| cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js | 104.17.25.14 | 200 OK | 28 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js IP104.17.25.14:443
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hash220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:02 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 349337
expires: Thu, 24 Apr 2025 21:14:02 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TcYrbkAb1r%2BXU1xvxH1gTCZ7K7rrK2e0zlPZVt2hWharTrr%2Fi4oLqdRv79HnnkGSp5dE8PIcgMMTptkQ3w4ribCIKTz1nkQS7id8wUu5cRyjwT0qwg5sR33Z6%2FxrmiroqAo5AkQb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87eb7f854e2056a8-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| i.poopcdn.com/ixpxG.jpg | 188.114.97.1 | 200 OK | 12 kB |
IP188.114.97.1:443
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjecti.poopcdn.com Fingerprint94:CF:0E:89:D9:78:6D:10:14:DF:D3:8A:C2:3E:AE:81:F9:AC:73:03 ValidityThu, 14 Mar 2024 07:45:46 GMT - Wed, 12 Jun 2024 07:45:45 GMT
File typeJPEG image data, baseline, precision 8, 360x640, components 3 Hash8aecd64e35db768e427e9d3638612cb3 402319040bf316e997ffdabb676f6022a1264eef 15a098f2a2b4d1f6485c9659baac6a4ea725330e167aabe18783f95ee91753c5
GET /ixpxG.jpg HTTP/1.1
Host: i.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:02 GMT
content-type: image/jpeg
content-length: 12087
etag: "8aecd64e35db768e427e9d3638612cb3"
last-modified: Sat, 04 May 2024 17:36:10 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 812
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fNaKwC2iYMSLoeSkQtj%2BoDBk7nxy0BVoQXsV7SyGEbFmiry0QwSwwrBsPy83I76%2BEk1%2BCWNWLtsKA01p1DssEZxvUd6LeZhabxBCCWfF7kZlcHPbIyw9cwT9Ya%2BZqm3t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87eb7f85db34b500-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-RRBBHD087X | 142.250.74.168 | 200 OK | 102 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=G-RRBBHD087X IP142.250.74.168:443
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (5955) Size102 kB (101586 bytes) Hash1fcc19fe5905fbeb34a3ce7a7778a4e3 5f5f347a75aa9e7e82c1bd570180c094e77d9d28 a74d02e451612d67675d0a0182fcfb85bc2712a25f485cb02bffb9e05054e182
GET /gtag/js?id=G-RRBBHD087X HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 21:14:02 GMT
expires: Sat, 04 May 2024 21:14:02 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 101586
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/fonts/avertastd-regular-webfont.woff2 | 188.114.96.1 | 200 OK | 24 kB |
URL GET HTTP/2assets.poopcdn.com/fonts/avertastd-regular-webfont.woff2 IP188.114.96.1:443
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 23812, version 1.524 Hasheb586e5a1b86dbf1c866e3ed80f9d18e 280ee78d19c017ab9335f769595e5157d3c4a343 714e70103deac0d67f52a6285c5fabee6088ce4d710ce7e74353503837038baf
GET /fonts/avertastd-regular-webfont.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:02 GMT
content-type: font/woff2
content-length: 23812
access-control-allow-origin: https://poop.com.co
etag: "eb586e5a1b86dbf1c866e3ed80f9d18e"
last-modified: Thu, 14 Mar 2024 17:32:25 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 5365
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QIf3OKmzf%2BxXC3uyROKHipE57W3i1qXDovSJKTzL8ZHIVFSv%2F656E8HcCcH%2F5oDQ%2B%2FP%2FbT7rgXXvO2Y5JJ7QuH9PpBYlmtKxsQA2yzqPvXMqxF4hyKMksmM6cA3xwznp%2BjHEALU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87eb7f882f9d56a5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/fontawesome/webfonts/fa-duotone-900.woff2 | 188.114.96.1 | 200 OK | 184 kB |
URL GET HTTP/2assets.poopcdn.com/fontawesome/webfonts/fa-duotone-900.woff2 IP188.114.96.1:443
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 184476, version 330.-16253 Size184 kB (184476 bytes) Hash2a6dec1227f9970376f578270a642d06 150a6a7ffdec6e2e2ff4c712d7cee8bd9b930284 e228b909313044a18dec1a674cfd4935071c36eb3eb6a0cd38a45afac6ae3996
GET /fontawesome/webfonts/fa-duotone-900.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:02 GMT
content-type: font/woff2
content-length: 184476
access-control-allow-origin: https://poop.com.co
etag: "2a6dec1227f9970376f578270a642d06"
last-modified: Thu, 14 Mar 2024 17:23:02 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 5365
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OT97cK4waqNkle8vnxrOBu4bpwSCs5TbswmrBCNFEYkoXLxKz7Bixl43q38MADv1uT%2Fis%2BMRBYzj3%2B59OK7BmSv3i9ahCd81LkLoiwp7ZiYjqjndB%2BF0CwS0VIY5NvhcWHA%2Fwn8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87eb7f883fa056a5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/fonts/avertastd-bold-webfont.woff2 | 188.114.96.1 | 200 OK | 24 kB |
URL GET HTTP/2assets.poopcdn.com/fonts/avertastd-bold-webfont.woff2 IP188.114.96.1:443
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 23604, version 1.0 Hashe9133fd11f14c09a2e4556c395a0ef7d 00fad09605f3342df5c9aeba130156fe19ade8b0 06244cc9cd0c998581b1bf93f5222deee7d2d0b09299190e163961afa973ba91
GET /fonts/avertastd-bold-webfont.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:02 GMT
content-type: font/woff2
content-length: 23604
access-control-allow-origin: https://poop.com.co
etag: "e9133fd11f14c09a2e4556c395a0ef7d"
last-modified: Thu, 14 Mar 2024 17:32:22 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 5365
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nKweRGYomWd4iQ%2BDMzUQ0gPue3f4GMhpsVr3lJeW6%2B6goURfbS2sGsPyNx3I6j91iye%2FtdykHWsiPLkckJYMgWoaDRxgiCrXWEDRXKC%2BptCiHV6ynGbYg3TluCc0OolScK1XghQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87eb7f883fa556a5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/apple-touch-icon.png | 188.114.96.1 | 200 OK | 2.8 kB |
URL GET HTTP/2assets.poopcdn.com/apple-touch-icon.png IP188.114.96.1:443
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typePNG image data, 180 x 180, 8-bit colormap, non-interlaced Hashe4acc3f05da8195dfa02a437c8b2dba2 f23df2ed14e5d52417b155ccd11187f3250861dc 8b520e4032a17a3fb0410c6e4c7da29f182ca06861aa2d64db1969927e2db0d4
GET /apple-touch-icon.png HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:03 GMT
content-type: image/png
content-length: 2766
etag: "e4acc3f05da8195dfa02a437c8b2dba2"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 5361
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZlMqphoMAv%2F%2BZiFirWRWDdNCRUA3T8yWBEpOq4jz1rQD8aml1bKdL7xZ3hE2AIsiQ3Imu0Z9Xyo7V11MSf9Lxk9dQ5k4RkjqOUABBnHCcaU5DpJIy9Q0z2pxOm3U3DHouIUS2v8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87eb7f8918a356a5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/favicon-16x16.png | 188.114.96.1 | 200 OK | 612 B |
URL GET HTTP/2assets.poopcdn.com/favicon-16x16.png IP188.114.96.1:443
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hashac008ea155d4beee1e93247d7434c77d f8ea94e94e0cc310202a517a9c445c3d70af564e 283e092dad794fdd9212249389fb2acb6d6846f332413ab2af7bbcced9a4957e
GET /favicon-16x16.png HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:03 GMT
content-type: image/png
content-length: 612
etag: "ac008ea155d4beee1e93247d7434c77d"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3233
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KsMFQ%2BkS%2BiKwEuGO9LRPN2%2FL8hDYlBFNav2fQOUNEfqigIoQxPzf6JchPiMCy9WVT0N6UcZIG6B%2FrZyo9MCwlWl3uP5ZeyCgUc%2BgdKT0%2F5GZgomovkg4baGwtZeW66yj9XLaTsM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87eb7f8918a656a5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fp.metricswpsh.com/fp?tag_id=114039 | 157.90.84.242 | 200 OK | 0 B |
URL POST HTTP/1.1fp.metricswpsh.com/fp?tag_id=114039 IP157.90.84.242:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.com.co/
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Sat, 04 May 2024 21:14:03 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://poop.com.co
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
|
|
| da7b22a400.13199960a1.com/0ae085698cad0960a86703ca969164ab.js | 45.133.44.52 | 200 OK | 36 kB |
URL GET HTTP/2da7b22a400.13199960a1.com/0ae085698cad0960a86703ca969164ab.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectda7b22a400.13199960a1.com Fingerprint07:F4:C8:88:64:13:2A:27:21:B9:21:22:4E:39:31:C9:B4:0B:24:CD ValidityWed, 01 May 2024 02:20:21 GMT - Tue, 30 Jul 2024 02:20:20 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65534), with no line terminators Hash41230c1446cb19310867b6c3e10f8bec f600745dccd0143bbd1d83d44bd776c74f69866b 713bc0015ac5ef37f48ad9f49aa4521912b705cf01bf19409f98235b28d41dfe
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /0ae085698cad0960a86703ca969164ab.js HTTP/1.1
Host: da7b22a400.13199960a1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:03 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 23 Apr 2024 09:45:19 GMT
etag: W/"6627832f-1ab1c"
content-encoding: gzip
expires: Sat, 04 May 2024 21:19:03 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| fp.metricswpsh.com/fp?tag_id=114039 | 157.90.84.242 | 200 OK | 58 B |
URL POST HTTP/1.1fp.metricswpsh.com/fp?tag_id=114039 IP157.90.84.242:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hash87385fcd2a67fc74d2fa67366ba68ea2 a604cdbb1d31ce257e8643eee9219c9c724c200c 9307cbb21345500294eae459b18a8ffb2bd2fcccd928a09efbc1e324fa9c9995
POST /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1836
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 04 May 2024 21:14:03 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://poop.com.co
Set-Cookie: id=16545923469674516950; Expires=Sun, 04 May 2025 21:14:03 GMT; Secure; SameSite=None
Vary: Origin
|
|
| nereserv.com/in/dip?site=native-push&wl=1&event_id=5c9f196d-3661-4bc2-9019-632731bdfcf3&subid=388464194&sid=2855237170&spot_id=418776&created_at=2024-05-04&timezone=0&ver=7.282.0-b&is_native=1 | 167.235.163.216 | 200 OK | 0 B |
URL GET HTTP/2nereserv.com/in/dip?site=native-push&wl=1&event_id=5c9f196d-3661-4bc2-9019-632731bdfcf3&subid=388464194&sid=2855237170&spot_id=418776&created_at=2024-05-04&timezone=0&ver=7.282.0-b&is_native=1 IP167.235.163.216:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=5c9f196d-3661-4bc2-9019-632731bdfcf3&subid=388464194&sid=2855237170&spot_id=418776&created_at=2024-05-04&timezone=0&ver=7.282.0-b&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 04 May 2024 21:14:03 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| da7b22a400.13199960a1.com/9ce5c366c56b3eb801b7fc5bb76cb452.js | 45.133.44.52 | 200 OK | 110 kB |
URL GET HTTP/2da7b22a400.13199960a1.com/9ce5c366c56b3eb801b7fc5bb76cb452.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectda7b22a400.13199960a1.com Fingerprint07:F4:C8:88:64:13:2A:27:21:B9:21:22:4E:39:31:C9:B4:0B:24:CD ValidityWed, 01 May 2024 02:20:21 GMT - Tue, 30 Jul 2024 02:20:20 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size110 kB (109954 bytes) Hashcacb84104ff1b8352e0ee8c801a29ef4 393c74e933ff2a417ca50df17347793a36c86055 0099579c122343453ad3823291a11281d87678f071717020be17fec25ff03b77
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /9ce5c366c56b3eb801b7fc5bb76cb452.js HTTP/1.1
Host: da7b22a400.13199960a1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:03 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 15 Apr 2024 13:02:16 GMT
etag: W/"661d2558-72d72"
content-encoding: gzip
expires: Sat, 04 May 2024 21:19:03 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| poop.com.co/d/8FLuKq68QVA | 188.114.96.1 | 200 OK | 52 kB |
URL User Request GET HTTP/2poop.com.co/d/8FLuKq68QVA IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectpoop.com.co FingerprintEA:EE:EE:71:08:93:82:E5:DD:72:09:B4:34:3A:43:B8:CC:B7:6D:7F ValidityWed, 10 Apr 2024 13:32:28 GMT - Tue, 09 Jul 2024 13:32:27 GMT
File typeHTML document, ASCII text, with very long lines (6447) Hashcd2c6ec8383e06fe7ac83bdc71dc55f5 b901a4fefe129f289c77bf692c9ac079b065d5c8 06cfe19a8c04eb8716b8335661366646399eeed1c3384511c21614391deee729
GET /d/8FLuKq68QVA HTTP/1.1
Host: poop.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:02 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=43200
cf-cache-status: EXPIRED
last-modified: Sat, 04 May 2024 17:52:37 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yUzKBtcLThglEJnpIRtkVwcZOmz0t6ASYitXj%2FsZZJr8K9EUuqllBg0ATxi9eNOhzyiZHogIZZNFjMvyGSb1dib6MRfHNYbncqprzYUgzuV0rb5uD5Oy6B1QRFCvxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87eb7f81abb056be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| storage.multstorage.com/log/count.html | 104.21.30.242 | 200 OK | 390 B |
URL GET HTTP/2storage.multstorage.com/log/count.html IP104.21.30.242:443
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerGoogle Trust Services LLC Subjectmultstorage.com Fingerprint63:F0:24:29:21:22:E5:42:33:61:B5:20:05:1B:EF:36:81:F5:7B:0A ValiditySun, 17 Mar 2024 08:38:54 GMT - Sat, 15 Jun 2024 08:38:53 GMT
File typeHTML document, ASCII text, with very long lines (700) Hashb728ca9cd183d1b7c3f72116b19b22a3 c1fd73f6b02cf00b8bc60b09cc99495e8494b739 8a7b1ca4bbf273b32ea865d4785a1944d1b2b133678d9b5fe7ee0406f6fd64b2
GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:03 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: de2bd6e3cf8a61bc565b711ad6b4719f
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uDVBX9jljXzGOP6S%2BKTer9Rppgv0lwJEVDjLlwM%2BQE80gEvE7dlEYxRIbik91Y8XS0zXof%2BxqBGKjpKMkfW32NT%2Btyuyy64YKBmW3m98XiQ3Uxwb%2B%2BvU0fxOWF5RZ9L4X%2FVYKulQLwG7eQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87eb7f8bce56569f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| yu2be.com/video?q=utopia | 188.114.97.1 | 200 OK | 0 B |
IP188.114.97.1:443
Requested byhttps://yu2be.com/video?q=utopia CertificateIssuerLet's Encrypt Subjectyu2be.com Fingerprint3C:30:E2:11:42:30:CD:21:F1:06:87:EC:9F:A9:56:40:57:B2:4C:EF ValiditySun, 14 Apr 2024 02:05:14 GMT - Sat, 13 Jul 2024 02:05:13 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /video?q=utopia HTTP/1.1
Host: yu2be.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/video?q=utopia
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 21:14:04 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Sat, 04 May 2024 10:59:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yBY5EaLZk6nlE9mSD44CmuZbehAW91bOrioBCsGimVbPl9I73%2Bn6VS5QiTNX4Yg8P7nd9AB5AznUZa5r858QaJT5SB2lW8cQh5nO3iwhZ9guY4Y72nFbnqvymdE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87eb7f8e2eff1c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 5d39fe7c75.2ac4fce9b8.com/in/multy | 94.130.198.6 | 204 No Content | 0 B |
URL OPTIONS HTTP/25d39fe7c75.2ac4fce9b8.com/in/multy IP94.130.198.6:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subject2ac4fce9b8.com Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1 ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /in/multy HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.com.co/
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx/1.20.1
date: Sat, 04 May 2024 21:14:04 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| mordoops.com/tag.min.js | 139.45.197.244 | 200 OK | 28 kB |
IP139.45.197.244:443
Requested byhttps://yu2be.com/video?q=utopia CertificateIssuerLet's Encrypt Subjectmordoops.com Fingerprint0B:32:D8:40:AB:56:05:9B:BD:33:D8:55:19:05:B0:A5:45:79:BA:1D ValiditySun, 28 Apr 2024 05:23:29 GMT - Sat, 27 Jul 2024 05:23:28 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashae155af4fc0005bd4faab65e5c1cca00 4da21aabdd22446a02c50bded5c52d74ffa102d8 0c8f928eeb6c914b37b422cc7205f36aff66c2db7522e4ee20ec887606f4dc1c
GET /tag.min.js HTTP/1.1
Host: mordoops.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 21:14:04 GMT
content-type: text/javascript; charset=utf-8
content-length: 28334
content-encoding: br
x-trace-id: f81f7a0fd30dc4ecde8203bc1b2bc2bc
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Sat, 04 May 2024 16:54:49 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube | 74.125.131.84 | 302 Found | 0 B |
URL GET HTTP/2accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube IP74.125.131.84:443
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerGoogle Trust Services LLC Subjectaccounts.google.com Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67 ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:mUmnR8iOu9nYCwQpUtzg8hHZXNHoxA:Gy4vr_g0wpDaV6IE; Expires=Mon, 04-May-2026 21:14:04 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 May 2024 21:14:04 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQxpMxWladTDCTimgYeUUkq-527qKiVaZ0tTiwcaJrfi3ghrEkrVpnDg0lQYr8WU-5ANwnzJgg
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-V89-6TrxZMnv_d__qkCR5A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/gid.js?userId=00805210f1194520f932ada8d3606a63 | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=00805210f1194520f932ada8d3606a63 IP139.45.195.8:443
Requested byhttps://yu2be.com/video?q=utopia CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hashf7fd01b0c2ac301bcb89481380e85494 bb483c3a3334bd67c2b7880d6c893cd10e385bd3 5e4c6b1a9d3920f91ac3075257f679156a3fe6ca2f0dd0c888d3213126f6a7cd
GET /gid.js?userId=00805210f1194520f932ada8d3606a63 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://yu2be.com
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 21:14:04 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://yu2be.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=00805210f1194520f932ada8d3606a63; expires=Sun, 04 May 2025 21:14:04 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQxpMxWladTDCTimgYeUUkq-527qKiVaZ0tTiwcaJrfi3ghrEkrVpnDg0lQYr8WU-5ANwnzJgg | 74.125.131.84 | 302 Found | 426 B |
URL GET HTTP/2accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQxpMxWladTDCTimgYeUUkq-527qKiVaZ0tTiwcaJrfi3ghrEkrVpnDg0lQYr8WU-5ANwnzJgg IP74.125.131.84:443
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerGoogle Trust Services LLC Subjectaccounts.google.com Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67 ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT
File typeHTML document, ASCII text, with very long lines (405) Hash1c1b84aeb7411fa014f4516079543c18 bf602478aa0bfa9d4eda570bc6ca6381b83a7cd3 89f1333777488a095bf6b803030e878b63ea924a9455909321adaefa52bc56b7
GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQxpMxWladTDCTimgYeUUkq-527qKiVaZ0tTiwcaJrfi3ghrEkrVpnDg0lQYr8WU-5ANwnzJgg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:m6RtW9YUaD-FK518PIebxwnztKdp0g:b9vooJXh_nKAJCtI;Path=/;Expires=Mon, 04-May-2026 21:14:04 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 May 2024 21:14:04 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQyorX8xrpqjTNS2SheNJ3XExCg5MtUDhXX2W2sTzkjAA0yoxrhYrTGGzhi0JJeEtRT3-nCzqw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1325882858%3A1714857244429471&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-gLR-flOhynQP6vNXXoQAQg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 426
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 5d39fe7c75.2ac4fce9b8.com/in/multy | 94.130.198.6 | 204 No Content | 2.5 kB |
URL OPTIONS HTTP/25d39fe7c75.2ac4fce9b8.com/in/multy IP94.130.198.6:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subject2ac4fce9b8.com Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1 ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT
Hashbcbf50a19f9e37712a849ee35b379bf1 d1fa22a4723db5542997ca95c6a816813b63deed 014e6da9cee0ea1a4e7efbc3f10ffdc5619ad0228c67eb3c4160d7dc06445045
POST /in/multy HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1691
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 04 May 2024 21:14:04 GMT
content-type: application/json
content-length: 2462
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 5d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset,all&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2F8FLuKq68QVA&refdom=poop.com.co&auction_time=1714857244&subid=388464194&sid=2855237170&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=62.894748386668624&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F8FLuKq68QVA%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F8FLuKq68QVA%26idzone%3D0%26sid%3D1886&icons=8jMD5qQLxsrc-f1EQl-SZT-rnxQL81K8VU56i9WkjX58y0CoZkzQXZp2KknWOIaIZvT6PxhSdu6_5FaItJQVot0ws9xKdAwKdB5fW-PqMJOPVkq0oGsVLt5vqD142WeHawepiyWQs_CB5lvhm2tJQCDZisOXELBTLXvU2YsJcfXo8UCHDg&ext_cid=0&px_id=418776&min_cpm=0.11575414228228027&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=1091697746538115878&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.012437505241306107&cpm=0&verify_hash=16c4735ef4be6a8f476487be39801600&is_native=4&real_bid=0.000294820000787796&original_bid_usd=0.002743849&original_bid=0.002743849&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=20,27,108,0,114&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.002743849&hostname=auc-inpage-hz-7-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000002743849&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=da7a6f44-217d-43a4-84e0-15c34a171545&prev_step_diff=846 | 94.130.198.6 | 200 OK | 0 B |
URL GET HTTP/25d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset,all&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2F8FLuKq68QVA&refdom=poop.com.co&auction_time=1714857244&subid=388464194&sid=2855237170&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=62.894748386668624&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F8FLuKq68QVA%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F8FLuKq68QVA%26idzone%3D0%26sid%3D1886&icons=8jMD5qQLxsrc-f1EQl-SZT-rnxQL81K8VU56i9WkjX58y0CoZkzQXZp2KknWOIaIZvT6PxhSdu6_5FaItJQVot0ws9xKdAwKdB5fW-PqMJOPVkq0oGsVLt5vqD142WeHawepiyWQs_CB5lvhm2tJQCDZisOXELBTLXvU2YsJcfXo8UCHDg&ext_cid=0&px_id=418776&min_cpm=0.11575414228228027&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=1091697746538115878&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.012437505241306107&cpm=0&verify_hash=16c4735ef4be6a8f476487be39801600&is_native=4&real_bid=0.000294820000787796&original_bid_usd=0.002743849&original_bid=0.002743849&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=20,27,108,0,114&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.002743849&hostname=auc-inpage-hz-7-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000002743849&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=da7a6f44-217d-43a4-84e0-15c34a171545&prev_step_diff=846 IP94.130.198.6:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subject2ac4fce9b8.com Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1 ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset,all&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2F8FLuKq68QVA&refdom=poop.com.co&auction_time=1714857244&subid=388464194&sid=2855237170&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=62.894748386668624&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F8FLuKq68QVA%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F8FLuKq68QVA%26idzone%3D0%26sid%3D1886&icons=8jMD5qQLxsrc-f1EQl-SZT-rnxQL81K8VU56i9WkjX58y0CoZkzQXZp2KknWOIaIZvT6PxhSdu6_5FaItJQVot0ws9xKdAwKdB5fW-PqMJOPVkq0oGsVLt5vqD142WeHawepiyWQs_CB5lvhm2tJQCDZisOXELBTLXvU2YsJcfXo8UCHDg&ext_cid=0&px_id=418776&min_cpm=0.11575414228228027&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=1091697746538115878&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.012437505241306107&cpm=0&verify_hash=16c4735ef4be6a8f476487be39801600&is_native=4&real_bid=0.000294820000787796&original_bid_usd=0.002743849&original_bid=0.002743849&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=20,27,108,0,114&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.002743849&hostname=auc-inpage-hz-7-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000002743849&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=da7a6f44-217d-43a4-84e0-15c34a171545&prev_step_diff=846 HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 04 May 2024 21:14:04 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| 5d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset,all&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2F8FLuKq68QVA&refdom=poop.com.co&auction_time=1714857244&subid=388464194&sid=2855237170&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=62.894748386668624&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F8FLuKq68QVA%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F8FLuKq68QVA%26idzone%3D0%26sid%3D1886&icons=5b6-nh0NfL5CwbXB-7RiFeKh2cKhdnFt0XRVmwhNn38K9_gOBLEVZSzCk3Z4CEaHnnG3h6RcbrWPrSz50jkUQ120x-9nWZSFy-1jqT515aq2ny1LBqhd9gcEoQPqhh_mXpkBpHVkPQsKAr8yboTWWRvH6FprTrhJG1cOTvCOQdAmEJ4TFQ&ext_cid=0&px_id=418776&min_cpm=0.11575414228228027&out_id=0&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=1091697746538115878&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.012437505241306107&cpm=0&verify_hash=16c4735ef4be6a8f476487be39801600&is_native=4&real_bid=0.000294820000787796&original_bid_usd=0.002743849&original_bid=0.002743849&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=20,27,108,0,114&need_redirect_show=0&applied_features=stage-skins-settings,test_skins&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.002743849&hostname=auc-inpage-hz-7-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000002743849&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&st=0.02&cpa=c815d33a-4ac5-4883-8c37-626bb9a8be80&prev_step_diff=845 | 94.130.198.6 | 200 OK | 0 B |
URL GET HTTP/25d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset,all&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2F8FLuKq68QVA&refdom=poop.com.co&auction_time=1714857244&subid=388464194&sid=2855237170&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=62.894748386668624&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F8FLuKq68QVA%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F8FLuKq68QVA%26idzone%3D0%26sid%3D1886&icons=5b6-nh0NfL5CwbXB-7RiFeKh2cKhdnFt0XRVmwhNn38K9_gOBLEVZSzCk3Z4CEaHnnG3h6RcbrWPrSz50jkUQ120x-9nWZSFy-1jqT515aq2ny1LBqhd9gcEoQPqhh_mXpkBpHVkPQsKAr8yboTWWRvH6FprTrhJG1cOTvCOQdAmEJ4TFQ&ext_cid=0&px_id=418776&min_cpm=0.11575414228228027&out_id=0&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=1091697746538115878&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.012437505241306107&cpm=0&verify_hash=16c4735ef4be6a8f476487be39801600&is_native=4&real_bid=0.000294820000787796&original_bid_usd=0.002743849&original_bid=0.002743849&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=20,27,108,0,114&need_redirect_show=0&applied_features=stage-skins-settings,test_skins&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.002743849&hostname=auc-inpage-hz-7-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000002743849&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&st=0.02&cpa=c815d33a-4ac5-4883-8c37-626bb9a8be80&prev_step_diff=845 IP94.130.198.6:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subject2ac4fce9b8.com Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1 ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset,all&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2F8FLuKq68QVA&refdom=poop.com.co&auction_time=1714857244&subid=388464194&sid=2855237170&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=62.894748386668624&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F8FLuKq68QVA%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F8FLuKq68QVA%26idzone%3D0%26sid%3D1886&icons=5b6-nh0NfL5CwbXB-7RiFeKh2cKhdnFt0XRVmwhNn38K9_gOBLEVZSzCk3Z4CEaHnnG3h6RcbrWPrSz50jkUQ120x-9nWZSFy-1jqT515aq2ny1LBqhd9gcEoQPqhh_mXpkBpHVkPQsKAr8yboTWWRvH6FprTrhJG1cOTvCOQdAmEJ4TFQ&ext_cid=0&px_id=418776&min_cpm=0.11575414228228027&out_id=0&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=1091697746538115878&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.012437505241306107&cpm=0&verify_hash=16c4735ef4be6a8f476487be39801600&is_native=4&real_bid=0.000294820000787796&original_bid_usd=0.002743849&original_bid=0.002743849&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=20,27,108,0,114&need_redirect_show=0&applied_features=stage-skins-settings,test_skins&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.002743849&hostname=auc-inpage-hz-7-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000002743849&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&st=0.02&cpa=c815d33a-4ac5-4883-8c37-626bb9a8be80&prev_step_diff=845 HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 04 May 2024 21:14:04 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=523749d6-dd0a-4a95-8ceb-a785417ab03b&prev_step_diff=846 | 45.133.44.24 | 200 OK | 486 B |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=523749d6-dd0a-4a95-8ceb-a785417ab03b&prev_step_diff=846 IP45.133.44.24:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashceeb4e8840c24621c0e0352b42b38a5b 03cbceb0134a39267014595938705e2916580644 50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=523749d6-dd0a-4a95-8ceb-a785417ab03b&prev_step_diff=846 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:04 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Sun, 04 May 2025 21:14:04 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp | 45.133.44.24 | 200 OK | 1.1 kB |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp IP45.133.44.24:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp Hash2a11e13b2bd67bb9a6cb347d7c73df13 b85460a33f9b229f42c08a6a94ae433a4d5c32ab 1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:04 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Sun, 04 May 2025 21:14:04 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&st=0.02&cpa=d49eb590-58b4-45e5-a92f-791be01995c5&prev_step_diff=845 | 45.133.44.24 | 200 OK | 486 B |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&st=0.02&cpa=d49eb590-58b4-45e5-a92f-791be01995c5&prev_step_diff=845 IP45.133.44.24:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashceeb4e8840c24621c0e0352b42b38a5b 03cbceb0134a39267014595938705e2916580644 50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&st=0.02&cpa=d49eb590-58b4-45e5-a92f-791be01995c5&prev_step_diff=845 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:04 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Sun, 04 May 2025 21:14:04 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp | 45.133.44.24 | 200 OK | 1.1 kB |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp IP45.133.44.24:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp Hash2a11e13b2bd67bb9a6cb347d7c73df13 b85460a33f9b229f42c08a6a94ae433a4d5c32ab 1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:04 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Sun, 04 May 2025 21:14:04 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5d39fe7c75.2ac4fce9b8.com/in/multy | 94.130.198.6 | 204 No Content | 4.3 kB |
URL OPTIONS HTTP/25d39fe7c75.2ac4fce9b8.com/in/multy IP94.130.198.6:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subject2ac4fce9b8.com Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1 ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT
Hashb2d6bcf9359ea544ff1956a4c71a6c2a 03b107b9ca2b2a84ccbe4aab9ce00d5f88b2c92b 4422f89c6fa09e43dab642cf91c4e9b267537f10ad648a654fcf9b4fbf23a904
POST /in/multy HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1691
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 04 May 2024 21:14:04 GMT
content-type: application/json
content-length: 4263
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/play.svg | 188.114.96.1 | 200 OK | 15 kB |
URL GET HTTP/2assets.poopcdn.com/play.svg IP188.114.96.1:443
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typeSVG Scalable Vector Graphics image Hash85f08506e5a64050719e7e18a26cd9c4 cda07433539f1346406e7dde1a92ea6346d593d7 b6280b025f54d1e117f8515da139cc3d7c64955a5342fd81498431578336dd08
GET /play.svg HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:02 GMT
content-type: image/svg+xml
etag: W/"85f08506e5a64050719e7e18a26cd9c4"
last-modified: Thu, 14 Mar 2024 17:17:30 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 5402
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TkgycV22GSF1Uz4t8LsBNCUKnnEvdlohWjzF%2F6iQJL%2FxfkYYxJ5fqRs8xOPDZCMGubW7RJv0ZNu1hMPwXW6AGVtmoDtaxU3u7a2To5H13uRf%2F4j7vfillKYd4A6CdUXESuhJWu8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87eb7f882f9856a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js | 104.17.25.14 | 200 OK | 28 kB |
URL GET HTTP/3cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js IP104.17.25.14:443
Requested byhttps://metrolagu.cam/video?q=ice+cold+film CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hashdc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 21:14:04 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 260442
expires: Thu, 24 Apr 2025 21:14:04 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yvADbSXRRsnwNAlzPk6GZxA8rvWWnYLvYjXOi89loMABBelB67AvvGuy654NoFbxe%2F1GlBuh2M0zFU19hDVlNpR3lCppWLnzp0OUh03kJkT521qHtkrUI4m2agTJxwRlonU12%2FPo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87eb7f942828b523-OSL
alt-svc: h3=":443"; ma=86400
|
|
| metrolagu.cam/embed.css | 188.114.97.1 | 200 OK | 832 B |
IP188.114.97.1:443
Requested byhttps://metrolagu.cam/video?q=ice+cold+film CertificateIssuerGoogle Trust Services LLC Subjectmetrolagu.cam Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT
Hash1ac57b2fc858076467716fbad9268b05 94b3c1ff894b4cb316dfe90962b64db541bb3c46 6291ad32f03939ee9eb7cf8d62641115d0962e49b4869358c1ddee6271d9f0bf
GET /embed.css HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/video?q=ice+cold+film
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 21:14:04 GMT
content-type: text/css
last-modified: Thu, 28 Sep 2023 15:07:59 GMT
vary: Accept-Encoding
etag: W/"651596cf-446"
expires: Sun, 05 May 2024 04:06:20 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 18464
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lIbI4mLlQ%2BHW2DY%2FfaGgLYxQPUbDsSd0BmR2QrT8Qlzzz3i72oxgSl%2FCh3XSe152Yozrx%2B5O515jXpsOvvqxH18nOQWMuugJIZJ1gFewd8%2FjkZICH1GvgR0Z9nvc3c1r"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87eb7f93dd055694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp | 45.133.44.24 | 200 OK | 1.1 kB |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp IP45.133.44.24:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp Hash2a11e13b2bd67bb9a6cb347d7c73df13 b85460a33f9b229f42c08a6a94ae433a4d5c32ab 1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:04 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Sun, 04 May 2025 21:14:04 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 5d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2F8FLuKq68QVA&refdom=poop.com.co&auction_time=1714857244&subid=357529620&sid=3208933822&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=69.49031613452905&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F8FLuKq68QVA%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F8FLuKq68QVA%26idzone%3D0%26sid%3D1886&icons=1o1etAgv10RGSgzWsEh3pWSvTKghl9NSUcnEUMHk-nAkwFuZtbZSwzZpDvKZkCclG3YPyK6e8LtEv7ZyXOL-6p5k-O4m5Bx3hRoDBnKQZ2OgwjqNmN3_v_IxgkiNRpytJ_UIAT64MP8jmYzgFkzBHaKPhnJ-q_4fqXbfOHGXzRY-fyk1nQ&ext_cid=0&px_id=418774&min_cpm=0.031963930838242366&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=2482049907392165304&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0030044931852468548&cpm=0&verify_hash=d403dc66a4846e54e58703da22bec67e&is_native=4&real_bid=0.0002579118214078739&original_bid_usd=0.002743849&original_bid=0.002743849&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=0,114,20,27,108&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.002743849&hostname=auc-inpage-hz-5-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000002743849&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=f2d1545c-f158-4f2d-83a2-bc59c6288db0&prev_step_diff=1044 | 94.130.198.6 | 200 OK | 0 B |
URL GET HTTP/25d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2F8FLuKq68QVA&refdom=poop.com.co&auction_time=1714857244&subid=357529620&sid=3208933822&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=69.49031613452905&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F8FLuKq68QVA%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F8FLuKq68QVA%26idzone%3D0%26sid%3D1886&icons=1o1etAgv10RGSgzWsEh3pWSvTKghl9NSUcnEUMHk-nAkwFuZtbZSwzZpDvKZkCclG3YPyK6e8LtEv7ZyXOL-6p5k-O4m5Bx3hRoDBnKQZ2OgwjqNmN3_v_IxgkiNRpytJ_UIAT64MP8jmYzgFkzBHaKPhnJ-q_4fqXbfOHGXzRY-fyk1nQ&ext_cid=0&px_id=418774&min_cpm=0.031963930838242366&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=2482049907392165304&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0030044931852468548&cpm=0&verify_hash=d403dc66a4846e54e58703da22bec67e&is_native=4&real_bid=0.0002579118214078739&original_bid_usd=0.002743849&original_bid=0.002743849&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=0,114,20,27,108&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.002743849&hostname=auc-inpage-hz-5-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000002743849&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=f2d1545c-f158-4f2d-83a2-bc59c6288db0&prev_step_diff=1044 IP94.130.198.6:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subject2ac4fce9b8.com Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1 ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2F8FLuKq68QVA&refdom=poop.com.co&auction_time=1714857244&subid=357529620&sid=3208933822&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=69.49031613452905&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F8FLuKq68QVA%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F8FLuKq68QVA%26idzone%3D0%26sid%3D1886&icons=1o1etAgv10RGSgzWsEh3pWSvTKghl9NSUcnEUMHk-nAkwFuZtbZSwzZpDvKZkCclG3YPyK6e8LtEv7ZyXOL-6p5k-O4m5Bx3hRoDBnKQZ2OgwjqNmN3_v_IxgkiNRpytJ_UIAT64MP8jmYzgFkzBHaKPhnJ-q_4fqXbfOHGXzRY-fyk1nQ&ext_cid=0&px_id=418774&min_cpm=0.031963930838242366&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=2482049907392165304&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0030044931852468548&cpm=0&verify_hash=d403dc66a4846e54e58703da22bec67e&is_native=4&real_bid=0.0002579118214078739&original_bid_usd=0.002743849&original_bid=0.002743849&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=0,114,20,27,108&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.002743849&hostname=auc-inpage-hz-5-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000002743849&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=f2d1545c-f158-4f2d-83a2-bc59c6288db0&prev_step_diff=1044 HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 04 May 2024 21:14:04 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| 5d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2F8FLuKq68QVA&refdom=poop.com.co&auction_time=1714857244&subid=357529620&sid=3208933822&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=69.49031613452905&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F8FLuKq68QVA%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3D_gXNTXZI2f6XxyzlX2nbjt4fP9mrY8gc8IbL531IKLJeZ2u8Y6nRI1l6csimVPZtfIUId9gjKz4JAAZrULVTEW2bNx3leNEMktakByFlCqLfgBGf0OfmFWxYV9Ljv7_hso8lTtnVZ3K_hjKLhSq73GCOzkZzEizzAupjtNYtCRb9DlI7k_dnS2fEjbRhB8n0g9KyCrUALFizFU9BXlVsefhlSNqUMIq1wNTYcNk5_z-lzQ1IVLRXwMnWGCuovMzgr6PqxSVaAgTExBlIK4v_Fldr-uUnhYHr7HaGugiGUIjS2w2OvvwxKsf_EgGC528PaGNCqWgcR-jQhhoF8agqCackHL1qiAknSU_oevvup0UycS4nQrV0_5DKYxoa_ZxPZ8IXslYEG9L-YREPBLL4lGdUI_WMWRuM-gO_T2Xky5mj5mg00dJWuZ9hmrLmyk2cx6Nt_O-ZypgUDYrANv7eDndGENC_88otC7s62KgjsAhReA_ibVYyoiBTsiZ2GeZ0JZfCFwxLdQ1Xfz3J1HG2V-WmrZsLjw6iGuMzPo_rOgfpy2qoif7zRRjegr303i-PzMF9q0QD&icons=c4Zw7XnvU9x2IrxFnG0DWEkAWio3qVEthK93EKwGQmyEnJxdSnl2ADUsYS8FhedcPoKMVD2pfzMJxtlXYl_C7D2NVMOX_t9Y8gZyG4re_mXL2AZilIdB4dKZdrMl-aLBjQBAdXdM0kQTDwgJSjL5ALhngcp0CGQwq03E0Jmv60xLMagFlavUf0UHuvVLZougiIY1DL0vFVzilIKZDTjtqPzfXPqiJF4_-as98Mjz8FyEnrIrjHinzTrFo9ZK9ROwFOI8-6QdbU742NC0d9hOydwTPM4HWpB9uqpjCe778V2w1-Cd0HhSGl42YWbBH7D6o0s9OcQ3VL0z84V6eLvM5Q7D3Utx8UrM7S6EoJJS_wrRTUqa_0uGAXeDiAbrxYlu17wI0sZ3xm-gQUydych5lmBZ4cbMifFY7yUSuCcQAmRFWZ3xt3JLLnDwD3FPD4azD9QGb8do7Whtrt0OCmdGznXa8jB11web2sp4vZj2hMOM9i3NipZk8uXxE7QjB4ciA8v6tHw77jNYd4qCz9C06YgT3B71t3YkJtMKNpwH2iipfukZ82w34Nc-lYVBpRaYth72M9IxYIpCV72WIPJ-2iAZyXp7nOSlz0Dk8vrNMp7Yvwh4J7Zit8AQA8TGG3WdtHLP5JEt_q2oVPZ6OYKnE3manH8vvAylLFDb2xCH8Z2cQydzTyOgKvuLggIUe1KKnKxgl1U&ext_cid=0&px_id=31418774&min_cpm=0.1181225580885458&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=2482049907392165304&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.13727014423714437&cpm=0&verify_hash=5d9da9e24f1a04af8453de1210c78c60&is_native=1&real_bid=0.0031886250525712872&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,11,93&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1714914844&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F5741293%2F551810_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-5-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.03&cpa=2b07e75c-b2e6-48a6-ae9c-2d92140b7ef2&prev_step_diff=1044 | 94.130.198.6 | 200 OK | 0 B |
URL GET HTTP/25d39fe7c75.2ac4fce9b8.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2F8FLuKq68QVA&refdom=poop.com.co&auction_time=1714857244&subid=357529620&sid=3208933822&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=69.49031613452905&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F8FLuKq68QVA%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3D_gXNTXZI2f6XxyzlX2nbjt4fP9mrY8gc8IbL531IKLJeZ2u8Y6nRI1l6csimVPZtfIUId9gjKz4JAAZrULVTEW2bNx3leNEMktakByFlCqLfgBGf0OfmFWxYV9Ljv7_hso8lTtnVZ3K_hjKLhSq73GCOzkZzEizzAupjtNYtCRb9DlI7k_dnS2fEjbRhB8n0g9KyCrUALFizFU9BXlVsefhlSNqUMIq1wNTYcNk5_z-lzQ1IVLRXwMnWGCuovMzgr6PqxSVaAgTExBlIK4v_Fldr-uUnhYHr7HaGugiGUIjS2w2OvvwxKsf_EgGC528PaGNCqWgcR-jQhhoF8agqCackHL1qiAknSU_oevvup0UycS4nQrV0_5DKYxoa_ZxPZ8IXslYEG9L-YREPBLL4lGdUI_WMWRuM-gO_T2Xky5mj5mg00dJWuZ9hmrLmyk2cx6Nt_O-ZypgUDYrANv7eDndGENC_88otC7s62KgjsAhReA_ibVYyoiBTsiZ2GeZ0JZfCFwxLdQ1Xfz3J1HG2V-WmrZsLjw6iGuMzPo_rOgfpy2qoif7zRRjegr303i-PzMF9q0QD&icons=c4Zw7XnvU9x2IrxFnG0DWEkAWio3qVEthK93EKwGQmyEnJxdSnl2ADUsYS8FhedcPoKMVD2pfzMJxtlXYl_C7D2NVMOX_t9Y8gZyG4re_mXL2AZilIdB4dKZdrMl-aLBjQBAdXdM0kQTDwgJSjL5ALhngcp0CGQwq03E0Jmv60xLMagFlavUf0UHuvVLZougiIY1DL0vFVzilIKZDTjtqPzfXPqiJF4_-as98Mjz8FyEnrIrjHinzTrFo9ZK9ROwFOI8-6QdbU742NC0d9hOydwTPM4HWpB9uqpjCe778V2w1-Cd0HhSGl42YWbBH7D6o0s9OcQ3VL0z84V6eLvM5Q7D3Utx8UrM7S6EoJJS_wrRTUqa_0uGAXeDiAbrxYlu17wI0sZ3xm-gQUydych5lmBZ4cbMifFY7yUSuCcQAmRFWZ3xt3JLLnDwD3FPD4azD9QGb8do7Whtrt0OCmdGznXa8jB11web2sp4vZj2hMOM9i3NipZk8uXxE7QjB4ciA8v6tHw77jNYd4qCz9C06YgT3B71t3YkJtMKNpwH2iipfukZ82w34Nc-lYVBpRaYth72M9IxYIpCV72WIPJ-2iAZyXp7nOSlz0Dk8vrNMp7Yvwh4J7Zit8AQA8TGG3WdtHLP5JEt_q2oVPZ6OYKnE3manH8vvAylLFDb2xCH8Z2cQydzTyOgKvuLggIUe1KKnKxgl1U&ext_cid=0&px_id=31418774&min_cpm=0.1181225580885458&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=2482049907392165304&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.13727014423714437&cpm=0&verify_hash=5d9da9e24f1a04af8453de1210c78c60&is_native=1&real_bid=0.0031886250525712872&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,11,93&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1714914844&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F5741293%2F551810_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-5-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.03&cpa=2b07e75c-b2e6-48a6-ae9c-2d92140b7ef2&prev_step_diff=1044 IP94.130.198.6:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subject2ac4fce9b8.com Fingerprint98:AB:7F:A9:60:1A:91:AC:3C:20:E1:6B:57:8E:E0:AA:25:8F:4F:E1 ValidityTue, 30 Apr 2024 14:01:58 GMT - Mon, 29 Jul 2024 14:01:57 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=2&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2F8FLuKq68QVA&refdom=poop.com.co&auction_time=1714857244&subid=357529620&sid=3208933822&tcid=0&ver=7.282.0-b&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-04&iabcat=IAB25-3&keywords=&user_fp=14185762356588688897&score=69.49031613452905&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F8FLuKq68QVA%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3D_gXNTXZI2f6XxyzlX2nbjt4fP9mrY8gc8IbL531IKLJeZ2u8Y6nRI1l6csimVPZtfIUId9gjKz4JAAZrULVTEW2bNx3leNEMktakByFlCqLfgBGf0OfmFWxYV9Ljv7_hso8lTtnVZ3K_hjKLhSq73GCOzkZzEizzAupjtNYtCRb9DlI7k_dnS2fEjbRhB8n0g9KyCrUALFizFU9BXlVsefhlSNqUMIq1wNTYcNk5_z-lzQ1IVLRXwMnWGCuovMzgr6PqxSVaAgTExBlIK4v_Fldr-uUnhYHr7HaGugiGUIjS2w2OvvwxKsf_EgGC528PaGNCqWgcR-jQhhoF8agqCackHL1qiAknSU_oevvup0UycS4nQrV0_5DKYxoa_ZxPZ8IXslYEG9L-YREPBLL4lGdUI_WMWRuM-gO_T2Xky5mj5mg00dJWuZ9hmrLmyk2cx6Nt_O-ZypgUDYrANv7eDndGENC_88otC7s62KgjsAhReA_ibVYyoiBTsiZ2GeZ0JZfCFwxLdQ1Xfz3J1HG2V-WmrZsLjw6iGuMzPo_rOgfpy2qoif7zRRjegr303i-PzMF9q0QD&icons=c4Zw7XnvU9x2IrxFnG0DWEkAWio3qVEthK93EKwGQmyEnJxdSnl2ADUsYS8FhedcPoKMVD2pfzMJxtlXYl_C7D2NVMOX_t9Y8gZyG4re_mXL2AZilIdB4dKZdrMl-aLBjQBAdXdM0kQTDwgJSjL5ALhngcp0CGQwq03E0Jmv60xLMagFlavUf0UHuvVLZougiIY1DL0vFVzilIKZDTjtqPzfXPqiJF4_-as98Mjz8FyEnrIrjHinzTrFo9ZK9ROwFOI8-6QdbU742NC0d9hOydwTPM4HWpB9uqpjCe778V2w1-Cd0HhSGl42YWbBH7D6o0s9OcQ3VL0z84V6eLvM5Q7D3Utx8UrM7S6EoJJS_wrRTUqa_0uGAXeDiAbrxYlu17wI0sZ3xm-gQUydych5lmBZ4cbMifFY7yUSuCcQAmRFWZ3xt3JLLnDwD3FPD4azD9QGb8do7Whtrt0OCmdGznXa8jB11web2sp4vZj2hMOM9i3NipZk8uXxE7QjB4ciA8v6tHw77jNYd4qCz9C06YgT3B71t3YkJtMKNpwH2iipfukZ82w34Nc-lYVBpRaYth72M9IxYIpCV72WIPJ-2iAZyXp7nOSlz0Dk8vrNMp7Yvwh4J7Zit8AQA8TGG3WdtHLP5JEt_q2oVPZ6OYKnE3manH8vvAylLFDb2xCH8Z2cQydzTyOgKvuLggIUe1KKnKxgl1U&ext_cid=0&px_id=31418774&min_cpm=0.1181225580885458&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=2482049907392165304&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.13727014423714437&cpm=0&verify_hash=5d9da9e24f1a04af8453de1210c78c60&is_native=1&real_bid=0.0031886250525712872&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,11,93&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1714914844&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F5741293%2F551810_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-5-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.03&cpa=2b07e75c-b2e6-48a6-ae9c-2d92140b7ef2&prev_step_diff=1044 HTTP/1.1
Host: 5d39fe7c75.2ac4fce9b8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 04 May 2024 21:14:04 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| imgsdn.com/ie?v=4&c=Av3uQeOlkJElP4U_L31EK8TFB-jW3fsbbUHKyhbpNhsSK7RAI2wfbCM8epiC68kX6mGtTdnFcitioSa0veSKsGcDfUs-3O8kX3vUPSjhvfN7uN2J-uGYnqXTDT30glqn8fqObITQNKJDyWXwQhF8TGCMsAMVNXTcszkOSv4JOlcunS_RScs5CyM6a5I4WZAgY3raygld8ZWx6mpsmLqeER9MDerMaANSM8KXR9fM5QXRRRp6RdqOi603eNJ5I8H3lHllD-zLA8WmPyQp5gKVznSnBBlOD1XQ5x9wmL7V7XppYdCB8HYlUgMRDSNyG7gM8h99gBhYmyGOvvuDw5rUPuKBhQAoCFCWy23cb4fyt5CXhNjjdGODxnW_K2aCNbvtTgQTtPM1UM0ogjMr7yyWfA2RxiGhvhTucpzwdZnrJVcszs1dllKPguSMGcGwAw==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.03&cpa=9dadbff0-b986-46a7-bc43-bb33b88bcaf5&prev_step_diff=1044 | 157.90.94.146 | 301 Moved Permanently | 0 B |
URL GET HTTP/1.1imgsdn.com/ie?v=4&c=Av3uQeOlkJElP4U_L31EK8TFB-jW3fsbbUHKyhbpNhsSK7RAI2wfbCM8epiC68kX6mGtTdnFcitioSa0veSKsGcDfUs-3O8kX3vUPSjhvfN7uN2J-uGYnqXTDT30glqn8fqObITQNKJDyWXwQhF8TGCMsAMVNXTcszkOSv4JOlcunS_RScs5CyM6a5I4WZAgY3raygld8ZWx6mpsmLqeER9MDerMaANSM8KXR9fM5QXRRRp6RdqOi603eNJ5I8H3lHllD-zLA8WmPyQp5gKVznSnBBlOD1XQ5x9wmL7V7XppYdCB8HYlUgMRDSNyG7gM8h99gBhYmyGOvvuDw5rUPuKBhQAoCFCWy23cb4fyt5CXhNjjdGODxnW_K2aCNbvtTgQTtPM1UM0ogjMr7yyWfA2RxiGhvhTucpzwdZnrJVcszs1dllKPguSMGcGwAw==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.03&cpa=9dadbff0-b986-46a7-bc43-bb33b88bcaf5&prev_step_diff=1044 IP157.90.94.146:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectnimrute.com FingerprintFE:11:FD:FB:69:FC:E9:22:01:AE:4B:9D:F5:85:C9:1C:FF:4D:44:D4 ValidityMon, 12 Feb 2024 14:13:04 GMT - Sun, 12 May 2024 14:13:03 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ie?v=4&c=Av3uQeOlkJElP4U_L31EK8TFB-jW3fsbbUHKyhbpNhsSK7RAI2wfbCM8epiC68kX6mGtTdnFcitioSa0veSKsGcDfUs-3O8kX3vUPSjhvfN7uN2J-uGYnqXTDT30glqn8fqObITQNKJDyWXwQhF8TGCMsAMVNXTcszkOSv4JOlcunS_RScs5CyM6a5I4WZAgY3raygld8ZWx6mpsmLqeER9MDerMaANSM8KXR9fM5QXRRRp6RdqOi603eNJ5I8H3lHllD-zLA8WmPyQp5gKVznSnBBlOD1XQ5x9wmL7V7XppYdCB8HYlUgMRDSNyG7gM8h99gBhYmyGOvvuDw5rUPuKBhQAoCFCWy23cb4fyt5CXhNjjdGODxnW_K2aCNbvtTgQTtPM1UM0ogjMr7yyWfA2RxiGhvhTucpzwdZnrJVcszs1dllKPguSMGcGwAw==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.03&cpa=9dadbff0-b986-46a7-bc43-bb33b88bcaf5&prev_step_diff=1044 HTTP/1.1
Host: imgsdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Sat, 04 May 2024 21:14:04 GMT
content-length: 0
location: https://img.vmmcdn.com/get/54189012/551810_icon.png
x-app-id: 13
|
|
| fikedaquabib.com/rotaInGRWQGA24/64343 | 23.109.170.67 | 200 OK | 20 B |
URL GET HTTP/1.1fikedaquabib.com/rotaInGRWQGA24/64343 IP23.109.170.67:443
Requested byhttps://metrolagu.cam/video?q=ice+cold+film CertificateIssuerLet's Encrypt Subjectfikedaquabib.com FingerprintB2:55:98:8B:5C:B3:05:1D:91:A5:02:43:2D:0B:18:86:4D:1E:E9:38 ValidityThu, 28 Mar 2024 23:27:44 GMT - Wed, 26 Jun 2024 23:27:43 GMT
File typegzip compressed data, from Unix Hash7029066c27ac6f5ef18d660d5741979a 46c6643f07aa7f6bfe7118de926b86defc5087c4 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /rotaInGRWQGA24/64343 HTTP/1.1
Host: fikedaquabib.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 May 2024 21:14:05 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://metrolagu.cam
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sun, 05-May-2024 21:14:05 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sun, 05-May-2024 21:14:05 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| img.vmmcdn.com/get/5741293/551810_image.jpg | 46.4.121.113 | 200 OK | 12 kB |
URL GET HTTP/2img.vmmcdn.com/get/5741293/551810_image.jpg IP46.4.121.113:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectimg.vmmcdn.com Fingerprint35:E7:50:83:81:F0:56:72:43:78:A5:4D:BF:00:F7:2C:AD:25:0F:C4 ValiditySat, 13 Apr 2024 08:24:46 GMT - Fri, 12 Jul 2024 08:24:45 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 720x480, components 3 Hashee921bcd225785444d8ab128ca1d0941 e92f5588c738df6912e3658d883aeb66b486560b 4da4a312766a4b2e3cb69b5d7188a4b073e757ae350687ac22b3dfa81fccf15c
GET /get/5741293/551810_image.jpg HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.14.1
date: Sat, 04 May 2024 21:14:05 GMT
content-type: image/jpeg
content-length: 12075
last-modified: Wed, 27 Mar 2024 08:33:26 GMT
cache-control: public, max-age=604800
etag: "6603d9d6-2f2b"
x-proxy-cache: HIT
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: x-requested-with
access-control-allow-headers: x-requested-with
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| img.vmmcdn.com/get/54189012/551810_icon.png | 46.4.121.113 | 200 OK | 7.8 kB |
URL GET HTTP/2img.vmmcdn.com/get/54189012/551810_icon.png IP46.4.121.113:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectimg.vmmcdn.com Fingerprint35:E7:50:83:81:F0:56:72:43:78:A5:4D:BF:00:F7:2C:AD:25:0F:C4 ValiditySat, 13 Apr 2024 08:24:46 GMT - Fri, 12 Jul 2024 08:24:45 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hash0650546bbbcd67dd93173a189442d1a7 2e11ca6e252fbfdeab364e9729a0558816df3b6c e5edb8a6c4e0cb1376b15832c2140fa6037ed69042cb988102d5b0c1edcbcd11
GET /get/54189012/551810_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.14.1
date: Sat, 04 May 2024 21:14:05 GMT
content-type: image/png
content-length: 7770
last-modified: Wed, 27 Mar 2024 08:37:19 GMT
cache-control: public, max-age=604800
etag: "6603dabf-1e5a"
x-proxy-cache: HIT
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: x-requested-with
access-control-allow-headers: x-requested-with
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| metrolagu.cam/play.svg | 188.114.97.1 | 200 OK | 840 B |
IP188.114.97.1:443
Requested byhttps://metrolagu.cam/video?q=ice+cold+film CertificateIssuerGoogle Trust Services LLC Subjectmetrolagu.cam Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT
File typeSVG Scalable Vector Graphics image Hash85f08506e5a64050719e7e18a26cd9c4 cda07433539f1346406e7dde1a92ea6346d593d7 b6280b025f54d1e117f8515da139cc3d7c64955a5342fd81498431578336dd08
GET /play.svg HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/embed.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 04 May 2024 21:14:04 GMT
content-type: image/svg+xml
last-modified: Thu, 21 Sep 2023 10:51:20 GMT
etag: W/"650c2028-279"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2686
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9pLmI0zkrhqKYlAVLW22Y1Iv7LNrPZSxZXkvFt1VuD0qpyooqYIrvroztj%2BPvWx9zq5fkcQYz6iadMW7jEfp%2Bv1M76%2BKm4xK8nmJ1RpNf77QcS4bMCoXkNYwLz23IR%2Fa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87eb7f94de4a5694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| mcpuwpsh.com/get/ | 94.130.197.240 | 200 OK | 3.8 kB |
IP94.130.197.240:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectpuwpush.com Fingerprint60:3D:AE:BF:9C:57:C3:AF:D6:50:E5:93:92:FB:E9:F2:F8:E6:E1:92 ValidityWed, 01 May 2024 01:51:05 GMT - Tue, 30 Jul 2024 01:51:04 GMT
Hashfac4a9a305c41e0db54ba71eb0ba7b3c d8f6494cd74bf4fee853ac3e046229809891561a fcd58f6821bf5dd8b72d55df77900d74fa91611eb065f6a8753ca86e73854ec9
POST /get/ HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://poop.com.co/
Content-Type: text/plain;charset=UTF-8
Content-Length: 928
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.16.0
date: Sat, 04 May 2024 21:14:05 GMT
content-type: application/json
content-length: 3837
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| da7b22a400.13199960a1.com/9ce5c366c56b3eb801b7fc5bb76cb452.js | 45.133.44.52 | 200 OK | 115 kB |
URL GET HTTP/2da7b22a400.13199960a1.com/9ce5c366c56b3eb801b7fc5bb76cb452.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectda7b22a400.13199960a1.com Fingerprint07:F4:C8:88:64:13:2A:27:21:B9:21:22:4E:39:31:C9:B4:0B:24:CD ValidityWed, 01 May 2024 02:20:21 GMT - Tue, 30 Jul 2024 02:20:20 GMT
File typegzip compressed data, from Unix Size115 kB (114817 bytes) Hash1afb904b65aed5b58cdeab1a42f3091e 6670377fde85ad1b002f28830da9ba544eb1df8d 888c54767ae2f146983daeac4a90e30bcbcfb7f62217b3cef639f0547778513a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /9ce5c366c56b3eb801b7fc5bb76cb452.js HTTP/1.1
Host: da7b22a400.13199960a1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:03 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 15 Apr 2024 13:02:16 GMT
etag: W/"661d2558-72d72"
content-encoding: gzip
expires: Sat, 04 May 2024 21:19:03 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/bootstrap.min.css | 188.114.96.1 | 200 OK | 209 kB |
URL GET HTTP/2assets.poopcdn.com/bootstrap.min.css IP188.114.96.1:443
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typeASCII text, with very long lines (625) Size209 kB (208810 bytes) Hash3ad35d9c124d6c7d13f776dde0df9286 1bfc432b338ca01be6b05ab8e87f4a63caa8d82b 10c142c79bbbfe42ce677eedeee70f918de0e759feabc175f423543aee886a6b
GET /bootstrap.min.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:02 GMT
content-type: text/css
etag: W/"3ad35d9c124d6c7d13f776dde0df9286"
last-modified: Thu, 14 Mar 2024 17:13:03 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 5366
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iRzv0L%2B6xwlxSKVS6qUWfDwaMAYnHLImO9xrhHCAhpZHZfbTsvT8rfWbK8lKfIpbgf4D9EE2%2BBPz5iDCa6mNd4hjdRs2cM6ZJOcH0FsZNoXsVR8FkukSJuk4mLjhV%2BrYbiHZc2M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87eb7f863d0356a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/embed2.css | 188.114.96.1 | 200 OK | 2.3 kB |
URL GET HTTP/2assets.poopcdn.com/embed2.css IP188.114.96.1:443
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typeASCII text, with very long lines (2279), with no line terminators Hashf966df8b666f4e6af52c4c5972958a8d 59c598587c742cdd8211376b6a124c27a6a2dc52 943cf282560a6d9565816a7feeaa67cb91804127cf2d34686c932039bec26622
GET /embed2.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:02 GMT
content-type: text/css
etag: W/"504eba00908d13eb47133d1f92f8048a"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 5366
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DticmiYm4sytml53%2FpyaP%2B3c2j8pllOS7hCNeArcryC%2BYx%2BbZYgaKlR2oMa%2BHn%2FHkwX2tgzvVeg%2BAeGaJ%2F5SmioXFgCZkBEY%2FpqMjh1Na%2Ffhbxr6Y8qAbnngazj%2F7y%2F107JPJhM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87eb7f863d0956a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| da7b22a400.13199960a1.com/69e850fd67f4bef7c987ce894adc6a8e.js | 45.133.44.52 | 200 OK | 97 kB |
URL GET HTTP/2da7b22a400.13199960a1.com/69e850fd67f4bef7c987ce894adc6a8e.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectda7b22a400.13199960a1.com Fingerprint07:F4:C8:88:64:13:2A:27:21:B9:21:22:4E:39:31:C9:B4:0B:24:CD ValidityWed, 01 May 2024 02:20:21 GMT - Tue, 30 Jul 2024 02:20:20 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /69e850fd67f4bef7c987ce894adc6a8e.js HTTP/1.1
Host: da7b22a400.13199960a1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:03 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 14:24:01 GMT
etag: W/"661e8a01-17ae8"
content-encoding: gzip
expires: Sat, 04 May 2024 21:19:03 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| metrolagu.cam/video?q=ice+cold+film | 188.114.97.1 | 200 OK | 6.8 kB |
URL POST HTTP/3metrolagu.cam/video?q=ice+cold+film IP188.114.97.1:443
Requested byhttps://yu2be.com/video?q=utopia CertificateIssuerGoogle Trust Services LLC Subjectmetrolagu.cam Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT
File typeHTML document, ASCII text, with very long lines (6890), with no line terminators Hashd12c95468bb44f1d0631db9bffe54feb 7e03d58f202cdf73a9b8a1d0b325cdfa965a9a11 67f79117515ed638e3b41b77f655c380f073c69282da9014de9bbd6faa57f620
POST /video?q=ice+cold+film HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/jembud/4156513836714b754c4638
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 21:14:04 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D%2B3ZOD%2BFzhJmaujy7%2FsR%2FcbjU%2F8eH5OYeQ0rG9VfLU69L3vvnIrBNADNmtZzl5GYAjqMqZDNqMwwp2DlUF%2B6T7jh%2FlM7762RHmygIVggIuNNaQfvrJyfhta4y6x%2B5SLB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87eb7f91da935694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| yu2be.com/embud/4156513836714b754c4638 | 188.114.97.1 | 200 OK | 237 B |
URL GET HTTP/2yu2be.com/embud/4156513836714b754c4638 IP188.114.97.1:443
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectyu2be.com Fingerprint3C:30:E2:11:42:30:CD:21:F1:06:87:EC:9F:A9:56:40:57:B2:4C:EF ValiditySun, 14 Apr 2024 02:05:14 GMT - Sat, 13 Jul 2024 02:05:13 GMT
File typeHTML document, ASCII text, with no line terminators Hashc7ac476d3f43060e9d70eceb89a6de29 f4ec7423cf8b923bf663ac7764158d7f23e9ceea 240051e992f80761463728836e625e0349c28ca87f38316a94e8a3b16a99e5d8
GET /embud/4156513836714b754c4638 HTTP/1.1
Host: yu2be.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:03 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MSigiPoBXvPL9bVBKkcmC1hC4fNUf2DUCck1qx52gQPzK8gDTMH53BA%2BOyzxylPFRSHHjkm8LnbfugdnNEA2Aq%2BH0V9ftk5L3KB6B7XQEYk%2F1x%2BMclrlg25Cfdg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87eb7f889d9cb51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| mordoops.com/?rb=p20amLrRD2-pCAXKSuAHlvxeoY6TWbkVPgRfszaFZUEV13wSJxoWhtqtElDCukf2ccSRFLRJcpsp4FdV0YFbnPQ7jf_Ii76F1kQiRT9TS_QW6jCCv0t1vmiFZolch_awfDvAhNxd1rRAopac25W63hHDZdFL4M2XtQLPo8eO4qkC0r9sSIf8Kb6vmYxl9MhRcIJ_gc8_Gq8K7IqxjJrc-5Z525KK9dnvkL3Fqm3yjNtbpt1yEyhxZeZj72tme4KlzXNzNQ%3D%3D&request_ab2=0&zoneid=6651943&js_build=iclick-v1.788.7-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fyu2be.com%2Fvideo%3Fq%3Dutopia&drf=https%3A%2F%2Fyu2be.com%2Fembud%2F4156513836714b754c4638&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.7-auto&navlng=en-US&pnt=0&pnrc=0&bs=9eebab57-52dd-4e52-a82e-4f6495530e27&wasm=1&userId=00805210f1194520f932ada8d3606a63&m=link | 139.45.197.244 | 200 OK | 2.5 kB |
URL GET HTTP/2mordoops.com/?rb=p20amLrRD2-pCAXKSuAHlvxeoY6TWbkVPgRfszaFZUEV13wSJxoWhtqtElDCukf2ccSRFLRJcpsp4FdV0YFbnPQ7jf_Ii76F1kQiRT9TS_QW6jCCv0t1vmiFZolch_awfDvAhNxd1rRAopac25W63hHDZdFL4M2XtQLPo8eO4qkC0r9sSIf8Kb6vmYxl9MhRcIJ_gc8_Gq8K7IqxjJrc-5Z525KK9dnvkL3Fqm3yjNtbpt1yEyhxZeZj72tme4KlzXNzNQ%3D%3D&request_ab2=0&zoneid=6651943&js_build=iclick-v1.788.7-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fyu2be.com%2Fvideo%3Fq%3Dutopia&drf=https%3A%2F%2Fyu2be.com%2Fembud%2F4156513836714b754c4638&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.7-auto&navlng=en-US&pnt=0&pnrc=0&bs=9eebab57-52dd-4e52-a82e-4f6495530e27&wasm=1&userId=00805210f1194520f932ada8d3606a63&m=link IP139.45.197.244:443
Requested byhttps://yu2be.com/video?q=utopia CertificateIssuerLet's Encrypt Subjectmordoops.com Fingerprint0B:32:D8:40:AB:56:05:9B:BD:33:D8:55:19:05:B0:A5:45:79:BA:1D ValiditySun, 28 Apr 2024 05:23:29 GMT - Sat, 27 Jul 2024 05:23:28 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (2504), with no line terminators Hash6f05fdbf0188db0a6e5d8d896260db8e d35e637baae11049004cbb30b493ff9aca3800f7 f2c95e47a9c5ef257115636a635ef2f0c22f457851d6b9c68dbff57ffdb0aa89
GET /?rb=p20amLrRD2-pCAXKSuAHlvxeoY6TWbkVPgRfszaFZUEV13wSJxoWhtqtElDCukf2ccSRFLRJcpsp4FdV0YFbnPQ7jf_Ii76F1kQiRT9TS_QW6jCCv0t1vmiFZolch_awfDvAhNxd1rRAopac25W63hHDZdFL4M2XtQLPo8eO4qkC0r9sSIf8Kb6vmYxl9MhRcIJ_gc8_Gq8K7IqxjJrc-5Z525KK9dnvkL3Fqm3yjNtbpt1yEyhxZeZj72tme4KlzXNzNQ%3D%3D&request_ab2=0&zoneid=6651943&js_build=iclick-v1.788.7-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fyu2be.com%2Fvideo%3Fq%3Dutopia&drf=https%3A%2F%2Fyu2be.com%2Fembud%2F4156513836714b754c4638&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.788.7-auto&navlng=en-US&pnt=0&pnrc=0&bs=9eebab57-52dd-4e52-a82e-4f6495530e27&wasm=1&userId=00805210f1194520f932ada8d3606a63&m=link HTTP/1.1
Host: mordoops.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://yu2be.com/
Origin: https://yu2be.com
DNT: 1
Connection: keep-alive
Cookie: OAID=00805210f1194520f932ada8d3606a63; oaidts=1714857244
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 21:14:04 GMT
content-type: application/json
x-trace-id: ee9a3e33a3c6f19952f01091613f7fa2
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://yu2be.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=00805210f1194520f932ada8d3606a63; expires=Sun, 04 May 2025 21:14:04 GMT; path=/; secure; SameSite=None
oaidts=1714857244; expires=Sun, 04 May 2025 21:14:04 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 11 May 2024 21:14:04 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQyorX8xrpqjTNS2SheNJ3XExCg5MtUDhXX2W2sTzkjAA0yoxrhYrTGGzhi0JJeEtRT3-nCzqw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1325882858%3A1714857244429471&theme=mn&ddm=0 | 74.125.131.84 | 403 Forbidden | 0 B |
URL GET HTTP/3accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQyorX8xrpqjTNS2SheNJ3XExCg5MtUDhXX2W2sTzkjAA0yoxrhYrTGGzhi0JJeEtRT3-nCzqw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1325882858%3A1714857244429471&theme=mn&ddm=0 IP74.125.131.84:443
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint7C:B7:E1:97:03:6E:82:B6:52:F8:EC:C6:C6:50:D9:DD:80:47:E6:A0 ValidityTue, 16 Apr 2024 03:18:53 GMT - Tue, 09 Jul 2024 03:18:52 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQyorX8xrpqjTNS2SheNJ3XExCg5MtUDhXX2W2sTzkjAA0yoxrhYrTGGzhi0JJeEtRT3-nCzqw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1325882858%3A1714857244429471&theme=mn&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 May 2024 21:14:04 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-usGTf3YlK5-8ffzwNNECeg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 3fb4026cec.ffbd26c481.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMjQ5MDg4MzAyOTUyODIyODAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxMTQwMzksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4yNSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== | 45.133.44.53 | 200 OK | 0 B |
URL GET HTTP/23fb4026cec.ffbd26c481.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMjQ5MDg4MzAyOTUyODIyODAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxMTQwMzksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4yNSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== IP45.133.44.53:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subject3fb4026cec.ffbd26c481.com Fingerprint27:04:EE:66:BA:5B:49:EF:14:C8:8F:A8:F2:D9:35:3D:F6:0F:40:6A ValidityWed, 01 May 2024 02:50:26 GMT - Tue, 30 Jul 2024 02:50:25 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMjQ5MDg4MzAyOTUyODIyODAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxMTQwMzksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4yNSwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== HTTP/1.1
Host: 3fb4026cec.ffbd26c481.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:03 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap | 142.250.74.170 | 200 OK | 18 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap IP142.250.74.170:443
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
Hash942d6c103643a3b457d90844f34a9b37 e2594da697f0082ee92f0f1d9b163aed142e09e7 654ba530c9e174b31735ff3b7a9cb8399c9c142e7572046eefd3f90b253f4b54
GET /css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 May 2024 21:14:02 GMT
date: Sat, 04 May 2024 21:14:02 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| yu2be.com/embed.css | 188.114.97.1 | 200 OK | 1.1 kB |
IP188.114.97.1:443
Requested byhttps://yu2be.com/video?q=utopia CertificateIssuerLet's Encrypt Subjectyu2be.com Fingerprint3C:30:E2:11:42:30:CD:21:F1:06:87:EC:9F:A9:56:40:57:B2:4C:EF ValiditySun, 14 Apr 2024 02:05:14 GMT - Sat, 13 Jul 2024 02:05:13 GMT
File typeASCII text, with very long lines (1145), with no line terminators Hash69c7d11151f7c8da1183e16ec826fd58 e20f5a01a0e67b7e5a8966ef0e36894ffa1e7ecf 360cdfd896a7ee8339aa947d0ea0457e3463ec025f989ef2e683c1ea4719d7d1
GET /embed.css HTTP/1.1
Host: yu2be.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/video?q=utopia
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 04 May 2024 21:14:03 GMT
content-type: text/css
last-modified: Thu, 23 Nov 2023 00:03:15 GMT
vary: Accept-Encoding
etag: W/"655e96c3-446"
expires: Sun, 05 May 2024 05:37:01 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 13022
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UglYO9bhRWZWczwG%2FSTsvTHrQAQqRqJyO657uTifS8N0mMcETNup3q976YdkFO7WCAn1zwQklfNh3iZWCT0kzi32sjB7kfV3EKB1ExrRKlCJglCiEmeo1ebohlo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87eb7f8c9df11c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| metrolagu.cam/jembud/4156513836714b754c4638 | 188.114.97.1 | 200 OK | 244 B |
URL GET HTTP/2metrolagu.cam/jembud/4156513836714b754c4638 IP188.114.97.1:443
Requested byhttps://yu2be.com/video?q=utopia CertificateIssuerGoogle Trust Services LLC Subjectmetrolagu.cam Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT
File typeHTML document, ASCII text, with no line terminators Hash3a2ab5abaa84001bfc14fcd38b36aff5 10aeb2bc4dff45e608d67477646423a81ec850a1 483b605085fe90a79a279e326f08b3de14ffca6c0774967aa9327a442c6b0a3b
GET /jembud/4156513836714b754c4638 HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:04 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zNOecYY4zKTtNkFsVBB4Y8EF4vmG8xjTqxWFvjmRqrUNbHViuEk2hcxkj5KLJ8DWZ%2FjuRYwKXeF2U1hep5OyXnEaahWx6Fo1kyWsEtGjRmNvxGAJEBytxDwv3G06QyIC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87eb7f8f4b1bb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| nereserv.com/in/dip?site=native-push&wl=1&event_id=13097e16-141c-45a1-9634-9c4a446b99cc&subid=357529620&sid=3208933822&spot_id=418774&created_at=2024-05-04&timezone=0&ver=7.282.0-b&is_native=1 | 167.235.163.216 | 200 OK | 0 B |
URL GET HTTP/2nereserv.com/in/dip?site=native-push&wl=1&event_id=13097e16-141c-45a1-9634-9c4a446b99cc&subid=357529620&sid=3208933822&spot_id=418774&created_at=2024-05-04&timezone=0&ver=7.282.0-b&is_native=1 IP167.235.163.216:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=13097e16-141c-45a1-9634-9c4a446b99cc&subid=357529620&sid=3208933822&spot_id=418774&created_at=2024-05-04&timezone=0&ver=7.282.0-b&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Sat, 04 May 2024 21:14:03 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| mordoops.com/5/6651943/?oo=1&aab=1 | 139.45.197.244 | 200 OK | 2.9 kB |
URL GET HTTP/2mordoops.com/5/6651943/?oo=1&aab=1 IP139.45.197.244:443
Requested byhttps://yu2be.com/video?q=utopia CertificateIssuerLet's Encrypt Subjectmordoops.com Fingerprint0B:32:D8:40:AB:56:05:9B:BD:33:D8:55:19:05:B0:A5:45:79:BA:1D ValiditySun, 28 Apr 2024 05:23:29 GMT - Sat, 27 Jul 2024 05:23:28 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (3094), with no line terminators Hashf833527624e16d011935f371490f8543 c8d517dff6b9748ec2ebcf7cfcbdb5fda6508f2f bf2022a47d125be929c264470e30fbd4fb9721678eff84a02d79b21deb995a47
GET /5/6651943/?oo=1&aab=1 HTTP/1.1
Host: mordoops.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://yu2be.com
DNT: 1
Connection: keep-alive
Referer: https://yu2be.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 21:14:04 GMT
content-type: application/json
x-trace-id: bc70814224c7b7e4dacea2748faaf8c9
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://yu2be.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00805210f1194520f932ada8d3606a63; expires=Sun, 04 May 2025 21:14:04 GMT; path=/; secure; SameSite=None
oaidts=1714857244; expires=Sun, 04 May 2025 21:14:04 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/style.css | 188.114.96.1 | 200 OK | 259 kB |
URL GET HTTP/2assets.poopcdn.com/style.css IP188.114.96.1:443
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
Size259 kB (259373 bytes) Hashf94acf4d0db64b4a710fc6fce3bc2a49 63753e2bb0367b37084eba7690d9fb752667ecd3 f4c109f2e81af1df1cf0c41934f699fa249176cb27c7b554d3bc664c89fc1340
GET /style.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:02 GMT
content-type: text/css
etag: W/"f94acf4d0db64b4a710fc6fce3bc2a49"
last-modified: Thu, 14 Mar 2024 17:13:04 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 5366
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s3We25q5TE%2FB6kV22i6OWfM%2Fohxzid%2FgIYkjLoDSRKWZ9V1AtTU%2FoWu2FvWVsiRfBZCmUqKfwaDCNFUGvdcgU0zaCFkOTsw0YITvSZqkzf1Ik%2Fim%2FWzCAb83nMPImIQ4lo2H%2BrI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87eb7f863d0456a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| da7b22a400.13199960a1.com/19d44b098ab6aa7dfec36de417c310f1.js | 45.133.44.52 | 200 OK | 168 kB |
URL GET HTTP/2da7b22a400.13199960a1.com/19d44b098ab6aa7dfec36de417c310f1.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectda7b22a400.13199960a1.com Fingerprint07:F4:C8:88:64:13:2A:27:21:B9:21:22:4E:39:31:C9:B4:0B:24:CD ValidityWed, 01 May 2024 02:20:21 GMT - Tue, 30 Jul 2024 02:20:20 GMT
Size168 kB (168338 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /19d44b098ab6aa7dfec36de417c310f1.js HTTP/1.1
Host: da7b22a400.13199960a1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:03 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 24 Apr 2024 09:09:17 GMT
etag: W/"6628cc3d-29192"
content-encoding: gzip
expires: Sat, 04 May 2024 21:19:03 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| da7b22a400.13199960a1.com/22802538876b351854c895125b33cfd1/114039?version_name=a | 45.133.44.52 | 200 OK | 3.3 kB |
URL GET HTTP/2da7b22a400.13199960a1.com/22802538876b351854c895125b33cfd1/114039?version_name=a IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectda7b22a400.13199960a1.com Fingerprint07:F4:C8:88:64:13:2A:27:21:B9:21:22:4E:39:31:C9:B4:0B:24:CD ValidityWed, 01 May 2024 02:20:21 GMT - Tue, 30 Jul 2024 02:20:20 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (3671), with no line terminators Hash31c02957a9d61b0c24725209d7cfaa0a 80867a159b99ce4e7799da3309e88f463bd033db 984f069d9c7f6faa2a30df48772c06d3033b49e00c32e3ca31c6cfce4058436b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /22802538876b351854c895125b33cfd1/114039?version_name=a HTTP/1.1
Host: da7b22a400.13199960a1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:03 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Sat, 04 May 2024 21:19:03 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=d41e02fa-25c2-48a2-b885-e3a692239815&prev_step_diff=1044 | 45.133.44.24 | 200 OK | 486 B |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=d41e02fa-25c2-48a2-b885-e3a692239815&prev_step_diff=1044 IP45.133.44.24:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.com.co/d/8FLuKq68QVA CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashceeb4e8840c24621c0e0352b42b38a5b 03cbceb0134a39267014595938705e2916580644 50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=d41e02fa-25c2-48a2-b885-e3a692239815&prev_step_diff=1044 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 21:14:04 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Sun, 04 May 2025 21:14:04 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|