| r10.o.lencr.org/ |  23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashf63e8d9e64abf0e5b2784ca051160e84 d15d17504ed5c584ba42145060cf745fdb41c1d0 652ee033c72bc8eadcf29c25a5387bc303bf86e6c57f262c576117f659f15eab
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "652EE033C72BC8EADCF29C25A5387BC303BF86E6C57F262C576117F659F15EAB"
Last-Modified: Fri, 05 Jul 2024 13:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3982
Expires: Sat, 06 Jul 2024 16:21:31 GMT
Date: Sat, 06 Jul 2024 15:15:09 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashe9a839fbbf2a5bc4f1a01cd5fca04d5e ff4396bb2dcc9211b70f2e3266720172ee2ce085 3bb2a3698d452f1de2ff4f283a89fc427d9fe01c02ad968f215bee1834b1c1e3
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3BB2A3698D452F1DE2FF4F283A89FC427D9FE01C02AD968F215BEE1834B1C1E3"
Last-Modified: Thu, 04 Jul 2024 15:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5029
Expires: Sat, 06 Jul 2024 16:38:58 GMT
Date: Sat, 06 Jul 2024 15:15:09 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash508d0867e7982df7cfa6ad58e05ce470 6f4e15b94e527d02e8dd38f8b69b493cfae84c56 376a5286b71a4a7e90b3eece9b39480f50435d5ef3c7793828481f590d04bc77
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "376A5286B71A4A7E90B3EECE9B39480F50435D5EF3C7793828481F590D04BC77"
Last-Modified: Thu, 04 Jul 2024 23:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16104
Expires: Sat, 06 Jul 2024 19:43:33 GMT
Date: Sat, 06 Jul 2024 15:15:09 GMT
Connection: keep-alive
|
|
| r10.o.lencr.org/ | 23.36.77.32 | | 504 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash223ffc40cc96a2aa59687065c089ccfc 6bc7fa694691bdca752335ecf0f7268bf2c908d5 1a1d7236b0738f65d98e772f67be883f477ac175767f971800a6bb3997399811
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1A1D7236B0738F65D98E772F67BE883F477AC175767F971800A6BB3997399811"
Last-Modified: Thu, 04 Jul 2024 16:18:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4065
Expires: Sat, 06 Jul 2024 16:22:54 GMT
Date: Sat, 06 Jul 2024 15:15:09 GMT
Connection: keep-alive
|
|
| cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js |  104.17.24.14 | 200 OK | 28 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js IP104.17.24.14:443
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjectcdnjs.cloudflare.com Fingerprint3B:5B:7C:DD:19:E8:16:5A:09:22:D6:1E:03:84:8D:B9:A1:32:BF:8E ValiditySun, 02 Jun 2024 00:47:32 GMT - Sat, 31 Aug 2024 00:47:31 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hash220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 53736
expires: Thu, 26 Jun 2025 15:15:10 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CS2mi5rnTbN9Dl4lZfhYVahAOpjnedR%2B3UuWT6bguJ%2B8LYNSQSR8mVF6VDJacaJg3VWez50ifFN8xq0kN4sttP0%2FBKDbrRuCX6SauqZ%2B6xx3SniOq25Po5kdOI44BXJ39i1r%2F2Pu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 89f08c745eaf1bfe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| r10.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash051481ed562762e4f42190fd78e04eed e4694d7aac4a044522f20614dfb63347244438b5 be10a0f4e046a82d931b82e23a2d9225bb2599e20f0109c4c549682621040a2e
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BE10A0F4E046A82D931B82E23A2D9225BB2599E20F0109C4C549682621040A2E"
Last-Modified: Fri, 05 Jul 2024 16:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3043
Expires: Sat, 06 Jul 2024 16:05:53 GMT
Date: Sat, 06 Jul 2024 15:15:10 GMT
Connection: keep-alive
|
|
| o.pki.goog/wr2 |  142.250.74.131 | | 472 B |
IP142.250.74.131:0
Hashbf083de5c459c59301c482d371a48635 69a8b5a229e4e1049ddfae5c3ed1519eef56afab b390c0608e6b6892ce30f7037c5fffe34d6afbda78b97eeb2d18cee754f8953a
POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 06 Jul 2024 15:15:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| o.pki.goog/wr2 | 142.250.74.131 | | 472 B |
IP142.250.74.131:0
Hashf5107db6896e2b3bea184b658d9b6de0 75cbc65f1ab4e587155fe4e6db04bdcecab6b81d fb0891afa24117129cd317c3a6085d80642d8f019e77e52ae7f0f9ccc6b7430a
POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 06 Jul 2024 15:15:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| r10.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash051481ed562762e4f42190fd78e04eed e4694d7aac4a044522f20614dfb63347244438b5 be10a0f4e046a82d931b82e23a2d9225bb2599e20f0109c4c549682621040a2e
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BE10A0F4E046A82D931B82E23A2D9225BB2599E20F0109C4C549682621040A2E"
Last-Modified: Fri, 05 Jul 2024 16:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3043
Expires: Sat, 06 Jul 2024 16:05:53 GMT
Date: Sat, 06 Jul 2024 15:15:10 GMT
Connection: keep-alive
|
|
| www.googletagmanager.com/gtag/js?id=G-RRBBHD087X | 142.250.74.168 | 200 OK | 104 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=G-RRBBHD087X IP142.250.74.168:443
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerGoogle Trust Services Subject*.google-analytics.com FingerprintBA:5D:A9:7F:41:46:B0:37:01:9E:05:B0:92:BA:41:C9:31:5B:4B:4A ValidityThu, 13 Jun 2024 15:27:14 GMT - Thu, 05 Sep 2024 15:27:13 GMT
File typeJavaScript source, ASCII text, with very long lines (5945) Size104 kB (104267 bytes) Hash9b5fc97a152ce4216ec6cf2d82dc4893 8bb40996dbabe5996952af3ec5630e345ab42f4d ca288f0bf74aa1851553ff1a843d6870e1d2a8cd26b7264e5bb02be04a58a1eb
GET /gtag/js?id=G-RRBBHD087X HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 06 Jul 2024 15:15:10 GMT
expires: Sat, 06 Jul 2024 15:15:10 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 104267
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| o.pki.goog/wr2 | 142.250.74.131 | | 472 B |
IP142.250.74.131:0
Hashf5107db6896e2b3bea184b658d9b6de0 75cbc65f1ab4e587155fe4e6db04bdcecab6b81d fb0891afa24117129cd317c3a6085d80642d8f019e77e52ae7f0f9ccc6b7430a
POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 06 Jul 2024 15:15:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| o.pki.goog/wr2 | 142.250.74.131 | | 472 B |
IP142.250.74.131:0
Hashbf083de5c459c59301c482d371a48635 69a8b5a229e4e1049ddfae5c3ed1519eef56afab b390c0608e6b6892ce30f7037c5fffe34d6afbda78b97eeb2d18cee754f8953a
POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 06 Jul 2024 15:15:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| assets.poopcdn.com/fonts/avertastd-regular-webfont.woff2 |  188.114.96.1 | 200 OK | 24 kB |
URL GET HTTP/2assets.poopcdn.com/fonts/avertastd-regular-webfont.woff2 IP188.114.96.1:443
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5 ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 23812, version 1.524 Hasheb586e5a1b86dbf1c866e3ed80f9d18e 280ee78d19c017ab9335f769595e5157d3c4a343 714e70103deac0d67f52a6285c5fabee6088ce4d710ce7e74353503837038baf
GET /fonts/avertastd-regular-webfont.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: font/woff2
content-length: 23812
access-control-allow-origin: https://poophd.net
etag: "eb586e5a1b86dbf1c866e3ed80f9d18e"
last-modified: Thu, 14 Mar 2024 17:32:25 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2480
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ww8ySiJGqM%2BuDtfGxMHGAk187C9E6GhLIfwMRDczi2TfnO6NCvidTcf1wggMKNRV34zguUhzO060%2B91pE6T%2FSvPLHXwij46Pmhij7khSwAMreLjyH0SQvPTwTAruIbJcv1zfBMg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c765fdf568a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/fontawesome/webfonts/fa-duotone-900.woff2 | 188.114.96.1 | 200 OK | 184 kB |
URL GET HTTP/2assets.poopcdn.com/fontawesome/webfonts/fa-duotone-900.woff2 IP188.114.96.1:443
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5 ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 184476, version 330.-16253 Size184 kB (184476 bytes) Hash2a6dec1227f9970376f578270a642d06 150a6a7ffdec6e2e2ff4c712d7cee8bd9b930284 e228b909313044a18dec1a674cfd4935071c36eb3eb6a0cd38a45afac6ae3996
GET /fontawesome/webfonts/fa-duotone-900.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: font/woff2
content-length: 184476
access-control-allow-origin: https://poophd.net
etag: "2a6dec1227f9970376f578270a642d06"
last-modified: Thu, 14 Mar 2024 17:23:02 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2471
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JKCcsrLpiM0GmAAG2LF75O86h3s9RS8%2FJsEtrboYJU7IUR00Jdq5VbufkBhU9XuuwahMfif03%2FY8ERucfhE%2FP35ebblnfjQ4LS2PzH8VwFBuaf2m%2FyrnBaWheidxXm18yWoUBrY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c76580b568a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/fonts/avertastd-bold-webfont.woff2 | 188.114.96.1 | 200 OK | 24 kB |
URL GET HTTP/2assets.poopcdn.com/fonts/avertastd-bold-webfont.woff2 IP188.114.96.1:443
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5 ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 23604, version 1.0 Hashe9133fd11f14c09a2e4556c395a0ef7d 00fad09605f3342df5c9aeba130156fe19ade8b0 06244cc9cd0c998581b1bf93f5222deee7d2d0b09299190e163961afa973ba91
GET /fonts/avertastd-bold-webfont.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: font/woff2
content-length: 23604
access-control-allow-origin: https://poophd.net
etag: "e9133fd11f14c09a2e4556c395a0ef7d"
last-modified: Thu, 14 Mar 2024 17:32:22 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 5448
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZWR92c39ZQP1i6IIFcslYeDOjdasi%2BJNzRsScmuXgmUhdSBhedeRwmfbMnq29WZWo06gEYcKYAeVGotqMpI3Pj0meNiYecdAsxaSkT%2F51Or4Okqrs2frxCyBH%2BtxbRNdlyvqR9E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c76683e568a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| r10.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash6588e879411ba720f23dd73925aa4d18 a9ba4e9053e6a8b708a334bd7c1c4bb1e041944f bb7edddd9e3dd294a484cb3238bc0f491419c3027f0811c331beecce97d5334f
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BB7EDDDD9E3DD294A484CB3238BC0F491419C3027F0811C331BEECCE97D5334F"
Last-Modified: Fri, 05 Jul 2024 15:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14406
Expires: Sat, 06 Jul 2024 19:15:16 GMT
Date: Sat, 06 Jul 2024 15:15:10 GMT
Connection: keep-alive
|
|
| cdn.tsyndicate.com/sdk/v1/puengine.js | 45.133.44.70 | 200 OK | 90 kB |
URL GET HTTP/2cdn.tsyndicate.com/sdk/v1/puengine.js IP45.133.44.70:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjectcdn.tsyndicate.com FingerprintD1:BA:EE:F0:8D:8F:47:DF:CC:82:D6:69:8B:C5:E6:32:61:B2:10:52 ValiditySat, 08 Jun 2024 03:00:23 GMT - Fri, 06 Sep 2024 03:00:22 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators Hashdd5e3d608cc7831780050c847b3b249e ae5df44b84829faa0cbf2614c5b3c23d1901063b 9f8cc0fa666cd6911977e73e8ea15747da46c0e2fed880b774d974aeec94fa50
GET /sdk/v1/puengine.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: application/javascript; charset=utf-8
content-length: 89731
server: nginx
last-modified: Mon, 15 Jan 2024 13:51:12 GMT
etag: "65a53850-15e83"
x-robots-tag: noindex, nofollow
cache-control: max-age=172800
expires: Mon, 08 Jul 2024 15:15:10 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| tsyndicate.com/do2/215ed1a961e343b6862df3a11e2479f2/push?w=1280&h=1024&keywords=Pacarku%20Chindo%20Lagi%20Nyp0ngin%20-%20DoodStream%20-%20PoopHD%2CPu2RS4Wlfi2&tz=0&t=in_page_push |  148.251.152.17 | 200 OK | 3.8 kB |
URL GET HTTP/2tsyndicate.com/do2/215ed1a961e343b6862df3a11e2479f2/push?w=1280&h=1024&keywords=Pacarku%20Chindo%20Lagi%20Nyp0ngin%20-%20DoodStream%20-%20PoopHD%2CPu2RS4Wlfi2&tz=0&t=in_page_push IP148.251.152.17:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjecttsyndicate.com Fingerprint21:44:73:D5:80:22:FF:67:C5:62:ED:C0:AA:50:45:16:EB:B3:BC:00 ValidityWed, 12 Jun 2024 09:06:28 GMT - Tue, 10 Sep 2024 09:06:27 GMT
File typegzip compressed data, from Unix Hashd1c36c22501791477837dc77bbe373fc 41144812bafa1b71b1c4695ac65958b89962526e 1aecb517e9657f08418a3f557f4a4aeee1041a0ee34430bbe56052ec087a76ce
GET /do2/215ed1a961e343b6862df3a11e2479f2/push?w=1280&h=1024&keywords=Pacarku%20Chindo%20Lagi%20Nyp0ngin%20-%20DoodStream%20-%20PoopHD%2CPu2RS4Wlfi2&tz=0&t=in_page_push HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://poophd.net
access-control-allow-methods: POST, GET, HEAD
access-control-allow-headers: Accept, X-Requested-With, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Legacy
access-control-allow-credentials: true
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
x-request-id: e9971b31fbd093d2
set-cookie: ts_uid=2501deae-f5df-45e5-ae3c-913f185b7ed0; expires=Mon, 06 Jan 2025 15:15:10 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/apple-touch-icon.png | 188.114.96.1 | 200 OK | 2.8 kB |
URL GET HTTP/2assets.poopcdn.com/apple-touch-icon.png IP188.114.96.1:443
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5 ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT
File typePNG image data, 180 x 180, 8-bit colormap, non-interlaced Hashe4acc3f05da8195dfa02a437c8b2dba2 f23df2ed14e5d52417b155ccd11187f3250861dc 8b520e4032a17a3fb0410c6e4c7da29f182ca06861aa2d64db1969927e2db0d4
GET /apple-touch-icon.png HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: image/png
content-length: 2766
etag: "e4acc3f05da8195dfa02a437c8b2dba2"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3290
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a%2F2tmPcSWSP3tUUfTZ00IZ7joHF0brekQZSf4JxKrpr4zZqRBSPWf6n6jSpkMN9msqmiN4zN1Do9Zo8iLe0Nfj3Ais2YhelRt%2F6g8MKpbPLmqRYFzJRLWXeh438XGh5wLr%2BWm4c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c791d9c568a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/favicon-16x16.png | 188.114.96.1 | 200 OK | 612 B |
URL GET HTTP/2assets.poopcdn.com/favicon-16x16.png IP188.114.96.1:443
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5 ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hashac008ea155d4beee1e93247d7434c77d f8ea94e94e0cc310202a517a9c445c3d70af564e 283e092dad794fdd9212249389fb2acb6d6846f332413ab2af7bbcced9a4957e
GET /favicon-16x16.png HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: image/png
content-length: 612
etag: "ac008ea155d4beee1e93247d7434c77d"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1895
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YAyCwGWDtFbukcZ%2B5lGPzs8NFIAAQ6Umu6Ypx4nvf6h%2FQLnOyQoALXe2vxCQrl202IuGmVpSG%2B34%2FULAMCiw0q17Yuj1XG8LaBf3V0DcF7qtgvI4PDCgqbicAcAPd1iNTIWupRg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c791da0568a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 4c21b1a532.5165c0c080.com/89b2f6475e041baf58e3251c24271c79.js | 45.133.44.52 | 200 OK | 50 kB |
URL GET HTTP/24c21b1a532.5165c0c080.com/89b2f6475e041baf58e3251c24271c79.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subject4c21b1a532.5165c0c080.com Fingerprint3A:0C:73:71:75:8E:44:D7:0B:07:A3:B5:42:A7:AD:2A:6B:78:11:41 ValidityWed, 03 Jul 2024 02:20:38 GMT - Tue, 01 Oct 2024 02:20:37 GMT
File typegzip compressed data, from Unix Hash4d0930908f31311b1f326c3d515bf878 aec3f0c04adab18b04b981b7e26c62441aa9d0d2 666327ec279d56f8a667f995d5247c06ac8325af75224911c228d41600769cde
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /89b2f6475e041baf58e3251c24271c79.js HTTP/1.1
Host: 4c21b1a532.5165c0c080.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 05 Jul 2024 10:17:42 GMT
etag: W/"6687c846-2c1eb"
content-encoding: gzip
expires: Sat, 06 Jul 2024 15:20:11 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| yu2be.com/watch?V=CBx6e9cZlBQ | 188.114.97.1 | 200 OK | 20 kB |
URL POST HTTP/3yu2be.com/watch?V=CBx6e9cZlBQ IP188.114.97.1:443
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerGoogle Trust Services Subjectyu2be.com Fingerprint1F:55:1D:73:E9:96:2A:88:8C:9B:ED:61:EB:4C:C5:AF:4D:F9:61:FF ValidityWed, 12 Jun 2024 04:17:16 GMT - Tue, 10 Sep 2024 04:17:15 GMT
File typeJavaScript source, ASCII text, with very long lines (59459) Hash41f063b431cb3942a2ca3cced1989fb8 0ab688f92da0478c28a1f905fe6530712c61dce9 723b08672a5f8db3bdf693b954337f658a4685325dd48698f6afc2a6dfa7b7b2
POST /watch?V=CBx6e9cZlBQ HTTP/1.1
Host: yu2be.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
Origin: https://yu2be.com
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/embud/3269666c57345352327550
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qgdcsNo4nE89GOHbeytXtWzeQt%2FfRMZl2eC88mei1nlHBIH8swuL3WKKlaE2amTUYw8m0zwDFXIGKek017MCsNiA5VR40fLbKa3psjTVVXv5KM%2BsztRzxfOlVWA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c78cd650b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 06603bcbf0.fed18a1e5b.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTUxMTAyOTM3NTU4OTY3NTAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyNy4xIiwidGFnX2lkIjoxMTQwMzksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4zNCwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== | 45.133.44.53 | 200 OK | 0 B |
URL GET HTTP/206603bcbf0.fed18a1e5b.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTUxMTAyOTM3NTU4OTY3NTAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyNy4xIiwidGFnX2lkIjoxMTQwMzksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4zNCwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== IP45.133.44.53:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subject06603bcbf0.fed18a1e5b.com Fingerprint97:0C:CA:10:50:CE:C7:FF:A7:93:69:AA:B7:D8:B2:6D:64:12:E0:1C ValidityWed, 03 Jul 2024 02:50:29 GMT - Tue, 01 Oct 2024 02:50:28 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTUxMTAyOTM3NTU4OTY3NTAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyNy4xIiwidGFnX2lkIjoxMTQwMzksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4zNCwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== HTTP/1.1
Host: 06603bcbf0.fed18a1e5b.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| fp.metricswpsh.com/fp?tag_id=114039 | 157.90.84.242 | 500 Internal Server Error | 0 B |
URL POST HTTP/1.1fp.metricswpsh.com/fp?tag_id=114039 IP157.90.84.242:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net FingerprintB0:2E:67:C5:B5:DD:86:7B:38:1A:E1:A0:11:14:2B:5E:2C:89:0E:89 ValidityWed, 19 Jun 2024 08:25:31 GMT - Tue, 17 Sep 2024 08:25:30 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poophd.net/
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sat, 06 Jul 2024 15:15:11 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://poophd.net
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
|
|
| mordoops.com/tag.min.js |  139.45.197.244 | 200 OK | 28 kB |
IP139.45.197.244:443
Requested byhttps://yu2be.com/watch?V=CBx6e9cZlBQ CertificateIssuerLet's Encrypt Subjectmordoops.com Fingerprint0B:32:D8:40:AB:56:05:9B:BD:33:D8:55:19:05:B0:A5:45:79:BA:1D ValiditySun, 28 Apr 2024 05:23:29 GMT - Sat, 27 Jul 2024 05:23:28 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashe6a6b147c9d9dc850cf65b3b8c6085df 31c518abb6b83413bd85c88f4138fe448e08295a a9611afef7c520ccc19ee92990dfe1ebaa3249e2ca0deacc1a71a8b96dcb55c5
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /tag.min.js HTTP/1.1
Host: mordoops.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: text/javascript; charset=utf-8
content-length: 27926
content-encoding: br
x-trace-id: 6365f3d8d4a103738fd43925afe3dd95
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Sat, 06 Jul 2024 13:33:33 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| i.poopcdn.com/SdTaY.jpg | 188.114.97.1 | 200 OK | 5.5 kB |
IP188.114.97.1:443
Requested byhttps://metrolagu.cam/watch?v=ZyY71Ps5xRk CertificateIssuerLet's Encrypt Subjecti.poopcdn.com Fingerprint4E:E5:75:0D:39:B6:10:44:17:69:08:58:A5:08:63:8C:0D:31:AD:BF ValiditySun, 12 May 2024 07:44:33 GMT - Sat, 10 Aug 2024 07:44:32 GMT
File typeJPEG image data, JFIF standard 1.02, aspect ratio, density 2925x2921, segment length 16, comment: "Lavc58.134.100", baseline, precision 8, 184x312, components 3 Hashd8588319e132a403023563f57dbb259e 63738e5866285585f5743cdbc5f00aef6b877d67 29287457e518ebdb71ae1f804e5c3da017799b7ab28163b36cc3b28ad7fa1987
GET /SdTaY.jpg HTTP/1.1
Host: i.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: image/jpeg
content-length: 5458
etag: "d8588319e132a403023563f57dbb259e"
last-modified: Sun, 03 Mar 2024 05:23:48 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yc0xZgjZ6TwfyNRRxD5lfRqjE3d%2BcJ9msnwjLp4ShlyKoj8fxPJlqbNIbbS%2BkYFC3MrZ0Sp2RS1elef58BqrYc7bZDCvxV4qXjfwU%2FEf%2BGpQ0TZK3XakRtjICOwbPeO1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c74ac545699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fp.metricswpsh.com/fp?tag_id=114039 | 157.90.84.242 | 500 Internal Server Error | 36 B |
URL POST HTTP/1.1fp.metricswpsh.com/fp?tag_id=114039 IP157.90.84.242:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net FingerprintB0:2E:67:C5:B5:DD:86:7B:38:1A:E1:A0:11:14:2B:5E:2C:89:0E:89 ValidityWed, 19 Jun 2024 08:25:31 GMT - Tue, 17 Sep 2024 08:25:30 GMT
Hash0849660b654e3a313882a44c0e7dc08a b1493d6ce204eb99837d9b33849d1458093a6e6d 6e73b83ae8fcdaf81421a4236c9f817a9e4ea0fa931bf696f72872b266bd83e6
POST /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1881
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 500 Internal Server Error
Server: nginx/1.20.1
Date: Sat, 06 Jul 2024 15:15:11 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 36
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://poophd.net
Vary: Origin
|
|
| storage.multstorage.com/log/count.html | 104.21.30.242 | 200 OK | 893 B |
URL GET HTTP/2storage.multstorage.com/log/count.html IP104.21.30.242:443
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerGoogle Trust Services LLC Subjectmultstorage.com FingerprintB6:E2:20:C2:EC:58:8E:87:AA:F8:DF:48:A2:13:9F:8C:F3:D2:5F:1A ValidityWed, 15 May 2024 07:55:37 GMT - Tue, 13 Aug 2024 07:55:36 GMT
File typeHTML document, ASCII text, with very long lines (700) Hashb728ca9cd183d1b7c3f72116b19b22a3 c1fd73f6b02cf00b8bc60b09cc99495e8494b739 8a7b1ca4bbf273b32ea865d4785a1944d1b2b133678d9b5fe7ee0406f6fd64b2
GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: 3cd52a651f2de4cecf66885389e10dd0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VD3r5qB%2F7z6euTqk5aFwsLkmaZY7P%2BhcnXVe5BCkqctqqxYdBw8qoI1g62vi7c2uq6QZoJvRxDITwtjKaYe%2FrzSciprLwedx95S%2BB7pgYVSiGK4rxHcBxftP5n1lu2vvv%2F%2FytwNv%2FfmEsg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c7a9d6db50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| o.pki.goog/wr2 | 142.250.74.131 | | 471 B |
IP142.250.74.131:0
Hashd163da1bd9688b175d0aee240f77f102 e5b7180344015a86ba3cba2aa6496ca1d2d1af93 88402a0c7782abb9f0e010f5b32529b021edcbd1c80ed786ea660051bb2e39ff
POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 06 Jul 2024 15:15:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube | 209.85.233.84 | 302 Found | 0 B |
URL GET HTTP/2accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube IP209.85.233.84:443
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerGoogle Trust Services Subjectaccounts.google.com FingerprintC0:DC:0B:E4:CE:F0:67:45:F7:48:92:E3:BB:9E:40:3F:C1:59:FB:9B ValidityThu, 13 Jun 2024 16:36:13 GMT - Thu, 05 Sep 2024 16:36:12 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:SZemolyf3btQ1tokePhbqDNgy5JACw:iHmeeMuyO4vgNGa7; Expires=Mon, 06-Jul-2026 15:15:11 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 06 Jul 2024 15:15:11 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdF4I74lGcmhTNFNLx5mgqLfGCyplDGJj1pn3SDHeT9lLTY6VjzyFBkeEgo0bKHD91X2lI6PtLRH2A
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-_P9JDPITC1AwO5VHzzzBrg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| video.xxxjmp.com/push/eu4/1720278900/93397001.jpeg | 172.64.147.206 | 200 OK | 5.1 kB |
URL GET HTTP/2video.xxxjmp.com/push/eu4/1720278900/93397001.jpeg IP172.64.147.206:443
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjectvideo.xxxjmp.com FingerprintDA:15:7D:E3:CE:93:A1:7A:45:D7:68:C9:9E:FE:83:95:19:D3:D3:AA ValidityThu, 30 May 2024 05:31:32 GMT - Wed, 28 Aug 2024 05:31:31 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 192x192, Scaling: [none]x[none], YUV color, decoders should clamp Hashb8ab7604712171607c9f3ba9f39762f3 0e57bba3ceff6e224c10985ee4ff01d48bd31912 2532a68f6ce05e8892b526cb821140d36aa756fcb91633217aee60dca2f9832b
GET /push/eu4/1720278900/93397001.jpeg HTTP/1.1
Host: video.xxxjmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: image/webp
content-length: 5102
etag: W/"b06e75bd09bd69dda73b7b19762e585f"
last-modified: Sat, 06 Jul 2024 15:14:07 GMT
cache-control: public, max-age=14400
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 2
expires: Sat, 06 Jul 2024 19:15:11 GMT
accept-ranges: bytes
server: cloudflare
cf-ray: 89f08c7d9befb518-OSL
X-Firefox-Spdy: h2
|
|
| e6.o.lencr.org/ | 23.36.76.226 | | 346 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash4a04f0a9a790e70565ef48133b9c6fbb df13004b398464d58c02edf9462f327e2f5be672 c56169fa0628ee9af8cbc8bd10411cd4f20ed6423662a50ca5c5b3b7216769a6
POST / HTTP/1.1
Host: e6.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "C56169FA0628EE9AF8CBC8BD10411CD4F20ED6423662A50CA5C5B3B7216769A6"
Last-Modified: Fri, 05 Jul 2024 03:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18058
Expires: Sat, 06 Jul 2024 20:16:09 GMT
Date: Sat, 06 Jul 2024 15:15:11 GMT
Connection: keep-alive
|
|
| e6.o.lencr.org/ | 23.36.76.226 | | 346 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash4a04f0a9a790e70565ef48133b9c6fbb df13004b398464d58c02edf9462f327e2f5be672 c56169fa0628ee9af8cbc8bd10411cd4f20ed6423662a50ca5c5b3b7216769a6
POST / HTTP/1.1
Host: e6.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "C56169FA0628EE9AF8CBC8BD10411CD4F20ED6423662A50CA5C5B3B7216769A6"
Last-Modified: Fri, 05 Jul 2024 03:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18058
Expires: Sat, 06 Jul 2024 20:16:09 GMT
Date: Sat, 06 Jul 2024 15:15:11 GMT
Connection: keep-alive
|
|
| my.rtmark.net/gid.js?userId=008091aa77464558eb2b72c420460d2e | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=008091aa77464558eb2b72c420460d2e IP139.45.195.8:443
Requested byhttps://yu2be.com/watch?V=CBx6e9cZlBQ CertificateIssuerLet's Encrypt Subjectrtmark.net Fingerprint90:47:5A:A5:5F:5F:FA:E6:7C:6F:AB:D2:06:D1:D9:BD:F3:54:9E:6E ValiditySat, 11 May 2024 20:51:41 GMT - Fri, 09 Aug 2024 20:51:40 GMT
Hashae3ceb0d218e269405631cd2c7a03dc6 c416bd2484195a0da80af7d5a5c45645898755c9 c4ccc03e48a3600b8a2b376620dd21ae0474d61a9fd537ae7db4288c5abb26bf
GET /gid.js?userId=008091aa77464558eb2b72c420460d2e HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://yu2be.com
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://yu2be.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008091aa77464558eb2b72c420460d2e; expires=Sun, 06 Jul 2025 15:15:11 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| o.pki.goog/wr2 | 142.250.74.131 | | 472 B |
IP142.250.74.131:0
Hashcbd1b1ea41e6410bf07b2407b214a38c e314b8adfd9a18521b0aa3972e55c46036fcacd7 38093f674dab11928a1409ed6811480a498be0a9b07c4b7fb182ed1b8d381370
POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 06 Jul 2024 15:15:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| nereserv.com/in/dip?site=native-push&wl=1&event_id=bb7ae581-d7b4-497b-8421-6b1464711d6d&subid=357529620&sid=3339740602&spot_id=418774&created_at=2024-07-06&timezone=0&ver=7.308.0-b&is_native=1 | 157.90.84.246 | 200 OK | 0 B |
URL GET HTTP/2nereserv.com/in/dip?site=native-push&wl=1&event_id=bb7ae581-d7b4-497b-8421-6b1464711d6d&subid=357529620&sid=3339740602&spot_id=418774&created_at=2024-07-06&timezone=0&ver=7.308.0-b&is_native=1 IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net FingerprintB0:2E:67:C5:B5:DD:86:7B:38:1A:E1:A0:11:14:2B:5E:2C:89:0E:89 ValidityWed, 19 Jun 2024 08:25:31 GMT - Tue, 17 Sep 2024 08:25:30 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=bb7ae581-d7b4-497b-8421-6b1464711d6d&subid=357529620&sid=3339740602&spot_id=418774&created_at=2024-07-06&timezone=0&ver=7.308.0-b&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 06 Jul 2024 15:15:11 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| i.poopcdn.com/SdTaY.jpg | 188.114.97.1 | 200 OK | 5.5 kB |
IP188.114.97.1:443
Requested byhttps://metrolagu.cam/watch?v=ZyY71Ps5xRk CertificateIssuerLet's Encrypt Subjecti.poopcdn.com Fingerprint4E:E5:75:0D:39:B6:10:44:17:69:08:58:A5:08:63:8C:0D:31:AD:BF ValiditySun, 12 May 2024 07:44:33 GMT - Sat, 10 Aug 2024 07:44:32 GMT
File typeJPEG image data, JFIF standard 1.02, aspect ratio, density 2925x2921, segment length 16, comment: "Lavc58.134.100", baseline, precision 8, 184x312, components 3 Hashd8588319e132a403023563f57dbb259e 63738e5866285585f5743cdbc5f00aef6b877d67 29287457e518ebdb71ae1f804e5c3da017799b7ab28163b36cc3b28ad7fa1987
GET /SdTaY.jpg HTTP/1.1
Host: i.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: image/jpeg
content-length: 5458
etag: "d8588319e132a403023563f57dbb259e"
last-modified: Sun, 03 Mar 2024 05:23:48 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9eoodM6hLYX6UClASrTKMS0Fz5mt6Kkc5bi3xZhJRstLJMTb%2Fjhn5dqyjV2IdiBCnDKPM8N1Rq3KmuDDiNnbcDGvD6Wrln4wKLRRuTouXuyv3UikC5lu51H5%2BE4edWOn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c7e293d5699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 430707a567.97c5ccfba2.com/in/multy | 167.235.163.216 | 200 OK | 0 B |
URL POST HTTP/2430707a567.97c5ccfba2.com/in/multy IP167.235.163.216:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subject97c5ccfba2.com Fingerprint3E:23:77:ED:85:2C:E5:00:E1:25:8E:81:A3:9D:E5:79:DD:D1:AA:B2 ValidityTue, 02 Jul 2024 14:03:36 GMT - Mon, 30 Sep 2024 14:03:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /in/multy HTTP/1.1
Host: 430707a567.97c5ccfba2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poophd.net/
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx/1.20.1
date: Sat, 06 Jul 2024 15:15:11 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| r10.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash303da1c70c0cb3928155e377f7000bce 1c01f256a9f3d4afe581583c67ec0f44b420026d 475e9266a8cb508cba8b6cd601c2af316fa90c028333c4660f68498fc6e18078
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "475E9266A8CB508CBA8B6CD601C2AF316FA90C028333C4660F68498FC6E18078"
Last-Modified: Sat, 06 Jul 2024 05:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11946
Expires: Sat, 06 Jul 2024 18:34:17 GMT
Date: Sat, 06 Jul 2024 15:15:11 GMT
Connection: keep-alive
|
|
| cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js | 104.17.24.14 | 200 OK | 28 kB |
URL GET HTTP/3cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js IP104.17.24.14:443
Requested byhttps://metrolagu.cam/watch?v=ZyY71Ps5xRk CertificateIssuerLet's Encrypt Subjectcdnjs.cloudflare.com Fingerprint3B:5B:7C:DD:19:E8:16:5A:09:22:D6:1E:03:84:8D:B9:A1:32:BF:8E ValiditySun, 02 Jun 2024 00:47:32 GMT - Sat, 31 Aug 2024 00:47:31 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hashdc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 47969
expires: Thu, 26 Jun 2025 15:15:11 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L0U11ni2szmKVqpI4Jp0cPf7wATCSMtXfNCpCF88Oj3CyNrO5SgZdUmscRTS0ljNF%2FEpVaOErZNt3ot3Om7bfZh1iPAu5H8cNezfEMMbsIJSNHUoVj4CVoFw%2Fq4o%2BLybqmNnHRtu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 89f08c7e6fe2569c-OSL
alt-svc: h3=":443"; ma=86400
|
|
| kamassmyalia.com/rkY9qNIaf1iY/64343 | 23.109.170.20 | 200 OK | 20 B |
URL GET HTTP/1.1kamassmyalia.com/rkY9qNIaf1iY/64343 IP23.109.170.20:443
Requested byhttps://metrolagu.cam/watch?v=ZyY71Ps5xRk CertificateIssuerLet's Encrypt Subjectkamassmyalia.com Fingerprint81:90:90:7B:5A:2D:2C:4A:E1:55:D1:91:82:05:5D:61:2B:7E:A2:13 ValidityThu, 13 Jun 2024 16:03:49 GMT - Wed, 11 Sep 2024 16:03:48 GMT
File typegzip compressed data, from Unix Hash7029066c27ac6f5ef18d660d5741979a 46c6643f07aa7f6bfe7118de926b86defc5087c4 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /rkY9qNIaf1iY/64343 HTTP/1.1
Host: kamassmyalia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 06 Jul 2024 15:15:11 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://metrolagu.cam
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sun, 07-Jul-2024 15:15:11 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sun, 07-Jul-2024 15:15:11 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| r10.o.lencr.org/ | 23.36.76.226 | | 504 B |
IP23.36.76.226:0 ASN#20940 Akamai International B.V.
Hash861cce1bf441610f1dfbb14264d55122 1596b2c44fcdb5f7a49c73da766e4ab48b6bd064 f67d59f3fddbcaf61f9f1aa87eca02a320f59402bb412687a4db4d8aa81867d2
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F67D59F3FDDBCAF61F9F1AA87ECA02A320F59402BB412687A4DB4D8AA81867D2"
Last-Modified: Fri, 05 Jul 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11777
Expires: Sat, 06 Jul 2024 18:31:28 GMT
Date: Sat, 06 Jul 2024 15:15:11 GMT
Connection: keep-alive
|
|
| pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XUwGEjx8YZY1qQiWFjRgsaNmDkaBHGBg0aJ3GEEWNGTBgZHseMEfEwTJ2dOkTcsDHmBg4cNWDSyDHjxkkZMWC0wFGm6cmSRWOMEYNjjAwaPCGSsUMRx1IcD-HUEbMwRw4YN3L0hANn4UcYFUXMgTNRB42kZnPQeDimTV0dSePeGCzWDEUYjMW4cbNwBg28JNGKaOMGI8MZMmTASMvZc4y3M2w8rBMjIxo6dODM0fHixZk3LvDoVmPYxZg3bV6EgZPmRZs3B9nMeUFnzg86YeScKUOHCPAwadz0mENHTho4Y9CEoeMbOJc6MGDIsFFnDsIkZHqUIUOj6sscomWEeRnGTBgcMczQEFxh5DCSflrlYIMMoMXAEQxl0ECTTvqFEYMYM8xg4VE53CBGSmWcl956bZTRhhjvxUdHDmbMEQcOSMjABBExrAEDHGSwtMYSUSzxhhhZTGFEDHbc0MYTS8yxBBWyvWGFDWekcYQNc4TBRg0tzJCEHRouIQMbVRhhxxtNMIFFHTX9xgQcaxQhgxpOlIHGG2FIQQYSVcAgBQ5rQNHGGTLg8QQba8wxRBJP0PAEEi1oMYUWY-DRQhFsZGEFHVpQYcYYX5xRRRJESFFFGiKqZwMcMfTwFw2B0VDqenO8UYccY5QBXw-JdegqeqbCIUMPlmFmAw6v2gDdGT20EKUcypUggxHZkZFGGJSRRtFDb8DRxrUikAFcRnC8kS0aZLjgBnVhjTHeQlsE2MVDNC0Egwt4PSSHHYfNMJoIddSRRkYy1IDXQWGU0YIZNZBhxkk1lIFlwSC1kEOAZjhYgxg3zAdDWN9lNLELb7lAgwwuNASWvV90HNTHIY9cclJh1RFGRk28oUcabLARxgs10AsCCljEEMMOIDCRXR14gIAHR1-4RPS9OihIbwogHFHGGGu88YJoUeGFFwjQylGGGW_g8YLUGxMGlAhOPBHWG3J8oVNGbYfFxtpFOBHWQXZ8ITYbFNVwg1Gp4ZCevWdQpkPAONzwEN9fiCHHQkc9Xkbfx5GxkAwc5UWGHG9Uhq1Ci6cFOh552GXv2K7BJhttL4Q7brnn0vFCWHdkFAPnaQ-ku3on63VvRqBDRwfcLdThRhp0tLCeC2SMsfvbcwyvQ4Y3gCaa4YxFn9FBX0Q_vUXbMnRDfkZNvC8dbchA0fnqpR_VDTCoJpbfZez1xbrmo4-D-g-53P7YgJDmsMsy74KIGPrSrbH5hA0TScvd5EUYz8CgDwoICA%3D%3D&r=1&s=15d7d96739ac288ef8ec53a19ae8f64deeb80610b530006e09a2789d4e65d4bd1720278910&w=t | 136.243.134.97 | 200 OK | 43 B |
URL GET HTTP/2pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XUwGEjx8YZY1qQiWFjRgsaNmDkaBHGBg0aJ3GEEWNGTBgZHseMEfEwTJ2dOkTcsDHmBg4cNWDSyDHjxkkZMWC0wFGm6cmSRWOMEYNjjAwaPCGSsUMRx1IcD-HUEbMwRw4YN3L0hANn4UcYFUXMgTNRB42kZnPQeDimTV0dSePeGCzWDEUYjMW4cbNwBg28JNGKaOMGI8MZMmTASMvZc4y3M2w8rBMjIxo6dODM0fHixZk3LvDoVmPYxZg3bV6EgZPmRZs3B9nMeUFnzg86YeScKUOHCPAwadz0mENHTho4Y9CEoeMbOJc6MGDIsFFnDsIkZHqUIUOj6sscomWEeRnGTBgcMczQEFxh5DCSflrlYIMMoMXAEQxl0ECTTvqFEYMYM8xg4VE53CBGSmWcl956bZTRhhjvxUdHDmbMEQcOSMjABBExrAEDHGSwtMYSUSzxhhhZTGFEDHbc0MYTS8yxBBWyvWGFDWekcYQNc4TBRg0tzJCEHRouIQMbVRhhxxtNMIFFHTX9xgQcaxQhgxpOlIHGG2FIQQYSVcAgBQ5rQNHGGTLg8QQba8wxRBJP0PAEEi1oMYUWY-DRQhFsZGEFHVpQYcYYX5xRRRJESFFFGiKqZwMcMfTwFw2B0VDqenO8UYccY5QBXw-JdegqeqbCIUMPlmFmAw6v2gDdGT20EKUcypUggxHZkZFGGJSRRtFDb8DRxrUikAFcRnC8kS0aZLjgBnVhjTHeQlsE2MVDNC0Egwt4PSSHHYfNMJoIddSRRkYy1IDXQWGU0YIZNZBhxkk1lIFlwSC1kEOAZjhYgxg3zAdDWN9lNLELb7lAgwwuNASWvV90HNTHIY9cclJh1RFGRk28oUcabLARxgs10AsCCljEEMMOIDCRXR14gIAHR1-4RPS9OihIbwogHFHGGGu88YJoUeGFFwjQylGGGW_g8YLUGxMGlAhOPBHWG3J8oVNGbYfFxtpFOBHWQXZ8ITYbFNVwg1Gp4ZCevWdQpkPAONzwEN9fiCHHQkc9Xkbfx5GxkAwc5UWGHG9Uhq1Ci6cFOh552GXv2K7BJhttL4Q7brnn0vFCWHdkFAPnaQ-ku3on63VvRqBDRwfcLdThRhp0tLCeC2SMsfvbcwyvQ4Y3gCaa4YxFn9FBX0Q_vUXbMnRDfkZNvC8dbchA0fnqpR_VDTCoJpbfZez1xbrmo4-D-g-53P7YgJDmsMsy74KIGPrSrbH5hA0TScvd5EUYz8CgDwoICA%3D%3D&r=1&s=15d7d96739ac288ef8ec53a19ae8f64deeb80610b530006e09a2789d4e65d4bd1720278910&w=t IP136.243.134.97:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjecttsyndicate.com Fingerprint21:44:73:D5:80:22:FF:67:C5:62:ED:C0:AA:50:45:16:EB:B3:BC:00 ValidityWed, 12 Jun 2024 09:06:28 GMT - Tue, 10 Sep 2024 09:06:27 GMT
File typeGIF image data, version 89a, 1 x 1 Hashba036c43037cfe89320d1ef7b64cd43f 88c72d3e26047eb1e45e5564a76427734f120efe 42cb846e07917f6731406e500f24aeb2e88c42cda124eaa59e08c5331cad8bcb
GET /api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XUwGEjx8YZY1qQiWFjRgsaNmDkaBHGBg0aJ3GEEWNGTBgZHseMEfEwTJ2dOkTcsDHmBg4cNWDSyDHjxkkZMWC0wFGm6cmSRWOMEYNjjAwaPCGSsUMRx1IcD-HUEbMwRw4YN3L0hANn4UcYFUXMgTNRB42kZnPQeDimTV0dSePeGCzWDEUYjMW4cbNwBg28JNGKaOMGI8MZMmTASMvZc4y3M2w8rBMjIxo6dODM0fHixZk3LvDoVmPYxZg3bV6EgZPmRZs3B9nMeUFnzg86YeScKUOHCPAwadz0mENHTho4Y9CEoeMbOJc6MGDIsFFnDsIkZHqUIUOj6sscomWEeRnGTBgcMczQEFxh5DCSflrlYIMMoMXAEQxl0ECTTvqFEYMYM8xg4VE53CBGSmWcl956bZTRhhjvxUdHDmbMEQcOSMjABBExrAEDHGSwtMYSUSzxhhhZTGFEDHbc0MYTS8yxBBWyvWGFDWekcYQNc4TBRg0tzJCEHRouIQMbVRhhxxtNMIFFHTX9xgQcaxQhgxpOlIHGG2FIQQYSVcAgBQ5rQNHGGTLg8QQba8wxRBJP0PAEEi1oMYUWY-DRQhFsZGEFHVpQYcYYX5xRRRJESFFFGiKqZwMcMfTwFw2B0VDqenO8UYccY5QBXw-JdegqeqbCIUMPlmFmAw6v2gDdGT20EKUcypUggxHZkZFGGJSRRtFDb8DRxrUikAFcRnC8kS0aZLjgBnVhjTHeQlsE2MVDNC0Egwt4PSSHHYfNMJoIddSRRkYy1IDXQWGU0YIZNZBhxkk1lIFlwSC1kEOAZjhYgxg3zAdDWN9lNLELb7lAgwwuNASWvV90HNTHIY9cclJh1RFGRk28oUcabLARxgs10AsCCljEEMMOIDCRXR14gIAHR1-4RPS9OihIbwogHFHGGGu88YJoUeGFFwjQylGGGW_g8YLUGxMGlAhOPBHWG3J8oVNGbYfFxtpFOBHWQXZ8ITYbFNVwg1Gp4ZCevWdQpkPAONzwEN9fiCHHQkc9Xkbfx5GxkAwc5UWGHG9Uhq1Ci6cFOh552GXv2K7BJhttL4Q7brnn0vFCWHdkFAPnaQ-ku3on63VvRqBDRwfcLdThRhp0tLCeC2SMsfvbcwyvQ4Y3gCaa4YxFn9FBX0Q_vUXbMnRDfkZNvC8dbchA0fnqpR_VDTCoJpbfZez1xbrmo4-D-g-53P7YgJDmsMsy74KIGPrSrbH5hA0TScvd5EUYz8CgDwoICA%3D%3D&r=1&s=15d7d96739ac288ef8ec53a19ae8f64deeb80610b530006e09a2789d4e65d4bd1720278910&w=t HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: image/gif
content-length: 43
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2
|
|
| metrolagu.cam/embed.css | 188.114.96.1 | 200 OK | 11 kB |
IP188.114.96.1:443
Requested byhttps://metrolagu.cam/watch?v=ZyY71Ps5xRk CertificateIssuerGoogle Trust Services Subjectmetrolagu.cam Fingerprint54:95:F3:00:3B:6A:05:40:B7:A3:46:47:DD:70:74:4A:10:23:F2:F1 ValidityWed, 12 Jun 2024 08:19:24 GMT - Tue, 10 Sep 2024 08:19:23 GMT
Hash1ac57b2fc858076467716fbad9268b05 94b3c1ff894b4cb316dfe90962b64db541bb3c46 6291ad32f03939ee9eb7cf8d62641115d0962e49b4869358c1ddee6271d9f0bf
GET /embed.css HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/watch?v=ZyY71Ps5xRk
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: text/css
last-modified: Thu, 28 Sep 2023 15:07:59 GMT
etag: W/"651596cf-446"
expires: Sat, 06 Jul 2024 20:51:41 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 23010
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oFxwF39To7JDbWofA4EibwJv%2Bb%2BtXICuEFto1YqK9om1F%2BFrZy%2B%2By6pPPZmgP1VqFu2%2BN8ciRAMQNAoRVH%2BNIJni5LwjtPO2nxhBuPllIjx5YF%2FBoze8Mf0iekY8sLUI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89f08c7e2f00568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdF4I74lGcmhTNFNLx5mgqLfGCyplDGJj1pn3SDHeT9lLTY6VjzyFBkeEgo0bKHD91X2lI6PtLRH2A | 209.85.233.84 | 302 Found | 420 B |
URL GET HTTP/3accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdF4I74lGcmhTNFNLx5mgqLfGCyplDGJj1pn3SDHeT9lLTY6VjzyFBkeEgo0bKHD91X2lI6PtLRH2A IP209.85.233.84:443
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerGoogle Trust Services Subject*.google.com Fingerprint5E:16:23:DF:7D:42:8E:61:6E:AA:4A:CC:FB:08:1A:B9:8F:FA:E0:A2 ValidityThu, 13 Jun 2024 15:27:14 GMT - Thu, 05 Sep 2024 15:27:13 GMT
File typeHTML document, ASCII text, with very long lines (390) Hash996890b1833a08e648fa6d0e51270320 83371acc314ddc35dadcf7b4e2cd141f57004ddf 05f8e06a170f5fc5b19b63b5b7cff19f79237179ec1cc40ca11069ebbef51293
GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdF4I74lGcmhTNFNLx5mgqLfGCyplDGJj1pn3SDHeT9lLTY6VjzyFBkeEgo0bKHD91X2lI6PtLRH2A HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:C2eTgS__raxXLJhCRsvpSmK-wQJlxA:AfXWaCrTPTTJNYvJ;Path=/;Expires=Mon, 06-Jul-2026 15:15:12 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 06 Jul 2024 15:15:12 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AdF4I77m5vhYi5_wFWQg-SyC9aBG0EdVyJPlDuWPv2zwSxzrpRcj9yECYIVq5CLsjGsPhcWDBgfb&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-955983947%3A1720278912035613&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-Lb9uRagWxbQQwzZ2A8lhSg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 420
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 430707a567.97c5ccfba2.com/in/multy | 167.235.163.216 | 200 OK | 7.8 kB |
URL POST HTTP/2430707a567.97c5ccfba2.com/in/multy IP167.235.163.216:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subject97c5ccfba2.com Fingerprint3E:23:77:ED:85:2C:E5:00:E1:25:8E:81:A3:9D:E5:79:DD:D1:AA:B2 ValidityTue, 02 Jul 2024 14:03:36 GMT - Mon, 30 Sep 2024 14:03:35 GMT
Hasha89eadedd4181de92f8948f0e73d2141 b14332843cd2111167f8399988da01016df733af b86613c2e06f0d96ecf3c772597d440ca1b9e4c1a4a0a5204e52db0cd896b4df
POST /in/multy HTTP/1.1
Host: 430707a567.97c5ccfba2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1714
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 06 Jul 2024 15:15:12 GMT
content-type: application/json
content-length: 7826
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 430707a567.97c5ccfba2.com/in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoophd.net%2Fd%2FPu2RS4Wlfi2&refdom=poophd.net&auction_time=1720278911&subid=357529620&sid=3339740602&tcid=0&ver=7.308.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-07-06&iabcat=IAB25-3&keywords=&user_fp=13148888709382828322&score=81.20611507563908&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoophd.net%252Fd%252FPu2RS4Wlfi2%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=popunderAd&crid=724890_99117506&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fs.optnx.com%2Fcimp.php%3Fdata%3DTVRjeU1ESTNPRGt4TVh4ak9HSTVObUUwTm1NNFlqVmxOelU1TlRjNE5tSTRaV000TmpsbU1UaGtaZy0tfGh0dHBzOi8vY2hlcnJ5dHYubWVkaWEvekRkS2k4ZkpFZlpFRlM3R0FlWEpXS0JHYjQ1TVFIVzJaczU0Slg5TkFlYVJqb2I1UlB2S0FSVVR3MlNVSXByRWZiN2xzUWctVz9jcC5wdWJfYXQ9UG9wdW5kZXJzJmNwLnB1Yl9jaWQ9NjYyNjE5OCZjcC5wdWJfemlkPTUzNDM2OTQmY3AucHViX2RvbT1teWJpZC5pbyZjcC5wdWJfY2F0PTUwOCZjcC5wdWJfdHQ9UG9wdW5kZXJzJmNwLnB1Yl9jbGlja2lkPW9wZGROSGRMSFRQSE5WUzRBU09xb3BvcnVwZGRkTk5aVkxXNmVXMnFlMXpxcGJYVXpPb2ROVTZWMHJwWFQxVVUwdW9tcG9ucG5kUk5UUlBUUzZWMHpwWFN1bGRLNlowcnBYVE9vb291c3BscmxuZHJ0dFBkWGRMVHRSWE5yVHhkclJMVlhYdnJiVExaWExTNnFpbWEyeXlsd2doRjF0R0Rjem5PbGRLNlYwcnBYU3VsZEs2VjAxazhzOWx0MDB6bk9sZEs2VjBycFhTdWxkSzZWMHJxS2RaNnBzNVo1WlpwcWFKNkpxYkxPS3JOTmJNOXRwYW5COWctJmNwLm9wPTAuMDAwNXxodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfG15YmlkLmlvfDcyNDg5MHw1OTk5MTh8MTAxMTYzNnw1MzQzNjk0fDUwOHw2NjI2MTk4fDk5MTE3NTA2fDE1fDN8MHwwfDI1MzQ0fDUzNDE4Nzc0fDUwfDgwfFVTRHxVU0R8MXwxfDIyfHwxfE5PUnw5MS45MC40Mi4xNTR8MTZ8OHwxfHwzMzM5NzQwNjAyfGNkZDI5NjkwNGQzNjFjNGY5YzMwNTY2ZWM4NDA3NjA0fDF8MHxwb29waGQubmV0fDB8MTA0MTM0fDIwODUyOHwwLjAxfDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTQzMjQyfDB8MHwzMTQzMjQ0fHx8MXw3MjB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfHwyNHw3fDB8MXwwfHx8MHwwfDB8MHwwfDB8MHwwfDB8MHwwfE9LfDE3MTZkMjU5MTc5MTNlNDNlMmQ4NjQ2Mjc2YTc5YWJk&icons=YBdNkB1p-_h7-YLEwI5LY1-5dAMycQxKAqAlLoeHUyBGkYA9mM9PhOB9AtLWL94Zyj21mjR3wYJhOdLe4xRg0eynMRuqWF75JDwfDry0IY_u9sfshNMCdyHcT0-2hcxmzpB-P8AdcrKOYsRqF4hpvob3ECRWHF9GMQQjl8zs9ve_lBJN1Q&ext_cid=6626198&px_id=53418774&min_cpm=0.0035416194809475728&out_id=1&campaign_type=lq-pop&aid=120&cid=18642&uniq=&mid=2480256251164691699&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.003731045508317327&cpm=0&verify_hash=11b92efafd2272107737300dbea4f4ca&is_native=2&real_bid=0.00033368000984192&original_bid_usd=0.0004&original_bid=0.0004&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,89,20,27,108,0&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=1720365311&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.0004&hostname=auc-inpage-hz-6-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000040000000000000003&ext_campaign_id_str=6626198&is_webview=0&client_price=0&direct_client_price=0&priority=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=6e1796f3-bec8-41ab-9bdc-de7c94a74e14&prev_step_diff=921 | 167.235.163.216 | 200 OK | 0 B |
URL GET HTTP/2430707a567.97c5ccfba2.com/in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoophd.net%2Fd%2FPu2RS4Wlfi2&refdom=poophd.net&auction_time=1720278911&subid=357529620&sid=3339740602&tcid=0&ver=7.308.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-07-06&iabcat=IAB25-3&keywords=&user_fp=13148888709382828322&score=81.20611507563908&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoophd.net%252Fd%252FPu2RS4Wlfi2%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=popunderAd&crid=724890_99117506&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fs.optnx.com%2Fcimp.php%3Fdata%3DTVRjeU1ESTNPRGt4TVh4ak9HSTVObUUwTm1NNFlqVmxOelU1TlRjNE5tSTRaV000TmpsbU1UaGtaZy0tfGh0dHBzOi8vY2hlcnJ5dHYubWVkaWEvekRkS2k4ZkpFZlpFRlM3R0FlWEpXS0JHYjQ1TVFIVzJaczU0Slg5TkFlYVJqb2I1UlB2S0FSVVR3MlNVSXByRWZiN2xzUWctVz9jcC5wdWJfYXQ9UG9wdW5kZXJzJmNwLnB1Yl9jaWQ9NjYyNjE5OCZjcC5wdWJfemlkPTUzNDM2OTQmY3AucHViX2RvbT1teWJpZC5pbyZjcC5wdWJfY2F0PTUwOCZjcC5wdWJfdHQ9UG9wdW5kZXJzJmNwLnB1Yl9jbGlja2lkPW9wZGROSGRMSFRQSE5WUzRBU09xb3BvcnVwZGRkTk5aVkxXNmVXMnFlMXpxcGJYVXpPb2ROVTZWMHJwWFQxVVUwdW9tcG9ucG5kUk5UUlBUUzZWMHpwWFN1bGRLNlowcnBYVE9vb291c3BscmxuZHJ0dFBkWGRMVHRSWE5yVHhkclJMVlhYdnJiVExaWExTNnFpbWEyeXlsd2doRjF0R0Rjem5PbGRLNlYwcnBYU3VsZEs2VjAxazhzOWx0MDB6bk9sZEs2VjBycFhTdWxkSzZWMHJxS2RaNnBzNVo1WlpwcWFKNkpxYkxPS3JOTmJNOXRwYW5COWctJmNwLm9wPTAuMDAwNXxodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfG15YmlkLmlvfDcyNDg5MHw1OTk5MTh8MTAxMTYzNnw1MzQzNjk0fDUwOHw2NjI2MTk4fDk5MTE3NTA2fDE1fDN8MHwwfDI1MzQ0fDUzNDE4Nzc0fDUwfDgwfFVTRHxVU0R8MXwxfDIyfHwxfE5PUnw5MS45MC40Mi4xNTR8MTZ8OHwxfHwzMzM5NzQwNjAyfGNkZDI5NjkwNGQzNjFjNGY5YzMwNTY2ZWM4NDA3NjA0fDF8MHxwb29waGQubmV0fDB8MTA0MTM0fDIwODUyOHwwLjAxfDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTQzMjQyfDB8MHwzMTQzMjQ0fHx8MXw3MjB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfHwyNHw3fDB8MXwwfHx8MHwwfDB8MHwwfDB8MHwwfDB8MHwwfE9LfDE3MTZkMjU5MTc5MTNlNDNlMmQ4NjQ2Mjc2YTc5YWJk&icons=YBdNkB1p-_h7-YLEwI5LY1-5dAMycQxKAqAlLoeHUyBGkYA9mM9PhOB9AtLWL94Zyj21mjR3wYJhOdLe4xRg0eynMRuqWF75JDwfDry0IY_u9sfshNMCdyHcT0-2hcxmzpB-P8AdcrKOYsRqF4hpvob3ECRWHF9GMQQjl8zs9ve_lBJN1Q&ext_cid=6626198&px_id=53418774&min_cpm=0.0035416194809475728&out_id=1&campaign_type=lq-pop&aid=120&cid=18642&uniq=&mid=2480256251164691699&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.003731045508317327&cpm=0&verify_hash=11b92efafd2272107737300dbea4f4ca&is_native=2&real_bid=0.00033368000984192&original_bid_usd=0.0004&original_bid=0.0004&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,89,20,27,108,0&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=1720365311&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.0004&hostname=auc-inpage-hz-6-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000040000000000000003&ext_campaign_id_str=6626198&is_webview=0&client_price=0&direct_client_price=0&priority=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=6e1796f3-bec8-41ab-9bdc-de7c94a74e14&prev_step_diff=921 IP167.235.163.216:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subject97c5ccfba2.com Fingerprint3E:23:77:ED:85:2C:E5:00:E1:25:8E:81:A3:9D:E5:79:DD:D1:AA:B2 ValidityTue, 02 Jul 2024 14:03:36 GMT - Mon, 30 Sep 2024 14:03:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoophd.net%2Fd%2FPu2RS4Wlfi2&refdom=poophd.net&auction_time=1720278911&subid=357529620&sid=3339740602&tcid=0&ver=7.308.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-07-06&iabcat=IAB25-3&keywords=&user_fp=13148888709382828322&score=81.20611507563908&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoophd.net%252Fd%252FPu2RS4Wlfi2%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=popunderAd&crid=724890_99117506&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fs.optnx.com%2Fcimp.php%3Fdata%3DTVRjeU1ESTNPRGt4TVh4ak9HSTVObUUwTm1NNFlqVmxOelU1TlRjNE5tSTRaV000TmpsbU1UaGtaZy0tfGh0dHBzOi8vY2hlcnJ5dHYubWVkaWEvekRkS2k4ZkpFZlpFRlM3R0FlWEpXS0JHYjQ1TVFIVzJaczU0Slg5TkFlYVJqb2I1UlB2S0FSVVR3MlNVSXByRWZiN2xzUWctVz9jcC5wdWJfYXQ9UG9wdW5kZXJzJmNwLnB1Yl9jaWQ9NjYyNjE5OCZjcC5wdWJfemlkPTUzNDM2OTQmY3AucHViX2RvbT1teWJpZC5pbyZjcC5wdWJfY2F0PTUwOCZjcC5wdWJfdHQ9UG9wdW5kZXJzJmNwLnB1Yl9jbGlja2lkPW9wZGROSGRMSFRQSE5WUzRBU09xb3BvcnVwZGRkTk5aVkxXNmVXMnFlMXpxcGJYVXpPb2ROVTZWMHJwWFQxVVUwdW9tcG9ucG5kUk5UUlBUUzZWMHpwWFN1bGRLNlowcnBYVE9vb291c3BscmxuZHJ0dFBkWGRMVHRSWE5yVHhkclJMVlhYdnJiVExaWExTNnFpbWEyeXlsd2doRjF0R0Rjem5PbGRLNlYwcnBYU3VsZEs2VjAxazhzOWx0MDB6bk9sZEs2VjBycFhTdWxkSzZWMHJxS2RaNnBzNVo1WlpwcWFKNkpxYkxPS3JOTmJNOXRwYW5COWctJmNwLm9wPTAuMDAwNXxodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfG15YmlkLmlvfDcyNDg5MHw1OTk5MTh8MTAxMTYzNnw1MzQzNjk0fDUwOHw2NjI2MTk4fDk5MTE3NTA2fDE1fDN8MHwwfDI1MzQ0fDUzNDE4Nzc0fDUwfDgwfFVTRHxVU0R8MXwxfDIyfHwxfE5PUnw5MS45MC40Mi4xNTR8MTZ8OHwxfHwzMzM5NzQwNjAyfGNkZDI5NjkwNGQzNjFjNGY5YzMwNTY2ZWM4NDA3NjA0fDF8MHxwb29waGQubmV0fDB8MTA0MTM0fDIwODUyOHwwLjAxfDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTQzMjQyfDB8MHwzMTQzMjQ0fHx8MXw3MjB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfHwyNHw3fDB8MXwwfHx8MHwwfDB8MHwwfDB8MHwwfDB8MHwwfE9LfDE3MTZkMjU5MTc5MTNlNDNlMmQ4NjQ2Mjc2YTc5YWJk&icons=YBdNkB1p-_h7-YLEwI5LY1-5dAMycQxKAqAlLoeHUyBGkYA9mM9PhOB9AtLWL94Zyj21mjR3wYJhOdLe4xRg0eynMRuqWF75JDwfDry0IY_u9sfshNMCdyHcT0-2hcxmzpB-P8AdcrKOYsRqF4hpvob3ECRWHF9GMQQjl8zs9ve_lBJN1Q&ext_cid=6626198&px_id=53418774&min_cpm=0.0035416194809475728&out_id=1&campaign_type=lq-pop&aid=120&cid=18642&uniq=&mid=2480256251164691699&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.003731045508317327&cpm=0&verify_hash=11b92efafd2272107737300dbea4f4ca&is_native=2&real_bid=0.00033368000984192&original_bid_usd=0.0004&original_bid=0.0004&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,89,20,27,108,0&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=1720365311&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.0004&hostname=auc-inpage-hz-6-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000040000000000000003&ext_campaign_id_str=6626198&is_webview=0&client_price=0&direct_client_price=0&priority=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=6e1796f3-bec8-41ab-9bdc-de7c94a74e14&prev_step_diff=921 HTTP/1.1
Host: 430707a567.97c5ccfba2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 06 Jul 2024 15:15:12 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| 430707a567.97c5ccfba2.com/in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoophd.net%2Fd%2FPu2RS4Wlfi2&refdom=poophd.net&auction_time=1720278911&subid=357529620&sid=3339740602&tcid=0&ver=7.308.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-07-06&iabcat=IAB25-3&keywords=&user_fp=13148888709382828322&score=81.20611507563908&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoophd.net%252Fd%252FPu2RS4Wlfi2%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=15470&crtid=a448785754fcf5a97a1ec8e8b27b4f57&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DQQVPG2BVXTAfuUoKTHjhmcHUaSMKTQQzvRtoqLNd5mM3a8Jd7j07mHGIdvIt_IhJwuqyMW7DOShOKl6x9Kmfpcq0ZOn2Ohh_cvW5FW_CL6KXr6AwSjf7a2jWYA-k576OzKt3pAsKmha37wTLCvTzL3XGfeIkbd_kZGd4Op9D4Ifv8YXCITtW1ePQRIU7OSPtHD9urc2iJ8ROJeXKV_BjxUvjsaw_KfxeAqDlH3GsJjHf423Z3n_zr8xO8kOYIDMSssQhttyz1RCRNV1gfSrwq9_XlOtXn0yq7M1sdj8931MXGCGXHcGmrixWQEf_l98Rk__yqPiQ7r0DMsLHYodGtVqyU6STpLTuJ_Ja9VYqHMJhp7GryRk9aKg18OxogiGFBSMnzX7r96KtuyLxpsi3yMBGYxjzXGqwkPGzlpilKNZpIotCJZ36ldUlVTBRQCPuoEZPgIZlpy5blJVg8zgfR1IbiJq7B48kG3e9QHqT8M2wZYGBkcLpWRW2W4j2-Dt5_GbvrvAsiaNNSZAoQvT3OwGhXXaUp0W8RC8AzIfdEeL_5k83HId1K3NdRNSK_5DEMXgO2Q-CgGUYNZ3tUlJ8kbtPEyI7Pni-MSYEfRkXtbW-hGyrBOBL3NfLClqqHd8hEh0DCTbiJ1TI02QY8pd6WGKhAvQi05BHfImdcnoG2SOe1e-IPzcvVOJbu9x6X5v0SGOFl3JWyjZCdvh6pAUAF_FyMiMCzDiAx_kE0igRwgZ0gmOh5vT5rHPTSRACaWiWKU9eUbekhI8-BgYukBfzFFoGULJTZb0HKw4FAMfzFTFxVG1sPGQTyE1-xyVrJTHkNtOS_08eH6_7zm76aZeXym_TKk4iIOWdd5NGxUf7Lce1DSzNM_pp4B_CEqjOptCUI0CcCdssDYx8yeMdnffJT9lInaDJh3zxdYmJOai8FaG2GOLWRt9tBKZ4l529_XQgPENwSbnCLjgxiD0CGnOQJz0NtE6QcUjpPUSWwy4lbHh6fDPbf0LIK0GkWXTV4OF6K6m0Vyv8lyuPj4D-3UIWMrOFc--WofNY1zHopnc_VDbBzYRJo_pBsOdXI3B5w_f6ZfXkg3kb6_SgzV1WRGkaVPoWPocD5fHqUg0DY3IzxSj4scaiS-nsikpHSJzmS5cUENuK1wKldk5My-Et_rbPZ8-N34N288Z1ReBnAjNipuqjqM6IOaSRwnxvyBVhccDhzqevQbGBOjB-wN3FAOzNAvanictimg%26sp%3D0.0028366506248763638&icons=0hoMBTVrFh3NHpmNd8uFTdkLVtuDn70Bde673Lz53R5-OUQ2_xHdAvFK4shCvstbVxQ9P0HKWtyQ3mtaa5fJOjG8fuGiSR8w5oVW-QsQd0GB6ZSeTqB_W8nhpHoRQw7K9DAGlBqZm1lp6fV-k_ODWFazmgP-r75kFNyI8TChMe8bNlicjPhka5meA9_UthF03kWyUQbTKCBxVIB4wLzD5q6DadUQFXaikJIWX1yWWDtaJTsYRHrKo2eTcIpOK21nAu-mPhIgXs6Y4oYhsIgY0tg04GcfEEXMwgTuSPs4pJ9DE_z_dlOYPizPHTkAhu6CJybcVpZMtkr0ZR6sNbsTyrKXLe5fZGP8ur6bGw_wwbla5Z8mTrdZCIv1Tioe85nn9NLI69gIfAQDkxxbzDRZrQtm_AMy5uXV0i--bTH9Z9bSoTUqz8Bhvyaac-gzXlyGPnanyU8EBvOLPBj7MmW1mzyE3673asUS8ZkU_rB_0J-AoXHhOfXjvJSHub-KpTGlGU0u4-_OtHyz8co0b3xXiKCWMwdb6BOwfljTXCJTq3wzd0-hxL0HXB0vo7Fs_MTUtJjUned_GgrwvtZ2sY03eBUAMWzDrNu31qbl3rUluM-1j4QRfQJZcj8THGjSMsmfnA1C-4dRdRwi9kNE0uP-AB2KAQAbN2DbWjryXsFRXLDQ_fhBvO7XUS7xArHk3D65xg50_ly7qUNBtmNwZ0nmuK2yiu7k42CFSF8Ga8H9b22N55845bxtLlHlYYmYQi2u_IE475MLZbUkGxm3OHna4GTDVHMxWI8CtGFjSIfp65m_G3c6lgEx9t4O2ICdWxK3be5kHLpPMSUi2BoNYLgJ_EowdvEk7K7xenE4FOsASoHRHDz4wAxBnS5baF2ox_OiauyG_8aqbLdKxslqJIqcdXNApQ2HVkkzn4LVaMp5i0Sz5YaqVOVZWuSdGoi7d98nfkJlzZMMTxNTOd679kNvuxYLGajKRANSVHFaKDeTfic6Y7emsSIqNwTNa0k1uyDxoHVW28wwljL58zGkF5_rlnvxbit3Y0c3NvB1TfkGp7qghLe05not4Tm-OKXSbQ4yKu6hpbwXU6jziCkEYil9i5FIKISNb4h8kg9QwN0tFO2o4qiY2eTktjkiVHwBwawIsIKnDEj5gAEkwK3WMGmk9V3deFaOuffjXfenSXU-zOodyzPBwJtaE2C_N-f2W9GvAk5UavmOKrQbW4hHp0w3fpd4cmFaLBubS7vFw2dGf8uju2Aa0VUdbncRFmpV1taiRIVYNXVpubp5CxBuliwcnmXrOqZVE_vXrTXfyliNXJmQkbmBsh4fOJSxR5BBtUfCPVRnQ78truTkuH77XBZrSeWN5G3iieMZqFWB0HTxakojJViu4koXgwyCLzclR9eSaENpziBM7A&ext_cid=217903&px_id=31418774&min_cpm=0.012922690971898049&out_id=0&campaign_type=mq&aid=127&cid=12696&uniq=34d3b07b42d61d4561e6068f66f2a7660a7ce2ba959fa10f4073bd1e499cf814&mid=2480256251164691699&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.09963455081084642&cpm=0&verify_hash=0c412ea77ef7134bead5b315e66b57d5&is_native=1&real_bid=0.002442072479942737&original_bid_usd=0.0028366506248763638&original_bid=0.0028366506248763638&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,101,5,98,108,0&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=1720451711&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F756%2F756853%2Fconversions%2FUI81lHpD-minify.jpg&site=native-push-adult&price=0.0028366506248763638&hostname=auc-inpage-hz-6-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000028366506248763643&ext_campaign_id_str=217903&is_webview=0&client_price=0&direct_client_price=0&priority=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.03&cpa=610948aa-4bb2-4826-9cef-0876824ba734&prev_step_diff=920 | 167.235.163.216 | 200 OK | 0 B |
URL GET HTTP/2430707a567.97c5ccfba2.com/in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoophd.net%2Fd%2FPu2RS4Wlfi2&refdom=poophd.net&auction_time=1720278911&subid=357529620&sid=3339740602&tcid=0&ver=7.308.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-07-06&iabcat=IAB25-3&keywords=&user_fp=13148888709382828322&score=81.20611507563908&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoophd.net%252Fd%252FPu2RS4Wlfi2%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=15470&crtid=a448785754fcf5a97a1ec8e8b27b4f57&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DQQVPG2BVXTAfuUoKTHjhmcHUaSMKTQQzvRtoqLNd5mM3a8Jd7j07mHGIdvIt_IhJwuqyMW7DOShOKl6x9Kmfpcq0ZOn2Ohh_cvW5FW_CL6KXr6AwSjf7a2jWYA-k576OzKt3pAsKmha37wTLCvTzL3XGfeIkbd_kZGd4Op9D4Ifv8YXCITtW1ePQRIU7OSPtHD9urc2iJ8ROJeXKV_BjxUvjsaw_KfxeAqDlH3GsJjHf423Z3n_zr8xO8kOYIDMSssQhttyz1RCRNV1gfSrwq9_XlOtXn0yq7M1sdj8931MXGCGXHcGmrixWQEf_l98Rk__yqPiQ7r0DMsLHYodGtVqyU6STpLTuJ_Ja9VYqHMJhp7GryRk9aKg18OxogiGFBSMnzX7r96KtuyLxpsi3yMBGYxjzXGqwkPGzlpilKNZpIotCJZ36ldUlVTBRQCPuoEZPgIZlpy5blJVg8zgfR1IbiJq7B48kG3e9QHqT8M2wZYGBkcLpWRW2W4j2-Dt5_GbvrvAsiaNNSZAoQvT3OwGhXXaUp0W8RC8AzIfdEeL_5k83HId1K3NdRNSK_5DEMXgO2Q-CgGUYNZ3tUlJ8kbtPEyI7Pni-MSYEfRkXtbW-hGyrBOBL3NfLClqqHd8hEh0DCTbiJ1TI02QY8pd6WGKhAvQi05BHfImdcnoG2SOe1e-IPzcvVOJbu9x6X5v0SGOFl3JWyjZCdvh6pAUAF_FyMiMCzDiAx_kE0igRwgZ0gmOh5vT5rHPTSRACaWiWKU9eUbekhI8-BgYukBfzFFoGULJTZb0HKw4FAMfzFTFxVG1sPGQTyE1-xyVrJTHkNtOS_08eH6_7zm76aZeXym_TKk4iIOWdd5NGxUf7Lce1DSzNM_pp4B_CEqjOptCUI0CcCdssDYx8yeMdnffJT9lInaDJh3zxdYmJOai8FaG2GOLWRt9tBKZ4l529_XQgPENwSbnCLjgxiD0CGnOQJz0NtE6QcUjpPUSWwy4lbHh6fDPbf0LIK0GkWXTV4OF6K6m0Vyv8lyuPj4D-3UIWMrOFc--WofNY1zHopnc_VDbBzYRJo_pBsOdXI3B5w_f6ZfXkg3kb6_SgzV1WRGkaVPoWPocD5fHqUg0DY3IzxSj4scaiS-nsikpHSJzmS5cUENuK1wKldk5My-Et_rbPZ8-N34N288Z1ReBnAjNipuqjqM6IOaSRwnxvyBVhccDhzqevQbGBOjB-wN3FAOzNAvanictimg%26sp%3D0.0028366506248763638&icons=0hoMBTVrFh3NHpmNd8uFTdkLVtuDn70Bde673Lz53R5-OUQ2_xHdAvFK4shCvstbVxQ9P0HKWtyQ3mtaa5fJOjG8fuGiSR8w5oVW-QsQd0GB6ZSeTqB_W8nhpHoRQw7K9DAGlBqZm1lp6fV-k_ODWFazmgP-r75kFNyI8TChMe8bNlicjPhka5meA9_UthF03kWyUQbTKCBxVIB4wLzD5q6DadUQFXaikJIWX1yWWDtaJTsYRHrKo2eTcIpOK21nAu-mPhIgXs6Y4oYhsIgY0tg04GcfEEXMwgTuSPs4pJ9DE_z_dlOYPizPHTkAhu6CJybcVpZMtkr0ZR6sNbsTyrKXLe5fZGP8ur6bGw_wwbla5Z8mTrdZCIv1Tioe85nn9NLI69gIfAQDkxxbzDRZrQtm_AMy5uXV0i--bTH9Z9bSoTUqz8Bhvyaac-gzXlyGPnanyU8EBvOLPBj7MmW1mzyE3673asUS8ZkU_rB_0J-AoXHhOfXjvJSHub-KpTGlGU0u4-_OtHyz8co0b3xXiKCWMwdb6BOwfljTXCJTq3wzd0-hxL0HXB0vo7Fs_MTUtJjUned_GgrwvtZ2sY03eBUAMWzDrNu31qbl3rUluM-1j4QRfQJZcj8THGjSMsmfnA1C-4dRdRwi9kNE0uP-AB2KAQAbN2DbWjryXsFRXLDQ_fhBvO7XUS7xArHk3D65xg50_ly7qUNBtmNwZ0nmuK2yiu7k42CFSF8Ga8H9b22N55845bxtLlHlYYmYQi2u_IE475MLZbUkGxm3OHna4GTDVHMxWI8CtGFjSIfp65m_G3c6lgEx9t4O2ICdWxK3be5kHLpPMSUi2BoNYLgJ_EowdvEk7K7xenE4FOsASoHRHDz4wAxBnS5baF2ox_OiauyG_8aqbLdKxslqJIqcdXNApQ2HVkkzn4LVaMp5i0Sz5YaqVOVZWuSdGoi7d98nfkJlzZMMTxNTOd679kNvuxYLGajKRANSVHFaKDeTfic6Y7emsSIqNwTNa0k1uyDxoHVW28wwljL58zGkF5_rlnvxbit3Y0c3NvB1TfkGp7qghLe05not4Tm-OKXSbQ4yKu6hpbwXU6jziCkEYil9i5FIKISNb4h8kg9QwN0tFO2o4qiY2eTktjkiVHwBwawIsIKnDEj5gAEkwK3WMGmk9V3deFaOuffjXfenSXU-zOodyzPBwJtaE2C_N-f2W9GvAk5UavmOKrQbW4hHp0w3fpd4cmFaLBubS7vFw2dGf8uju2Aa0VUdbncRFmpV1taiRIVYNXVpubp5CxBuliwcnmXrOqZVE_vXrTXfyliNXJmQkbmBsh4fOJSxR5BBtUfCPVRnQ78truTkuH77XBZrSeWN5G3iieMZqFWB0HTxakojJViu4koXgwyCLzclR9eSaENpziBM7A&ext_cid=217903&px_id=31418774&min_cpm=0.012922690971898049&out_id=0&campaign_type=mq&aid=127&cid=12696&uniq=34d3b07b42d61d4561e6068f66f2a7660a7ce2ba959fa10f4073bd1e499cf814&mid=2480256251164691699&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.09963455081084642&cpm=0&verify_hash=0c412ea77ef7134bead5b315e66b57d5&is_native=1&real_bid=0.002442072479942737&original_bid_usd=0.0028366506248763638&original_bid=0.0028366506248763638&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,101,5,98,108,0&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=1720451711&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F756%2F756853%2Fconversions%2FUI81lHpD-minify.jpg&site=native-push-adult&price=0.0028366506248763638&hostname=auc-inpage-hz-6-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000028366506248763643&ext_campaign_id_str=217903&is_webview=0&client_price=0&direct_client_price=0&priority=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.03&cpa=610948aa-4bb2-4826-9cef-0876824ba734&prev_step_diff=920 IP167.235.163.216:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subject97c5ccfba2.com Fingerprint3E:23:77:ED:85:2C:E5:00:E1:25:8E:81:A3:9D:E5:79:DD:D1:AA:B2 ValidityTue, 02 Jul 2024 14:03:36 GMT - Mon, 30 Sep 2024 14:03:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoophd.net%2Fd%2FPu2RS4Wlfi2&refdom=poophd.net&auction_time=1720278911&subid=357529620&sid=3339740602&tcid=0&ver=7.308.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-07-06&iabcat=IAB25-3&keywords=&user_fp=13148888709382828322&score=81.20611507563908&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoophd.net%252Fd%252FPu2RS4Wlfi2%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=15470&crtid=a448785754fcf5a97a1ec8e8b27b4f57&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DQQVPG2BVXTAfuUoKTHjhmcHUaSMKTQQzvRtoqLNd5mM3a8Jd7j07mHGIdvIt_IhJwuqyMW7DOShOKl6x9Kmfpcq0ZOn2Ohh_cvW5FW_CL6KXr6AwSjf7a2jWYA-k576OzKt3pAsKmha37wTLCvTzL3XGfeIkbd_kZGd4Op9D4Ifv8YXCITtW1ePQRIU7OSPtHD9urc2iJ8ROJeXKV_BjxUvjsaw_KfxeAqDlH3GsJjHf423Z3n_zr8xO8kOYIDMSssQhttyz1RCRNV1gfSrwq9_XlOtXn0yq7M1sdj8931MXGCGXHcGmrixWQEf_l98Rk__yqPiQ7r0DMsLHYodGtVqyU6STpLTuJ_Ja9VYqHMJhp7GryRk9aKg18OxogiGFBSMnzX7r96KtuyLxpsi3yMBGYxjzXGqwkPGzlpilKNZpIotCJZ36ldUlVTBRQCPuoEZPgIZlpy5blJVg8zgfR1IbiJq7B48kG3e9QHqT8M2wZYGBkcLpWRW2W4j2-Dt5_GbvrvAsiaNNSZAoQvT3OwGhXXaUp0W8RC8AzIfdEeL_5k83HId1K3NdRNSK_5DEMXgO2Q-CgGUYNZ3tUlJ8kbtPEyI7Pni-MSYEfRkXtbW-hGyrBOBL3NfLClqqHd8hEh0DCTbiJ1TI02QY8pd6WGKhAvQi05BHfImdcnoG2SOe1e-IPzcvVOJbu9x6X5v0SGOFl3JWyjZCdvh6pAUAF_FyMiMCzDiAx_kE0igRwgZ0gmOh5vT5rHPTSRACaWiWKU9eUbekhI8-BgYukBfzFFoGULJTZb0HKw4FAMfzFTFxVG1sPGQTyE1-xyVrJTHkNtOS_08eH6_7zm76aZeXym_TKk4iIOWdd5NGxUf7Lce1DSzNM_pp4B_CEqjOptCUI0CcCdssDYx8yeMdnffJT9lInaDJh3zxdYmJOai8FaG2GOLWRt9tBKZ4l529_XQgPENwSbnCLjgxiD0CGnOQJz0NtE6QcUjpPUSWwy4lbHh6fDPbf0LIK0GkWXTV4OF6K6m0Vyv8lyuPj4D-3UIWMrOFc--WofNY1zHopnc_VDbBzYRJo_pBsOdXI3B5w_f6ZfXkg3kb6_SgzV1WRGkaVPoWPocD5fHqUg0DY3IzxSj4scaiS-nsikpHSJzmS5cUENuK1wKldk5My-Et_rbPZ8-N34N288Z1ReBnAjNipuqjqM6IOaSRwnxvyBVhccDhzqevQbGBOjB-wN3FAOzNAvanictimg%26sp%3D0.0028366506248763638&icons=0hoMBTVrFh3NHpmNd8uFTdkLVtuDn70Bde673Lz53R5-OUQ2_xHdAvFK4shCvstbVxQ9P0HKWtyQ3mtaa5fJOjG8fuGiSR8w5oVW-QsQd0GB6ZSeTqB_W8nhpHoRQw7K9DAGlBqZm1lp6fV-k_ODWFazmgP-r75kFNyI8TChMe8bNlicjPhka5meA9_UthF03kWyUQbTKCBxVIB4wLzD5q6DadUQFXaikJIWX1yWWDtaJTsYRHrKo2eTcIpOK21nAu-mPhIgXs6Y4oYhsIgY0tg04GcfEEXMwgTuSPs4pJ9DE_z_dlOYPizPHTkAhu6CJybcVpZMtkr0ZR6sNbsTyrKXLe5fZGP8ur6bGw_wwbla5Z8mTrdZCIv1Tioe85nn9NLI69gIfAQDkxxbzDRZrQtm_AMy5uXV0i--bTH9Z9bSoTUqz8Bhvyaac-gzXlyGPnanyU8EBvOLPBj7MmW1mzyE3673asUS8ZkU_rB_0J-AoXHhOfXjvJSHub-KpTGlGU0u4-_OtHyz8co0b3xXiKCWMwdb6BOwfljTXCJTq3wzd0-hxL0HXB0vo7Fs_MTUtJjUned_GgrwvtZ2sY03eBUAMWzDrNu31qbl3rUluM-1j4QRfQJZcj8THGjSMsmfnA1C-4dRdRwi9kNE0uP-AB2KAQAbN2DbWjryXsFRXLDQ_fhBvO7XUS7xArHk3D65xg50_ly7qUNBtmNwZ0nmuK2yiu7k42CFSF8Ga8H9b22N55845bxtLlHlYYmYQi2u_IE475MLZbUkGxm3OHna4GTDVHMxWI8CtGFjSIfp65m_G3c6lgEx9t4O2ICdWxK3be5kHLpPMSUi2BoNYLgJ_EowdvEk7K7xenE4FOsASoHRHDz4wAxBnS5baF2ox_OiauyG_8aqbLdKxslqJIqcdXNApQ2HVkkzn4LVaMp5i0Sz5YaqVOVZWuSdGoi7d98nfkJlzZMMTxNTOd679kNvuxYLGajKRANSVHFaKDeTfic6Y7emsSIqNwTNa0k1uyDxoHVW28wwljL58zGkF5_rlnvxbit3Y0c3NvB1TfkGp7qghLe05not4Tm-OKXSbQ4yKu6hpbwXU6jziCkEYil9i5FIKISNb4h8kg9QwN0tFO2o4qiY2eTktjkiVHwBwawIsIKnDEj5gAEkwK3WMGmk9V3deFaOuffjXfenSXU-zOodyzPBwJtaE2C_N-f2W9GvAk5UavmOKrQbW4hHp0w3fpd4cmFaLBubS7vFw2dGf8uju2Aa0VUdbncRFmpV1taiRIVYNXVpubp5CxBuliwcnmXrOqZVE_vXrTXfyliNXJmQkbmBsh4fOJSxR5BBtUfCPVRnQ78truTkuH77XBZrSeWN5G3iieMZqFWB0HTxakojJViu4koXgwyCLzclR9eSaENpziBM7A&ext_cid=217903&px_id=31418774&min_cpm=0.012922690971898049&out_id=0&campaign_type=mq&aid=127&cid=12696&uniq=34d3b07b42d61d4561e6068f66f2a7660a7ce2ba959fa10f4073bd1e499cf814&mid=2480256251164691699&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.09963455081084642&cpm=0&verify_hash=0c412ea77ef7134bead5b315e66b57d5&is_native=1&real_bid=0.002442072479942737&original_bid_usd=0.0028366506248763638&original_bid=0.0028366506248763638&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,101,5,98,108,0&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=1720451711&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F756%2F756853%2Fconversions%2FUI81lHpD-minify.jpg&site=native-push-adult&price=0.0028366506248763638&hostname=auc-inpage-hz-6-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000028366506248763643&ext_campaign_id_str=217903&is_webview=0&client_price=0&direct_client_price=0&priority=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.03&cpa=610948aa-4bb2-4826-9cef-0876824ba734&prev_step_diff=920 HTTP/1.1
Host: 430707a567.97c5ccfba2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 06 Jul 2024 15:15:12 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=3de9de59-8a5f-4c64-976a-14f0aa88b4ea&prev_step_diff=920 | 45.133.44.25 | 200 OK | 486 B |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=3de9de59-8a5f-4c64-976a-14f0aa88b4ea&prev_step_diff=920 IP45.133.44.25:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com Fingerprint4C:48:F0:54:0C:00:BF:00:BE:69:C1:23:F3:A7:91:4B:61:3C:95:F6 ValidityTue, 04 Jun 2024 03:00:32 GMT - Mon, 02 Sep 2024 03:00:31 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashceeb4e8840c24621c0e0352b42b38a5b 03cbceb0134a39267014595938705e2916580644 50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=3de9de59-8a5f-4c64-976a-14f0aa88b4ea&prev_step_diff=920 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:12 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Sun, 06 Jul 2025 15:15:12 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp | 45.133.44.25 | 200 OK | 1.1 kB |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp IP45.133.44.25:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com Fingerprint4C:48:F0:54:0C:00:BF:00:BE:69:C1:23:F3:A7:91:4B:61:3C:95:F6 ValidityTue, 04 Jun 2024 03:00:32 GMT - Mon, 02 Sep 2024 03:00:31 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp Hash2a11e13b2bd67bb9a6cb347d7c73df13 b85460a33f9b229f42c08a6a94ae433a4d5c32ab 1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:12 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Sun, 06 Jul 2025 15:15:12 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| metrolagu.cam/jembud/3269666c57345352327550 | 188.114.96.1 | 200 OK | 151 B |
URL GET HTTP/2metrolagu.cam/jembud/3269666c57345352327550 IP188.114.96.1:443
Requested byhttps://yu2be.com/watch?V=CBx6e9cZlBQ CertificateIssuerGoogle Trust Services Subjectmetrolagu.cam Fingerprint54:95:F3:00:3B:6A:05:40:B7:A3:46:47:DD:70:74:4A:10:23:F2:F1 ValidityWed, 12 Jun 2024 08:19:24 GMT - Tue, 10 Sep 2024 08:19:23 GMT
File typeHTML document, ASCII text Hash0f7ae3f9d0e69fd0aaf1398d77b7290c 190ebedd7eeffe1d28e7f85a8daf55b059b3d109 0b4b459b049712fdea8f6fc528874544011a05d34359debc96ff2bcecd707f72
GET /jembud/3269666c57345352327550 HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o0nYknfIjQPw3jXZSsI3tmBA0VSmuDoH8zh7mfJi06cfN97ukd03KcxiqKrrlD4WpHSpu%2FPXPofvdNr1PU1sutGb%2BSPHAkPvKlKDynGV22aIh29jaDtqvq1Nms3SqqsZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c7a8eb1b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| imdn.pics/m/p/0/756/756853/conversions/UI81lHpD-minify.jpg | 45.133.44.24 | 200 OK | 17 kB |
URL GET HTTP/2imdn.pics/m/p/0/756/756853/conversions/UI81lHpD-minify.jpg IP45.133.44.24:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjectimdn.pics Fingerprint56:C0:33:C1:83:FD:F4:3F:85:0C:56:6C:BD:3A:B4:09:34:6B:5D:69 ValiditySat, 11 May 2024 02:00:56 GMT - Fri, 09 Aug 2024 02:00:55 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 360x240, components 3 Hasha3ef953ff3ca7693edae6ec66d8851b3 6efbcb8771c94a7d01a3520e74090ca935c6f0c1 3211bd488a702999c6713b3ea1e7fbff07de82816912e8661422be29558d4296
GET /m/p/0/756/756853/conversions/UI81lHpD-minify.jpg HTTP/1.1
Host: imdn.pics
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:12 GMT
content-type: image/jpeg
content-length: 17133
server: nginx
last-modified: Thu, 14 Mar 2024 10:43:51 GMT
etag: "65f2d4e7-42ed"
x-request-id: aa65482af930c5c8c33dda560e43797e
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache, no-cache
expires: 0
x-proxy-cache: HIT, HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| imdn.pics/m/p/0/756/756852/conversions/R2NBS1nv-minify.jpg | 45.133.44.24 | 200 OK | 3.5 kB |
URL GET HTTP/2imdn.pics/m/p/0/756/756852/conversions/R2NBS1nv-minify.jpg IP45.133.44.24:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjectimdn.pics Fingerprint56:C0:33:C1:83:FD:F4:3F:85:0C:56:6C:BD:3A:B4:09:34:6B:5D:69 ValiditySat, 11 May 2024 02:00:56 GMT - Fri, 09 Aug 2024 02:00:55 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 100x100, components 3 Hashf106f6b887f8b9ce78be27fad475aa21 f2533f16205dc100e21c8883248060bcffb3ef51 8541d813a46b227f8d12febbae020b03f782556d03c0bbc3e8cb589e6cc78e72
GET /m/p/0/756/756852/conversions/R2NBS1nv-minify.jpg HTTP/1.1
Host: imdn.pics
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:12 GMT
content-type: image/jpeg
content-length: 3454
server: nginx
last-modified: Thu, 14 Mar 2024 10:43:44 GMT
etag: "65f2d4e0-d7e"
x-request-id: 59e76f33fde192fa0ffcea555bfd5db7
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache, no-cache
expires: 0
x-proxy-cache: HIT, HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/play.svg | 188.114.96.1 | 200 OK | 633 B |
URL GET HTTP/2assets.poopcdn.com/play.svg IP188.114.96.1:443
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5 ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT
File typeSVG Scalable Vector Graphics image Hashfa7e52a78c2db6968656093b3b4f6266 d3c582a7ce14bbe3f2e3a486e8e038d7ccbdfc6a 3ba523164e3d24ae32abd260e3728d4418e4720f145e0571acac76c42e81d3cb
GET /play.svg HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: image/svg+xml
etag: W/"85f08506e5a64050719e7e18a26cd9c4"
last-modified: Thu, 14 Mar 2024 17:17:30 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2923
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WBIWTiGtgjofoFN4gHUw%2FTF3eeY%2FF16ZPUhekO2GIJIxS%2FB6NR%2BgITURTxCgdW7ggNds%2Fk9yE1VL%2FfPs2Ou%2FoW7kaykW6vkDDBOS5jlbVQLrT5mHAgojIfpycsM%2FXWPtQfPisEM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c765fd8568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| go.xxxjmp.com/api/models/ts?targetDomain=stripchat.com&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&memberId=t9fsq8H2LD1k0pd-akKQKobYSF1v7mOKsKTpsoV6giG6sal5-3Iv3aK2lUFvoMLXufbcoLpkE2jNehoaRdHU0R8kPmg2xOlksCIO4OH-ZSZcx-ElYVtZTfc_gUIDRUi&p1=4548494&sourceId=547974&p2=3401168&tag=-girls%2Findian | 172.64.147.206 | 200 OK | 1.3 kB |
URL GET HTTP/2go.xxxjmp.com/api/models/ts?targetDomain=stripchat.com&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&memberId=t9fsq8H2LD1k0pd-akKQKobYSF1v7mOKsKTpsoV6giG6sal5-3Iv3aK2lUFvoMLXufbcoLpkE2jNehoaRdHU0R8kPmg2xOlksCIO4OH-ZSZcx-ElYVtZTfc_gUIDRUi&p1=4548494&sourceId=547974&p2=3401168&tag=-girls%2Findian IP172.64.147.206:443
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjectgo.xxxjmp.com Fingerprint26:9F:65:73:DB:D0:66:42:2C:27:F5:39:E6:06:3C:9D:7A:D5:58:CE ValidityThu, 30 May 2024 00:05:55 GMT - Wed, 28 Aug 2024 00:05:54 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1401), with no line terminators Hash1daf398217e0c095d2c0af0b08b4337c 0ecf2403f659f8e6981cb58cb34af6478fce1b33 8da6ef211cc8634e3f7dbebc0a5bbe12e831d27891e18ee499c628c8e0fa5558
GET /api/models/ts?targetDomain=stripchat.com&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&memberId=t9fsq8H2LD1k0pd-akKQKobYSF1v7mOKsKTpsoV6giG6sal5-3Iv3aK2lUFvoMLXufbcoLpkE2jNehoaRdHU0R8kPmg2xOlksCIO4OH-ZSZcx-ElYVtZTfc_gUIDRUi&p1=4548494&sourceId=547974&p2=3401168&tag=-girls%2Findian HTTP/1.1
Host: go.xxxjmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: application/json
access-control-allow-origin: https://poophd.net
access-control-allow-credentials: true
vary: Origin, Accept-Encoding
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 89f08c7a983c1c0e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| metrolagu.cam/play.svg | 188.114.96.1 | 200 OK | 633 B |
IP188.114.96.1:443
Requested byhttps://metrolagu.cam/watch?v=ZyY71Ps5xRk CertificateIssuerGoogle Trust Services Subjectmetrolagu.cam Fingerprint54:95:F3:00:3B:6A:05:40:B7:A3:46:47:DD:70:74:4A:10:23:F2:F1 ValidityWed, 12 Jun 2024 08:19:24 GMT - Tue, 10 Sep 2024 08:19:23 GMT
File typeSVG Scalable Vector Graphics image Hashfa7e52a78c2db6968656093b3b4f6266 d3c582a7ce14bbe3f2e3a486e8e038d7ccbdfc6a 3ba523164e3d24ae32abd260e3728d4418e4720f145e0571acac76c42e81d3cb
GET /play.svg HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/embed.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: image/svg+xml
last-modified: Thu, 21 Sep 2023 10:51:20 GMT
etag: W/"650c2028-279"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2414
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aoKNuKBT5zmwK%2FPs7VB6yRNJ7ndyPT6Y99qpOnp6w7T1vJ8cruGZQ2%2BHoNAKNvqzId6k4qwRbp9aHLV7Uc883S1%2FRS9rfS2MAG5eNA104r4hZoA9H02FPDymFnQIrkwO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89f08c7f494e568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| cdn.tsyndicate.com/sdk/v1/inpage.push.js | 45.133.44.70 | 200 OK | 14 kB |
URL GET HTTP/2cdn.tsyndicate.com/sdk/v1/inpage.push.js IP45.133.44.70:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjectcdn.tsyndicate.com FingerprintD1:BA:EE:F0:8D:8F:47:DF:CC:82:D6:69:8B:C5:E6:32:61:B2:10:52 ValiditySat, 08 Jun 2024 03:00:23 GMT - Fri, 06 Sep 2024 03:00:22 GMT
File typeJavaScript source, ASCII text, with very long lines (13920) Hash00c3a437db0258c707944c3f8a13da32 0e1b2787c0fe785af9e2c441b52c1c627c6a21d1 d10120a1e35daa3c0265fff15739c99dc889b724614c5a7d23059597fc9eccdf
GET /sdk/v1/inpage.push.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: application/javascript; charset=utf-8
server: nginx
last-modified: Fri, 15 Mar 2024 13:15:44 GMT
etag: W/"65f44a00-36b5"
x-robots-tag: noindex, nofollow
content-encoding: gzip
cache-control: max-age=172800
expires: Mon, 08 Jul 2024 15:15:10 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/style.css | 188.114.96.1 | 200 OK | 259 kB |
URL GET HTTP/2assets.poopcdn.com/style.css IP188.114.96.1:443
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5 ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT
Size259 kB (259373 bytes) Hashf94acf4d0db64b4a710fc6fce3bc2a49 63753e2bb0367b37084eba7690d9fb752667ecd3 f4c109f2e81af1df1cf0c41934f699fa249176cb27c7b554d3bc664c89fc1340
GET /style.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: text/css
etag: W/"f94acf4d0db64b4a710fc6fce3bc2a49"
last-modified: Thu, 14 Mar 2024 17:13:04 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1896
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XFX5DfRo6ten9VdP1FkI1uzT2djIsJE2v0MlvEPqWZfsmOU7FXcb%2FQQSk0iOxZGEUg%2FJtjkvTaMymcsRHWCG4JsiggNE4Oyw5SL3BxRRTdOgIOdq%2BAdIB0MD%2FtONYptn33K8cPo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c747c0a568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| | 172.67.209.176 | 200 OK | 15 kB |
URL User Request GET HTTP/2IP172.67.209.176:443
CertificateIssuerGoogle Trust Services Subjectpoophd.net Fingerprint04:CB:BF:CF:D0:17:2F:6F:44:10:3D:D3:CC:8F:57:9B:58:C5:F4:79 ValidityFri, 05 Jul 2024 14:41:03 GMT - Thu, 03 Oct 2024 14:41:02 GMT
File typeHTML document, ASCII text, with very long lines (6446) Hashc61ca8e27596cbe351a2f7f2fb6f4fd4 9517e26212ab41fa04a061dc7214294c369f3933 745ff888cf20d120e74c2b6d1e61281504fb12839b8308d3b8ca795c5f7c3356
GET /d/Pu2RS4Wlfi2 HTTP/1.1
Host: poophd.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:09 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OrkN0BCkjJ6rUrtnytAFfxtgyW991tCWs7Qc1NJ%2BXVO3nTKQMQqK5q%2B58jj29vMRGm%2BQ5h3VHrBsp1ea9agV7IBXSKY31WDsykNvsjMedcbP3j0XkXiDe%2FRgrLAk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c70dd440b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 4c21b1a532.5165c0c080.com/5d730eb6fd69b185ce754d3ab9c39752/114039?version_name=c&domain=poophd.net | 45.133.44.52 | 200 OK | 1.4 kB |
URL GET HTTP/24c21b1a532.5165c0c080.com/5d730eb6fd69b185ce754d3ab9c39752/114039?version_name=c&domain=poophd.net IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subject4c21b1a532.5165c0c080.com Fingerprint3A:0C:73:71:75:8E:44:D7:0B:07:A3:B5:42:A7:AD:2A:6B:78:11:41 ValidityWed, 03 Jul 2024 02:20:38 GMT - Tue, 01 Oct 2024 02:20:37 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1596), with no line terminators Hash7b58c864c1c35f99f5d46fbe36226717 91fb783b91506c3548727ff9decfabb3b559be6f 4650edbcde7f775295755920149cb6e5708c4b95534faec877277a0ed273506f
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /5d730eb6fd69b185ce754d3ab9c39752/114039?version_name=c&domain=poophd.net HTTP/1.1
Host: 4c21b1a532.5165c0c080.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: application/json
content-length: 1412
server: nginx/1.18.0
cache-control: max-age=300
expires: Sat, 06 Jul 2024 15:20:10 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| cdn.tsyndicate.com/sdk/v1/inpage.push.v2.css | 45.133.44.70 | 200 OK | 22 kB |
URL GET HTTP/2cdn.tsyndicate.com/sdk/v1/inpage.push.v2.css IP45.133.44.70:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjectcdn.tsyndicate.com FingerprintD1:BA:EE:F0:8D:8F:47:DF:CC:82:D6:69:8B:C5:E6:32:61:B2:10:52 ValiditySat, 08 Jun 2024 03:00:23 GMT - Fri, 06 Sep 2024 03:00:22 GMT
File typeASCII text, with very long lines (21744), with no line terminators Hashb4ac1d9cb97e96cbe37dcc8baf27f734 0b6a51d6587380b8296a5fc8f7827040813e5f31 59e92e521ef354de958402f21a9f5a437965e047b554382274bc3af767974a49
GET /sdk/v1/inpage.push.v2.css HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: text/css
server: nginx
last-modified: Fri, 15 Mar 2024 13:15:06 GMT
etag: W/"65f449da-54f0"
x-robots-tag: noindex, nofollow
content-encoding: gzip
cache-control: max-age=172800
expires: Mon, 08 Jul 2024 15:15:11 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
X-Firefox-Spdy: h2
|
|
| metrolagu.cam/watch?v=ZyY71Ps5xRk | 188.114.96.1 | 200 OK | 6.9 kB |
URL POST HTTP/3metrolagu.cam/watch?v=ZyY71Ps5xRk IP188.114.96.1:443
Requested byhttps://yu2be.com/watch?V=CBx6e9cZlBQ CertificateIssuerGoogle Trust Services Subjectmetrolagu.cam Fingerprint54:95:F3:00:3B:6A:05:40:B7:A3:46:47:DD:70:74:4A:10:23:F2:F1 ValidityWed, 12 Jun 2024 08:19:24 GMT - Tue, 10 Sep 2024 08:19:23 GMT
File typeHTML document, ASCII text, with very long lines (6940), with no line terminators Hash6dc8afe42da272d94fafaf99392edbb7 a6da1316f6ccd1afd0e9e9efee10764341383444 780eca5f2fe8dbb6e60b8208d4d49bc2a2d400e9dcde0595d3502b3fadeb2a9f
POST /watch?v=ZyY71Ps5xRk HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/jembud/3269666c57345352327550
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iN19h50YyR0e1jfQmhvb1jVN0HZFwy35O6s2ImzcfSWXctN2eUFCSTgTmsc5ydOzbGaiSb1AjRzStRwx27Q8bEX9D1NZVssJRypngw23EgGGztPc20A%2B415VaW8icngK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c7d0cca568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 4c21b1a532.5165c0c080.com/f7c98d6923c934c6c1674e526edb78d1.js | 45.133.44.52 | 200 OK | 116 kB |
URL GET HTTP/24c21b1a532.5165c0c080.com/f7c98d6923c934c6c1674e526edb78d1.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subject4c21b1a532.5165c0c080.com Fingerprint3A:0C:73:71:75:8E:44:D7:0B:07:A3:B5:42:A7:AD:2A:6B:78:11:41 ValidityWed, 03 Jul 2024 02:20:38 GMT - Tue, 01 Oct 2024 02:20:37 GMT
Size116 kB (116427 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /f7c98d6923c934c6c1674e526edb78d1.js HTTP/1.1
Host: 4c21b1a532.5165c0c080.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 25 Jun 2024 15:04:49 GMT
etag: W/"667adc91-1c6cb"
content-encoding: gzip
expires: Sat, 06 Jul 2024 15:20:10 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| yu2be.com/embed.css | 188.114.97.1 | 200 OK | 1.1 kB |
IP188.114.97.1:443
Requested byhttps://yu2be.com/watch?V=CBx6e9cZlBQ CertificateIssuerGoogle Trust Services Subjectyu2be.com Fingerprint1F:55:1D:73:E9:96:2A:88:8C:9B:ED:61:EB:4C:C5:AF:4D:F9:61:FF ValidityWed, 12 Jun 2024 04:17:16 GMT - Tue, 10 Sep 2024 04:17:15 GMT
File typeASCII text, with very long lines (1145), with no line terminators Hash69c7d11151f7c8da1183e16ec826fd58 e20f5a01a0e67b7e5a8966ef0e36894ffa1e7ecf 360cdfd896a7ee8339aa947d0ea0457e3463ec025f989ef2e683c1ea4719d7d1
GET /embed.css HTTP/1.1
Host: yu2be.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/watch?V=CBx6e9cZlBQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: text/css
last-modified: Thu, 23 Nov 2023 00:03:15 GMT
etag: W/"655e96c3-446"
expires: Sat, 06 Jul 2024 20:57:53 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 22637
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s6art3uKq16go3ZhCrHZ%2FYUam4%2BAYYCDkzkrfH1xR63GMU53qzhbB4C1hSACgtzMO6FM4L3U0U3NoE2HLvfKXL5GLsoHe6FM1IoXHCyYurMUAXfjzYZZj2DOvsE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89f08c79aeb90b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| js.wpushsdk.com/skins/ipmain.m.js | 45.133.44.52 | 200 OK | 475 kB |
URL GET HTTP/2js.wpushsdk.com/skins/ipmain.m.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjectjs.wpushsdk.com FingerprintC1:1E:49:F0:88:2B:8F:F1:59:51:D6:4A:97:D8:63:79:DA:EE:E0:BC ValiditySat, 11 May 2024 05:01:00 GMT - Fri, 09 Aug 2024 05:00:59 GMT
Size475 kB (475109 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /skins/ipmain.m.js HTTP/1.1
Host: js.wpushsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 05 Jul 2024 10:17:38 GMT
etag: W/"6687c842-73fe5"
content-encoding: gzip
expires: Sat, 06 Jul 2024 15:20:11 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap | 142.250.74.106 | 200 OK | 18 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap IP142.250.74.106:443
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerGoogle Trust Services Subjectupload.video.google.com FingerprintC7:12:52:3A:BD:E0:73:20:AD:A8:5F:DF:12:DB:C6:DE:AF:63:88:6B ValidityThu, 13 Jun 2024 16:32:33 GMT - Thu, 05 Sep 2024 16:32:32 GMT
Hash942d6c103643a3b457d90844f34a9b37 e2594da697f0082ee92f0f1d9b163aed142e09e7 654ba530c9e174b31735ff3b7a9cb8399c9c142e7572046eefd3f90b253f4b54
GET /css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 06 Jul 2024 15:15:10 GMT
date: Sat, 06 Jul 2024 15:15:10 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/embed2.css | 188.114.96.1 | 200 OK | 2.3 kB |
URL GET HTTP/2assets.poopcdn.com/embed2.css IP188.114.96.1:443
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5 ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT
File typeASCII text, with very long lines (2279), with no line terminators Hashf966df8b666f4e6af52c4c5972958a8d 59c598587c742cdd8211376b6a124c27a6a2dc52 943cf282560a6d9565816a7feeaa67cb91804127cf2d34686c932039bec26622
GET /embed2.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: text/css
etag: W/"504eba00908d13eb47133d1f92f8048a"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1896
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mjMgiBfZ8ket0JxnJBCoMD4mHnk7E%2F0cTv50vsh%2Fn%2FCcl%2FAQoAelTMWhHAbxlNxaE9uz79ufmZAksrDprxBaJhs7MVhEk1oY4Efy%2FsFdm6EK2GWQQuX2jI%2BlD65qJBiZr%2ByI7GE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c747c06568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/bootstrap.min.css | 188.114.96.1 | 200 OK | 209 kB |
URL GET HTTP/2assets.poopcdn.com/bootstrap.min.css IP188.114.96.1:443
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5 ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT
File typeASCII text, with very long lines (625) Size209 kB (208810 bytes) Hash3ad35d9c124d6c7d13f776dde0df9286 1bfc432b338ca01be6b05ab8e87f4a63caa8d82b 10c142c79bbbfe42ce677eedeee70f918de0e759feabc175f423543aee886a6b
GET /bootstrap.min.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: text/css
etag: W/"3ad35d9c124d6c7d13f776dde0df9286"
last-modified: Thu, 14 Mar 2024 17:13:03 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6646
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lGg7L4OyS6GLczFdYWlmgHCpCby8u35vL94flRetermpnPg%2FAvJ2KofGB1TV4yfldiodUCTY6oImgGSwpn1OjNgxPmfraF%2Fw%2FZlWcXpVg%2F5bIl%2BL%2FXXAzI1WwwtrElKr4pp8XmE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c749c56568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AdF4I77m5vhYi5_wFWQg-SyC9aBG0EdVyJPlDuWPv2zwSxzrpRcj9yECYIVq5CLsjGsPhcWDBgfb&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-955983947%3A1720278912035613&ddm=0 | 209.85.233.84 | 403 Forbidden | 0 B |
URL GET HTTP/3accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AdF4I77m5vhYi5_wFWQg-SyC9aBG0EdVyJPlDuWPv2zwSxzrpRcj9yECYIVq5CLsjGsPhcWDBgfb&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-955983947%3A1720278912035613&ddm=0 IP209.85.233.84:443
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerGoogle Trust Services Subject*.google.com Fingerprint5E:16:23:DF:7D:42:8E:61:6E:AA:4A:CC:FB:08:1A:B9:8F:FA:E0:A2 ValidityThu, 13 Jun 2024 15:27:14 GMT - Thu, 05 Sep 2024 15:27:13 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AdF4I77m5vhYi5_wFWQg-SyC9aBG0EdVyJPlDuWPv2zwSxzrpRcj9yECYIVq5CLsjGsPhcWDBgfb&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-955983947%3A1720278912035613&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 06 Jul 2024 15:15:12 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-UihVtdnLi-Nw59bBmJWw2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.ZU1EFvXsC20.es5.O/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| p.a64x.com/in/tip_shows/?katds_ep=M0VQA02HAlHoFE4qDWkL4ZKPMqLAgI39KftFlPmxhy3Rir0XzP_svn-sqpgA6tqCAPavNvyaVKYtOcFbVHmjz4c8rxatKAG7WeaBOxZTfwrfCDQpcbRwPfGX3OAN_HsK3VimFy1mgKTz3Tc08LwLVj_3yGHbPF3TqIAbujUJnnEGVnswlvaQ8EfS3IQU2yDM6SHy6LTS8asmmYhSQ5YrfFgqTh6WQ1yi2GRWT7IuGSn1QDAABDt11oOLMM55XxlcqNAhAmbN2hL_0r3C_c3ZTzFJNQkz5GDJnHXULnR_ULOgKI2bE0y6olHZ02pK-7ZHTen1wSCwzrF0C2kXJ5r3vj17LzpHWsuo5dp0vX454mNhL9t7E1cAHly6X5JKjGIcdpgoJGW33zkvXeWIsKOQvJlbYHkodljDgNyKwhy4ex79pO3Wgod0U-trrAvFAvyLMkjpJmVstceISHJa5mow_3GrhQsuf6WePl7ux-YxMtCQpfUBfWcAZ6uG4cmUBU8hRBPny0vafQU2zNe_NMwB4nBkaUwmhqKwQwRxGFJivGiwHkYRjNCURZHIdhJm68v5eW2rXS6uOs4bLQSosaakb30OStYGRlikl11o6u_KCkFF5t2KxfekW3WI_KMomIMWOGlHGr0T6DXeGxEhi_Sk1JR3q5KiuVjLqMazsfHJ872upSxO-MzqkgZZADyMGjYXPMr_LNGgDD4STPkzcJPoOY9yUkEtLO5pJzjhS6DgosRXmcGfn4XOQOGflsAkn9RbNFloVN-n5sFAen4TopEQApWlwi_dAa9tH0dK9V0CK2mY7_TYC2seAiN2gL9niZf-_VBVUGaGbFF5gjEjcnwlfaGX01XJTyL2wgCYae72hUr20y24HV-QlC7HyRL5Gl1KYnvCkmvu8KnjQNRccOIGRMQBin6g3zo_eHM-8VGuu2coJM_wfiBJcvXAejYN&sp=0.0028366506248763638&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.03&cpa=c66e336a-9dcb-4e95-9c28-b9421480a1c0&prev_step_diff=920 | 104.21.19.82 | 302 Found | 3.5 kB |
URL GET HTTP/2p.a64x.com/in/tip_shows/?katds_ep=M0VQA02HAlHoFE4qDWkL4ZKPMqLAgI39KftFlPmxhy3Rir0XzP_svn-sqpgA6tqCAPavNvyaVKYtOcFbVHmjz4c8rxatKAG7WeaBOxZTfwrfCDQpcbRwPfGX3OAN_HsK3VimFy1mgKTz3Tc08LwLVj_3yGHbPF3TqIAbujUJnnEGVnswlvaQ8EfS3IQU2yDM6SHy6LTS8asmmYhSQ5YrfFgqTh6WQ1yi2GRWT7IuGSn1QDAABDt11oOLMM55XxlcqNAhAmbN2hL_0r3C_c3ZTzFJNQkz5GDJnHXULnR_ULOgKI2bE0y6olHZ02pK-7ZHTen1wSCwzrF0C2kXJ5r3vj17LzpHWsuo5dp0vX454mNhL9t7E1cAHly6X5JKjGIcdpgoJGW33zkvXeWIsKOQvJlbYHkodljDgNyKwhy4ex79pO3Wgod0U-trrAvFAvyLMkjpJmVstceISHJa5mow_3GrhQsuf6WePl7ux-YxMtCQpfUBfWcAZ6uG4cmUBU8hRBPny0vafQU2zNe_NMwB4nBkaUwmhqKwQwRxGFJivGiwHkYRjNCURZHIdhJm68v5eW2rXS6uOs4bLQSosaakb30OStYGRlikl11o6u_KCkFF5t2KxfekW3WI_KMomIMWOGlHGr0T6DXeGxEhi_Sk1JR3q5KiuVjLqMazsfHJ872upSxO-MzqkgZZADyMGjYXPMr_LNGgDD4STPkzcJPoOY9yUkEtLO5pJzjhS6DgosRXmcGfn4XOQOGflsAkn9RbNFloVN-n5sFAen4TopEQApWlwi_dAa9tH0dK9V0CK2mY7_TYC2seAiN2gL9niZf-_VBVUGaGbFF5gjEjcnwlfaGX01XJTyL2wgCYae72hUr20y24HV-QlC7HyRL5Gl1KYnvCkmvu8KnjQNRccOIGRMQBin6g3zo_eHM-8VGuu2coJM_wfiBJcvXAejYN&sp=0.0028366506248763638&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.03&cpa=c66e336a-9dcb-4e95-9c28-b9421480a1c0&prev_step_diff=920 IP104.21.19.82:443
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerGoogle Trust Services LLC Subjecta64x.com Fingerprint76:55:79:FC:4D:38:2F:44:C6:48:AC:9B:DF:F9:BF:0D:DD:1E:A5:82 ValidityFri, 17 May 2024 16:57:29 GMT - Thu, 15 Aug 2024 16:57:28 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/tip_shows/?katds_ep=M0VQA02HAlHoFE4qDWkL4ZKPMqLAgI39KftFlPmxhy3Rir0XzP_svn-sqpgA6tqCAPavNvyaVKYtOcFbVHmjz4c8rxatKAG7WeaBOxZTfwrfCDQpcbRwPfGX3OAN_HsK3VimFy1mgKTz3Tc08LwLVj_3yGHbPF3TqIAbujUJnnEGVnswlvaQ8EfS3IQU2yDM6SHy6LTS8asmmYhSQ5YrfFgqTh6WQ1yi2GRWT7IuGSn1QDAABDt11oOLMM55XxlcqNAhAmbN2hL_0r3C_c3ZTzFJNQkz5GDJnHXULnR_ULOgKI2bE0y6olHZ02pK-7ZHTen1wSCwzrF0C2kXJ5r3vj17LzpHWsuo5dp0vX454mNhL9t7E1cAHly6X5JKjGIcdpgoJGW33zkvXeWIsKOQvJlbYHkodljDgNyKwhy4ex79pO3Wgod0U-trrAvFAvyLMkjpJmVstceISHJa5mow_3GrhQsuf6WePl7ux-YxMtCQpfUBfWcAZ6uG4cmUBU8hRBPny0vafQU2zNe_NMwB4nBkaUwmhqKwQwRxGFJivGiwHkYRjNCURZHIdhJm68v5eW2rXS6uOs4bLQSosaakb30OStYGRlikl11o6u_KCkFF5t2KxfekW3WI_KMomIMWOGlHGr0T6DXeGxEhi_Sk1JR3q5KiuVjLqMazsfHJ872upSxO-MzqkgZZADyMGjYXPMr_LNGgDD4STPkzcJPoOY9yUkEtLO5pJzjhS6DgosRXmcGfn4XOQOGflsAkn9RbNFloVN-n5sFAen4TopEQApWlwi_dAa9tH0dK9V0CK2mY7_TYC2seAiN2gL9niZf-_VBVUGaGbFF5gjEjcnwlfaGX01XJTyL2wgCYae72hUr20y24HV-QlC7HyRL5Gl1KYnvCkmvu8KnjQNRccOIGRMQBin6g3zo_eHM-8VGuu2coJM_wfiBJcvXAejYN&sp=0.0028366506248763638&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.03&cpa=c66e336a-9dcb-4e95-9c28-b9421480a1c0&prev_step_diff=920 HTTP/1.1
Host: p.a64x.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Sat, 06 Jul 2024 15:15:12 GMT
content-type: application/json
content-length: 0
location: https://imdn.pics/m/p/0/756/756852/conversions/R2NBS1nv-minify.jpg
access-control-allow-credentials: true
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mx8RnBsHwQY2ITwwyaok8D%2BP65z0xhnSju7%2BlNq86%2BORw4JJIFDMKepFX%2F2UdzRiTmJQAsPvfxWc6PLdWjmGDB3xPA4DvwOXTQZ7%2FEMd%2F%2BJVBl4WSuzj6RQXBeai"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c82b950b518-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.tsyndicate.com/sdk/v1/p.js | 45.133.44.70 | 200 OK | 9.6 kB |
URL GET HTTP/2cdn.tsyndicate.com/sdk/v1/p.js IP45.133.44.70:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerLet's Encrypt Subjectcdn.tsyndicate.com FingerprintD1:BA:EE:F0:8D:8F:47:DF:CC:82:D6:69:8B:C5:E6:32:61:B2:10:52 ValiditySat, 08 Jun 2024 03:00:23 GMT - Fri, 06 Sep 2024 03:00:22 GMT
File typeJavaScript source, ASCII text, with very long lines (9914), with no line terminators Hash80d5994a62b95bdb71b48a8cdc49f25d 98b2696b786639404cb785f0269188ddce349e5b 2b4d201b3cf2d8472389f8035a077671117c07c2b799872f3b346b6a227d4045
GET /sdk/v1/p.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: application/javascript; charset=utf-8
server: nginx
last-modified: Fri, 15 Mar 2024 12:34:32 GMT
etag: W/"65f44058-256b"
x-robots-tag: noindex, nofollow
content-encoding: gzip
cache-control: max-age=172800
expires: Mon, 08 Jul 2024 15:15:10 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
X-Firefox-Spdy: h2
|
|
| mordoops.com/5/6651943/?oo=1&aab=1 | 139.45.197.244 | 200 OK | 3.8 kB |
URL GET HTTP/2mordoops.com/5/6651943/?oo=1&aab=1 IP139.45.197.244:443
Requested byhttps://yu2be.com/watch?V=CBx6e9cZlBQ CertificateIssuerLet's Encrypt Subjectmordoops.com Fingerprint0B:32:D8:40:AB:56:05:9B:BD:33:D8:55:19:05:B0:A5:45:79:BA:1D ValiditySun, 28 Apr 2024 05:23:29 GMT - Sat, 27 Jul 2024 05:23:28 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (3841), with no line terminators Hash7084168f949387d4db90e7f0563ad4a9 d8e02b70c309e4f226ae39e90e49b74a02f8afd8 b5def53fa305b3fdab6a3ba63aa8991a1ca13ac3cb93c1b618e7ea2c8af75e3a
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /5/6651943/?oo=1&aab=1 HTTP/1.1
Host: mordoops.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://yu2be.com
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: application/json
x-trace-id: af9233b0a7d6235af8d07e95ab6a6396
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://yu2be.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=008091aa77464558eb2b72c420460d2e; expires=Sun, 06 Jul 2025 15:15:11 GMT; path=/; secure; SameSite=None
oaidts=1720278911; expires=Sun, 06 Jul 2025 15:15:11 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| mordoops.com/?rb=KJZWhj13airgzUJJfGm7U44BHNHpb3q89qG1KCvsXseXc1PJHh1hKHdkr9Cz6WHyChsIs5Ja1EdtI-Gpznj8vibzMPOsoGjmUvNOi3HHcZ0M49qoeSXOokn4a6fOcy4b4th-LZdhAj8Tugu-eA4FfGhgZOOxAAn-WVqk2C6bsQLZXn4xJaMh5t6DGAhWpxQdAck0LrMNc72ctHPSxtf2HQp0CmtjeDdU-jgJ-vUCGTnKZAia3hsxbn5aF_JY4Q_8xRTkEg%3D%3D&request_ab2=0&zoneid=6651943&js_build=iclick-v1.834.7-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=3&pl=https%3A%2F%2Fyu2be.com%2Fwatch%3FV%3DCBx6e9cZlBQ&drf=https%3A%2F%2Fyu2be.com%2Fembud%2F3269666c57345352327550&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.834.7-auto&navlng=en-US&pnt=0&pnrc=0&bs=765a3d53-eb5d-4550-9a74-174908423e47&wasm=1&userId=008091aa77464558eb2b72c420460d2e&m=link | 139.45.197.244 | 200 OK | 2.8 kB |
URL GET HTTP/2mordoops.com/?rb=KJZWhj13airgzUJJfGm7U44BHNHpb3q89qG1KCvsXseXc1PJHh1hKHdkr9Cz6WHyChsIs5Ja1EdtI-Gpznj8vibzMPOsoGjmUvNOi3HHcZ0M49qoeSXOokn4a6fOcy4b4th-LZdhAj8Tugu-eA4FfGhgZOOxAAn-WVqk2C6bsQLZXn4xJaMh5t6DGAhWpxQdAck0LrMNc72ctHPSxtf2HQp0CmtjeDdU-jgJ-vUCGTnKZAia3hsxbn5aF_JY4Q_8xRTkEg%3D%3D&request_ab2=0&zoneid=6651943&js_build=iclick-v1.834.7-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=3&pl=https%3A%2F%2Fyu2be.com%2Fwatch%3FV%3DCBx6e9cZlBQ&drf=https%3A%2F%2Fyu2be.com%2Fembud%2F3269666c57345352327550&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.834.7-auto&navlng=en-US&pnt=0&pnrc=0&bs=765a3d53-eb5d-4550-9a74-174908423e47&wasm=1&userId=008091aa77464558eb2b72c420460d2e&m=link IP139.45.197.244:443
Requested byhttps://yu2be.com/watch?V=CBx6e9cZlBQ CertificateIssuerLet's Encrypt Subjectmordoops.com Fingerprint0B:32:D8:40:AB:56:05:9B:BD:33:D8:55:19:05:B0:A5:45:79:BA:1D ValiditySun, 28 Apr 2024 05:23:29 GMT - Sat, 27 Jul 2024 05:23:28 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (2839), with no line terminators Hashb131f6b7b7c1a499a845c284465df239 901e2c02851ed20003c7027f8e73b96ea03a212f 4fe55c33461822fabe6252c17a390fcd9af24bf0ade8393fb53d6c1654c1e0ab
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /?rb=KJZWhj13airgzUJJfGm7U44BHNHpb3q89qG1KCvsXseXc1PJHh1hKHdkr9Cz6WHyChsIs5Ja1EdtI-Gpznj8vibzMPOsoGjmUvNOi3HHcZ0M49qoeSXOokn4a6fOcy4b4th-LZdhAj8Tugu-eA4FfGhgZOOxAAn-WVqk2C6bsQLZXn4xJaMh5t6DGAhWpxQdAck0LrMNc72ctHPSxtf2HQp0CmtjeDdU-jgJ-vUCGTnKZAia3hsxbn5aF_JY4Q_8xRTkEg%3D%3D&request_ab2=0&zoneid=6651943&js_build=iclick-v1.834.7-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=3&pl=https%3A%2F%2Fyu2be.com%2Fwatch%3FV%3DCBx6e9cZlBQ&drf=https%3A%2F%2Fyu2be.com%2Fembud%2F3269666c57345352327550&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.834.7-auto&navlng=en-US&pnt=0&pnrc=0&bs=765a3d53-eb5d-4550-9a74-174908423e47&wasm=1&userId=008091aa77464558eb2b72c420460d2e&m=link HTTP/1.1
Host: mordoops.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://yu2be.com/
Origin: https://yu2be.com
DNT: 1
Connection: keep-alive
Cookie: OAID=008091aa77464558eb2b72c420460d2e; oaidts=1720278911
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: application/json
x-trace-id: f967d231edfea641b74162d71f489703
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://yu2be.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=008091aa77464558eb2b72c420460d2e; expires=Sun, 06 Jul 2025 15:15:11 GMT; path=/; secure; SameSite=None
oaidts=1720278911; expires=Sun, 06 Jul 2025 15:15:11 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 13 Jul 2024 15:15:11 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| yu2be.com/embud/3269666c57345352327550 | 188.114.97.1 | 200 OK | 241 B |
URL GET HTTP/2yu2be.com/embud/3269666c57345352327550 IP188.114.97.1:443
Requested byhttps://poophd.net/d/Pu2RS4Wlfi2 CertificateIssuerGoogle Trust Services Subjectyu2be.com Fingerprint1F:55:1D:73:E9:96:2A:88:8C:9B:ED:61:EB:4C:C5:AF:4D:F9:61:FF ValidityWed, 12 Jun 2024 04:17:16 GMT - Tue, 10 Sep 2024 04:17:15 GMT
File typeHTML document, ASCII text, with no line terminators Hashda15d0793ceed17895d656e06f3a67ce 92fcb2ca9ac68cf3f0049f090b2a033952193991 ea63723f805541cf70862c2f9165912e1b416b459cedd822a7b5fa83ad9e6534
GET /embud/3269666c57345352327550 HTTP/1.1
Host: yu2be.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nhvrp%2FWLQ8vitVYSglwmY0b5VaQttJwVgz1VUDPSovXKELjmQnqK0gE4%2BR7AvaM1DwLOW3cLODA30x7fxNMPqIWxH%2FeTgbE5VHQEg5TUvRCReltkohwJHNQlxQA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c770ed8b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|