/baPG1JWqb1h
IP
104.21.32.201
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-10 18:35:12
Access
public
Website Title
Dwi Sri Ningsih Viral FDV5(1) - PoopHD
Final URL
poop.com.co/d/baPG1JWqb1h
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
22

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
i.poopcdn.com	unknown	2024-03-14	2024-03-14	2024-03-18	858 B	21 kB	188.114.97.1
nereserv.com	40015	2020-12-21	2020-12-21	2024-05-09	2.3 kB	1.3 kB	94.130.198.6
accounts.google.com	81	1997-09-15	2016-03-20	2024-05-09	1.7 kB	9.5 kB	74.125.131.84
ef34ee98f7.0b2d458c45.com	unknown	unknown	No data	No data	821 B	322 B	45.133.44.53
yu2be.com	unknown	2023-08-23	2019-08-26	2024-04-14	2.0 kB	74 kB	188.114.96.1
mordoops.com	unknown	2023-01-04	2023-01-04	2024-05-04	2.0 kB	99 kB	139.45.197.244
assets.poopcdn.com	unknown	2024-03-14	2024-03-14	2024-04-13	4.1 kB	741 kB	188.114.96.1
fp.metricswpsh.com	unknown	2021-10-29	2022-04-22	2024-05-08	1.0 kB	809 B	157.90.84.242
o.pki.goog	unknown	2016-06-13	2024-04-24	2024-05-09	650 B	1.4 kB	142.250.74.131
static.bookmsg.com	47495	2020-09-15	2020-11-24	2024-05-09	1.8 kB	3.0 kB	45.133.44.25
paronymtethery.com	unknown	unknown	No data	No data	410 B	1.5 kB	23.109.170.224
mcpuwpsh.com	unknown	2022-08-12	2022-08-12	2024-05-08	474 B	4.3 kB	94.130.197.240
storage.multstorage.com	unknown	2023-09-22	2023-09-22	2024-05-08	523 B	1.6 kB	104.21.30.242
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-10	478 B	1.4 kB	142.250.74.106
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-05-09	451 B	738 B	139.45.195.8
imgsdn.com	unknown	2024-02-12	2024-02-12	2024-05-09	2.0 kB	13 kB	162.55.246.161
poop.com.co	unknown	2024-02-11	2024-02-11	2024-04-18	481 B	14 kB	172.67.136.38
img.vmmcdn.com	36292	2019-11-26	2019-11-26	2024-05-09	1.6 kB	62 kB	46.4.121.113
do0d.co	unknown	2024-03-16	2024-03-18	2024-04-18	475 B	834 B	104.21.32.201
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-09	898 B	58 kB	104.17.25.14
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-09	418 B	103 kB	142.250.74.168
362e373497.4a5936c82e.com	unknown	unknown	No data	No data	2.7 kB	478 kB	45.133.44.53
1734081ce4.64c8149326.com	unknown	unknown	No data	No data	16 kB	12 kB	167.235.163.216
metrolagu.cam	unknown	2023-03-24	2023-08-23	2024-04-15	2.1 kB	16 kB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-10	medium	4a5936c82e.com	Sinkholed
2024-05-10	medium	4a5936c82e.com	Sinkholed
2024-05-10	medium	4a5936c82e.com	Sinkholed
2024-05-10	medium	4a5936c82e.com	Sinkholed
2024-05-10	medium	paronymtethery.com	Sinkholed
2024-05-10	medium	mordoops.com	Sinkholed
2024-05-10	medium	0b2d458c45.com	Sinkholed
2024-05-10	medium	4a5936c82e.com	Sinkholed
2024-05-10	medium	4a5936c82e.com	Sinkholed
2024-05-10	medium	mordoops.com	Sinkholed
2024-05-10	medium	mordoops.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (18)

	URL	Size	First Seen	Last Seen
	362e373497.4a5936c82e.com/d0b44a3b286234a6547fbc3559b62bad.js	101 kB	2024-05-06	2024-05-16
Pretty URL 362e373497.4a5936c82e.com/d0b44a3b286234a6547fbc3559b62bad.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-06 11:08:30 Last Seen2024-05-16 07:55:12 Times Seen535 Hash 0cbfae16446f6ff17f3f18758b41e37c fdcba827008b6f52caa67735b295f7fab6f26a04 4f5cece30fb18d801a39950fe09419aa3280c654a323e72733b3204ad11a7a33 Loading...

	storage.multstorage.com/log/count.html	718 B	2023-09-18	2024-05-20
Pretty URL storage.multstorage.com/log/count.html IP 104.21.30.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-18 17:19:52 Last Seen2024-05-20 23:47:48 Times Seen5672 Hash 1f697a0f2411e463adbc1211493fe5a6 93c154152bda427938543b8efbd8d3b594abbac7 08a5735f5232b651af89f552e8d0fb7b21d6605fba48f335318699d80d12703e Loading...

	yu2be.com/watch?V=CBx6e9cZlBQ	59 kB	2023-12-02	2024-05-10
Pretty URL yu2be.com/watch?V=CBx6e9cZlBQ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-02 18:22:50 Last Seen2024-05-10 20:35:20 Times Seen21 Hash 6807f74172c0481bce8bfc7dc9ce14a6 3c2cb42261550ae26f6052fa2ce61d39a9ef8045 e4231152a19aaa7603f83a4f48f21456838e5d7c4eba759307d6ddc726c138d9 Loading...

	yu2be.com/watch?V=CBx6e9cZlBQ	444 B	2023-12-02	2024-05-10
Pretty URL yu2be.com/watch?V=CBx6e9cZlBQ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-02 18:22:51 Last Seen2024-05-10 20:35:20 Times Seen21 Hash ba979c18700f1869ae438068ae800451 7bc700eb3d82302f7da21b233e41ceae2aa7c453 c153c1e1d74d7666c7b846a802011c9faaeeff6e370a07dbefa6eddaadeaadb1 Loading...

	poop.com.co/d/baPG1JWqb1h	6.4 kB	2023-10-24	2024-05-11
Pretty URL poop.com.co/d/baPG1JWqb1h IP 172.67.136.38 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-24 06:38:45 Last Seen2024-05-11 00:50:07 Times Seen88 Hash eeed368413469275e3ee01f81d506e3b f0b2023738dda3d9f81f01101ffddc539dd5c919 4f96b2f1bc98f9dce38413ca59d5fe7c0f994b467965421be18e634d5dfaab9e Loading...

	poop.com.co/d/baPG1JWqb1h	856 B	2024-05-10	2024-05-10
Pretty URL poop.com.co/d/baPG1JWqb1h IP 172.67.136.38 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 20:35:20 Last Seen2024-05-10 20:35:20 Times Seen1 Hash 9b69a71ab7d1b1ad0256f5fe02627900 1c5e446f90dfb681802a993d74c23b41a2c9d31e 847f83e446a8b9f052f39c2799c53d0bff965b2ecd7f8cb6f001ffe9d3c66114 Loading...

	www.googletagmanager.com/gtag/js?id=G-RRBBHD087X	309 kB	2024-05-10	2024-05-10
Pretty URL www.googletagmanager.com/gtag/js?id=G-RRBBHD087X IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 20:35:20 Last Seen2024-05-10 20:35:20 Times Seen2 Hash 9bf08547e75462788f7c554cffd4d641 d34c65419d1bce544e7ea017fffe69caf55df1df 1042994ddee7a5017fa92d97130d823b3b57ee8fcb093ecf1535d9f1dd10a887 Loading...

	mordoops.com/tag.min.js	90 kB	2024-05-10	2024-05-12
Pretty URL mordoops.com/tag.min.js IP 139.45.197.244 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-10 04:22:10 Last Seen2024-05-12 17:32:01 Times Seen79 Hash e3024b1a3cbcc47f3eef4bab101c0b7f 73f6d27a2ff5cbf11ab455917016b5f70ba63444 41e1c3be0f91a1766e024356a7c4feee73a360f9f5691b79d6ceab270fd51edc Loading...

	metrolagu.cam/video?q=jiwa+yang+bersedih	0 B	2023-03-07	2024-05-20
Pretty URL metrolagu.cam/video?q=jiwa+yang+bersedih IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 23:50:10 Times Seen37898601 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	yu2be.com/watch?V=CBx6e9cZlBQ	104 B	2023-12-02	2024-05-10
Pretty URL yu2be.com/watch?V=CBx6e9cZlBQ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-02 18:22:51 Last Seen2024-05-10 20:35:20 Times Seen21 Hash 5abc9587d09477f86c9162cb5f7b392f 6c827e4c90fc5fea87b5ee5e8de6190a97825a01 8a3d9fc6c5d947a75700318b2835c16f7bc2e2f506c6b0ae42d8196a93eb0bd9 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js	90 kB	2023-03-07	2024-05-20
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-20 23:43:29 Times Seen145982 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	paronymtethery.com/rSfAH4Kr7lm28/64343	0 B	2023-03-07	2024-05-20
Pretty URL paronymtethery.com/rSfAH4Kr7lm28/64343 IP 23.109.170.224 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-20 23:50:10 Times Seen37898601 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	362e373497.4a5936c82e.com/8e57871395155b58a79a1f183241e252.js	109 kB	2024-05-08	2024-05-14
Pretty URL 362e373497.4a5936c82e.com/8e57871395155b58a79a1f183241e252.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 14:11:42 Last Seen2024-05-14 14:15:38 Times Seen387 Hash 392da8c33f7fec0078e15e7cb7dec615 9a58299ea074848763f9b3e0d0b3ed82ed92614a e4dd634416e83566cd4235d596b6292bdcca640a6fb47da3b9330a3113e35c47 Loading...

	362e373497.4a5936c82e.com/7698a17895f73c188dad8386e8798de5.js	168 kB	2024-04-27	2024-05-13
Pretty URL 362e373497.4a5936c82e.com/7698a17895f73c188dad8386e8798de5.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 09:40:27 Last Seen2024-05-13 09:50:11 Times Seen47 Hash cf49249e73efabedaf345f1fc2937285 5ef768ef2b81110762fcf31b5846daf3b56ab70c 75791ea71263cfaa3d74ece2b2a552c503ab39091bdcaccfda2d6f69fe77a7b9 Loading...

	362e373497.4a5936c82e.com/41d384976ce4fa31ae62ff09375e1244.js	470 kB	2024-04-19	2024-05-12
Pretty URL 362e373497.4a5936c82e.com/41d384976ce4fa31ae62ff09375e1244.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 15:52:52 Last Seen2024-05-12 12:48:12 Times Seen46 Hash cacb84104ff1b8352e0ee8c801a29ef4 393c74e933ff2a417ca50df17347793a36c86055 0099579c122343453ad3823291a11281d87678f071717020be17fec25ff03b77 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js	88 kB	2023-03-07	2024-05-20
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-05-20 23:27:23 Times Seen99255 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	poop.com.co/d/baPG1JWqb1h	1.9 kB	2024-05-10	2024-05-10
Pretty URL poop.com.co/d/baPG1JWqb1h IP 172.67.136.38 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-10 20:35:20 Last Seen2024-05-10 20:35:20 Times Seen1 Hash 4eea5a2fedfd70ffa285b461bb77c73e 08ac403be6dce430bc139b2ffa3e6ccc3ab21bd3 cf9049e7bf985bd15549d54a82c74a9be4dbf8a76f61326763bf21d567b17450 Loading...

	poop.com.co/d/baPG1JWqb1h	153 B	2024-02-17	2024-05-11
Pretty URL poop.com.co/d/baPG1JWqb1h IP 172.67.136.38 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-17 06:52:43 Last Seen2024-05-11 00:50:08 Times Seen37 Hash 73a6ebf3b00f83c3c9f8bc653869cfc5 924d36f61b7cb12b229ecb1b64691eb49439480c b651edc3f5e0ab0949d63f224d575452108d29873cad2dd54cb59fa15566bd9f Loading...

HTTP Transactions (66)

URL IP Response Size

do0d.co/d/baPG1JWqb1h

104.21.32.201

301 Moved Permanently

167 B

URL User Request GET HTTP/2
do0d.co/d/baPG1JWqb1h
IP
104.21.32.201:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectdo0d.co
Fingerprint13:BD:13:0E:85:44:AE:D8:DC:8F:66:3F:CB:1A:C6:83:CE:EC:8D:24
ValiditySat, 16 Mar 2024 14:06:00 GMT - Fri, 14 Jun 2024 14:05:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
0104c301c5e02bd6148b8703d19b3a73
7436e0b4b1f8c222c38069890b75fa2baf9ca620
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

HTTP Headers

GET /d/baPG1JWqb1h HTTP/1.1
Host: do0d.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Fri, 10 May 2024 18:34:44 GMT
content-type: text/html
content-length: 167
location: https://poop.com.co/d/baPG1JWqb1h
cache-control: max-age=3600
expires: Fri, 10 May 2024 19:34:44 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6YusTVtMhFQzYuj8DF%2Byoghtz3gZfrU1MMYP9IWwm3xj%2BUDartGoz62AEGaqkzWYbEBzYJIRHo2YTY%2FTy%2FsSxABkRvNoiiwWcr%2BiCqO0Q7KEwvRXopygSW%2Ba"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c066f2b63b51e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

104.17.25.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
28 kB (27748 bytes)
Hash
220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

HTTP Headers

GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 61424
expires: Wed, 30 Apr 2025 18:34:45 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=npPFWdEgCe5GD5m7wvv%2Fi8A130OWKblNU7obu27eB6XH%2BrzNL2OOuKc2Q%2FM8S4E5OrPHXLN6C4o2fZb%2BejQqFRKfCzaRJ%2BBXLNnLCBmhGFOISH%2BNMI3CU2RJ9XkBz2jHh5Nq%2B0K%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 881c06730dc7712a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-RRBBHD087X

142.250.74.168

200 OK

102 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-RRBBHD087X
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
102 kB (102279 bytes)
Hash
9bf08547e75462788f7c554cffd4d641
d34c65419d1bce544e7ea017fffe69caf55df1df
1042994ddee7a5017fa92d97130d823b3b57ee8fcb093ecf1535d9f1dd10a887

HTTP Headers

GET /gtag/js?id=G-RRBBHD087X HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 18:34:45 GMT
expires: Fri, 10 May 2024 18:34:45 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 102279
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

assets.poopcdn.com/fonts/avertastd-regular-webfont.woff2

188.114.96.1

200 OK

24 kB

URL GET HTTP/2
assets.poopcdn.com/fonts/avertastd-regular-webfont.woff2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A
ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23812, version 1.524
Size
24 kB (23812 bytes)
Hash
eb586e5a1b86dbf1c866e3ed80f9d18e
280ee78d19c017ab9335f769595e5157d3c4a343
714e70103deac0d67f52a6285c5fabee6088ce4d710ce7e74353503837038baf

HTTP Headers

GET /fonts/avertastd-regular-webfont.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:45 GMT
content-type: font/woff2
content-length: 23812
access-control-allow-origin: https://poop.com.co
etag: "eb586e5a1b86dbf1c866e3ed80f9d18e"
last-modified: Thu, 14 Mar 2024 17:32:25 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4782
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LSXKCoIaCxk2D7ui%2BvGuxpj6Qys1dn2uj642fTF6xQBH7uQYhj8tF%2FBjTE3gwiFpdMX8p7fiVIuhafkfKUZoVfc4A7vfoeUgVpup7OFnEEB6OdCBbRM8mTZqL7t8fCwL2B730E8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c06750f9856b5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

assets.poopcdn.com/fontawesome/webfonts/fa-duotone-900.woff2

188.114.96.1

200 OK

184 kB

URL GET HTTP/2
assets.poopcdn.com/fontawesome/webfonts/fa-duotone-900.woff2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A
ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT

File type
Web Open Font Format (Version 2), TrueType, length 184476, version 330.-16253
Size
184 kB (184476 bytes)
Hash
2a6dec1227f9970376f578270a642d06
150a6a7ffdec6e2e2ff4c712d7cee8bd9b930284
e228b909313044a18dec1a674cfd4935071c36eb3eb6a0cd38a45afac6ae3996

HTTP Headers

GET /fontawesome/webfonts/fa-duotone-900.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:45 GMT
content-type: font/woff2
content-length: 184476
access-control-allow-origin: https://poop.com.co
etag: "2a6dec1227f9970376f578270a642d06"
last-modified: Thu, 14 Mar 2024 17:23:02 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4782
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V5aLiCFmN6xx6zLpoS4Akd84Gz94E3UREvhX60e2en5KPY2L6tOKej9rMZl1MfaZh541IwmNBBq9i0mm1%2FrnKEuD1s6Kiy9vS1G1%2BWfoWqk5BUS9uKVyX%2F71UPmcXA1bCzoSefk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c06750fac56b5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

assets.poopcdn.com/fonts/avertastd-bold-webfont.woff2

188.114.96.1

200 OK

24 kB

URL GET HTTP/2
assets.poopcdn.com/fonts/avertastd-bold-webfont.woff2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A
ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23604, version 1.0
Size
24 kB (23604 bytes)
Hash
e9133fd11f14c09a2e4556c395a0ef7d
00fad09605f3342df5c9aeba130156fe19ade8b0
06244cc9cd0c998581b1bf93f5222deee7d2d0b09299190e163961afa973ba91

HTTP Headers

GET /fonts/avertastd-bold-webfont.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:45 GMT
content-type: font/woff2
content-length: 23604
access-control-allow-origin: https://poop.com.co
etag: "e9133fd11f14c09a2e4556c395a0ef7d"
last-modified: Thu, 14 Mar 2024 17:32:22 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4782
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BQDR78u7bYz8NSaI4k8ebn3TzVTi8%2FqdNAwEIfytBw7mP5PS1CaA%2BXg2j777wLF4utFCPa1sqTyglmEHrKu4e49HQydgbqqm7ZLMl4Onk1WwKbxQSeKzdNulbG%2BCkGdqgPyCkNY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c06752fda56b5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

i.poopcdn.com/pb6KW.jpg

188.114.97.1

200 OK

9.7 kB

URL GET HTTP/2
i.poopcdn.com/pb6KW.jpg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/video?q=jiwa+yang+bersedih
Certificate
IssuerLet's Encrypt
Subjecti.poopcdn.com
Fingerprint94:CF:0E:89:D9:78:6D:10:14:DF:D3:8A:C2:3E:AE:81:F9:AC:73:03
ValidityThu, 14 Mar 2024 07:45:46 GMT - Wed, 12 Jun 2024 07:45:45 GMT

File type
JPEG image data, baseline, precision 8, 281x640, components 3
Size
9.7 kB (9661 bytes)
Hash
615e1f4718821942ce97bf1a48c70aec
3e8b6e7508e9dad08039c307f813326d57b45e50
6c1566cc223f1e1d9a5a80271f7fba33b319a802fa555b39ad011a5180cd441f

HTTP Headers

GET /pb6KW.jpg HTTP/1.1
Host: i.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:46 GMT
content-type: image/jpeg
content-length: 9661
etag: "615e1f4718821942ce97bf1a48c70aec"
last-modified: Thu, 09 May 2024 19:48:48 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FmxQq1a%2FN1PUc3Wn6UTTGKm0HBqPDkXfgvCxJ%2BHLMZ6b7QHEx91fRdkeoCwcUq42BD%2FnH%2BfTkEPQsVHIbdXdLHAqaPnXyvL7HLOuGtHTaqBoP%2Bd4c7%2BCnj8BTObn88CA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c06738a2bb4ee-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

assets.poopcdn.com/apple-touch-icon.png

188.114.96.1

200 OK

2.8 kB

URL GET HTTP/2
assets.poopcdn.com/apple-touch-icon.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A
ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT

File type
PNG image data, 180 x 180, 8-bit colormap, non-interlaced
Size
2.8 kB (2766 bytes)
Hash
e4acc3f05da8195dfa02a437c8b2dba2
f23df2ed14e5d52417b155ccd11187f3250861dc
8b520e4032a17a3fb0410c6e4c7da29f182ca06861aa2d64db1969927e2db0d4

HTTP Headers

GET /apple-touch-icon.png HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:46 GMT
content-type: image/png
content-length: 2766
etag: "e4acc3f05da8195dfa02a437c8b2dba2"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1798
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fJR0mPVFvZU9EYSly%2FYnGnkqd36HrD9RwN9h3oe%2B32WgswVx98QSnLRlXcjHqRNRL5Mfore3QBrI6qCIvzIAg%2B6FCQjnrIpVwvoLbLOaGvNAjaScZjrMFGsweumYkIIO7ttRphw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c06776bdb56b5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=114039

157.90.84.242

200 OK

0 B

URL POST HTTP/1.1
fp.metricswpsh.com/fp?tag_id=114039
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.com.co/
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Fri, 10 May 2024 18:34:46 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://poop.com.co
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap

142.250.74.106

200 OK

811 B

URL GET HTTP/2
fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
ASCII text
Size
811 B (811 bytes)
Hash
942d6c103643a3b457d90844f34a9b37
e2594da697f0082ee92f0f1d9b163aed142e09e7
654ba530c9e174b31735ff3b7a9cb8399c9c142e7572046eefd3f90b253f4b54

HTTP Headers

GET /css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 10 May 2024 18:34:45 GMT
date: Fri, 10 May 2024 18:34:45 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=114039

157.90.84.242

200 OK

58 B

URL POST HTTP/1.1
fp.metricswpsh.com/fp?tag_id=114039
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type
JSON text data
Size
58 B (58 bytes)
Hash
87385fcd2a67fc74d2fa67366ba68ea2
a604cdbb1d31ce257e8643eee9219c9c724c200c
9307cbb21345500294eae459b18a8ffb2bd2fcccd928a09efbc1e324fa9c9995

HTTP Headers

POST /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1837
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 10 May 2024 18:34:46 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://poop.com.co
Set-Cookie: id=12331948179139015747; Expires=Sat, 10 May 2025 18:34:46 GMT; Secure; SameSite=None
Vary: Origin

assets.poopcdn.com/favicon-16x16.png

188.114.96.1

200 OK

612 B

URL GET HTTP/2
assets.poopcdn.com/favicon-16x16.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A
ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
612 B (612 bytes)
Hash
ac008ea155d4beee1e93247d7434c77d
f8ea94e94e0cc310202a517a9c445c3d70af564e
283e092dad794fdd9212249389fb2acb6d6846f332413ab2af7bbcced9a4957e

HTTP Headers

GET /favicon-16x16.png HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:46 GMT
content-type: image/png
content-length: 612
etag: "ac008ea155d4beee1e93247d7434c77d"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uzvzOnUAayhHsKMhA33Go3oU3cu9R0cOrIbmnq3BQ2mL7tNIpIdt4PAknSeRSdb3%2BSMI%2F7PTBhIozsMETwWMoNdveHFta9BZJl7iNrkJzeYg77ECNp2Bg5NMuc35TOXQIKZHawA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c06777bdd56b5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

nereserv.com/in/dip?event_id=e525b0c9-436e-4d81-98e1-acdec62a5b72&subid=2015216722&spot_id=430412&created_at=2024-05-10&timezone=0&ver=1.141.0

94.130.198.6

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?event_id=e525b0c9-436e-4d81-98e1-acdec62a5b72&subid=2015216722&spot_id=430412&created_at=2024-05-10&timezone=0&ver=1.141.0
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?event_id=e525b0c9-436e-4d81-98e1-acdec62a5b72&subid=2015216722&spot_id=430412&created_at=2024-05-10&timezone=0&ver=1.141.0 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 18:34:46 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

nereserv.com/in/dip?site=native-push&wl=1&event_id=d3e1728d-a22c-4488-acff-9f20487a8912&subid=388464194&sid=2679210506&spot_id=418776&created_at=2024-05-10&timezone=0&ver=7.282.0-b&is_native=1

94.130.198.6

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?site=native-push&wl=1&event_id=d3e1728d-a22c-4488-acff-9f20487a8912&subid=388464194&sid=2679210506&spot_id=418776&created_at=2024-05-10&timezone=0&ver=7.282.0-b&is_native=1
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?site=native-push&wl=1&event_id=d3e1728d-a22c-4488-acff-9f20487a8912&subid=388464194&sid=2679210506&spot_id=418776&created_at=2024-05-10&timezone=0&ver=7.282.0-b&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 18:34:46 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

362e373497.4a5936c82e.com/41d384976ce4fa31ae62ff09375e1244.js

45.133.44.53

200 OK

110 kB

URL GET HTTP/2
362e373497.4a5936c82e.com/41d384976ce4fa31ae62ff09375e1244.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subject362e373497.4a5936c82e.com
Fingerprint03:2C:29:06:2C:BE:AB:D5:79:11:0B:D4:B3:BA:B3:AD:38:71:7F:C2
ValidityTue, 07 May 2024 02:20:30 GMT - Mon, 05 Aug 2024 02:20:29 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
110 kB (109954 bytes)
Hash
cacb84104ff1b8352e0ee8c801a29ef4
393c74e933ff2a417ca50df17347793a36c86055
0099579c122343453ad3823291a11281d87678f071717020be17fec25ff03b77

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /41d384976ce4fa31ae62ff09375e1244.js HTTP/1.1
Host: 362e373497.4a5936c82e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:46 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 15 Apr 2024 13:02:16 GMT
etag: W/"661d2558-72d72"
content-encoding: gzip
expires: Fri, 10 May 2024 18:39:46 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

1734081ce4.64c8149326.com/in/multy

167.235.163.216

204 No Content

0 B

URL OPTIONS HTTP/2
1734081ce4.64c8149326.com/in/multy
IP
167.235.163.216:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subject64c8149326.com
FingerprintDB:0F:EB:EA:A1:42:59:73:1B:D0:36:13:DB:07:12:64:1B:07:5B:A7
ValidityMon, 06 May 2024 14:02:01 GMT - Sun, 04 Aug 2024 14:02:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /in/multy HTTP/1.1
Host: 1734081ce4.64c8149326.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.com.co/
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.20.1
date: Fri, 10 May 2024 18:34:47 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

362e373497.4a5936c82e.com/8e57871395155b58a79a1f183241e252.js

45.133.44.53

200 OK

55 kB

URL GET HTTP/2
362e373497.4a5936c82e.com/8e57871395155b58a79a1f183241e252.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subject362e373497.4a5936c82e.com
Fingerprint03:2C:29:06:2C:BE:AB:D5:79:11:0B:D4:B3:BA:B3:AD:38:71:7F:C2
ValidityTue, 07 May 2024 02:20:30 GMT - Mon, 05 Aug 2024 02:20:29 GMT

File type
gzip compressed data, from Unix
Size
55 kB (54902 bytes)
Hash
9cfb91845f7b89babe6ab6cdda8b4695
d2d264275af5c0055d974705ae4cc03db6ed30e8
cb986847e7b665d21a728abe5175acab211af48bb60fb05e13eff0cc39ecef47

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /8e57871395155b58a79a1f183241e252.js HTTP/1.1
Host: 362e373497.4a5936c82e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:46 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 08 May 2024 10:50:20 GMT
etag: W/"663b58ec-1ab25"
content-encoding: gzip
expires: Fri, 10 May 2024 18:39:46 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

assets.poopcdn.com/play.svg

188.114.96.1

200 OK

29 kB

URL GET HTTP/2
assets.poopcdn.com/play.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A
ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT

File type
SVG Scalable Vector Graphics image
Size
29 kB (28787 bytes)
Hash
85f08506e5a64050719e7e18a26cd9c4
cda07433539f1346406e7dde1a92ea6346d593d7
b6280b025f54d1e117f8515da139cc3d7c64955a5342fd81498431578336dd08

HTTP Headers

GET /play.svg HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:45 GMT
content-type: image/svg+xml
etag: W/"85f08506e5a64050719e7e18a26cd9c4"
last-modified: Thu, 14 Mar 2024 17:17:30 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4782
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9NBGVPCkLENIMfMK8LWfSdL5AzRzWtb%2BgvHRP5p6r3DKGm6VXpcqaLsnQhWU0krT%2F7K3KDcMmsGhqoWhPg6UoZ%2FzXyq6WyTmfe0B65u9op%2B8uzTDg7ABY6A%2FvOP0JJ4gmpri0Lo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c06750f9556b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

362e373497.4a5936c82e.com/41d384976ce4fa31ae62ff09375e1244.js

45.133.44.53

200 OK

110 kB

URL GET HTTP/2
362e373497.4a5936c82e.com/41d384976ce4fa31ae62ff09375e1244.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subject362e373497.4a5936c82e.com
Fingerprint03:2C:29:06:2C:BE:AB:D5:79:11:0B:D4:B3:BA:B3:AD:38:71:7F:C2
ValidityTue, 07 May 2024 02:20:30 GMT - Mon, 05 Aug 2024 02:20:29 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
110 kB (110349 bytes)
Hash
7d94b87468f95ee6c114ecd75e3bcc38
c63bee48e426a31694045b6c7bb79f731fe4029b
7e72ff655c4a14df3b175ac79448b062db5c9f6665c32147799b6a81853fc9e4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /41d384976ce4fa31ae62ff09375e1244.js HTTP/1.1
Host: 362e373497.4a5936c82e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:46 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 15 Apr 2024 13:02:16 GMT
etag: W/"661d2558-72d72"
content-encoding: gzip
expires: Fri, 10 May 2024 18:39:46 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
11052695b701a95eeafc403471ba37b2
e5f56ea3634511055543f120e7d55219722c55a5
5602dd10bde28abf89ae0a31a3824b20db75f39d0a7c05e1f8f43807f77064eb

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 10 May 2024 18:34:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

74.125.131.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerGoogle Trust Services
Subjectaccounts.google.com
Fingerprint75:65:5E:EB:A9:59:16:DF:32:A3:39:DC:8A:A2:FD:28:92:33:6B:0D
ValidityTue, 16 Apr 2024 04:20:43 GMT - Tue, 09 Jul 2024 04:20:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:7jiSffn-EmryeKRbtuODPa3NfaQb2A:JzjJeG-ORvHdl4T1; Expires=Sun, 10-May-2026 18:34:47 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 10 May 2024 18:34:47 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQz8IOT5W_TgHrD7pCL5RfUocCxaIZTZ4krukNRpBnUn6RZ8EjP-dLynAItz0NG2xX8yOiGk
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-J9zqN5RwvKD_0tE0P1r4cw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQz8IOT5W_TgHrD7pCL5RfUocCxaIZTZ4krukNRpBnUn6RZ8EjP-dLynAItz0NG2xX8yOiGk

74.125.131.84

302 Found

419 B

URL GET HTTP/2
accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQz8IOT5W_TgHrD7pCL5RfUocCxaIZTZ4krukNRpBnUn6RZ8EjP-dLynAItz0NG2xX8yOiGk
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerGoogle Trust Services
Subjectaccounts.google.com
Fingerprint75:65:5E:EB:A9:59:16:DF:32:A3:39:DC:8A:A2:FD:28:92:33:6B:0D
ValidityTue, 16 Apr 2024 04:20:43 GMT - Tue, 09 Jul 2024 04:20:42 GMT

File type
HTML document, ASCII text, with very long lines (391)
Size
419 B (419 bytes)
Hash
6e34b657e15c054bc734a5458e334860
ae097af3b5c8a19c279f8c89e261e9427bdeaa2d
41fda6ca5aa0ab626de8f808133f6a80b427fdbb316fbdfc0916ac03ff5c0f22

HTTP Headers

GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQz8IOT5W_TgHrD7pCL5RfUocCxaIZTZ4krukNRpBnUn6RZ8EjP-dLynAItz0NG2xX8yOiGk HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:txQRmY3OIUQddalc3QLvtAkxe4TeDw:1j76wQiJ1d5VM5sn;Path=/;Expires=Sun, 10-May-2026 18:34:47 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 10 May 2024 18:34:47 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzqPOSPjblMhKaQ9UM7Zk8GhmgGrt032Ly3BOgz8gY9SzV8peSVZyzOIZVcau7ssoSUw8rI&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1945724712%3A1715366087243802&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-0mhjQVITzAGtrhStx1CsdA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 419
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
726587f27f154102afa932e111fa272c
e73d681b88e26f384f95956ff0cdb6e5087af0c8
15212a8da55128e4e34c7d87e75f746bcf8a69aef65a2d833f746491f361c7a3

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 10 May 2024 18:34:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

my.rtmark.net/gid.js?userId=00805870c7a5489fed530dd60cc6d848

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=00805870c7a5489fed530dd60cc6d848
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://yu2be.com/watch?V=CBx6e9cZlBQ
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
32a81b0109404873d176b7778d082d4a
7bbf4a2b671ff1691279767d026a04e6b227cff0
b1d0893cccd51e34e853e1be40bb8b0958a525c3eb2e5d03ec58034d02078dfd

HTTP Headers

GET /gid.js?userId=00805870c7a5489fed530dd60cc6d848 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://yu2be.com
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 18:34:47 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://yu2be.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=00805870c7a5489fed530dd60cc6d848; expires=Sat, 10 May 2025 18:34:47 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

nereserv.com/in/dip?event_id=e525b0c9-436e-4d81-98e1-acdec62a5b72&subid=2015216722&spot_id=430412&created_at=2024-05-10&timezone=0&ver=1.141.0

94.130.198.6

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?event_id=e525b0c9-436e-4d81-98e1-acdec62a5b72&subid=2015216722&spot_id=430412&created_at=2024-05-10&timezone=0&ver=1.141.0
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?event_id=e525b0c9-436e-4d81-98e1-acdec62a5b72&subid=2015216722&spot_id=430412&created_at=2024-05-10&timezone=0&ver=1.141.0 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 18:34:47 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

1734081ce4.64c8149326.com/in/multy

167.235.163.216

204 No Content

4.3 kB

URL OPTIONS HTTP/2
1734081ce4.64c8149326.com/in/multy
IP
167.235.163.216:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subject64c8149326.com
FingerprintDB:0F:EB:EA:A1:42:59:73:1B:D0:36:13:DB:07:12:64:1B:07:5B:A7
ValidityMon, 06 May 2024 14:02:01 GMT - Sun, 04 Aug 2024 14:02:00 GMT

File type
JSON text data
Size
4.3 kB (4265 bytes)
Hash
949da083c981a2055b8b8268a027eb45
1e427a1a7f776f7d4babae454a2a1fb703082b5b
454627d900c033753008674df28f736ddd5790ce8df55ad65b88fa24c4316aa7

HTTP Headers

POST /in/multy HTTP/1.1
Host: 1734081ce4.64c8149326.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1705
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 18:34:47 GMT
content-type: application/json
content-length: 4265
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2

1734081ce4.64c8149326.com/in/multy

167.235.163.216

204 No Content

5.4 kB

URL OPTIONS HTTP/2
1734081ce4.64c8149326.com/in/multy
IP
167.235.163.216:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subject64c8149326.com
FingerprintDB:0F:EB:EA:A1:42:59:73:1B:D0:36:13:DB:07:12:64:1B:07:5B:A7
ValidityMon, 06 May 2024 14:02:01 GMT - Sun, 04 Aug 2024 14:02:00 GMT

File type
JSON text data
Size
5.4 kB (5351 bytes)
Hash
a637ecfd09387a828ef00bf627436a67
39efc60b72b460a9a0026f2d8ce848a6d579b10b
5d576dbabe51d8157be16546246777eaa29431f9f7433e4ddc689b8ac8e2f168

HTTP Headers

POST /in/multy HTTP/1.1
Host: 1734081ce4.64c8149326.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1705
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 18:34:47 GMT
content-type: application/json
content-length: 5351
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2

1734081ce4.64c8149326.com/in/show/?tag_ab=d&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset,all&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FbaPG1JWqb1h&refdom=poop.com.co&auction_time=1715366087&subid=388464194&sid=2679210506&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=64.45983096035336&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FbaPG1JWqb1h%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FbaPG1JWqb1h%26idzone%3D0%26sid%3D1886&icons=Ge6Z2vdKm5CFwNQ3uwnkMq5aXOQlNx1U1tyTyxu_ZUgSb08DFftpBqkxTJdpYiwpitpI3VEp5cjP4Mg1vyzHtfkf6Ppc3KqE39YXn9aoMkpvrK6xfzSNvlYIoL9fCxrLzKKm3e-dCs8cA-fMdFIJoS762XZXY6HaIqYbAf5Hnudp_QoxcA&ext_cid=0&px_id=418776&min_cpm=0.020157607379197005&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=6470188642634044528&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0025200688954908116&cpm=0&verify_hash=9ba2444afd26467cf48b394d5f93fdfb&is_native=4&real_bid=0.0001073689276968648&original_bid_usd=0.0008588259999999999&original_bid=0.0008588259999999999&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,20,27,108,0&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.0008588259999999999&hostname=auc-inpage-hz-0-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000008588259999999999&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=0f94aa08-4e37-4362-86f4-f049ba92a833&prev_step_diff=922

167.235.163.216

200 OK

0 B

URL GET HTTP/2
1734081ce4.64c8149326.com/in/show/?tag_ab=d&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset,all&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FbaPG1JWqb1h&refdom=poop.com.co&auction_time=1715366087&subid=388464194&sid=2679210506&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=64.45983096035336&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FbaPG1JWqb1h%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FbaPG1JWqb1h%26idzone%3D0%26sid%3D1886&icons=Ge6Z2vdKm5CFwNQ3uwnkMq5aXOQlNx1U1tyTyxu_ZUgSb08DFftpBqkxTJdpYiwpitpI3VEp5cjP4Mg1vyzHtfkf6Ppc3KqE39YXn9aoMkpvrK6xfzSNvlYIoL9fCxrLzKKm3e-dCs8cA-fMdFIJoS762XZXY6HaIqYbAf5Hnudp_QoxcA&ext_cid=0&px_id=418776&min_cpm=0.020157607379197005&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=6470188642634044528&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0025200688954908116&cpm=0&verify_hash=9ba2444afd26467cf48b394d5f93fdfb&is_native=4&real_bid=0.0001073689276968648&original_bid_usd=0.0008588259999999999&original_bid=0.0008588259999999999&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,20,27,108,0&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.0008588259999999999&hostname=auc-inpage-hz-0-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000008588259999999999&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=0f94aa08-4e37-4362-86f4-f049ba92a833&prev_step_diff=922
IP
167.235.163.216:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subject64c8149326.com
FingerprintDB:0F:EB:EA:A1:42:59:73:1B:D0:36:13:DB:07:12:64:1B:07:5B:A7
ValidityMon, 06 May 2024 14:02:01 GMT - Sun, 04 Aug 2024 14:02:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=d&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset,all&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FbaPG1JWqb1h&refdom=poop.com.co&auction_time=1715366087&subid=388464194&sid=2679210506&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=64.45983096035336&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FbaPG1JWqb1h%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FbaPG1JWqb1h%26idzone%3D0%26sid%3D1886&icons=Ge6Z2vdKm5CFwNQ3uwnkMq5aXOQlNx1U1tyTyxu_ZUgSb08DFftpBqkxTJdpYiwpitpI3VEp5cjP4Mg1vyzHtfkf6Ppc3KqE39YXn9aoMkpvrK6xfzSNvlYIoL9fCxrLzKKm3e-dCs8cA-fMdFIJoS762XZXY6HaIqYbAf5Hnudp_QoxcA&ext_cid=0&px_id=418776&min_cpm=0.020157607379197005&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=6470188642634044528&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0025200688954908116&cpm=0&verify_hash=9ba2444afd26467cf48b394d5f93fdfb&is_native=4&real_bid=0.0001073689276968648&original_bid_usd=0.0008588259999999999&original_bid=0.0008588259999999999&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,20,27,108,0&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.0008588259999999999&hostname=auc-inpage-hz-0-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000008588259999999999&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=0f94aa08-4e37-4362-86f4-f049ba92a833&prev_step_diff=922 HTTP/1.1
Host: 1734081ce4.64c8149326.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 18:34:47 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

1734081ce4.64c8149326.com/in/show/?tag_ab=d&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset,all&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FbaPG1JWqb1h&refdom=poop.com.co&auction_time=1715366087&subid=388464194&sid=2679210506&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=64.45983096035336&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FbaPG1JWqb1h%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3D_WJ6ORbnQK5ceN9xFDzqvL-hgd6EDR8qmR8vQ9e77WvGLxd5tyl5ibHrTiRD1Ef-7SjYJtQZeFUgxtr2OICy6mozyKmXyQmgh2CfII_YbRA2Xn5Oq0XK-36kSiJwBflo0Nox-7M0e6xO6q-QrhdZUDx1Z6wAJX_oeG1IArDZmrIMNHxX_zSf6eBw9CtI1z2QjNT1C-WeJ-OhIzgKgpRVrakt7OwM3VngLXf2NmuQclLM9pL2ntv0pnHBpvEXR5sl53fn8s1_Ivcpf2dPnDtJ0fhQKYNd0YjgranKpXu_BStNMTTo-AELU3dS79TAmdP833hbUrLX_a9B9RXlvyYo6yI_lIL1hK-aTkEmYlJqxWz0szVVaxGseHAOLiQonFVJwEO9xuvSHVU_61GavGRUOqXkZJ_QNARIM2_aHOSq2Exj28PpCoc6-GeeHPFiNS0R1WurAi3MvDUmJj1UA59z16av8eBFa9uJVb0A9U8qtpfJigwudjIbYII-1b7B4KdhRHaXFMW2YsPRYGgbxto2u1ga6ByCpu22q6L57wlCRn_XLe8qdp47DPYFGbyuewZ3nQ7eDU7P&icons=3rTb_M6HzQ5j1sALULnwqwZrcBQEOrrBZlTaxCZQ39YJG_ap1_K5bctlq5O2raL74Lhnaiy9C1MjJEUNgYp-sBna9lwZnm019ky2D9NLbXUT8I0HbF5IY6G4pSaRqGZJI0eIEOo_cuPG8WwuUmZEim4vkf1JqezFVw1HzCGm6zssKcKC9MQL7iEzTq3VFUbCixtd-sXzEKoCgncz7zgZeweJ6zdjTg_mNhFOAodTTNyCEmDSZwzj0AatNocUtsDEhrUkhkJuD8AThHs1QuljzieTaxnqtvCXLEvEpAXiUsyCZfyCw1Sd7WuV3jstSu6HuPw_KGasQK9-NR9-SGpbNxvs3eyxthJZsHViarWvOuDGxRTKwNvYka_LJuo3XJJ8p1LdBKGVp36pstC-x1HXed9AeZ4BaeaHmgwWAag9_03HCTO_pzjEZEbucHh_8SOJKR5msLJ3YpPCvJLXZQEQ9LVOVsp8QEY-LMk7s7z0HRjSw6NoJA7rgLxoibLvT5I32CC3EyfR0xGyyMiFD1fxofMjGLypUOoyTVp-DfaOTWynAbzXelg9N2ufVzv7HY0L2gKyMLtwuCw9sauYTS3JNklZsGLuDo3Jn4Oeu6YssesxTsYzxzucyaRtk82xVtfakkPd-xjccnoi9lpXE1CJKCaZlsv-4fg2MuK370nSp1hQKdWA3V1IhL9I8Hg4EpXHCXxR3zY&ext_cid=0&px_id=31418776&min_cpm=0.017119451330063505&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=6470188642634044528&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.06634134643404883&cpm=0&verify_hash=f807141fb70ea8934980d3660ccdd820&is_native=1&real_bid=0.0033281249552965125&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,11,93&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=1715423687&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F36870469%2F551816_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-0-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&st=0.02&cpa=31c4324a-3236-4849-9e26-be4cb1b52ac1&prev_step_diff=922

167.235.163.216

200 OK

0 B

URL GET HTTP/2
1734081ce4.64c8149326.com/in/show/?tag_ab=d&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset,all&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FbaPG1JWqb1h&refdom=poop.com.co&auction_time=1715366087&subid=388464194&sid=2679210506&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=64.45983096035336&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FbaPG1JWqb1h%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3D_WJ6ORbnQK5ceN9xFDzqvL-hgd6EDR8qmR8vQ9e77WvGLxd5tyl5ibHrTiRD1Ef-7SjYJtQZeFUgxtr2OICy6mozyKmXyQmgh2CfII_YbRA2Xn5Oq0XK-36kSiJwBflo0Nox-7M0e6xO6q-QrhdZUDx1Z6wAJX_oeG1IArDZmrIMNHxX_zSf6eBw9CtI1z2QjNT1C-WeJ-OhIzgKgpRVrakt7OwM3VngLXf2NmuQclLM9pL2ntv0pnHBpvEXR5sl53fn8s1_Ivcpf2dPnDtJ0fhQKYNd0YjgranKpXu_BStNMTTo-AELU3dS79TAmdP833hbUrLX_a9B9RXlvyYo6yI_lIL1hK-aTkEmYlJqxWz0szVVaxGseHAOLiQonFVJwEO9xuvSHVU_61GavGRUOqXkZJ_QNARIM2_aHOSq2Exj28PpCoc6-GeeHPFiNS0R1WurAi3MvDUmJj1UA59z16av8eBFa9uJVb0A9U8qtpfJigwudjIbYII-1b7B4KdhRHaXFMW2YsPRYGgbxto2u1ga6ByCpu22q6L57wlCRn_XLe8qdp47DPYFGbyuewZ3nQ7eDU7P&icons=3rTb_M6HzQ5j1sALULnwqwZrcBQEOrrBZlTaxCZQ39YJG_ap1_K5bctlq5O2raL74Lhnaiy9C1MjJEUNgYp-sBna9lwZnm019ky2D9NLbXUT8I0HbF5IY6G4pSaRqGZJI0eIEOo_cuPG8WwuUmZEim4vkf1JqezFVw1HzCGm6zssKcKC9MQL7iEzTq3VFUbCixtd-sXzEKoCgncz7zgZeweJ6zdjTg_mNhFOAodTTNyCEmDSZwzj0AatNocUtsDEhrUkhkJuD8AThHs1QuljzieTaxnqtvCXLEvEpAXiUsyCZfyCw1Sd7WuV3jstSu6HuPw_KGasQK9-NR9-SGpbNxvs3eyxthJZsHViarWvOuDGxRTKwNvYka_LJuo3XJJ8p1LdBKGVp36pstC-x1HXed9AeZ4BaeaHmgwWAag9_03HCTO_pzjEZEbucHh_8SOJKR5msLJ3YpPCvJLXZQEQ9LVOVsp8QEY-LMk7s7z0HRjSw6NoJA7rgLxoibLvT5I32CC3EyfR0xGyyMiFD1fxofMjGLypUOoyTVp-DfaOTWynAbzXelg9N2ufVzv7HY0L2gKyMLtwuCw9sauYTS3JNklZsGLuDo3Jn4Oeu6YssesxTsYzxzucyaRtk82xVtfakkPd-xjccnoi9lpXE1CJKCaZlsv-4fg2MuK370nSp1hQKdWA3V1IhL9I8Hg4EpXHCXxR3zY&ext_cid=0&px_id=31418776&min_cpm=0.017119451330063505&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=6470188642634044528&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.06634134643404883&cpm=0&verify_hash=f807141fb70ea8934980d3660ccdd820&is_native=1&real_bid=0.0033281249552965125&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,11,93&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=1715423687&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F36870469%2F551816_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-0-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&st=0.02&cpa=31c4324a-3236-4849-9e26-be4cb1b52ac1&prev_step_diff=922
IP
167.235.163.216:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subject64c8149326.com
FingerprintDB:0F:EB:EA:A1:42:59:73:1B:D0:36:13:DB:07:12:64:1B:07:5B:A7
ValidityMon, 06 May 2024 14:02:01 GMT - Sun, 04 Aug 2024 14:02:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=d&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset,all&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FbaPG1JWqb1h&refdom=poop.com.co&auction_time=1715366087&subid=388464194&sid=2679210506&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=64.45983096035336&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FbaPG1JWqb1h%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3D_WJ6ORbnQK5ceN9xFDzqvL-hgd6EDR8qmR8vQ9e77WvGLxd5tyl5ibHrTiRD1Ef-7SjYJtQZeFUgxtr2OICy6mozyKmXyQmgh2CfII_YbRA2Xn5Oq0XK-36kSiJwBflo0Nox-7M0e6xO6q-QrhdZUDx1Z6wAJX_oeG1IArDZmrIMNHxX_zSf6eBw9CtI1z2QjNT1C-WeJ-OhIzgKgpRVrakt7OwM3VngLXf2NmuQclLM9pL2ntv0pnHBpvEXR5sl53fn8s1_Ivcpf2dPnDtJ0fhQKYNd0YjgranKpXu_BStNMTTo-AELU3dS79TAmdP833hbUrLX_a9B9RXlvyYo6yI_lIL1hK-aTkEmYlJqxWz0szVVaxGseHAOLiQonFVJwEO9xuvSHVU_61GavGRUOqXkZJ_QNARIM2_aHOSq2Exj28PpCoc6-GeeHPFiNS0R1WurAi3MvDUmJj1UA59z16av8eBFa9uJVb0A9U8qtpfJigwudjIbYII-1b7B4KdhRHaXFMW2YsPRYGgbxto2u1ga6ByCpu22q6L57wlCRn_XLe8qdp47DPYFGbyuewZ3nQ7eDU7P&icons=3rTb_M6HzQ5j1sALULnwqwZrcBQEOrrBZlTaxCZQ39YJG_ap1_K5bctlq5O2raL74Lhnaiy9C1MjJEUNgYp-sBna9lwZnm019ky2D9NLbXUT8I0HbF5IY6G4pSaRqGZJI0eIEOo_cuPG8WwuUmZEim4vkf1JqezFVw1HzCGm6zssKcKC9MQL7iEzTq3VFUbCixtd-sXzEKoCgncz7zgZeweJ6zdjTg_mNhFOAodTTNyCEmDSZwzj0AatNocUtsDEhrUkhkJuD8AThHs1QuljzieTaxnqtvCXLEvEpAXiUsyCZfyCw1Sd7WuV3jstSu6HuPw_KGasQK9-NR9-SGpbNxvs3eyxthJZsHViarWvOuDGxRTKwNvYka_LJuo3XJJ8p1LdBKGVp36pstC-x1HXed9AeZ4BaeaHmgwWAag9_03HCTO_pzjEZEbucHh_8SOJKR5msLJ3YpPCvJLXZQEQ9LVOVsp8QEY-LMk7s7z0HRjSw6NoJA7rgLxoibLvT5I32CC3EyfR0xGyyMiFD1fxofMjGLypUOoyTVp-DfaOTWynAbzXelg9N2ufVzv7HY0L2gKyMLtwuCw9sauYTS3JNklZsGLuDo3Jn4Oeu6YssesxTsYzxzucyaRtk82xVtfakkPd-xjccnoi9lpXE1CJKCaZlsv-4fg2MuK370nSp1hQKdWA3V1IhL9I8Hg4EpXHCXxR3zY&ext_cid=0&px_id=31418776&min_cpm=0.017119451330063505&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=6470188642634044528&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.06634134643404883&cpm=0&verify_hash=f807141fb70ea8934980d3660ccdd820&is_native=1&real_bid=0.0033281249552965125&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,11,93&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=1715423687&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F36870469%2F551816_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-0-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&st=0.02&cpa=31c4324a-3236-4849-9e26-be4cb1b52ac1&prev_step_diff=922 HTTP/1.1
Host: 1734081ce4.64c8149326.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 18:34:47 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

i.poopcdn.com/pb6KW.jpg

188.114.97.1

200 OK

9.7 kB

URL GET HTTP/2
i.poopcdn.com/pb6KW.jpg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/video?q=jiwa+yang+bersedih
Certificate
IssuerLet's Encrypt
Subjecti.poopcdn.com
Fingerprint94:CF:0E:89:D9:78:6D:10:14:DF:D3:8A:C2:3E:AE:81:F9:AC:73:03
ValidityThu, 14 Mar 2024 07:45:46 GMT - Wed, 12 Jun 2024 07:45:45 GMT

File type
JPEG image data, baseline, precision 8, 281x640, components 3
Size
9.7 kB (9661 bytes)
Hash
615e1f4718821942ce97bf1a48c70aec
3e8b6e7508e9dad08039c307f813326d57b45e50
6c1566cc223f1e1d9a5a80271f7fba33b319a802fa555b39ad011a5180cd441f

HTTP Headers

GET /pb6KW.jpg HTTP/1.1
Host: i.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:47 GMT
content-type: image/jpeg
content-length: 9661
etag: "615e1f4718821942ce97bf1a48c70aec"
last-modified: Thu, 09 May 2024 19:48:48 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WRG2LX3G1njtBZVs4DeNg8E46h1JFkUXVsQlc5wjT2d1D7RXjEeUN%2Fyf5puDjCa0fcBb3NE3t8CILUhX9tIqy3XwVaZ52vVV5DIQ4vtJ8T4FceFG2EDAJsBwYg4oouT0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c067f6cd1b4ee-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzqPOSPjblMhKaQ9UM7Zk8GhmgGrt032Ly3BOgz8gY9SzV8peSVZyzOIZVcau7ssoSUw8rI&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1945724712%3A1715366087243802&ddm=0

74.125.131.84

403 Forbidden

4.1 kB

URL GET HTTP/2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzqPOSPjblMhKaQ9UM7Zk8GhmgGrt032Ly3BOgz8gY9SzV8peSVZyzOIZVcau7ssoSUw8rI&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1945724712%3A1715366087243802&ddm=0
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerGoogle Trust Services
Subjectaccounts.google.com
Fingerprint75:65:5E:EB:A9:59:16:DF:32:A3:39:DC:8A:A2:FD:28:92:33:6B:0D
ValidityTue, 16 Apr 2024 04:20:43 GMT - Tue, 09 Jul 2024 04:20:42 GMT

File type
gzip compressed data, max compression
Size
4.1 kB (4127 bytes)
Hash
2a40680604b1bb3bcc9f6737a0c6c658
f7bf6822ccc76ea8e63f4d9c13e835e13c11b3e5
8179b57ba4a5cb63fff299a9a72081b60cf332752719fdc8e8240aea359890f1

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzqPOSPjblMhKaQ9UM7Zk8GhmgGrt032Ly3BOgz8gY9SzV8peSVZyzOIZVcau7ssoSUw8rI&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1945724712%3A1715366087243802&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 10 May 2024 18:34:47 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-IDpMPylCqckpN2I-9Bmy2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

104.17.25.14

200 OK

28 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/video?q=jiwa+yang+bersedih
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
28 kB (27958 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 18:34:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 233208
expires: Wed, 30 Apr 2025 18:34:47 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=krd8HFVnl%2Bbc2rmCVxLHqybSsPttGJT1uaXccgnv0X4vUo%2Fd93UD%2FjAvNlRehSQ2OKMyhldaynEdeDd0P6zPqy19W24QLJzbXrxSUP%2BGyZlRPau7ym0PJdQRo4FXFj5J8EbbJWCG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 881c067f8b9356b7-OSL
alt-svc: h3=":443"; ma=86400

362e373497.4a5936c82e.com/d0b44a3b286234a6547fbc3559b62bad.js

45.133.44.53

200 OK

30 kB

URL GET HTTP/2
362e373497.4a5936c82e.com/d0b44a3b286234a6547fbc3559b62bad.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subject362e373497.4a5936c82e.com
Fingerprint03:2C:29:06:2C:BE:AB:D5:79:11:0B:D4:B3:BA:B3:AD:38:71:7F:C2
ValidityTue, 07 May 2024 02:20:30 GMT - Mon, 05 Aug 2024 02:20:29 GMT

File type
gzip compressed data, from Unix
Size
30 kB (29642 bytes)
Hash
c3e5efe03e971a65dc1a0b2f4fca5f89
02564aedeec7154dadb8b3db70a7e095296350fa
f7068ed7e66ed1bce9ac5a67170a7a2db0aa1e20946e98a59f8bc477005033f5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /d0b44a3b286234a6547fbc3559b62bad.js HTTP/1.1
Host: 362e373497.4a5936c82e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:46 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 06 May 2024 08:27:28 GMT
etag: W/"66389470-189f7"
content-encoding: gzip
expires: Fri, 10 May 2024 18:39:46 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

1734081ce4.64c8149326.com/in/show/?tag_ab=d&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FbaPG1JWqb1h&refdom=poop.com.co&auction_time=1715366087&subid=357529620&sid=3736243528&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=69.79183828064623&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FbaPG1JWqb1h%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fimpactserving.com%252FRedirect.eng%253FMediaSegmentId%253D60678%2526dcid%253D3_ctx_f1b5d41b-d9f8-4c62-b1c7-e7a8aeccda4b%2526vmId%253D00000000-0000-0000-0000-000000000000%2526abr%253Dfalse%2526timeZoneOffset%253D%2526v%253Ddhp3qbSFFpdHnT9CbR9WwehWHmyqVHSug09RMpNo7GA92MyeHgsms-Ze0IE4NUFQWOV33c-VDaJFBPn01UArwbmIOYtB7FtjjltUWLZ1_yoIIW6Dh1rteSTgTwsmzU-7MtK0IyRW2Hc-Eb_Q6NSVAVEzbVh9_JmFQIMNi5exU6boUoy6405iW5PuHF2POWTqv9ZF_3tbaw4-mB49usFrxcky0U3wKKiXvqhoPN66JYF8EmXxztCol9kX8-GMY6fT4wy67w3m6nZTXnOa0WWzqBdzbe6BEjEuns3NdXKYcL2IsCgVHtJYEWk0n4vXB-xP5IVNfvR8AGKlACMGc2CUwNy95fVumcf98bTFkygXKvLpsFWspyHrNh2ezg0-ykI1keFBKen8dJmoXGFMoWbyfU7sHwkzWObBOyYcYAlu4hThMbmFbqqIp6yTjqTtXQrKs51dpaEuaoC5C0cSDJNSflZi_mi59MMWDsRgkHLma87FaVKCRId4GvYMTN5Ssm3WQJgXoIR7vrqx5wJOGgehrQ0qlSBOuBCyiBp5x-DapfPgNOc9gmDB2HJoDWPu0jqWYqi1J_6UTdqolOx1fQkibfi1Ggl4FRNV4Wh-LsPFZQSuK7D3w9HMmprOd_OtedwmILzIDFK5b4ka8XUSPXVj6hHh0FcNSCdhcq5cJVY3VHLDbz6UjK4KhtlwWHgAt2WaNx0rBf3dC6ZIycBJHymjfYzETgJtVEvhRyAPTtrCk2pRoqINnYCNyExEf6KUD05DHGZDkdgy9i-a1ldx3sDXB00c1Mt2B9zCqhqCDMMVPXiX16Mw5jhA_FighhgupZZT1gH91y4PyE7Cr7ZYUkUox5ehMNu7CtqnZaYCj3TgzeSb0v9zYki0GoKy1P69Q1Jrlx9b0DGJR1ZKDfbt4iWPCHKnhqbi2CvPQVTnO7i3C1B0A_Zy2Oqh2Td8aSuX4AkK6SqSivrGm59gnxj4ArIJAypiHjLa3NKE0-RtT8TK-ds1%2526kw%253D%2526mw%253D1024%2526mh%253D768%2526xml%253D1%2526at%253D&icons=WpEkwD8aDHZhUXQ8SYUg825tMGJvMf3Mk5UUyqLnUtDSF4EUxu449fTx-OBtJ0FrXPynZ9EXbFXiDkZfCNTckTWla5PbS0n68hpqa8Kx4i_IS8DXrlkcFKjAFSsLL0hNJmClaW73TIZACf85fewF5ujeEECx86gvpzYHQ0e8q49UaVIBsA&ext_cid=0&px_id=55418774&min_cpm=0.008646164382346382&out_id=1&campaign_type=lq-pop&aid=352&cid=15019&uniq=&mid=6638276580567672091&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.001339079995205352&cpm=0&verify_hash=a99a59d4a662f55d0732f9040620941e&is_native=2&real_bid=0.0001330112018585213&original_bid_usd=0.000224&original_bid=0.000224&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=108,0,4,89,20,27&need_redirect_show=0&applied_features=main-skins-settings,coef_095&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.000224&hostname=auc-inpage-hz-11-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000022400000000000002&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=37c922b8-b002-4a45-9c53-9ff02b930283&prev_step_diff=895

167.235.163.216

200 OK

0 B

URL GET HTTP/2
1734081ce4.64c8149326.com/in/show/?tag_ab=d&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FbaPG1JWqb1h&refdom=poop.com.co&auction_time=1715366087&subid=357529620&sid=3736243528&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=69.79183828064623&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FbaPG1JWqb1h%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fimpactserving.com%252FRedirect.eng%253FMediaSegmentId%253D60678%2526dcid%253D3_ctx_f1b5d41b-d9f8-4c62-b1c7-e7a8aeccda4b%2526vmId%253D00000000-0000-0000-0000-000000000000%2526abr%253Dfalse%2526timeZoneOffset%253D%2526v%253Ddhp3qbSFFpdHnT9CbR9WwehWHmyqVHSug09RMpNo7GA92MyeHgsms-Ze0IE4NUFQWOV33c-VDaJFBPn01UArwbmIOYtB7FtjjltUWLZ1_yoIIW6Dh1rteSTgTwsmzU-7MtK0IyRW2Hc-Eb_Q6NSVAVEzbVh9_JmFQIMNi5exU6boUoy6405iW5PuHF2POWTqv9ZF_3tbaw4-mB49usFrxcky0U3wKKiXvqhoPN66JYF8EmXxztCol9kX8-GMY6fT4wy67w3m6nZTXnOa0WWzqBdzbe6BEjEuns3NdXKYcL2IsCgVHtJYEWk0n4vXB-xP5IVNfvR8AGKlACMGc2CUwNy95fVumcf98bTFkygXKvLpsFWspyHrNh2ezg0-ykI1keFBKen8dJmoXGFMoWbyfU7sHwkzWObBOyYcYAlu4hThMbmFbqqIp6yTjqTtXQrKs51dpaEuaoC5C0cSDJNSflZi_mi59MMWDsRgkHLma87FaVKCRId4GvYMTN5Ssm3WQJgXoIR7vrqx5wJOGgehrQ0qlSBOuBCyiBp5x-DapfPgNOc9gmDB2HJoDWPu0jqWYqi1J_6UTdqolOx1fQkibfi1Ggl4FRNV4Wh-LsPFZQSuK7D3w9HMmprOd_OtedwmILzIDFK5b4ka8XUSPXVj6hHh0FcNSCdhcq5cJVY3VHLDbz6UjK4KhtlwWHgAt2WaNx0rBf3dC6ZIycBJHymjfYzETgJtVEvhRyAPTtrCk2pRoqINnYCNyExEf6KUD05DHGZDkdgy9i-a1ldx3sDXB00c1Mt2B9zCqhqCDMMVPXiX16Mw5jhA_FighhgupZZT1gH91y4PyE7Cr7ZYUkUox5ehMNu7CtqnZaYCj3TgzeSb0v9zYki0GoKy1P69Q1Jrlx9b0DGJR1ZKDfbt4iWPCHKnhqbi2CvPQVTnO7i3C1B0A_Zy2Oqh2Td8aSuX4AkK6SqSivrGm59gnxj4ArIJAypiHjLa3NKE0-RtT8TK-ds1%2526kw%253D%2526mw%253D1024%2526mh%253D768%2526xml%253D1%2526at%253D&icons=WpEkwD8aDHZhUXQ8SYUg825tMGJvMf3Mk5UUyqLnUtDSF4EUxu449fTx-OBtJ0FrXPynZ9EXbFXiDkZfCNTckTWla5PbS0n68hpqa8Kx4i_IS8DXrlkcFKjAFSsLL0hNJmClaW73TIZACf85fewF5ujeEECx86gvpzYHQ0e8q49UaVIBsA&ext_cid=0&px_id=55418774&min_cpm=0.008646164382346382&out_id=1&campaign_type=lq-pop&aid=352&cid=15019&uniq=&mid=6638276580567672091&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.001339079995205352&cpm=0&verify_hash=a99a59d4a662f55d0732f9040620941e&is_native=2&real_bid=0.0001330112018585213&original_bid_usd=0.000224&original_bid=0.000224&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=108,0,4,89,20,27&need_redirect_show=0&applied_features=main-skins-settings,coef_095&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.000224&hostname=auc-inpage-hz-11-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000022400000000000002&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=37c922b8-b002-4a45-9c53-9ff02b930283&prev_step_diff=895
IP
167.235.163.216:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subject64c8149326.com
FingerprintDB:0F:EB:EA:A1:42:59:73:1B:D0:36:13:DB:07:12:64:1B:07:5B:A7
ValidityMon, 06 May 2024 14:02:01 GMT - Sun, 04 Aug 2024 14:02:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=d&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FbaPG1JWqb1h&refdom=poop.com.co&auction_time=1715366087&subid=357529620&sid=3736243528&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=69.79183828064623&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FbaPG1JWqb1h%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fimpactserving.com%252FRedirect.eng%253FMediaSegmentId%253D60678%2526dcid%253D3_ctx_f1b5d41b-d9f8-4c62-b1c7-e7a8aeccda4b%2526vmId%253D00000000-0000-0000-0000-000000000000%2526abr%253Dfalse%2526timeZoneOffset%253D%2526v%253Ddhp3qbSFFpdHnT9CbR9WwehWHmyqVHSug09RMpNo7GA92MyeHgsms-Ze0IE4NUFQWOV33c-VDaJFBPn01UArwbmIOYtB7FtjjltUWLZ1_yoIIW6Dh1rteSTgTwsmzU-7MtK0IyRW2Hc-Eb_Q6NSVAVEzbVh9_JmFQIMNi5exU6boUoy6405iW5PuHF2POWTqv9ZF_3tbaw4-mB49usFrxcky0U3wKKiXvqhoPN66JYF8EmXxztCol9kX8-GMY6fT4wy67w3m6nZTXnOa0WWzqBdzbe6BEjEuns3NdXKYcL2IsCgVHtJYEWk0n4vXB-xP5IVNfvR8AGKlACMGc2CUwNy95fVumcf98bTFkygXKvLpsFWspyHrNh2ezg0-ykI1keFBKen8dJmoXGFMoWbyfU7sHwkzWObBOyYcYAlu4hThMbmFbqqIp6yTjqTtXQrKs51dpaEuaoC5C0cSDJNSflZi_mi59MMWDsRgkHLma87FaVKCRId4GvYMTN5Ssm3WQJgXoIR7vrqx5wJOGgehrQ0qlSBOuBCyiBp5x-DapfPgNOc9gmDB2HJoDWPu0jqWYqi1J_6UTdqolOx1fQkibfi1Ggl4FRNV4Wh-LsPFZQSuK7D3w9HMmprOd_OtedwmILzIDFK5b4ka8XUSPXVj6hHh0FcNSCdhcq5cJVY3VHLDbz6UjK4KhtlwWHgAt2WaNx0rBf3dC6ZIycBJHymjfYzETgJtVEvhRyAPTtrCk2pRoqINnYCNyExEf6KUD05DHGZDkdgy9i-a1ldx3sDXB00c1Mt2B9zCqhqCDMMVPXiX16Mw5jhA_FighhgupZZT1gH91y4PyE7Cr7ZYUkUox5ehMNu7CtqnZaYCj3TgzeSb0v9zYki0GoKy1P69Q1Jrlx9b0DGJR1ZKDfbt4iWPCHKnhqbi2CvPQVTnO7i3C1B0A_Zy2Oqh2Td8aSuX4AkK6SqSivrGm59gnxj4ArIJAypiHjLa3NKE0-RtT8TK-ds1%2526kw%253D%2526mw%253D1024%2526mh%253D768%2526xml%253D1%2526at%253D&icons=WpEkwD8aDHZhUXQ8SYUg825tMGJvMf3Mk5UUyqLnUtDSF4EUxu449fTx-OBtJ0FrXPynZ9EXbFXiDkZfCNTckTWla5PbS0n68hpqa8Kx4i_IS8DXrlkcFKjAFSsLL0hNJmClaW73TIZACf85fewF5ujeEECx86gvpzYHQ0e8q49UaVIBsA&ext_cid=0&px_id=55418774&min_cpm=0.008646164382346382&out_id=1&campaign_type=lq-pop&aid=352&cid=15019&uniq=&mid=6638276580567672091&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.001339079995205352&cpm=0&verify_hash=a99a59d4a662f55d0732f9040620941e&is_native=2&real_bid=0.0001330112018585213&original_bid_usd=0.000224&original_bid=0.000224&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=108,0,4,89,20,27&need_redirect_show=0&applied_features=main-skins-settings,coef_095&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.000224&hostname=auc-inpage-hz-11-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000022400000000000002&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=37c922b8-b002-4a45-9c53-9ff02b930283&prev_step_diff=895 HTTP/1.1
Host: 1734081ce4.64c8149326.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 18:34:47 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

1734081ce4.64c8149326.com/in/show/?tag_ab=d&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FbaPG1JWqb1h&refdom=poop.com.co&auction_time=1715366087&subid=357529620&sid=3736243528&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=69.79183828064623&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FbaPG1JWqb1h%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DjngOkBtdzZ2b1KwM62QrULiAR1tI19Re5-lLE3tKu5IhArHbZH_na4nGZ44mX-hFPT9_sQ2-TzsGVViEl8Y3OlnHNd4Nl-y6TVCsXAESwJ5o09z0LwS2At4h3vWDtuEW0GbQ1DRbdgdOqmuJ-h0vUHRvMkpMY89eTjo5L-V3ui0TgeCDxiDIZ_udzqJqmbOUjlbQBfWrNG_gFOjMpJODfB1hyzO9UD_dAbYhEMN0zVzQLojDQ9CacwjIJV7kvv-PR42N2w0ysAF6IzUlpAQja_bW58nlpLSQfyDCvgL6OrZyIT0T6kYq7ZqNa-ems6kyvctKRGkNtIMwfJbnq9yF_5891fCmnxZItAjEQJSQzqtrEIHfqHJfcbWaegzlExjX3AVmV0iUvt6Dx3IIvOwz6PjKFwgKWf8_8_reO2tbQNNDd31xUCzZZYy4avSa7ZvYy5yAVVxVMvtXUIreOtw7Rmpvu_vPUJyVcrTZWJACYpxO0RyCda8ZsQGhr-KQ-Y2VLfyvTJc2e7qXazrpGPPz8USPaxs4Cps_lmrUtu3GXgaIUG-10gp0MvpKIIDS0orpn_8zMt5H&icons=1aev8t3bDeUi73yfH6CGpYZyaZK6BT8S1FZOP3aASC2DcnR3UvBm1KAIiuM0e3RrqsapKbwUY04UIsgLj26YLqTJunLmjXTZ9wthco3EB5YaO2lpkA2Oa9bd91T30cCHFxNo9Y40-MPAQBSIDOw5dkPJ6GmRqDMtIWXA-eFPuSvZTLoAurDv0TFj_ac9VMSEQk4UYxtmrDKL85WXLSsMqJTPKBUP2yxs6yYKcTstYGZ33HGK-sOPUUlmYhEb74viN5qh3kMVFooWJKQ7GoWXBAtFczoBFm8MMo1C9Avcfq-IBZ3FfRqSL5Dvw8wUy_CJ1yT3BSQ-_j6YS2G3z83G7vPcC3Od5-AAafAJJyZc79DRbySKSKorJY408uzuRXhaPA7VIdQR2WcrB3v4b9a0WwMyegPyzmw17ofCfLsAn0zWREKfQL2HwNB1PZw2zgKXVaBjlt995muZJKkIDcgwDw-pJddb3TjHU1wccstY8eKje4tEPX-0SP791XkkPruUZRUcvxObZAvLC5e4rRxlwyGniZ0JnsNdc9YtjeWzOzR7AzB0H7wuZrJ4Bp_TyGIT3utE6p5Sm-o4s6l6hCcwypY4ks31v7hHFYRqAE7WvK_WDZRW9mWZT8sDZAw-0sjgBDQKaOR8ZyPLx-NTHZ0y3NKvQAb8iRSPlmgcqTyuN4WaIYL4f2t57RorQGVzaQYS4UItuAU&ext_cid=0&px_id=31418774&min_cpm=0.034340647378001854&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=6638276580567672091&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.13307697428788337&cpm=0&verify_hash=4fcac83c248a21313c76039f3e52c2ea&is_native=1&real_bid=0.0033281249552965125&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=11,93,101,4&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=1715423687&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F44563324%2F551815_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-11-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=728bc8ed-9a2b-4985-a227-6222b1d0bcf9&prev_step_diff=895

167.235.163.216

200 OK

0 B

URL GET HTTP/2
1734081ce4.64c8149326.com/in/show/?tag_ab=d&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FbaPG1JWqb1h&refdom=poop.com.co&auction_time=1715366087&subid=357529620&sid=3736243528&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=69.79183828064623&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FbaPG1JWqb1h%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DjngOkBtdzZ2b1KwM62QrULiAR1tI19Re5-lLE3tKu5IhArHbZH_na4nGZ44mX-hFPT9_sQ2-TzsGVViEl8Y3OlnHNd4Nl-y6TVCsXAESwJ5o09z0LwS2At4h3vWDtuEW0GbQ1DRbdgdOqmuJ-h0vUHRvMkpMY89eTjo5L-V3ui0TgeCDxiDIZ_udzqJqmbOUjlbQBfWrNG_gFOjMpJODfB1hyzO9UD_dAbYhEMN0zVzQLojDQ9CacwjIJV7kvv-PR42N2w0ysAF6IzUlpAQja_bW58nlpLSQfyDCvgL6OrZyIT0T6kYq7ZqNa-ems6kyvctKRGkNtIMwfJbnq9yF_5891fCmnxZItAjEQJSQzqtrEIHfqHJfcbWaegzlExjX3AVmV0iUvt6Dx3IIvOwz6PjKFwgKWf8_8_reO2tbQNNDd31xUCzZZYy4avSa7ZvYy5yAVVxVMvtXUIreOtw7Rmpvu_vPUJyVcrTZWJACYpxO0RyCda8ZsQGhr-KQ-Y2VLfyvTJc2e7qXazrpGPPz8USPaxs4Cps_lmrUtu3GXgaIUG-10gp0MvpKIIDS0orpn_8zMt5H&icons=1aev8t3bDeUi73yfH6CGpYZyaZK6BT8S1FZOP3aASC2DcnR3UvBm1KAIiuM0e3RrqsapKbwUY04UIsgLj26YLqTJunLmjXTZ9wthco3EB5YaO2lpkA2Oa9bd91T30cCHFxNo9Y40-MPAQBSIDOw5dkPJ6GmRqDMtIWXA-eFPuSvZTLoAurDv0TFj_ac9VMSEQk4UYxtmrDKL85WXLSsMqJTPKBUP2yxs6yYKcTstYGZ33HGK-sOPUUlmYhEb74viN5qh3kMVFooWJKQ7GoWXBAtFczoBFm8MMo1C9Avcfq-IBZ3FfRqSL5Dvw8wUy_CJ1yT3BSQ-_j6YS2G3z83G7vPcC3Od5-AAafAJJyZc79DRbySKSKorJY408uzuRXhaPA7VIdQR2WcrB3v4b9a0WwMyegPyzmw17ofCfLsAn0zWREKfQL2HwNB1PZw2zgKXVaBjlt995muZJKkIDcgwDw-pJddb3TjHU1wccstY8eKje4tEPX-0SP791XkkPruUZRUcvxObZAvLC5e4rRxlwyGniZ0JnsNdc9YtjeWzOzR7AzB0H7wuZrJ4Bp_TyGIT3utE6p5Sm-o4s6l6hCcwypY4ks31v7hHFYRqAE7WvK_WDZRW9mWZT8sDZAw-0sjgBDQKaOR8ZyPLx-NTHZ0y3NKvQAb8iRSPlmgcqTyuN4WaIYL4f2t57RorQGVzaQYS4UItuAU&ext_cid=0&px_id=31418774&min_cpm=0.034340647378001854&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=6638276580567672091&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.13307697428788337&cpm=0&verify_hash=4fcac83c248a21313c76039f3e52c2ea&is_native=1&real_bid=0.0033281249552965125&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=11,93,101,4&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=1715423687&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F44563324%2F551815_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-11-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=728bc8ed-9a2b-4985-a227-6222b1d0bcf9&prev_step_diff=895
IP
167.235.163.216:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subject64c8149326.com
FingerprintDB:0F:EB:EA:A1:42:59:73:1B:D0:36:13:DB:07:12:64:1B:07:5B:A7
ValidityMon, 06 May 2024 14:02:01 GMT - Sun, 04 Aug 2024 14:02:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=d&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2FbaPG1JWqb1h&refdom=poop.com.co&auction_time=1715366087&subid=357529620&sid=3736243528&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=69.79183828064623&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252FbaPG1JWqb1h%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DjngOkBtdzZ2b1KwM62QrULiAR1tI19Re5-lLE3tKu5IhArHbZH_na4nGZ44mX-hFPT9_sQ2-TzsGVViEl8Y3OlnHNd4Nl-y6TVCsXAESwJ5o09z0LwS2At4h3vWDtuEW0GbQ1DRbdgdOqmuJ-h0vUHRvMkpMY89eTjo5L-V3ui0TgeCDxiDIZ_udzqJqmbOUjlbQBfWrNG_gFOjMpJODfB1hyzO9UD_dAbYhEMN0zVzQLojDQ9CacwjIJV7kvv-PR42N2w0ysAF6IzUlpAQja_bW58nlpLSQfyDCvgL6OrZyIT0T6kYq7ZqNa-ems6kyvctKRGkNtIMwfJbnq9yF_5891fCmnxZItAjEQJSQzqtrEIHfqHJfcbWaegzlExjX3AVmV0iUvt6Dx3IIvOwz6PjKFwgKWf8_8_reO2tbQNNDd31xUCzZZYy4avSa7ZvYy5yAVVxVMvtXUIreOtw7Rmpvu_vPUJyVcrTZWJACYpxO0RyCda8ZsQGhr-KQ-Y2VLfyvTJc2e7qXazrpGPPz8USPaxs4Cps_lmrUtu3GXgaIUG-10gp0MvpKIIDS0orpn_8zMt5H&icons=1aev8t3bDeUi73yfH6CGpYZyaZK6BT8S1FZOP3aASC2DcnR3UvBm1KAIiuM0e3RrqsapKbwUY04UIsgLj26YLqTJunLmjXTZ9wthco3EB5YaO2lpkA2Oa9bd91T30cCHFxNo9Y40-MPAQBSIDOw5dkPJ6GmRqDMtIWXA-eFPuSvZTLoAurDv0TFj_ac9VMSEQk4UYxtmrDKL85WXLSsMqJTPKBUP2yxs6yYKcTstYGZ33HGK-sOPUUlmYhEb74viN5qh3kMVFooWJKQ7GoWXBAtFczoBFm8MMo1C9Avcfq-IBZ3FfRqSL5Dvw8wUy_CJ1yT3BSQ-_j6YS2G3z83G7vPcC3Od5-AAafAJJyZc79DRbySKSKorJY408uzuRXhaPA7VIdQR2WcrB3v4b9a0WwMyegPyzmw17ofCfLsAn0zWREKfQL2HwNB1PZw2zgKXVaBjlt995muZJKkIDcgwDw-pJddb3TjHU1wccstY8eKje4tEPX-0SP791XkkPruUZRUcvxObZAvLC5e4rRxlwyGniZ0JnsNdc9YtjeWzOzR7AzB0H7wuZrJ4Bp_TyGIT3utE6p5Sm-o4s6l6hCcwypY4ks31v7hHFYRqAE7WvK_WDZRW9mWZT8sDZAw-0sjgBDQKaOR8ZyPLx-NTHZ0y3NKvQAb8iRSPlmgcqTyuN4WaIYL4f2t57RorQGVzaQYS4UItuAU&ext_cid=0&px_id=31418774&min_cpm=0.034340647378001854&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=6638276580567672091&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.13307697428788337&cpm=0&verify_hash=4fcac83c248a21313c76039f3e52c2ea&is_native=1&real_bid=0.0033281249552965125&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=11,93,101,4&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=1715423687&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F44563324%2F551815_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-11-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=728bc8ed-9a2b-4985-a227-6222b1d0bcf9&prev_step_diff=895 HTTP/1.1
Host: 1734081ce4.64c8149326.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 18:34:47 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp

45.133.44.25

200 OK

1.1 kB

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp
IP
45.133.44.25:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.1 kB (1066 bytes)
Hash
2a11e13b2bd67bb9a6cb347d7c73df13
b85460a33f9b229f42c08a6a94ae433a4d5c32ab
1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:47 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Sat, 10 May 2025 18:34:47 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=645d0313-7d7f-469b-9b9c-515f9d7f5a63&prev_step_diff=895

45.133.44.25

200 OK

486 B

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=645d0313-7d7f-469b-9b9c-515f9d7f5a63&prev_step_diff=895
IP
45.133.44.25:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
486 B (486 bytes)
Hash
ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=645d0313-7d7f-469b-9b9c-515f9d7f5a63&prev_step_diff=895 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:47 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Sat, 10 May 2025 18:34:47 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=e04ae799-0436-4b9d-8366-4f85d280724d&prev_step_diff=922

45.133.44.25

200 OK

486 B

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=e04ae799-0436-4b9d-8366-4f85d280724d&prev_step_diff=922
IP
45.133.44.25:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
486 B (486 bytes)
Hash
ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=e04ae799-0436-4b9d-8366-4f85d280724d&prev_step_diff=922 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:47 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Sat, 10 May 2025 18:34:47 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

imgsdn.com/ie?v=4&c=lPw34fhg5WMWncYr_Q-mWfN3Ck2IwFYtRWPiU-nxC66MJyNbog9KW89v5eoggZWUiggJfBEXAlbx07Sfq-wu8EO6QLEjjt4k8bNEZnUifESuNj6vcKJZFLg318nBZm1Kw_1svWhd1tURZk1480JZEhu0kMYFb1Wx93gPUfOfwIQpe8qfEekXsy_YxTTGffHiXPuygeSH3xKQO1dTzBTHxH4pHoLTA284ECOg4eOjkl5_4ahTMTlu5Go5avHBcw7qvL6i-o6GHvXZ3-BP4EGFgu0LbBonuD0qfpJJNg_PqKbMPOfQr4m4ec4TQeRB_af3SY6qyUQZXRKEBQ5PEw3CXaahHFdkab72AHv-AV6YSQuNZ6T8ysbUYW_auLMcek1kQH-9oLVHMJb5USvsa0Ms3jvd4g-QVQL9sNpiIBrPf-F6Lu1lHmztQf22dRUwJw==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&st=0.02&cpa=da1a3d3f-0f3a-413a-a4da-de7152792f9d&prev_step_diff=922

162.55.246.161

301 Moved Permanently

0 B

URL GET HTTP/1.1
imgsdn.com/ie?v=4&c=lPw34fhg5WMWncYr_Q-mWfN3Ck2IwFYtRWPiU-nxC66MJyNbog9KW89v5eoggZWUiggJfBEXAlbx07Sfq-wu8EO6QLEjjt4k8bNEZnUifESuNj6vcKJZFLg318nBZm1Kw_1svWhd1tURZk1480JZEhu0kMYFb1Wx93gPUfOfwIQpe8qfEekXsy_YxTTGffHiXPuygeSH3xKQO1dTzBTHxH4pHoLTA284ECOg4eOjkl5_4ahTMTlu5Go5avHBcw7qvL6i-o6GHvXZ3-BP4EGFgu0LbBonuD0qfpJJNg_PqKbMPOfQr4m4ec4TQeRB_af3SY6qyUQZXRKEBQ5PEw3CXaahHFdkab72AHv-AV6YSQuNZ6T8ysbUYW_auLMcek1kQH-9oLVHMJb5USvsa0Ms3jvd4g-QVQL9sNpiIBrPf-F6Lu1lHmztQf22dRUwJw==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&st=0.02&cpa=da1a3d3f-0f3a-413a-a4da-de7152792f9d&prev_step_diff=922
IP
162.55.246.161:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectnimrute.com
Fingerprint62:14:81:C5:22:FF:BC:AE:08:65:E3:D0:0B:CF:4A:19:B3:2A:20:52
ValidityMon, 06 May 2024 11:20:27 GMT - Sun, 04 Aug 2024 11:20:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ie?v=4&c=lPw34fhg5WMWncYr_Q-mWfN3Ck2IwFYtRWPiU-nxC66MJyNbog9KW89v5eoggZWUiggJfBEXAlbx07Sfq-wu8EO6QLEjjt4k8bNEZnUifESuNj6vcKJZFLg318nBZm1Kw_1svWhd1tURZk1480JZEhu0kMYFb1Wx93gPUfOfwIQpe8qfEekXsy_YxTTGffHiXPuygeSH3xKQO1dTzBTHxH4pHoLTA284ECOg4eOjkl5_4ahTMTlu5Go5avHBcw7qvL6i-o6GHvXZ3-BP4EGFgu0LbBonuD0qfpJJNg_PqKbMPOfQr4m4ec4TQeRB_af3SY6qyUQZXRKEBQ5PEw3CXaahHFdkab72AHv-AV6YSQuNZ6T8ysbUYW_auLMcek1kQH-9oLVHMJb5USvsa0Ms3jvd4g-QVQL9sNpiIBrPf-F6Lu1lHmztQf22dRUwJw==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-b_l-body&st=0.02&cpa=da1a3d3f-0f3a-413a-a4da-de7152792f9d&prev_step_diff=922 HTTP/1.1
Host: imgsdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Fri, 10 May 2024 18:34:47 GMT
content-length: 0
location: https://img.vmmcdn.com/get/19802132/551816_icon.png
x-app-id: 11

metrolagu.cam/embed.css

188.114.97.1

200 OK

395 B

URL GET HTTP/3
metrolagu.cam/embed.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/video?q=jiwa+yang+bersedih
Certificate
IssuerGoogle Trust Services LLC
Subjectmetrolagu.cam
Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD
ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT

File type
ASCII text
Size
395 B (395 bytes)
Hash
1ac57b2fc858076467716fbad9268b05
94b3c1ff894b4cb316dfe90962b64db541bb3c46
6291ad32f03939ee9eb7cf8d62641115d0962e49b4869358c1ddee6271d9f0bf

HTTP Headers

GET /embed.css HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/video?q=jiwa+yang+bersedih
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 18:34:47 GMT
content-type: text/css
last-modified: Thu, 28 Sep 2023 15:07:59 GMT
vary: Accept-Encoding
etag: W/"651596cf-446"
expires: Fri, 10 May 2024 18:47:19 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: HIT
age: 42447
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MoRe1aOQ%2BSf6wNdE%2FNarhIjJfuSN9V9eV6NVW66cKDY%2B%2BQ%2FhjMrvnfTxQj2zgjkIXlSGqvg46sTgM9a3JDqHldXkG1vQwre0Pocvf%2B2HnXUUckKqSIJbDwipuhl3XBwP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c067f6d961c16-OSL
alt-svc: h3=":443"; ma=86400

paronymtethery.com/rSfAH4Kr7lm28/64343

23.109.170.224

200 OK

20 B

URL GET HTTP/1.1
paronymtethery.com/rSfAH4Kr7lm28/64343
IP
23.109.170.224:443
ASN
#7979 SERVERS-COM

Requested by
https://metrolagu.cam/video?q=jiwa+yang+bersedih
Certificate
IssuerLet's Encrypt
Subjectparonymtethery.com
Fingerprint63:F2:88:89:1F:F8:81:BA:AE:2C:AE:99:FD:C3:5F:47:2F:0B:DE:F1
ValidityMon, 29 Apr 2024 18:59:43 GMT - Sun, 28 Jul 2024 18:59:42 GMT

File type
gzip compressed data, from Unix
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rSfAH4Kr7lm28/64343 HTTP/1.1
Host: paronymtethery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 18:34:47 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://metrolagu.cam
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sat, 11-May-2024 18:34:47 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sat, 11-May-2024 18:34:47 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

img.vmmcdn.com/get/36870469/551816_image.jpg

46.4.121.113

200 OK

12 kB

URL GET HTTP/2
img.vmmcdn.com/get/36870469/551816_image.jpg
IP
46.4.121.113:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectimg.vmmcdn.com
Fingerprint35:E7:50:83:81:F0:56:72:43:78:A5:4D:BF:00:F7:2C:AD:25:0F:C4
ValiditySat, 13 Apr 2024 08:24:46 GMT - Fri, 12 Jul 2024 08:24:45 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 720x480, components 3
Size
12 kB (12075 bytes)
Hash
ee921bcd225785444d8ab128ca1d0941
e92f5588c738df6912e3658d883aeb66b486560b
4da4a312766a4b2e3cb69b5d7188a4b073e757ae350687ac22b3dfa81fccf15c

HTTP Headers

GET /get/36870469/551816_image.jpg HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.14.1
date: Fri, 10 May 2024 18:34:47 GMT
content-type: image/jpeg
content-length: 12075
last-modified: Wed, 27 Mar 2024 08:33:26 GMT
cache-control: public, max-age=604800
etag: "6603d9d6-2f2b"
x-proxy-cache: HIT
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: x-requested-with
access-control-allow-headers: x-requested-with
accept-ranges: bytes
X-Firefox-Spdy: h2

img.vmmcdn.com/get/19802132/551816_icon.png

46.4.121.113

200 OK

23 kB

URL GET HTTP/2
img.vmmcdn.com/get/19802132/551816_icon.png
IP
46.4.121.113:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectimg.vmmcdn.com
Fingerprint35:E7:50:83:81:F0:56:72:43:78:A5:4D:BF:00:F7:2C:AD:25:0F:C4
ValiditySat, 13 Apr 2024 08:24:46 GMT - Fri, 12 Jul 2024 08:24:45 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
23 kB (23172 bytes)
Hash
4d5759f010e127f070785e4925447047
22919607ad63be452b8a5aa4324a7d1c2855b074
6d1b78db1808b279554f122373ff2fd4e448313c41d199d92a929e31d2825931

HTTP Headers

GET /get/19802132/551816_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.1
date: Fri, 10 May 2024 18:34:47 GMT
content-type: image/png
content-length: 23172
last-modified: Wed, 27 Mar 2024 08:33:26 GMT
cache-control: public, max-age=604800
etag: "6603d9d6-5a84"
x-proxy-cache: HIT
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: x-requested-with
access-control-allow-headers: x-requested-with
accept-ranges: bytes
X-Firefox-Spdy: h2

img.vmmcdn.com/get/44563324/551815_image.jpg

138.201.51.142

200 OK

12 kB

URL GET HTTP/1.1
img.vmmcdn.com/get/44563324/551815_image.jpg
IP
138.201.51.142:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectimg.vmmcdn.com
FingerprintA8:37:00:E2:01:F9:B8:25:04:DA:47:64:57:0E:0B:64:E3:8A:0B:C7
ValidityFri, 12 Apr 2024 20:58:24 GMT - Thu, 11 Jul 2024 20:58:23 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 720x480, components 3
Size
12 kB (12075 bytes)
Hash
ee921bcd225785444d8ab128ca1d0941
e92f5588c738df6912e3658d883aeb66b486560b
4da4a312766a4b2e3cb69b5d7188a4b073e757ae350687ac22b3dfa81fccf15c

HTTP Headers

GET /get/44563324/551815_image.jpg HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 18:34:47 GMT
Content-Type: image/jpeg
Content-Length: 12075
Connection: keep-alive
Last-Modified: Wed, 27 Mar 2024 08:33:26 GMT
Cache-Control: public, max-age=604800
ETag: "6603d9d6-2f2b"
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Request-Headers: x-requested-with
Access-Control-Allow-Headers: x-requested-with
Accept-Ranges: bytes

img.vmmcdn.com/get/31532110/551815_icon.png

46.4.121.113

200 OK

13 kB

URL GET HTTP/2
img.vmmcdn.com/get/31532110/551815_icon.png
IP
46.4.121.113:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectimg.vmmcdn.com
Fingerprint35:E7:50:83:81:F0:56:72:43:78:A5:4D:BF:00:F7:2C:AD:25:0F:C4
ValiditySat, 13 Apr 2024 08:24:46 GMT - Fri, 12 Jul 2024 08:24:45 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
13 kB (12875 bytes)
Hash
d33d90c506dc28ad22627e5bb03234f0
2ab58d0b5c7ba191391bdc5f9ac011276f0aa281
87ca14c510fabadfcdde2e1bf5211f364d6f441aa156fb0c3426318d6d33cc4f

HTTP Headers

GET /get/31532110/551815_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.1
date: Fri, 10 May 2024 18:34:47 GMT
content-type: image/png
content-length: 12875
last-modified: Wed, 27 Mar 2024 08:33:26 GMT
cache-control: public, max-age=604800
etag: "6603d9d6-324b"
x-proxy-cache: HIT
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: x-requested-with
access-control-allow-headers: x-requested-with
accept-ranges: bytes
X-Firefox-Spdy: h2

mcpuwpsh.com/get/

94.130.197.240

200 OK

3.9 kB

URL POST HTTP/2
mcpuwpsh.com/get/
IP
94.130.197.240:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectpuwpush.com
Fingerprint60:3D:AE:BF:9C:57:C3:AF:D6:50:E5:93:92:FB:E9:F2:F8:E6:E1:92
ValidityWed, 01 May 2024 01:51:05 GMT - Tue, 30 Jul 2024 01:51:04 GMT

File type
JSON text data
Size
3.9 kB (3929 bytes)
Hash
5a09cf8694cbf8ef959c7c36c4efba9a
7a48b8947a3ea2ccf3d3b5729cd75f5639c6e616
a2e88050f20453cb89fa1c955eb1fa640d31a578aeef174ce48664e277f53a35

HTTP Headers

POST /get/ HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://poop.com.co/
Content-Type: text/plain;charset=UTF-8
Content-Length: 941
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.16.0
date: Fri, 10 May 2024 18:34:48 GMT
content-type: application/json
content-length: 3929
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

yu2be.com/embud/68316271574a3147506162

188.114.96.1

200 OK

10 kB

URL GET HTTP/2
yu2be.com/embud/68316271574a3147506162
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectyu2be.com
Fingerprint3C:30:E2:11:42:30:CD:21:F1:06:87:EC:9F:A9:56:40:57:B2:4C:EF
ValiditySun, 14 Apr 2024 02:05:14 GMT - Sat, 13 Jul 2024 02:05:13 GMT

File type
HTML document, ASCII text
Size
10 kB (9994 bytes)
Hash
910f36e5c7a21e840616c3cf6ba02a62
e53ec9038471cff01ea9ff4fc39947d1e7cbccd8
0021b0076b624f74b98b3c4a29593961460bd05d202877dc58269826adfe634a

HTTP Headers

GET /embud/68316271574a3147506162 HTTP/1.1
Host: yu2be.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:46 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xacT2suJ2kq3Eq1dbJmUl28ds5kDAJh8yp%2F5DzhsI3RHvRwnKi4r4fXDgykTMfw0Cqj1dKYlHCWFVO08tzsEN30WL6BWcliG6nKR6BzFtaiVVi41I1YxUdfeb%2F8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c0675c9b3712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

metrolagu.cam/play.svg

188.114.97.1

200 OK

6.0 kB

URL GET HTTP/3
metrolagu.cam/play.svg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/video?q=jiwa+yang+bersedih
Certificate
IssuerGoogle Trust Services LLC
Subjectmetrolagu.cam
Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD
ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT

File type
SVG Scalable Vector Graphics image
Size
6.0 kB (5988 bytes)
Hash
85f08506e5a64050719e7e18a26cd9c4
cda07433539f1346406e7dde1a92ea6346d593d7
b6280b025f54d1e117f8515da139cc3d7c64955a5342fd81498431578336dd08

HTTP Headers

GET /play.svg HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/embed.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 10 May 2024 18:34:47 GMT
content-type: image/svg+xml
last-modified: Thu, 21 Sep 2023 10:51:20 GMT
etag: W/"650c2028-279"
cache-control: max-age=14400
cf-cache-status: HIT
age: 431
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k8F%2FYdlDoIS%2BVT9yfFgTkebO2Astr0YRCo6MU9%2BtulrZaOL4EkcR%2B%2FQNQtoSTKeWOoaIdAsYgJwUY9F9O0i%2B9x5XOEqS%2FXDNbQ%2Bj0T9wBlpRRV1MP57V2dxv9mnSbNoo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881c06809f131c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

poop.com.co/d/baPG1JWqb1h

172.67.136.38

200 OK

14 kB

URL User Request GET HTTP/2
poop.com.co/d/baPG1JWqb1h
IP
172.67.136.38:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectpoop.com.co
FingerprintEA:EE:EE:71:08:93:82:E5:DD:72:09:B4:34:3A:43:B8:CC:B7:6D:7F
ValidityWed, 10 Apr 2024 13:32:28 GMT - Tue, 09 Jul 2024 13:32:27 GMT

File type
HTML document, ASCII text, with very long lines (6442)
Size
14 kB (13483 bytes)
Hash
777a42175ee20e09c825d206e19689d3
84eb094cb2893854b61f7fb48fcb2e8b870b2134
31bf538fed4d62748984732d35dd727f5d2da5d4ebb828e04e16e13b647dbc7a

HTTP Headers

GET /d/baPG1JWqb1h HTTP/1.1
Host: poop.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:45 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=1200
cf-cache-status: MISS
last-modified: Fri, 10 May 2024 18:34:45 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3kZ%2FYgQde5QFDO2YgOXgsK0XohIgD1Sko9puJq0bzgIWAyHjaI68BXvu3mkrlcgny9yraLizf3ytFxoYS9mXGTC7USbpQNpPVhXqWEBdGv6yd%2B4D5nqTKFteD8iVVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c066f7bedb50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

mordoops.com/?rb=DDqPz5JAuAAbVYZLkrOneP2D2Ht8n6bAjCbMIDBW9x5XMeUYkZr1nzjmtAp6f4WY23DP7HYSn4NxvEaRZONDSIGpHEFt759lEAqLyCLWSeszsJ3IjkxXbjVQoZcI0DNnhV0IDh9dqV1CZ5z3EP31uzB7MxYQaBhJU1X6EZkR8EIYKZf5S0-VO-jo1paqVroETszUzKssnOtUvaMuGv5xUKC89iM7VMfwPwTTdhDPKDqkNYb0d6mlP2XT8-cL9snQxly9ng%3D%3D&request_ab2=0&zoneid=6651943&js_build=iclick-v1.792.1-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fyu2be.com%2Fwatch%3FV%3DCBx6e9cZlBQ&drf=https%3A%2F%2Fyu2be.com%2Fembud%2F68316271574a3147506162&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.792.1-auto&navlng=en-US&pnt=0&pnrc=0&bs=7fe39ee0-0b84-4297-a2fe-1c2af01f1bee&wasm=1&userId=00805870c7a5489fed530dd60cc6d848&m=link

139.45.197.244

200 OK

2.4 kB

URL GET HTTP/2
mordoops.com/?rb=DDqPz5JAuAAbVYZLkrOneP2D2Ht8n6bAjCbMIDBW9x5XMeUYkZr1nzjmtAp6f4WY23DP7HYSn4NxvEaRZONDSIGpHEFt759lEAqLyCLWSeszsJ3IjkxXbjVQoZcI0DNnhV0IDh9dqV1CZ5z3EP31uzB7MxYQaBhJU1X6EZkR8EIYKZf5S0-VO-jo1paqVroETszUzKssnOtUvaMuGv5xUKC89iM7VMfwPwTTdhDPKDqkNYb0d6mlP2XT8-cL9snQxly9ng%3D%3D&request_ab2=0&zoneid=6651943&js_build=iclick-v1.792.1-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fyu2be.com%2Fwatch%3FV%3DCBx6e9cZlBQ&drf=https%3A%2F%2Fyu2be.com%2Fembud%2F68316271574a3147506162&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.792.1-auto&navlng=en-US&pnt=0&pnrc=0&bs=7fe39ee0-0b84-4297-a2fe-1c2af01f1bee&wasm=1&userId=00805870c7a5489fed530dd60cc6d848&m=link
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://yu2be.com/watch?V=CBx6e9cZlBQ
Certificate
IssuerLet's Encrypt
Subjectmordoops.com
Fingerprint0B:32:D8:40:AB:56:05:9B:BD:33:D8:55:19:05:B0:A5:45:79:BA:1D
ValiditySun, 28 Apr 2024 05:23:29 GMT - Sat, 27 Jul 2024 05:23:28 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2456), with no line terminators
Size
2.4 kB (2433 bytes)
Hash
ef5f6eef4d518bf2ed3f4f7be508aa03
5a0fcb42158ebdd41e480e3f9b7faa5169779770
df9d8f9312221b1091ad4408b51e2f443cda10b7265a381729b96ccfc1181c94

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=DDqPz5JAuAAbVYZLkrOneP2D2Ht8n6bAjCbMIDBW9x5XMeUYkZr1nzjmtAp6f4WY23DP7HYSn4NxvEaRZONDSIGpHEFt759lEAqLyCLWSeszsJ3IjkxXbjVQoZcI0DNnhV0IDh9dqV1CZ5z3EP31uzB7MxYQaBhJU1X6EZkR8EIYKZf5S0-VO-jo1paqVroETszUzKssnOtUvaMuGv5xUKC89iM7VMfwPwTTdhDPKDqkNYb0d6mlP2XT8-cL9snQxly9ng%3D%3D&request_ab2=0&zoneid=6651943&js_build=iclick-v1.792.1-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fyu2be.com%2Fwatch%3FV%3DCBx6e9cZlBQ&drf=https%3A%2F%2Fyu2be.com%2Fembud%2F68316271574a3147506162&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.792.1-auto&navlng=en-US&pnt=0&pnrc=0&bs=7fe39ee0-0b84-4297-a2fe-1c2af01f1bee&wasm=1&userId=00805870c7a5489fed530dd60cc6d848&m=link HTTP/1.1
Host: mordoops.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://yu2be.com/
Origin: https://yu2be.com
DNT: 1
Connection: keep-alive
Cookie: OAID=00805870c7a5489fed530dd60cc6d848; oaidts=1715366087
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 18:34:47 GMT
content-type: application/json
x-trace-id: 275c20aa3a448fdb2f4d6c62275948ec
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://yu2be.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=00805870c7a5489fed530dd60cc6d848; expires=Sat, 10 May 2025 18:34:47 GMT; path=/; secure; SameSite=None
oaidts=1715366087; expires=Sat, 10 May 2025 18:34:47 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Fri, 17 May 2024 18:34:47 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

ef34ee98f7.0b2d458c45.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIyNDI5NDIwMzAyNDU3OTc1MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIyLjAiLCJ0YWdfaWQiOjExNDAzOSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjE5LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9

45.133.44.53

200 OK

0 B

URL GET HTTP/2
ef34ee98f7.0b2d458c45.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIyNDI5NDIwMzAyNDU3OTc1MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIyLjAiLCJ0YWdfaWQiOjExNDAzOSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjE5LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectef34ee98f7.0b2d458c45.com
Fingerprint7E:FF:35:2B:6F:6E:5F:D7:37:70:83:6B:E4:B9:B9:4C:4B:D8:3A:6B
ValidityTue, 07 May 2024 02:50:30 GMT - Mon, 05 Aug 2024 02:50:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIyNDI5NDIwMzAyNDU3OTc1MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIyLjAiLCJ0YWdfaWQiOjExNDAzOSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjE5LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9 HTTP/1.1
Host: ef34ee98f7.0b2d458c45.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:46 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

nereserv.com/in/dip?site=native-push&wl=1&event_id=513125c2-adf1-4bc4-8dc4-8cbbbe23b462&subid=357529620&sid=3736243528&spot_id=418774&created_at=2024-05-10&timezone=0&ver=7.282.0-b&is_native=1

94.130.198.6

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?site=native-push&wl=1&event_id=513125c2-adf1-4bc4-8dc4-8cbbbe23b462&subid=357529620&sid=3736243528&spot_id=418774&created_at=2024-05-10&timezone=0&ver=7.282.0-b&is_native=1
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?site=native-push&wl=1&event_id=513125c2-adf1-4bc4-8dc4-8cbbbe23b462&subid=357529620&sid=3736243528&spot_id=418774&created_at=2024-05-10&timezone=0&ver=7.282.0-b&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 18:34:46 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

362e373497.4a5936c82e.com/7698a17895f73c188dad8386e8798de5.js

45.133.44.53

200 OK

168 kB

URL GET HTTP/2
362e373497.4a5936c82e.com/7698a17895f73c188dad8386e8798de5.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subject362e373497.4a5936c82e.com
Fingerprint03:2C:29:06:2C:BE:AB:D5:79:11:0B:D4:B3:BA:B3:AD:38:71:7F:C2
ValidityTue, 07 May 2024 02:20:30 GMT - Mon, 05 Aug 2024 02:20:29 GMT

File type

Size
168 kB (168338 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /7698a17895f73c188dad8386e8798de5.js HTTP/1.1
Host: 362e373497.4a5936c82e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:46 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 24 Apr 2024 09:09:17 GMT
etag: W/"6628cc3d-29192"
content-encoding: gzip
expires: Fri, 10 May 2024 18:39:46 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

storage.multstorage.com/log/count.html

104.21.30.242

200 OK

882 B

URL GET HTTP/2
storage.multstorage.com/log/count.html
IP
104.21.30.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerGoogle Trust Services LLC
Subjectmultstorage.com
Fingerprint63:F0:24:29:21:22:E5:42:33:61:B5:20:05:1B:EF:36:81:F5:7B:0A
ValiditySun, 17 Mar 2024 08:38:54 GMT - Sat, 15 Jun 2024 08:38:53 GMT

File type
HTML document, ASCII text, with very long lines (919), with no line terminators
Size
882 B (882 bytes)
Hash
053b1fe641da8057571d40ebaf1624ab
09b2648b7d08c84621298f0b939cea5170a65022
6606334874a3edb8295831f41d3684433e4553ffe0a72e58c90926e00f39c6a4

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:46 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: dec9fe28a4e369b4603347be3d197473
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F%2BSXL%2FOnE%2B2X0KTLDCRFQNSyz3bv8Mc5UJCa9uF6o1lvFIsm0kGNF3QWiicGpIT4EYB7zQKz2Fb27JuUrI3T92OT2UbGSvQAy2xsVS6j90wYLq2H9iiZeqW0WgW4cJwHQmlgykop679Q1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c0678780fb4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

metrolagu.cam/video?q=jiwa+yang+bersedih

188.114.97.1

200 OK

6.8 kB

URL POST HTTP/3
metrolagu.cam/video?q=jiwa+yang+bersedih
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://yu2be.com/watch?V=CBx6e9cZlBQ
Certificate
IssuerGoogle Trust Services LLC
Subjectmetrolagu.cam
Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD
ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT

File type
HTML document, ASCII text, with very long lines (6896), with no line terminators
Size
6.8 kB (6811 bytes)
Hash
47a254bffbb2dfefbbb9ab2556dca12a
d258daaf50968c57959f34763399cd646bae06c1
d3b8026d0558dda6d227845ea1699685f45618b6efe205d0952954b6f504c1e3

HTTP Headers

POST /video?q=jiwa+yang+bersedih HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/jembud/68316271574a3147506162
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 18:34:47 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JxKwEbgCdK6wVC%2FBqvyp43IOYeTI8i03zlOnL4hJpsMBNDNqvV2eS21oaynnx%2FOYHWbs0H6iNrMPwYGjLoAQimwi2NDkumGEAT97gLPw5lmbLak6rKOAYYgJkcKGaVK3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c067e7c701c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

362e373497.4a5936c82e.com/bab8dec8e1057da5f79fefbe940ff7d4/114039?version_name=d

45.133.44.53

200 OK

3.3 kB

URL GET HTTP/2
362e373497.4a5936c82e.com/bab8dec8e1057da5f79fefbe940ff7d4/114039?version_name=d
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subject362e373497.4a5936c82e.com
Fingerprint03:2C:29:06:2C:BE:AB:D5:79:11:0B:D4:B3:BA:B3:AD:38:71:7F:C2
ValidityTue, 07 May 2024 02:20:30 GMT - Mon, 05 Aug 2024 02:20:29 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3671), with no line terminators
Size
3.3 kB (3257 bytes)
Hash
0bef8a7654f3e017603316998cb6fe8b
bfd42c73204202fe266027d731a419c11883f00d
af9803fafc418900ba0de2787973ef0d06d495deb26ecb1081906dfe469872c8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bab8dec8e1057da5f79fefbe940ff7d4/114039?version_name=d HTTP/1.1
Host: 362e373497.4a5936c82e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:46 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Fri, 10 May 2024 18:39:46 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

assets.poopcdn.com/embed2.css

188.114.96.1

200 OK

2.3 kB

URL GET HTTP/2
assets.poopcdn.com/embed2.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A
ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT

File type
ASCII text, with very long lines (2279), with no line terminators
Size
2.3 kB (2267 bytes)
Hash
f966df8b666f4e6af52c4c5972958a8d
59c598587c742cdd8211376b6a124c27a6a2dc52
943cf282560a6d9565816a7feeaa67cb91804127cf2d34686c932039bec26622

HTTP Headers

GET /embed2.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:45 GMT
content-type: text/css
etag: W/"504eba00908d13eb47133d1f92f8048a"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 627
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=isXZE6trJkXt3yM%2Fe6WWIh2ze3CFaQwC5bGwCmVPqdle7RnlEhd6urn35ok9MFyjdWp2rvP5GRgXTESXycnU0DQu4t7Fo4v0varEoyzOG5Q3l%2FZUGcCx3D4GG2lOockovP718Vw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c06738d1b56b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

metrolagu.cam/jembud/68316271574a3147506162

188.114.97.1

200 OK

249 B

URL GET HTTP/2
metrolagu.cam/jembud/68316271574a3147506162
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://yu2be.com/watch?V=CBx6e9cZlBQ
Certificate
IssuerGoogle Trust Services LLC
Subjectmetrolagu.cam
Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD
ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT

File type
HTML document, ASCII text, with no line terminators
Size
249 B (249 bytes)
Hash
a681a8b0d2137a57ff723ea77305f361
bfa1cdcd4440b317669aca265471f067a3c215f0
6b94d9e490e69f8846e1591b4711371b997c6eb02188d15fb8dcd5d02a69482e

HTTP Headers

GET /jembud/68316271574a3147506162 HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:47 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DyQ7NVtzHEhz994%2BlRtEfrJSTbGnbDRq6ZhMmaOsqWt1xD1DFGs2QlxgAx%2Fa0TSvkmf8o%2BoWoiboUwP%2B6PZtAI7g7AebKLRCycv49YncsJXXc5mpa2tcDw4Wbx8tU053"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c067be99056ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

mordoops.com/5/6651943/?oo=1&aab=1

139.45.197.244

200 OK

2.9 kB

URL GET HTTP/2
mordoops.com/5/6651943/?oo=1&aab=1
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://yu2be.com/watch?V=CBx6e9cZlBQ
Certificate
IssuerLet's Encrypt
Subjectmordoops.com
Fingerprint0B:32:D8:40:AB:56:05:9B:BD:33:D8:55:19:05:B0:A5:45:79:BA:1D
ValiditySun, 28 Apr 2024 05:23:29 GMT - Sat, 27 Jul 2024 05:23:28 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3094), with no line terminators
Size
2.9 kB (2850 bytes)
Hash
463ad7895a54c93700c6dc82ea35469a
99e78912441719730e90e0de7dc33592084fbb80
00171d1dc3e6f54d62ee6bafef57c4618388aae094bc6a1a1edc73d741d12075

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6651943/?oo=1&aab=1 HTTP/1.1
Host: mordoops.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://yu2be.com
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 18:34:47 GMT
content-type: application/json
x-trace-id: 93a2f18eac91972d8bfc605d7ae3e910
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://yu2be.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00805870c7a5489fed530dd60cc6d848; expires=Sat, 10 May 2025 18:34:47 GMT; path=/; secure; SameSite=None
oaidts=1715366087; expires=Sat, 10 May 2025 18:34:47 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

yu2be.com/embed.css

188.114.96.1

200 OK

1.1 kB

URL GET HTTP/3
yu2be.com/embed.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://yu2be.com/watch?V=CBx6e9cZlBQ
Certificate
IssuerLet's Encrypt
Subjectyu2be.com
Fingerprint3C:30:E2:11:42:30:CD:21:F1:06:87:EC:9F:A9:56:40:57:B2:4C:EF
ValiditySun, 14 Apr 2024 02:05:14 GMT - Sat, 13 Jul 2024 02:05:13 GMT

File type
ASCII text, with very long lines (1145), with no line terminators
Size
1.1 kB (1094 bytes)
Hash
69c7d11151f7c8da1183e16ec826fd58
e20f5a01a0e67b7e5a8966ef0e36894ffa1e7ecf
360cdfd896a7ee8339aa947d0ea0457e3463ec025f989ef2e683c1ea4719d7d1

HTTP Headers

GET /embed.css HTTP/1.1
Host: yu2be.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/watch?V=CBx6e9cZlBQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 18:34:46 GMT
content-type: text/css
last-modified: Thu, 23 Nov 2023 00:03:15 GMT
vary: Accept-Encoding
etag: W/"655e96c3-446"
expires: Fri, 10 May 2024 20:25:56 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: HIT
age: 36530
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TNgD7O%2B%2BkipYIraxY0qPVDNRy8FQYB72pCp52l%2BpKl2MwxJt9EQ9sPcSpC2BFIHkDmodSxhf%2Bqs0Cf8piVI6AoLF5TeoHq7nSGsDJ06GchpJcyxgzJIoI0KK%2BSM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c067a9ddd1c06-OSL
alt-svc: h3=":443"; ma=86400

yu2be.com/watch?V=CBx6e9cZlBQ

188.114.96.1

200 OK

60 kB

URL POST HTTP/3
yu2be.com/watch?V=CBx6e9cZlBQ
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectyu2be.com
Fingerprint3C:30:E2:11:42:30:CD:21:F1:06:87:EC:9F:A9:56:40:57:B2:4C:EF
ValiditySun, 14 Apr 2024 02:05:14 GMT - Sat, 13 Jul 2024 02:05:13 GMT

File type
JavaScript source, ASCII text, with very long lines (59459)
Size
60 kB (59992 bytes)
Hash
43c33ffe227437acf459470caedac701
7ea56833d1d25145548bb37f0c09fc5569b37998
ed800329aaa373e9f7a90857146d302681d08d1d33e5332d19f1ce6f6c91eec4

HTTP Headers

POST /watch?V=CBx6e9cZlBQ HTTP/1.1
Host: yu2be.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
Origin: https://yu2be.com
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/embud/68316271574a3147506162
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 18:34:46 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L8%2B2jRKq%2FPzWFPdGnE0Ejd7yffZEEV8zLGvrq9peMFhH8IujHPGwKRVkY8PQxlNBQlPF8VKKvGKIJWQkwztGHC1jK0P4mhi5ALprkbjS3ts6zZ059yCq2wKQ%2BKk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c067819f01c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

mordoops.com/tag.min.js

139.45.197.244

200 OK

90 kB

URL GET HTTP/2
mordoops.com/tag.min.js
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://yu2be.com/watch?V=CBx6e9cZlBQ
Certificate
IssuerLet's Encrypt
Subjectmordoops.com
Fingerprint0B:32:D8:40:AB:56:05:9B:BD:33:D8:55:19:05:B0:A5:45:79:BA:1D
ValiditySun, 28 Apr 2024 05:23:29 GMT - Sat, 27 Jul 2024 05:23:28 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
90 kB (90313 bytes)
Hash
e3024b1a3cbcc47f3eef4bab101c0b7f
73f6d27a2ff5cbf11ab455917016b5f70ba63444
41e1c3be0f91a1766e024356a7c4feee73a360f9f5691b79d6ceab270fd51edc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: mordoops.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 18:34:47 GMT
content-type: text/javascript; charset=utf-8
content-length: 28450
content-encoding: br
x-trace-id: a760f6bcd4368a6dfb744e9d00a270ee
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Thu, 09 May 2024 21:43:03 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

assets.poopcdn.com/bootstrap.min.css

188.114.96.1

200 OK

209 kB

URL GET HTTP/2
assets.poopcdn.com/bootstrap.min.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A
ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT

File type
ASCII text, with very long lines (625)
Size
209 kB (208810 bytes)
Hash
3ad35d9c124d6c7d13f776dde0df9286
1bfc432b338ca01be6b05ab8e87f4a63caa8d82b
10c142c79bbbfe42ce677eedeee70f918de0e759feabc175f423543aee886a6b

HTTP Headers

GET /bootstrap.min.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:45 GMT
content-type: text/css
etag: W/"3ad35d9c124d6c7d13f776dde0df9286"
last-modified: Thu, 14 Mar 2024 17:13:03 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 627
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ERwI3Qqhme4RyZKvd6Gcpay70varcDOWLN4VXVVcss%2FgQykDlHn6PpeaEdwem50KzuWzMoE0QR5TCSEmqLgHIZuZXQOxXHXp4qHeMadyowKcxPkleWD15QKk4T%2BhWf7TjFnPEkk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c06739d2c56b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

yu2be.com/watch?V=CBx6e9cZlBQ

188.114.96.1

200 OK

0 B

URL HEAD HTTP/3
yu2be.com/watch?V=CBx6e9cZlBQ
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://yu2be.com/watch?V=CBx6e9cZlBQ
Certificate
IssuerLet's Encrypt
Subjectyu2be.com
Fingerprint3C:30:E2:11:42:30:CD:21:F1:06:87:EC:9F:A9:56:40:57:B2:4C:EF
ValiditySun, 14 Apr 2024 02:05:14 GMT - Sat, 13 Jul 2024 02:05:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /watch?V=CBx6e9cZlBQ HTTP/1.1
Host: yu2be.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/watch?V=CBx6e9cZlBQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 10 May 2024 18:34:47 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Fri, 10 May 2024 01:00:28 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V6i7qHouGKGUGWCOf%2FNNj1ARW3XDyew9RDAGlMPPNTfnbi2NHw1Z4gQhT6kceEaX%2By0dls%2FNiflaWADe8wNCNYolvP4YD4Sibn5iI8u3r80w8eO9oRPxQmyhT1Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c067b2eac1c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

assets.poopcdn.com/style.css

188.114.96.1

200 OK

259 kB

URL GET HTTP/2
assets.poopcdn.com/style.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A
ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT

File type
ASCII text
Size
259 kB (259373 bytes)
Hash
f94acf4d0db64b4a710fc6fce3bc2a49
63753e2bb0367b37084eba7690d9fb752667ecd3
f4c109f2e81af1df1cf0c41934f699fa249176cb27c7b554d3bc664c89fc1340

HTTP Headers

GET /style.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 18:34:45 GMT
content-type: text/css
etag: W/"f94acf4d0db64b4a710fc6fce3bc2a49"
last-modified: Thu, 14 Mar 2024 17:13:04 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 627
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lWhQRey9ns2%2FzpjpPk9tFggERe3I3ryT1Dter6ryUdcfJulyNshopHz5B6qsmfEeLxmXN%2F4yAtqfZPRp4Kw9hFBqEDQfRgLdMq3ZqmaZI%2FTx4GNe7zNEPrA%2BBpxn63YlDtT1Bgw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881c06738d1156b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

imgsdn.com/ie?v=4&c=DvJmootidPTX6TVi7HVypvqMEQoGv58DeaLIASnEbh3tPBDgyqg0y4i0fBEAEnEfEYwvcN7dHt17UlM0IIQpA_XL9DPO-_7ExuDi4557lFm3zkpj7E8gKJ3WV643dhyWGlrSFwt9RPnZHtcZlDsmEXjAL98B8mzTiB8QOy1utCWi9J10ZbZ_5gbrI2o4VMj6PmaCtG5-_4HE8qUSrScOl1YSd5jrpEKWihWSe_GA0moDFuweIyw4ySoJyYOg0fdZpsUhTHrHyUhbCHcfeeWhocx23YL_ZdIsC7BOSA4Wf5wUG1vg8Cg74u7e_LsdM7wq-YdFiMsoRs6T8sxv9Lcuye3tp0u7-_KTL1NX3lUAfaOOuSX6Uj_CJKFeLMHetTVfBgFHyVHKgfnINO30XDoiZGVYZhZT_zP0BTeLWlZh4C2thKZyKIfGRUXj-BuGSQ==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=411bbb63-daf3-4860-a835-5dd264352b67&prev_step_diff=895

162.55.246.161

301 Moved Permanently

13 kB

URL GET HTTP/1.1
imgsdn.com/ie?v=4&c=DvJmootidPTX6TVi7HVypvqMEQoGv58DeaLIASnEbh3tPBDgyqg0y4i0fBEAEnEfEYwvcN7dHt17UlM0IIQpA_XL9DPO-_7ExuDi4557lFm3zkpj7E8gKJ3WV643dhyWGlrSFwt9RPnZHtcZlDsmEXjAL98B8mzTiB8QOy1utCWi9J10ZbZ_5gbrI2o4VMj6PmaCtG5-_4HE8qUSrScOl1YSd5jrpEKWihWSe_GA0moDFuweIyw4ySoJyYOg0fdZpsUhTHrHyUhbCHcfeeWhocx23YL_ZdIsC7BOSA4Wf5wUG1vg8Cg74u7e_LsdM7wq-YdFiMsoRs6T8sxv9Lcuye3tp0u7-_KTL1NX3lUAfaOOuSX6Uj_CJKFeLMHetTVfBgFHyVHKgfnINO30XDoiZGVYZhZT_zP0BTeLWlZh4C2thKZyKIfGRUXj-BuGSQ==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=411bbb63-daf3-4860-a835-5dd264352b67&prev_step_diff=895
IP
162.55.246.161:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/d/baPG1JWqb1h
Certificate
IssuerLet's Encrypt
Subjectnimrute.com
Fingerprint62:14:81:C5:22:FF:BC:AE:08:65:E3:D0:0B:CF:4A:19:B3:2A:20:52
ValidityMon, 06 May 2024 11:20:27 GMT - Sun, 04 Aug 2024 11:20:26 GMT

File type

Size
13 kB (12875 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ie?v=4&c=DvJmootidPTX6TVi7HVypvqMEQoGv58DeaLIASnEbh3tPBDgyqg0y4i0fBEAEnEfEYwvcN7dHt17UlM0IIQpA_XL9DPO-_7ExuDi4557lFm3zkpj7E8gKJ3WV643dhyWGlrSFwt9RPnZHtcZlDsmEXjAL98B8mzTiB8QOy1utCWi9J10ZbZ_5gbrI2o4VMj6PmaCtG5-_4HE8qUSrScOl1YSd5jrpEKWihWSe_GA0moDFuweIyw4ySoJyYOg0fdZpsUhTHrHyUhbCHcfeeWhocx23YL_ZdIsC7BOSA4Wf5wUG1vg8Cg74u7e_LsdM7wq-YdFiMsoRs6T8sxv9Lcuye3tp0u7-_KTL1NX3lUAfaOOuSX6Uj_CJKFeLMHetTVfBgFHyVHKgfnINO30XDoiZGVYZhZT_zP0BTeLWlZh4C2thKZyKIfGRUXj-BuGSQ==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=411bbb63-daf3-4860-a835-5dd264352b67&prev_step_diff=895 HTTP/1.1
Host: imgsdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Fri, 10 May 2024 18:34:47 GMT
content-length: 0
location: https://img.vmmcdn.com/get/31532110/551815_icon.png
x-app-id: 11

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML