Report - poophd.net/d/Pu2RS4Wlfi2

Report Overview

Visited public
2024-07-06 15:15:36
Tags
Submit Tags
URL
poophd.net/d/Pu2RS4Wlfi2
Finishing URL
poophd.net/d/Pu2RS4Wlfi2
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Title
Pacarku Chindo Lagi Nyp0ngin - DoodStream - PoopHD

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
yu2be.com	unknown	2023-08-23	2019-08-26 21:50:40	2024-04-14 17:38:04	1.6 kB	23 kB	188.114.97.1
fp.metricswpsh.com	unknown	2021-10-29	2022-04-22 13:20:32	2024-07-05 07:56:20	1.0 kB	705 B	157.90.84.242
video.xxxjmp.com	76113	2021-06-22	2021-07-02 12:51:52	2024-05-27 13:42:26	440 B	5.6 kB	172.64.147.206
o.pki.goog	unknown	2016-06-13	2024-04-24 13:44:57	2024-07-05 18:19:31	2.0 kB	4.2 kB	142.250.74.131
tsyndicate.com	13042	2017-03-08	2017-03-16 10:04:54	2024-07-05 23:00:46	571 B	4.8 kB	148.251.152.17
430707a567.97c5ccfba2.com	unknown	unknown	No data	No data	10 kB	9.2 kB	167.235.163.216
poophd.net	unknown	unknown	No data	No data	480 B	15 kB	172.67.209.176
js.wpushsdk.com	36947	2021-05-07	2021-05-07 14:03:12	2024-07-04 14:50:15	404 B	476 kB	45.133.44.52
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-07-05 18:24:36	479 B	18 kB	142.250.74.106
p.a64x.com	unknown	2023-07-27	2023-07-27 15:12:45	2024-07-05 19:37:09	1.5 kB	4.2 kB	104.21.19.82
assets.poopcdn.com	unknown	2024-03-14	2024-03-14 18:10:02	2024-04-13 18:33:24	4.1 kB	713 kB	188.114.96.1
cdn.tsyndicate.com	16265	2017-03-08	2017-07-04 08:00:09	2024-07-05 20:39:13	1.7 kB	137 kB	45.133.44.70
i.poopcdn.com	unknown	2024-03-14	2024-03-14 09:46:04	2024-03-18 21:40:37	857 B	12 kB	188.114.97.1
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2024-07-05 20:18:45	417 B	105 kB	142.250.74.168
metrolagu.cam	unknown	2023-03-24	2023-08-23 12:17:15	2024-04-15 11:58:10	2.0 kB	22 kB	188.114.96.1
mordoops.com	unknown	2023-01-04	2023-01-04 10:58:26	2024-05-28 14:26:57	2.0 kB	38 kB	139.45.197.244
accounts.google.com	81	1997-09-15	2016-03-20 13:44:49	2024-07-05 18:12:08	1.7 kB	6.3 kB	209.85.233.84
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2024-07-05 18:17:19	451 B	738 B	139.45.195.8
nereserv.com	40015	2020-12-21	2020-12-21 12:07:56	2024-07-05 19:42:59	585 B	320 B	157.90.84.246
kamassmyalia.com	unknown	unknown	No data	No data	407 B	1.5 kB	23.109.170.20
go.xxxjmp.com	14382	2021-06-22	2021-07-02 12:31:24	2024-06-21 17:27:54	716 B	1.8 kB	172.64.147.206
storage.multstorage.com	unknown	2023-09-22	2023-09-22 14:56:00	2024-07-05 08:01:44	520 B	1.6 kB	104.21.30.242
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2024-07-05 18:12:20	897 B	58 kB	104.17.24.14
pxl.tsyndicate.com	14763	2017-03-08	2017-07-05 15:51:06	2024-07-05 23:00:46	1.8 kB	208 B	136.243.134.97
imdn.pics	unknown	2023-09-14	2023-09-14 16:55:44	2024-07-05 19:43:00	850 B	21 kB	45.133.44.24
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-05 18:12:12	2.9 kB	8.0 kB	23.36.77.32
06603bcbf0.fed18a1e5b.com	unknown	unknown	No data	No data	821 B	320 B	45.133.44.53
static.bookmsg.com	47495	2020-09-15	2020-11-24 15:56:32	2024-07-05 19:43:00	1.1 kB	2.2 kB	45.133.44.25
4c21b1a532.5165c0c080.com	unknown	unknown	No data	No data	1.4 kB	169 kB	45.133.44.52
e6.o.lencr.org	unknown	2020-06-29	2024-06-07 08:35:09	2024-07-05 18:12:54	652 B	1.5 kB	23.36.76.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-07-06	medium	5165c0c080.com	Sinkholed
2024-07-06	medium	mordoops.com	Sinkholed
2024-07-06	medium	kamassmyalia.com	Sinkholed
2024-07-06	medium	5165c0c080.com	Sinkholed
2024-07-06	medium	5165c0c080.com	Sinkholed
2024-07-06	medium	mordoops.com	Sinkholed
2024-07-06	medium	mordoops.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (22)

	URL	From	Size	First Seen	Last Seen
	cdn.tsyndicate.com/sdk/v1/inpage.push.js	ScriptElement	14 kB	2024-04-20	2025-04-22
Pretty URL cdn.tsyndicate.com/sdk/v1/inpage.push.js IP 45.133.44.70 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-20 16:21 Last Seen2025-04-22 02:39 Times Seen426 Hash 00c3a437db0258c707944c3f8a13da32 0e1b2787c0fe785af9e2c441b52c1c627c6a21d1 d10120a1e35daa3c0265fff15739c99dc889b724614c5a7d23059597fc9eccdf Loading...

	poophd.net/d/Pu2RS4Wlfi2	ScriptElement	135 B	2024-07-06	2024-08-19
Pretty URL poophd.net/d/Pu2RS4Wlfi2 IP 172.67.209.176 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-07-06 15:07 Last Seen2024-08-19 17:51 Times Seen10 Hash 14e9a17aa1c4a3bba709684b121dab18 a094f30fdc65fb02f9f0f6c048174c3918cffd88 42623f5069e980d773c35eaadd823dbac25901e097a3c43bfad5b149fa7a36b5 Loading...

	cdn.tsyndicate.com/sdk/v1/puengine.js	ScriptElement	90 kB	2024-01-15	2024-12-12
Pretty URL cdn.tsyndicate.com/sdk/v1/puengine.js IP 45.133.44.70 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-15 15:07 Last Seen2024-12-12 22:05 Times Seen824 Hash dd5e3d608cc7831780050c847b3b249e ae5df44b84829faa0cbf2614c5b3c23d1901063b 9f8cc0fa666cd6911977e73e8ea15747da46c0e2fed880b774d974aeec94fa50 Loading...

	yu2be.com/watch?V=CBx6e9cZlBQ	ScriptElement	59 kB	2023-12-02	2025-02-26
Pretty URL yu2be.com/watch?V=CBx6e9cZlBQ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-02 18:22 Last Seen2025-02-26 06:09 Times Seen78 Hash 6807f74172c0481bce8bfc7dc9ce14a6 3c2cb42261550ae26f6052fa2ce61d39a9ef8045 e4231152a19aaa7603f83a4f48f21456838e5d7c4eba759307d6ddc726c138d9 Loading...

	yu2be.com/watch?V=CBx6e9cZlBQ	ScriptElement	444 B	2023-12-02	2025-02-26
Pretty URL yu2be.com/watch?V=CBx6e9cZlBQ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-02 18:22 Last Seen2025-02-26 06:09 Times Seen78 Hash ba979c18700f1869ae438068ae800451 7bc700eb3d82302f7da21b233e41ceae2aa7c453 c153c1e1d74d7666c7b846a802011c9faaeeff6e370a07dbefa6eddaadeaadb1 Loading...

	metrolagu.cam/watch?v=ZyY71Ps5xRk	ScriptElement	0 B	0001-01-01	2025-06-26
Pretty URL metrolagu.cam/watch?v=ZyY71Ps5xRk IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-26 06:26 Times Seen5134409 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	mordoops.com/tag.min.js	ScriptElement	79 kB	2024-07-06	2024-08-19
Pretty URL mordoops.com/tag.min.js IP 139.45.197.244 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-06 15:50 Last Seen2024-08-19 17:51 Times Seen28 Hash e6a6b147c9d9dc850cf65b3b8c6085df 31c518abb6b83413bd85c88f4138fe448e08295a a9611afef7c520ccc19ee92990dfe1ebaa3249e2ca0deacc1a71a8b96dcb55c5 Loading...

	storage.multstorage.com/log/count.html	ScriptElement	718 B	2023-09-18	2025-03-01
Pretty URL storage.multstorage.com/log/count.html IP 104.21.30.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-18 17:19 Last Seen2025-03-01 23:33 Times Seen12563 Hash 1f697a0f2411e463adbc1211493fe5a6 93c154152bda427938543b8efbd8d3b594abbac7 08a5735f5232b651af89f552e8d0fb7b21d6605fba48f335318699d80d12703e Loading...

	poophd.net/d/Pu2RS4Wlfi2	ScriptElement	891 B	2024-08-19	2024-08-19
Pretty URL poophd.net/d/Pu2RS4Wlfi2 IP 172.67.209.176 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 17:49 Last Seen2024-08-19 17:49 Times Seen1 Hash 82d60fff2bb9f01052f9a3e100c203e2 a3a2ba38e1ae823de10297520b8e52cd604c8d2b ddeca16eedd39c51ad0595b854391364f13094ed89558d66cc1b409f1e26e420 Loading...

	cdn.tsyndicate.com/sdk/v1/p.js	ScriptElement	9.6 kB	2024-03-27	2024-08-20
Pretty URL cdn.tsyndicate.com/sdk/v1/p.js IP 45.133.44.70 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-27 19:22 Last Seen2024-08-20 06:48 Times Seen437 Hash 997c0eb1531ae5f01392669639803920 61e9e5abde4564d9afaf7860dee571faff73de92 326b6f87f5b1a4f8aeaf43e7117051c958fd72dca3a9508882b7646b9ea7d577 Loading...

	4c21b1a532.5165c0c080.com/f7c98d6923c934c6c1674e526edb78d1.js	ScriptElement	116 kB	2024-06-28	2024-08-19
Pretty URL 4c21b1a532.5165c0c080.com/f7c98d6923c934c6c1674e526edb78d1.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-28 11:04 Last Seen2024-08-19 18:56 Times Seen418 Hash 2ed09fc607121f08352729cf81de2726 b214013f9a81e28c3e4dac4407311d3f1c3ed185 daa5ee8b1fb5c5efe758a7d87012be2013d0905fd0f7aca0f6b0b3624354562a Loading...

	yu2be.com/watch?V=CBx6e9cZlBQ	ScriptElement	104 B	2023-12-02	2025-04-19
Pretty URL yu2be.com/watch?V=CBx6e9cZlBQ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-02 18:22 Last Seen2025-04-19 10:09 Times Seen101 Hash 5abc9587d09477f86c9162cb5f7b392f 6c827e4c90fc5fea87b5ee5e8de6190a97825a01 8a3d9fc6c5d947a75700318b2835c16f7bc2e2f506c6b0ae42d8196a93eb0bd9 Loading...

	js.wpushsdk.com/skins/ipmain.m.js	ScriptElement	475 kB	2024-07-06	2024-08-19
Pretty URL js.wpushsdk.com/skins/ipmain.m.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-06 15:07 Last Seen2024-08-19 17:51 Times Seen30 Hash 376c7a1a69758653134765f508df2dc4 fa8b0ad4e5b928657665f6d4aaaeee7d0568c037 ffcf72c3cdfcb7e302e5dcf3e71337f9da655eb95b206ba530f46d6539b1c664 Loading...

	www.googletagmanager.com/gtag/js?id=G-RRBBHD087X	ScriptElement	314 kB	2024-08-19	2024-08-19
Pretty URL www.googletagmanager.com/gtag/js?id=G-RRBBHD087X IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 17:49 Last Seen2024-08-19 17:49 Times Seen1 Hash 9b5fc97a152ce4216ec6cf2d82dc4893 8bb40996dbabe5996952af3ec5630e345ab42f4d ca288f0bf74aa1851553ff1a843d6870e1d2a8cd26b7264e5bb02be04a58a1eb Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js	ScriptElement	88 kB	2023-03-07	2025-06-26
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-26 06:23 Times Seen71428 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	poophd.net/d/Pu2RS4Wlfi2	ScriptElement	2.2 kB	2024-08-19	2024-08-19
Pretty URL poophd.net/d/Pu2RS4Wlfi2 IP 172.67.209.176 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 17:49 Last Seen2024-08-19 17:49 Times Seen1 Hash 7fb6d8e1e2d7142fd920c64ec4cecb67 cc2732458bbcdc8e3b992bd1e80f4d31c4e27eed 50ba4549e16b22a1609f7c6952541b4ad59774ca3a442933f0f807bad2d9b570 Loading...

	poophd.net/d/Pu2RS4Wlfi2	ScriptElement	6.4 kB	2023-10-24	2025-06-25
Pretty URL poophd.net/d/Pu2RS4Wlfi2 IP 172.67.209.176 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-24 06:38 Last Seen2025-06-25 21:46 Times Seen256 Hash eeed368413469275e3ee01f81d506e3b f0b2023738dda3d9f81f01101ffddc539dd5c919 4f96b2f1bc98f9dce38413ca59d5fe7c0f994b467965421be18e634d5dfaab9e Loading...

	4c21b1a532.5165c0c080.com/89b2f6475e041baf58e3251c24271c79.js	ScriptElement	181 kB	2024-07-06	2024-08-19
Pretty URL 4c21b1a532.5165c0c080.com/89b2f6475e041baf58e3251c24271c79.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-06 15:07 Last Seen2024-08-19 17:51 Times Seen13 Hash 0084ebcfcf7340d019ba65d248683d6f 61e65b75229e7120650c6f67e46c78c634e672b2 8ca992347f8581f82e95bbd3c7d29bbbf8fb27067ae5ad4645cbe8a9fbe81773 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-06-26
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-26 06:20 Times Seen117154 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	kamassmyalia.com/rkY9qNIaf1iY/64343	ScriptElement	0 B	0001-01-01	2025-06-26
Pretty URL kamassmyalia.com/rkY9qNIaf1iY/64343 IP 23.109.170.20 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-06-26 06:26 Times Seen5134409 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	poophd.net/d/Pu2RS4Wlfi2	ScriptElement	153 B	2024-02-17	2025-03-08
Pretty URL poophd.net/d/Pu2RS4Wlfi2 IP 172.67.209.176 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-17 06:52 Last Seen2025-03-08 17:15 Times Seen192 Hash 73a6ebf3b00f83c3c9f8bc653869cfc5 924d36f61b7cb12b229ecb1b64691eb49439480c b651edc3f5e0ab0949d63f224d575452108d29873cad2dd54cb59fa15566bd9f Loading...

		Size	First Seen	Last Seen
	#1 Write - 086707e4369f60afedcafb16050a7618	39 B	2023-03-07 01:03	2025-06-26 06:26
Pretty Observations First Seen2023-03-07 01:03 Last Seen2025-06-26 06:26 Times Seen77867 Hash 086707e4369f60afedcafb16050a7618 8216b0cc6876cbd44f01c158e7dff3833ceccd41 a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e Loading...

HTTP Transactions (74)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
f63e8d9e64abf0e5b2784ca051160e84
d15d17504ed5c584ba42145060cf745fdb41c1d0
652ee033c72bc8eadcf29c25a5387bc303bf86e6c57f262c576117f659f15eab

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "652EE033C72BC8EADCF29C25A5387BC303BF86E6C57F262C576117F659F15EAB"
Last-Modified: Fri, 05 Jul 2024 13:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3982
Expires: Sat, 06 Jul 2024 16:21:31 GMT
Date: Sat, 06 Jul 2024 15:15:09 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
e9a839fbbf2a5bc4f1a01cd5fca04d5e
ff4396bb2dcc9211b70f2e3266720172ee2ce085
3bb2a3698d452f1de2ff4f283a89fc427d9fe01c02ad968f215bee1834b1c1e3

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3BB2A3698D452F1DE2FF4F283A89FC427D9FE01C02AD968F215BEE1834B1C1E3"
Last-Modified: Thu, 04 Jul 2024 15:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5029
Expires: Sat, 06 Jul 2024 16:38:58 GMT
Date: Sat, 06 Jul 2024 15:15:09 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
508d0867e7982df7cfa6ad58e05ce470
6f4e15b94e527d02e8dd38f8b69b493cfae84c56
376a5286b71a4a7e90b3eece9b39480f50435d5ef3c7793828481f590d04bc77

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "376A5286B71A4A7E90B3EECE9B39480F50435D5EF3C7793828481F590D04BC77"
Last-Modified: Thu, 04 Jul 2024 23:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16104
Expires: Sat, 06 Jul 2024 19:43:33 GMT
Date: Sat, 06 Jul 2024 15:15:09 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
223ffc40cc96a2aa59687065c089ccfc
6bc7fa694691bdca752335ecf0f7268bf2c908d5
1a1d7236b0738f65d98e772f67be883f477ac175767f971800a6bb3997399811

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1A1D7236B0738F65D98E772F67BE883F477AC175767F971800A6BB3997399811"
Last-Modified: Thu, 04 Jul 2024 16:18:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4065
Expires: Sat, 06 Jul 2024 16:22:54 GMT
Date: Sat, 06 Jul 2024 15:15:09 GMT
Connection: keep-alive

GET cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

104.17.24.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjectcdnjs.cloudflare.com
Fingerprint3B:5B:7C:DD:19:E8:16:5A:09:22:D6:1E:03:84:8D:B9:A1:32:BF:8E
ValiditySun, 02 Jun 2024 00:47:32 GMT - Sat, 31 Aug 2024 00:47:31 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
28 kB (27748 bytes)
Hash
220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

HTTP Headers

GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 53736
expires: Thu, 26 Jun 2025 15:15:10 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CS2mi5rnTbN9Dl4lZfhYVahAOpjnedR%2B3UuWT6bguJ%2B8LYNSQSR8mVF6VDJacaJg3VWez50ifFN8xq0kN4sttP0%2FBKDbrRuCX6SauqZ%2B6xx3SniOq25Po5kdOI44BXJ39i1r%2F2Pu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 89f08c745eaf1bfe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
051481ed562762e4f42190fd78e04eed
e4694d7aac4a044522f20614dfb63347244438b5
be10a0f4e046a82d931b82e23a2d9225bb2599e20f0109c4c549682621040a2e

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BE10A0F4E046A82D931B82E23A2D9225BB2599E20F0109C4C549682621040A2E"
Last-Modified: Fri, 05 Jul 2024 16:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3043
Expires: Sat, 06 Jul 2024 16:05:53 GMT
Date: Sat, 06 Jul 2024 15:15:10 GMT
Connection: keep-alive

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bf083de5c459c59301c482d371a48635
69a8b5a229e4e1049ddfae5c3ed1519eef56afab
b390c0608e6b6892ce30f7037c5fffe34d6afbda78b97eeb2d18cee754f8953a

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 06 Jul 2024 15:15:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f5107db6896e2b3bea184b658d9b6de0
75cbc65f1ab4e587155fe4e6db04bdcecab6b81d
fb0891afa24117129cd317c3a6085d80642d8f019e77e52ae7f0f9ccc6b7430a

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 06 Jul 2024 15:15:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
051481ed562762e4f42190fd78e04eed
e4694d7aac4a044522f20614dfb63347244438b5
be10a0f4e046a82d931b82e23a2d9225bb2599e20f0109c4c549682621040a2e

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BE10A0F4E046A82D931B82E23A2D9225BB2599E20F0109C4C549682621040A2E"
Last-Modified: Fri, 05 Jul 2024 16:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3043
Expires: Sat, 06 Jul 2024 16:05:53 GMT
Date: Sat, 06 Jul 2024 15:15:10 GMT
Connection: keep-alive

GET www.googletagmanager.com/gtag/js?id=G-RRBBHD087X

142.250.74.168

200 OK

104 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-RRBBHD087X
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintBA:5D:A9:7F:41:46:B0:37:01:9E:05:B0:92:BA:41:C9:31:5B:4B:4A
ValidityThu, 13 Jun 2024 15:27:14 GMT - Thu, 05 Sep 2024 15:27:13 GMT

File type
JavaScript source, ASCII text, with very long lines (5945)
Size
104 kB (104267 bytes)
Hash
9b5fc97a152ce4216ec6cf2d82dc4893
8bb40996dbabe5996952af3ec5630e345ab42f4d
ca288f0bf74aa1851553ff1a843d6870e1d2a8cd26b7264e5bb02be04a58a1eb

HTTP Headers

GET /gtag/js?id=G-RRBBHD087X HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 06 Jul 2024 15:15:10 GMT
expires: Sat, 06 Jul 2024 15:15:10 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 104267
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f5107db6896e2b3bea184b658d9b6de0
75cbc65f1ab4e587155fe4e6db04bdcecab6b81d
fb0891afa24117129cd317c3a6085d80642d8f019e77e52ae7f0f9ccc6b7430a

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 06 Jul 2024 15:15:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bf083de5c459c59301c482d371a48635
69a8b5a229e4e1049ddfae5c3ed1519eef56afab
b390c0608e6b6892ce30f7037c5fffe34d6afbda78b97eeb2d18cee754f8953a

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 06 Jul 2024 15:15:10 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET assets.poopcdn.com/fonts/avertastd-regular-webfont.woff2

188.114.96.1

200 OK

24 kB

URL GET HTTP/2
assets.poopcdn.com/fonts/avertastd-regular-webfont.woff2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5
ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23812, version 1.524
Size
24 kB (23812 bytes)
Hash
eb586e5a1b86dbf1c866e3ed80f9d18e
280ee78d19c017ab9335f769595e5157d3c4a343
714e70103deac0d67f52a6285c5fabee6088ce4d710ce7e74353503837038baf

HTTP Headers

GET /fonts/avertastd-regular-webfont.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: font/woff2
content-length: 23812
access-control-allow-origin: https://poophd.net
etag: "eb586e5a1b86dbf1c866e3ed80f9d18e"
last-modified: Thu, 14 Mar 2024 17:32:25 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2480
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ww8ySiJGqM%2BuDtfGxMHGAk187C9E6GhLIfwMRDczi2TfnO6NCvidTcf1wggMKNRV34zguUhzO060%2B91pE6T%2FSvPLHXwij46Pmhij7khSwAMreLjyH0SQvPTwTAruIbJcv1zfBMg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c765fdf568a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET assets.poopcdn.com/fontawesome/webfonts/fa-duotone-900.woff2

188.114.96.1

200 OK

184 kB

URL GET HTTP/2
assets.poopcdn.com/fontawesome/webfonts/fa-duotone-900.woff2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5
ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 184476, version 330.-16253
Size
184 kB (184476 bytes)
Hash
2a6dec1227f9970376f578270a642d06
150a6a7ffdec6e2e2ff4c712d7cee8bd9b930284
e228b909313044a18dec1a674cfd4935071c36eb3eb6a0cd38a45afac6ae3996

HTTP Headers

GET /fontawesome/webfonts/fa-duotone-900.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: font/woff2
content-length: 184476
access-control-allow-origin: https://poophd.net
etag: "2a6dec1227f9970376f578270a642d06"
last-modified: Thu, 14 Mar 2024 17:23:02 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2471
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JKCcsrLpiM0GmAAG2LF75O86h3s9RS8%2FJsEtrboYJU7IUR00Jdq5VbufkBhU9XuuwahMfif03%2FY8ERucfhE%2FP35ebblnfjQ4LS2PzH8VwFBuaf2m%2FyrnBaWheidxXm18yWoUBrY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c76580b568a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET assets.poopcdn.com/fonts/avertastd-bold-webfont.woff2

188.114.96.1

200 OK

24 kB

URL GET HTTP/2
assets.poopcdn.com/fonts/avertastd-bold-webfont.woff2
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5
ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23604, version 1.0
Size
24 kB (23604 bytes)
Hash
e9133fd11f14c09a2e4556c395a0ef7d
00fad09605f3342df5c9aeba130156fe19ade8b0
06244cc9cd0c998581b1bf93f5222deee7d2d0b09299190e163961afa973ba91

HTTP Headers

GET /fonts/avertastd-bold-webfont.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: font/woff2
content-length: 23604
access-control-allow-origin: https://poophd.net
etag: "e9133fd11f14c09a2e4556c395a0ef7d"
last-modified: Thu, 14 Mar 2024 17:32:22 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 5448
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZWR92c39ZQP1i6IIFcslYeDOjdasi%2BJNzRsScmuXgmUhdSBhedeRwmfbMnq29WZWo06gEYcKYAeVGotqMpI3Pj0meNiYecdAsxaSkT%2F51Or4Okqrs2frxCyBH%2BtxbRNdlyvqR9E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c76683e568a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6588e879411ba720f23dd73925aa4d18
a9ba4e9053e6a8b708a334bd7c1c4bb1e041944f
bb7edddd9e3dd294a484cb3238bc0f491419c3027f0811c331beecce97d5334f

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BB7EDDDD9E3DD294A484CB3238BC0F491419C3027F0811C331BEECCE97D5334F"
Last-Modified: Fri, 05 Jul 2024 15:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14406
Expires: Sat, 06 Jul 2024 19:15:16 GMT
Date: Sat, 06 Jul 2024 15:15:10 GMT
Connection: keep-alive

GET cdn.tsyndicate.com/sdk/v1/puengine.js

45.133.44.70

200 OK

90 kB

URL GET HTTP/2
cdn.tsyndicate.com/sdk/v1/puengine.js
IP
45.133.44.70:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjectcdn.tsyndicate.com
FingerprintD1:BA:EE:F0:8D:8F:47:DF:CC:82:D6:69:8B:C5:E6:32:61:B2:10:52
ValiditySat, 08 Jun 2024 03:00:23 GMT - Fri, 06 Sep 2024 03:00:22 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Size
90 kB (89731 bytes)
Hash
dd5e3d608cc7831780050c847b3b249e
ae5df44b84829faa0cbf2614c5b3c23d1901063b
9f8cc0fa666cd6911977e73e8ea15747da46c0e2fed880b774d974aeec94fa50

HTTP Headers

GET /sdk/v1/puengine.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: application/javascript; charset=utf-8
content-length: 89731
server: nginx
last-modified: Mon, 15 Jan 2024 13:51:12 GMT
etag: "65a53850-15e83"
x-robots-tag: noindex, nofollow
cache-control: max-age=172800
expires: Mon, 08 Jul 2024 15:15:10 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET tsyndicate.com/do2/215ed1a961e343b6862df3a11e2479f2/push?w=1280&h=1024&keywords=Pacarku%20Chindo%20Lagi%20Nyp0ngin%20-%20DoodStream%20-%20PoopHD%2CPu2RS4Wlfi2&tz=0&t=in_page_push

148.251.152.17

200 OK

3.8 kB

URL GET HTTP/2
tsyndicate.com/do2/215ed1a961e343b6862df3a11e2479f2/push?w=1280&h=1024&keywords=Pacarku%20Chindo%20Lagi%20Nyp0ngin%20-%20DoodStream%20-%20PoopHD%2CPu2RS4Wlfi2&tz=0&t=in_page_push
IP
148.251.152.17:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjecttsyndicate.com
Fingerprint21:44:73:D5:80:22:FF:67:C5:62:ED:C0:AA:50:45:16:EB:B3:BC:00
ValidityWed, 12 Jun 2024 09:06:28 GMT - Tue, 10 Sep 2024 09:06:27 GMT

File type
gzip compressed data, from Unix
Size
3.8 kB (3845 bytes)
Hash
d1c36c22501791477837dc77bbe373fc
41144812bafa1b71b1c4695ac65958b89962526e
1aecb517e9657f08418a3f557f4a4aeee1041a0ee34430bbe56052ec087a76ce

HTTP Headers

GET /do2/215ed1a961e343b6862df3a11e2479f2/push?w=1280&h=1024&keywords=Pacarku%20Chindo%20Lagi%20Nyp0ngin%20-%20DoodStream%20-%20PoopHD%2CPu2RS4Wlfi2&tz=0&t=in_page_push HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://poophd.net
access-control-allow-methods: POST, GET, HEAD
access-control-allow-headers: Accept, X-Requested-With, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Legacy
access-control-allow-credentials: true
pragma: no-cache
expires: 0
vary: Accept-Encoding, *
x-api-version: 2
x-request-id: e9971b31fbd093d2
set-cookie: ts_uid=2501deae-f5df-45e5-ae3c-913f185b7ed0; expires=Mon, 06 Jan 2025 15:15:10 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
content-encoding: gzip
X-Firefox-Spdy: h2

GET assets.poopcdn.com/apple-touch-icon.png

188.114.96.1

200 OK

2.8 kB

URL GET HTTP/2
assets.poopcdn.com/apple-touch-icon.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5
ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT

File type
PNG image data, 180 x 180, 8-bit colormap, non-interlaced
Size
2.8 kB (2766 bytes)
Hash
e4acc3f05da8195dfa02a437c8b2dba2
f23df2ed14e5d52417b155ccd11187f3250861dc
8b520e4032a17a3fb0410c6e4c7da29f182ca06861aa2d64db1969927e2db0d4

HTTP Headers

GET /apple-touch-icon.png HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: image/png
content-length: 2766
etag: "e4acc3f05da8195dfa02a437c8b2dba2"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3290
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a%2F2tmPcSWSP3tUUfTZ00IZ7joHF0brekQZSf4JxKrpr4zZqRBSPWf6n6jSpkMN9msqmiN4zN1Do9Zo8iLe0Nfj3Ais2YhelRt%2F6g8MKpbPLmqRYFzJRLWXeh438XGh5wLr%2BWm4c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c791d9c568a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET assets.poopcdn.com/favicon-16x16.png

188.114.96.1

200 OK

612 B

URL GET HTTP/2
assets.poopcdn.com/favicon-16x16.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5
ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
612 B (612 bytes)
Hash
ac008ea155d4beee1e93247d7434c77d
f8ea94e94e0cc310202a517a9c445c3d70af564e
283e092dad794fdd9212249389fb2acb6d6846f332413ab2af7bbcced9a4957e

HTTP Headers

GET /favicon-16x16.png HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: image/png
content-length: 612
etag: "ac008ea155d4beee1e93247d7434c77d"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1895
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YAyCwGWDtFbukcZ%2B5lGPzs8NFIAAQ6Umu6Ypx4nvf6h%2FQLnOyQoALXe2vxCQrl202IuGmVpSG%2B34%2FULAMCiw0q17Yuj1XG8LaBf3V0DcF7qtgvI4PDCgqbicAcAPd1iNTIWupRg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c791da0568a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET 4c21b1a532.5165c0c080.com/89b2f6475e041baf58e3251c24271c79.js

45.133.44.52

200 OK

50 kB

URL GET HTTP/2
4c21b1a532.5165c0c080.com/89b2f6475e041baf58e3251c24271c79.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subject4c21b1a532.5165c0c080.com
Fingerprint3A:0C:73:71:75:8E:44:D7:0B:07:A3:B5:42:A7:AD:2A:6B:78:11:41
ValidityWed, 03 Jul 2024 02:20:38 GMT - Tue, 01 Oct 2024 02:20:37 GMT

File type
gzip compressed data, from Unix
Size
50 kB (49890 bytes)
Hash
4d0930908f31311b1f326c3d515bf878
aec3f0c04adab18b04b981b7e26c62441aa9d0d2
666327ec279d56f8a667f995d5247c06ac8325af75224911c228d41600769cde

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /89b2f6475e041baf58e3251c24271c79.js HTTP/1.1
Host: 4c21b1a532.5165c0c080.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 05 Jul 2024 10:17:42 GMT
etag: W/"6687c846-2c1eb"
content-encoding: gzip
expires: Sat, 06 Jul 2024 15:20:11 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

POST yu2be.com/watch?V=CBx6e9cZlBQ

188.114.97.1

200 OK

20 kB

URL POST HTTP/3
yu2be.com/watch?V=CBx6e9cZlBQ
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerGoogle Trust Services
Subjectyu2be.com
Fingerprint1F:55:1D:73:E9:96:2A:88:8C:9B:ED:61:EB:4C:C5:AF:4D:F9:61:FF
ValidityWed, 12 Jun 2024 04:17:16 GMT - Tue, 10 Sep 2024 04:17:15 GMT

File type
JavaScript source, ASCII text, with very long lines (59459)
Size
20 kB (19513 bytes)
Hash
41f063b431cb3942a2ca3cced1989fb8
0ab688f92da0478c28a1f905fe6530712c61dce9
723b08672a5f8db3bdf693b954337f658a4685325dd48698f6afc2a6dfa7b7b2

HTTP Headers

POST /watch?V=CBx6e9cZlBQ HTTP/1.1
Host: yu2be.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
Origin: https://yu2be.com
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/embud/3269666c57345352327550
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qgdcsNo4nE89GOHbeytXtWzeQt%2FfRMZl2eC88mei1nlHBIH8swuL3WKKlaE2amTUYw8m0zwDFXIGKek017MCsNiA5VR40fLbKa3psjTVVXv5KM%2BsztRzxfOlVWA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c78cd650b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 06603bcbf0.fed18a1e5b.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTUxMTAyOTM3NTU4OTY3NTAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyNy4xIiwidGFnX2lkIjoxMTQwMzksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4zNCwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ==

45.133.44.53

200 OK

0 B

URL GET HTTP/2
06603bcbf0.fed18a1e5b.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTUxMTAyOTM3NTU4OTY3NTAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyNy4xIiwidGFnX2lkIjoxMTQwMzksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4zNCwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ==
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subject06603bcbf0.fed18a1e5b.com
Fingerprint97:0C:CA:10:50:CE:C7:FF:A7:93:69:AA:B7:D8:B2:6D:64:12:E0:1C
ValidityWed, 03 Jul 2024 02:50:29 GMT - Tue, 01 Oct 2024 02:50:28 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTUxMTAyOTM3NTU4OTY3NTAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyNy4xIiwidGFnX2lkIjoxMTQwMzksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4zNCwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== HTTP/1.1
Host: 06603bcbf0.fed18a1e5b.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

POST fp.metricswpsh.com/fp?tag_id=114039

157.90.84.242

500 Internal Server Error

0 B

URL POST HTTP/1.1
fp.metricswpsh.com/fp?tag_id=114039
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintB0:2E:67:C5:B5:DD:86:7B:38:1A:E1:A0:11:14:2B:5E:2C:89:0E:89
ValidityWed, 19 Jun 2024 08:25:31 GMT - Tue, 17 Sep 2024 08:25:30 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poophd.net/
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sat, 06 Jul 2024 15:15:11 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://poophd.net
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

GET mordoops.com/tag.min.js

139.45.197.244

200 OK

28 kB

URL GET HTTP/2
mordoops.com/tag.min.js
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://yu2be.com/watch?V=CBx6e9cZlBQ
Certificate
IssuerLet's Encrypt
Subjectmordoops.com
Fingerprint0B:32:D8:40:AB:56:05:9B:BD:33:D8:55:19:05:B0:A5:45:79:BA:1D
ValiditySun, 28 Apr 2024 05:23:29 GMT - Sat, 27 Jul 2024 05:23:28 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
28 kB (27926 bytes)
Hash
e6a6b147c9d9dc850cf65b3b8c6085df
31c518abb6b83413bd85c88f4138fe448e08295a
a9611afef7c520ccc19ee92990dfe1ebaa3249e2ca0deacc1a71a8b96dcb55c5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: mordoops.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: text/javascript; charset=utf-8
content-length: 27926
content-encoding: br
x-trace-id: 6365f3d8d4a103738fd43925afe3dd95
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Sat, 06 Jul 2024 13:33:33 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET i.poopcdn.com/SdTaY.jpg

188.114.97.1

200 OK

5.5 kB

URL GET HTTP/2
i.poopcdn.com/SdTaY.jpg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/watch?v=ZyY71Ps5xRk
Certificate
IssuerLet's Encrypt
Subjecti.poopcdn.com
Fingerprint4E:E5:75:0D:39:B6:10:44:17:69:08:58:A5:08:63:8C:0D:31:AD:BF
ValiditySun, 12 May 2024 07:44:33 GMT - Sat, 10 Aug 2024 07:44:32 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 2925x2921, segment length 16, comment: "Lavc58.134.100", baseline, precision 8, 184x312, components 3
Size
5.5 kB (5458 bytes)
Hash
d8588319e132a403023563f57dbb259e
63738e5866285585f5743cdbc5f00aef6b877d67
29287457e518ebdb71ae1f804e5c3da017799b7ab28163b36cc3b28ad7fa1987

HTTP Headers

GET /SdTaY.jpg HTTP/1.1
Host: i.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: image/jpeg
content-length: 5458
etag: "d8588319e132a403023563f57dbb259e"
last-modified: Sun, 03 Mar 2024 05:23:48 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yc0xZgjZ6TwfyNRRxD5lfRqjE3d%2BcJ9msnwjLp4ShlyKoj8fxPJlqbNIbbS%2BkYFC3MrZ0Sp2RS1elef58BqrYc7bZDCvxV4qXjfwU%2FEf%2BGpQ0TZK3XakRtjICOwbPeO1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c74ac545699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

POST fp.metricswpsh.com/fp?tag_id=114039

157.90.84.242

500 Internal Server Error

36 B

URL POST HTTP/1.1
fp.metricswpsh.com/fp?tag_id=114039
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintB0:2E:67:C5:B5:DD:86:7B:38:1A:E1:A0:11:14:2B:5E:2C:89:0E:89
ValidityWed, 19 Jun 2024 08:25:31 GMT - Tue, 17 Sep 2024 08:25:30 GMT

File type
JSON text data
Size
36 B (36 bytes)
Hash
0849660b654e3a313882a44c0e7dc08a
b1493d6ce204eb99837d9b33849d1458093a6e6d
6e73b83ae8fcdaf81421a4236c9f817a9e4ea0fa931bf696f72872b266bd83e6

HTTP Headers

POST /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1881
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 500 Internal Server Error
Server: nginx/1.20.1
Date: Sat, 06 Jul 2024 15:15:11 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 36
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://poophd.net
Vary: Origin

GET storage.multstorage.com/log/count.html

104.21.30.242

200 OK

893 B

URL GET HTTP/2
storage.multstorage.com/log/count.html
IP
104.21.30.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerGoogle Trust Services LLC
Subjectmultstorage.com
FingerprintB6:E2:20:C2:EC:58:8E:87:AA:F8:DF:48:A2:13:9F:8C:F3:D2:5F:1A
ValidityWed, 15 May 2024 07:55:37 GMT - Tue, 13 Aug 2024 07:55:36 GMT

File type
HTML document, ASCII text, with very long lines (700)
Size
893 B (893 bytes)
Hash
b728ca9cd183d1b7c3f72116b19b22a3
c1fd73f6b02cf00b8bc60b09cc99495e8494b739
8a7b1ca4bbf273b32ea865d4785a1944d1b2b133678d9b5fe7ee0406f6fd64b2

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: 3cd52a651f2de4cecf66885389e10dd0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VD3r5qB%2F7z6euTqk5aFwsLkmaZY7P%2BhcnXVe5BCkqctqqxYdBw8qoI1g62vi7c2uq6QZoJvRxDITwtjKaYe%2FrzSciprLwedx95S%2BB7pgYVSiGK4rxHcBxftP5n1lu2vvv%2F%2FytwNv%2FfmEsg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c7a9d6db50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d163da1bd9688b175d0aee240f77f102
e5b7180344015a86ba3cba2aa6496ca1d2d1af93
88402a0c7782abb9f0e010f5b32529b021edcbd1c80ed786ea660051bb2e39ff

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 06 Jul 2024 15:15:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

209.85.233.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
209.85.233.84:443
ASN
#15169 GOOGLE

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerGoogle Trust Services
Subjectaccounts.google.com
FingerprintC0:DC:0B:E4:CE:F0:67:45:F7:48:92:E3:BB:9E:40:3F:C1:59:FB:9B
ValidityThu, 13 Jun 2024 16:36:13 GMT - Thu, 05 Sep 2024 16:36:12 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:SZemolyf3btQ1tokePhbqDNgy5JACw:iHmeeMuyO4vgNGa7; Expires=Mon, 06-Jul-2026 15:15:11 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 06 Jul 2024 15:15:11 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdF4I74lGcmhTNFNLx5mgqLfGCyplDGJj1pn3SDHeT9lLTY6VjzyFBkeEgo0bKHD91X2lI6PtLRH2A
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-_P9JDPITC1AwO5VHzzzBrg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET video.xxxjmp.com/push/eu4/1720278900/93397001.jpeg

172.64.147.206

200 OK

5.1 kB

URL GET HTTP/2
video.xxxjmp.com/push/eu4/1720278900/93397001.jpeg
IP
172.64.147.206:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjectvideo.xxxjmp.com
FingerprintDA:15:7D:E3:CE:93:A1:7A:45:D7:68:C9:9E:FE:83:95:19:D3:D3:AA
ValidityThu, 30 May 2024 05:31:32 GMT - Wed, 28 Aug 2024 05:31:31 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 192x192, Scaling: [none]x[none], YUV color, decoders should clamp
Size
5.1 kB (5102 bytes)
Hash
b8ab7604712171607c9f3ba9f39762f3
0e57bba3ceff6e224c10985ee4ff01d48bd31912
2532a68f6ce05e8892b526cb821140d36aa756fcb91633217aee60dca2f9832b

HTTP Headers

GET /push/eu4/1720278900/93397001.jpeg HTTP/1.1
Host: video.xxxjmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: image/webp
content-length: 5102
etag: W/"b06e75bd09bd69dda73b7b19762e585f"
last-modified: Sat, 06 Jul 2024 15:14:07 GMT
cache-control: public, max-age=14400
access-control-allow-origin: *
access-control-allow-methods: GET
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 2
expires: Sat, 06 Jul 2024 19:15:11 GMT
accept-ranges: bytes
server: cloudflare
cf-ray: 89f08c7d9befb518-OSL
X-Firefox-Spdy: h2

e6.o.lencr.org/

23.36.76.226

346 B

URL
e6.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
4a04f0a9a790e70565ef48133b9c6fbb
df13004b398464d58c02edf9462f327e2f5be672
c56169fa0628ee9af8cbc8bd10411cd4f20ed6423662a50ca5c5b3b7216769a6

HTTP Headers

POST / HTTP/1.1
Host: e6.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "C56169FA0628EE9AF8CBC8BD10411CD4F20ED6423662A50CA5C5B3B7216769A6"
Last-Modified: Fri, 05 Jul 2024 03:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18058
Expires: Sat, 06 Jul 2024 20:16:09 GMT
Date: Sat, 06 Jul 2024 15:15:11 GMT
Connection: keep-alive

e6.o.lencr.org/

23.36.76.226

346 B

URL
e6.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
4a04f0a9a790e70565ef48133b9c6fbb
df13004b398464d58c02edf9462f327e2f5be672
c56169fa0628ee9af8cbc8bd10411cd4f20ed6423662a50ca5c5b3b7216769a6

HTTP Headers

POST / HTTP/1.1
Host: e6.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "C56169FA0628EE9AF8CBC8BD10411CD4F20ED6423662A50CA5C5B3B7216769A6"
Last-Modified: Fri, 05 Jul 2024 03:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18058
Expires: Sat, 06 Jul 2024 20:16:09 GMT
Date: Sat, 06 Jul 2024 15:15:11 GMT
Connection: keep-alive

GET my.rtmark.net/gid.js?userId=008091aa77464558eb2b72c420460d2e

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=008091aa77464558eb2b72c420460d2e
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://yu2be.com/watch?V=CBx6e9cZlBQ
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint90:47:5A:A5:5F:5F:FA:E6:7C:6F:AB:D2:06:D1:D9:BD:F3:54:9E:6E
ValiditySat, 11 May 2024 20:51:41 GMT - Fri, 09 Aug 2024 20:51:40 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
ae3ceb0d218e269405631cd2c7a03dc6
c416bd2484195a0da80af7d5a5c45645898755c9
c4ccc03e48a3600b8a2b376620dd21ae0474d61a9fd537ae7db4288c5abb26bf

HTTP Headers

GET /gid.js?userId=008091aa77464558eb2b72c420460d2e HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://yu2be.com
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://yu2be.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008091aa77464558eb2b72c420460d2e; expires=Sun, 06 Jul 2025 15:15:11 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
cbd1b1ea41e6410bf07b2407b214a38c
e314b8adfd9a18521b0aa3972e55c46036fcacd7
38093f674dab11928a1409ed6811480a498be0a9b07c4b7fb182ed1b8d381370

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 06 Jul 2024 15:15:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET nereserv.com/in/dip?site=native-push&wl=1&event_id=bb7ae581-d7b4-497b-8421-6b1464711d6d&subid=357529620&sid=3339740602&spot_id=418774&created_at=2024-07-06&timezone=0&ver=7.308.0-b&is_native=1

157.90.84.246

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?site=native-push&wl=1&event_id=bb7ae581-d7b4-497b-8421-6b1464711d6d&subid=357529620&sid=3339740602&spot_id=418774&created_at=2024-07-06&timezone=0&ver=7.308.0-b&is_native=1
IP
157.90.84.246:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintB0:2E:67:C5:B5:DD:86:7B:38:1A:E1:A0:11:14:2B:5E:2C:89:0E:89
ValidityWed, 19 Jun 2024 08:25:31 GMT - Tue, 17 Sep 2024 08:25:30 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?site=native-push&wl=1&event_id=bb7ae581-d7b4-497b-8421-6b1464711d6d&subid=357529620&sid=3339740602&spot_id=418774&created_at=2024-07-06&timezone=0&ver=7.308.0-b&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 06 Jul 2024 15:15:11 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

GET i.poopcdn.com/SdTaY.jpg

188.114.97.1

200 OK

5.5 kB

URL GET HTTP/2
i.poopcdn.com/SdTaY.jpg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/watch?v=ZyY71Ps5xRk
Certificate
IssuerLet's Encrypt
Subjecti.poopcdn.com
Fingerprint4E:E5:75:0D:39:B6:10:44:17:69:08:58:A5:08:63:8C:0D:31:AD:BF
ValiditySun, 12 May 2024 07:44:33 GMT - Sat, 10 Aug 2024 07:44:32 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 2925x2921, segment length 16, comment: "Lavc58.134.100", baseline, precision 8, 184x312, components 3
Size
5.5 kB (5458 bytes)
Hash
d8588319e132a403023563f57dbb259e
63738e5866285585f5743cdbc5f00aef6b877d67
29287457e518ebdb71ae1f804e5c3da017799b7ab28163b36cc3b28ad7fa1987

HTTP Headers

GET /SdTaY.jpg HTTP/1.1
Host: i.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: image/jpeg
content-length: 5458
etag: "d8588319e132a403023563f57dbb259e"
last-modified: Sun, 03 Mar 2024 05:23:48 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9eoodM6hLYX6UClASrTKMS0Fz5mt6Kkc5bi3xZhJRstLJMTb%2Fjhn5dqyjV2IdiBCnDKPM8N1Rq3KmuDDiNnbcDGvD6Wrln4wKLRRuTouXuyv3UikC5lu51H5%2BE4edWOn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c7e293d5699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

POST 430707a567.97c5ccfba2.com/in/multy

167.235.163.216

200 OK

0 B

URL POST HTTP/2
430707a567.97c5ccfba2.com/in/multy
IP
167.235.163.216:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subject97c5ccfba2.com
Fingerprint3E:23:77:ED:85:2C:E5:00:E1:25:8E:81:A3:9D:E5:79:DD:D1:AA:B2
ValidityTue, 02 Jul 2024 14:03:36 GMT - Mon, 30 Sep 2024 14:03:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /in/multy HTTP/1.1
Host: 430707a567.97c5ccfba2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poophd.net/
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.20.1
date: Sat, 06 Jul 2024 15:15:11 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
303da1c70c0cb3928155e377f7000bce
1c01f256a9f3d4afe581583c67ec0f44b420026d
475e9266a8cb508cba8b6cd601c2af316fa90c028333c4660f68498fc6e18078

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "475E9266A8CB508CBA8B6CD601C2AF316FA90C028333C4660F68498FC6E18078"
Last-Modified: Sat, 06 Jul 2024 05:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11946
Expires: Sat, 06 Jul 2024 18:34:17 GMT
Date: Sat, 06 Jul 2024 15:15:11 GMT
Connection: keep-alive

GET cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

104.17.24.14

200 OK

28 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/watch?v=ZyY71Ps5xRk
Certificate
IssuerLet's Encrypt
Subjectcdnjs.cloudflare.com
Fingerprint3B:5B:7C:DD:19:E8:16:5A:09:22:D6:1E:03:84:8D:B9:A1:32:BF:8E
ValiditySun, 02 Jun 2024 00:47:32 GMT - Sat, 31 Aug 2024 00:47:31 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
28 kB (27958 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 47969
expires: Thu, 26 Jun 2025 15:15:11 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L0U11ni2szmKVqpI4Jp0cPf7wATCSMtXfNCpCF88Oj3CyNrO5SgZdUmscRTS0ljNF%2FEpVaOErZNt3ot3Om7bfZh1iPAu5H8cNezfEMMbsIJSNHUoVj4CVoFw%2Fq4o%2BLybqmNnHRtu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 89f08c7e6fe2569c-OSL
alt-svc: h3=":443"; ma=86400

GET kamassmyalia.com/rkY9qNIaf1iY/64343

23.109.170.20

200 OK

20 B

URL GET HTTP/1.1
kamassmyalia.com/rkY9qNIaf1iY/64343
IP
23.109.170.20:443
ASN
#7979 SERVERS-COM

Requested by
https://metrolagu.cam/watch?v=ZyY71Ps5xRk
Certificate
IssuerLet's Encrypt
Subjectkamassmyalia.com
Fingerprint81:90:90:7B:5A:2D:2C:4A:E1:55:D1:91:82:05:5D:61:2B:7E:A2:13
ValidityThu, 13 Jun 2024 16:03:49 GMT - Wed, 11 Sep 2024 16:03:48 GMT

File type
gzip compressed data, from Unix
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rkY9qNIaf1iY/64343 HTTP/1.1
Host: kamassmyalia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 06 Jul 2024 15:15:11 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://metrolagu.cam
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sun, 07-Jul-2024 15:15:11 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sun, 07-Jul-2024 15:15:11 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
861cce1bf441610f1dfbb14264d55122
1596b2c44fcdb5f7a49c73da766e4ab48b6bd064
f67d59f3fddbcaf61f9f1aa87eca02a320f59402bb412687a4db4d8aa81867d2

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F67D59F3FDDBCAF61F9F1AA87ECA02A320F59402BB412687A4DB4D8AA81867D2"
Last-Modified: Fri, 05 Jul 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11777
Expires: Sat, 06 Jul 2024 18:31:28 GMT
Date: Sat, 06 Jul 2024 15:15:11 GMT
Connection: keep-alive

GET pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XUwGEjx8YZY1qQiWFjRgsaNmDkaBHGBg0aJ3GEEWNGTBgZHseMEfEwTJ2dOkTcsDHmBg4cNWDSyDHjxkkZMWC0wFGm6cmSRWOMEYNjjAwaPCGSsUMRx1IcD-HUEbMwRw4YN3L0hANn4UcYFUXMgTNRB42kZnPQeDimTV0dSePeGCzWDEUYjMW4cbNwBg28JNGKaOMGI8MZMmTASMvZc4y3M2w8rBMjIxo6dODM0fHixZk3LvDoVmPYxZg3bV6EgZPmRZs3B9nMeUFnzg86YeScKUOHCPAwadz0mENHTho4Y9CEoeMbOJc6MGDIsFFnDsIkZHqUIUOj6sscomWEeRnGTBgcMczQEFxh5DCSflrlYIMMoMXAEQxl0ECTTvqFEYMYM8xg4VE53CBGSmWcl956bZTRhhjvxUdHDmbMEQcOSMjABBExrAEDHGSwtMYSUSzxhhhZTGFEDHbc0MYTS8yxBBWyvWGFDWekcYQNc4TBRg0tzJCEHRouIQMbVRhhxxtNMIFFHTX9xgQcaxQhgxpOlIHGG2FIQQYSVcAgBQ5rQNHGGTLg8QQba8wxRBJP0PAEEi1oMYUWY-DRQhFsZGEFHVpQYcYYX5xRRRJESFFFGiKqZwMcMfTwFw2B0VDqenO8UYccY5QBXw-JdegqeqbCIUMPlmFmAw6v2gDdGT20EKUcypUggxHZkZFGGJSRRtFDb8DRxrUikAFcRnC8kS0aZLjgBnVhjTHeQlsE2MVDNC0Egwt4PSSHHYfNMJoIddSRRkYy1IDXQWGU0YIZNZBhxkk1lIFlwSC1kEOAZjhYgxg3zAdDWN9lNLELb7lAgwwuNASWvV90HNTHIY9cclJh1RFGRk28oUcabLARxgs10AsCCljEEMMOIDCRXR14gIAHR1-4RPS9OihIbwogHFHGGGu88YJoUeGFFwjQylGGGW_g8YLUGxMGlAhOPBHWG3J8oVNGbYfFxtpFOBHWQXZ8ITYbFNVwg1Gp4ZCevWdQpkPAONzwEN9fiCHHQkc9Xkbfx5GxkAwc5UWGHG9Uhq1Ci6cFOh552GXv2K7BJhttL4Q7brnn0vFCWHdkFAPnaQ-ku3on63VvRqBDRwfcLdThRhp0tLCeC2SMsfvbcwyvQ4Y3gCaa4YxFn9FBX0Q_vUXbMnRDfkZNvC8dbchA0fnqpR_VDTCoJpbfZez1xbrmo4-D-g-53P7YgJDmsMsy74KIGPrSrbH5hA0TScvd5EUYz8CgDwoICA%3D%3D&r=1&s=15d7d96739ac288ef8ec53a19ae8f64deeb80610b530006e09a2789d4e65d4bd1720278910&w=t

136.243.134.97

200 OK

43 B

URL GET HTTP/2
pxl.tsyndicate.com/api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XUwGEjx8YZY1qQiWFjRgsaNmDkaBHGBg0aJ3GEEWNGTBgZHseMEfEwTJ2dOkTcsDHmBg4cNWDSyDHjxkkZMWC0wFGm6cmSRWOMEYNjjAwaPCGSsUMRx1IcD-HUEbMwRw4YN3L0hANn4UcYFUXMgTNRB42kZnPQeDimTV0dSePeGCzWDEUYjMW4cbNwBg28JNGKaOMGI8MZMmTASMvZc4y3M2w8rBMjIxo6dODM0fHixZk3LvDoVmPYxZg3bV6EgZPmRZs3B9nMeUFnzg86YeScKUOHCPAwadz0mENHTho4Y9CEoeMbOJc6MGDIsFFnDsIkZHqUIUOj6sscomWEeRnGTBgcMczQEFxh5DCSflrlYIMMoMXAEQxl0ECTTvqFEYMYM8xg4VE53CBGSmWcl956bZTRhhjvxUdHDmbMEQcOSMjABBExrAEDHGSwtMYSUSzxhhhZTGFEDHbc0MYTS8yxBBWyvWGFDWekcYQNc4TBRg0tzJCEHRouIQMbVRhhxxtNMIFFHTX9xgQcaxQhgxpOlIHGG2FIQQYSVcAgBQ5rQNHGGTLg8QQba8wxRBJP0PAEEi1oMYUWY-DRQhFsZGEFHVpQYcYYX5xRRRJESFFFGiKqZwMcMfTwFw2B0VDqenO8UYccY5QBXw-JdegqeqbCIUMPlmFmAw6v2gDdGT20EKUcypUggxHZkZFGGJSRRtFDb8DRxrUikAFcRnC8kS0aZLjgBnVhjTHeQlsE2MVDNC0Egwt4PSSHHYfNMJoIddSRRkYy1IDXQWGU0YIZNZBhxkk1lIFlwSC1kEOAZjhYgxg3zAdDWN9lNLELb7lAgwwuNASWvV90HNTHIY9cclJh1RFGRk28oUcabLARxgs10AsCCljEEMMOIDCRXR14gIAHR1-4RPS9OihIbwogHFHGGGu88YJoUeGFFwjQylGGGW_g8YLUGxMGlAhOPBHWG3J8oVNGbYfFxtpFOBHWQXZ8ITYbFNVwg1Gp4ZCevWdQpkPAONzwEN9fiCHHQkc9Xkbfx5GxkAwc5UWGHG9Uhq1Ci6cFOh552GXv2K7BJhttL4Q7brnn0vFCWHdkFAPnaQ-ku3on63VvRqBDRwfcLdThRhp0tLCeC2SMsfvbcwyvQ4Y3gCaa4YxFn9FBX0Q_vUXbMnRDfkZNvC8dbchA0fnqpR_VDTCoJpbfZez1xbrmo4-D-g-53P7YgJDmsMsy74KIGPrSrbH5hA0TScvd5EUYz8CgDwoICA%3D%3D&r=1&s=15d7d96739ac288ef8ec53a19ae8f64deeb80610b530006e09a2789d4e65d4bd1720278910&w=t
IP
136.243.134.97:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjecttsyndicate.com
Fingerprint21:44:73:D5:80:22:FF:67:C5:62:ED:C0:AA:50:45:16:EB:B3:BC:00
ValidityWed, 12 Jun 2024 09:06:28 GMT - Tue, 10 Sep 2024 09:06:27 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ba036c43037cfe89320d1ef7b64cd43f
88c72d3e26047eb1e45e5564a76427734f120efe
42cb846e07917f6731406e500f24aeb2e88c42cda124eaa59e08c5331cad8bcb

HTTP Headers

GET /api/v1/p/p.gif?p=APeIQFMmDJkycuaI0BGjBgsRYcbQWRjjIZ0zC0XUwGEjx8YZY1qQiWFjRgsaNmDkaBHGBg0aJ3GEEWNGTBgZHseMEfEwTJ2dOkTcsDHmBg4cNWDSyDHjxkkZMWC0wFGm6cmSRWOMEYNjjAwaPCGSsUMRx1IcD-HUEbMwRw4YN3L0hANn4UcYFUXMgTNRB42kZnPQeDimTV0dSePeGCzWDEUYjMW4cbNwBg28JNGKaOMGI8MZMmTASMvZc4y3M2w8rBMjIxo6dODM0fHixZk3LvDoVmPYxZg3bV6EgZPmRZs3B9nMeUFnzg86YeScKUOHCPAwadz0mENHTho4Y9CEoeMbOJc6MGDIsFFnDsIkZHqUIUOj6sscomWEeRnGTBgcMczQEFxh5DCSflrlYIMMoMXAEQxl0ECTTvqFEYMYM8xg4VE53CBGSmWcl956bZTRhhjvxUdHDmbMEQcOSMjABBExrAEDHGSwtMYSUSzxhhhZTGFEDHbc0MYTS8yxBBWyvWGFDWekcYQNc4TBRg0tzJCEHRouIQMbVRhhxxtNMIFFHTX9xgQcaxQhgxpOlIHGG2FIQQYSVcAgBQ5rQNHGGTLg8QQba8wxRBJP0PAEEi1oMYUWY-DRQhFsZGEFHVpQYcYYX5xRRRJESFFFGiKqZwMcMfTwFw2B0VDqenO8UYccY5QBXw-JdegqeqbCIUMPlmFmAw6v2gDdGT20EKUcypUggxHZkZFGGJSRRtFDb8DRxrUikAFcRnC8kS0aZLjgBnVhjTHeQlsE2MVDNC0Egwt4PSSHHYfNMJoIddSRRkYy1IDXQWGU0YIZNZBhxkk1lIFlwSC1kEOAZjhYgxg3zAdDWN9lNLELb7lAgwwuNASWvV90HNTHIY9cclJh1RFGRk28oUcabLARxgs10AsCCljEEMMOIDCRXR14gIAHR1-4RPS9OihIbwogHFHGGGu88YJoUeGFFwjQylGGGW_g8YLUGxMGlAhOPBHWG3J8oVNGbYfFxtpFOBHWQXZ8ITYbFNVwg1Gp4ZCevWdQpkPAONzwEN9fiCHHQkc9Xkbfx5GxkAwc5UWGHG9Uhq1Ci6cFOh552GXv2K7BJhttL4Q7brnn0vFCWHdkFAPnaQ-ku3on63VvRqBDRwfcLdThRhp0tLCeC2SMsfvbcwyvQ4Y3gCaa4YxFn9FBX0Q_vUXbMnRDfkZNvC8dbchA0fnqpR_VDTCoJpbfZez1xbrmo4-D-g-53P7YgJDmsMsy74KIGPrSrbH5hA0TScvd5EUYz8CgDwoICA%3D%3D&r=1&s=15d7d96739ac288ef8ec53a19ae8f64deeb80610b530006e09a2789d4e65d4bd1720278910&w=t HTTP/1.1
Host: pxl.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: image/gif
content-length: 43
x-robots-tag: noindex, nofollow
X-Firefox-Spdy: h2

GET metrolagu.cam/embed.css

188.114.96.1

200 OK

11 kB

URL GET HTTP/3
metrolagu.cam/embed.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/watch?v=ZyY71Ps5xRk
Certificate
IssuerGoogle Trust Services
Subjectmetrolagu.cam
Fingerprint54:95:F3:00:3B:6A:05:40:B7:A3:46:47:DD:70:74:4A:10:23:F2:F1
ValidityWed, 12 Jun 2024 08:19:24 GMT - Tue, 10 Sep 2024 08:19:23 GMT

File type
ASCII text
Size
11 kB (11441 bytes)
Hash
1ac57b2fc858076467716fbad9268b05
94b3c1ff894b4cb316dfe90962b64db541bb3c46
6291ad32f03939ee9eb7cf8d62641115d0962e49b4869358c1ddee6271d9f0bf

HTTP Headers

GET /embed.css HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/watch?v=ZyY71Ps5xRk
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: text/css
last-modified: Thu, 28 Sep 2023 15:07:59 GMT
etag: W/"651596cf-446"
expires: Sat, 06 Jul 2024 20:51:41 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 23010
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oFxwF39To7JDbWofA4EibwJv%2Bb%2BtXICuEFto1YqK9om1F%2BFrZy%2B%2By6pPPZmgP1VqFu2%2BN8ciRAMQNAoRVH%2BNIJni5LwjtPO2nxhBuPllIjx5YF%2FBoze8Mf0iekY8sLUI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89f08c7e2f00568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdF4I74lGcmhTNFNLx5mgqLfGCyplDGJj1pn3SDHeT9lLTY6VjzyFBkeEgo0bKHD91X2lI6PtLRH2A

209.85.233.84

302 Found

420 B

URL GET HTTP/3
accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdF4I74lGcmhTNFNLx5mgqLfGCyplDGJj1pn3SDHeT9lLTY6VjzyFBkeEgo0bKHD91X2lI6PtLRH2A
IP
209.85.233.84:443
ASN
#15169 GOOGLE

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint5E:16:23:DF:7D:42:8E:61:6E:AA:4A:CC:FB:08:1A:B9:8F:FA:E0:A2
ValidityThu, 13 Jun 2024 15:27:14 GMT - Thu, 05 Sep 2024 15:27:13 GMT

File type
HTML document, ASCII text, with very long lines (390)
Size
420 B (420 bytes)
Hash
996890b1833a08e648fa6d0e51270320
83371acc314ddc35dadcf7b4e2cd141f57004ddf
05f8e06a170f5fc5b19b63b5b7cff19f79237179ec1cc40ca11069ebbef51293

HTTP Headers

GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AdF4I74lGcmhTNFNLx5mgqLfGCyplDGJj1pn3SDHeT9lLTY6VjzyFBkeEgo0bKHD91X2lI6PtLRH2A HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:C2eTgS__raxXLJhCRsvpSmK-wQJlxA:AfXWaCrTPTTJNYvJ;Path=/;Expires=Mon, 06-Jul-2026 15:15:12 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 06 Jul 2024 15:15:12 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AdF4I77m5vhYi5_wFWQg-SyC9aBG0EdVyJPlDuWPv2zwSxzrpRcj9yECYIVq5CLsjGsPhcWDBgfb&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-955983947%3A1720278912035613&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-Lb9uRagWxbQQwzZ2A8lhSg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 420
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST 430707a567.97c5ccfba2.com/in/multy

167.235.163.216

200 OK

7.8 kB

URL POST HTTP/2
430707a567.97c5ccfba2.com/in/multy
IP
167.235.163.216:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subject97c5ccfba2.com
Fingerprint3E:23:77:ED:85:2C:E5:00:E1:25:8E:81:A3:9D:E5:79:DD:D1:AA:B2
ValidityTue, 02 Jul 2024 14:03:36 GMT - Mon, 30 Sep 2024 14:03:35 GMT

File type
JSON text data
Size
7.8 kB (7826 bytes)
Hash
a89eadedd4181de92f8948f0e73d2141
b14332843cd2111167f8399988da01016df733af
b86613c2e06f0d96ecf3c772597d440ca1b9e4c1a4a0a5204e52db0cd896b4df

HTTP Headers

POST /in/multy HTTP/1.1
Host: 430707a567.97c5ccfba2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1714
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 06 Jul 2024 15:15:12 GMT
content-type: application/json
content-length: 7826
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2

GET 430707a567.97c5ccfba2.com/in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoophd.net%2Fd%2FPu2RS4Wlfi2&refdom=poophd.net&auction_time=1720278911&subid=357529620&sid=3339740602&tcid=0&ver=7.308.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-07-06&iabcat=IAB25-3&keywords=&user_fp=13148888709382828322&score=81.20611507563908&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoophd.net%252Fd%252FPu2RS4Wlfi2%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=popunderAd&crid=724890_99117506&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fs.optnx.com%2Fcimp.php%3Fdata%3DTVRjeU1ESTNPRGt4TVh4ak9HSTVObUUwTm1NNFlqVmxOelU1TlRjNE5tSTRaV000TmpsbU1UaGtaZy0tfGh0dHBzOi8vY2hlcnJ5dHYubWVkaWEvekRkS2k4ZkpFZlpFRlM3R0FlWEpXS0JHYjQ1TVFIVzJaczU0Slg5TkFlYVJqb2I1UlB2S0FSVVR3MlNVSXByRWZiN2xzUWctVz9jcC5wdWJfYXQ9UG9wdW5kZXJzJmNwLnB1Yl9jaWQ9NjYyNjE5OCZjcC5wdWJfemlkPTUzNDM2OTQmY3AucHViX2RvbT1teWJpZC5pbyZjcC5wdWJfY2F0PTUwOCZjcC5wdWJfdHQ9UG9wdW5kZXJzJmNwLnB1Yl9jbGlja2lkPW9wZGROSGRMSFRQSE5WUzRBU09xb3BvcnVwZGRkTk5aVkxXNmVXMnFlMXpxcGJYVXpPb2ROVTZWMHJwWFQxVVUwdW9tcG9ucG5kUk5UUlBUUzZWMHpwWFN1bGRLNlowcnBYVE9vb291c3BscmxuZHJ0dFBkWGRMVHRSWE5yVHhkclJMVlhYdnJiVExaWExTNnFpbWEyeXlsd2doRjF0R0Rjem5PbGRLNlYwcnBYU3VsZEs2VjAxazhzOWx0MDB6bk9sZEs2VjBycFhTdWxkSzZWMHJxS2RaNnBzNVo1WlpwcWFKNkpxYkxPS3JOTmJNOXRwYW5COWctJmNwLm9wPTAuMDAwNXxodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfG15YmlkLmlvfDcyNDg5MHw1OTk5MTh8MTAxMTYzNnw1MzQzNjk0fDUwOHw2NjI2MTk4fDk5MTE3NTA2fDE1fDN8MHwwfDI1MzQ0fDUzNDE4Nzc0fDUwfDgwfFVTRHxVU0R8MXwxfDIyfHwxfE5PUnw5MS45MC40Mi4xNTR8MTZ8OHwxfHwzMzM5NzQwNjAyfGNkZDI5NjkwNGQzNjFjNGY5YzMwNTY2ZWM4NDA3NjA0fDF8MHxwb29waGQubmV0fDB8MTA0MTM0fDIwODUyOHwwLjAxfDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTQzMjQyfDB8MHwzMTQzMjQ0fHx8MXw3MjB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfHwyNHw3fDB8MXwwfHx8MHwwfDB8MHwwfDB8MHwwfDB8MHwwfE9LfDE3MTZkMjU5MTc5MTNlNDNlMmQ4NjQ2Mjc2YTc5YWJk&icons=YBdNkB1p-_h7-YLEwI5LY1-5dAMycQxKAqAlLoeHUyBGkYA9mM9PhOB9AtLWL94Zyj21mjR3wYJhOdLe4xRg0eynMRuqWF75JDwfDry0IY_u9sfshNMCdyHcT0-2hcxmzpB-P8AdcrKOYsRqF4hpvob3ECRWHF9GMQQjl8zs9ve_lBJN1Q&ext_cid=6626198&px_id=53418774&min_cpm=0.0035416194809475728&out_id=1&campaign_type=lq-pop&aid=120&cid=18642&uniq=&mid=2480256251164691699&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.003731045508317327&cpm=0&verify_hash=11b92efafd2272107737300dbea4f4ca&is_native=2&real_bid=0.00033368000984192&original_bid_usd=0.0004&original_bid=0.0004&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,89,20,27,108,0&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=1720365311&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.0004&hostname=auc-inpage-hz-6-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000040000000000000003&ext_campaign_id_str=6626198&is_webview=0&client_price=0&direct_client_price=0&priority=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=6e1796f3-bec8-41ab-9bdc-de7c94a74e14&prev_step_diff=921

167.235.163.216

200 OK

0 B

URL GET HTTP/2
430707a567.97c5ccfba2.com/in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoophd.net%2Fd%2FPu2RS4Wlfi2&refdom=poophd.net&auction_time=1720278911&subid=357529620&sid=3339740602&tcid=0&ver=7.308.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-07-06&iabcat=IAB25-3&keywords=&user_fp=13148888709382828322&score=81.20611507563908&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoophd.net%252Fd%252FPu2RS4Wlfi2%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=popunderAd&crid=724890_99117506&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fs.optnx.com%2Fcimp.php%3Fdata%3DTVRjeU1ESTNPRGt4TVh4ak9HSTVObUUwTm1NNFlqVmxOelU1TlRjNE5tSTRaV000TmpsbU1UaGtaZy0tfGh0dHBzOi8vY2hlcnJ5dHYubWVkaWEvekRkS2k4ZkpFZlpFRlM3R0FlWEpXS0JHYjQ1TVFIVzJaczU0Slg5TkFlYVJqb2I1UlB2S0FSVVR3MlNVSXByRWZiN2xzUWctVz9jcC5wdWJfYXQ9UG9wdW5kZXJzJmNwLnB1Yl9jaWQ9NjYyNjE5OCZjcC5wdWJfemlkPTUzNDM2OTQmY3AucHViX2RvbT1teWJpZC5pbyZjcC5wdWJfY2F0PTUwOCZjcC5wdWJfdHQ9UG9wdW5kZXJzJmNwLnB1Yl9jbGlja2lkPW9wZGROSGRMSFRQSE5WUzRBU09xb3BvcnVwZGRkTk5aVkxXNmVXMnFlMXpxcGJYVXpPb2ROVTZWMHJwWFQxVVUwdW9tcG9ucG5kUk5UUlBUUzZWMHpwWFN1bGRLNlowcnBYVE9vb291c3BscmxuZHJ0dFBkWGRMVHRSWE5yVHhkclJMVlhYdnJiVExaWExTNnFpbWEyeXlsd2doRjF0R0Rjem5PbGRLNlYwcnBYU3VsZEs2VjAxazhzOWx0MDB6bk9sZEs2VjBycFhTdWxkSzZWMHJxS2RaNnBzNVo1WlpwcWFKNkpxYkxPS3JOTmJNOXRwYW5COWctJmNwLm9wPTAuMDAwNXxodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfG15YmlkLmlvfDcyNDg5MHw1OTk5MTh8MTAxMTYzNnw1MzQzNjk0fDUwOHw2NjI2MTk4fDk5MTE3NTA2fDE1fDN8MHwwfDI1MzQ0fDUzNDE4Nzc0fDUwfDgwfFVTRHxVU0R8MXwxfDIyfHwxfE5PUnw5MS45MC40Mi4xNTR8MTZ8OHwxfHwzMzM5NzQwNjAyfGNkZDI5NjkwNGQzNjFjNGY5YzMwNTY2ZWM4NDA3NjA0fDF8MHxwb29waGQubmV0fDB8MTA0MTM0fDIwODUyOHwwLjAxfDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTQzMjQyfDB8MHwzMTQzMjQ0fHx8MXw3MjB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfHwyNHw3fDB8MXwwfHx8MHwwfDB8MHwwfDB8MHwwfDB8MHwwfE9LfDE3MTZkMjU5MTc5MTNlNDNlMmQ4NjQ2Mjc2YTc5YWJk&icons=YBdNkB1p-_h7-YLEwI5LY1-5dAMycQxKAqAlLoeHUyBGkYA9mM9PhOB9AtLWL94Zyj21mjR3wYJhOdLe4xRg0eynMRuqWF75JDwfDry0IY_u9sfshNMCdyHcT0-2hcxmzpB-P8AdcrKOYsRqF4hpvob3ECRWHF9GMQQjl8zs9ve_lBJN1Q&ext_cid=6626198&px_id=53418774&min_cpm=0.0035416194809475728&out_id=1&campaign_type=lq-pop&aid=120&cid=18642&uniq=&mid=2480256251164691699&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.003731045508317327&cpm=0&verify_hash=11b92efafd2272107737300dbea4f4ca&is_native=2&real_bid=0.00033368000984192&original_bid_usd=0.0004&original_bid=0.0004&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,89,20,27,108,0&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=1720365311&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.0004&hostname=auc-inpage-hz-6-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000040000000000000003&ext_campaign_id_str=6626198&is_webview=0&client_price=0&direct_client_price=0&priority=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=6e1796f3-bec8-41ab-9bdc-de7c94a74e14&prev_step_diff=921
IP
167.235.163.216:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subject97c5ccfba2.com
Fingerprint3E:23:77:ED:85:2C:E5:00:E1:25:8E:81:A3:9D:E5:79:DD:D1:AA:B2
ValidityTue, 02 Jul 2024 14:03:36 GMT - Mon, 30 Sep 2024 14:03:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoophd.net%2Fd%2FPu2RS4Wlfi2&refdom=poophd.net&auction_time=1720278911&subid=357529620&sid=3339740602&tcid=0&ver=7.308.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-07-06&iabcat=IAB25-3&keywords=&user_fp=13148888709382828322&score=81.20611507563908&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoophd.net%252Fd%252FPu2RS4Wlfi2%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=popunderAd&crid=724890_99117506&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fs.optnx.com%2Fcimp.php%3Fdata%3DTVRjeU1ESTNPRGt4TVh4ak9HSTVObUUwTm1NNFlqVmxOelU1TlRjNE5tSTRaV000TmpsbU1UaGtaZy0tfGh0dHBzOi8vY2hlcnJ5dHYubWVkaWEvekRkS2k4ZkpFZlpFRlM3R0FlWEpXS0JHYjQ1TVFIVzJaczU0Slg5TkFlYVJqb2I1UlB2S0FSVVR3MlNVSXByRWZiN2xzUWctVz9jcC5wdWJfYXQ9UG9wdW5kZXJzJmNwLnB1Yl9jaWQ9NjYyNjE5OCZjcC5wdWJfemlkPTUzNDM2OTQmY3AucHViX2RvbT1teWJpZC5pbyZjcC5wdWJfY2F0PTUwOCZjcC5wdWJfdHQ9UG9wdW5kZXJzJmNwLnB1Yl9jbGlja2lkPW9wZGROSGRMSFRQSE5WUzRBU09xb3BvcnVwZGRkTk5aVkxXNmVXMnFlMXpxcGJYVXpPb2ROVTZWMHJwWFQxVVUwdW9tcG9ucG5kUk5UUlBUUzZWMHpwWFN1bGRLNlowcnBYVE9vb291c3BscmxuZHJ0dFBkWGRMVHRSWE5yVHhkclJMVlhYdnJiVExaWExTNnFpbWEyeXlsd2doRjF0R0Rjem5PbGRLNlYwcnBYU3VsZEs2VjAxazhzOWx0MDB6bk9sZEs2VjBycFhTdWxkSzZWMHJxS2RaNnBzNVo1WlpwcWFKNkpxYkxPS3JOTmJNOXRwYW5COWctJmNwLm9wPTAuMDAwNXxodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfG15YmlkLmlvfDcyNDg5MHw1OTk5MTh8MTAxMTYzNnw1MzQzNjk0fDUwOHw2NjI2MTk4fDk5MTE3NTA2fDE1fDN8MHwwfDI1MzQ0fDUzNDE4Nzc0fDUwfDgwfFVTRHxVU0R8MXwxfDIyfHwxfE5PUnw5MS45MC40Mi4xNTR8MTZ8OHwxfHwzMzM5NzQwNjAyfGNkZDI5NjkwNGQzNjFjNGY5YzMwNTY2ZWM4NDA3NjA0fDF8MHxwb29waGQubmV0fDB8MTA0MTM0fDIwODUyOHwwLjAxfDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTQzMjQyfDB8MHwzMTQzMjQ0fHx8MXw3MjB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfHwyNHw3fDB8MXwwfHx8MHwwfDB8MHwwfDB8MHwwfDB8MHwwfE9LfDE3MTZkMjU5MTc5MTNlNDNlMmQ4NjQ2Mjc2YTc5YWJk&icons=YBdNkB1p-_h7-YLEwI5LY1-5dAMycQxKAqAlLoeHUyBGkYA9mM9PhOB9AtLWL94Zyj21mjR3wYJhOdLe4xRg0eynMRuqWF75JDwfDry0IY_u9sfshNMCdyHcT0-2hcxmzpB-P8AdcrKOYsRqF4hpvob3ECRWHF9GMQQjl8zs9ve_lBJN1Q&ext_cid=6626198&px_id=53418774&min_cpm=0.0035416194809475728&out_id=1&campaign_type=lq-pop&aid=120&cid=18642&uniq=&mid=2480256251164691699&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.003731045508317327&cpm=0&verify_hash=11b92efafd2272107737300dbea4f4ca&is_native=2&real_bid=0.00033368000984192&original_bid_usd=0.0004&original_bid=0.0004&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,89,20,27,108,0&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=1720365311&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.0004&hostname=auc-inpage-hz-6-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000040000000000000003&ext_campaign_id_str=6626198&is_webview=0&client_price=0&direct_client_price=0&priority=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=6e1796f3-bec8-41ab-9bdc-de7c94a74e14&prev_step_diff=921 HTTP/1.1
Host: 430707a567.97c5ccfba2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 06 Jul 2024 15:15:12 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

GET 430707a567.97c5ccfba2.com/in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoophd.net%2Fd%2FPu2RS4Wlfi2&refdom=poophd.net&auction_time=1720278911&subid=357529620&sid=3339740602&tcid=0&ver=7.308.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-07-06&iabcat=IAB25-3&keywords=&user_fp=13148888709382828322&score=81.20611507563908&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoophd.net%252Fd%252FPu2RS4Wlfi2%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=15470&crtid=a448785754fcf5a97a1ec8e8b27b4f57&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DQQVPG2BVXTAfuUoKTHjhmcHUaSMKTQQzvRtoqLNd5mM3a8Jd7j07mHGIdvIt_IhJwuqyMW7DOShOKl6x9Kmfpcq0ZOn2Ohh_cvW5FW_CL6KXr6AwSjf7a2jWYA-k576OzKt3pAsKmha37wTLCvTzL3XGfeIkbd_kZGd4Op9D4Ifv8YXCITtW1ePQRIU7OSPtHD9urc2iJ8ROJeXKV_BjxUvjsaw_KfxeAqDlH3GsJjHf423Z3n_zr8xO8kOYIDMSssQhttyz1RCRNV1gfSrwq9_XlOtXn0yq7M1sdj8931MXGCGXHcGmrixWQEf_l98Rk__yqPiQ7r0DMsLHYodGtVqyU6STpLTuJ_Ja9VYqHMJhp7GryRk9aKg18OxogiGFBSMnzX7r96KtuyLxpsi3yMBGYxjzXGqwkPGzlpilKNZpIotCJZ36ldUlVTBRQCPuoEZPgIZlpy5blJVg8zgfR1IbiJq7B48kG3e9QHqT8M2wZYGBkcLpWRW2W4j2-Dt5_GbvrvAsiaNNSZAoQvT3OwGhXXaUp0W8RC8AzIfdEeL_5k83HId1K3NdRNSK_5DEMXgO2Q-CgGUYNZ3tUlJ8kbtPEyI7Pni-MSYEfRkXtbW-hGyrBOBL3NfLClqqHd8hEh0DCTbiJ1TI02QY8pd6WGKhAvQi05BHfImdcnoG2SOe1e-IPzcvVOJbu9x6X5v0SGOFl3JWyjZCdvh6pAUAF_FyMiMCzDiAx_kE0igRwgZ0gmOh5vT5rHPTSRACaWiWKU9eUbekhI8-BgYukBfzFFoGULJTZb0HKw4FAMfzFTFxVG1sPGQTyE1-xyVrJTHkNtOS_08eH6_7zm76aZeXym_TKk4iIOWdd5NGxUf7Lce1DSzNM_pp4B_CEqjOptCUI0CcCdssDYx8yeMdnffJT9lInaDJh3zxdYmJOai8FaG2GOLWRt9tBKZ4l529_XQgPENwSbnCLjgxiD0CGnOQJz0NtE6QcUjpPUSWwy4lbHh6fDPbf0LIK0GkWXTV4OF6K6m0Vyv8lyuPj4D-3UIWMrOFc--WofNY1zHopnc_VDbBzYRJo_pBsOdXI3B5w_f6ZfXkg3kb6_SgzV1WRGkaVPoWPocD5fHqUg0DY3IzxSj4scaiS-nsikpHSJzmS5cUENuK1wKldk5My-Et_rbPZ8-N34N288Z1ReBnAjNipuqjqM6IOaSRwnxvyBVhccDhzqevQbGBOjB-wN3FAOzNAvanictimg%26sp%3D0.0028366506248763638&icons=0hoMBTVrFh3NHpmNd8uFTdkLVtuDn70Bde673Lz53R5-OUQ2_xHdAvFK4shCvstbVxQ9P0HKWtyQ3mtaa5fJOjG8fuGiSR8w5oVW-QsQd0GB6ZSeTqB_W8nhpHoRQw7K9DAGlBqZm1lp6fV-k_ODWFazmgP-r75kFNyI8TChMe8bNlicjPhka5meA9_UthF03kWyUQbTKCBxVIB4wLzD5q6DadUQFXaikJIWX1yWWDtaJTsYRHrKo2eTcIpOK21nAu-mPhIgXs6Y4oYhsIgY0tg04GcfEEXMwgTuSPs4pJ9DE_z_dlOYPizPHTkAhu6CJybcVpZMtkr0ZR6sNbsTyrKXLe5fZGP8ur6bGw_wwbla5Z8mTrdZCIv1Tioe85nn9NLI69gIfAQDkxxbzDRZrQtm_AMy5uXV0i--bTH9Z9bSoTUqz8Bhvyaac-gzXlyGPnanyU8EBvOLPBj7MmW1mzyE3673asUS8ZkU_rB_0J-AoXHhOfXjvJSHub-KpTGlGU0u4-_OtHyz8co0b3xXiKCWMwdb6BOwfljTXCJTq3wzd0-hxL0HXB0vo7Fs_MTUtJjUned_GgrwvtZ2sY03eBUAMWzDrNu31qbl3rUluM-1j4QRfQJZcj8THGjSMsmfnA1C-4dRdRwi9kNE0uP-AB2KAQAbN2DbWjryXsFRXLDQ_fhBvO7XUS7xArHk3D65xg50_ly7qUNBtmNwZ0nmuK2yiu7k42CFSF8Ga8H9b22N55845bxtLlHlYYmYQi2u_IE475MLZbUkGxm3OHna4GTDVHMxWI8CtGFjSIfp65m_G3c6lgEx9t4O2ICdWxK3be5kHLpPMSUi2BoNYLgJ_EowdvEk7K7xenE4FOsASoHRHDz4wAxBnS5baF2ox_OiauyG_8aqbLdKxslqJIqcdXNApQ2HVkkzn4LVaMp5i0Sz5YaqVOVZWuSdGoi7d98nfkJlzZMMTxNTOd679kNvuxYLGajKRANSVHFaKDeTfic6Y7emsSIqNwTNa0k1uyDxoHVW28wwljL58zGkF5_rlnvxbit3Y0c3NvB1TfkGp7qghLe05not4Tm-OKXSbQ4yKu6hpbwXU6jziCkEYil9i5FIKISNb4h8kg9QwN0tFO2o4qiY2eTktjkiVHwBwawIsIKnDEj5gAEkwK3WMGmk9V3deFaOuffjXfenSXU-zOodyzPBwJtaE2C_N-f2W9GvAk5UavmOKrQbW4hHp0w3fpd4cmFaLBubS7vFw2dGf8uju2Aa0VUdbncRFmpV1taiRIVYNXVpubp5CxBuliwcnmXrOqZVE_vXrTXfyliNXJmQkbmBsh4fOJSxR5BBtUfCPVRnQ78truTkuH77XBZrSeWN5G3iieMZqFWB0HTxakojJViu4koXgwyCLzclR9eSaENpziBM7A&ext_cid=217903&px_id=31418774&min_cpm=0.012922690971898049&out_id=0&campaign_type=mq&aid=127&cid=12696&uniq=34d3b07b42d61d4561e6068f66f2a7660a7ce2ba959fa10f4073bd1e499cf814&mid=2480256251164691699&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.09963455081084642&cpm=0&verify_hash=0c412ea77ef7134bead5b315e66b57d5&is_native=1&real_bid=0.002442072479942737&original_bid_usd=0.0028366506248763638&original_bid=0.0028366506248763638&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,101,5,98,108,0&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=1720451711&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F756%2F756853%2Fconversions%2FUI81lHpD-minify.jpg&site=native-push-adult&price=0.0028366506248763638&hostname=auc-inpage-hz-6-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000028366506248763643&ext_campaign_id_str=217903&is_webview=0&client_price=0&direct_client_price=0&priority=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.03&cpa=610948aa-4bb2-4826-9cef-0876824ba734&prev_step_diff=920

167.235.163.216

200 OK

0 B

URL GET HTTP/2
430707a567.97c5ccfba2.com/in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoophd.net%2Fd%2FPu2RS4Wlfi2&refdom=poophd.net&auction_time=1720278911&subid=357529620&sid=3339740602&tcid=0&ver=7.308.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-07-06&iabcat=IAB25-3&keywords=&user_fp=13148888709382828322&score=81.20611507563908&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoophd.net%252Fd%252FPu2RS4Wlfi2%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=15470&crtid=a448785754fcf5a97a1ec8e8b27b4f57&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DQQVPG2BVXTAfuUoKTHjhmcHUaSMKTQQzvRtoqLNd5mM3a8Jd7j07mHGIdvIt_IhJwuqyMW7DOShOKl6x9Kmfpcq0ZOn2Ohh_cvW5FW_CL6KXr6AwSjf7a2jWYA-k576OzKt3pAsKmha37wTLCvTzL3XGfeIkbd_kZGd4Op9D4Ifv8YXCITtW1ePQRIU7OSPtHD9urc2iJ8ROJeXKV_BjxUvjsaw_KfxeAqDlH3GsJjHf423Z3n_zr8xO8kOYIDMSssQhttyz1RCRNV1gfSrwq9_XlOtXn0yq7M1sdj8931MXGCGXHcGmrixWQEf_l98Rk__yqPiQ7r0DMsLHYodGtVqyU6STpLTuJ_Ja9VYqHMJhp7GryRk9aKg18OxogiGFBSMnzX7r96KtuyLxpsi3yMBGYxjzXGqwkPGzlpilKNZpIotCJZ36ldUlVTBRQCPuoEZPgIZlpy5blJVg8zgfR1IbiJq7B48kG3e9QHqT8M2wZYGBkcLpWRW2W4j2-Dt5_GbvrvAsiaNNSZAoQvT3OwGhXXaUp0W8RC8AzIfdEeL_5k83HId1K3NdRNSK_5DEMXgO2Q-CgGUYNZ3tUlJ8kbtPEyI7Pni-MSYEfRkXtbW-hGyrBOBL3NfLClqqHd8hEh0DCTbiJ1TI02QY8pd6WGKhAvQi05BHfImdcnoG2SOe1e-IPzcvVOJbu9x6X5v0SGOFl3JWyjZCdvh6pAUAF_FyMiMCzDiAx_kE0igRwgZ0gmOh5vT5rHPTSRACaWiWKU9eUbekhI8-BgYukBfzFFoGULJTZb0HKw4FAMfzFTFxVG1sPGQTyE1-xyVrJTHkNtOS_08eH6_7zm76aZeXym_TKk4iIOWdd5NGxUf7Lce1DSzNM_pp4B_CEqjOptCUI0CcCdssDYx8yeMdnffJT9lInaDJh3zxdYmJOai8FaG2GOLWRt9tBKZ4l529_XQgPENwSbnCLjgxiD0CGnOQJz0NtE6QcUjpPUSWwy4lbHh6fDPbf0LIK0GkWXTV4OF6K6m0Vyv8lyuPj4D-3UIWMrOFc--WofNY1zHopnc_VDbBzYRJo_pBsOdXI3B5w_f6ZfXkg3kb6_SgzV1WRGkaVPoWPocD5fHqUg0DY3IzxSj4scaiS-nsikpHSJzmS5cUENuK1wKldk5My-Et_rbPZ8-N34N288Z1ReBnAjNipuqjqM6IOaSRwnxvyBVhccDhzqevQbGBOjB-wN3FAOzNAvanictimg%26sp%3D0.0028366506248763638&icons=0hoMBTVrFh3NHpmNd8uFTdkLVtuDn70Bde673Lz53R5-OUQ2_xHdAvFK4shCvstbVxQ9P0HKWtyQ3mtaa5fJOjG8fuGiSR8w5oVW-QsQd0GB6ZSeTqB_W8nhpHoRQw7K9DAGlBqZm1lp6fV-k_ODWFazmgP-r75kFNyI8TChMe8bNlicjPhka5meA9_UthF03kWyUQbTKCBxVIB4wLzD5q6DadUQFXaikJIWX1yWWDtaJTsYRHrKo2eTcIpOK21nAu-mPhIgXs6Y4oYhsIgY0tg04GcfEEXMwgTuSPs4pJ9DE_z_dlOYPizPHTkAhu6CJybcVpZMtkr0ZR6sNbsTyrKXLe5fZGP8ur6bGw_wwbla5Z8mTrdZCIv1Tioe85nn9NLI69gIfAQDkxxbzDRZrQtm_AMy5uXV0i--bTH9Z9bSoTUqz8Bhvyaac-gzXlyGPnanyU8EBvOLPBj7MmW1mzyE3673asUS8ZkU_rB_0J-AoXHhOfXjvJSHub-KpTGlGU0u4-_OtHyz8co0b3xXiKCWMwdb6BOwfljTXCJTq3wzd0-hxL0HXB0vo7Fs_MTUtJjUned_GgrwvtZ2sY03eBUAMWzDrNu31qbl3rUluM-1j4QRfQJZcj8THGjSMsmfnA1C-4dRdRwi9kNE0uP-AB2KAQAbN2DbWjryXsFRXLDQ_fhBvO7XUS7xArHk3D65xg50_ly7qUNBtmNwZ0nmuK2yiu7k42CFSF8Ga8H9b22N55845bxtLlHlYYmYQi2u_IE475MLZbUkGxm3OHna4GTDVHMxWI8CtGFjSIfp65m_G3c6lgEx9t4O2ICdWxK3be5kHLpPMSUi2BoNYLgJ_EowdvEk7K7xenE4FOsASoHRHDz4wAxBnS5baF2ox_OiauyG_8aqbLdKxslqJIqcdXNApQ2HVkkzn4LVaMp5i0Sz5YaqVOVZWuSdGoi7d98nfkJlzZMMTxNTOd679kNvuxYLGajKRANSVHFaKDeTfic6Y7emsSIqNwTNa0k1uyDxoHVW28wwljL58zGkF5_rlnvxbit3Y0c3NvB1TfkGp7qghLe05not4Tm-OKXSbQ4yKu6hpbwXU6jziCkEYil9i5FIKISNb4h8kg9QwN0tFO2o4qiY2eTktjkiVHwBwawIsIKnDEj5gAEkwK3WMGmk9V3deFaOuffjXfenSXU-zOodyzPBwJtaE2C_N-f2W9GvAk5UavmOKrQbW4hHp0w3fpd4cmFaLBubS7vFw2dGf8uju2Aa0VUdbncRFmpV1taiRIVYNXVpubp5CxBuliwcnmXrOqZVE_vXrTXfyliNXJmQkbmBsh4fOJSxR5BBtUfCPVRnQ78truTkuH77XBZrSeWN5G3iieMZqFWB0HTxakojJViu4koXgwyCLzclR9eSaENpziBM7A&ext_cid=217903&px_id=31418774&min_cpm=0.012922690971898049&out_id=0&campaign_type=mq&aid=127&cid=12696&uniq=34d3b07b42d61d4561e6068f66f2a7660a7ce2ba959fa10f4073bd1e499cf814&mid=2480256251164691699&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.09963455081084642&cpm=0&verify_hash=0c412ea77ef7134bead5b315e66b57d5&is_native=1&real_bid=0.002442072479942737&original_bid_usd=0.0028366506248763638&original_bid=0.0028366506248763638&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,101,5,98,108,0&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=1720451711&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F756%2F756853%2Fconversions%2FUI81lHpD-minify.jpg&site=native-push-adult&price=0.0028366506248763638&hostname=auc-inpage-hz-6-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000028366506248763643&ext_campaign_id_str=217903&is_webview=0&client_price=0&direct_client_price=0&priority=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.03&cpa=610948aa-4bb2-4826-9cef-0876824ba734&prev_step_diff=920
IP
167.235.163.216:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subject97c5ccfba2.com
Fingerprint3E:23:77:ED:85:2C:E5:00:E1:25:8E:81:A3:9D:E5:79:DD:D1:AA:B2
ValidityTue, 02 Jul 2024 14:03:36 GMT - Mon, 30 Sep 2024 14:03:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoophd.net%2Fd%2FPu2RS4Wlfi2&refdom=poophd.net&auction_time=1720278911&subid=357529620&sid=3339740602&tcid=0&ver=7.308.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-07-06&iabcat=IAB25-3&keywords=&user_fp=13148888709382828322&score=81.20611507563908&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoophd.net%252Fd%252FPu2RS4Wlfi2%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=15470&crtid=a448785754fcf5a97a1ec8e8b27b4f57&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DQQVPG2BVXTAfuUoKTHjhmcHUaSMKTQQzvRtoqLNd5mM3a8Jd7j07mHGIdvIt_IhJwuqyMW7DOShOKl6x9Kmfpcq0ZOn2Ohh_cvW5FW_CL6KXr6AwSjf7a2jWYA-k576OzKt3pAsKmha37wTLCvTzL3XGfeIkbd_kZGd4Op9D4Ifv8YXCITtW1ePQRIU7OSPtHD9urc2iJ8ROJeXKV_BjxUvjsaw_KfxeAqDlH3GsJjHf423Z3n_zr8xO8kOYIDMSssQhttyz1RCRNV1gfSrwq9_XlOtXn0yq7M1sdj8931MXGCGXHcGmrixWQEf_l98Rk__yqPiQ7r0DMsLHYodGtVqyU6STpLTuJ_Ja9VYqHMJhp7GryRk9aKg18OxogiGFBSMnzX7r96KtuyLxpsi3yMBGYxjzXGqwkPGzlpilKNZpIotCJZ36ldUlVTBRQCPuoEZPgIZlpy5blJVg8zgfR1IbiJq7B48kG3e9QHqT8M2wZYGBkcLpWRW2W4j2-Dt5_GbvrvAsiaNNSZAoQvT3OwGhXXaUp0W8RC8AzIfdEeL_5k83HId1K3NdRNSK_5DEMXgO2Q-CgGUYNZ3tUlJ8kbtPEyI7Pni-MSYEfRkXtbW-hGyrBOBL3NfLClqqHd8hEh0DCTbiJ1TI02QY8pd6WGKhAvQi05BHfImdcnoG2SOe1e-IPzcvVOJbu9x6X5v0SGOFl3JWyjZCdvh6pAUAF_FyMiMCzDiAx_kE0igRwgZ0gmOh5vT5rHPTSRACaWiWKU9eUbekhI8-BgYukBfzFFoGULJTZb0HKw4FAMfzFTFxVG1sPGQTyE1-xyVrJTHkNtOS_08eH6_7zm76aZeXym_TKk4iIOWdd5NGxUf7Lce1DSzNM_pp4B_CEqjOptCUI0CcCdssDYx8yeMdnffJT9lInaDJh3zxdYmJOai8FaG2GOLWRt9tBKZ4l529_XQgPENwSbnCLjgxiD0CGnOQJz0NtE6QcUjpPUSWwy4lbHh6fDPbf0LIK0GkWXTV4OF6K6m0Vyv8lyuPj4D-3UIWMrOFc--WofNY1zHopnc_VDbBzYRJo_pBsOdXI3B5w_f6ZfXkg3kb6_SgzV1WRGkaVPoWPocD5fHqUg0DY3IzxSj4scaiS-nsikpHSJzmS5cUENuK1wKldk5My-Et_rbPZ8-N34N288Z1ReBnAjNipuqjqM6IOaSRwnxvyBVhccDhzqevQbGBOjB-wN3FAOzNAvanictimg%26sp%3D0.0028366506248763638&icons=0hoMBTVrFh3NHpmNd8uFTdkLVtuDn70Bde673Lz53R5-OUQ2_xHdAvFK4shCvstbVxQ9P0HKWtyQ3mtaa5fJOjG8fuGiSR8w5oVW-QsQd0GB6ZSeTqB_W8nhpHoRQw7K9DAGlBqZm1lp6fV-k_ODWFazmgP-r75kFNyI8TChMe8bNlicjPhka5meA9_UthF03kWyUQbTKCBxVIB4wLzD5q6DadUQFXaikJIWX1yWWDtaJTsYRHrKo2eTcIpOK21nAu-mPhIgXs6Y4oYhsIgY0tg04GcfEEXMwgTuSPs4pJ9DE_z_dlOYPizPHTkAhu6CJybcVpZMtkr0ZR6sNbsTyrKXLe5fZGP8ur6bGw_wwbla5Z8mTrdZCIv1Tioe85nn9NLI69gIfAQDkxxbzDRZrQtm_AMy5uXV0i--bTH9Z9bSoTUqz8Bhvyaac-gzXlyGPnanyU8EBvOLPBj7MmW1mzyE3673asUS8ZkU_rB_0J-AoXHhOfXjvJSHub-KpTGlGU0u4-_OtHyz8co0b3xXiKCWMwdb6BOwfljTXCJTq3wzd0-hxL0HXB0vo7Fs_MTUtJjUned_GgrwvtZ2sY03eBUAMWzDrNu31qbl3rUluM-1j4QRfQJZcj8THGjSMsmfnA1C-4dRdRwi9kNE0uP-AB2KAQAbN2DbWjryXsFRXLDQ_fhBvO7XUS7xArHk3D65xg50_ly7qUNBtmNwZ0nmuK2yiu7k42CFSF8Ga8H9b22N55845bxtLlHlYYmYQi2u_IE475MLZbUkGxm3OHna4GTDVHMxWI8CtGFjSIfp65m_G3c6lgEx9t4O2ICdWxK3be5kHLpPMSUi2BoNYLgJ_EowdvEk7K7xenE4FOsASoHRHDz4wAxBnS5baF2ox_OiauyG_8aqbLdKxslqJIqcdXNApQ2HVkkzn4LVaMp5i0Sz5YaqVOVZWuSdGoi7d98nfkJlzZMMTxNTOd679kNvuxYLGajKRANSVHFaKDeTfic6Y7emsSIqNwTNa0k1uyDxoHVW28wwljL58zGkF5_rlnvxbit3Y0c3NvB1TfkGp7qghLe05not4Tm-OKXSbQ4yKu6hpbwXU6jziCkEYil9i5FIKISNb4h8kg9QwN0tFO2o4qiY2eTktjkiVHwBwawIsIKnDEj5gAEkwK3WMGmk9V3deFaOuffjXfenSXU-zOodyzPBwJtaE2C_N-f2W9GvAk5UavmOKrQbW4hHp0w3fpd4cmFaLBubS7vFw2dGf8uju2Aa0VUdbncRFmpV1taiRIVYNXVpubp5CxBuliwcnmXrOqZVE_vXrTXfyliNXJmQkbmBsh4fOJSxR5BBtUfCPVRnQ78truTkuH77XBZrSeWN5G3iieMZqFWB0HTxakojJViu4koXgwyCLzclR9eSaENpziBM7A&ext_cid=217903&px_id=31418774&min_cpm=0.012922690971898049&out_id=0&campaign_type=mq&aid=127&cid=12696&uniq=34d3b07b42d61d4561e6068f66f2a7660a7ce2ba959fa10f4073bd1e499cf814&mid=2480256251164691699&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.09963455081084642&cpm=0&verify_hash=0c412ea77ef7134bead5b315e66b57d5&is_native=1&real_bid=0.002442072479942737&original_bid_usd=0.0028366506248763638&original_bid=0.0028366506248763638&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,101,5,98,108,0&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=1720451711&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F756%2F756853%2Fconversions%2FUI81lHpD-minify.jpg&site=native-push-adult&price=0.0028366506248763638&hostname=auc-inpage-hz-6-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000028366506248763643&ext_campaign_id_str=217903&is_webview=0&client_price=0&direct_client_price=0&priority=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.03&cpa=610948aa-4bb2-4826-9cef-0876824ba734&prev_step_diff=920 HTTP/1.1
Host: 430707a567.97c5ccfba2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 06 Jul 2024 15:15:12 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

GET static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=3de9de59-8a5f-4c64-976a-14f0aa88b4ea&prev_step_diff=920

45.133.44.25

200 OK

486 B

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=3de9de59-8a5f-4c64-976a-14f0aa88b4ea&prev_step_diff=920
IP
45.133.44.25:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
Fingerprint4C:48:F0:54:0C:00:BF:00:BE:69:C1:23:F3:A7:91:4B:61:3C:95:F6
ValidityTue, 04 Jun 2024 03:00:32 GMT - Mon, 02 Sep 2024 03:00:31 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
486 B (486 bytes)
Hash
ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=3de9de59-8a5f-4c64-976a-14f0aa88b4ea&prev_step_diff=920 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:12 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Sun, 06 Jul 2025 15:15:12 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp

45.133.44.25

200 OK

1.1 kB

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp
IP
45.133.44.25:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
Fingerprint4C:48:F0:54:0C:00:BF:00:BE:69:C1:23:F3:A7:91:4B:61:3C:95:F6
ValidityTue, 04 Jun 2024 03:00:32 GMT - Mon, 02 Sep 2024 03:00:31 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.1 kB (1066 bytes)
Hash
2a11e13b2bd67bb9a6cb347d7c73df13
b85460a33f9b229f42c08a6a94ae433a4d5c32ab
1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:12 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Sun, 06 Jul 2025 15:15:12 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET metrolagu.cam/jembud/3269666c57345352327550

188.114.96.1

200 OK

151 B

URL GET HTTP/2
metrolagu.cam/jembud/3269666c57345352327550
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://yu2be.com/watch?V=CBx6e9cZlBQ
Certificate
IssuerGoogle Trust Services
Subjectmetrolagu.cam
Fingerprint54:95:F3:00:3B:6A:05:40:B7:A3:46:47:DD:70:74:4A:10:23:F2:F1
ValidityWed, 12 Jun 2024 08:19:24 GMT - Tue, 10 Sep 2024 08:19:23 GMT

File type
HTML document, ASCII text
Size
151 B (151 bytes)
Hash
0f7ae3f9d0e69fd0aaf1398d77b7290c
190ebedd7eeffe1d28e7f85a8daf55b059b3d109
0b4b459b049712fdea8f6fc528874544011a05d34359debc96ff2bcecd707f72

HTTP Headers

GET /jembud/3269666c57345352327550 HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o0nYknfIjQPw3jXZSsI3tmBA0VSmuDoH8zh7mfJi06cfN97ukd03KcxiqKrrlD4WpHSpu%2FPXPofvdNr1PU1sutGb%2BSPHAkPvKlKDynGV22aIh29jaDtqvq1Nms3SqqsZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c7a8eb1b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET imdn.pics/m/p/0/756/756853/conversions/UI81lHpD-minify.jpg

45.133.44.24

200 OK

17 kB

URL GET HTTP/2
imdn.pics/m/p/0/756/756853/conversions/UI81lHpD-minify.jpg
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjectimdn.pics
Fingerprint56:C0:33:C1:83:FD:F4:3F:85:0C:56:6C:BD:3A:B4:09:34:6B:5D:69
ValiditySat, 11 May 2024 02:00:56 GMT - Fri, 09 Aug 2024 02:00:55 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 360x240, components 3
Size
17 kB (17133 bytes)
Hash
a3ef953ff3ca7693edae6ec66d8851b3
6efbcb8771c94a7d01a3520e74090ca935c6f0c1
3211bd488a702999c6713b3ea1e7fbff07de82816912e8661422be29558d4296

HTTP Headers

GET /m/p/0/756/756853/conversions/UI81lHpD-minify.jpg HTTP/1.1
Host: imdn.pics
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:12 GMT
content-type: image/jpeg
content-length: 17133
server: nginx
last-modified: Thu, 14 Mar 2024 10:43:51 GMT
etag: "65f2d4e7-42ed"
x-request-id: aa65482af930c5c8c33dda560e43797e
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache, no-cache
expires: 0
x-proxy-cache: HIT, HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET imdn.pics/m/p/0/756/756852/conversions/R2NBS1nv-minify.jpg

45.133.44.24

200 OK

3.5 kB

URL GET HTTP/2
imdn.pics/m/p/0/756/756852/conversions/R2NBS1nv-minify.jpg
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjectimdn.pics
Fingerprint56:C0:33:C1:83:FD:F4:3F:85:0C:56:6C:BD:3A:B4:09:34:6B:5D:69
ValiditySat, 11 May 2024 02:00:56 GMT - Fri, 09 Aug 2024 02:00:55 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 100x100, components 3
Size
3.5 kB (3454 bytes)
Hash
f106f6b887f8b9ce78be27fad475aa21
f2533f16205dc100e21c8883248060bcffb3ef51
8541d813a46b227f8d12febbae020b03f782556d03c0bbc3e8cb589e6cc78e72

HTTP Headers

GET /m/p/0/756/756852/conversions/R2NBS1nv-minify.jpg HTTP/1.1
Host: imdn.pics
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:12 GMT
content-type: image/jpeg
content-length: 3454
server: nginx
last-modified: Thu, 14 Mar 2024 10:43:44 GMT
etag: "65f2d4e0-d7e"
x-request-id: 59e76f33fde192fa0ffcea555bfd5db7
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache, no-cache
expires: 0
x-proxy-cache: HIT, HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET assets.poopcdn.com/play.svg

188.114.96.1

200 OK

633 B

URL GET HTTP/2
assets.poopcdn.com/play.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5
ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT

File type
SVG Scalable Vector Graphics image
Size
633 B (633 bytes)
Hash
fa7e52a78c2db6968656093b3b4f6266
d3c582a7ce14bbe3f2e3a486e8e038d7ccbdfc6a
3ba523164e3d24ae32abd260e3728d4418e4720f145e0571acac76c42e81d3cb

HTTP Headers

GET /play.svg HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: image/svg+xml
etag: W/"85f08506e5a64050719e7e18a26cd9c4"
last-modified: Thu, 14 Mar 2024 17:17:30 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2923
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WBIWTiGtgjofoFN4gHUw%2FTF3eeY%2FF16ZPUhekO2GIJIxS%2FB6NR%2BgITURTxCgdW7ggNds%2Fk9yE1VL%2FfPs2Ou%2FoW7kaykW6vkDDBOS5jlbVQLrT5mHAgojIfpycsM%2FXWPtQfPisEM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c765fd8568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET go.xxxjmp.com/api/models/ts?targetDomain=stripchat.com&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&memberId=t9fsq8H2LD1k0pd-akKQKobYSF1v7mOKsKTpsoV6giG6sal5-3Iv3aK2lUFvoMLXufbcoLpkE2jNehoaRdHU0R8kPmg2xOlksCIO4OH-ZSZcx-ElYVtZTfc_gUIDRUi&p1=4548494&sourceId=547974&p2=3401168&tag=-girls%2Findian

172.64.147.206

200 OK

1.3 kB

URL GET HTTP/2
go.xxxjmp.com/api/models/ts?targetDomain=stripchat.com&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&memberId=t9fsq8H2LD1k0pd-akKQKobYSF1v7mOKsKTpsoV6giG6sal5-3Iv3aK2lUFvoMLXufbcoLpkE2jNehoaRdHU0R8kPmg2xOlksCIO4OH-ZSZcx-ElYVtZTfc_gUIDRUi&p1=4548494&sourceId=547974&p2=3401168&tag=-girls%2Findian
IP
172.64.147.206:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjectgo.xxxjmp.com
Fingerprint26:9F:65:73:DB:D0:66:42:2C:27:F5:39:E6:06:3C:9D:7A:D5:58:CE
ValidityThu, 30 May 2024 00:05:55 GMT - Wed, 28 Aug 2024 00:05:54 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1401), with no line terminators
Size
1.3 kB (1253 bytes)
Hash
1daf398217e0c095d2c0af0b08b4337c
0ecf2403f659f8e6981cb58cb34af6478fce1b33
8da6ef211cc8634e3f7dbebc0a5bbe12e831d27891e18ee499c628c8e0fa5558

HTTP Headers

GET /api/models/ts?targetDomain=stripchat.com&userId=ed4e3449202a44afa8131507a9d12a1c962321860e4bfcc2aa1b33a18897b60e&memberId=t9fsq8H2LD1k0pd-akKQKobYSF1v7mOKsKTpsoV6giG6sal5-3Iv3aK2lUFvoMLXufbcoLpkE2jNehoaRdHU0R8kPmg2xOlksCIO4OH-ZSZcx-ElYVtZTfc_gUIDRUi&p1=4548494&sourceId=547974&p2=3401168&tag=-girls%2Findian HTTP/1.1
Host: go.xxxjmp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: application/json
access-control-allow-origin: https://poophd.net
access-control-allow-credentials: true
vary: Origin, Accept-Encoding
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-Wow64
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 89f08c7a983c1c0e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET metrolagu.cam/play.svg

188.114.96.1

200 OK

633 B

URL GET HTTP/3
metrolagu.cam/play.svg
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/watch?v=ZyY71Ps5xRk
Certificate
IssuerGoogle Trust Services
Subjectmetrolagu.cam
Fingerprint54:95:F3:00:3B:6A:05:40:B7:A3:46:47:DD:70:74:4A:10:23:F2:F1
ValidityWed, 12 Jun 2024 08:19:24 GMT - Tue, 10 Sep 2024 08:19:23 GMT

File type
SVG Scalable Vector Graphics image
Size
633 B (633 bytes)
Hash
fa7e52a78c2db6968656093b3b4f6266
d3c582a7ce14bbe3f2e3a486e8e038d7ccbdfc6a
3ba523164e3d24ae32abd260e3728d4418e4720f145e0571acac76c42e81d3cb

HTTP Headers

GET /play.svg HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/embed.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: image/svg+xml
last-modified: Thu, 21 Sep 2023 10:51:20 GMT
etag: W/"650c2028-279"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2414
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aoKNuKBT5zmwK%2FPs7VB6yRNJ7ndyPT6Y99qpOnp6w7T1vJ8cruGZQ2%2BHoNAKNvqzId6k4qwRbp9aHLV7Uc883S1%2FRS9rfS2MAG5eNA104r4hZoA9H02FPDymFnQIrkwO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89f08c7f494e568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET cdn.tsyndicate.com/sdk/v1/inpage.push.js

45.133.44.70

200 OK

14 kB

URL GET HTTP/2
cdn.tsyndicate.com/sdk/v1/inpage.push.js
IP
45.133.44.70:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjectcdn.tsyndicate.com
FingerprintD1:BA:EE:F0:8D:8F:47:DF:CC:82:D6:69:8B:C5:E6:32:61:B2:10:52
ValiditySat, 08 Jun 2024 03:00:23 GMT - Fri, 06 Sep 2024 03:00:22 GMT

File type
JavaScript source, ASCII text, with very long lines (13920)
Size
14 kB (14005 bytes)
Hash
00c3a437db0258c707944c3f8a13da32
0e1b2787c0fe785af9e2c441b52c1c627c6a21d1
d10120a1e35daa3c0265fff15739c99dc889b724614c5a7d23059597fc9eccdf

HTTP Headers

GET /sdk/v1/inpage.push.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: application/javascript; charset=utf-8
server: nginx
last-modified: Fri, 15 Mar 2024 13:15:44 GMT
etag: W/"65f44a00-36b5"
x-robots-tag: noindex, nofollow
content-encoding: gzip
cache-control: max-age=172800
expires: Mon, 08 Jul 2024 15:15:10 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
X-Firefox-Spdy: h2

GET assets.poopcdn.com/style.css

188.114.96.1

200 OK

259 kB

URL GET HTTP/2
assets.poopcdn.com/style.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5
ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT

File type
ASCII text
Size
259 kB (259373 bytes)
Hash
f94acf4d0db64b4a710fc6fce3bc2a49
63753e2bb0367b37084eba7690d9fb752667ecd3
f4c109f2e81af1df1cf0c41934f699fa249176cb27c7b554d3bc664c89fc1340

HTTP Headers

GET /style.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: text/css
etag: W/"f94acf4d0db64b4a710fc6fce3bc2a49"
last-modified: Thu, 14 Mar 2024 17:13:04 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1896
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XFX5DfRo6ten9VdP1FkI1uzT2djIsJE2v0MlvEPqWZfsmOU7FXcb%2FQQSk0iOxZGEUg%2FJtjkvTaMymcsRHWCG4JsiggNE4Oyw5SL3BxRRTdOgIOdq%2BAdIB0MD%2FtONYptn33K8cPo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c747c0a568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET poophd.net/d/Pu2RS4Wlfi2

172.67.209.176

200 OK

15 kB

URL User Request GET HTTP/2
poophd.net/d/Pu2RS4Wlfi2
IP
172.67.209.176:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectpoophd.net
Fingerprint04:CB:BF:CF:D0:17:2F:6F:44:10:3D:D3:CC:8F:57:9B:58:C5:F4:79
ValidityFri, 05 Jul 2024 14:41:03 GMT - Thu, 03 Oct 2024 14:41:02 GMT

File type
HTML document, ASCII text, with very long lines (6446)
Size
15 kB (14758 bytes)
Hash
c61ca8e27596cbe351a2f7f2fb6f4fd4
9517e26212ab41fa04a061dc7214294c369f3933
745ff888cf20d120e74c2b6d1e61281504fb12839b8308d3b8ca795c5f7c3356

HTTP Headers

GET /d/Pu2RS4Wlfi2 HTTP/1.1
Host: poophd.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:09 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OrkN0BCkjJ6rUrtnytAFfxtgyW991tCWs7Qc1NJ%2BXVO3nTKQMQqK5q%2B58jj29vMRGm%2BQ5h3VHrBsp1ea9agV7IBXSKY31WDsykNvsjMedcbP3j0XkXiDe%2FRgrLAk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c70dd440b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET 4c21b1a532.5165c0c080.com/5d730eb6fd69b185ce754d3ab9c39752/114039?version_name=c&domain=poophd.net

45.133.44.52

200 OK

1.4 kB

URL GET HTTP/2
4c21b1a532.5165c0c080.com/5d730eb6fd69b185ce754d3ab9c39752/114039?version_name=c&domain=poophd.net
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subject4c21b1a532.5165c0c080.com
Fingerprint3A:0C:73:71:75:8E:44:D7:0B:07:A3:B5:42:A7:AD:2A:6B:78:11:41
ValidityWed, 03 Jul 2024 02:20:38 GMT - Tue, 01 Oct 2024 02:20:37 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1596), with no line terminators
Size
1.4 kB (1412 bytes)
Hash
7b58c864c1c35f99f5d46fbe36226717
91fb783b91506c3548727ff9decfabb3b559be6f
4650edbcde7f775295755920149cb6e5708c4b95534faec877277a0ed273506f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5d730eb6fd69b185ce754d3ab9c39752/114039?version_name=c&domain=poophd.net HTTP/1.1
Host: 4c21b1a532.5165c0c080.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: application/json
content-length: 1412
server: nginx/1.18.0
cache-control: max-age=300
expires: Sat, 06 Jul 2024 15:20:10 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET cdn.tsyndicate.com/sdk/v1/inpage.push.v2.css

45.133.44.70

200 OK

22 kB

URL GET HTTP/2
cdn.tsyndicate.com/sdk/v1/inpage.push.v2.css
IP
45.133.44.70:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjectcdn.tsyndicate.com
FingerprintD1:BA:EE:F0:8D:8F:47:DF:CC:82:D6:69:8B:C5:E6:32:61:B2:10:52
ValiditySat, 08 Jun 2024 03:00:23 GMT - Fri, 06 Sep 2024 03:00:22 GMT

File type
ASCII text, with very long lines (21744), with no line terminators
Size
22 kB (21744 bytes)
Hash
b4ac1d9cb97e96cbe37dcc8baf27f734
0b6a51d6587380b8296a5fc8f7827040813e5f31
59e92e521ef354de958402f21a9f5a437965e047b554382274bc3af767974a49

HTTP Headers

GET /sdk/v1/inpage.push.v2.css HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: text/css
server: nginx
last-modified: Fri, 15 Mar 2024 13:15:06 GMT
etag: W/"65f449da-54f0"
x-robots-tag: noindex, nofollow
content-encoding: gzip
cache-control: max-age=172800
expires: Mon, 08 Jul 2024 15:15:11 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
X-Firefox-Spdy: h2

POST metrolagu.cam/watch?v=ZyY71Ps5xRk

188.114.96.1

200 OK

6.9 kB

URL POST HTTP/3
metrolagu.cam/watch?v=ZyY71Ps5xRk
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://yu2be.com/watch?V=CBx6e9cZlBQ
Certificate
IssuerGoogle Trust Services
Subjectmetrolagu.cam
Fingerprint54:95:F3:00:3B:6A:05:40:B7:A3:46:47:DD:70:74:4A:10:23:F2:F1
ValidityWed, 12 Jun 2024 08:19:24 GMT - Tue, 10 Sep 2024 08:19:23 GMT

File type
HTML document, ASCII text, with very long lines (6940), with no line terminators
Size
6.9 kB (6851 bytes)
Hash
6dc8afe42da272d94fafaf99392edbb7
a6da1316f6ccd1afd0e9e9efee10764341383444
780eca5f2fe8dbb6e60b8208d4d49bc2a2d400e9dcde0595d3502b3fadeb2a9f

HTTP Headers

POST /watch?v=ZyY71Ps5xRk HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/jembud/3269666c57345352327550
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iN19h50YyR0e1jfQmhvb1jVN0HZFwy35O6s2ImzcfSWXctN2eUFCSTgTmsc5ydOzbGaiSb1AjRzStRwx27Q8bEX9D1NZVssJRypngw23EgGGztPc20A%2B415VaW8icngK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c7d0cca568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 4c21b1a532.5165c0c080.com/f7c98d6923c934c6c1674e526edb78d1.js

45.133.44.52

200 OK

116 kB

URL GET HTTP/2
4c21b1a532.5165c0c080.com/f7c98d6923c934c6c1674e526edb78d1.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subject4c21b1a532.5165c0c080.com
Fingerprint3A:0C:73:71:75:8E:44:D7:0B:07:A3:B5:42:A7:AD:2A:6B:78:11:41
ValidityWed, 03 Jul 2024 02:20:38 GMT - Tue, 01 Oct 2024 02:20:37 GMT

File type

Size
116 kB (116427 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /f7c98d6923c934c6c1674e526edb78d1.js HTTP/1.1
Host: 4c21b1a532.5165c0c080.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poophd.net
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 25 Jun 2024 15:04:49 GMT
etag: W/"667adc91-1c6cb"
content-encoding: gzip
expires: Sat, 06 Jul 2024 15:20:10 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET yu2be.com/embed.css

188.114.97.1

200 OK

1.1 kB

URL GET HTTP/3
yu2be.com/embed.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://yu2be.com/watch?V=CBx6e9cZlBQ
Certificate
IssuerGoogle Trust Services
Subjectyu2be.com
Fingerprint1F:55:1D:73:E9:96:2A:88:8C:9B:ED:61:EB:4C:C5:AF:4D:F9:61:FF
ValidityWed, 12 Jun 2024 04:17:16 GMT - Tue, 10 Sep 2024 04:17:15 GMT

File type
ASCII text, with very long lines (1145), with no line terminators
Size
1.1 kB (1094 bytes)
Hash
69c7d11151f7c8da1183e16ec826fd58
e20f5a01a0e67b7e5a8966ef0e36894ffa1e7ecf
360cdfd896a7ee8339aa947d0ea0457e3463ec025f989ef2e683c1ea4719d7d1

HTTP Headers

GET /embed.css HTTP/1.1
Host: yu2be.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/watch?V=CBx6e9cZlBQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: text/css
last-modified: Thu, 23 Nov 2023 00:03:15 GMT
etag: W/"655e96c3-446"
expires: Sat, 06 Jul 2024 20:57:53 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 22637
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s6art3uKq16go3ZhCrHZ%2FYUam4%2BAYYCDkzkrfH1xR63GMU53qzhbB4C1hSACgtzMO6FM4L3U0U3NoE2HLvfKXL5GLsoHe6FM1IoXHCyYurMUAXfjzYZZj2DOvsE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89f08c79aeb90b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET js.wpushsdk.com/skins/ipmain.m.js

45.133.44.52

200 OK

475 kB

URL GET HTTP/2
js.wpushsdk.com/skins/ipmain.m.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjectjs.wpushsdk.com
FingerprintC1:1E:49:F0:88:2B:8F:F1:59:51:D6:4A:97:D8:63:79:DA:EE:E0:BC
ValiditySat, 11 May 2024 05:01:00 GMT - Fri, 09 Aug 2024 05:00:59 GMT

File type

Size
475 kB (475109 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /skins/ipmain.m.js HTTP/1.1
Host: js.wpushsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Fri, 05 Jul 2024 10:17:38 GMT
etag: W/"6687c842-73fe5"
content-encoding: gzip
expires: Sat, 06 Jul 2024 15:20:11 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap

142.250.74.106

200 OK

18 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintC7:12:52:3A:BD:E0:73:20:AD:A8:5F:DF:12:DB:C6:DE:AF:63:88:6B
ValidityThu, 13 Jun 2024 16:32:33 GMT - Thu, 05 Sep 2024 16:32:32 GMT

File type
ASCII text
Size
18 kB (17685 bytes)
Hash
942d6c103643a3b457d90844f34a9b37
e2594da697f0082ee92f0f1d9b163aed142e09e7
654ba530c9e174b31735ff3b7a9cb8399c9c142e7572046eefd3f90b253f4b54

HTTP Headers

GET /css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 06 Jul 2024 15:15:10 GMT
date: Sat, 06 Jul 2024 15:15:10 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET assets.poopcdn.com/embed2.css

188.114.96.1

200 OK

2.3 kB

URL GET HTTP/2
assets.poopcdn.com/embed2.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5
ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT

File type
ASCII text, with very long lines (2279), with no line terminators
Size
2.3 kB (2267 bytes)
Hash
f966df8b666f4e6af52c4c5972958a8d
59c598587c742cdd8211376b6a124c27a6a2dc52
943cf282560a6d9565816a7feeaa67cb91804127cf2d34686c932039bec26622

HTTP Headers

GET /embed2.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: text/css
etag: W/"504eba00908d13eb47133d1f92f8048a"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1896
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mjMgiBfZ8ket0JxnJBCoMD4mHnk7E%2F0cTv50vsh%2Fn%2FCcl%2FAQoAelTMWhHAbxlNxaE9uz79ufmZAksrDprxBaJhs7MVhEk1oY4Efy%2FsFdm6EK2GWQQuX2jI%2BlD65qJBiZr%2ByI7GE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c747c06568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET assets.poopcdn.com/bootstrap.min.css

188.114.96.1

200 OK

209 kB

URL GET HTTP/2
assets.poopcdn.com/bootstrap.min.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5
ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT

File type
ASCII text, with very long lines (625)
Size
209 kB (208810 bytes)
Hash
3ad35d9c124d6c7d13f776dde0df9286
1bfc432b338ca01be6b05ab8e87f4a63caa8d82b
10c142c79bbbfe42ce677eedeee70f918de0e759feabc175f423543aee886a6b

HTTP Headers

GET /bootstrap.min.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: text/css
etag: W/"3ad35d9c124d6c7d13f776dde0df9286"
last-modified: Thu, 14 Mar 2024 17:13:03 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6646
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lGg7L4OyS6GLczFdYWlmgHCpCby8u35vL94flRetermpnPg%2FAvJ2KofGB1TV4yfldiodUCTY6oImgGSwpn1OjNgxPmfraF%2Fw%2FZlWcXpVg%2F5bIl%2BL%2FXXAzI1WwwtrElKr4pp8XmE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c749c56568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AdF4I77m5vhYi5_wFWQg-SyC9aBG0EdVyJPlDuWPv2zwSxzrpRcj9yECYIVq5CLsjGsPhcWDBgfb&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-955983947%3A1720278912035613&ddm=0

209.85.233.84

403 Forbidden

0 B

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AdF4I77m5vhYi5_wFWQg-SyC9aBG0EdVyJPlDuWPv2zwSxzrpRcj9yECYIVq5CLsjGsPhcWDBgfb&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-955983947%3A1720278912035613&ddm=0
IP
209.85.233.84:443
ASN
#15169 GOOGLE

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint5E:16:23:DF:7D:42:8E:61:6E:AA:4A:CC:FB:08:1A:B9:8F:FA:E0:A2
ValidityThu, 13 Jun 2024 15:27:14 GMT - Thu, 05 Sep 2024 15:27:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AdF4I77m5vhYi5_wFWQg-SyC9aBG0EdVyJPlDuWPv2zwSxzrpRcj9yECYIVq5CLsjGsPhcWDBgfb&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-955983947%3A1720278912035613&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 06 Jul 2024 15:15:12 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-UihVtdnLi-Nw59bBmJWw2Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.ZU1EFvXsC20.es5.O/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET p.a64x.com/in/tip_shows/?katds_ep=M0VQA02HAlHoFE4qDWkL4ZKPMqLAgI39KftFlPmxhy3Rir0XzP_svn-sqpgA6tqCAPavNvyaVKYtOcFbVHmjz4c8rxatKAG7WeaBOxZTfwrfCDQpcbRwPfGX3OAN_HsK3VimFy1mgKTz3Tc08LwLVj_3yGHbPF3TqIAbujUJnnEGVnswlvaQ8EfS3IQU2yDM6SHy6LTS8asmmYhSQ5YrfFgqTh6WQ1yi2GRWT7IuGSn1QDAABDt11oOLMM55XxlcqNAhAmbN2hL_0r3C_c3ZTzFJNQkz5GDJnHXULnR_ULOgKI2bE0y6olHZ02pK-7ZHTen1wSCwzrF0C2kXJ5r3vj17LzpHWsuo5dp0vX454mNhL9t7E1cAHly6X5JKjGIcdpgoJGW33zkvXeWIsKOQvJlbYHkodljDgNyKwhy4ex79pO3Wgod0U-trrAvFAvyLMkjpJmVstceISHJa5mow_3GrhQsuf6WePl7ux-YxMtCQpfUBfWcAZ6uG4cmUBU8hRBPny0vafQU2zNe_NMwB4nBkaUwmhqKwQwRxGFJivGiwHkYRjNCURZHIdhJm68v5eW2rXS6uOs4bLQSosaakb30OStYGRlikl11o6u_KCkFF5t2KxfekW3WI_KMomIMWOGlHGr0T6DXeGxEhi_Sk1JR3q5KiuVjLqMazsfHJ872upSxO-MzqkgZZADyMGjYXPMr_LNGgDD4STPkzcJPoOY9yUkEtLO5pJzjhS6DgosRXmcGfn4XOQOGflsAkn9RbNFloVN-n5sFAen4TopEQApWlwi_dAa9tH0dK9V0CK2mY7_TYC2seAiN2gL9niZf-_VBVUGaGbFF5gjEjcnwlfaGX01XJTyL2wgCYae72hUr20y24HV-QlC7HyRL5Gl1KYnvCkmvu8KnjQNRccOIGRMQBin6g3zo_eHM-8VGuu2coJM_wfiBJcvXAejYN&sp=0.0028366506248763638&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.03&cpa=c66e336a-9dcb-4e95-9c28-b9421480a1c0&prev_step_diff=920

104.21.19.82

302 Found

3.5 kB

URL GET HTTP/2
p.a64x.com/in/tip_shows/?katds_ep=M0VQA02HAlHoFE4qDWkL4ZKPMqLAgI39KftFlPmxhy3Rir0XzP_svn-sqpgA6tqCAPavNvyaVKYtOcFbVHmjz4c8rxatKAG7WeaBOxZTfwrfCDQpcbRwPfGX3OAN_HsK3VimFy1mgKTz3Tc08LwLVj_3yGHbPF3TqIAbujUJnnEGVnswlvaQ8EfS3IQU2yDM6SHy6LTS8asmmYhSQ5YrfFgqTh6WQ1yi2GRWT7IuGSn1QDAABDt11oOLMM55XxlcqNAhAmbN2hL_0r3C_c3ZTzFJNQkz5GDJnHXULnR_ULOgKI2bE0y6olHZ02pK-7ZHTen1wSCwzrF0C2kXJ5r3vj17LzpHWsuo5dp0vX454mNhL9t7E1cAHly6X5JKjGIcdpgoJGW33zkvXeWIsKOQvJlbYHkodljDgNyKwhy4ex79pO3Wgod0U-trrAvFAvyLMkjpJmVstceISHJa5mow_3GrhQsuf6WePl7ux-YxMtCQpfUBfWcAZ6uG4cmUBU8hRBPny0vafQU2zNe_NMwB4nBkaUwmhqKwQwRxGFJivGiwHkYRjNCURZHIdhJm68v5eW2rXS6uOs4bLQSosaakb30OStYGRlikl11o6u_KCkFF5t2KxfekW3WI_KMomIMWOGlHGr0T6DXeGxEhi_Sk1JR3q5KiuVjLqMazsfHJ872upSxO-MzqkgZZADyMGjYXPMr_LNGgDD4STPkzcJPoOY9yUkEtLO5pJzjhS6DgosRXmcGfn4XOQOGflsAkn9RbNFloVN-n5sFAen4TopEQApWlwi_dAa9tH0dK9V0CK2mY7_TYC2seAiN2gL9niZf-_VBVUGaGbFF5gjEjcnwlfaGX01XJTyL2wgCYae72hUr20y24HV-QlC7HyRL5Gl1KYnvCkmvu8KnjQNRccOIGRMQBin6g3zo_eHM-8VGuu2coJM_wfiBJcvXAejYN&sp=0.0028366506248763638&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.03&cpa=c66e336a-9dcb-4e95-9c28-b9421480a1c0&prev_step_diff=920
IP
104.21.19.82:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerGoogle Trust Services LLC
Subjecta64x.com
Fingerprint76:55:79:FC:4D:38:2F:44:C6:48:AC:9B:DF:F9:BF:0D:DD:1E:A5:82
ValidityFri, 17 May 2024 16:57:29 GMT - Thu, 15 Aug 2024 16:57:28 GMT

File type

Size
3.5 kB (3454 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/tip_shows/?katds_ep=M0VQA02HAlHoFE4qDWkL4ZKPMqLAgI39KftFlPmxhy3Rir0XzP_svn-sqpgA6tqCAPavNvyaVKYtOcFbVHmjz4c8rxatKAG7WeaBOxZTfwrfCDQpcbRwPfGX3OAN_HsK3VimFy1mgKTz3Tc08LwLVj_3yGHbPF3TqIAbujUJnnEGVnswlvaQ8EfS3IQU2yDM6SHy6LTS8asmmYhSQ5YrfFgqTh6WQ1yi2GRWT7IuGSn1QDAABDt11oOLMM55XxlcqNAhAmbN2hL_0r3C_c3ZTzFJNQkz5GDJnHXULnR_ULOgKI2bE0y6olHZ02pK-7ZHTen1wSCwzrF0C2kXJ5r3vj17LzpHWsuo5dp0vX454mNhL9t7E1cAHly6X5JKjGIcdpgoJGW33zkvXeWIsKOQvJlbYHkodljDgNyKwhy4ex79pO3Wgod0U-trrAvFAvyLMkjpJmVstceISHJa5mow_3GrhQsuf6WePl7ux-YxMtCQpfUBfWcAZ6uG4cmUBU8hRBPny0vafQU2zNe_NMwB4nBkaUwmhqKwQwRxGFJivGiwHkYRjNCURZHIdhJm68v5eW2rXS6uOs4bLQSosaakb30OStYGRlikl11o6u_KCkFF5t2KxfekW3WI_KMomIMWOGlHGr0T6DXeGxEhi_Sk1JR3q5KiuVjLqMazsfHJ872upSxO-MzqkgZZADyMGjYXPMr_LNGgDD4STPkzcJPoOY9yUkEtLO5pJzjhS6DgosRXmcGfn4XOQOGflsAkn9RbNFloVN-n5sFAen4TopEQApWlwi_dAa9tH0dK9V0CK2mY7_TYC2seAiN2gL9niZf-_VBVUGaGbFF5gjEjcnwlfaGX01XJTyL2wgCYae72hUr20y24HV-QlC7HyRL5Gl1KYnvCkmvu8KnjQNRccOIGRMQBin6g3zo_eHM-8VGuu2coJM_wfiBJcvXAejYN&sp=0.0028366506248763638&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.03&cpa=c66e336a-9dcb-4e95-9c28-b9421480a1c0&prev_step_diff=920 HTTP/1.1
Host: p.a64x.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 06 Jul 2024 15:15:12 GMT
content-type: application/json
content-length: 0
location: https://imdn.pics/m/p/0/756/756852/conversions/R2NBS1nv-minify.jpg
access-control-allow-credentials: true
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mx8RnBsHwQY2ITwwyaok8D%2BP65z0xhnSju7%2BlNq86%2BORw4JJIFDMKepFX%2F2UdzRiTmJQAsPvfxWc6PLdWjmGDB3xPA4DvwOXTQZ7%2FEMd%2F%2BJVBl4WSuzj6RQXBeai"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c82b950b518-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cdn.tsyndicate.com/sdk/v1/p.js

45.133.44.70

200 OK

9.6 kB

URL GET HTTP/2
cdn.tsyndicate.com/sdk/v1/p.js
IP
45.133.44.70:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerLet's Encrypt
Subjectcdn.tsyndicate.com
FingerprintD1:BA:EE:F0:8D:8F:47:DF:CC:82:D6:69:8B:C5:E6:32:61:B2:10:52
ValiditySat, 08 Jun 2024 03:00:23 GMT - Fri, 06 Sep 2024 03:00:22 GMT

File type
JavaScript source, ASCII text, with very long lines (9914), with no line terminators
Size
9.6 kB (9579 bytes)
Hash
80d5994a62b95bdb71b48a8cdc49f25d
98b2696b786639404cb785f0269188ddce349e5b
2b4d201b3cf2d8472389f8035a077671117c07c2b799872f3b346b6a227d4045

HTTP Headers

GET /sdk/v1/p.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: application/javascript; charset=utf-8
server: nginx
last-modified: Fri, 15 Mar 2024 12:34:32 GMT
etag: W/"65f44058-256b"
x-robots-tag: noindex, nofollow
content-encoding: gzip
cache-control: max-age=172800
expires: Mon, 08 Jul 2024 15:15:10 GMT
vary: Accept-Encoding
x-proxy-cache: HIT
X-Firefox-Spdy: h2

GET mordoops.com/5/6651943/?oo=1&aab=1

139.45.197.244

200 OK

3.8 kB

URL GET HTTP/2
mordoops.com/5/6651943/?oo=1&aab=1
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://yu2be.com/watch?V=CBx6e9cZlBQ
Certificate
IssuerLet's Encrypt
Subjectmordoops.com
Fingerprint0B:32:D8:40:AB:56:05:9B:BD:33:D8:55:19:05:B0:A5:45:79:BA:1D
ValiditySun, 28 Apr 2024 05:23:29 GMT - Sat, 27 Jul 2024 05:23:28 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3841), with no line terminators
Size
3.8 kB (3837 bytes)
Hash
7084168f949387d4db90e7f0563ad4a9
d8e02b70c309e4f226ae39e90e49b74a02f8afd8
b5def53fa305b3fdab6a3ba63aa8991a1ca13ac3cb93c1b618e7ea2c8af75e3a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6651943/?oo=1&aab=1 HTTP/1.1
Host: mordoops.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://yu2be.com
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: application/json
x-trace-id: af9233b0a7d6235af8d07e95ab6a6396
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://yu2be.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=008091aa77464558eb2b72c420460d2e; expires=Sun, 06 Jul 2025 15:15:11 GMT; path=/; secure; SameSite=None
oaidts=1720278911; expires=Sun, 06 Jul 2025 15:15:11 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

GET mordoops.com/?rb=KJZWhj13airgzUJJfGm7U44BHNHpb3q89qG1KCvsXseXc1PJHh1hKHdkr9Cz6WHyChsIs5Ja1EdtI-Gpznj8vibzMPOsoGjmUvNOi3HHcZ0M49qoeSXOokn4a6fOcy4b4th-LZdhAj8Tugu-eA4FfGhgZOOxAAn-WVqk2C6bsQLZXn4xJaMh5t6DGAhWpxQdAck0LrMNc72ctHPSxtf2HQp0CmtjeDdU-jgJ-vUCGTnKZAia3hsxbn5aF_JY4Q_8xRTkEg%3D%3D&request_ab2=0&zoneid=6651943&js_build=iclick-v1.834.7-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=3&pl=https%3A%2F%2Fyu2be.com%2Fwatch%3FV%3DCBx6e9cZlBQ&drf=https%3A%2F%2Fyu2be.com%2Fembud%2F3269666c57345352327550&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.834.7-auto&navlng=en-US&pnt=0&pnrc=0&bs=765a3d53-eb5d-4550-9a74-174908423e47&wasm=1&userId=008091aa77464558eb2b72c420460d2e&m=link

139.45.197.244

200 OK

2.8 kB

URL GET HTTP/2
mordoops.com/?rb=KJZWhj13airgzUJJfGm7U44BHNHpb3q89qG1KCvsXseXc1PJHh1hKHdkr9Cz6WHyChsIs5Ja1EdtI-Gpznj8vibzMPOsoGjmUvNOi3HHcZ0M49qoeSXOokn4a6fOcy4b4th-LZdhAj8Tugu-eA4FfGhgZOOxAAn-WVqk2C6bsQLZXn4xJaMh5t6DGAhWpxQdAck0LrMNc72ctHPSxtf2HQp0CmtjeDdU-jgJ-vUCGTnKZAia3hsxbn5aF_JY4Q_8xRTkEg%3D%3D&request_ab2=0&zoneid=6651943&js_build=iclick-v1.834.7-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=3&pl=https%3A%2F%2Fyu2be.com%2Fwatch%3FV%3DCBx6e9cZlBQ&drf=https%3A%2F%2Fyu2be.com%2Fembud%2F3269666c57345352327550&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.834.7-auto&navlng=en-US&pnt=0&pnrc=0&bs=765a3d53-eb5d-4550-9a74-174908423e47&wasm=1&userId=008091aa77464558eb2b72c420460d2e&m=link
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://yu2be.com/watch?V=CBx6e9cZlBQ
Certificate
IssuerLet's Encrypt
Subjectmordoops.com
Fingerprint0B:32:D8:40:AB:56:05:9B:BD:33:D8:55:19:05:B0:A5:45:79:BA:1D
ValiditySun, 28 Apr 2024 05:23:29 GMT - Sat, 27 Jul 2024 05:23:28 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2839), with no line terminators
Size
2.8 kB (2809 bytes)
Hash
b131f6b7b7c1a499a845c284465df239
901e2c02851ed20003c7027f8e73b96ea03a212f
4fe55c33461822fabe6252c17a390fcd9af24bf0ade8393fb53d6c1654c1e0ab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=KJZWhj13airgzUJJfGm7U44BHNHpb3q89qG1KCvsXseXc1PJHh1hKHdkr9Cz6WHyChsIs5Ja1EdtI-Gpznj8vibzMPOsoGjmUvNOi3HHcZ0M49qoeSXOokn4a6fOcy4b4th-LZdhAj8Tugu-eA4FfGhgZOOxAAn-WVqk2C6bsQLZXn4xJaMh5t6DGAhWpxQdAck0LrMNc72ctHPSxtf2HQp0CmtjeDdU-jgJ-vUCGTnKZAia3hsxbn5aF_JY4Q_8xRTkEg%3D%3D&request_ab2=0&zoneid=6651943&js_build=iclick-v1.834.7-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=3&pl=https%3A%2F%2Fyu2be.com%2Fwatch%3FV%3DCBx6e9cZlBQ&drf=https%3A%2F%2Fyu2be.com%2Fembud%2F3269666c57345352327550&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.834.7-auto&navlng=en-US&pnt=0&pnrc=0&bs=765a3d53-eb5d-4550-9a74-174908423e47&wasm=1&userId=008091aa77464558eb2b72c420460d2e&m=link HTTP/1.1
Host: mordoops.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://yu2be.com/
Origin: https://yu2be.com
DNT: 1
Connection: keep-alive
Cookie: OAID=008091aa77464558eb2b72c420460d2e; oaidts=1720278911
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 06 Jul 2024 15:15:11 GMT
content-type: application/json
x-trace-id: f967d231edfea641b74162d71f489703
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://yu2be.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=008091aa77464558eb2b72c420460d2e; expires=Sun, 06 Jul 2025 15:15:11 GMT; path=/; secure; SameSite=None
oaidts=1720278911; expires=Sun, 06 Jul 2025 15:15:11 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 13 Jul 2024 15:15:11 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

GET yu2be.com/embud/3269666c57345352327550

188.114.97.1

200 OK

241 B

URL GET HTTP/2
yu2be.com/embud/3269666c57345352327550
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poophd.net/d/Pu2RS4Wlfi2
Certificate
IssuerGoogle Trust Services
Subjectyu2be.com
Fingerprint1F:55:1D:73:E9:96:2A:88:8C:9B:ED:61:EB:4C:C5:AF:4D:F9:61:FF
ValidityWed, 12 Jun 2024 04:17:16 GMT - Tue, 10 Sep 2024 04:17:15 GMT

File type
HTML document, ASCII text, with no line terminators
Size
241 B (241 bytes)
Hash
da15d0793ceed17895d656e06f3a67ce
92fcb2ca9ac68cf3f0049f090b2a033952193991
ea63723f805541cf70862c2f9165912e1b416b459cedd822a7b5fa83ad9e6534

HTTP Headers

GET /embud/3269666c57345352327550 HTTP/1.1
Host: yu2be.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poophd.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 06 Jul 2024 15:15:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nhvrp%2FWLQ8vitVYSglwmY0b5VaQttJwVgz1VUDPSovXKELjmQnqK0gE4%2BR7AvaM1DwLOW3cLODA30x7fxNMPqIWxH%2FeTgbE5VHQEg5TUvRCReltkohwJHNQlxQA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89f08c770ed8b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (22)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by