| cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js | 104.17.24.14 | 200 OK | 28 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js IP104.17.24.14:443
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hash220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:34 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 76713
expires: Wed, 30 Apr 2025 22:49:34 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SeUcYDq14gqZ3zHlPpZJ8SOi2rQ%2FxwMITF2oA6%2FcF904tWeviIyLw%2B5gJGZQ93n8LSX%2FbQ6T89p8BVoqo93Aqo%2Fsr8LSNlZhtxbHAxf8iZRgtLJPn2k%2Bf8pfhc7oQC3z1tzgoiFw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 881d7bb3cf1bb521-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| poop.com.co/d/3sFZRvmGXlX | 188.114.96.1 | 200 OK | 11 kB |
URL User Request GET HTTP/2poop.com.co/d/3sFZRvmGXlX IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectpoop.com.co FingerprintEA:EE:EE:71:08:93:82:E5:DD:72:09:B4:34:3A:43:B8:CC:B7:6D:7F ValidityWed, 10 Apr 2024 13:32:28 GMT - Tue, 09 Jul 2024 13:32:27 GMT
File typeHTML document, ASCII text, with very long lines (6442) Hash29c0499e84dfc21d282c705c26784d85 d45b6927f30fd6fce3b633ee37b01cfc5ad889d7 79632efaa8d5ec62b55ecb3adec821eaf8e0a9a38cafb9ae6a1aeb8428a23a37
GET /d/3sFZRvmGXlX HTTP/1.1
Host: poop.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:33 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=1200
cf-cache-status: MISS
last-modified: Fri, 10 May 2024 22:49:33 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yxOmCjlDXFe%2BmtY8EZZZNGA25MJa3dQD4XzrsABKaxxD4CeNhyYwS2j8TgmiazQmGT7Qxac64wRnBQqb8wAV0ecL3oGTAMPnnT2rMI4faaU2uFNQOj6rCoTvSxeytg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881d7bb0e9edb4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-RRBBHD087X | 142.250.74.168 | 200 OK | 102 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=G-RRBBHD087X IP142.250.74.168:443
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (5955) Size102 kB (102279 bytes) Hash591426b889eaa8c77b95fc17acf5d0f0 7983fb0c14b07cabcaa7531dd58524dc263e2f7b 295b16cad43895378aa3f5d42538cc8e5283e3a52817f021e725b810a8fe6b3c
GET /gtag/js?id=G-RRBBHD087X HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 10 May 2024 22:49:34 GMT
expires: Fri, 10 May 2024 22:49:34 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 102279
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/fonts/avertastd-regular-webfont.woff2 | 188.114.97.1 | 200 OK | 24 kB |
URL GET HTTP/2assets.poopcdn.com/fonts/avertastd-regular-webfont.woff2 IP188.114.97.1:443
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 23812, version 1.524 Hasheb586e5a1b86dbf1c866e3ed80f9d18e 280ee78d19c017ab9335f769595e5157d3c4a343 714e70103deac0d67f52a6285c5fabee6088ce4d710ce7e74353503837038baf
GET /fonts/avertastd-regular-webfont.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:34 GMT
content-type: font/woff2
content-length: 23812
access-control-allow-origin: https://poop.com.co
etag: "eb586e5a1b86dbf1c866e3ed80f9d18e"
last-modified: Thu, 14 Mar 2024 17:32:25 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 605
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ep8OnPXUCLf1wwvtjJZ6n0p7SDOeFuyo3bqVcupB05oQesXH5JnDJ1b4JIh4AgwsSBQVMZwLa2OR0XmjnaZfebUx6oXkPz5eTiWFaM8%2FMvMqCNKfBNMomzyTJLbIvM%2FRFA5k5QQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881d7bb6ed917127-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/fontawesome/webfonts/fa-duotone-900.woff2 | 188.114.97.1 | 200 OK | 184 kB |
URL GET HTTP/2assets.poopcdn.com/fontawesome/webfonts/fa-duotone-900.woff2 IP188.114.97.1:443
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 184476, version 330.-16253 Size184 kB (184476 bytes) Hash2a6dec1227f9970376f578270a642d06 150a6a7ffdec6e2e2ff4c712d7cee8bd9b930284 e228b909313044a18dec1a674cfd4935071c36eb3eb6a0cd38a45afac6ae3996
GET /fontawesome/webfonts/fa-duotone-900.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:34 GMT
content-type: font/woff2
content-length: 184476
access-control-allow-origin: https://poop.com.co
etag: "2a6dec1227f9970376f578270a642d06"
last-modified: Thu, 14 Mar 2024 17:23:02 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1528
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LQaWclAfjMQEqILKR1W%2B0jCo134fMu2pcAeOFfJHonWWlEq7LBjUqMBlKMaAIXe6%2F6sicFF5kiqS5VsuyNHOQOctkVlQJIU0s5ZAQvBRmWGv5bAkZ7Tcisgz3qPIPdmYB4SSTVQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881d7bb6ed997127-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/play.svg | 188.114.97.1 | 200 OK | 24 kB |
URL GET HTTP/2assets.poopcdn.com/play.svg IP188.114.97.1:443
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typeSVG Scalable Vector Graphics image Hash85f08506e5a64050719e7e18a26cd9c4 cda07433539f1346406e7dde1a92ea6346d593d7 b6280b025f54d1e117f8515da139cc3d7c64955a5342fd81498431578336dd08
GET /play.svg HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:34 GMT
content-type: image/svg+xml
etag: W/"85f08506e5a64050719e7e18a26cd9c4"
last-modified: Thu, 14 Mar 2024 17:17:30 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2708
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CKKBZ9v%2Foge0i75NqjQrIkNfinHeYtiH%2BrDEqLJ6g8anyUg7YNIugnNnJjGvXcCZIYQySEWAqMZ6gtRdEtfJfsXbKwA%2F6iasVCd76XHJ3Sqcss5uKr09J%2Bi%2FggIClAnNJCRC1FY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881d7bb6dd8a7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/apple-touch-icon.png | 188.114.97.1 | 200 OK | 2.8 kB |
URL GET HTTP/2assets.poopcdn.com/apple-touch-icon.png IP188.114.97.1:443
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typePNG image data, 180 x 180, 8-bit colormap, non-interlaced Hashe4acc3f05da8195dfa02a437c8b2dba2 f23df2ed14e5d52417b155ccd11187f3250861dc 8b520e4032a17a3fb0410c6e4c7da29f182ca06861aa2d64db1969927e2db0d4
GET /apple-touch-icon.png HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:34 GMT
content-type: image/png
content-length: 2766
etag: "e4acc3f05da8195dfa02a437c8b2dba2"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6SgxmYxOtOwTmfh12GdUa2bDgxFcBL9fxba7W2x7ygvGtYvAxpoMG%2BVE2UTsWAARcUqcXckLvmLFINTvCiF%2Fy9r6Vg6Hj65O5q4wPD9gRP7WoLZ65bJT9e1pfuI%2F%2BawbMmHmM8E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881d7bb7de2b7127-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/favicon-16x16.png | 188.114.97.1 | 200 OK | 612 B |
URL GET HTTP/2assets.poopcdn.com/favicon-16x16.png IP188.114.97.1:443
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hashac008ea155d4beee1e93247d7434c77d f8ea94e94e0cc310202a517a9c445c3d70af564e 283e092dad794fdd9212249389fb2acb6d6846f332413ab2af7bbcced9a4957e
GET /favicon-16x16.png HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:34 GMT
content-type: image/png
content-length: 612
etag: "ac008ea155d4beee1e93247d7434c77d"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1c61CPg2vSpkLvDkLirfnFmq1rnzGgM1grQWe7sfCwxQihQFHybSNRpDc3LIkaVP3ssj%2FVtMtOvkAtin2rNGMDHcBaOMywjsgmHl4n4lDOd88o6pAXPoO0AiS1IUnOJVwN8wfzw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881d7bb7de2d7127-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| berlagu.com/media/b7N--n5a2Vw | 104.21.67.123 | 200 OK | 5.4 kB |
URL POST HTTP/3berlagu.com/media/b7N--n5a2Vw IP104.21.67.123:443
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerGoogle Trust Services LLC Subjectberlagu.com FingerprintD6:84:30:6A:D8:0F:B0:3B:F8:82:9A:7D:B3:E1:CC:FF:4D:FD:C3:5B ValidityTue, 30 Apr 2024 15:25:12 GMT - Mon, 29 Jul 2024 15:25:11 GMT
File typeHTML document, ASCII text Hashca5a1f04801d1b20a8d5826f0217c6b8 3e12e419bcfabddf024a6e8692f5cdebbd995136 19d7e7e29ccab3ccc54d954dffea8252bb61a4217a8a05ad6c007bc5fc1baa51
POST /media/b7N--n5a2Vw HTTP/1.1
Host: berlagu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
Origin: https://berlagu.com
DNT: 1
Connection: keep-alive
Referer: https://berlagu.com/jembud/586c58476d76525a467333
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 22:49:35 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kVqwlgwTdPe0%2Fg%2FBNT%2BnFTb1%2B8fjlsTFGxxf6ATIGYWiXLXjNKwHvWO2AsvAJgnQmOdqfZ1KovXKJ0ojK7sqycMtfrCEmTVth3hi4n5porLP0AIDl3zgNp6x92UyMw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881d7bb9c81eb527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fp.metricswpsh.com/fp?tag_id=114039 | 157.90.84.242 | 200 OK | 0 B |
URL POST HTTP/1.1fp.metricswpsh.com/fp?tag_id=114039 IP157.90.84.242:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.com.co/
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Fri, 10 May 2024 22:49:35 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://poop.com.co
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
|
|
| assets.poopcdn.com/bootstrap.min.css | 188.114.97.1 | 200 OK | 28 kB |
URL GET HTTP/2assets.poopcdn.com/bootstrap.min.css IP188.114.97.1:443
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typeASCII text, with very long lines (625) Hash3ad35d9c124d6c7d13f776dde0df9286 1bfc432b338ca01be6b05ab8e87f4a63caa8d82b 10c142c79bbbfe42ce677eedeee70f918de0e759feabc175f423543aee886a6b
GET /bootstrap.min.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:34 GMT
content-type: text/css
etag: W/"3ad35d9c124d6c7d13f776dde0df9286"
last-modified: Thu, 14 Mar 2024 17:13:03 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pg5gSxtqkogduhieg8facpgp8PoYZxxCn9voBGyJtp%2F95evNbwUI58tdrEQMiIkc0FShvLzfF11yyiUmo1kvKSZTU2jbB9UGWqQUzySMJf3NKXYFJB9giFXOtNQ10fPld9ODR6s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881d7bb45b977127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| wakenssponged.com/rizdGR8ExUj7Bb6T/65101 | 23.109.170.102 | 200 OK | 20 B |
URL GET HTTP/1.1wakenssponged.com/rizdGR8ExUj7Bb6T/65101 IP23.109.170.102:443
Requested byhttps://berlagu.com/media/b7N--n5a2Vw CertificateIssuerLet's Encrypt Subjectwakenssponged.com Fingerprint60:B4:CD:84:D4:B8:AD:E3:DD:AB:C3:4C:E5:5E:98:A7:D0:68:F6:AE ValidityTue, 23 Apr 2024 23:04:49 GMT - Mon, 22 Jul 2024 23:04:48 GMT
File typegzip compressed data, from Unix Hash7029066c27ac6f5ef18d660d5741979a 46c6643f07aa7f6bfe7118de926b86defc5087c4 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /rizdGR8ExUj7Bb6T/65101 HTTP/1.1
Host: wakenssponged.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://berlagu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 22:49:35 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://berlagu.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sat, 11-May-2024 22:49:35 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sat, 11-May-2024 22:49:35 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| ef34ee98f7.0b2d458c45.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI3NjQ2NTgzNTQ3OTgyNzA1MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIyLjAiLCJ0YWdfaWQiOjExNDAzOSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjI4LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9 | 45.133.44.53 | 200 OK | 0 B |
URL GET HTTP/2ef34ee98f7.0b2d458c45.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI3NjQ2NTgzNTQ3OTgyNzA1MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIyLjAiLCJ0YWdfaWQiOjExNDAzOSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjI4LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9 IP45.133.44.53:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subjectef34ee98f7.0b2d458c45.com Fingerprint7E:FF:35:2B:6F:6E:5F:D7:37:70:83:6B:E4:B9:B9:4C:4B:D8:3A:6B ValidityTue, 07 May 2024 02:50:30 GMT - Mon, 05 Aug 2024 02:50:29 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI3NjQ2NTgzNTQ3OTgyNzA1MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIyLjAiLCJ0YWdfaWQiOjExNDAzOSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjI4LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9 HTTP/1.1
Host: ef34ee98f7.0b2d458c45.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:35 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| nereserv.com/in/dip?event_id=8ea89379-82b6-4682-a8f4-6241bf3cfa92&subid=2015216722&spot_id=430412&created_at=2024-05-10&timezone=0&ver=1.141.0 | 167.235.163.216 | 200 OK | 0 B |
URL GET HTTP/2nereserv.com/in/dip?event_id=8ea89379-82b6-4682-a8f4-6241bf3cfa92&subid=2015216722&spot_id=430412&created_at=2024-05-10&timezone=0&ver=1.141.0 IP167.235.163.216:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?event_id=8ea89379-82b6-4682-a8f4-6241bf3cfa92&subid=2015216722&spot_id=430412&created_at=2024-05-10&timezone=0&ver=1.141.0 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 22:49:35 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| nereserv.com/in/dip?site=native-push&wl=1&event_id=c59894ee-6d7c-47b6-b329-6117a9a02b48&subid=388464194&sid=2231826105&spot_id=418776&created_at=2024-05-10&timezone=0&ver=8.159.0&is_native=1 | 167.235.163.216 | 200 OK | 0 B |
URL GET HTTP/2nereserv.com/in/dip?site=native-push&wl=1&event_id=c59894ee-6d7c-47b6-b329-6117a9a02b48&subid=388464194&sid=2231826105&spot_id=418776&created_at=2024-05-10&timezone=0&ver=8.159.0&is_native=1 IP167.235.163.216:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=c59894ee-6d7c-47b6-b329-6117a9a02b48&subid=388464194&sid=2231826105&spot_id=418776&created_at=2024-05-10&timezone=0&ver=8.159.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 22:49:35 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| nereserv.com/in/dip?site=native-push&wl=1&event_id=735ffdc6-dc5f-4f75-b6ca-7a7b71bf301e&subid=357529620&sid=1606654276&spot_id=418774&created_at=2024-05-10&timezone=0&ver=8.159.0&is_native=1 | 167.235.163.216 | 200 OK | 0 B |
URL GET HTTP/2nereserv.com/in/dip?site=native-push&wl=1&event_id=735ffdc6-dc5f-4f75-b6ca-7a7b71bf301e&subid=357529620&sid=1606654276&spot_id=418774&created_at=2024-05-10&timezone=0&ver=8.159.0&is_native=1 IP167.235.163.216:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=735ffdc6-dc5f-4f75-b6ca-7a7b71bf301e&subid=357529620&sid=1606654276&spot_id=418774&created_at=2024-05-10&timezone=0&ver=8.159.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 22:49:35 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| 1734081ce4.64c8149326.com/in/multy | 157.90.84.246 | 204 No Content | 0 B |
URL OPTIONS HTTP/21734081ce4.64c8149326.com/in/multy IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subject64c8149326.com FingerprintDB:0F:EB:EA:A1:42:59:73:1B:D0:36:13:DB:07:12:64:1B:07:5B:A7 ValidityMon, 06 May 2024 14:02:01 GMT - Sun, 04 Aug 2024 14:02:00 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /in/multy HTTP/1.1
Host: 1734081ce4.64c8149326.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.com.co/
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx/1.20.1
date: Fri, 10 May 2024 22:49:35 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| 1734081ce4.64c8149326.com/in/multy | 157.90.84.246 | 204 No Content | 0 B |
URL OPTIONS HTTP/21734081ce4.64c8149326.com/in/multy IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subject64c8149326.com FingerprintDB:0F:EB:EA:A1:42:59:73:1B:D0:36:13:DB:07:12:64:1B:07:5B:A7 ValidityMon, 06 May 2024 14:02:01 GMT - Sun, 04 Aug 2024 14:02:00 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /in/multy HTTP/1.1
Host: 1734081ce4.64c8149326.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.com.co/
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx/1.20.1
date: Fri, 10 May 2024 22:49:35 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| i.poopcdn.com/xmJjk.jpg | 188.114.96.1 | 200 OK | 6.0 kB |
IP188.114.96.1:443
Requested byhttps://metrolagu.cam/watch?v=Da4P2uT4mVc CertificateIssuerLet's Encrypt Subjecti.poopcdn.com Fingerprint94:CF:0E:89:D9:78:6D:10:14:DF:D3:8A:C2:3E:AE:81:F9:AC:73:03 ValidityThu, 14 Mar 2024 07:45:46 GMT - Wed, 12 Jun 2024 07:45:45 GMT
File typeJPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.54.100", baseline, precision 8, 320x180, components 3 Hashabf078c7e340d91abe38e5e99aa49300 0ec73765b20548b03becc5d627f3f2b88b103428 107940cea4c5ce70e0e55a799f12fddaa87b6db8b604b383848a030228f4af72
GET /xmJjk.jpg HTTP/1.1
Host: i.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:35 GMT
content-type: image/jpeg
content-length: 5987
etag: "abf078c7e340d91abe38e5e99aa49300"
last-modified: Fri, 10 May 2024 04:42:56 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2633
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uOonQQuOnusnR7ZF8ZLy2JhEhwYBeaj%2FKZtdqEHIZJPk%2BAfYOAaxu%2BRrvctKijDBLE1j3I4kAyRx9KqAKQ%2BJaO3bmaacNajuCMrPlK%2B1e5zohnIJNz9WefQpM5thNm%2Bm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881d7bbfebf3b512-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js | 104.17.24.14 | 200 OK | 28 kB |
URL GET HTTP/3cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js IP104.17.24.14:443
Requested byhttps://metrolagu.cam/watch?v=Da4P2uT4mVc CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hashdc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 10 May 2024 22:49:36 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 248497
expires: Wed, 30 Apr 2025 22:49:36 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lf9pvv14ldp4JfGs6q%2FpOG78EwGIMFYf6Lf1zigDyz4I7FYbK4F%2BoiyPRdtHyzrooeCFCv7L%2BDEsQGkD3Vwk2RCV2vZTfAI88sY%2Fg9VBqkBaGwcjRvwify6jP78TnNu0otjfcydQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 881d7bbfff05b503-OSL
alt-svc: h3=":443"; ma=86400
|
|
| o.pki.goog/wr2 | 142.250.74.131 | | 471 B |
IP142.250.74.131:0
Hash11052695b701a95eeafc403471ba37b2 e5f56ea3634511055543f120e7d55219722c55a5 5602dd10bde28abf89ae0a31a3824b20db75f39d0a7c05e1f8f43807f77064eb
POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 10 May 2024 22:49:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| paronymtethery.com/rSfAH4Kr7lm28/64343 | 23.109.170.224 | 200 OK | 20 B |
URL GET HTTP/1.1paronymtethery.com/rSfAH4Kr7lm28/64343 IP23.109.170.224:443
Requested byhttps://metrolagu.cam/watch?v=Da4P2uT4mVc CertificateIssuerLet's Encrypt Subjectparonymtethery.com Fingerprint63:F2:88:89:1F:F8:81:BA:AE:2C:AE:99:FD:C3:5F:47:2F:0B:DE:F1 ValidityMon, 29 Apr 2024 18:59:43 GMT - Sun, 28 Jul 2024 18:59:42 GMT
File typegzip compressed data, from Unix Hash7029066c27ac6f5ef18d660d5741979a 46c6643f07aa7f6bfe7118de926b86defc5087c4 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /rSfAH4Kr7lm28/64343 HTTP/1.1
Host: paronymtethery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 10 May 2024 22:49:36 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://metrolagu.cam
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sat, 11-May-2024 22:49:36 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sat, 11-May-2024 22:49:36 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube | 74.125.131.84 | 302 Found | 0 B |
URL GET HTTP/2accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube IP74.125.131.84:443
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerGoogle Trust Services Subjectaccounts.google.com Fingerprint75:65:5E:EB:A9:59:16:DF:32:A3:39:DC:8A:A2:FD:28:92:33:6B:0D ValidityTue, 16 Apr 2024 04:20:43 GMT - Tue, 09 Jul 2024 04:20:42 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:uKwD99ZJ4Mrdh_eh6zAukcEse4W-tw:_gUKlULeBQqL6dly; Expires=Sun, 10-May-2026 22:49:36 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 10 May 2024 22:49:36 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQyV8fK0qOfAM5Dil0fc0jI-V12My2iX0dRIujbA7knYWXvoK5bMpfHeziEDSHnx2LGBRV9H
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-eCvVxfiXPQnI8WmS0c-UDw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1734081ce4.64c8149326.com/in/multy | 157.90.84.246 | 204 No Content | 5.3 kB |
URL OPTIONS HTTP/21734081ce4.64c8149326.com/in/multy IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subject64c8149326.com FingerprintDB:0F:EB:EA:A1:42:59:73:1B:D0:36:13:DB:07:12:64:1B:07:5B:A7 ValidityMon, 06 May 2024 14:02:01 GMT - Sun, 04 Aug 2024 14:02:00 GMT
Hash325bf875189e81ea20c8edc9cc3c145b 1f7faca161b978c9b580b5f49a5f8ab3bd54abf8 df7bf70cf5753eda5ae42fd08913052125c23289ea7588a46b13c12b773218ad
POST /in/multy HTTP/1.1
Host: 1734081ce4.64c8149326.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1717
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 22:49:36 GMT
content-type: application/json
content-length: 5343
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQyV8fK0qOfAM5Dil0fc0jI-V12My2iX0dRIujbA7knYWXvoK5bMpfHeziEDSHnx2LGBRV9H | 74.125.131.84 | 302 Found | 418 B |
URL GET HTTP/2accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQyV8fK0qOfAM5Dil0fc0jI-V12My2iX0dRIujbA7knYWXvoK5bMpfHeziEDSHnx2LGBRV9H IP74.125.131.84:443
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerGoogle Trust Services Subjectaccounts.google.com Fingerprint75:65:5E:EB:A9:59:16:DF:32:A3:39:DC:8A:A2:FD:28:92:33:6B:0D ValidityTue, 16 Apr 2024 04:20:43 GMT - Tue, 09 Jul 2024 04:20:42 GMT
File typeHTML document, ASCII text, with very long lines (389) Hashe19648911dbd418c2056c467762ad807 ec271da1f2dcbaab0d4748eddfc381ebd6d66d45 78fcff3dac2c7724e7fab99a7b3e680bd23bc662ebe212ed1bca193e8a55f4bb
GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQyV8fK0qOfAM5Dil0fc0jI-V12My2iX0dRIujbA7knYWXvoK5bMpfHeziEDSHnx2LGBRV9H HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:WBvqi0JOKxgD_Ow43fLnJfKLERF49w:O_heboXIFkQWTYqR;Path=/;Expires=Sun, 10-May-2026 22:49:36 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 10 May 2024 22:49:36 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQwfKSzFcabBXTntvAytMsgrdRZg_00f5BLDc3ALXcL6NRQaWdgVrvio5u0_FfX9PiQevAhu&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-16324920%3A1715381376197749&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-0pnbl6EZMeiZaJqnx6uRrg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 418
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 1734081ce4.64c8149326.com/in/multy | 157.90.84.246 | 204 No Content | 5.8 kB |
URL OPTIONS HTTP/21734081ce4.64c8149326.com/in/multy IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subject64c8149326.com FingerprintDB:0F:EB:EA:A1:42:59:73:1B:D0:36:13:DB:07:12:64:1B:07:5B:A7 ValidityMon, 06 May 2024 14:02:01 GMT - Sun, 04 Aug 2024 14:02:00 GMT
Hashc50a86de2fce54ef17c1f3fa2f98f27e 4bc4201b4f6b2efcb16930d4a4d20c3844f5f787 2bff820c441a07d477271798b675cff2788d8892ea4691af40f2bff093875366
POST /in/multy HTTP/1.1
Host: 1734081ce4.64c8149326.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1717
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 22:49:36 GMT
content-type: application/json
content-length: 5756
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 1734081ce4.64c8149326.com/in/show/?tag_ab=c&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2F3sFZRvmGXlX&refdom=poop.com.co&auction_time=1715381375&subid=388464194&sid=2231826105&tcid=0&ver=8.159.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=64.45983096035336&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F3sFZRvmGXlX%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F3sFZRvmGXlX%26idzone%3D0%26sid%3D1886&icons=W-1VNU9FoDw7CDTbPdQMdeUXo0onLxDwAvf54IZy7UABYDXLxeotqOjR00JB-hJRElewleqgpCvY-milmROczMTiMToqvIbSr4aWROiqSHtAZByyH36E_k0McLoBv6s4wgPSZTYrvzvaS2WXQni7ViT-lrGw7Tq_jb5RRzFP6y5So5wI5w&ext_cid=0&px_id=418776&min_cpm=0.031887606933156266&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=1312753162558320535&skin_id=72&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.003986532968531577&cpm=0&verify_hash=f3571d3b9251c4c64826bde84dfe9a4c&is_native=4&real_bid=0.0001084009533902388&original_bid_usd=0.000867081&original_bid=0.000867081&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=27,108,0,114,20&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.000867081&hostname=auc-inpage-hz-7-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000000867081&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=779c0aed-a07e-4e9d-b0ff-95c156372b29&prev_step_diff=696 | 157.90.84.246 | 200 OK | 0 B |
URL GET HTTP/21734081ce4.64c8149326.com/in/show/?tag_ab=c&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2F3sFZRvmGXlX&refdom=poop.com.co&auction_time=1715381375&subid=388464194&sid=2231826105&tcid=0&ver=8.159.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=64.45983096035336&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F3sFZRvmGXlX%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F3sFZRvmGXlX%26idzone%3D0%26sid%3D1886&icons=W-1VNU9FoDw7CDTbPdQMdeUXo0onLxDwAvf54IZy7UABYDXLxeotqOjR00JB-hJRElewleqgpCvY-milmROczMTiMToqvIbSr4aWROiqSHtAZByyH36E_k0McLoBv6s4wgPSZTYrvzvaS2WXQni7ViT-lrGw7Tq_jb5RRzFP6y5So5wI5w&ext_cid=0&px_id=418776&min_cpm=0.031887606933156266&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=1312753162558320535&skin_id=72&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.003986532968531577&cpm=0&verify_hash=f3571d3b9251c4c64826bde84dfe9a4c&is_native=4&real_bid=0.0001084009533902388&original_bid_usd=0.000867081&original_bid=0.000867081&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=27,108,0,114,20&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.000867081&hostname=auc-inpage-hz-7-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000000867081&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=779c0aed-a07e-4e9d-b0ff-95c156372b29&prev_step_diff=696 IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subject64c8149326.com FingerprintDB:0F:EB:EA:A1:42:59:73:1B:D0:36:13:DB:07:12:64:1B:07:5B:A7 ValidityMon, 06 May 2024 14:02:01 GMT - Sun, 04 Aug 2024 14:02:00 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=c&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2F3sFZRvmGXlX&refdom=poop.com.co&auction_time=1715381375&subid=388464194&sid=2231826105&tcid=0&ver=8.159.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=64.45983096035336&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F3sFZRvmGXlX%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F3sFZRvmGXlX%26idzone%3D0%26sid%3D1886&icons=W-1VNU9FoDw7CDTbPdQMdeUXo0onLxDwAvf54IZy7UABYDXLxeotqOjR00JB-hJRElewleqgpCvY-milmROczMTiMToqvIbSr4aWROiqSHtAZByyH36E_k0McLoBv6s4wgPSZTYrvzvaS2WXQni7ViT-lrGw7Tq_jb5RRzFP6y5So5wI5w&ext_cid=0&px_id=418776&min_cpm=0.031887606933156266&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=1312753162558320535&skin_id=72&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.003986532968531577&cpm=0&verify_hash=f3571d3b9251c4c64826bde84dfe9a4c&is_native=4&real_bid=0.0001084009533902388&original_bid_usd=0.000867081&original_bid=0.000867081&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=27,108,0,114,20&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.000867081&hostname=auc-inpage-hz-7-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000000867081&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=779c0aed-a07e-4e9d-b0ff-95c156372b29&prev_step_diff=696 HTTP/1.1
Host: 1734081ce4.64c8149326.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 22:49:36 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| 1734081ce4.64c8149326.com/in/show/?tag_ab=c&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2F3sFZRvmGXlX&refdom=poop.com.co&auction_time=1715381375&subid=388464194&sid=2231826105&tcid=0&ver=8.159.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=64.45983096035336&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F3sFZRvmGXlX%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=16030&crtid=5fcbc33c86bbc49c561fd8fb36a2149b&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DSnyBBKxu0xZ_pXoRwKW21AEOxGsHDX1ya-WGtKLuO0BT9vqWVqjn0uspChqFNaUf0T2d5dZXYeOSQCRk4Q2jcgJBJBz3vihRspjypKTDQnL_lO1H3hWMh_VUakU4DoRh0lYGcVoe6IxETIfBLFmIoX6AIUBQSp0pXlHQp8N1RcRnbfN-9YP4e8kws2URRHRD356M1gLPm-Tp0oIYD-M52Zmcu9dsslGEMDtqHUNc-JDSwuiHEDi0pVySi6aiWl5RL7NsrhezVY-9YzFvSXwR6hUilGdQqTLfEsJ1PFNs9Xa20Sfve51e33pQJVSE44DJ8wBesZHtWIZe0LsQcHmv54GwixDDRtyuAgHS155Ioos0uVevXfqdFy9ibCxvbUWSmzwabBGk4JeC0JtQBAWdksF2Cks_rHkLgL9K9b1X5L0txirLpGjRpXK10autZlCQhqI0RBy7JCdI_WYWegKdJcmONdnH3YisIT8DmU45G2lJ5Wo6voaE9qR1SYHSpUB59raoL66dFAIih2L9P0wqeyBwGsT6ihz5Qgeijsqx_GadxIIhgOwWyJ5WybFxN_McFbX59sqDEC6LxhbQp_ZuQF8AUpz3kDIs8Tu6D2nlnE19u35ZF4dqB4VsXegfJnsDHQiMqvWQzLk58d1n2ggKxHvsj7zTxQYdO0ZMwAnsINvBGRb7aatw0-fu8SJ28A1x2d-w54cPRzBbVCNqbhmATJZGpY_8oSeHDk6lrRqlsT4_5AG8zgl986cHJxrdRlsOEJXz3gQIaDSF82Tw8_XfeczFvDwkWYaTCY-CZ_XdTLU64p5l6ddzUIqFnRT2p4_IISUyRs7bnDMnGVwbWA0jSrjrrZK1j_NirdlAf3OS8Yc4UGutb3AGsZvWuhQOLQ91MDh_Lib2yvPDmmjsNAp-JkBG2qaE8scN_VtlTlqxT2ssJjGn9GgiZZpTolbALNXpiUuE4As0v3Ssb9XMTovu1Cys01FO-Rdc953_j4rMFFzaLC9-vCflQDpoLTb1SUq4jBJ7TayS99x-9svulEMQLh4714GzYZIVSJXYr-ILznDDvnKKbo-VGSes6p8wjVPj0nuh93sG4_W40Rm8aYQ2H0qj7HSLzQECQP8sYkJidOY3riRjaEoOMPffLdpBnGUf1H3rwxmG8z695QBtjsNJdJKigsqytFXXYLuwwHS7khlIGeVTetDAMhKNcQtXSPq2eg%26bid%3D0.0319&icons=c3_PGFjsMdKrvm6otvAZpRw3j30ZwzESZ0Pm59GGP8RRtY9kmfzftKgDVtyphm1QklzUZ_KRnZNhkaeZ-T6blrht_JjnppvAacLBCYliNinAwSL9Z0qXwI3Ewokm5ds-MGvJZDE_13Z0V80sjofUKqB8QOsdDFChZgIw9YAH5WTfGWQ2bzGG1Uv-HqL52Wj958gmURw9bQ6WrqoH-Q98-EhUg-xiFm5XKGgjKkmlMeZlvCLHUQh-w3DIRKWVg5uKyThR4kCpsQtt7v8KEb08YltWMTpLZKlwprQuIE_jxAZMlDpmhQiOpLBEjWfR85PL1--toG2Cl-hQaFN7RXgL0wQlImrrym0E2e8rNJW4cU7NVeU4RNEhdRNmsdHIoBDJeYW_jwtr_0ADINskTCyFmdEbTsaHRV76QyJlDfgnh3PyTE7CLfBSXrWbFPgHbjN8s9VNnxWwh1u61dBfEJtfDAzVzAvmn2t9PRSHYyQxEebnJvQtPSM-I8Wmis-ErfSKTBlnKLW5fNnzEtdqRKv4QvzvjYLaZzmyL2W1f_E8TvVwThNsIAXY_UHXdcpk6f825b5TqSgYl0xiypc1YiNkSUaViR2Pjf8OlXfOiJGSQqSEeGb4zBfDbxnJhtg-TFxThTFgYpB8v6Ai9Prs1Med242IspYf9im42BpNaHOo7MykZv_KzLikuX2zLDkB-BdAnwxffYj9M7dGvjiE57pnwVuDgOPJbYhWD5jwHjZNilukuAJ65tdRuyIyFaC1WUFD6Ao8PQDKuFSSErlujayaI7Pjcze6PwGIDgMGdEz3NG08HCUpk93DSbFhRCks3UGRrRuwBBoyXu8vLT6UDTwW6eG919jTzdI9-WHX1PPPBFoMnIhSXx6vhatIBTWQSwz-79xF2O28O-Q0N9VnRkD1S5op8ntOqUDLnN7Um4y1qoAezD2Df0xEYVHE78wx8kSXRgqj4GgAIzpjjnQRRsdTNNXqCs-wv0VpbHCd1u4_cjpQmiHaILOHKZG2-gB1HnuhqOO7TOYQKkXNhB7igZxCpGeKQeiYLFZeic0N9Gwhy6XDf-X6Qu53XrPGVLdmbuJ7ZMk_avGX3OFK8Oa1XzbR44srmx1fFvr5kF84kxWIND38CgwCt8pmfnC8qntJT6WLccEwa57cLRtfGQ6h8rT2miYIzXFTnpF-7buOpfg7Nf79cQqE3vchlMmSfNLkwcSBxWjK4yzlUCLAzN4m0lyYtUz5YbNPVk91jD1cRudcdQc0utizRHbr6KNrvnX2fIeiLQSKp60uLsNLhRbg2FY1_tE_twZK0waN&ext_cid=224906&px_id=73418776&min_cpm=0.0010145465799036373&out_id=0&campaign_type=hq&aid=127&cid=12694&uniq=&mid=1312753162558320535&skin_id=72&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.03162246958017335&cpm=0.0319&verify_hash=c41a3a362eb210f9c25aa3282abfc68d&is_native=1&real_bid=0.03162246958017335&original_bid_usd=0.0319&original_bid=0.0319&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=90,5,33,98,4&need_redirect_show=0&applied_features=main-skins-settings,coef_095&show_count=1&expiration_timestamp=1715554175&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F777%2F777184%2Fconversions%2FQ5MjCrOM-minify.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-7-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=224906&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_l-body&st=0.02&cpa=e38cf30b-6e53-47af-a400-fe26b5d218d1&prev_step_diff=696 | 157.90.84.246 | 200 OK | 0 B |
URL GET HTTP/21734081ce4.64c8149326.com/in/show/?tag_ab=c&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2F3sFZRvmGXlX&refdom=poop.com.co&auction_time=1715381375&subid=388464194&sid=2231826105&tcid=0&ver=8.159.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=64.45983096035336&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F3sFZRvmGXlX%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=16030&crtid=5fcbc33c86bbc49c561fd8fb36a2149b&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DSnyBBKxu0xZ_pXoRwKW21AEOxGsHDX1ya-WGtKLuO0BT9vqWVqjn0uspChqFNaUf0T2d5dZXYeOSQCRk4Q2jcgJBJBz3vihRspjypKTDQnL_lO1H3hWMh_VUakU4DoRh0lYGcVoe6IxETIfBLFmIoX6AIUBQSp0pXlHQp8N1RcRnbfN-9YP4e8kws2URRHRD356M1gLPm-Tp0oIYD-M52Zmcu9dsslGEMDtqHUNc-JDSwuiHEDi0pVySi6aiWl5RL7NsrhezVY-9YzFvSXwR6hUilGdQqTLfEsJ1PFNs9Xa20Sfve51e33pQJVSE44DJ8wBesZHtWIZe0LsQcHmv54GwixDDRtyuAgHS155Ioos0uVevXfqdFy9ibCxvbUWSmzwabBGk4JeC0JtQBAWdksF2Cks_rHkLgL9K9b1X5L0txirLpGjRpXK10autZlCQhqI0RBy7JCdI_WYWegKdJcmONdnH3YisIT8DmU45G2lJ5Wo6voaE9qR1SYHSpUB59raoL66dFAIih2L9P0wqeyBwGsT6ihz5Qgeijsqx_GadxIIhgOwWyJ5WybFxN_McFbX59sqDEC6LxhbQp_ZuQF8AUpz3kDIs8Tu6D2nlnE19u35ZF4dqB4VsXegfJnsDHQiMqvWQzLk58d1n2ggKxHvsj7zTxQYdO0ZMwAnsINvBGRb7aatw0-fu8SJ28A1x2d-w54cPRzBbVCNqbhmATJZGpY_8oSeHDk6lrRqlsT4_5AG8zgl986cHJxrdRlsOEJXz3gQIaDSF82Tw8_XfeczFvDwkWYaTCY-CZ_XdTLU64p5l6ddzUIqFnRT2p4_IISUyRs7bnDMnGVwbWA0jSrjrrZK1j_NirdlAf3OS8Yc4UGutb3AGsZvWuhQOLQ91MDh_Lib2yvPDmmjsNAp-JkBG2qaE8scN_VtlTlqxT2ssJjGn9GgiZZpTolbALNXpiUuE4As0v3Ssb9XMTovu1Cys01FO-Rdc953_j4rMFFzaLC9-vCflQDpoLTb1SUq4jBJ7TayS99x-9svulEMQLh4714GzYZIVSJXYr-ILznDDvnKKbo-VGSes6p8wjVPj0nuh93sG4_W40Rm8aYQ2H0qj7HSLzQECQP8sYkJidOY3riRjaEoOMPffLdpBnGUf1H3rwxmG8z695QBtjsNJdJKigsqytFXXYLuwwHS7khlIGeVTetDAMhKNcQtXSPq2eg%26bid%3D0.0319&icons=c3_PGFjsMdKrvm6otvAZpRw3j30ZwzESZ0Pm59GGP8RRtY9kmfzftKgDVtyphm1QklzUZ_KRnZNhkaeZ-T6blrht_JjnppvAacLBCYliNinAwSL9Z0qXwI3Ewokm5ds-MGvJZDE_13Z0V80sjofUKqB8QOsdDFChZgIw9YAH5WTfGWQ2bzGG1Uv-HqL52Wj958gmURw9bQ6WrqoH-Q98-EhUg-xiFm5XKGgjKkmlMeZlvCLHUQh-w3DIRKWVg5uKyThR4kCpsQtt7v8KEb08YltWMTpLZKlwprQuIE_jxAZMlDpmhQiOpLBEjWfR85PL1--toG2Cl-hQaFN7RXgL0wQlImrrym0E2e8rNJW4cU7NVeU4RNEhdRNmsdHIoBDJeYW_jwtr_0ADINskTCyFmdEbTsaHRV76QyJlDfgnh3PyTE7CLfBSXrWbFPgHbjN8s9VNnxWwh1u61dBfEJtfDAzVzAvmn2t9PRSHYyQxEebnJvQtPSM-I8Wmis-ErfSKTBlnKLW5fNnzEtdqRKv4QvzvjYLaZzmyL2W1f_E8TvVwThNsIAXY_UHXdcpk6f825b5TqSgYl0xiypc1YiNkSUaViR2Pjf8OlXfOiJGSQqSEeGb4zBfDbxnJhtg-TFxThTFgYpB8v6Ai9Prs1Med242IspYf9im42BpNaHOo7MykZv_KzLikuX2zLDkB-BdAnwxffYj9M7dGvjiE57pnwVuDgOPJbYhWD5jwHjZNilukuAJ65tdRuyIyFaC1WUFD6Ao8PQDKuFSSErlujayaI7Pjcze6PwGIDgMGdEz3NG08HCUpk93DSbFhRCks3UGRrRuwBBoyXu8vLT6UDTwW6eG919jTzdI9-WHX1PPPBFoMnIhSXx6vhatIBTWQSwz-79xF2O28O-Q0N9VnRkD1S5op8ntOqUDLnN7Um4y1qoAezD2Df0xEYVHE78wx8kSXRgqj4GgAIzpjjnQRRsdTNNXqCs-wv0VpbHCd1u4_cjpQmiHaILOHKZG2-gB1HnuhqOO7TOYQKkXNhB7igZxCpGeKQeiYLFZeic0N9Gwhy6XDf-X6Qu53XrPGVLdmbuJ7ZMk_avGX3OFK8Oa1XzbR44srmx1fFvr5kF84kxWIND38CgwCt8pmfnC8qntJT6WLccEwa57cLRtfGQ6h8rT2miYIzXFTnpF-7buOpfg7Nf79cQqE3vchlMmSfNLkwcSBxWjK4yzlUCLAzN4m0lyYtUz5YbNPVk91jD1cRudcdQc0utizRHbr6KNrvnX2fIeiLQSKp60uLsNLhRbg2FY1_tE_twZK0waN&ext_cid=224906&px_id=73418776&min_cpm=0.0010145465799036373&out_id=0&campaign_type=hq&aid=127&cid=12694&uniq=&mid=1312753162558320535&skin_id=72&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.03162246958017335&cpm=0.0319&verify_hash=c41a3a362eb210f9c25aa3282abfc68d&is_native=1&real_bid=0.03162246958017335&original_bid_usd=0.0319&original_bid=0.0319&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=90,5,33,98,4&need_redirect_show=0&applied_features=main-skins-settings,coef_095&show_count=1&expiration_timestamp=1715554175&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F777%2F777184%2Fconversions%2FQ5MjCrOM-minify.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-7-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=224906&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_l-body&st=0.02&cpa=e38cf30b-6e53-47af-a400-fe26b5d218d1&prev_step_diff=696 IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subject64c8149326.com FingerprintDB:0F:EB:EA:A1:42:59:73:1B:D0:36:13:DB:07:12:64:1B:07:5B:A7 ValidityMon, 06 May 2024 14:02:01 GMT - Sun, 04 Aug 2024 14:02:00 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=c&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2F3sFZRvmGXlX&refdom=poop.com.co&auction_time=1715381375&subid=388464194&sid=2231826105&tcid=0&ver=8.159.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=64.45983096035336&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F3sFZRvmGXlX%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=16030&crtid=5fcbc33c86bbc49c561fd8fb36a2149b&url=https%3A%2F%2Fp.a64x.com%2Fin%2Ftip_clicks%2F%3Fkatds_ep%3DSnyBBKxu0xZ_pXoRwKW21AEOxGsHDX1ya-WGtKLuO0BT9vqWVqjn0uspChqFNaUf0T2d5dZXYeOSQCRk4Q2jcgJBJBz3vihRspjypKTDQnL_lO1H3hWMh_VUakU4DoRh0lYGcVoe6IxETIfBLFmIoX6AIUBQSp0pXlHQp8N1RcRnbfN-9YP4e8kws2URRHRD356M1gLPm-Tp0oIYD-M52Zmcu9dsslGEMDtqHUNc-JDSwuiHEDi0pVySi6aiWl5RL7NsrhezVY-9YzFvSXwR6hUilGdQqTLfEsJ1PFNs9Xa20Sfve51e33pQJVSE44DJ8wBesZHtWIZe0LsQcHmv54GwixDDRtyuAgHS155Ioos0uVevXfqdFy9ibCxvbUWSmzwabBGk4JeC0JtQBAWdksF2Cks_rHkLgL9K9b1X5L0txirLpGjRpXK10autZlCQhqI0RBy7JCdI_WYWegKdJcmONdnH3YisIT8DmU45G2lJ5Wo6voaE9qR1SYHSpUB59raoL66dFAIih2L9P0wqeyBwGsT6ihz5Qgeijsqx_GadxIIhgOwWyJ5WybFxN_McFbX59sqDEC6LxhbQp_ZuQF8AUpz3kDIs8Tu6D2nlnE19u35ZF4dqB4VsXegfJnsDHQiMqvWQzLk58d1n2ggKxHvsj7zTxQYdO0ZMwAnsINvBGRb7aatw0-fu8SJ28A1x2d-w54cPRzBbVCNqbhmATJZGpY_8oSeHDk6lrRqlsT4_5AG8zgl986cHJxrdRlsOEJXz3gQIaDSF82Tw8_XfeczFvDwkWYaTCY-CZ_XdTLU64p5l6ddzUIqFnRT2p4_IISUyRs7bnDMnGVwbWA0jSrjrrZK1j_NirdlAf3OS8Yc4UGutb3AGsZvWuhQOLQ91MDh_Lib2yvPDmmjsNAp-JkBG2qaE8scN_VtlTlqxT2ssJjGn9GgiZZpTolbALNXpiUuE4As0v3Ssb9XMTovu1Cys01FO-Rdc953_j4rMFFzaLC9-vCflQDpoLTb1SUq4jBJ7TayS99x-9svulEMQLh4714GzYZIVSJXYr-ILznDDvnKKbo-VGSes6p8wjVPj0nuh93sG4_W40Rm8aYQ2H0qj7HSLzQECQP8sYkJidOY3riRjaEoOMPffLdpBnGUf1H3rwxmG8z695QBtjsNJdJKigsqytFXXYLuwwHS7khlIGeVTetDAMhKNcQtXSPq2eg%26bid%3D0.0319&icons=c3_PGFjsMdKrvm6otvAZpRw3j30ZwzESZ0Pm59GGP8RRtY9kmfzftKgDVtyphm1QklzUZ_KRnZNhkaeZ-T6blrht_JjnppvAacLBCYliNinAwSL9Z0qXwI3Ewokm5ds-MGvJZDE_13Z0V80sjofUKqB8QOsdDFChZgIw9YAH5WTfGWQ2bzGG1Uv-HqL52Wj958gmURw9bQ6WrqoH-Q98-EhUg-xiFm5XKGgjKkmlMeZlvCLHUQh-w3DIRKWVg5uKyThR4kCpsQtt7v8KEb08YltWMTpLZKlwprQuIE_jxAZMlDpmhQiOpLBEjWfR85PL1--toG2Cl-hQaFN7RXgL0wQlImrrym0E2e8rNJW4cU7NVeU4RNEhdRNmsdHIoBDJeYW_jwtr_0ADINskTCyFmdEbTsaHRV76QyJlDfgnh3PyTE7CLfBSXrWbFPgHbjN8s9VNnxWwh1u61dBfEJtfDAzVzAvmn2t9PRSHYyQxEebnJvQtPSM-I8Wmis-ErfSKTBlnKLW5fNnzEtdqRKv4QvzvjYLaZzmyL2W1f_E8TvVwThNsIAXY_UHXdcpk6f825b5TqSgYl0xiypc1YiNkSUaViR2Pjf8OlXfOiJGSQqSEeGb4zBfDbxnJhtg-TFxThTFgYpB8v6Ai9Prs1Med242IspYf9im42BpNaHOo7MykZv_KzLikuX2zLDkB-BdAnwxffYj9M7dGvjiE57pnwVuDgOPJbYhWD5jwHjZNilukuAJ65tdRuyIyFaC1WUFD6Ao8PQDKuFSSErlujayaI7Pjcze6PwGIDgMGdEz3NG08HCUpk93DSbFhRCks3UGRrRuwBBoyXu8vLT6UDTwW6eG919jTzdI9-WHX1PPPBFoMnIhSXx6vhatIBTWQSwz-79xF2O28O-Q0N9VnRkD1S5op8ntOqUDLnN7Um4y1qoAezD2Df0xEYVHE78wx8kSXRgqj4GgAIzpjjnQRRsdTNNXqCs-wv0VpbHCd1u4_cjpQmiHaILOHKZG2-gB1HnuhqOO7TOYQKkXNhB7igZxCpGeKQeiYLFZeic0N9Gwhy6XDf-X6Qu53XrPGVLdmbuJ7ZMk_avGX3OFK8Oa1XzbR44srmx1fFvr5kF84kxWIND38CgwCt8pmfnC8qntJT6WLccEwa57cLRtfGQ6h8rT2miYIzXFTnpF-7buOpfg7Nf79cQqE3vchlMmSfNLkwcSBxWjK4yzlUCLAzN4m0lyYtUz5YbNPVk91jD1cRudcdQc0utizRHbr6KNrvnX2fIeiLQSKp60uLsNLhRbg2FY1_tE_twZK0waN&ext_cid=224906&px_id=73418776&min_cpm=0.0010145465799036373&out_id=0&campaign_type=hq&aid=127&cid=12694&uniq=&mid=1312753162558320535&skin_id=72&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.03162246958017335&cpm=0.0319&verify_hash=c41a3a362eb210f9c25aa3282abfc68d&is_native=1&real_bid=0.03162246958017335&original_bid_usd=0.0319&original_bid=0.0319&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=90,5,33,98,4&need_redirect_show=0&applied_features=main-skins-settings,coef_095&show_count=1&expiration_timestamp=1715554175&image_url=https%3A%2F%2Fimdn.pics%2Fm%2Fp%2F0%2F777%2F777184%2Fconversions%2FQ5MjCrOM-minify.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-7-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=224906&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_l-body&st=0.02&cpa=e38cf30b-6e53-47af-a400-fe26b5d218d1&prev_step_diff=696 HTTP/1.1
Host: 1734081ce4.64c8149326.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 22:49:36 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp | 45.133.44.25 | 200 OK | 1.1 kB |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp IP45.133.44.25:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp Hash2a11e13b2bd67bb9a6cb347d7c73df13 b85460a33f9b229f42c08a6a94ae433a4d5c32ab 1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:36 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Sat, 10 May 2025 22:49:36 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| 362e373497.4a5936c82e.com/224c45cd8fa094f3325f0efdcf8be0b4.js | 45.133.44.52 | 200 OK | 47 kB |
URL GET HTTP/2362e373497.4a5936c82e.com/224c45cd8fa094f3325f0efdcf8be0b4.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subject362e373497.4a5936c82e.com Fingerprint03:2C:29:06:2C:BE:AB:D5:79:11:0B:D4:B3:BA:B3:AD:38:71:7F:C2 ValidityTue, 07 May 2024 02:20:30 GMT - Mon, 05 Aug 2024 02:20:29 GMT
File typegzip compressed data, from Unix Hash96fcacaf06fc6de0df2a4e418513f479 176e61a09e36ac9e3f964d8422282325bec31e21 ab1880ff9849cb082be092248d037d4101d059c9c2c6d2932ae585e88bb3bd9a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /224c45cd8fa094f3325f0efdcf8be0b4.js HTTP/1.1
Host: 362e373497.4a5936c82e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:35 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 25 Apr 2024 13:18:02 GMT
etag: W/"662a580a-29278"
content-encoding: gzip
expires: Fri, 10 May 2024 22:54:35 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=e64ceb61-21f9-4d4b-ba2f-fd3e49ab7c90&prev_step_diff=645 | 45.133.44.25 | 200 OK | 486 B |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=e64ceb61-21f9-4d4b-ba2f-fd3e49ab7c90&prev_step_diff=645 IP45.133.44.25:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashceeb4e8840c24621c0e0352b42b38a5b 03cbceb0134a39267014595938705e2916580644 50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=e64ceb61-21f9-4d4b-ba2f-fd3e49ab7c90&prev_step_diff=645 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:36 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Sat, 10 May 2025 22:49:36 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| imgsdn.com/ie?v=4&c=qThZ6_6sp7ZdFsjQXBDnqdGM5QrZRA6TNIPz9s40hMrGF8Pet22yWWpv-3SNtSfi1bZWuE72MyZvGyU8FcH0t2tqA5ahLLLQcHD_JypTBS2OvfB0wdVUdRnYcMy3c3vGFB5BS6FcX5AeWJqHVmYlYSZdHpwHEs1acPF_2bYlML7vdJO6d0Y77chmguLXV09UOehATeSdlyi-Y3i2pFES3iYzKb25Cwa-gzAV90YACiEUkT5Aago-DHziML64MLRdIP2ZcWzK9YvWogVHuQI7LD3AmiwfyGAE1X7gyz8F0IQAHyLwbe3JAWa7GBId2ZVS3n1JljkZvTohKxfdx3A2olRWmi7J8Btl6kCXjPRFDWL_OQGaKP24LvU6jpItDiQI8ivKOLzmCxaTlR6rBdnqcEdja1Fy_yyuCutLOiQdPq63CDYeK2WaARDlA-le_w==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=6cafc0e3-c5ab-4e64-a04d-11817b9c0585&prev_step_diff=645 | 213.239.207.252 | 301 Moved Permanently | 0 B |
URL GET HTTP/1.1imgsdn.com/ie?v=4&c=qThZ6_6sp7ZdFsjQXBDnqdGM5QrZRA6TNIPz9s40hMrGF8Pet22yWWpv-3SNtSfi1bZWuE72MyZvGyU8FcH0t2tqA5ahLLLQcHD_JypTBS2OvfB0wdVUdRnYcMy3c3vGFB5BS6FcX5AeWJqHVmYlYSZdHpwHEs1acPF_2bYlML7vdJO6d0Y77chmguLXV09UOehATeSdlyi-Y3i2pFES3iYzKb25Cwa-gzAV90YACiEUkT5Aago-DHziML64MLRdIP2ZcWzK9YvWogVHuQI7LD3AmiwfyGAE1X7gyz8F0IQAHyLwbe3JAWa7GBId2ZVS3n1JljkZvTohKxfdx3A2olRWmi7J8Btl6kCXjPRFDWL_OQGaKP24LvU6jpItDiQI8ivKOLzmCxaTlR6rBdnqcEdja1Fy_yyuCutLOiQdPq63CDYeK2WaARDlA-le_w==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=6cafc0e3-c5ab-4e64-a04d-11817b9c0585&prev_step_diff=645 IP213.239.207.252:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subjectnimrute.com Fingerprint62:14:81:C5:22:FF:BC:AE:08:65:E3:D0:0B:CF:4A:19:B3:2A:20:52 ValidityMon, 06 May 2024 11:20:27 GMT - Sun, 04 Aug 2024 11:20:26 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ie?v=4&c=qThZ6_6sp7ZdFsjQXBDnqdGM5QrZRA6TNIPz9s40hMrGF8Pet22yWWpv-3SNtSfi1bZWuE72MyZvGyU8FcH0t2tqA5ahLLLQcHD_JypTBS2OvfB0wdVUdRnYcMy3c3vGFB5BS6FcX5AeWJqHVmYlYSZdHpwHEs1acPF_2bYlML7vdJO6d0Y77chmguLXV09UOehATeSdlyi-Y3i2pFES3iYzKb25Cwa-gzAV90YACiEUkT5Aago-DHziML64MLRdIP2ZcWzK9YvWogVHuQI7LD3AmiwfyGAE1X7gyz8F0IQAHyLwbe3JAWa7GBId2ZVS3n1JljkZvTohKxfdx3A2olRWmi7J8Btl6kCXjPRFDWL_OQGaKP24LvU6jpItDiQI8ivKOLzmCxaTlR6rBdnqcEdja1Fy_yyuCutLOiQdPq63CDYeK2WaARDlA-le_w==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=6cafc0e3-c5ab-4e64-a04d-11817b9c0585&prev_step_diff=645 HTTP/1.1
Host: imgsdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Fri, 10 May 2024 22:49:35 GMT
content-length: 0
location: https://img.vmmcdn.com/get/19802132/551816_icon.png
x-app-id: 12
|
|
| p.a64x.com/in/tip_shows/?katds_ep=bm7kE88OwRRFKz2elyOt-7j2eo-foO_pSsa__DiLNYsulv1NtZOzzdncL7rgFOFdIkR9CtJTSvddXUPj6NKByPSqnD4ma7ey7FKpCc-omRnIOIK7i9LHk-nMkn32dGyqDsVMyzdrrkeBEtQUQ1895c1aDXCe66Pakk4aQTveElzyAxs17hiIlp36k8NC2yxoC4Uvim6yxYW32NEYKiC8GpRngXi0NbtDZXxbbjwQBdINZMAG8TjkZwfDNSX-yB8p9ZMgO3ktMAOtMQQzihvypZg0cn4YJOuQn4zZrRHrJcRyVJg_TohHSW3WDZwDYxyxcnir662Q6T3_Joc3y8Rw8-x95kaWqF4QJjIdVNZKGDj41681mIyFseBc0YFcStt_bMQzprz7L4XqovpmExabsCBV6zKRcTtbksCxx_fg5zYeAhZ7fDlGE5CRZr01hSi4QQ_KrPf6_8cxVd5WJjAUaTdh-Z3-i0gGaqs50-Deh8-hOy7zQNrGGUytJxH84Hylu9R-xQpI-JkwbZiItrM7dtGERVGYQHG9BQzsYETobK69UKQO5sDmtgcT6VQGP2p5IHdMrQIMyMIcQhjhKPCGSjivCc11YqYFLsFMWDT20jRb4ZPgwkTC_jHRFp71797sLG3xYiKpoDRsEYSMrM1pw09XztqVoiWk05h-owmf9EwU2zmqgjXwAcO7nPOP7twH3MVdrlZLBDZkgVB-uFzbHOSn48F75YEz6U-knKVIjLzWv0scuW0NLDnO8PByaXBXbfPDcmZ3BPZ-JcxSTtBx6jvplb_UVVZNxZMyUuulLpfe6rC7faRS4EyBpT8MxFCCERhY_SQgeMrxb6Zu4FzE1NVios2UAmbmxwX4jV_reR9PQsZusCjrwXn_l1A&bid=0.0319&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_l-body&st=0.02&cpa=ff7f9c44-cff8-4ddd-b8e1-a079bea20521&prev_step_diff=696 | 104.21.19.82 | 302 Found | 0 B |
URL GET HTTP/2p.a64x.com/in/tip_shows/?katds_ep=bm7kE88OwRRFKz2elyOt-7j2eo-foO_pSsa__DiLNYsulv1NtZOzzdncL7rgFOFdIkR9CtJTSvddXUPj6NKByPSqnD4ma7ey7FKpCc-omRnIOIK7i9LHk-nMkn32dGyqDsVMyzdrrkeBEtQUQ1895c1aDXCe66Pakk4aQTveElzyAxs17hiIlp36k8NC2yxoC4Uvim6yxYW32NEYKiC8GpRngXi0NbtDZXxbbjwQBdINZMAG8TjkZwfDNSX-yB8p9ZMgO3ktMAOtMQQzihvypZg0cn4YJOuQn4zZrRHrJcRyVJg_TohHSW3WDZwDYxyxcnir662Q6T3_Joc3y8Rw8-x95kaWqF4QJjIdVNZKGDj41681mIyFseBc0YFcStt_bMQzprz7L4XqovpmExabsCBV6zKRcTtbksCxx_fg5zYeAhZ7fDlGE5CRZr01hSi4QQ_KrPf6_8cxVd5WJjAUaTdh-Z3-i0gGaqs50-Deh8-hOy7zQNrGGUytJxH84Hylu9R-xQpI-JkwbZiItrM7dtGERVGYQHG9BQzsYETobK69UKQO5sDmtgcT6VQGP2p5IHdMrQIMyMIcQhjhKPCGSjivCc11YqYFLsFMWDT20jRb4ZPgwkTC_jHRFp71797sLG3xYiKpoDRsEYSMrM1pw09XztqVoiWk05h-owmf9EwU2zmqgjXwAcO7nPOP7twH3MVdrlZLBDZkgVB-uFzbHOSn48F75YEz6U-knKVIjLzWv0scuW0NLDnO8PByaXBXbfPDcmZ3BPZ-JcxSTtBx6jvplb_UVVZNxZMyUuulLpfe6rC7faRS4EyBpT8MxFCCERhY_SQgeMrxb6Zu4FzE1NVios2UAmbmxwX4jV_reR9PQsZusCjrwXn_l1A&bid=0.0319&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_l-body&st=0.02&cpa=ff7f9c44-cff8-4ddd-b8e1-a079bea20521&prev_step_diff=696 IP104.21.19.82:443
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerGoogle Trust Services LLC Subjecta64x.com Fingerprint86:FD:2B:DD:CC:BD:8D:ED:C0:8D:41:81:C1:48:2D:45:D6:4F:67:88 ValidityTue, 19 Mar 2024 14:58:28 GMT - Mon, 17 Jun 2024 14:58:27 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/tip_shows/?katds_ep=bm7kE88OwRRFKz2elyOt-7j2eo-foO_pSsa__DiLNYsulv1NtZOzzdncL7rgFOFdIkR9CtJTSvddXUPj6NKByPSqnD4ma7ey7FKpCc-omRnIOIK7i9LHk-nMkn32dGyqDsVMyzdrrkeBEtQUQ1895c1aDXCe66Pakk4aQTveElzyAxs17hiIlp36k8NC2yxoC4Uvim6yxYW32NEYKiC8GpRngXi0NbtDZXxbbjwQBdINZMAG8TjkZwfDNSX-yB8p9ZMgO3ktMAOtMQQzihvypZg0cn4YJOuQn4zZrRHrJcRyVJg_TohHSW3WDZwDYxyxcnir662Q6T3_Joc3y8Rw8-x95kaWqF4QJjIdVNZKGDj41681mIyFseBc0YFcStt_bMQzprz7L4XqovpmExabsCBV6zKRcTtbksCxx_fg5zYeAhZ7fDlGE5CRZr01hSi4QQ_KrPf6_8cxVd5WJjAUaTdh-Z3-i0gGaqs50-Deh8-hOy7zQNrGGUytJxH84Hylu9R-xQpI-JkwbZiItrM7dtGERVGYQHG9BQzsYETobK69UKQO5sDmtgcT6VQGP2p5IHdMrQIMyMIcQhjhKPCGSjivCc11YqYFLsFMWDT20jRb4ZPgwkTC_jHRFp71797sLG3xYiKpoDRsEYSMrM1pw09XztqVoiWk05h-owmf9EwU2zmqgjXwAcO7nPOP7twH3MVdrlZLBDZkgVB-uFzbHOSn48F75YEz6U-knKVIjLzWv0scuW0NLDnO8PByaXBXbfPDcmZ3BPZ-JcxSTtBx6jvplb_UVVZNxZMyUuulLpfe6rC7faRS4EyBpT8MxFCCERhY_SQgeMrxb6Zu4FzE1NVios2UAmbmxwX4jV_reR9PQsZusCjrwXn_l1A&bid=0.0319&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_l-body&st=0.02&cpa=ff7f9c44-cff8-4ddd-b8e1-a079bea20521&prev_step_diff=696 HTTP/1.1
Host: p.a64x.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 10 May 2024 22:49:36 GMT
content-type: application/json
content-length: 0
location: https://imdn.pics/m/p/0/777/777181/conversions/PguV688J-minify.jpg
access-control-allow-credentials: true
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RA3oowvp9xojHROBFSpJ%2FgznU5fcB5DRn6jkWuaSdvoMTokelb67ueY0JfUlxNpWJAs7AOy6v5vJ7z7THNmS1moTnCjn233C6MdoaC9fDQMJ0y5EB1M4AkLYjxk0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881d7bc2db0db52d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| img.vmmcdn.com/get/36870469/551816_image.jpg | 138.201.51.142 | 200 OK | 12 kB |
URL GET HTTP/1.1img.vmmcdn.com/get/36870469/551816_image.jpg IP138.201.51.142:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subjectimg.vmmcdn.com FingerprintA8:37:00:E2:01:F9:B8:25:04:DA:47:64:57:0E:0B:64:E3:8A:0B:C7 ValidityFri, 12 Apr 2024 20:58:24 GMT - Thu, 11 Jul 2024 20:58:23 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 720x480, components 3 Hashee921bcd225785444d8ab128ca1d0941 e92f5588c738df6912e3658d883aeb66b486560b 4da4a312766a4b2e3cb69b5d7188a4b073e757ae350687ac22b3dfa81fccf15c
GET /get/36870469/551816_image.jpg HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 10 May 2024 22:49:36 GMT
Content-Type: image/jpeg
Content-Length: 12075
Connection: keep-alive
Last-Modified: Wed, 27 Mar 2024 08:33:26 GMT
Cache-Control: public, max-age=604800
ETag: "6603d9d6-2f2b"
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Request-Headers: x-requested-with
Access-Control-Allow-Headers: x-requested-with
Accept-Ranges: bytes
|
|
| imdn.pics/m/p/0/777/777184/conversions/Q5MjCrOM-minify.jpg | 45.133.44.24 | 200 OK | 11 kB |
URL GET HTTP/2imdn.pics/m/p/0/777/777184/conversions/Q5MjCrOM-minify.jpg IP45.133.44.24:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subjectimdn.pics Fingerprint1B:F0:2A:16:F2:A2:CB:23:EA:4E:5D:DE:96:E2:AF:CC:A0:41:03:E5 ValidityTue, 12 Mar 2024 03:00:56 GMT - Mon, 10 Jun 2024 03:00:55 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 360x240, components 3 Hash7a0f4319e0c7d4e0ec42eae657ba39fd e2940c23868c5975a1dc1a3c963609b34abbe6b5 6c0278ead1dce8c37b6b233d5251184cd820586eeb5d30db860c1c7315d5dba0
GET /m/p/0/777/777184/conversions/Q5MjCrOM-minify.jpg HTTP/1.1
Host: imdn.pics
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:36 GMT
content-type: image/jpeg
content-length: 11228
server: nginx
last-modified: Tue, 09 Apr 2024 19:56:57 GMT
etag: "66159d89-2bdc"
x-request-id: 13aea49745d30295dcee0faf2bf8a0c1
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| imdn.pics/m/p/0/777/777181/conversions/PguV688J-minify.jpg | 45.133.44.24 | 200 OK | 2.5 kB |
URL GET HTTP/2imdn.pics/m/p/0/777/777181/conversions/PguV688J-minify.jpg IP45.133.44.24:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subjectimdn.pics Fingerprint1B:F0:2A:16:F2:A2:CB:23:EA:4E:5D:DE:96:E2:AF:CC:A0:41:03:E5 ValidityTue, 12 Mar 2024 03:00:56 GMT - Mon, 10 Jun 2024 03:00:55 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 100x100, components 3 Hash9eb726ecf5e85e3b48f854490ff8284a d08b4f022e64d06f2642c5c9217d35b7851516d5 30bd73405bb72856107c9e940bece489b670970c3d2e4d6b592cc138a67a3c05
GET /m/p/0/777/777181/conversions/PguV688J-minify.jpg HTTP/1.1
Host: imdn.pics
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:36 GMT
content-type: image/jpeg
content-length: 2460
server: nginx
last-modified: Tue, 09 Apr 2024 19:56:49 GMT
etag: "66159d81-99c"
x-request-id: 064bc710493213dae1825c3b2f5e7289
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| img.vmmcdn.com/get/19802132/551816_icon.png | 46.4.121.113 | 200 OK | 23 kB |
URL GET HTTP/2img.vmmcdn.com/get/19802132/551816_icon.png IP46.4.121.113:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subjectimg.vmmcdn.com Fingerprint35:E7:50:83:81:F0:56:72:43:78:A5:4D:BF:00:F7:2C:AD:25:0F:C4 ValiditySat, 13 Apr 2024 08:24:46 GMT - Fri, 12 Jul 2024 08:24:45 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hash4d5759f010e127f070785e4925447047 22919607ad63be452b8a5aa4324a7d1c2855b074 6d1b78db1808b279554f122373ff2fd4e448313c41d199d92a929e31d2825931
GET /get/19802132/551816_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.14.1
date: Fri, 10 May 2024 22:49:36 GMT
content-type: image/png
content-length: 23172
last-modified: Wed, 27 Mar 2024 08:33:26 GMT
cache-control: public, max-age=604800
etag: "6603d9d6-5a84"
x-proxy-cache: HIT
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: x-requested-with
access-control-allow-headers: x-requested-with
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQwfKSzFcabBXTntvAytMsgrdRZg_00f5BLDc3ALXcL6NRQaWdgVrvio5u0_FfX9PiQevAhu&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-16324920%3A1715381376197749&ddm=0 | 74.125.131.84 | 403 Forbidden | 807 B |
URL GET HTTP/3accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQwfKSzFcabBXTntvAytMsgrdRZg_00f5BLDc3ALXcL6NRQaWdgVrvio5u0_FfX9PiQevAhu&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-16324920%3A1715381376197749&ddm=0 IP74.125.131.84:443
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerGoogle Trust Services Subject*.google.com Fingerprint9F:A1:53:E4:09:E1:ED:82:F8:E0:30:B6:39:FA:EC:03:B4:89:46:8A ValidityTue, 16 Apr 2024 03:19:40 GMT - Tue, 09 Jul 2024 03:19:39 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (1644), with no line terminators Hashabe2d525ebd523c36597aa854cd134c9 e31a8adb3972a8edefdc8ba90b09f7e12cac55ea c75a696cdd03d50bebff071820824b3dcb790443d68d0f5372f0deb892a7f511
GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQwfKSzFcabBXTntvAytMsgrdRZg_00f5BLDc3ALXcL6NRQaWdgVrvio5u0_FfX9PiQevAhu&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-16324920%3A1715381376197749&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 10 May 2024 22:49:36 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-APACpBjm6rV5FhlftrXyfA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 1734081ce4.64c8149326.com/in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2F3sFZRvmGXlX&refdom=poop.com.co&auction_time=1715381375&subid=357529620&sid=1606654276&tcid=0&ver=8.159.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=69.79183828064623&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F3sFZRvmGXlX%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fimpactserving.com%252FRedirect.eng%253FMediaSegmentId%253D60678%2526dcid%253D3_ctx_19e3d4a5-d50b-4510-8490-37c710e2d9ac%2526vmId%253D00000000-0000-0000-0000-000000000000%2526abr%253Dfalse%2526timeZoneOffset%253D%2526v%253DSb15w416NjUx1S8xP_24bXlnB7WGVd6n0Ni099lU8XYQqEzEcsLnaEXlJapYb8M9HcImH_YhXticqnLv20syc3t5v9tD8NjZa4wvs8sTZbl1mmcmajEnf4DVAX_7sUrjHQQHU64AdwIBZA7UOeYIZe5QHhZNfaVkKy9-Wz2rvEdQIEL_mYRBOzpfwh9fonYJJviDIyM3ytrCTGCsWhmXA-GxSa2eZP1jCyd1JAMNbqVICiBLwFPdI_xKw8sLEbNYqm5rNa95FRDFxkV-LB8YSwIsscRPfWwQN0xMXBfHxrKkg3Ug2R4oPIzCEegxf47DShf7IDptAKXcqIZ-OMXDo07Ya1YDNBMxpnRvu3hJo67gRGsCvjrikY0-8t5ZOD3i_aRRab_g9Y9YUUAg6-hny9iXAqJIJ0pX5lxIwUPx0V79bOvTLGZ1iooIgxB47et4msu2USsBhcVeoQhZeKbXavR8GjFYn8_tkY_7JfMDZSJOBsiMrCYV68-gD9vVIExD-GzmWMAXejIPYhR2yI9ajiEfws_lnQDM8hkAawsNOI8Hf0z9Qamv7grV0YZxI84bZjYHnfuBF8D4Nedqt2HXBc_drF0whw1oGfWDoF3gayyh9YRzu-8WVar4ewzvZHjTC4bK12czvhtFJO_A4dMuQWvUw9ps2IuYrVYEviAgjJNkSAHaNOMMJJmWWywIF0lTJTL73hEhi4tn7Trjhet5aetIRX38PliUw-VSXJo7Dd2QXx0IlhVyJs5ePkfhHRNLKAOYcefwe1Z6y-A_m9k4I1zoJQN0R7eNKqVwGpMzpZPTiAfvfwRhl6hyP5aQY34QMnGBD5e_Br0lJ4AU4DJbbi-7WeCOEFCEmnC7r4nQ0wPG8e7hkbcxCYpo8705y2HTq-kpfsO_KK1q32sLMhyzzqVL0JU_K2umeykGEAIqK0fB08-uN1Hyk4elrRFru9SyvHQF17h95b-fhe6_cWhrE5nQ6eM5ZR7O87DviNiZ8To1%2526kw%253D%2526mw%253D1024%2526mh%253D768%2526xml%253D1%2526at%253D&icons=AeDYwugPS5Slqt1blH34u5Cvbc1RSqrL6cfEYGqdy_4jc-zxel83nwua5zb9Fu7Upg_M4OopCHQeIAgJEB2qO5ADx1mEJmvdPba028SpnzIg0rLdFb6ZnFrOqXA95az38imX90yVZnnV-r5jXya1BTbFd6cjDvg3yJHbKzDeafeiFAiiaw&ext_cid=0&px_id=55418774&min_cpm=0.008730951674064458&out_id=1&campaign_type=lq-pop&aid=352&cid=15019&uniq=&mid=944328361933445910&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0013393378191149177&cpm=0&verify_hash=3a661111af251fd8a4df4633f6b2edde&is_native=2&real_bid=0.0001330112018585213&original_bid_usd=0.000224&original_bid=0.000224&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=89,20,27,108,0,4&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.000224&hostname=auc-inpage-hz-0-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000022400000000000002&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=1b96f79c-acfc-4c6d-a890-1e1ff607fcf9&prev_step_diff=646 | 157.90.84.246 | 200 OK | 0 B |
URL GET HTTP/21734081ce4.64c8149326.com/in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2F3sFZRvmGXlX&refdom=poop.com.co&auction_time=1715381375&subid=357529620&sid=1606654276&tcid=0&ver=8.159.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=69.79183828064623&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F3sFZRvmGXlX%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fimpactserving.com%252FRedirect.eng%253FMediaSegmentId%253D60678%2526dcid%253D3_ctx_19e3d4a5-d50b-4510-8490-37c710e2d9ac%2526vmId%253D00000000-0000-0000-0000-000000000000%2526abr%253Dfalse%2526timeZoneOffset%253D%2526v%253DSb15w416NjUx1S8xP_24bXlnB7WGVd6n0Ni099lU8XYQqEzEcsLnaEXlJapYb8M9HcImH_YhXticqnLv20syc3t5v9tD8NjZa4wvs8sTZbl1mmcmajEnf4DVAX_7sUrjHQQHU64AdwIBZA7UOeYIZe5QHhZNfaVkKy9-Wz2rvEdQIEL_mYRBOzpfwh9fonYJJviDIyM3ytrCTGCsWhmXA-GxSa2eZP1jCyd1JAMNbqVICiBLwFPdI_xKw8sLEbNYqm5rNa95FRDFxkV-LB8YSwIsscRPfWwQN0xMXBfHxrKkg3Ug2R4oPIzCEegxf47DShf7IDptAKXcqIZ-OMXDo07Ya1YDNBMxpnRvu3hJo67gRGsCvjrikY0-8t5ZOD3i_aRRab_g9Y9YUUAg6-hny9iXAqJIJ0pX5lxIwUPx0V79bOvTLGZ1iooIgxB47et4msu2USsBhcVeoQhZeKbXavR8GjFYn8_tkY_7JfMDZSJOBsiMrCYV68-gD9vVIExD-GzmWMAXejIPYhR2yI9ajiEfws_lnQDM8hkAawsNOI8Hf0z9Qamv7grV0YZxI84bZjYHnfuBF8D4Nedqt2HXBc_drF0whw1oGfWDoF3gayyh9YRzu-8WVar4ewzvZHjTC4bK12czvhtFJO_A4dMuQWvUw9ps2IuYrVYEviAgjJNkSAHaNOMMJJmWWywIF0lTJTL73hEhi4tn7Trjhet5aetIRX38PliUw-VSXJo7Dd2QXx0IlhVyJs5ePkfhHRNLKAOYcefwe1Z6y-A_m9k4I1zoJQN0R7eNKqVwGpMzpZPTiAfvfwRhl6hyP5aQY34QMnGBD5e_Br0lJ4AU4DJbbi-7WeCOEFCEmnC7r4nQ0wPG8e7hkbcxCYpo8705y2HTq-kpfsO_KK1q32sLMhyzzqVL0JU_K2umeykGEAIqK0fB08-uN1Hyk4elrRFru9SyvHQF17h95b-fhe6_cWhrE5nQ6eM5ZR7O87DviNiZ8To1%2526kw%253D%2526mw%253D1024%2526mh%253D768%2526xml%253D1%2526at%253D&icons=AeDYwugPS5Slqt1blH34u5Cvbc1RSqrL6cfEYGqdy_4jc-zxel83nwua5zb9Fu7Upg_M4OopCHQeIAgJEB2qO5ADx1mEJmvdPba028SpnzIg0rLdFb6ZnFrOqXA95az38imX90yVZnnV-r5jXya1BTbFd6cjDvg3yJHbKzDeafeiFAiiaw&ext_cid=0&px_id=55418774&min_cpm=0.008730951674064458&out_id=1&campaign_type=lq-pop&aid=352&cid=15019&uniq=&mid=944328361933445910&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0013393378191149177&cpm=0&verify_hash=3a661111af251fd8a4df4633f6b2edde&is_native=2&real_bid=0.0001330112018585213&original_bid_usd=0.000224&original_bid=0.000224&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=89,20,27,108,0,4&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.000224&hostname=auc-inpage-hz-0-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000022400000000000002&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=1b96f79c-acfc-4c6d-a890-1e1ff607fcf9&prev_step_diff=646 IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subject64c8149326.com FingerprintDB:0F:EB:EA:A1:42:59:73:1B:D0:36:13:DB:07:12:64:1B:07:5B:A7 ValidityMon, 06 May 2024 14:02:01 GMT - Sun, 04 Aug 2024 14:02:00 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2F3sFZRvmGXlX&refdom=poop.com.co&auction_time=1715381375&subid=357529620&sid=1606654276&tcid=0&ver=8.159.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=69.79183828064623&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F3sFZRvmGXlX%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fimpactserving.com%252FRedirect.eng%253FMediaSegmentId%253D60678%2526dcid%253D3_ctx_19e3d4a5-d50b-4510-8490-37c710e2d9ac%2526vmId%253D00000000-0000-0000-0000-000000000000%2526abr%253Dfalse%2526timeZoneOffset%253D%2526v%253DSb15w416NjUx1S8xP_24bXlnB7WGVd6n0Ni099lU8XYQqEzEcsLnaEXlJapYb8M9HcImH_YhXticqnLv20syc3t5v9tD8NjZa4wvs8sTZbl1mmcmajEnf4DVAX_7sUrjHQQHU64AdwIBZA7UOeYIZe5QHhZNfaVkKy9-Wz2rvEdQIEL_mYRBOzpfwh9fonYJJviDIyM3ytrCTGCsWhmXA-GxSa2eZP1jCyd1JAMNbqVICiBLwFPdI_xKw8sLEbNYqm5rNa95FRDFxkV-LB8YSwIsscRPfWwQN0xMXBfHxrKkg3Ug2R4oPIzCEegxf47DShf7IDptAKXcqIZ-OMXDo07Ya1YDNBMxpnRvu3hJo67gRGsCvjrikY0-8t5ZOD3i_aRRab_g9Y9YUUAg6-hny9iXAqJIJ0pX5lxIwUPx0V79bOvTLGZ1iooIgxB47et4msu2USsBhcVeoQhZeKbXavR8GjFYn8_tkY_7JfMDZSJOBsiMrCYV68-gD9vVIExD-GzmWMAXejIPYhR2yI9ajiEfws_lnQDM8hkAawsNOI8Hf0z9Qamv7grV0YZxI84bZjYHnfuBF8D4Nedqt2HXBc_drF0whw1oGfWDoF3gayyh9YRzu-8WVar4ewzvZHjTC4bK12czvhtFJO_A4dMuQWvUw9ps2IuYrVYEviAgjJNkSAHaNOMMJJmWWywIF0lTJTL73hEhi4tn7Trjhet5aetIRX38PliUw-VSXJo7Dd2QXx0IlhVyJs5ePkfhHRNLKAOYcefwe1Z6y-A_m9k4I1zoJQN0R7eNKqVwGpMzpZPTiAfvfwRhl6hyP5aQY34QMnGBD5e_Br0lJ4AU4DJbbi-7WeCOEFCEmnC7r4nQ0wPG8e7hkbcxCYpo8705y2HTq-kpfsO_KK1q32sLMhyzzqVL0JU_K2umeykGEAIqK0fB08-uN1Hyk4elrRFru9SyvHQF17h95b-fhe6_cWhrE5nQ6eM5ZR7O87DviNiZ8To1%2526kw%253D%2526mw%253D1024%2526mh%253D768%2526xml%253D1%2526at%253D&icons=AeDYwugPS5Slqt1blH34u5Cvbc1RSqrL6cfEYGqdy_4jc-zxel83nwua5zb9Fu7Upg_M4OopCHQeIAgJEB2qO5ADx1mEJmvdPba028SpnzIg0rLdFb6ZnFrOqXA95az38imX90yVZnnV-r5jXya1BTbFd6cjDvg3yJHbKzDeafeiFAiiaw&ext_cid=0&px_id=55418774&min_cpm=0.008730951674064458&out_id=1&campaign_type=lq-pop&aid=352&cid=15019&uniq=&mid=944328361933445910&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0013393378191149177&cpm=0&verify_hash=3a661111af251fd8a4df4633f6b2edde&is_native=2&real_bid=0.0001330112018585213&original_bid_usd=0.000224&original_bid=0.000224&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=89,20,27,108,0,4&need_redirect_show=0&applied_features=coef_095,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.000224&hostname=auc-inpage-hz-0-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000022400000000000002&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=1b96f79c-acfc-4c6d-a890-1e1ff607fcf9&prev_step_diff=646 HTTP/1.1
Host: 1734081ce4.64c8149326.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 22:49:37 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| 1734081ce4.64c8149326.com/in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2F3sFZRvmGXlX&refdom=poop.com.co&auction_time=1715381375&subid=357529620&sid=1606654276&tcid=0&ver=8.159.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=69.79183828064623&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F3sFZRvmGXlX%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DYkqNHClaoknZMAHEFep0NVpfamzDnTOJLM5vM22Rr3YuKDXlsyhaC28MFwqkILstvESMCnMViF51H0AXOMMky84I59zev0FC56GwHhBgZCnlhDoEyuhtaJwmhapf5GmFbsMIE0W3bin87xNYp_1nJ7rrbS6x_JPpSDNwCw2bDhGC7NIh0qdkHRUFILIxoA-xqKyJVQPh0jj0DRkTUJx41VrgBzU8PB74VT7-C5XWKeYUDZGu3wiCSPbTv072xy0i-CjCy24uPBFgLuR48DGVSgJJxLsbPusJvLllYHdK-O9j7N38i1zlrLYKPzcLDHAe5tsqUpzSC-EWF5QCl_IU6Q0TXpJ8QbP6ddDTm_iTPm1s-GCdPLhUFpGe1KLqYUC6gt8kOJGUvfPWjLYtEUmYZAZrzDN6xKZRzGbN-mfW2bhck-CBDXY7uz0srlt90O4aRW2tJZ8FqBKTYMkByiB2d_i2y56rv_1XE69JNxgQ3RVrHnFMDc4dtYekv0jxMupncUnGIeB0tB7XIxYo8kTrn3l2-z4s78YfbvrMzUxebNUVsLWjWee7fOcfIfOr8xAQXZqJxooE&icons=6fOQ57JTD1euk4laUXuPMG6OS2WL2G18UavlCQnHhLHjnwJJk6RlOKKXdePCyXaTBSvvNvXJ5SwYw134ukQJ5cCDY7IETYiuvxJ7jixVV2j1bXDqJg0SnDj00xzfafc-aOD1iHBxtxLUE21obM_3L72RlrXYncKKxHNGdQFFsW7-k8MQ0rIcrkxweOCd3ZYEqWVycw29fFr9WRwYwIXMlqWl5etXp0vb6NOPN1G2e1PiZDfYPebe1S8jvWiw7k0SK5rQQMmB6tccJlV_8a2EZuwaJrziGfaa8ZwxSJlEfrPNfJH3sGuXlswYLCEeTkGXRerDtVej41hYB9t5GKidrEpaDxq_l2PVS68DC96fGndLECV-CxEMHEqwW0L6pxZzTpapUYoxxI2UJEciQ-jt96CZqSrQNybptcnFYf83EfKJBko6UpuxcTZGUWoXQVORxjQZtP75h5iXF80sNOgC-ngblaPQSeTFHM89eQGo42Hf2PxJhkbI1Lc97igYHwaVUsjaILAJ97-iKxb1t5NJSH1vBt1N_BCHvn9VDV3au0HsPsnJw_yts64mHW8g6XWzUMADEaqdLh0J2vn5jTZTeZpBkIEVqb7Yoq6sjJzE9mZojnI7HsuDlB32dXw7rkRWFIEAMRovYVuUR-TXr0UBbJEAMRyqEvniyIzN-poSwJQBJgvefOqbe9XBcjk28i9i7TPOEKI&ext_cid=0&px_id=31418774&min_cpm=0.03469675173925338&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=944328361933445910&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.13317686044456842&cpm=0&verify_hash=725d7f937be3db70a3bc21989ec24f70&is_native=1&real_bid=0.0033281249552965125&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,101,11,93&need_redirect_show=0&applied_features=main-skins-settings,coef_095&show_count=1&expiration_timestamp=1715438975&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F36870469%2F551816_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-0-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=0f792d5f-dba3-4e32-9d50-335644fa557a&prev_step_diff=645 | 157.90.84.246 | 200 OK | 0 B |
URL GET HTTP/21734081ce4.64c8149326.com/in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2F3sFZRvmGXlX&refdom=poop.com.co&auction_time=1715381375&subid=357529620&sid=1606654276&tcid=0&ver=8.159.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=69.79183828064623&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F3sFZRvmGXlX%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DYkqNHClaoknZMAHEFep0NVpfamzDnTOJLM5vM22Rr3YuKDXlsyhaC28MFwqkILstvESMCnMViF51H0AXOMMky84I59zev0FC56GwHhBgZCnlhDoEyuhtaJwmhapf5GmFbsMIE0W3bin87xNYp_1nJ7rrbS6x_JPpSDNwCw2bDhGC7NIh0qdkHRUFILIxoA-xqKyJVQPh0jj0DRkTUJx41VrgBzU8PB74VT7-C5XWKeYUDZGu3wiCSPbTv072xy0i-CjCy24uPBFgLuR48DGVSgJJxLsbPusJvLllYHdK-O9j7N38i1zlrLYKPzcLDHAe5tsqUpzSC-EWF5QCl_IU6Q0TXpJ8QbP6ddDTm_iTPm1s-GCdPLhUFpGe1KLqYUC6gt8kOJGUvfPWjLYtEUmYZAZrzDN6xKZRzGbN-mfW2bhck-CBDXY7uz0srlt90O4aRW2tJZ8FqBKTYMkByiB2d_i2y56rv_1XE69JNxgQ3RVrHnFMDc4dtYekv0jxMupncUnGIeB0tB7XIxYo8kTrn3l2-z4s78YfbvrMzUxebNUVsLWjWee7fOcfIfOr8xAQXZqJxooE&icons=6fOQ57JTD1euk4laUXuPMG6OS2WL2G18UavlCQnHhLHjnwJJk6RlOKKXdePCyXaTBSvvNvXJ5SwYw134ukQJ5cCDY7IETYiuvxJ7jixVV2j1bXDqJg0SnDj00xzfafc-aOD1iHBxtxLUE21obM_3L72RlrXYncKKxHNGdQFFsW7-k8MQ0rIcrkxweOCd3ZYEqWVycw29fFr9WRwYwIXMlqWl5etXp0vb6NOPN1G2e1PiZDfYPebe1S8jvWiw7k0SK5rQQMmB6tccJlV_8a2EZuwaJrziGfaa8ZwxSJlEfrPNfJH3sGuXlswYLCEeTkGXRerDtVej41hYB9t5GKidrEpaDxq_l2PVS68DC96fGndLECV-CxEMHEqwW0L6pxZzTpapUYoxxI2UJEciQ-jt96CZqSrQNybptcnFYf83EfKJBko6UpuxcTZGUWoXQVORxjQZtP75h5iXF80sNOgC-ngblaPQSeTFHM89eQGo42Hf2PxJhkbI1Lc97igYHwaVUsjaILAJ97-iKxb1t5NJSH1vBt1N_BCHvn9VDV3au0HsPsnJw_yts64mHW8g6XWzUMADEaqdLh0J2vn5jTZTeZpBkIEVqb7Yoq6sjJzE9mZojnI7HsuDlB32dXw7rkRWFIEAMRovYVuUR-TXr0UBbJEAMRyqEvniyIzN-poSwJQBJgvefOqbe9XBcjk28i9i7TPOEKI&ext_cid=0&px_id=31418774&min_cpm=0.03469675173925338&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=944328361933445910&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.13317686044456842&cpm=0&verify_hash=725d7f937be3db70a3bc21989ec24f70&is_native=1&real_bid=0.0033281249552965125&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,101,11,93&need_redirect_show=0&applied_features=main-skins-settings,coef_095&show_count=1&expiration_timestamp=1715438975&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F36870469%2F551816_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-0-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=0f792d5f-dba3-4e32-9d50-335644fa557a&prev_step_diff=645 IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subject64c8149326.com FingerprintDB:0F:EB:EA:A1:42:59:73:1B:D0:36:13:DB:07:12:64:1B:07:5B:A7 ValidityMon, 06 May 2024 14:02:01 GMT - Sun, 04 Aug 2024 14:02:00 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=c&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fd%2F3sFZRvmGXlX&refdom=poop.com.co&auction_time=1715381375&subid=357529620&sid=1606654276&tcid=0&ver=8.159.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-05-10&iabcat=IAB25-3&keywords=&user_fp=843284594105515926&score=69.79183828064623&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fd%252F3sFZRvmGXlX%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DYkqNHClaoknZMAHEFep0NVpfamzDnTOJLM5vM22Rr3YuKDXlsyhaC28MFwqkILstvESMCnMViF51H0AXOMMky84I59zev0FC56GwHhBgZCnlhDoEyuhtaJwmhapf5GmFbsMIE0W3bin87xNYp_1nJ7rrbS6x_JPpSDNwCw2bDhGC7NIh0qdkHRUFILIxoA-xqKyJVQPh0jj0DRkTUJx41VrgBzU8PB74VT7-C5XWKeYUDZGu3wiCSPbTv072xy0i-CjCy24uPBFgLuR48DGVSgJJxLsbPusJvLllYHdK-O9j7N38i1zlrLYKPzcLDHAe5tsqUpzSC-EWF5QCl_IU6Q0TXpJ8QbP6ddDTm_iTPm1s-GCdPLhUFpGe1KLqYUC6gt8kOJGUvfPWjLYtEUmYZAZrzDN6xKZRzGbN-mfW2bhck-CBDXY7uz0srlt90O4aRW2tJZ8FqBKTYMkByiB2d_i2y56rv_1XE69JNxgQ3RVrHnFMDc4dtYekv0jxMupncUnGIeB0tB7XIxYo8kTrn3l2-z4s78YfbvrMzUxebNUVsLWjWee7fOcfIfOr8xAQXZqJxooE&icons=6fOQ57JTD1euk4laUXuPMG6OS2WL2G18UavlCQnHhLHjnwJJk6RlOKKXdePCyXaTBSvvNvXJ5SwYw134ukQJ5cCDY7IETYiuvxJ7jixVV2j1bXDqJg0SnDj00xzfafc-aOD1iHBxtxLUE21obM_3L72RlrXYncKKxHNGdQFFsW7-k8MQ0rIcrkxweOCd3ZYEqWVycw29fFr9WRwYwIXMlqWl5etXp0vb6NOPN1G2e1PiZDfYPebe1S8jvWiw7k0SK5rQQMmB6tccJlV_8a2EZuwaJrziGfaa8ZwxSJlEfrPNfJH3sGuXlswYLCEeTkGXRerDtVej41hYB9t5GKidrEpaDxq_l2PVS68DC96fGndLECV-CxEMHEqwW0L6pxZzTpapUYoxxI2UJEciQ-jt96CZqSrQNybptcnFYf83EfKJBko6UpuxcTZGUWoXQVORxjQZtP75h5iXF80sNOgC-ngblaPQSeTFHM89eQGo42Hf2PxJhkbI1Lc97igYHwaVUsjaILAJ97-iKxb1t5NJSH1vBt1N_BCHvn9VDV3au0HsPsnJw_yts64mHW8g6XWzUMADEaqdLh0J2vn5jTZTeZpBkIEVqb7Yoq6sjJzE9mZojnI7HsuDlB32dXw7rkRWFIEAMRovYVuUR-TXr0UBbJEAMRyqEvniyIzN-poSwJQBJgvefOqbe9XBcjk28i9i7TPOEKI&ext_cid=0&px_id=31418774&min_cpm=0.03469675173925338&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=944328361933445910&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.13317686044456842&cpm=0&verify_hash=725d7f937be3db70a3bc21989ec24f70&is_native=1&real_bid=0.0033281249552965125&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,101,11,93&need_redirect_show=0&applied_features=main-skins-settings,coef_095&show_count=1&expiration_timestamp=1715438975&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F36870469%2F551816_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-0-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000037499999999999997&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=0f792d5f-dba3-4e32-9d50-335644fa557a&prev_step_diff=645 HTTP/1.1
Host: 1734081ce4.64c8149326.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 10 May 2024 22:49:37 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| mcpuwpsh.com/get/ | 94.130.197.240 | 200 OK | 4.0 kB |
IP94.130.197.240:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subjectpuwpush.com Fingerprint60:3D:AE:BF:9C:57:C3:AF:D6:50:E5:93:92:FB:E9:F2:F8:E6:E1:92 ValidityWed, 01 May 2024 01:51:05 GMT - Tue, 30 Jul 2024 01:51:04 GMT
Hash42e5f5d6e1819ae978600f7417ddf96c 7f1842f55b16df23086072016305f17f280c417b bf27d298a3a2d560bd76bedd695c5c284d145a15efc482b65c26c5c9bb53b787
POST /get/ HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://poop.com.co/
Content-Type: text/plain;charset=UTF-8
Content-Length: 956
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.16.0
date: Fri, 10 May 2024 22:49:37 GMT
content-type: application/json
content-length: 4013
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap | 142.250.74.138 | 200 OK | 18 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap IP142.250.74.138:443
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79 ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT
Hash942d6c103643a3b457d90844f34a9b37 e2594da697f0082ee92f0f1d9b163aed142e09e7 654ba530c9e174b31735ff3b7a9cb8399c9c142e7572046eefd3f90b253f4b54
GET /css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 10 May 2024 22:49:34 GMT
date: Fri, 10 May 2024 22:49:34 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/style.css | 188.114.97.1 | 200 OK | 259 kB |
URL GET HTTP/2assets.poopcdn.com/style.css IP188.114.97.1:443
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
Size259 kB (259373 bytes) Hashf94acf4d0db64b4a710fc6fce3bc2a49 63753e2bb0367b37084eba7690d9fb752667ecd3 f4c109f2e81af1df1cf0c41934f699fa249176cb27c7b554d3bc664c89fc1340
GET /style.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:34 GMT
content-type: text/css
etag: W/"f94acf4d0db64b4a710fc6fce3bc2a49"
last-modified: Thu, 14 Mar 2024 17:13:04 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IAiMHaUisZoR3JXb7qhIV0w2gf9bLzcI2iEKZ%2Bc9LDQzCSlc6O9PCj%2ByPg%2Bj2HR2ElEAM73yylcxijqiZKJlWm%2FrZ3W5Z3Aho32JzByfyKIzNM98j7qfAv4kR5ocVPwOcnUzXuc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881d7bb44b6d7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| metrolagu.cam/jembud/586c58476d76525a467333 | 188.114.97.1 | 200 OK | 242 B |
URL GET HTTP/2metrolagu.cam/jembud/586c58476d76525a467333 IP188.114.97.1:443
Requested byhttps://berlagu.com/media/b7N--n5a2Vw CertificateIssuerGoogle Trust Services LLC Subjectmetrolagu.cam Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT
File typeHTML document, ASCII text, with no line terminators Hashfd44eb6fad6de3f59031b9db982b58f0 0264bfdacd2aab1892fb32198884a0700803650a 0895dd2389abbeb0c81de55519691baa99f592e71b88c8fb59a31147dfdb415d
GET /jembud/586c58476d76525a467333 HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://berlagu.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:35 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jq%2FINNL9Up9zwS6ltY1ezVeMhAE4LiPNhTEToqfgN8aaECbipO3w56v%2FHq5hJiN7FBto4bafBcmOQPjsj9jCOenV%2Fd9pw5Zcp0qgklkF8WMWmTPIo3QC7dKCte8inhDV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881d7bbbce34b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| berlagu.com/embed.css | 104.21.67.123 | 200 OK | 1.1 kB |
IP104.21.67.123:443
Requested byhttps://berlagu.com/media/b7N--n5a2Vw CertificateIssuerGoogle Trust Services LLC Subjectberlagu.com FingerprintD6:84:30:6A:D8:0F:B0:3B:F8:82:9A:7D:B3:E1:CC:FF:4D:FD:C3:5B ValidityTue, 30 Apr 2024 15:25:12 GMT - Mon, 29 Jul 2024 15:25:11 GMT
File typeASCII text, with very long lines (1145), with no line terminators Hash69c7d11151f7c8da1183e16ec826fd58 e20f5a01a0e67b7e5a8966ef0e36894ffa1e7ecf 360cdfd896a7ee8339aa947d0ea0457e3463ec025f989ef2e683c1ea4719d7d1
GET /embed.css HTTP/1.1
Host: berlagu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://berlagu.com/media/b7N--n5a2Vw
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 22:49:35 GMT
content-type: text/css
last-modified: Tue, 21 Nov 2023 14:04:59 GMT
vary: Accept-Encoding
etag: W/"655cb90b-446"
expires: Sat, 11 May 2024 06:11:47 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: HIT
age: 16668
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xYvNZFj%2FANbVdyvsyPr5W0d%2FXjOuCAIxlbzGTh7Xb6GLO3wQhU91kEij3RF8ddvlFswwK24SpVdMBFOc0nOrYhVP9aIa78ju9bHT2ri3%2FHFr%2FtENYBDktbiK7TQO7w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881d7bbb69cfb527-OSL
alt-svc: h3=":443"; ma=86400
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=bf74a41b-282b-4488-955f-139a0e7c8552&prev_step_diff=696 | 45.133.44.25 | 200 OK | 486 B |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=bf74a41b-282b-4488-955f-139a0e7c8552&prev_step_diff=696 IP45.133.44.25:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashceeb4e8840c24621c0e0352b42b38a5b 03cbceb0134a39267014595938705e2916580644 50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=datingPurpleMessage-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=bf74a41b-282b-4488-955f-139a0e7c8552&prev_step_diff=696 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:36 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Sat, 10 May 2025 22:49:36 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/embed2.css | 188.114.97.1 | 200 OK | 2.3 kB |
URL GET HTTP/2assets.poopcdn.com/embed2.css IP188.114.97.1:443
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typeASCII text, with very long lines (2279), with no line terminators Hashf966df8b666f4e6af52c4c5972958a8d 59c598587c742cdd8211376b6a124c27a6a2dc52 943cf282560a6d9565816a7feeaa67cb91804127cf2d34686c932039bec26622
GET /embed2.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:34 GMT
content-type: text/css
etag: W/"504eba00908d13eb47133d1f92f8048a"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AjxwAiI51M8EJz6R5u81CilapAenCKqnW6rInNxPOUFqM8%2BAHTCejwVYQjqn%2BXOI5EVlludyql%2FG%2BO35sZAjazvFpcYwzu0n%2BY1KRxmz2gC3VmoTR7hJi3626yaALZN6bwflLVc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881d7bb44b647127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/fonts/avertastd-bold-webfont.woff2 | 188.114.97.1 | 200 OK | 24 kB |
URL GET HTTP/2assets.poopcdn.com/fonts/avertastd-bold-webfont.woff2 IP188.114.97.1:443
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 23604, version 1.0 Hashe9133fd11f14c09a2e4556c395a0ef7d 00fad09605f3342df5c9aeba130156fe19ade8b0 06244cc9cd0c998581b1bf93f5222deee7d2d0b09299190e163961afa973ba91
GET /fonts/avertastd-bold-webfont.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:34 GMT
content-type: font/woff2
content-length: 23604
access-control-allow-origin: https://poop.com.co
etag: "e9133fd11f14c09a2e4556c395a0ef7d"
last-modified: Thu, 14 Mar 2024 17:32:22 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 605
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TybP3LAzKxL2qRj3zZBZ1CsUhcsxV1W79CLFw2%2BqgqGOC5pA7viEtumyzkFvY8xIRy6H1z5UoJf1k01gZVJQNfvfNo1vy4PAmXeZHl%2FQjlfMx95puGzEvM2Ao9Hztb3xx5z448g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881d7bb71dab7127-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| metrolagu.cam/watch?v=Da4P2uT4mVc | 188.114.97.1 | 200 OK | 6.8 kB |
URL POST HTTP/3metrolagu.cam/watch?v=Da4P2uT4mVc IP188.114.97.1:443
Requested byhttps://berlagu.com/media/b7N--n5a2Vw CertificateIssuerGoogle Trust Services LLC Subjectmetrolagu.cam Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT
File typeHTML document, ASCII text, with very long lines (6892), with no line terminators Hash58fc3486f256a310b594c9f73a1892ae b96644e704f7b3904bfa8d7a9a01871991d92160 fb50ebc0d8b5c9c9e00b25c193bd8dda3769170480ee2b4ae1b4d02601f5662a
POST /watch?v=Da4P2uT4mVc HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/jembud/586c58476d76525a467333
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 22:49:35 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AjpISatH94g1eVMmuYB93q%2BI4nUHufMf1ijVtkJuAX4BgPW8dTBDXOEEIvXbgDoI99e1XP3tlelrhiU%2B6VEjnAhpLPElODzn6JJgIH0PTcFeJm%2FvSnlp8eNY9lPqxFWG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881d7bbe59d97128-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| metrolagu.cam/embed.css | 188.114.97.1 | 200 OK | 1.1 kB |
IP188.114.97.1:443
Requested byhttps://metrolagu.cam/watch?v=Da4P2uT4mVc CertificateIssuerGoogle Trust Services LLC Subjectmetrolagu.cam Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT
File typeASCII text, with very long lines (1145), with no line terminators Hash69c7d11151f7c8da1183e16ec826fd58 e20f5a01a0e67b7e5a8966ef0e36894ffa1e7ecf 360cdfd896a7ee8339aa947d0ea0457e3463ec025f989ef2e683c1ea4719d7d1
GET /embed.css HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/watch?v=Da4P2uT4mVc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 22:49:35 GMT
content-type: text/css
last-modified: Thu, 28 Sep 2023 15:07:59 GMT
vary: Accept-Encoding
etag: W/"651596cf-446"
expires: Sat, 11 May 2024 06:47:42 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: HIT
age: 14513
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CZUvqGMIqFimHI5n71qSjxMZq2mBuSW2n%2BswlarbhnkOxU%2BnAqcEmIpPfP25IMz%2BQOFdXO8y4YaCbvgDXYu86fAJUOv%2B%2FzsbS1OJoVaE47%2BRZSrXLoj83rz%2F1AMr%2FARl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881d7bbfeafa7128-OSL
alt-svc: h3=":443"; ma=86400
|
|
| storage.multstorage.com/log/count.html | 104.21.30.242 | 200 OK | 882 B |
URL GET HTTP/2storage.multstorage.com/log/count.html IP104.21.30.242:443
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerGoogle Trust Services LLC Subjectmultstorage.com Fingerprint63:F0:24:29:21:22:E5:42:33:61:B5:20:05:1B:EF:36:81:F5:7B:0A ValiditySun, 17 Mar 2024 08:38:54 GMT - Sat, 15 Jun 2024 08:38:53 GMT
File typeHTML document, ASCII text, with very long lines (919), with no line terminators Hash053b1fe641da8057571d40ebaf1624ab 09b2648b7d08c84621298f0b939cea5170a65022 6606334874a3edb8295831f41d3684433e4553ffe0a72e58c90926e00f39c6a4
GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:35 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: 2de33c888d3196191cdc0b2cf3801f8c
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FGXnLvkEVnv6f5HX6FEPOeQkOUTVo5tVjIo5mn3thHYQ62oLQXuCcd2EC9nnSQLP7rqV926t%2BIz9Jj2uZiAKyulLaTw%2F6DMr1bkDq5p%2F4iAVOrhOmj3Rln3qtBSr76nzGtDv7DNCMzuWWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881d7bba99ef568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 362e373497.4a5936c82e.com/923e52a9407423e98fa8942070686998.js | 45.133.44.52 | 200 OK | 470 kB |
URL GET HTTP/2362e373497.4a5936c82e.com/923e52a9407423e98fa8942070686998.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subject362e373497.4a5936c82e.com Fingerprint03:2C:29:06:2C:BE:AB:D5:79:11:0B:D4:B3:BA:B3:AD:38:71:7F:C2 ValidityTue, 07 May 2024 02:20:30 GMT - Mon, 05 Aug 2024 02:20:29 GMT
Size470 kB (470121 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /923e52a9407423e98fa8942070686998.js HTTP/1.1
Host: 362e373497.4a5936c82e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:35 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 12:49:54 GMT
etag: W/"661e73f2-72c69"
content-encoding: gzip
expires: Fri, 10 May 2024 22:54:35 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| 362e373497.4a5936c82e.com/8e57871395155b58a79a1f183241e252.js | 45.133.44.52 | 200 OK | 109 kB |
URL GET HTTP/2362e373497.4a5936c82e.com/8e57871395155b58a79a1f183241e252.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subject362e373497.4a5936c82e.com Fingerprint03:2C:29:06:2C:BE:AB:D5:79:11:0B:D4:B3:BA:B3:AD:38:71:7F:C2 ValidityTue, 07 May 2024 02:20:30 GMT - Mon, 05 Aug 2024 02:20:29 GMT
Size109 kB (109349 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /8e57871395155b58a79a1f183241e252.js HTTP/1.1
Host: 362e373497.4a5936c82e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:34 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 08 May 2024 10:50:20 GMT
etag: W/"663b58ec-1ab25"
content-encoding: gzip
expires: Fri, 10 May 2024 22:54:34 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| 362e373497.4a5936c82e.com/bab8dec8e1057da5f79fefbe940ff7d4/114039?version_name=c | 45.133.44.52 | 200 OK | 3.3 kB |
URL GET HTTP/2362e373497.4a5936c82e.com/bab8dec8e1057da5f79fefbe940ff7d4/114039?version_name=c IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subject362e373497.4a5936c82e.com Fingerprint03:2C:29:06:2C:BE:AB:D5:79:11:0B:D4:B3:BA:B3:AD:38:71:7F:C2 ValidityTue, 07 May 2024 02:20:30 GMT - Mon, 05 Aug 2024 02:20:29 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (3671), with no line terminators Hash4e43ba907ce8b3aba9a64c979561fbab 36bd9da80fa9a461e7c290d739332f043128c9ff b9642fa97b1450f7acf5724a26d407750419c5be54bf5dabe235558b0ac6da1a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /bab8dec8e1057da5f79fefbe940ff7d4/114039?version_name=c HTTP/1.1
Host: 362e373497.4a5936c82e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:34 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Fri, 10 May 2024 22:54:34 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| 362e373497.4a5936c82e.com/923e52a9407423e98fa8942070686998.js | 45.133.44.52 | 200 OK | 470 kB |
URL GET HTTP/2362e373497.4a5936c82e.com/923e52a9407423e98fa8942070686998.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subject362e373497.4a5936c82e.com Fingerprint03:2C:29:06:2C:BE:AB:D5:79:11:0B:D4:B3:BA:B3:AD:38:71:7F:C2 ValidityTue, 07 May 2024 02:20:30 GMT - Mon, 05 Aug 2024 02:20:29 GMT
Size470 kB (470121 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /923e52a9407423e98fa8942070686998.js HTTP/1.1
Host: 362e373497.4a5936c82e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:35 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 12:49:54 GMT
etag: W/"661e73f2-72c69"
content-encoding: gzip
expires: Fri, 10 May 2024 22:54:35 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| metrolagu.cam/play.svg | 188.114.97.1 | 200 OK | 633 B |
IP188.114.97.1:443
Requested byhttps://metrolagu.cam/watch?v=Da4P2uT4mVc CertificateIssuerGoogle Trust Services LLC Subjectmetrolagu.cam Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT
File typeSVG Scalable Vector Graphics image Hashfa7e52a78c2db6968656093b3b4f6266 d3c582a7ce14bbe3f2e3a486e8e038d7ccbdfc6a 3ba523164e3d24ae32abd260e3728d4418e4720f145e0571acac76c42e81d3cb
GET /play.svg HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/embed.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 10 May 2024 22:49:36 GMT
content-type: image/svg+xml
last-modified: Thu, 21 Sep 2023 10:51:20 GMT
etag: W/"650c2028-279"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cGP0yesTfhruuwCJYt%2FCmQ6qpvnlqo5l%2Bdd2bs09TdA9CAim7eaeJVhJkRpTlOqQ7vbZSJjtGESRTnujF8o1EXOdDKQ%2BM%2BwWYUQrqB9HKv2nP%2F993EIlZbNmmL3EAvSG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881d7bc09b4b7128-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| berlagu.com/jembud/586c58476d76525a467333 | 104.21.67.123 | 200 OK | 239 B |
URL GET HTTP/2berlagu.com/jembud/586c58476d76525a467333 IP104.21.67.123:443
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerGoogle Trust Services LLC Subjectberlagu.com FingerprintD6:84:30:6A:D8:0F:B0:3B:F8:82:9A:7D:B3:E1:CC:FF:4D:FD:C3:5B ValidityTue, 30 Apr 2024 15:25:12 GMT - Mon, 29 Jul 2024 15:25:11 GMT
File typeHTML document, ASCII text, with no line terminators Hash00cb1338f2eaf475cbe9d1dfa2168e91 b84d79e9283dcc8a2c7c63897a176443a74c6ff4 c483d13d15ed7b7c3d35773ac364f5f68cdb666b67a7522c7f861cd01828a755
GET /jembud/586c58476d76525a467333 HTTP/1.1
Host: berlagu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Fri, 10 May 2024 22:49:34 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RH%2B3ue1WLhnD1aXBjBUJTGCBi62%2FVbo4CuzdURNKaRKMgH82XKaI%2BXi6RP6qNj83X8zNNfavYk3dz%2B5Zt1kA%2BguUZM6SU%2F3zApgyEjQbyHR6QiA7pBKcbnrucGE3qA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881d7bb7588856be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 362e373497.4a5936c82e.com/d0b44a3b286234a6547fbc3559b62bad.js | 45.133.44.52 | 200 OK | 101 kB |
URL GET HTTP/2362e373497.4a5936c82e.com/d0b44a3b286234a6547fbc3559b62bad.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.com.co/d/3sFZRvmGXlX CertificateIssuerLet's Encrypt Subject362e373497.4a5936c82e.com Fingerprint03:2C:29:06:2C:BE:AB:D5:79:11:0B:D4:B3:BA:B3:AD:38:71:7F:C2 ValidityTue, 07 May 2024 02:20:30 GMT - Mon, 05 Aug 2024 02:20:29 GMT
Size101 kB (100855 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /d0b44a3b286234a6547fbc3559b62bad.js HTTP/1.1
Host: 362e373497.4a5936c82e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 10 May 2024 22:49:35 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 06 May 2024 08:27:28 GMT
etag: W/"66389470-189f7"
content-encoding: gzip
expires: Fri, 10 May 2024 22:54:35 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|