Report - poopvid.com/d/Y1tPUh9ccQH

Report Overview

Visited public
2024-06-28 16:44:43
Tags
URL
poopvid.com/d/Y1tPUh9ccQH
Finishing URL
poop.li/d/Y1tPUh9ccQH
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Title
Bokep Indo Viral Skandal Pemerkosaan SPG Cantik - Fakebokep - PoopHD

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mp4skin.com	unknown	2023-05-01	2023-05-11 15:44:52	2024-03-31 22:16:39	1.6 kB	3.5 kB	172.67.154.189
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2024-06-28 03:13:54	414 B	104 kB	142.250.74.168
assets.poopcdn.com	unknown	2024-03-14	2024-03-14 18:10:02	2024-04-13 18:33:24	4.1 kB	713 kB	104.21.11.28
img.cdn.house	7653	2019-08-13	2020-01-05 04:30:57	2024-06-22 20:04:15	1.0 kB	484 B	176.9.17.3
pagead2.googlesyndication.com	101	2003-01-21	2021-02-20 16:52:05	2024-06-28 08:48:10	453 B	53 kB	142.251.9.154
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2024-06-27 21:57:49	417 B	742 B	139.45.195.8
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2024-06-28 08:20:16	882 B	119 kB	104.17.25.14
e5.o.lencr.org	unknown	2020-06-29	2024-06-07 07:39:25	2024-06-27 18:22:37	326 B	730 B	2.16.206.143
e6.o.lencr.org	unknown	2020-06-29	2024-06-07 08:35:09	2024-06-27 18:50:11	652 B	1.5 kB	2.16.206.143
show.partners-show.com	unknown	2024-06-12	2024-06-18 12:50:58	2024-06-28 08:33:19	517 B	2.2 kB	162.55.87.44
kamassmyalia.com	unknown	unknown	No data	No data	409 B	1.4 kB	23.109.170.20
o.pki.goog	unknown	2016-06-13	2024-04-24 13:44:57	2024-06-27 18:15:52	2.0 kB	4.2 kB	142.250.74.131
meenetiy.com	unknown	2023-01-04	2023-01-04 10:41:02	2024-06-19 13:30:14	2.2 kB	49 kB	139.45.197.245
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-06-27 18:29:50	476 B	18 kB	142.250.74.106
poop.li	unknown	unknown	2019-04-05 10:23:32	2023-02-13 12:08:25	880 B	10 kB	104.21.19.189
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-06-27 18:12:05	1.6 kB	4.4 kB	23.36.77.32
poopvid.com	unknown	unknown	No data	No data	479 B	804 B	188.114.96.1
i.poopcdn.com	unknown	2024-03-14	2024-03-14 09:46:04	2024-03-18 21:40:37	840 B	21 kB	104.21.11.28
metrolagu.cam	unknown	2023-03-24	2023-08-23 12:17:15	2024-04-15 11:58:10	2.0 kB	35 kB	188.114.97.1
news-xwakabi.com	unknown	unknown	No data	No data	441 B	32 kB	193.108.118.16

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-06-28	medium	meenetiy.com	Sinkholed
2024-06-28	medium	meenetiy.com	Sinkholed
2024-06-28	medium	meenetiy.com	Sinkholed
2024-06-28	medium	kamassmyalia.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	news-xwakabi.com/process.js?id=1232218527&p1=sub1&p2=sub2&p3=sub3&p4=sub4	ScriptElement	31 kB	2024-08-19	2024-08-19
Pretty URL news-xwakabi.com/process.js?id=1232218527&p1=sub1&p2=sub2&p3=sub3&p4=sub4 IP 193.108.118.16 ASN #63023 AS-GLOBALTELEHOST Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 18:54 Last Seen2024-08-19 18:54 Times Seen1 Hash 1f94df6bfdd85a8b12d520ade69dd4ac 5692fac10d4a7b62f3d69b6628eb891446d525b0 c22b08d7a87d44910123c49a3c1fa32a5683e186561a5d2730e5b2bcb1bbe3d7 Loading...

	poop.li/d/Y1tPUh9ccQH	ScriptElement	0 B	0001-01-01	2025-06-19
Pretty URL poop.li/d/Y1tPUh9ccQH IP 104.21.19.189 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-19 03:25 Times Seen5016539 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.googletagmanager.com/gtag/js?id=G-RRBBHD087X	ScriptElement	314 kB	2024-08-19	2024-08-19
Pretty URL www.googletagmanager.com/gtag/js?id=G-RRBBHD087X IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 18:54 Last Seen2024-08-19 18:54 Times Seen2 Hash 3a3dac5f6d05ae9f072c2a37ef19d048 f202fceb6e8ea12c1d4ab31a19791faa248dfae0 a5fb7e65577aac10083f1a9b3819b4f33e69a9aadc9b1269785478b0c8b06db9 Loading...

	poop.li/d/Y1tPUh9ccQH	ScriptElement	0 B	0001-01-01	2025-06-19
Pretty URL poop.li/d/Y1tPUh9ccQH IP 104.21.19.189 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-19 03:25 Times Seen5016539 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	meenetiy.com/5/6678850	ScriptElement	81 kB	2024-08-19	2024-08-19
Pretty URL meenetiy.com/5/6678850 IP 139.45.197.245 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 18:54 Last Seen2024-08-19 18:54 Times Seen1 Hash c5dd519a4abf630e3117792f47de4e66 65cbcda3543c73b702250df2bd405078d4789301 14c21d30a78e8f3eaa184d9d2a38aa8e5c19cf6f87197aee94ab2bc620386184 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-06-19
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-19 03:23 Times Seen114588 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	kamassmyalia.com/rkY9qNIaf1iY/64343	ScriptElement	0 B	0001-01-01	2025-06-19
Pretty URL kamassmyalia.com/rkY9qNIaf1iY/64343 IP 23.109.170.20 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-06-19 03:25 Times Seen5016539 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	poop.li/custom_ads.js	ScriptElement	1.5 kB	2024-08-19	2024-08-19
Pretty URL poop.li/custom_ads.js IP 104.21.19.189 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 18:54 Last Seen2024-08-19 18:54 Times Seen1 Hash d70bfcbc1e5e2acefa075aa7a0c92fa6 3fd04cdc8022d7e05a1e8bffdc0c5e4f9b365b1a c2a8e42a67ef31ffaaf0f4c38e4445c44a6ce2d2a7d48522e2223d93f9edda2e Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js	ScriptElement	88 kB	2023-03-07	2025-06-19
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-19 03:25 Times Seen70276 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

HTTP Transactions (48)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
11d12f1fba8aca9d9418e9d8dc4952bf
815abf5c4b5eb6f908e3c9aa829ee2e6ccdcc449
97f30de1fa8e41bf859ba482af92cec319429e14f4f81a9c675977b672ed7b9a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "97F30DE1FA8E41BF859BA482AF92CEC319429E14F4F81A9C675977B672ED7B9A"
Last-Modified: Fri, 28 Jun 2024 01:53:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4686
Expires: Fri, 28 Jun 2024 18:02:22 GMT
Date: Fri, 28 Jun 2024 16:44:16 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
116ef0f15d988075de9127b4d85aeeac
cd431538d40d2097891757fd0ca8c06b576051e9
7dd2781a8624ca9b8c54539a3c46c44cdd86477de3078e4dab624bfc7ce5b7ae

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7DD2781A8624CA9B8C54539A3C46C44CDD86477DE3078E4DAB624BFC7CE5B7AE"
Last-Modified: Thu, 27 Jun 2024 11:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6035
Expires: Fri, 28 Jun 2024 18:24:51 GMT
Date: Fri, 28 Jun 2024 16:44:16 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
dbfa299a842ee43ec1a3fb8290fcda40
71bcd7b76e849c623cac83d913b31caafdb45344
f7914dbab79ce77341e0c1fe4a9e3defb687942fcd4b17c20ce7c19b315f39df

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F7914DBAB79CE77341E0C1FE4A9E3DEFB687942FCD4B17C20CE7C19B315F39DF"
Last-Modified: Thu, 27 Jun 2024 04:18:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6321
Expires: Fri, 28 Jun 2024 18:29:37 GMT
Date: Fri, 28 Jun 2024 16:44:16 GMT
Connection: keep-alive

poopvid.com/d/Y1tPUh9ccQH

188.114.96.1

301 Moved Permanently

167 B

URL User Request GET HTTP/2
poopvid.com/d/Y1tPUh9ccQH
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectpoopvid.com
FingerprintE1:69:14:94:06:D9:13:60:70:C7:FA:8E:D2:A7:C5:BA:4A:09:11:F1
ValiditySat, 18 May 2024 16:31:14 GMT - Fri, 16 Aug 2024 16:31:13 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
0104c301c5e02bd6148b8703d19b3a73
7436e0b4b1f8c222c38069890b75fa2baf9ca620
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

HTTP Headers

GET /d/Y1tPUh9ccQH HTTP/1.1
Host: poopvid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Fri, 28 Jun 2024 16:44:16 GMT
content-type: text/html
content-length: 167
cache-control: max-age=3600
expires: Fri, 28 Jun 2024 17:44:16 GMT
location: //poop.li/d/Y1tPUh9ccQH
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JtL%2BwNcXmgWS%2FU%2FBxdMYYGX0V78GbWfo5UWnr5rFw9gFihMBx8VGieI24Xw793wRGnyKc8rK%2FmiptUPuu9MxQXfhatn%2FZRDmWhTNOHpjKUC21QZM9OHnV7EQHcU5PA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89af23fdcaf8abd8-CPH
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f29ca2b1b1cbb556f0d5a4ac1f2906f2
78f4be97dfabdc6ab89f933f2ea7300d64b5dcd7
d1fcfb61cf597520a05cb505602cdedb213f1715aea71dea8b76f75bb3ec8eab

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 28 Jun 2024 16:44:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

104.17.25.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.li/d/Y1tPUh9ccQH
Certificate
IssuerLet's Encrypt
Subjectcdnjs.cloudflare.com
Fingerprint3B:5B:7C:DD:19:E8:16:5A:09:22:D6:1E:03:84:8D:B9:A1:32:BF:8E
ValiditySun, 02 Jun 2024 00:47:32 GMT - Sat, 31 Aug 2024 00:47:31 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
28 kB (27748 bytes)
Hash
220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

HTTP Headers

GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.li/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 28 Jun 2024 16:44:17 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 759623
expires: Wed, 18 Jun 2025 16:44:17 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4OgAfH616rs0wvufAN7g7RniPHFQZlQ6FKTGGqEy7D9jpoNqd9tWqMO1Fd1TuRpVYoHjfC80QWyZj9J2sqjKquotOyjcRrUYm4EM2sGaB09utvyU%2FjZGy0%2BChDk0ZR987cgXPzZq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 89af24036adc92ac-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3fc0045ed4dca38262d66d39526221f0
df47e010b86ea11fd988084c35661d527a5b4743
2bc2dce0e4e1d1bfa63689bd673045754cf71e111c8c518cb68f82a21ca6ae08

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 28 Jun 2024 16:44:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=G-RRBBHD087X

142.250.74.168

200 OK

104 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-RRBBHD087X
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://poop.li/d/Y1tPUh9ccQH
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintBA:5D:A9:7F:41:46:B0:37:01:9E:05:B0:92:BA:41:C9:31:5B:4B:4A
ValidityThu, 13 Jun 2024 15:27:14 GMT - Thu, 05 Sep 2024 15:27:13 GMT

File type
JavaScript source, ASCII text, with very long lines (5945)
Size
104 kB (103774 bytes)
Hash
3a3dac5f6d05ae9f072c2a37ef19d048
f202fceb6e8ea12c1d4ab31a19791faa248dfae0
a5fb7e65577aac10083f1a9b3819b4f33e69a9aadc9b1269785478b0c8b06db9

HTTP Headers

GET /gtag/js?id=G-RRBBHD087X HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.li/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 28 Jun 2024 16:44:17 GMT
expires: Fri, 28 Jun 2024 16:44:17 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 103774
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f29ca2b1b1cbb556f0d5a4ac1f2906f2
78f4be97dfabdc6ab89f933f2ea7300d64b5dcd7
d1fcfb61cf597520a05cb505602cdedb213f1715aea71dea8b76f75bb3ec8eab

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 28 Jun 2024 16:44:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

e5.o.lencr.org/

2.16.206.143

346 B

URL
e5.o.lencr.org/
IP
2.16.206.143:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
0dec66b28c707043dbba8d6ce555dc7e
a7eb17f3695bc21c40092a8d5b422ec7e2cac1a6
0269f223f0efff8db9fc47bd42f7dda63a773c31d9aed6d4d29432f8097b0218

HTTP Headers

POST / HTTP/1.1
Host: e5.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "0269F223F0EFFF8DB9FC47BD42F7DDA63A773C31D9AED6D4D29432F8097B0218"
Last-Modified: Fri, 28 Jun 2024 15:15:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16875
Expires: Fri, 28 Jun 2024 21:25:33 GMT
Date: Fri, 28 Jun 2024 16:44:18 GMT
Connection: keep-alive

o.pki.goog/wr2

142.250.74.131

472 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3fc0045ed4dca38262d66d39526221f0
df47e010b86ea11fd988084c35661d527a5b4743
2bc2dce0e4e1d1bfa63689bd673045754cf71e111c8c518cb68f82a21ca6ae08

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 28 Jun 2024 16:44:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

assets.poopcdn.com/fonts/avertastd-regular-webfont.woff2

104.21.11.28

200 OK

24 kB

URL GET HTTP/2
assets.poopcdn.com/fonts/avertastd-regular-webfont.woff2
IP
104.21.11.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.li/d/Y1tPUh9ccQH
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5
ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23812, version 1.524
Size
24 kB (23812 bytes)
Hash
eb586e5a1b86dbf1c866e3ed80f9d18e
280ee78d19c017ab9335f769595e5157d3c4a343
714e70103deac0d67f52a6285c5fabee6088ce4d710ce7e74353503837038baf

HTTP Headers

GET /fonts/avertastd-regular-webfont.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poop.li
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 28 Jun 2024 16:44:18 GMT
content-type: font/woff2
content-length: 23812
access-control-allow-origin: https://poop.li
etag: "eb586e5a1b86dbf1c866e3ed80f9d18e"
last-modified: Thu, 14 Mar 2024 17:32:25 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1788
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=drO%2FgbI7AhPk0UU%2BQBz2%2FyejqX2moQVLZ23H2GU9zZLW5NxsrTSY27c1UaXaY2aYPRSZfQmslQ72XIpElBEg5vBo8Q5ztNqbT%2BHs7%2B72xUUeBg%2FcljVBDRJKJg%2Fu74qpKjLqwiY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89af24053ac11d06-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

assets.poopcdn.com/fonts/avertastd-bold-webfont.woff2

104.21.11.28

200 OK

24 kB

URL GET HTTP/2
assets.poopcdn.com/fonts/avertastd-bold-webfont.woff2
IP
104.21.11.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.li/d/Y1tPUh9ccQH
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5
ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23604, version 1.0
Size
24 kB (23604 bytes)
Hash
e9133fd11f14c09a2e4556c395a0ef7d
00fad09605f3342df5c9aeba130156fe19ade8b0
06244cc9cd0c998581b1bf93f5222deee7d2d0b09299190e163961afa973ba91

HTTP Headers

GET /fonts/avertastd-bold-webfont.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poop.li
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 28 Jun 2024 16:44:18 GMT
content-type: font/woff2
content-length: 23604
access-control-allow-origin: https://poop.li
etag: "e9133fd11f14c09a2e4556c395a0ef7d"
last-modified: Thu, 14 Mar 2024 17:32:22 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1788
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZglOmb%2FnI%2F%2BPxt4pozZtQdiUeC3Ze0OzZ59KkhoDQRgZ77YrSWPhJE1QK4A7Vu2A5tkunwFfykYk8REnm01AUwnhpyqe4KpDMozAGkbGqHu8SFgdOBRyBGxCP5dZEiDv%2BsC4yG4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89af24054afd1d06-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

assets.poopcdn.com/fontawesome/webfonts/fa-duotone-900.woff2

104.21.11.28

200 OK

184 kB

URL GET HTTP/2
assets.poopcdn.com/fontawesome/webfonts/fa-duotone-900.woff2
IP
104.21.11.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.li/d/Y1tPUh9ccQH
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5
ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 184476, version 330.-16253
Size
184 kB (184476 bytes)
Hash
2a6dec1227f9970376f578270a642d06
150a6a7ffdec6e2e2ff4c712d7cee8bd9b930284
e228b909313044a18dec1a674cfd4935071c36eb3eb6a0cd38a45afac6ae3996

HTTP Headers

GET /fontawesome/webfonts/fa-duotone-900.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poop.li
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 28 Jun 2024 16:44:18 GMT
content-type: font/woff2
content-length: 184476
access-control-allow-origin: https://poop.li
etag: "2a6dec1227f9970376f578270a642d06"
last-modified: Thu, 14 Mar 2024 17:23:02 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1761
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5dKwO791Q3RtnHmBHgfqgK0ziGC8b7%2F6hU%2Bv4BUqKV7%2FaetY9VzJNdqM8cSmmkXxPHteE1fOrIQFn1FNWd%2BopDDKblnSQuZUAl50XpHyu0nXj78En8%2Fc%2Fu8qxtPr6wKvQU7neTg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89af24053ac61d06-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

i.poopcdn.com/3c9Uq.jpg

104.21.11.28

200 OK

9.7 kB

URL GET HTTP/2
i.poopcdn.com/3c9Uq.jpg
IP
104.21.11.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/watch?v=Qsct_myRglc
Certificate
IssuerLet's Encrypt
Subjecti.poopcdn.com
Fingerprint4E:E5:75:0D:39:B6:10:44:17:69:08:58:A5:08:63:8C:0D:31:AD:BF
ValiditySun, 12 May 2024 07:44:33 GMT - Sat, 10 Aug 2024 07:44:32 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.54.100", baseline, precision 8, 202x360, components 3
Size
9.7 kB (9686 bytes)
Hash
67ffaf6df7e42a4c383f025b95dfeacc
6d3593d16baf791afe2d7a46388126baa2ba6db2
870b41cf973a0a1ca865834b83f5379ec71f60131319fdb96d0c65b673f4a2cc

HTTP Headers

GET /3c9Uq.jpg HTTP/1.1
Host: i.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.li/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 28 Jun 2024 16:44:18 GMT
content-type: image/jpeg
content-length: 9686
etag: "67ffaf6df7e42a4c383f025b95dfeacc"
last-modified: Wed, 29 May 2024 10:20:26 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r%2FJj007KzsqEjGzo5v0tgk3iFIYDamxTBq8YRLQYZI8uXrZvqd5ElFcxwrEd%2BuCLfpEDYlgv7TOLfIdrSYPwfea2yYk%2BwPurii7%2Fial%2FkkWytG4jnzKstAWymrY4Rq0y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89af24049dab6df0-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

e6.o.lencr.org/

2.16.206.143

345 B

URL
e6.o.lencr.org/
IP
2.16.206.143:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
760f0e10dc968fd290fdd8a1c431f5e4
abb0f367bbb7eae2a1dc3e61d4c6b0d20b50f40e
b7d1a34faea5591594252937083f5e67cc8c04fd4296946f86b5c2d4a048d704

HTTP Headers

POST / HTTP/1.1
Host: e6.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "B7D1A34FAEA5591594252937083F5E67CC8C04FD4296946F86B5C2D4A048D704"
Last-Modified: Fri, 28 Jun 2024 09:12:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7345
Expires: Fri, 28 Jun 2024 18:46:43 GMT
Date: Fri, 28 Jun 2024 16:44:18 GMT
Connection: keep-alive

assets.poopcdn.com/apple-touch-icon.png

104.21.11.28

200 OK

2.8 kB

URL GET HTTP/2
assets.poopcdn.com/apple-touch-icon.png
IP
104.21.11.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.li/d/Y1tPUh9ccQH
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5
ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT

File type
PNG image data, 180 x 180, 8-bit colormap, non-interlaced
Size
2.8 kB (2766 bytes)
Hash
e4acc3f05da8195dfa02a437c8b2dba2
f23df2ed14e5d52417b155ccd11187f3250861dc
8b520e4032a17a3fb0410c6e4c7da29f182ca06861aa2d64db1969927e2db0d4

HTTP Headers

GET /apple-touch-icon.png HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.li/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 28 Jun 2024 16:44:18 GMT
content-type: image/png
content-length: 2766
etag: "e4acc3f05da8195dfa02a437c8b2dba2"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4799
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zNPOEUDmpcnDHJbR6SO%2F5NnwBbN%2FoWwPJO0LkemVQddOpJ%2B7M0ZvhbC%2FzNPdf%2B9mlBwHDfZTSdRVv7K0EXqs4Nmd%2BNPAqfCqr3DRs%2FyarFNbKPejCyoCCNnxj97gyO9zwW5YE3A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89af2407de5c1d06-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

assets.poopcdn.com/favicon-16x16.png

104.21.11.28

200 OK

612 B

URL GET HTTP/2
assets.poopcdn.com/favicon-16x16.png
IP
104.21.11.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.li/d/Y1tPUh9ccQH
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5
ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
612 B (612 bytes)
Hash
ac008ea155d4beee1e93247d7434c77d
f8ea94e94e0cc310202a517a9c445c3d70af564e
283e092dad794fdd9212249389fb2acb6d6846f332413ab2af7bbcced9a4957e

HTTP Headers

GET /favicon-16x16.png HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.li/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 28 Jun 2024 16:44:18 GMT
content-type: image/png
content-length: 612
etag: "ac008ea155d4beee1e93247d7434c77d"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6455
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UA9raHZ5dzZvIIPkMgMQBUOrsm9r7K62eDcfmM%2FPEjXtTVkm0gNif1p%2FylymGAu2IqTpf9eCbLR5i%2FdiXGFLUX6Rj2%2BKssSe3NVn7hvStSCMSnwttmBJs6ATxRPFXG9e9pUmUXs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89af2407ee631d06-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
0c22b10a118098f2cdc4b186e6f8e9a8
cfe8b247d843f42d2205bb16a48cefe38c78526e
1208b1961307dfb3c91a337dfa900f9be57f91cab6a7dd3d7c5e38d2399d5d10

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1208B1961307DFB3C91A337DFA900F9BE57F91CAB6A7DD3D7C5E38D2399D5D10"
Last-Modified: Fri, 28 Jun 2024 05:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10613
Expires: Fri, 28 Jun 2024 19:41:11 GMT
Date: Fri, 28 Jun 2024 16:44:18 GMT
Connection: keep-alive

e6.o.lencr.org/

2.16.206.143

344 B

URL
e6.o.lencr.org/
IP
2.16.206.143:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
20d04f2dc9c536f43e216124f846bb7e
3063e834d20cc4c14e5b30c6296b0aa7effa33b0
11da6c95a8ac7d225e809b900508b94d342cf541a0bc4305166000aae8ff0cc3

HTTP Headers

POST / HTTP/1.1
Host: e6.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "11DA6C95A8AC7D225E809B900508B94D342CF541A0BC4305166000AAE8FF0CC3"
Last-Modified: Wed, 26 Jun 2024 12:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2889
Expires: Fri, 28 Jun 2024 17:32:27 GMT
Date: Fri, 28 Jun 2024 16:44:18 GMT
Connection: keep-alive

img.cdn.house/i/1/TuKWC1eYPhfH4ZrCzMKLBl9-L391w9NK50M7QT3wNqX2Id4zzTxRr_z9xCZCaXatt7VPc-2LEpVxO0U9Ms78bCtpDyX9et4jFZK6gRuJjiltRFeX9V0P-uZ_7_lwFObtElalFbR2FwX9pfwdqcmxWazEm-QbuKK9O_CUy24WUmdNc0tHppsIYF5BvdONbAgXOF02zjqT8129lmSwlgqyjDiuQlFNPtUIijiNNNp5qucflnLLVw0dWkfmrV4TtdJdOF7b69xHBlqsA6gG8PGybAwhvSzQ-ysQ_ibcUEmUa5bsklFEKbAvpKZoCIfhXFuqn4BcwyXNGKtKASLG-9x8Bjy-1MJ4HYqoaSTLYdi8zZdUk1AehAVFkHUFenQhsPNBx321nyALt2bRQ-srn29gDGtiDgA_4rMDrOtM3zerPLWRPFV_bE6cIxHX2bPlpiRaazTExR5LxXR6S5shhZEOuNywMn4tmcI4FVO6F84IlKHhP2rbBbfWm7F4CjlB3QMN72LxbnKjh3O5ALuAsObSVwKfw2ENfa5JIha60dhiOcISD6VIau1yZncZiQIdnmSSlo2ZEm7Fhpd7iMw9--C9nchB3l14itLho7fnSKehcs-K9n9M799SNFCq32LruAg3YJ4=

176.9.17.3

307 Temporary Redirect

0 B

URL GET HTTP/2
img.cdn.house/i/1/TuKWC1eYPhfH4ZrCzMKLBl9-L391w9NK50M7QT3wNqX2Id4zzTxRr_z9xCZCaXatt7VPc-2LEpVxO0U9Ms78bCtpDyX9et4jFZK6gRuJjiltRFeX9V0P-uZ_7_lwFObtElalFbR2FwX9pfwdqcmxWazEm-QbuKK9O_CUy24WUmdNc0tHppsIYF5BvdONbAgXOF02zjqT8129lmSwlgqyjDiuQlFNPtUIijiNNNp5qucflnLLVw0dWkfmrV4TtdJdOF7b69xHBlqsA6gG8PGybAwhvSzQ-ysQ_ibcUEmUa5bsklFEKbAvpKZoCIfhXFuqn4BcwyXNGKtKASLG-9x8Bjy-1MJ4HYqoaSTLYdi8zZdUk1AehAVFkHUFenQhsPNBx321nyALt2bRQ-srn29gDGtiDgA_4rMDrOtM3zerPLWRPFV_bE6cIxHX2bPlpiRaazTExR5LxXR6S5shhZEOuNywMn4tmcI4FVO6F84IlKHhP2rbBbfWm7F4CjlB3QMN72LxbnKjh3O5ALuAsObSVwKfw2ENfa5JIha60dhiOcISD6VIau1yZncZiQIdnmSSlo2ZEm7Fhpd7iMw9--C9nchB3l14itLho7fnSKehcs-K9n9M799SNFCq32LruAg3YJ4=
IP
176.9.17.3:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.li/d/Y1tPUh9ccQH
Certificate
IssuerLet's Encrypt
Subjectimg.cdn.house
Fingerprint09:9D:22:D3:B2:EB:84:A4:18:6E:A5:F8:CC:DF:C1:4A:D3:90:1D:36
ValiditySun, 16 Jun 2024 11:25:36 GMT - Sat, 14 Sep 2024 11:25:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /i/1/TuKWC1eYPhfH4ZrCzMKLBl9-L391w9NK50M7QT3wNqX2Id4zzTxRr_z9xCZCaXatt7VPc-2LEpVxO0U9Ms78bCtpDyX9et4jFZK6gRuJjiltRFeX9V0P-uZ_7_lwFObtElalFbR2FwX9pfwdqcmxWazEm-QbuKK9O_CUy24WUmdNc0tHppsIYF5BvdONbAgXOF02zjqT8129lmSwlgqyjDiuQlFNPtUIijiNNNp5qucflnLLVw0dWkfmrV4TtdJdOF7b69xHBlqsA6gG8PGybAwhvSzQ-ysQ_ibcUEmUa5bsklFEKbAvpKZoCIfhXFuqn4BcwyXNGKtKASLG-9x8Bjy-1MJ4HYqoaSTLYdi8zZdUk1AehAVFkHUFenQhsPNBx321nyALt2bRQ-srn29gDGtiDgA_4rMDrOtM3zerPLWRPFV_bE6cIxHX2bPlpiRaazTExR5LxXR6S5shhZEOuNywMn4tmcI4FVO6F84IlKHhP2rbBbfWm7F4CjlB3QMN72LxbnKjh3O5ALuAsObSVwKfw2ENfa5JIha60dhiOcISD6VIau1yZncZiQIdnmSSlo2ZEm7Fhpd7iMw9--C9nchB3l14itLho7fnSKehcs-K9n9M799SNFCq32LruAg3YJ4= HTTP/1.1
Host: img.cdn.house
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.li/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
server: nginx
date: Fri, 28 Jun 2024 16:44:18 GMT
content-length: 0
location: https://s-img.adskeeper.com/g/15112099/200x200/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE6MSxjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX2ZhY2VzOmF1dG8scV9hdXRvOmdvb2Qsd185NjAvaHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjItMTIvMTAxOTI0LzFhNzNlNWI1YTJjYjk2YWM1YTgyOWMxOWYxODY1MmU5LmpwZWc.webp?v=1719593058-FhfqoELIjVrfsk63J2E4Sj4J9Kc2kWoljwixUbR9UoQ
X-Firefox-Spdy: h2

meenetiy.com/5/6678850

139.45.197.245

200 OK

33 kB

URL GET HTTP/2
meenetiy.com/5/6678850
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://mp4skin.com/video?q=bohongi+hati
Certificate
IssuerLet's Encrypt
Subjectmeenetiy.com
Fingerprint1B:A7:25:F9:81:5C:D2:6F:04:C2:65:38:DA:05:E2:DF:4C:31:75:07
ValiditySun, 28 Apr 2024 05:25:22 GMT - Sat, 27 Jul 2024 05:25:21 GMT

File type
gzip compressed data, max speed, from Unix
Size
33 kB (33226 bytes)
Hash
a8141670a73945915789c8b43fe3afa8
5f0ff55255526cbb74d54a0492231ad2908fb09a
0b03e036bc2673d3a73bf0863fa765f09333e00c6cd53b7b7656812250faaeb9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6678850 HTTP/1.1
Host: meenetiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 28 Jun 2024 16:44:19 GMT
content-type: application/javascript
x-trace-id: fbedc1766ddfc798f71594c1612ce31f
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0080896928c94d50e580a48ba8ef3f85; expires=Sat, 28 Jun 2025 16:44:19 GMT; path=/; secure; SameSite=None
oaidts=1719593059; expires=Sat, 28 Jun 2025 16:44:19 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

i.poopcdn.com/3c9Uq.jpg

104.21.11.28

200 OK

9.7 kB

URL GET HTTP/2
i.poopcdn.com/3c9Uq.jpg
IP
104.21.11.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/watch?v=Qsct_myRglc
Certificate
IssuerLet's Encrypt
Subjecti.poopcdn.com
Fingerprint4E:E5:75:0D:39:B6:10:44:17:69:08:58:A5:08:63:8C:0D:31:AD:BF
ValiditySun, 12 May 2024 07:44:33 GMT - Sat, 10 Aug 2024 07:44:32 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.54.100", baseline, precision 8, 202x360, components 3
Size
9.7 kB (9686 bytes)
Hash
67ffaf6df7e42a4c383f025b95dfeacc
6d3593d16baf791afe2d7a46388126baa2ba6db2
870b41cf973a0a1ca865834b83f5379ec71f60131319fdb96d0c65b673f4a2cc

HTTP Headers

GET /3c9Uq.jpg HTTP/1.1
Host: i.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 28 Jun 2024 16:44:20 GMT
content-type: image/jpeg
content-length: 9686
etag: "67ffaf6df7e42a4c383f025b95dfeacc"
last-modified: Wed, 29 May 2024 10:20:26 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U0WXGTGXVKtjC3UyNlgI1fN3fGi2HW1i8%2FD3KjkFbjBJYlGCJSlPvCgst9nf1Vgn9R7cdOeWIxhwgQwEtA2PPPkv%2BcN6KJ%2B25rwC%2FO1qXN3G3kiobrUoz4VI0udYBC4L"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89af2412ae5e6df0-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

metrolagu.cam/watch?v=Qsct_myRglc

188.114.97.1

200 OK

31 kB

URL POST HTTP/3
metrolagu.cam/watch?v=Qsct_myRglc
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mp4skin.com/video?q=bohongi+hati
Certificate
IssuerGoogle Trust Services
Subjectmetrolagu.cam
Fingerprint54:95:F3:00:3B:6A:05:40:B7:A3:46:47:DD:70:74:4A:10:23:F2:F1
ValidityWed, 12 Jun 2024 08:19:24 GMT - Tue, 10 Sep 2024 08:19:23 GMT

File type
HTML document, ASCII text, with very long lines (3312)
Size
31 kB (30995 bytes)
Hash
0d6cbf4e210ecd7d913fc35ed88b526a
bf76e2c24415ba36340e51ec92e79667182cae6c
19a6c633eb84a960f6703d667ef65399e4fe7884afa34a3866f43ceffa6bd539

HTTP Headers

POST /watch?v=Qsct_myRglc HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/jembud/4851636339685550743159
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 28 Jun 2024 16:44:20 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=usaH%2BMHX5EXNLI%2B6eE4a0sTndK%2B5ActvCOvxRqYVNQaPBAUgtTBuYDpiYqD5buUwVinRsXTbRjQ5AaQoCG9RYRe1Gy0QEzTT6fZ%2BZ3Gv1LUFrgA0e%2B06eLV4lXNKVLHb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89af240f4d209307-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bd40b8a90ed6217f3b296ed755661c13
d03dc1c41eb107c8f2fea006d2563511638a56d8
461da961152b5fed89b999c0e3204030187d54eeacbc266ed5fc6ecfda5393e2

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 28 Jun 2024 16:44:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

142.251.9.154

200 OK

53 kB

URL GET HTTP/2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP
142.251.9.154:443
ASN
#15169 GOOGLE

Requested by
https://metrolagu.cam/watch?v=Qsct_myRglc
Certificate
IssuerGoogle Trust Services
Subject*.g.doubleclick.net
Fingerprint87:0D:4E:49:D5:3A:84:7C:EE:CF:28:04:9B:E0:25:8E:35:E9:1A:E4
ValidityThu, 13 Jun 2024 15:27:09 GMT - Thu, 05 Sep 2024 15:27:08 GMT

File type
JavaScript source, ASCII text, with very long lines (3975)
Size
53 kB (52599 bytes)
Hash
03282b1e3b3cb950ffcfa3638c385b41
30d20c9005d92cd56c70254cd994c93bc0e2f859
b6fc471732f4592bb1f9f379ca66c9f4a07e7cf31eb596de0a3cca6e9026cbc0

HTTP Headers

GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://metrolagu.cam/
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Fri, 28 Jun 2024 16:44:20 GMT
expires: Fri, 28 Jun 2024 16:44:20 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 14187849767909017743
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 52599
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bd40b8a90ed6217f3b296ed755661c13
d03dc1c41eb107c8f2fea006d2563511638a56d8
461da961152b5fed89b999c0e3204030187d54eeacbc266ed5fc6ecfda5393e2

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 28 Jun 2024 16:44:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
985bebf2180eda8dcd1119565d94ce97
5f816ff692a313dc27e217aed9277314e2237ab7
3bbb521f086831797aeedf517d5c71d69ca09c1531bdcd32610e17ad3612cfa1

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3BBB521F086831797AEEDF517D5C71D69CA09C1531BDCD32610E17AD3612CFA1"
Last-Modified: Wed, 26 Jun 2024 07:43:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3483
Expires: Fri, 28 Jun 2024 17:42:24 GMT
Date: Fri, 28 Jun 2024 16:44:21 GMT
Connection: keep-alive

metrolagu.cam/jembud/4851636339685550743159

188.114.97.1

200 OK

174 B

URL GET HTTP/2
metrolagu.cam/jembud/4851636339685550743159
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mp4skin.com/video?q=bohongi+hati
Certificate
IssuerGoogle Trust Services
Subjectmetrolagu.cam
Fingerprint54:95:F3:00:3B:6A:05:40:B7:A3:46:47:DD:70:74:4A:10:23:F2:F1
ValidityWed, 12 Jun 2024 08:19:24 GMT - Tue, 10 Sep 2024 08:19:23 GMT

File type
HTML document, ASCII text
Size
174 B (174 bytes)
Hash
9fa912a64c2447606791dd01112c43a6
f19458eb41d76f85c7abbe4cefc14d132b5626da
8f2295b4aea4e4dd712d50ad3298de5b42c8c5693a59fb8b93607ee1a038b8d0

HTTP Headers

GET /jembud/4851636339685550743159 HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 28 Jun 2024 16:44:19 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ulsLN2EuTMX3tJBqsx1wAlQecA0f%2BggrbVgf5qHMuaqDXCZ9JCNmCU828XodBN%2FNFvLp0Ao0oUydAl7IimcrMDaAMEDj33WRuLKxjYbqxEXGapgNoX6NY7Cy%2F7ep29e8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89af240b99528f54-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

meenetiy.com/5/6678850/?abt_opts=1&js_build=iclick-v1.830.0&userId=080089acdf3348fbf8ebd7a11444def3

139.45.197.245

200 OK

9.4 kB

URL GET HTTP/2
meenetiy.com/5/6678850/?abt_opts=1&js_build=iclick-v1.830.0&userId=080089acdf3348fbf8ebd7a11444def3
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://mp4skin.com/video?q=bohongi+hati
Certificate
IssuerLet's Encrypt
Subjectmeenetiy.com
Fingerprint1B:A7:25:F9:81:5C:D2:6F:04:C2:65:38:DA:05:E2:DF:4C:31:75:07
ValiditySun, 28 Apr 2024 05:25:22 GMT - Sat, 27 Jul 2024 05:25:21 GMT

File type
gzip compressed data, max speed, from Unix
Size
9.4 kB (9361 bytes)
Hash
c987386f51a3df207b98ac1acf3e160a
fabc4960d872e67f3df2bc00f70f3330a8b2f97b
8491a9215abcbb90d61e7ad9b8ed4a48d99c133292df97c1d81d6f759b59f20a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6678850/?abt_opts=1&js_build=iclick-v1.830.0&userId=080089acdf3348fbf8ebd7a11444def3 HTTP/1.1
Host: meenetiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Cookie: OAID=0080896928c94d50e580a48ba8ef3f85; oaidts=1719593059
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 28 Jun 2024 16:44:19 GMT
content-type: application/json
x-trace-id: caa31fb43024869a93dbac07ad8f5fd4
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://mp4skin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=080089acdf3348fbf8ebd7a11444def3; expires=Sat, 28 Jun 2025 16:44:19 GMT; path=/; secure; SameSite=None
oaidts=1719593059; expires=Sat, 28 Jun 2025 16:44:19 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Fri, 05 Jul 2024 16:44:19 GMT; path=/; secure; SameSite=None
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap

142.250.74.106

200 OK

18 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://poop.li/d/Y1tPUh9ccQH
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintC7:12:52:3A:BD:E0:73:20:AD:A8:5F:DF:12:DB:C6:DE:AF:63:88:6B
ValidityThu, 13 Jun 2024 16:32:33 GMT - Thu, 05 Sep 2024 16:32:32 GMT

File type
ASCII text
Size
18 kB (17685 bytes)
Hash
942d6c103643a3b457d90844f34a9b37
e2594da697f0082ee92f0f1d9b163aed142e09e7
654ba530c9e174b31735ff3b7a9cb8399c9c142e7572046eefd3f90b253f4b54

HTTP Headers

GET /css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.li/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 28 Jun 2024 16:44:17 GMT
date: Fri, 28 Jun 2024 16:44:17 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

my.rtmark.net/gid.js

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://mp4skin.com/video?q=bohongi+hati
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint90:47:5A:A5:5F:5F:FA:E6:7C:6F:AB:D2:06:D1:D9:BD:F3:54:9E:6E
ValiditySat, 11 May 2024 20:51:41 GMT - Fri, 09 Aug 2024 20:51:40 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
65 B (65 bytes)
Hash
01c35fd5d9befc144c73be2d2c7c3e9e
c30949d4cec19235018938f165929c237c98370d
2ca8b5c1e66186e67438a2a9227d0798a085ec91e029e32c73870068b989e888

HTTP Headers

GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 28 Jun 2024 16:44:19 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://mp4skin.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=080089acdf3348fbf8ebd7a11444def3; expires=Sat, 28 Jun 2025 16:44:19 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

meenetiy.com/?rb=SK4CIOwaQMcVA73OQgPPmJyMe0LmrmoKQtD6nPMcwn0VxaCWQczev7abg0UCENxGdTg85egmp_q622OhXbasTrQm52BXcEhBQjPOwPYwHdhnzVU1Y2-U_7sFoKcxR9szF_YP9IHoSlPehs-N5WnVgjrlA9IPcyYzAsLl8cONIBs0BLCrkWCx8TSoTGAFXomS3eYTcvPaZwOInrGwLCq6gUwjVaJIiHBBIEQV3ztAF0D0NtjS3Lgllu51T7NqnRo0CJ1onEGTq2Q%3D&request_ab2=1312621&zoneid=6678850&js_build=iclick-v1.830.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=1&pl=https%3A%2F%2Fmp4skin.com%2Fvideo%3Fq%3Dbohongi%2Bhati&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2F4851636339685550743159&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.830.0&navlng=en-US&pnt=0&pnrc=0&wasm=1&bs=357dc19d-8189-4a55-a4e6-74de5ac6b507&userId=080089acdf3348fbf8ebd7a11444def3&m=link

139.45.197.245

200 OK

2.9 kB

URL GET HTTP/2
meenetiy.com/?rb=SK4CIOwaQMcVA73OQgPPmJyMe0LmrmoKQtD6nPMcwn0VxaCWQczev7abg0UCENxGdTg85egmp_q622OhXbasTrQm52BXcEhBQjPOwPYwHdhnzVU1Y2-U_7sFoKcxR9szF_YP9IHoSlPehs-N5WnVgjrlA9IPcyYzAsLl8cONIBs0BLCrkWCx8TSoTGAFXomS3eYTcvPaZwOInrGwLCq6gUwjVaJIiHBBIEQV3ztAF0D0NtjS3Lgllu51T7NqnRo0CJ1onEGTq2Q%3D&request_ab2=1312621&zoneid=6678850&js_build=iclick-v1.830.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=1&pl=https%3A%2F%2Fmp4skin.com%2Fvideo%3Fq%3Dbohongi%2Bhati&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2F4851636339685550743159&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.830.0&navlng=en-US&pnt=0&pnrc=0&wasm=1&bs=357dc19d-8189-4a55-a4e6-74de5ac6b507&userId=080089acdf3348fbf8ebd7a11444def3&m=link
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://mp4skin.com/video?q=bohongi+hati
Certificate
IssuerLet's Encrypt
Subjectmeenetiy.com
Fingerprint1B:A7:25:F9:81:5C:D2:6F:04:C2:65:38:DA:05:E2:DF:4C:31:75:07
ValiditySun, 28 Apr 2024 05:25:22 GMT - Sat, 27 Jul 2024 05:25:21 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2959), with no line terminators
Size
2.9 kB (2929 bytes)
Hash
61cf9a06392b9bd85466906df0baa56d
31dbffcfa8896edc7733c9e27fe317cc587c3095
f2b0f030e71f81a5e7bda6f1b7822053e27a5898937ea3f83f2782342deb3bfd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=SK4CIOwaQMcVA73OQgPPmJyMe0LmrmoKQtD6nPMcwn0VxaCWQczev7abg0UCENxGdTg85egmp_q622OhXbasTrQm52BXcEhBQjPOwPYwHdhnzVU1Y2-U_7sFoKcxR9szF_YP9IHoSlPehs-N5WnVgjrlA9IPcyYzAsLl8cONIBs0BLCrkWCx8TSoTGAFXomS3eYTcvPaZwOInrGwLCq6gUwjVaJIiHBBIEQV3ztAF0D0NtjS3Lgllu51T7NqnRo0CJ1onEGTq2Q%3D&request_ab2=1312621&zoneid=6678850&js_build=iclick-v1.830.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=1&pl=https%3A%2F%2Fmp4skin.com%2Fvideo%3Fq%3Dbohongi%2Bhati&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2F4851636339685550743159&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.830.0&navlng=en-US&pnt=0&pnrc=0&wasm=1&bs=357dc19d-8189-4a55-a4e6-74de5ac6b507&userId=080089acdf3348fbf8ebd7a11444def3&m=link HTTP/1.1
Host: meenetiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mp4skin.com/
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Cookie: OAID=080089acdf3348fbf8ebd7a11444def3; oaidts=1719593059; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 28 Jun 2024 16:44:19 GMT
content-type: application/json
x-trace-id: 7142396ecf93135e01a79631197c498f
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://mp4skin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=080089acdf3348fbf8ebd7a11444def3; expires=Sat, 28 Jun 2025 16:44:19 GMT; path=/; secure; SameSite=None
oaidts=1719593059; expires=Sat, 28 Jun 2025 16:44:19 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Fri, 05 Jul 2024 16:44:19 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

104.17.25.14

200 OK

90 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/watch?v=Qsct_myRglc
Certificate
IssuerLet's Encrypt
Subjectcdnjs.cloudflare.com
Fingerprint3B:5B:7C:DD:19:E8:16:5A:09:22:D6:1E:03:84:8D:B9:A1:32:BF:8E
ValiditySun, 02 Jun 2024 00:47:32 GMT - Sat, 31 Aug 2024 00:47:31 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
90 kB (89476 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Jun 2024 16:44:20 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 763636
expires: Wed, 18 Jun 2025 16:44:20 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ttFQyQ64%2BuvfAatEJwfUtM5VlWQjpWIFP7Qt2NMon7Do8tM8GLIYFXMvvQW8vypuxE6DKVsEZaSMm%2BrQmh%2Bp4Y24ebosC5rarEVV62Rs3wlhkuN6qyzmBw%2B7ObRgAeXWdL8%2BozsF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 89af24130a2392e8-CPH
alt-svc: h3=":443"; ma=86400

poop.li/d/Y1tPUh9ccQH

104.21.19.189

200 OK

7.7 kB

URL User Request GET HTTP/2
poop.li/d/Y1tPUh9ccQH
IP
104.21.19.189:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectpoop.li
Fingerprint92:FD:A4:C0:FD:E9:E0:91:FD:42:D7:5F:A9:D1:C9:47:00:F8:BD:9E
ValidityWed, 26 Jun 2024 05:09:59 GMT - Tue, 24 Sep 2024 05:09:58 GMT

File type
HTML document, ASCII text, with very long lines (8039), with no line terminators
Size
7.7 kB (7728 bytes)
Hash
691dea15bf987dc109b5b1192295bfe8
e9419c061b8beb92e22a1a8c254ef76d1ea74172
6e0a5692266058c02a38d131a438d4b7afabb568b7e9a6016a4c5934046fde8e

HTTP Headers

GET /d/Y1tPUh9ccQH HTTP/1.1
Host: poop.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 28 Jun 2024 16:44:17 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: MISS
last-modified: Fri, 28 Jun 2024 16:44:17 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ydk7T%2FwJNK%2BBXsI%2F%2Bt7HsBaK%2Fz5A3kqO3lb2L9kFraBtQAadcDLIs14AxT2FDPXn5RNFDD7YO47%2FV7rsrtQ%2BYRtP0g22T%2B7yMNAmWvuCFmxYlQ2zDgYodkc8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89af23feafee9302-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

assets.poopcdn.com/style.css

104.21.11.28

200 OK

259 kB

URL GET HTTP/2
assets.poopcdn.com/style.css
IP
104.21.11.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.li/d/Y1tPUh9ccQH
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5
ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT

File type
ASCII text
Size
259 kB (259373 bytes)
Hash
f94acf4d0db64b4a710fc6fce3bc2a49
63753e2bb0367b37084eba7690d9fb752667ecd3
f4c109f2e81af1df1cf0c41934f699fa249176cb27c7b554d3bc664c89fc1340

HTTP Headers

GET /style.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.li/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 28 Jun 2024 16:44:17 GMT
content-type: text/css
etag: W/"f94acf4d0db64b4a710fc6fce3bc2a49"
last-modified: Thu, 14 Mar 2024 17:13:04 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1594
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WasNHq%2FPouviwYDXPAqQcZV6wtk5NDcQ11kyzgs%2BRKuFFi6u2KsBMZnjVaIwjLDEVgWPV97ilduzPTEpYLkyWsCgeGWDibX7o0WTObUqZo61b3GOzynURe5BAYsbAQ9Vvb25S%2BM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89af2403d8951d06-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

assets.poopcdn.com/embed2.css

104.21.11.28

200 OK

2.3 kB

URL GET HTTP/2
assets.poopcdn.com/embed2.css
IP
104.21.11.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.li/d/Y1tPUh9ccQH
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5
ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT

File type
ASCII text, with very long lines (2279), with no line terminators
Size
2.3 kB (2267 bytes)
Hash
f966df8b666f4e6af52c4c5972958a8d
59c598587c742cdd8211376b6a124c27a6a2dc52
943cf282560a6d9565816a7feeaa67cb91804127cf2d34686c932039bec26622

HTTP Headers

GET /embed2.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.li/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 28 Jun 2024 16:44:17 GMT
content-type: text/css
etag: W/"504eba00908d13eb47133d1f92f8048a"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1760
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gyjj8dtJH3pALcJjkOjhV2LVXRc80%2FbThLAHdJoa7l%2Btheb418%2BB9a65kYEc7o%2F%2FMW0SFik6HopG6%2BcQz5cnASbzBLBI3Tljx%2FA4rpBTYB%2BJWaC8q5gn%2BX5DqzPQ41wuXCNS4wc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89af2403c87a1d06-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

news-xwakabi.com/process.js?id=1232218527&p1=sub1&p2=sub2&p3=sub3&p4=sub4

193.108.118.16

200 OK

31 kB

URL GET HTTP/2
news-xwakabi.com/process.js?id=1232218527&p1=sub1&p2=sub2&p3=sub3&p4=sub4
IP
193.108.118.16:443
ASN
#63023 AS-GLOBALTELEHOST

Requested by
https://poop.li/d/Y1tPUh9ccQH
Certificate
IssuerLet's Encrypt
Subject*.news-xwakabi.com
Fingerprint47:1F:DC:99:7E:92:DB:AF:B4:62:BA:93:C9:35:93:E7:9B:D4:D2:27
ValidityThu, 20 Jun 2024 09:57:09 GMT - Wed, 18 Sep 2024 09:57:08 GMT

File type
JavaScript source, ASCII text, with very long lines (30707)
Size
31 kB (31239 bytes)
Hash
1f94df6bfdd85a8b12d520ade69dd4ac
5692fac10d4a7b62f3d69b6628eb891446d525b0
c22b08d7a87d44910123c49a3c1fa32a5683e186561a5d2730e5b2bcb1bbe3d7

HTTP Headers

GET /process.js?id=1232218527&p1=sub1&p2=sub2&p3=sub3&p4=sub4 HTTP/1.1
Host: news-xwakabi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.li/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 28 Jun 2024 16:44:18 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
expires: 0
pragma: no-cache
vary: Origin, Accept-Encoding
X-Firefox-Spdy: h2

assets.poopcdn.com/play.svg

104.21.11.28

200 OK

633 B

URL GET HTTP/2
assets.poopcdn.com/play.svg
IP
104.21.11.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.li/d/Y1tPUh9ccQH
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5
ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT

File type
SVG Scalable Vector Graphics image
Size
633 B (633 bytes)
Hash
fa7e52a78c2db6968656093b3b4f6266
d3c582a7ce14bbe3f2e3a486e8e038d7ccbdfc6a
3ba523164e3d24ae32abd260e3728d4418e4720f145e0571acac76c42e81d3cb

HTTP Headers

GET /play.svg HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.li/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 28 Jun 2024 16:44:18 GMT
content-type: image/svg+xml
etag: W/"85f08506e5a64050719e7e18a26cd9c4"
last-modified: Thu, 14 Mar 2024 17:17:30 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 929
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JYZdFLlb%2FOPcG4W90aA1xZJ3DQBeHG3p0yi38TrtdiWfI33WC6FP6z0A4ABPZIFUD7pyby0M865TQYcgOXPgXeSL34bhmhyrpdnjHebX80Z1xzys07lPMMmW1SAJZiaZ8c6WZ2A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89af24052ab81d06-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

mp4skin.com/embud/4851636339685550743159

172.67.154.189

200 OK

242 B

URL GET HTTP/2
mp4skin.com/embud/4851636339685550743159
IP
172.67.154.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.li/d/Y1tPUh9ccQH
Certificate
IssuerGoogle Trust Services
Subjectmp4skin.com
Fingerprint39:A2:A9:75:17:97:DB:13:85:82:04:56:60:C8:DD:09:B6:A2:C8:B6
ValidityFri, 28 Jun 2024 06:11:06 GMT - Thu, 26 Sep 2024 06:11:05 GMT

File type
HTML document, ASCII text, with no line terminators
Size
242 B (242 bytes)
Hash
b6e6e6bbf988907ac2522f037494a0bb
d4290fab150fd20e48412f91258f50a7294f5ef6
7d6762ce78956f24428baffa5321cea6d9e4b4ec26fa85b827b2162d64398daa

HTTP Headers

GET /embud/4851636339685550743159 HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.li/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 28 Jun 2024 16:44:18 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qEjKafl4ztgmjQWpCK6x080C98V9y0B4Z%2Fx0oVNOMIk57M%2BIvigdvstAuRB5WDu60iEyenBjWvQcxqIOJ735HYkBmNcXO0zl12bEVuIvMclFcgDwe5dKXCNdQG8ZQA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89af24062f59be42-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

poop.li/custom_ads.js

104.21.19.189

200 OK

1.5 kB

URL GET HTTP/3
poop.li/custom_ads.js
IP
104.21.19.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.li/d/Y1tPUh9ccQH
Certificate
IssuerGoogle Trust Services
Subjectpoop.li
Fingerprint92:FD:A4:C0:FD:E9:E0:91:FD:42:D7:5F:A9:D1:C9:47:00:F8:BD:9E
ValidityWed, 26 Jun 2024 05:09:59 GMT - Tue, 24 Sep 2024 05:09:58 GMT

File type
ASCII text, with very long lines (1524), with no line terminators
Size
1.5 kB (1463 bytes)
Hash
89faac2d597d72a7564a5b3ae813169b
e0d554c07621068d06534027f661f7e901e35e1f
131c7856da968b10cd3d0e15cd96597265be84a129e993929f2577c62a550a75

HTTP Headers

GET /custom_ads.js HTTP/1.1
Host: poop.li
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.li/d/Y1tPUh9ccQH
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Jun 2024 16:44:17 GMT
content-type: application/javascript
last-modified: Fri, 28 Jun 2024 05:01:27 GMT
vary: Accept-Encoding
etag: W/"667e43a7-5b7"
expires: Sat, 29 Jun 2024 03:40:02 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: HIT
age: 3855
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Uatvm5X9sX%2BDYvRFnwTbbi1y%2BEvS5TaCoWLy%2F7AE8SJZmtct0OPIPi8X8wF2YNMyVvhzklgOdckuC6myL8sq5KVOn5QpCRySlGGOLxFPQYpReOpbFjsKzkCZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89af2402d999abcf-CPH
alt-svc: h3=":443"; ma=86400

mp4skin.com/embed.css

172.67.154.189

200 OK

755 B

URL GET HTTP/3
mp4skin.com/embed.css
IP
172.67.154.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mp4skin.com/video?q=bohongi+hati
Certificate
IssuerGoogle Trust Services
Subjectmp4skin.com
Fingerprint39:A2:A9:75:17:97:DB:13:85:82:04:56:60:C8:DD:09:B6:A2:C8:B6
ValidityFri, 28 Jun 2024 06:11:06 GMT - Thu, 26 Sep 2024 06:11:05 GMT

File type
ASCII text, with very long lines (757), with no line terminators
Size
755 B (755 bytes)
Hash
893c3050971d660ec53ed6ea64582a05
a06d1563bdeb65aa5f5d68b7f0cefdd6778b6056
a2e4ffd0ece96aa94f183f77575fb2dcdf08483df0fbb8f1324cc9f088e9d1c9

HTTP Headers

GET /embed.css HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/video?q=bohongi+hati
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Jun 2024 16:44:19 GMT
content-type: text/css
cache-control: max-age=43200
cf-bgj: minify
cf-polished: origSize=1094
etag: W/"655cb8cc-446"
expires: Fri, 28 Jun 2024 17:10:58 GMT
last-modified: Tue, 21 Nov 2023 14:03:56 GMT
cf-cache-status: HIT
age: 41601
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ziCug4r8Ze8Hrs9V8APNVfMAsq39aXCEjYPnMGhyZndSwH8vqjoqMKFIO%2FF1TC5V%2F7yq0Au8ANvzy1WMfhRAMsTPA3bE6Pd306x0C7JMZVXHvlq1XKQPm%2BLw168Ifg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89af240b1845abd4-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

metrolagu.cam/play.svg

188.114.97.1

200 OK

633 B

URL GET HTTP/3
metrolagu.cam/play.svg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/watch?v=Qsct_myRglc
Certificate
IssuerGoogle Trust Services
Subjectmetrolagu.cam
Fingerprint54:95:F3:00:3B:6A:05:40:B7:A3:46:47:DD:70:74:4A:10:23:F2:F1
ValidityWed, 12 Jun 2024 08:19:24 GMT - Tue, 10 Sep 2024 08:19:23 GMT

File type
SVG Scalable Vector Graphics image
Size
633 B (633 bytes)
Hash
fa7e52a78c2db6968656093b3b4f6266
d3c582a7ce14bbe3f2e3a486e8e038d7ccbdfc6a
3ba523164e3d24ae32abd260e3728d4418e4720f145e0571acac76c42e81d3cb

HTTP Headers

GET /play.svg HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/embed.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Jun 2024 16:44:20 GMT
content-type: image/svg+xml
last-modified: Thu, 21 Sep 2023 10:51:20 GMT
etag: W/"650c2028-279"
cache-control: max-age=14400
cf-cache-status: HIT
age: 822
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=laSDAllauoZMRh%2BZrHFG3xQNrIlr06kpLunrXg3rxiP9YyJu2FjTgpKFsNi11G73XE5Dcr8k3nv0%2Bhqi5TOo%2Btoss2htgEt5Zb666EjrZiZ%2BjeTBE4SnROz26YpCfdvl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89af2413dbe79307-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

assets.poopcdn.com/bootstrap.min.css

104.21.11.28

200 OK

209 kB

URL GET HTTP/2
assets.poopcdn.com/bootstrap.min.css
IP
104.21.11.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.li/d/Y1tPUh9ccQH
Certificate
IssuerLet's Encrypt
Subjectassets.poopcdn.com
Fingerprint15:C4:A6:77:0F:A0:5B:48:86:88:99:BB:67:FE:4F:D2:C4:92:1F:A5
ValiditySun, 12 May 2024 18:55:07 GMT - Sat, 10 Aug 2024 18:55:06 GMT

File type
ASCII text, with very long lines (625)
Size
209 kB (208810 bytes)
Hash
3ad35d9c124d6c7d13f776dde0df9286
1bfc432b338ca01be6b05ab8e87f4a63caa8d82b
10c142c79bbbfe42ce677eedeee70f918de0e759feabc175f423543aee886a6b

HTTP Headers

GET /bootstrap.min.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.li/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 28 Jun 2024 16:44:17 GMT
content-type: text/css
etag: W/"3ad35d9c124d6c7d13f776dde0df9286"
last-modified: Thu, 14 Mar 2024 17:13:03 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1593
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ycQFmVgg3a5a%2BeE5EmEIKlLgnwZHZ85XlUdZ54HMfDbPoM6CLrfvaZ95ADcWXLq8iCDsxFatZWkT7WejhZtXH7FA0QcF96mghkvbr%2FcGAJIDzoMFxenEfuinGxc81o%2F5qswiSQY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89af2403c87c1d06-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

show.partners-show.com/api/v1/inpage/show/?uid=182223&subacc=1232218527&sub1=&sub2=&sub3=&sub4=&adult=true&limit=1&traffic=adult

162.55.87.44

200 OK

1.7 kB

URL GET HTTP/2
show.partners-show.com/api/v1/inpage/show/?uid=182223&subacc=1232218527&sub1=&sub2=&sub3=&sub4=&adult=true&limit=1&traffic=adult
IP
162.55.87.44:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.li/d/Y1tPUh9ccQH
Certificate
IssuerLet's Encrypt
Subjectshow.partners-show.com
Fingerprint98:9A:E8:1A:7B:F1:CA:B8:29:2B:C1:3D:AA:D0:22:D0:40:8A:D9:43
ValiditySat, 15 Jun 2024 18:27:27 GMT - Fri, 13 Sep 2024 18:27:26 GMT

File type
ASCII text, with very long lines (1762), with no line terminators
Size
1.7 kB (1742 bytes)
Hash
ff1d057f54c8e5a2f4bfe1f96c6ef0a5
89b1813ae773e9de0a9fccb7e29b3fadefd2ccdc
53ffd322e8afa442a6891e04e0e3a8342a055f40df33b8ca19351349870b2a03

HTTP Headers

GET /api/v1/inpage/show/?uid=182223&subacc=1232218527&sub1=&sub2=&sub3=&sub4=&adult=true&limit=1&traffic=adult HTTP/1.1
Host: show.partners-show.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://poop.li/
Origin: https://poop.li
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 28 Jun 2024 16:44:18 GMT
content-type: application/json
accept-ch: Sec-CH-UA, Sec-CH-UA-Model, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Wow64
access-control-allow-origin: https://poop.li
vary: Origin
content-encoding: br
X-Firefox-Spdy: h2

mp4skin.com/video?q=bohongi+hati

172.67.154.189

200 OK

633 B

URL POST HTTP/3
mp4skin.com/video?q=bohongi+hati
IP
172.67.154.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.li/d/Y1tPUh9ccQH
Certificate
IssuerGoogle Trust Services
Subjectmp4skin.com
Fingerprint39:A2:A9:75:17:97:DB:13:85:82:04:56:60:C8:DD:09:B6:A2:C8:B6
ValidityFri, 28 Jun 2024 06:11:06 GMT - Thu, 26 Sep 2024 06:11:05 GMT

File type
HTML document, ASCII text, with very long lines (672), with no line terminators
Size
633 B (633 bytes)
Hash
988b6520e56f49f7797912d40e1210e4
7f7b64c3ab124ba4d91091074f2bca823de8bbe0
cbab71b31481338d5ce8b56a72b8ae379b8b0cde7b06ae34b8a32f0688550c83

HTTP Headers

POST /video?q=bohongi+hati HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/embud/4851636339685550743159
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Jun 2024 16:44:18 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vRVUgcdBpWpnGA1WOCOeqDAdBqbhTqbQ5dTxzMayGcbEiwQPm408%2Bymz19PH%2BczbHYtuvYbAELtZQp7VQkv4TzL8TMNcz%2FZtYRqfMgyXhPv61Smu8%2FXIG%2B8DAB148g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 89af24085b41abd4-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

kamassmyalia.com/rkY9qNIaf1iY/64343

23.109.170.20

200 OK

0 B

URL GET HTTP/1.1
kamassmyalia.com/rkY9qNIaf1iY/64343
IP
23.109.170.20:443
ASN
#7979 SERVERS-COM

Requested by
https://metrolagu.cam/watch?v=Qsct_myRglc
Certificate
IssuerLet's Encrypt
Subjectkamassmyalia.com
Fingerprint81:90:90:7B:5A:2D:2C:4A:E1:55:D1:91:82:05:5D:61:2B:7E:A2:13
ValidityThu, 13 Jun 2024 16:03:49 GMT - Wed, 11 Sep 2024 16:03:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rkY9qNIaf1iY/64343 HTTP/1.1
Host: kamassmyalia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Jun 2024 16:44:21 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://metrolagu.cam
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sat, 29-Jun-2024 16:44:21 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sat, 29-Jun-2024 16:44:21 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

metrolagu.cam/embed.css

188.114.97.1

200 OK

1.1 kB

URL GET HTTP/3
metrolagu.cam/embed.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/watch?v=Qsct_myRglc
Certificate
IssuerGoogle Trust Services
Subjectmetrolagu.cam
Fingerprint54:95:F3:00:3B:6A:05:40:B7:A3:46:47:DD:70:74:4A:10:23:F2:F1
ValidityWed, 12 Jun 2024 08:19:24 GMT - Tue, 10 Sep 2024 08:19:23 GMT

File type
ASCII text, with very long lines (1145), with no line terminators
Size
1.1 kB (1094 bytes)
Hash
69c7d11151f7c8da1183e16ec826fd58
e20f5a01a0e67b7e5a8966ef0e36894ffa1e7ecf
360cdfd896a7ee8339aa947d0ea0457e3463ec025f989ef2e683c1ea4719d7d1

HTTP Headers

GET /embed.css HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/watch?v=Qsct_myRglc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 28 Jun 2024 16:44:20 GMT
content-type: text/css
last-modified: Thu, 28 Sep 2023 15:07:59 GMT
etag: W/"651596cf-446"
expires: Sat, 29 Jun 2024 02:21:22 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 8578
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dfKbzFG8bxrzdJmL6xrz3R4YZE3VkYi870J0p4A2q8FEXOyHl6DYxR%2FlK3RbkaUqAPv8otU64DnB1fr7XIHXPavGSSoRwzU%2BQJpggs8kcdcMP6ax%2FuvHt7cc%2FGohCO9X"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 89af24131ae19307-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (48)

URL

IP

ASN