| | 188.114.96.1 | 301 Moved Permanently | 167 B |
URL User Request GET HTTP/2IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectdo0d.co Fingerprint13:BD:13:0E:85:44:AE:D8:DC:8F:66:3F:CB:1A:C6:83:CE:EC:8D:24 ValiditySat, 16 Mar 2024 14:06:00 GMT - Fri, 14 Jun 2024 14:05:59 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash0104c301c5e02bd6148b8703d19b3a73 7436e0b4b1f8c222c38069890b75fa2baf9ca620 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f
GET /d/rZPdMuKz9Mj HTTP/1.1
Host: do0d.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Fri, 26 Apr 2024 03:13:00 GMT
content-type: text/html
content-length: 167
location: https://poop.tax/d/rZPdMuKz9Mj
cache-control: max-age=3600
expires: Fri, 26 Apr 2024 04:13:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W3JPaqgkbcsGFdncMalJhgItLuLH2J%2BjSP7pgLKyUNHdwAs5%2FH5HY7P2pwohXMSlZPY%2Bhm9%2FHIVXa5im04q3vN4rpIKq1u2r9RVNWj71oP%2BO%2FEV5JSRJrCLx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a364fc5f1c569a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js | 104.17.24.14 | 200 OK | 28 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js IP104.17.24.14:443
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hash220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:13:01 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 105921
expires: Wed, 16 Apr 2025 03:13:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XrWiRlNzd0YRpZ8UEG2jIshiuzP8poAUBY0kxhRTqk8D2U1gSh79YVcqLgoX8%2FQwCXaAA38KOKJpv8tpS36nFkgIA8LlcnHlGKWQi%2FV308nnsrrvbcgBSqo7tKRcx16jVbN19TFf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87a364ff7e0cb4f3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-RRBBHD087X | 142.250.74.168 | 200 OK | 101 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=G-RRBBHD087X IP142.250.74.168:443
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT
File typeJavaScript source, ASCII text, with very long lines (5945) Size101 kB (100610 bytes) Hashebc169c8002189cdae7cf9bbbaabdb68 58544418810124016a8e1006c17dfb13e11e61fa 728d3cc0d8972dd18d234f14bddec05061e2edfb80a3301e384aabc5376ed6b9
GET /gtag/js?id=G-RRBBHD087X HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 26 Apr 2024 03:13:01 GMT
expires: Fri, 26 Apr 2024 03:13:01 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 100610
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| img.doodcdn.co/snaps/lcg5dkcjjlj5sp1k.jpg | 104.26.6.74 | 200 OK | 59 kB |
URL GET HTTP/3img.doodcdn.co/snaps/lcg5dkcjjlj5sp1k.jpg IP104.26.6.74:443
Requested byhttps://metrolagu.cam/watch?v=B9S8VHPtvsQ CertificateIssuerCloudflare, Inc. Subjectdoodcdn.co Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3 ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 720x1280, components 3 Hashd7c27599520a11eedbd062915fdf1220 bf89dbe67565034487597aaa132dec7446dded35 82007731730df9cda7cdb18f12cbbf7517e5bc45bcf2cfba78bfbe6ee236986f
GET /snaps/lcg5dkcjjlj5sp1k.jpg HTTP/1.1
Host: img.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:13:01 GMT
content-type: image/jpeg
content-length: 59383
access-control-allow-origin: *
cache-control: max-age=1209600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=59805
etag: "66152bcc-e99d"
expires: Thu, 09 May 2024 16:06:43 GMT
last-modified: Tue, 09 Apr 2024 11:51:40 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bqUWV%2ByhSu55UilAi6woP%2BCRkru9xsYZpYF4IuS7Q%2F5neE12hCkGPlT5eamB64KBuFr16BgjY6GKqjYUjeKfz5QQ%2F0sVHCGt65225YPpP9wX%2BJerjXUBGDpqPxvrVAzG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a365000aaab4f7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/fonts/avertastd-regular-webfont.woff2 | 188.114.96.1 | 200 OK | 24 kB |
URL GET HTTP/2assets.poopcdn.com/fonts/avertastd-regular-webfont.woff2 IP188.114.96.1:443
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 23812, version 1.524 Hasheb586e5a1b86dbf1c866e3ed80f9d18e 280ee78d19c017ab9335f769595e5157d3c4a343 714e70103deac0d67f52a6285c5fabee6088ce4d710ce7e74353503837038baf
GET /fonts/avertastd-regular-webfont.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:13:01 GMT
content-type: font/woff2
content-length: 23812
access-control-allow-origin: https://poop.tax
etag: "eb586e5a1b86dbf1c866e3ed80f9d18e"
last-modified: Thu, 14 Mar 2024 17:32:25 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6698
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e7aoCcRuHOKrW9kRbs5e%2B%2FpcoQyqHhW5Az6xnaAt49cNtMaTArU2ln0aEoaQp3JFO5IoJDq3qRfIKbSxvkZjQmCFxYzBswE7zYABeb0rnlCMbTnNvg3J%2FM%2BSJY%2FKthYkgxH8ehE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a365013aa91c0e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/fonts/avertastd-bold-webfont.woff2 | 188.114.96.1 | 200 OK | 24 kB |
URL GET HTTP/2assets.poopcdn.com/fonts/avertastd-bold-webfont.woff2 IP188.114.96.1:443
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 23604, version 1.0 Hashe9133fd11f14c09a2e4556c395a0ef7d 00fad09605f3342df5c9aeba130156fe19ade8b0 06244cc9cd0c998581b1bf93f5222deee7d2d0b09299190e163961afa973ba91
GET /fonts/avertastd-bold-webfont.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:13:01 GMT
content-type: font/woff2
content-length: 23604
access-control-allow-origin: https://poop.tax
etag: "e9133fd11f14c09a2e4556c395a0ef7d"
last-modified: Thu, 14 Mar 2024 17:32:22 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6698
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7nu7mPn%2FJ08yIP2ZEShQKfx%2BpDR8LK4QnkcV0doCcws8q0sBMLawn5lqAujbqmuEXnVIs%2BcZna3ewqSp%2BdceO5%2BJX86oxSwiKIZmZSVqIYh7cSlR8KiO5geUnG9NDv0yUcjZfqo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a365013aae1c0e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/fontawesome/webfonts/fa-duotone-900.woff2 | 188.114.96.1 | 200 OK | 184 kB |
URL GET HTTP/2assets.poopcdn.com/fontawesome/webfonts/fa-duotone-900.woff2 IP188.114.96.1:443
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 184476, version 330.-16253 Size184 kB (184476 bytes) Hash2a6dec1227f9970376f578270a642d06 150a6a7ffdec6e2e2ff4c712d7cee8bd9b930284 e228b909313044a18dec1a674cfd4935071c36eb3eb6a0cd38a45afac6ae3996
GET /fontawesome/webfonts/fa-duotone-900.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:13:01 GMT
content-type: font/woff2
content-length: 184476
access-control-allow-origin: https://poop.tax
etag: "2a6dec1227f9970376f578270a642d06"
last-modified: Thu, 14 Mar 2024 17:23:02 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6614
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7cr0aYMFD3JCJBETHAjzcMLtcSdx3vPWYHib1iWz92R%2FTMj2%2FrZLffhv%2FACycIPQ1OdT9l2J5aK8Rh54ySPjLdbHnw2MosEVH%2BbCliL4TCNqru76dg9AKi2qvc%2FZYEbmQIAK0SQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a365013aab1c0e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/apple-touch-icon.png | 188.114.96.1 | 200 OK | 2.8 kB |
URL GET HTTP/2assets.poopcdn.com/apple-touch-icon.png IP188.114.96.1:443
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typePNG image data, 180 x 180, 8-bit colormap, non-interlaced Hashe4acc3f05da8195dfa02a437c8b2dba2 f23df2ed14e5d52417b155ccd11187f3250861dc 8b520e4032a17a3fb0410c6e4c7da29f182ca06861aa2d64db1969927e2db0d4
GET /apple-touch-icon.png HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:13:01 GMT
content-type: image/png
content-length: 2766
etag: "e4acc3f05da8195dfa02a437c8b2dba2"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6577
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SxEZpqBRDmquSwTP6QibBVxTow23w79MsbmN8VTXZMmDKDIIEEED6MOIlvJ1Ade7K4TT0QVQ4zmQHjfn%2Fk6EmLrr10V7%2BcwZweq3YKtgnZMNHRMO6t6vUueVzO2fPF9zDKxK%2FoI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a36501fac91c0e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/favicon-16x16.png | 188.114.96.1 | 200 OK | 612 B |
URL GET HTTP/2assets.poopcdn.com/favicon-16x16.png IP188.114.96.1:443
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hashac008ea155d4beee1e93247d7434c77d f8ea94e94e0cc310202a517a9c445c3d70af564e 283e092dad794fdd9212249389fb2acb6d6846f332413ab2af7bbcced9a4957e
GET /favicon-16x16.png HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:13:01 GMT
content-type: image/png
content-length: 612
etag: "ac008ea155d4beee1e93247d7434c77d"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 615
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pOmjgCcS9UkQFwW3wYFz%2BEOuwNBzhXMeyHLq%2F56njJT6iY%2Br00jk5WxDyBgCyulezp%2FxNp7ALwBYAryz3ATwjkByO3ArkGYv7x5%2FpvGeaIRkjfSihbMVpgqPQTPGA44Y2eToO8M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a36501faca1c0e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 0c0be7a0c2.0ab9f67572.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTkwODQ4MzY2MDg2MDkzMjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxMTQwMzksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4xNiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== | 45.133.44.53 | 200 OK | 0 B |
URL GET HTTP/20c0be7a0c2.0ab9f67572.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTkwODQ4MzY2MDg2MDkzMjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxMTQwMzksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4xNiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== IP45.133.44.53:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subject0c0be7a0c2.0ab9f67572.com Fingerprint1E:76:86:5C:33:12:91:B3:DB:48:95:9C:34:E9:19:B7:9C:E5:BE:83 ValidityTue, 23 Apr 2024 04:00:22 GMT - Mon, 22 Jul 2024 04:00:21 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTkwODQ4MzY2MDg2MDkzMjAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEyMS4wIiwidGFnX2lkIjoxMTQwMzksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4xNiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== HTTP/1.1
Host: 0c0be7a0c2.0ab9f67572.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:13:02 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| fp.metricswpsh.com/fp?tag_id=114039 | 157.90.84.242 | 204 No Content | 0 B |
URL OPTIONS HTTP/1.1fp.metricswpsh.com/fp?tag_id=114039 IP157.90.84.242:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.tax/
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Fri, 26 Apr 2024 03:13:02 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://poop.tax
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
|
|
| fp.metricswpsh.com/fp?tag_id=114039 | 157.90.84.242 | 204 No Content | 58 B |
URL OPTIONS HTTP/1.1fp.metricswpsh.com/fp?tag_id=114039 IP157.90.84.242:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hash87385fcd2a67fc74d2fa67366ba68ea2 a604cdbb1d31ce257e8643eee9219c9c724c200c 9307cbb21345500294eae459b18a8ffb2bd2fcccd928a09efbc1e324fa9c9995
POST /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1836
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 26 Apr 2024 03:13:02 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://poop.tax
Set-Cookie: id=15066238866653070942; Expires=Sat, 26 Apr 2025 03:13:02 GMT; Secure; SameSite=None
Vary: Origin
|
|
| cf9c86d5de.f33207dc6c.com/526afdf9b717924176eabd0c81f90a31.js | 45.133.44.52 | 200 OK | 44 kB |
URL GET HTTP/2cf9c86d5de.f33207dc6c.com/526afdf9b717924176eabd0c81f90a31.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectcf9c86d5de.f33207dc6c.com Fingerprint07:43:06:4D:DB:B9:3C:31:4D:0B:61:89:FB:65:A1:AA:78:A1:36:FD ValidityTue, 23 Apr 2024 02:30:49 GMT - Mon, 22 Jul 2024 02:30:48 GMT
File typegzip compressed data, from Unix Hashd22d32acd0d81c08232e401188719bca ad97b486b548f32b0d80f81f430543a548f42690 f7874e5b2c7b35376ae159b509755ec1bd822a307f25dd49df25ea261c2fd255
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /526afdf9b717924176eabd0c81f90a31.js HTTP/1.1
Host: cf9c86d5de.f33207dc6c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:13:01 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 23 Apr 2024 09:45:19 GMT
etag: W/"6627832f-1ab1c"
content-encoding: gzip
expires: Fri, 26 Apr 2024 03:18:01 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| nereserv.com/in/dip?site=native-push&wl=1&event_id=73fa8f38-b733-4fb0-9058-0fe9069743db&subid=388464194&sid=1404129241&spot_id=418776&created_at=2024-04-26&timezone=0&ver=8.159.0&is_native=1 | 168.119.25.102 | 200 OK | 0 B |
URL GET HTTP/2nereserv.com/in/dip?site=native-push&wl=1&event_id=73fa8f38-b733-4fb0-9058-0fe9069743db&subid=388464194&sid=1404129241&spot_id=418776&created_at=2024-04-26&timezone=0&ver=8.159.0&is_native=1 IP168.119.25.102:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=73fa8f38-b733-4fb0-9058-0fe9069743db&subid=388464194&sid=1404129241&spot_id=418776&created_at=2024-04-26&timezone=0&ver=8.159.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 26 Apr 2024 03:13:02 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube | 64.233.162.84 | 302 Found | 0 B |
URL GET HTTP/2accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube IP64.233.162.84:443
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerGoogle Trust Services LLC Subjectaccounts.google.com Fingerprint24:73:6B:52:47:71:E2:CB:E3:4E:89:44:4B:29:D9:F4:C2:A0:F1:14 ValidityMon, 08 Apr 2024 07:33:55 GMT - Mon, 01 Jul 2024 07:33:54 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:kzkSmx0PFkDN5hvq8_qC9OY5h8Qw3A:FFk8pDzwo4XdLJ1P; Expires=Sun, 26-Apr-2026 03:13:02 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 26 Apr 2024 03:13:02 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQx73E7dPsXL_ObnpA583KFt66UFTcWY6D6qPU7OlqM8TM2hSoxfEiHf-tq1j5LaIcO3fkCHoQ
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-YlHzgkosfzI8BbTFbtEknA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: unsafe-none
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| mp4skin.com/embed.css | 188.114.96.1 | 200 OK | 811 B |
IP188.114.96.1:443
Requested byhttps://mp4skin.com/video?q=bohongi+hati CertificateIssuerGoogle Trust Services LLC Subjectmp4skin.com FingerprintD8:5D:D0:B5:E5:A7:78:4E:3F:14:9E:09:7E:35:D8:36:08:F2:5A:0E ValiditySat, 02 Mar 2024 00:24:57 GMT - Fri, 31 May 2024 00:24:56 GMT
File typeASCII text, with very long lines (755), with no line terminators Hash6234fd750298618c8b71628468aa5f0f 5026def78647896e77b7f65068b2fa31f44213d1 206d526e32959ce92da664b9e30be583c2500a6427800ecf2f8718b16ede188c
GET /embed.css HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/video?q=bohongi+hati
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:13:02 GMT
content-type: text/css
cache-control: max-age=43200
cf-bgj: minify
cf-polished: origSize=1094
etag: W/"655cb8cc-446"
expires: Fri, 26 Apr 2024 10:48:13 GMT
last-modified: Tue, 21 Nov 2023 14:03:56 GMT
cf-cache-status: HIT
age: 15889
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eJVyEljGkB5A2xe0PLXXV4qkL8zhEnhwyBnaohyxED6GTPVRbNw3PCBpPO9fz%2FKrSusXY%2FvQJUd4I8x4eRSX4irstydDQ9yKF6e1Hq3t9d5KUEYwUW2wcQ3sUE%2FIfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a365059cd9b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| nereserv.com/in/dip?site=native-push&wl=1&event_id=23c29423-df3d-4fdb-b6da-2b8d827b23bf&subid=357529620&sid=1568921366&spot_id=418774&created_at=2024-04-26&timezone=0&ver=8.159.0&is_native=1 | 168.119.25.102 | 200 OK | 0 B |
URL GET HTTP/2nereserv.com/in/dip?site=native-push&wl=1&event_id=23c29423-df3d-4fdb-b6da-2b8d827b23bf&subid=357529620&sid=1568921366&spot_id=418774&created_at=2024-04-26&timezone=0&ver=8.159.0&is_native=1 IP168.119.25.102:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=23c29423-df3d-4fdb-b6da-2b8d827b23bf&subid=357529620&sid=1568921366&spot_id=418774&created_at=2024-04-26&timezone=0&ver=8.159.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 26 Apr 2024 03:13:02 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| 116f21a281.7fbe2fd8a8.com/in/multy | 157.90.84.246 | 204 No Content | 0 B |
URL OPTIONS HTTP/2116f21a281.7fbe2fd8a8.com/in/multy IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subject7fbe2fd8a8.com FingerprintD4:8A:8B:7A:EF:BA:99:9B:9C:3A:45:2E:A7:88:D0:9D:CD:84:97:E8 ValidityTue, 23 Apr 2024 03:53:21 GMT - Mon, 22 Jul 2024 03:53:20 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /in/multy HTTP/1.1
Host: 116f21a281.7fbe2fd8a8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.tax/
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx/1.20.1
date: Fri, 26 Apr 2024 03:13:02 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| 116f21a281.7fbe2fd8a8.com/in/multy | 157.90.84.246 | 204 No Content | 0 B |
URL OPTIONS HTTP/2116f21a281.7fbe2fd8a8.com/in/multy IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subject7fbe2fd8a8.com FingerprintD4:8A:8B:7A:EF:BA:99:9B:9C:3A:45:2E:A7:88:D0:9D:CD:84:97:E8 ValidityTue, 23 Apr 2024 03:53:21 GMT - Mon, 22 Jul 2024 03:53:20 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /in/multy HTTP/1.1
Host: 116f21a281.7fbe2fd8a8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.tax/
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx/1.20.1
date: Fri, 26 Apr 2024 03:13:02 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/gid.js | 139.45.195.8 | 200 OK | 65 B |
IP139.45.195.8:443
Requested byhttps://mp4skin.com/video?q=bohongi+hati CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash3d194b7bbc1614859cbbd1b2db7bbb50 2743c7e578e43dfc50a45758dff4bda5bb1abd0d 23b008cf03042b063d80e84def85107d405ee64b23ad57077dae670ab53c95c6
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 03:13:02 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://mp4skin.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=08004a1932454388e3b5c49bd47b4221; expires=Sat, 26 Apr 2025 03:13:02 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQx73E7dPsXL_ObnpA583KFt66UFTcWY6D6qPU7OlqM8TM2hSoxfEiHf-tq1j5LaIcO3fkCHoQ | 64.233.162.84 | 302 Found | 426 B |
URL GET HTTP/3accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQx73E7dPsXL_ObnpA583KFt66UFTcWY6D6qPU7OlqM8TM2hSoxfEiHf-tq1j5LaIcO3fkCHoQ IP64.233.162.84:443
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint01:16:A3:AE:CA:C9:AC:ED:3A:C9:AA:75:BE:C2:51:EF:65:CE:23:E1 ValidityMon, 08 Apr 2024 06:34:56 GMT - Mon, 01 Jul 2024 06:34:55 GMT
File typeHTML document, ASCII text, with very long lines (404) Hash5235593d9876dcc8c27332032e6a27e3 f45b16f6a9a3a6481fe54dda3fb0c9dfac15d804 b9691ce731988fa94406f24362c706c14a540137b166bba32607e9dd5acc352b
GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQx73E7dPsXL_ObnpA583KFt66UFTcWY6D6qPU7OlqM8TM2hSoxfEiHf-tq1j5LaIcO3fkCHoQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:jmEDaaWpYKFzCa0RnHZD64-Wrv9Opw:Eg_ZnPIaHCRoMqrK;Path=/;Expires=Sun, 26-Apr-2026 03:13:02 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 26 Apr 2024 03:13:02 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQz6R_6p8wijrOKs13lhW6-z_ChB5a2XyeHQzALxDO0IBBseZgoBUeJsHfL-wglLfrw2jl2wJw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S386852805%3A1714101182791562&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-phjBjrWuMIUZQC3ixok0wQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 426
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 116f21a281.7fbe2fd8a8.com/in/multy | 157.90.84.246 | 204 No Content | 4.8 kB |
URL OPTIONS HTTP/2116f21a281.7fbe2fd8a8.com/in/multy IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subject7fbe2fd8a8.com FingerprintD4:8A:8B:7A:EF:BA:99:9B:9C:3A:45:2E:A7:88:D0:9D:CD:84:97:E8 ValidityTue, 23 Apr 2024 03:53:21 GMT - Mon, 22 Jul 2024 03:53:20 GMT
Hashf6bf681b23f4116ee601972c427de7d2 ddf510e81938af290fe6753ce0a2c370db034c8c 72568cd00be9cf4da99b0e9d9c307e3b8e2c502fb71e8225f911f6ff8fa7a8c7
POST /in/multy HTTP/1.1
Host: 116f21a281.7fbe2fd8a8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1720
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 26 Apr 2024 03:13:03 GMT
content-type: application/json
content-length: 4832
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 116f21a281.7fbe2fd8a8.com/in/multy | 157.90.84.246 | 204 No Content | 4.8 kB |
URL OPTIONS HTTP/2116f21a281.7fbe2fd8a8.com/in/multy IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subject7fbe2fd8a8.com FingerprintD4:8A:8B:7A:EF:BA:99:9B:9C:3A:45:2E:A7:88:D0:9D:CD:84:97:E8 ValidityTue, 23 Apr 2024 03:53:21 GMT - Mon, 22 Jul 2024 03:53:20 GMT
Hash9b1e0ca5bb00ae184ba848401fcf64b1 db1ad22e1b55558c88fa19de7a69ad43189ae7ea 527c6567e2900838cf858026104707fedfb5fc929f4c6ecc1d0b50cf9325dfb7
POST /in/multy HTTP/1.1
Host: 116f21a281.7fbe2fd8a8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1720
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 26 Apr 2024 03:13:03 GMT
content-type: application/json
content-length: 4787
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| meenetiy.com/5/6678850 | 139.45.197.245 | 200 OK | 93 kB |
IP139.45.197.245:443
Requested byhttps://mp4skin.com/video?q=bohongi+hati CertificateIssuerLet's Encrypt Subjectmeenetiy.com FingerprintCF:74:81:D1:53:E3:14:54:77:B9:F7:ED:98:86:46:15:CD:EC:85:20 ValidityThu, 08 Feb 2024 05:28:25 GMT - Wed, 08 May 2024 05:28:24 GMT
File typegzip compressed data, max speed, from Unix Hash1dc75c52c7217739063cd2c24b899d0d 5829ab8f52000c49ebf388ce5f89c9dfad506072 b961f44ec838521246ba1721291481f3154ca2b77b10439b0d24ebbed9b115f4
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /5/6678850 HTTP/1.1
Host: meenetiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 03:13:02 GMT
content-type: application/javascript
x-trace-id: 767588060d6b41aecf6907101aa4c046
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00804ab8997d454ce7b6404000d34fe2; expires=Sat, 26 Apr 2025 03:13:02 GMT; path=/; secure; SameSite=None
oaidts=1714101182; expires=Sat, 26 Apr 2025 03:13:02 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| meenetiy.com/5/6678850/?abt_opts=1&js_build=iclick-v1.782.0&userId=08004a1932454388e3b5c49bd47b4221 | 139.45.197.245 | 200 OK | 29 kB |
URL GET HTTP/2meenetiy.com/5/6678850/?abt_opts=1&js_build=iclick-v1.782.0&userId=08004a1932454388e3b5c49bd47b4221 IP139.45.197.245:443
Requested byhttps://mp4skin.com/video?q=bohongi+hati CertificateIssuerLet's Encrypt Subjectmeenetiy.com FingerprintCF:74:81:D1:53:E3:14:54:77:B9:F7:ED:98:86:46:15:CD:EC:85:20 ValidityThu, 08 Feb 2024 05:28:25 GMT - Wed, 08 May 2024 05:28:24 GMT
File typegzip compressed data, max speed, from Unix Hash25e9bf485cb9e15018d9a20ce5ad5040 d5554229d9ca99afa002c346cd6632a503e0abe5 80d3516aac066279a35b837ea6d8c2eee66bf6687fddd10a86ad56ccf2e61ee7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /5/6678850/?abt_opts=1&js_build=iclick-v1.782.0&userId=08004a1932454388e3b5c49bd47b4221 HTTP/1.1
Host: meenetiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Cookie: OAID=00804ab8997d454ce7b6404000d34fe2; oaidts=1714101182
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 03:13:02 GMT
content-type: application/json
x-trace-id: 572faa9f7eba2b7f9448843e78bad212
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://mp4skin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=08004a1932454388e3b5c49bd47b4221; expires=Sat, 26 Apr 2025 03:13:02 GMT; path=/; secure; SameSite=None
oaidts=1714101182; expires=Sat, 26 Apr 2025 03:13:02 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Fri, 03 May 2024 03:13:02 GMT; path=/; secure; SameSite=None
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| 116f21a281.7fbe2fd8a8.com/in/show/?tag_ab=b&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.tax%2Fd%2FrZPdMuKz9Mj&refdom=poop.tax&auction_time=1714101182&subid=357529620&sid=1568921366&tcid=0&ver=8.159.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-26&iabcat=IAB25-3&keywords=&user_fp=1327480139441349969&score=68.87468516636186&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.tax%252Fd%252FrZPdMuKz9Mj%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fphgofi.com%2Ft%2F3K78XQjVL9lU8kQhKlBhelalqi2qrvwUyopRiZXhTBmhFq0UNsHIW08tgy_5WPW7qT5KBmF5NSASxfihlXOFIoIxlzDHIUMQHeMszGHkBO7GGq8BBGERTk68DtN-fuYTwk6LTQTIEyjqCsLMFLXEtIFaOJq5HH0euniBc0lLma37UBM7bkwvIh3Alh4f15RuQGxux1w0mDs4z0lIwOtcPd4eXcYeQ_pLTM0M9jm9gOi5VwCmOAeGqY54ktN24lOEfaL0eCQjPsww7JvnK39PxAkRFAp50SBDy-W9CJUWpZjdF_Y7VmStFCHszopbhkpuMd4iIHXcnPwgg6H3Xgun-YaUbFMuAYgIWBwrP4LGcci4WjVow2RJqs3kKt7SkdtSi8J3CVCAO9az9K4uyw%3D%3D&icons=8b8BuxrkSgmmxwyqgHgUQoNeTKT56mqioD6W7_SHU84kOZ0l2srBTtNB6GAOHUZFljElcHqbw7s_cS6VHf_YKNdLVSsZX72r6zC1oPTk92I2PKQ1VFdmJV07edcY6pxK7Hv0V8opjaA9srWpzADH8zwCb76fHq3w2QNGyoD--snG3s0SJw&ext_cid=1133291&px_id=51418774&min_cpm=0.011583089375630346&out_id=1&campaign_type=lq&aid=172&cid=1945&uniq=d5c7af06188e3a8eb909617af613c4bb78a5d625fe3f3baad671f07830dd9088&mid=1377191019616643475&skin_id=71&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.001709526428526496&cpm=0&verify_hash=b6ec1864203447ccefc924958d54b379&is_native=1&real_bid=0.0001498079967498768&original_bid_usd=0.00023999999999999998&original_bid=0.00023999999999999998&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=88,95,96,20,27,5,4&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1714360382&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00023999999999999998&hostname=auc-inpage-hz-7-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000024&ext_campaign_id_str=1133291&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=bd6dde13-d1fd-497b-89c0-2912ff3c1677&prev_step_diff=832 | 157.90.84.246 | 200 OK | 0 B |
URL GET HTTP/2116f21a281.7fbe2fd8a8.com/in/show/?tag_ab=b&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.tax%2Fd%2FrZPdMuKz9Mj&refdom=poop.tax&auction_time=1714101182&subid=357529620&sid=1568921366&tcid=0&ver=8.159.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-26&iabcat=IAB25-3&keywords=&user_fp=1327480139441349969&score=68.87468516636186&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.tax%252Fd%252FrZPdMuKz9Mj%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fphgofi.com%2Ft%2F3K78XQjVL9lU8kQhKlBhelalqi2qrvwUyopRiZXhTBmhFq0UNsHIW08tgy_5WPW7qT5KBmF5NSASxfihlXOFIoIxlzDHIUMQHeMszGHkBO7GGq8BBGERTk68DtN-fuYTwk6LTQTIEyjqCsLMFLXEtIFaOJq5HH0euniBc0lLma37UBM7bkwvIh3Alh4f15RuQGxux1w0mDs4z0lIwOtcPd4eXcYeQ_pLTM0M9jm9gOi5VwCmOAeGqY54ktN24lOEfaL0eCQjPsww7JvnK39PxAkRFAp50SBDy-W9CJUWpZjdF_Y7VmStFCHszopbhkpuMd4iIHXcnPwgg6H3Xgun-YaUbFMuAYgIWBwrP4LGcci4WjVow2RJqs3kKt7SkdtSi8J3CVCAO9az9K4uyw%3D%3D&icons=8b8BuxrkSgmmxwyqgHgUQoNeTKT56mqioD6W7_SHU84kOZ0l2srBTtNB6GAOHUZFljElcHqbw7s_cS6VHf_YKNdLVSsZX72r6zC1oPTk92I2PKQ1VFdmJV07edcY6pxK7Hv0V8opjaA9srWpzADH8zwCb76fHq3w2QNGyoD--snG3s0SJw&ext_cid=1133291&px_id=51418774&min_cpm=0.011583089375630346&out_id=1&campaign_type=lq&aid=172&cid=1945&uniq=d5c7af06188e3a8eb909617af613c4bb78a5d625fe3f3baad671f07830dd9088&mid=1377191019616643475&skin_id=71&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.001709526428526496&cpm=0&verify_hash=b6ec1864203447ccefc924958d54b379&is_native=1&real_bid=0.0001498079967498768&original_bid_usd=0.00023999999999999998&original_bid=0.00023999999999999998&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=88,95,96,20,27,5,4&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1714360382&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00023999999999999998&hostname=auc-inpage-hz-7-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000024&ext_campaign_id_str=1133291&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=bd6dde13-d1fd-497b-89c0-2912ff3c1677&prev_step_diff=832 IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subject7fbe2fd8a8.com FingerprintD4:8A:8B:7A:EF:BA:99:9B:9C:3A:45:2E:A7:88:D0:9D:CD:84:97:E8 ValidityTue, 23 Apr 2024 03:53:21 GMT - Mon, 22 Jul 2024 03:53:20 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=b&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.tax%2Fd%2FrZPdMuKz9Mj&refdom=poop.tax&auction_time=1714101182&subid=357529620&sid=1568921366&tcid=0&ver=8.159.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-26&iabcat=IAB25-3&keywords=&user_fp=1327480139441349969&score=68.87468516636186&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.tax%252Fd%252FrZPdMuKz9Mj%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fphgofi.com%2Ft%2F3K78XQjVL9lU8kQhKlBhelalqi2qrvwUyopRiZXhTBmhFq0UNsHIW08tgy_5WPW7qT5KBmF5NSASxfihlXOFIoIxlzDHIUMQHeMszGHkBO7GGq8BBGERTk68DtN-fuYTwk6LTQTIEyjqCsLMFLXEtIFaOJq5HH0euniBc0lLma37UBM7bkwvIh3Alh4f15RuQGxux1w0mDs4z0lIwOtcPd4eXcYeQ_pLTM0M9jm9gOi5VwCmOAeGqY54ktN24lOEfaL0eCQjPsww7JvnK39PxAkRFAp50SBDy-W9CJUWpZjdF_Y7VmStFCHszopbhkpuMd4iIHXcnPwgg6H3Xgun-YaUbFMuAYgIWBwrP4LGcci4WjVow2RJqs3kKt7SkdtSi8J3CVCAO9az9K4uyw%3D%3D&icons=8b8BuxrkSgmmxwyqgHgUQoNeTKT56mqioD6W7_SHU84kOZ0l2srBTtNB6GAOHUZFljElcHqbw7s_cS6VHf_YKNdLVSsZX72r6zC1oPTk92I2PKQ1VFdmJV07edcY6pxK7Hv0V8opjaA9srWpzADH8zwCb76fHq3w2QNGyoD--snG3s0SJw&ext_cid=1133291&px_id=51418774&min_cpm=0.011583089375630346&out_id=1&campaign_type=lq&aid=172&cid=1945&uniq=d5c7af06188e3a8eb909617af613c4bb78a5d625fe3f3baad671f07830dd9088&mid=1377191019616643475&skin_id=71&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.001709526428526496&cpm=0&verify_hash=b6ec1864203447ccefc924958d54b379&is_native=1&real_bid=0.0001498079967498768&original_bid_usd=0.00023999999999999998&original_bid=0.00023999999999999998&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=88,95,96,20,27,5,4&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1714360382&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00023999999999999998&hostname=auc-inpage-hz-7-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000024&ext_campaign_id_str=1133291&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=bd6dde13-d1fd-497b-89c0-2912ff3c1677&prev_step_diff=832 HTTP/1.1
Host: 116f21a281.7fbe2fd8a8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 26 Apr 2024 03:13:03 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| 116f21a281.7fbe2fd8a8.com/in/show/?tag_ab=b&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.tax%2Fd%2FrZPdMuKz9Mj&refdom=poop.tax&auction_time=1714101182&subid=357529620&sid=1568921366&tcid=0&ver=8.159.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-26&iabcat=IAB25-3&keywords=&user_fp=1327480139441349969&score=68.87468516636186&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.tax%252Fd%252FrZPdMuKz9Mj%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3D5xoVz0AcmK6ZKkOHCr-OhOKqS-Qozfs5EWsCVcjYuxPgQjf6w3JeMZOJz--qVtLvdb2Je_Cuz0PrbRG4KfnVUKoxZed-Z2BXD5XH7ymyKKfEgoQ8_Cd4qbXyJN7dlJ1BCeiWUPjiP2k3usEy4CfdxvodsumQVuxIGNPevRZTwOEoCkDbZdKoSpAYMoN9FbqQFGs0-9mK3pLW9ojezcJI3g3nQD5cjIqhtjA_36IBeRDMBErjmDlpN12PWX-V3XD4L-1g3fCCy8u1_SgTMIU6qE9teaVACujssbCuTjStWsOgnc15w1jioUxK0vHmXtlqxvMRS8uwKJrYHbb1UUqGBhC2O0-5148uf0tK6Qy0iUEbnGArClCDVm1S0hQ93z33SU-ENSDe-d5Tmzw0Tyf9RPN6uitHbMndA5aacjjdT7IbPamJI5-Wx6a3v82JDMxvYiI_7nzhSR_-3LfYJyXiXHPi34DHZeptKY78VjClp36EkRooTkh-xVmaFc20Xt1ivDRIJzRiRez5Hfw5zaYDeWZkrC5-qfGtrj3u0hda4AwW2H96UHLAvuhz4AdqFkHZuREVdvzN&icons=losN2FCkb1Pe_DmZhQ7eYHnDtMZ2v5ySwgUOt5zsYn6gzFRhVNvdfo_TSFFIFXPvm5HTjtU7eCkycgqAqz48iiFz79q8ctmSFU_S3Nt5-WWCthNpzjHEkVSsFVbXw_0Y13V-VgjoH3rbmJ3kY73_e7Mst4RJJyMixqCVsWW_kWNH7EKDVwo3Lrb7VxlZNy-QfqYc5xYICPHdba4qCWwWoxEBZXyq3gHnrbcxgTfrVm2UjztkFOTORdn0P837lxikKqv3vjQLjD_e-s-P_ePA6qy42gBnCig4uq-8xqbox11j6SOvYHRUocwovzFAts8AxtkdEMp0swDuKRv_so3GpFqoNe2DweQZX0V6v5BYG4fZLSeH1wXGJ9-Q2f7o01EDKM-lPBozOrzutUMWuausPYDhRTX1YZf1MSTffSsKZiQFpVKBy61zztaORKCYLMC5wMDqXHtT1lBCCrlT3JF96HXdmZkSHmC2cAJVm2fD5-hPg5k8LjnlpUBK0MS4TUphz-q3D5zzWc_0FMfeaKFvP1_9PqrMNVoMlOmYmXrI9WJEwva3hTTbwSVPjnQFHMMylJBlDlTKRtaoAqefpMMmOqTBabmk3qFEB44rpq6-TPwOGwj0AxYx9L1Aast4f510buSDMHWNXNMPShrzskEi_OCkwQvYk64uhX58U-kC0YBx5i-eA-aQy7EnMQWmvWpGZcWIgG0&ext_cid=0&px_id=31418774&min_cpm=0.04738031016075089&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=1377191019616643475&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.15321543052803618&cpm=0&verify_hash=cc17434bb2bac22ce9fe237cd51f1bb6&is_native=1&real_bid=0.0032823749631643124&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,93,11&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1714158782&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F21082129%2F551818_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-7-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000375&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=c82e4494-993c-4b35-9fac-90f27e904348&prev_step_diff=832 | 157.90.84.246 | 200 OK | 0 B |
URL GET HTTP/2116f21a281.7fbe2fd8a8.com/in/show/?tag_ab=b&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.tax%2Fd%2FrZPdMuKz9Mj&refdom=poop.tax&auction_time=1714101182&subid=357529620&sid=1568921366&tcid=0&ver=8.159.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-26&iabcat=IAB25-3&keywords=&user_fp=1327480139441349969&score=68.87468516636186&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.tax%252Fd%252FrZPdMuKz9Mj%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3D5xoVz0AcmK6ZKkOHCr-OhOKqS-Qozfs5EWsCVcjYuxPgQjf6w3JeMZOJz--qVtLvdb2Je_Cuz0PrbRG4KfnVUKoxZed-Z2BXD5XH7ymyKKfEgoQ8_Cd4qbXyJN7dlJ1BCeiWUPjiP2k3usEy4CfdxvodsumQVuxIGNPevRZTwOEoCkDbZdKoSpAYMoN9FbqQFGs0-9mK3pLW9ojezcJI3g3nQD5cjIqhtjA_36IBeRDMBErjmDlpN12PWX-V3XD4L-1g3fCCy8u1_SgTMIU6qE9teaVACujssbCuTjStWsOgnc15w1jioUxK0vHmXtlqxvMRS8uwKJrYHbb1UUqGBhC2O0-5148uf0tK6Qy0iUEbnGArClCDVm1S0hQ93z33SU-ENSDe-d5Tmzw0Tyf9RPN6uitHbMndA5aacjjdT7IbPamJI5-Wx6a3v82JDMxvYiI_7nzhSR_-3LfYJyXiXHPi34DHZeptKY78VjClp36EkRooTkh-xVmaFc20Xt1ivDRIJzRiRez5Hfw5zaYDeWZkrC5-qfGtrj3u0hda4AwW2H96UHLAvuhz4AdqFkHZuREVdvzN&icons=losN2FCkb1Pe_DmZhQ7eYHnDtMZ2v5ySwgUOt5zsYn6gzFRhVNvdfo_TSFFIFXPvm5HTjtU7eCkycgqAqz48iiFz79q8ctmSFU_S3Nt5-WWCthNpzjHEkVSsFVbXw_0Y13V-VgjoH3rbmJ3kY73_e7Mst4RJJyMixqCVsWW_kWNH7EKDVwo3Lrb7VxlZNy-QfqYc5xYICPHdba4qCWwWoxEBZXyq3gHnrbcxgTfrVm2UjztkFOTORdn0P837lxikKqv3vjQLjD_e-s-P_ePA6qy42gBnCig4uq-8xqbox11j6SOvYHRUocwovzFAts8AxtkdEMp0swDuKRv_so3GpFqoNe2DweQZX0V6v5BYG4fZLSeH1wXGJ9-Q2f7o01EDKM-lPBozOrzutUMWuausPYDhRTX1YZf1MSTffSsKZiQFpVKBy61zztaORKCYLMC5wMDqXHtT1lBCCrlT3JF96HXdmZkSHmC2cAJVm2fD5-hPg5k8LjnlpUBK0MS4TUphz-q3D5zzWc_0FMfeaKFvP1_9PqrMNVoMlOmYmXrI9WJEwva3hTTbwSVPjnQFHMMylJBlDlTKRtaoAqefpMMmOqTBabmk3qFEB44rpq6-TPwOGwj0AxYx9L1Aast4f510buSDMHWNXNMPShrzskEi_OCkwQvYk64uhX58U-kC0YBx5i-eA-aQy7EnMQWmvWpGZcWIgG0&ext_cid=0&px_id=31418774&min_cpm=0.04738031016075089&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=1377191019616643475&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.15321543052803618&cpm=0&verify_hash=cc17434bb2bac22ce9fe237cd51f1bb6&is_native=1&real_bid=0.0032823749631643124&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,93,11&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1714158782&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F21082129%2F551818_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-7-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000375&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=c82e4494-993c-4b35-9fac-90f27e904348&prev_step_diff=832 IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subject7fbe2fd8a8.com FingerprintD4:8A:8B:7A:EF:BA:99:9B:9C:3A:45:2E:A7:88:D0:9D:CD:84:97:E8 ValidityTue, 23 Apr 2024 03:53:21 GMT - Mon, 22 Jul 2024 03:53:20 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=b&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.tax%2Fd%2FrZPdMuKz9Mj&refdom=poop.tax&auction_time=1714101182&subid=357529620&sid=1568921366&tcid=0&ver=8.159.0&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-26&iabcat=IAB25-3&keywords=&user_fp=1327480139441349969&score=68.87468516636186&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.tax%252Fd%252FrZPdMuKz9Mj%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3D5xoVz0AcmK6ZKkOHCr-OhOKqS-Qozfs5EWsCVcjYuxPgQjf6w3JeMZOJz--qVtLvdb2Je_Cuz0PrbRG4KfnVUKoxZed-Z2BXD5XH7ymyKKfEgoQ8_Cd4qbXyJN7dlJ1BCeiWUPjiP2k3usEy4CfdxvodsumQVuxIGNPevRZTwOEoCkDbZdKoSpAYMoN9FbqQFGs0-9mK3pLW9ojezcJI3g3nQD5cjIqhtjA_36IBeRDMBErjmDlpN12PWX-V3XD4L-1g3fCCy8u1_SgTMIU6qE9teaVACujssbCuTjStWsOgnc15w1jioUxK0vHmXtlqxvMRS8uwKJrYHbb1UUqGBhC2O0-5148uf0tK6Qy0iUEbnGArClCDVm1S0hQ93z33SU-ENSDe-d5Tmzw0Tyf9RPN6uitHbMndA5aacjjdT7IbPamJI5-Wx6a3v82JDMxvYiI_7nzhSR_-3LfYJyXiXHPi34DHZeptKY78VjClp36EkRooTkh-xVmaFc20Xt1ivDRIJzRiRez5Hfw5zaYDeWZkrC5-qfGtrj3u0hda4AwW2H96UHLAvuhz4AdqFkHZuREVdvzN&icons=losN2FCkb1Pe_DmZhQ7eYHnDtMZ2v5ySwgUOt5zsYn6gzFRhVNvdfo_TSFFIFXPvm5HTjtU7eCkycgqAqz48iiFz79q8ctmSFU_S3Nt5-WWCthNpzjHEkVSsFVbXw_0Y13V-VgjoH3rbmJ3kY73_e7Mst4RJJyMixqCVsWW_kWNH7EKDVwo3Lrb7VxlZNy-QfqYc5xYICPHdba4qCWwWoxEBZXyq3gHnrbcxgTfrVm2UjztkFOTORdn0P837lxikKqv3vjQLjD_e-s-P_ePA6qy42gBnCig4uq-8xqbox11j6SOvYHRUocwovzFAts8AxtkdEMp0swDuKRv_so3GpFqoNe2DweQZX0V6v5BYG4fZLSeH1wXGJ9-Q2f7o01EDKM-lPBozOrzutUMWuausPYDhRTX1YZf1MSTffSsKZiQFpVKBy61zztaORKCYLMC5wMDqXHtT1lBCCrlT3JF96HXdmZkSHmC2cAJVm2fD5-hPg5k8LjnlpUBK0MS4TUphz-q3D5zzWc_0FMfeaKFvP1_9PqrMNVoMlOmYmXrI9WJEwva3hTTbwSVPjnQFHMMylJBlDlTKRtaoAqefpMMmOqTBabmk3qFEB44rpq6-TPwOGwj0AxYx9L1Aast4f510buSDMHWNXNMPShrzskEi_OCkwQvYk64uhX58U-kC0YBx5i-eA-aQy7EnMQWmvWpGZcWIgG0&ext_cid=0&px_id=31418774&min_cpm=0.04738031016075089&out_id=0&campaign_type=mq&aid=291&cid=2928&uniq=&mid=1377191019616643475&skin_id=71&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.15321543052803618&cpm=0&verify_hash=cc17434bb2bac22ce9fe237cd51f1bb6&is_native=1&real_bid=0.0032823749631643124&original_bid_usd=0.00375&original_bid=0.00375&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=101,4,93,11&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=1714158782&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F21082129%2F551818_image.jpg&site=native-push-adult&price=0.00375&hostname=auc-inpage-hz-7-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000375&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=c82e4494-993c-4b35-9fac-90f27e904348&prev_step_diff=832 HTTP/1.1
Host: 116f21a281.7fbe2fd8a8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 26 Apr 2024 03:13:03 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| 116f21a281.7fbe2fd8a8.com/in/show/?tag_ab=b&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.tax%2Fd%2FrZPdMuKz9Mj&refdom=poop.tax&auction_time=1714101182&subid=388464194&sid=1404129241&tcid=0&ver=8.159.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-26&iabcat=IAB25-3&keywords=&user_fp=1327480139441349969&score=69.91342884289668&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.tax%252Fd%252FrZPdMuKz9Mj%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fphgofi.com%2Ft%2FUFhSz91PSejmdu09xHDbS0o8wnFb-5xLKERZn-vfrrv3UQjzJZkANCori_QOHbmlUqBWmhaDI2yl-yGj8fRJFUfja9aBFEAmO8QYHS97FPrSFn_n8cBNbejt8gi69hgQh8tYsdzQJOO2zzQBXSbue-vccONQQ-HBDrlPEdpm63_HdB3jYheTl5vhm_gHKqlEuHyA-udVRzjucNgMEgbBHnDij7-7iowWgYngGDQaZqZLOLpYfF2GOBV149A-_4WAq8xyxQBE0QwVyTpk5EcPWBB-0GzP8y3yMXMNfPVf1n8kefMs4Pg6hcMr-SnZc63DGLK1nnsTan2VmKfziGKN5eROwI5JbhkUpMFTLVYwei7pzltlCo00g3UX-ZaNN1OuUDlIOeE8FZqr2-uYzQ%3D%3D&icons=ba8wfBOsz4nWtNSOP82QLm0BDvHDscwoxqBexsQ2iIQ-yIkeTAuR298ess5wnN5cnj0BCa0oEwJvDdUWjXx1iZYpzSzjzTJtkh4TFgZ7CWthE8DO2-MrHJrv8Q83zVPuQZIm-dQ1d5o8w8vMs0PnkqK74CZp-cLJzJDcEokM2BySJqCSTA&ext_cid=1133291&px_id=51418776&min_cpm=0.057198332680427906&out_id=1&campaign_type=lq&aid=172&cid=1945&uniq=d5c7af06188e3a8eb909617af613c4bb78a5d625fe3f3baad671f07830dd9088&mid=4426490193486863238&skin_id=2&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.00844179460365435&cpm=0&verify_hash=672c3f6794e6afd21d2d95714ae0a42b&is_native=1&real_bid=0.0001498079967498768&original_bid_usd=0.00023999999999999998&original_bid=0.00023999999999999998&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,88,20,27,5,95,96&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1714360382&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00023999999999999998&hostname=auc-inpage-hz-1-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000024&ext_campaign_id_str=1133291&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=01918fe6-4952-49da-8d65-67847fd19ed7&prev_step_diff=942 | 157.90.84.246 | 200 OK | 0 B |
URL GET HTTP/2116f21a281.7fbe2fd8a8.com/in/show/?tag_ab=b&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.tax%2Fd%2FrZPdMuKz9Mj&refdom=poop.tax&auction_time=1714101182&subid=388464194&sid=1404129241&tcid=0&ver=8.159.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-26&iabcat=IAB25-3&keywords=&user_fp=1327480139441349969&score=69.91342884289668&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.tax%252Fd%252FrZPdMuKz9Mj%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fphgofi.com%2Ft%2FUFhSz91PSejmdu09xHDbS0o8wnFb-5xLKERZn-vfrrv3UQjzJZkANCori_QOHbmlUqBWmhaDI2yl-yGj8fRJFUfja9aBFEAmO8QYHS97FPrSFn_n8cBNbejt8gi69hgQh8tYsdzQJOO2zzQBXSbue-vccONQQ-HBDrlPEdpm63_HdB3jYheTl5vhm_gHKqlEuHyA-udVRzjucNgMEgbBHnDij7-7iowWgYngGDQaZqZLOLpYfF2GOBV149A-_4WAq8xyxQBE0QwVyTpk5EcPWBB-0GzP8y3yMXMNfPVf1n8kefMs4Pg6hcMr-SnZc63DGLK1nnsTan2VmKfziGKN5eROwI5JbhkUpMFTLVYwei7pzltlCo00g3UX-ZaNN1OuUDlIOeE8FZqr2-uYzQ%3D%3D&icons=ba8wfBOsz4nWtNSOP82QLm0BDvHDscwoxqBexsQ2iIQ-yIkeTAuR298ess5wnN5cnj0BCa0oEwJvDdUWjXx1iZYpzSzjzTJtkh4TFgZ7CWthE8DO2-MrHJrv8Q83zVPuQZIm-dQ1d5o8w8vMs0PnkqK74CZp-cLJzJDcEokM2BySJqCSTA&ext_cid=1133291&px_id=51418776&min_cpm=0.057198332680427906&out_id=1&campaign_type=lq&aid=172&cid=1945&uniq=d5c7af06188e3a8eb909617af613c4bb78a5d625fe3f3baad671f07830dd9088&mid=4426490193486863238&skin_id=2&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.00844179460365435&cpm=0&verify_hash=672c3f6794e6afd21d2d95714ae0a42b&is_native=1&real_bid=0.0001498079967498768&original_bid_usd=0.00023999999999999998&original_bid=0.00023999999999999998&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,88,20,27,5,95,96&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1714360382&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00023999999999999998&hostname=auc-inpage-hz-1-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000024&ext_campaign_id_str=1133291&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=01918fe6-4952-49da-8d65-67847fd19ed7&prev_step_diff=942 IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subject7fbe2fd8a8.com FingerprintD4:8A:8B:7A:EF:BA:99:9B:9C:3A:45:2E:A7:88:D0:9D:CD:84:97:E8 ValidityTue, 23 Apr 2024 03:53:21 GMT - Mon, 22 Jul 2024 03:53:20 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=b&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.tax%2Fd%2FrZPdMuKz9Mj&refdom=poop.tax&auction_time=1714101182&subid=388464194&sid=1404129241&tcid=0&ver=8.159.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-26&iabcat=IAB25-3&keywords=&user_fp=1327480139441349969&score=69.91342884289668&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.tax%252Fd%252FrZPdMuKz9Mj%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fphgofi.com%2Ft%2FUFhSz91PSejmdu09xHDbS0o8wnFb-5xLKERZn-vfrrv3UQjzJZkANCori_QOHbmlUqBWmhaDI2yl-yGj8fRJFUfja9aBFEAmO8QYHS97FPrSFn_n8cBNbejt8gi69hgQh8tYsdzQJOO2zzQBXSbue-vccONQQ-HBDrlPEdpm63_HdB3jYheTl5vhm_gHKqlEuHyA-udVRzjucNgMEgbBHnDij7-7iowWgYngGDQaZqZLOLpYfF2GOBV149A-_4WAq8xyxQBE0QwVyTpk5EcPWBB-0GzP8y3yMXMNfPVf1n8kefMs4Pg6hcMr-SnZc63DGLK1nnsTan2VmKfziGKN5eROwI5JbhkUpMFTLVYwei7pzltlCo00g3UX-ZaNN1OuUDlIOeE8FZqr2-uYzQ%3D%3D&icons=ba8wfBOsz4nWtNSOP82QLm0BDvHDscwoxqBexsQ2iIQ-yIkeTAuR298ess5wnN5cnj0BCa0oEwJvDdUWjXx1iZYpzSzjzTJtkh4TFgZ7CWthE8DO2-MrHJrv8Q83zVPuQZIm-dQ1d5o8w8vMs0PnkqK74CZp-cLJzJDcEokM2BySJqCSTA&ext_cid=1133291&px_id=51418776&min_cpm=0.057198332680427906&out_id=1&campaign_type=lq&aid=172&cid=1945&uniq=d5c7af06188e3a8eb909617af613c4bb78a5d625fe3f3baad671f07830dd9088&mid=4426490193486863238&skin_id=2&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.00844179460365435&cpm=0&verify_hash=672c3f6794e6afd21d2d95714ae0a42b&is_native=1&real_bid=0.0001498079967498768&original_bid_usd=0.00023999999999999998&original_bid=0.00023999999999999998&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,88,20,27,5,95,96&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1714360382&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.00023999999999999998&hostname=auc-inpage-hz-1-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000024&ext_campaign_id_str=1133291&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=01918fe6-4952-49da-8d65-67847fd19ed7&prev_step_diff=942 HTTP/1.1
Host: 116f21a281.7fbe2fd8a8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 26 Apr 2024 03:13:03 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| 116f21a281.7fbe2fd8a8.com/in/show/?tag_ab=b&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.tax%2Fd%2FrZPdMuKz9Mj&refdom=poop.tax&auction_time=1714101182&subid=388464194&sid=1404129241&tcid=0&ver=8.159.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-26&iabcat=IAB25-3&keywords=&user_fp=1327480139441349969&score=69.91342884289668&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.tax%252Fd%252FrZPdMuKz9Mj%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DCXReorKGuSGSGdhnlpUiYIeLYycKiWR3vRdY7BZzIUfLQZ0Sc6NzuZN9fxYyS--wrT3OwarQvlZ9RrMDDsoeTIPjCn1rCPEu2VmuVlQbUM0eAOGOBU8o3ZXfcJfanrUHjqGedL3AB_5DQ5MT16H-s9jRz3yFbV5Gt7MXS49ziFDTAPbHMOEAJ8RP93JeSODZveeuQ8RllzjIh3vMV0WdYSvrvAmrz8DDrdPYqAiBK7OaLyRwoG_59tlBrurzzBXWtyie45-NGzXRiIYH3mTgWaAvZqdUMSJl-aGsw17EUZqieoBgtZeTbaSDs9W9Hk9FI2ZrLEFnlTNq45h2pBi3uc_vW3XbFnQ24-DhUngjCvAba0E_VC5VIoi91pY_44xzfUkCGwnK51HW11tTumrCBMN0URSiO_by2Chv0jyNeXQWD60tsRrB8wjB0UR62UcBRq0WIlxHXOVsN6j_LTIp0DKiEEEfgfY8m8vo9-b6pD-Vs3a-7gbCLvFwVvuMjXRN_zu8OpmAM_nGytTgvibE_vhIgquDy9XYKhmDYvkqV5nbOEnEdkiZb_gS0Q%3D%3D&icons=xcXrgJWbFBBIHbUNtAwrwQle6mYRAPIaqBZAQGSFAgmlRTzhkgj9wB9FhtidZzb82OuYMMGGYlSfbUe3qCt5ZmiD_-V1ytY5_wegozdVW8lK2SZjIAlZjl5q2dZ04WyNqT83tj8kJX1Cg_OYeDgnzIpwMnNKEpKZhYQ7FGGxsUtOE-LSY3RCvT33DxDXzrvoUR2eYLtEiNQEE7dE3VjX0P7OGbOUPMXQXwmz-XVbgByWI4EA5yw67VVvWYXpWst6DHp3otLKGPzJ2dZO5YFdcbRQoLlnIJN9YTPJl5umE5HkGsKoAbfNfOpZzTOHNiwVd9Q1UluCCfiy01pCqpWdL38QBviyn3CRyZpEXzWyjyy6AMAnvcAXKQBPbhc-OoUi074mCbO9bPMP5VgDiydhUnTYuZbkg5mSMWlIHzIRLJozyTvO5qMqZntkH8qkizTlohTvrx_XMgQWCJsxUTqd7-I-oUFyeZjsnCMTDSDLzvQ9Mk8ar4hktAfF4zttzSSYcp9gJ0PWySEAvJJh4FaYSKgknS3d38ENvTX-j91GFrmNAIJXy88s79Jd0N8Dnbx_sSGhZVyod-sM61qFCo9fzpgXOVDSFa9aamxtSQpLdxrOSGRs6hVjp5nfPX02Zligj-pQIyXybBz1yvkeYhz49q7CtB9gE4-C2rcWTmDPwoOHiiJTF5k&ext_cid=0&px_id=73418776&min_cpm=0.0011298988361474888&out_id=0&campaign_type=hq&aid=291&cid=12625&uniq=&mid=4426490193486863238&skin_id=2&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.003390338715029846&cpm=0&verify_hash=3baa053fe21e48e560e433fedccf524f&is_native=1&real_bid=0.003045699924230565&original_bid_usd=0.0035&original_bid=0.0035&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=11,4,5,90,93&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1714158782&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F61863514%2F551812_image.jpg&site=native-push-adult&price=0.0035&hostname=auc-inpage-hz-1-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000035&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.02&cpa=40762d14-0f8b-4c5b-ad94-c6a1cb26d7d1&prev_step_diff=942 | 157.90.84.246 | 200 OK | 0 B |
URL GET HTTP/2116f21a281.7fbe2fd8a8.com/in/show/?tag_ab=b&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.tax%2Fd%2FrZPdMuKz9Mj&refdom=poop.tax&auction_time=1714101182&subid=388464194&sid=1404129241&tcid=0&ver=8.159.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-26&iabcat=IAB25-3&keywords=&user_fp=1327480139441349969&score=69.91342884289668&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.tax%252Fd%252FrZPdMuKz9Mj%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DCXReorKGuSGSGdhnlpUiYIeLYycKiWR3vRdY7BZzIUfLQZ0Sc6NzuZN9fxYyS--wrT3OwarQvlZ9RrMDDsoeTIPjCn1rCPEu2VmuVlQbUM0eAOGOBU8o3ZXfcJfanrUHjqGedL3AB_5DQ5MT16H-s9jRz3yFbV5Gt7MXS49ziFDTAPbHMOEAJ8RP93JeSODZveeuQ8RllzjIh3vMV0WdYSvrvAmrz8DDrdPYqAiBK7OaLyRwoG_59tlBrurzzBXWtyie45-NGzXRiIYH3mTgWaAvZqdUMSJl-aGsw17EUZqieoBgtZeTbaSDs9W9Hk9FI2ZrLEFnlTNq45h2pBi3uc_vW3XbFnQ24-DhUngjCvAba0E_VC5VIoi91pY_44xzfUkCGwnK51HW11tTumrCBMN0URSiO_by2Chv0jyNeXQWD60tsRrB8wjB0UR62UcBRq0WIlxHXOVsN6j_LTIp0DKiEEEfgfY8m8vo9-b6pD-Vs3a-7gbCLvFwVvuMjXRN_zu8OpmAM_nGytTgvibE_vhIgquDy9XYKhmDYvkqV5nbOEnEdkiZb_gS0Q%3D%3D&icons=xcXrgJWbFBBIHbUNtAwrwQle6mYRAPIaqBZAQGSFAgmlRTzhkgj9wB9FhtidZzb82OuYMMGGYlSfbUe3qCt5ZmiD_-V1ytY5_wegozdVW8lK2SZjIAlZjl5q2dZ04WyNqT83tj8kJX1Cg_OYeDgnzIpwMnNKEpKZhYQ7FGGxsUtOE-LSY3RCvT33DxDXzrvoUR2eYLtEiNQEE7dE3VjX0P7OGbOUPMXQXwmz-XVbgByWI4EA5yw67VVvWYXpWst6DHp3otLKGPzJ2dZO5YFdcbRQoLlnIJN9YTPJl5umE5HkGsKoAbfNfOpZzTOHNiwVd9Q1UluCCfiy01pCqpWdL38QBviyn3CRyZpEXzWyjyy6AMAnvcAXKQBPbhc-OoUi074mCbO9bPMP5VgDiydhUnTYuZbkg5mSMWlIHzIRLJozyTvO5qMqZntkH8qkizTlohTvrx_XMgQWCJsxUTqd7-I-oUFyeZjsnCMTDSDLzvQ9Mk8ar4hktAfF4zttzSSYcp9gJ0PWySEAvJJh4FaYSKgknS3d38ENvTX-j91GFrmNAIJXy88s79Jd0N8Dnbx_sSGhZVyod-sM61qFCo9fzpgXOVDSFa9aamxtSQpLdxrOSGRs6hVjp5nfPX02Zligj-pQIyXybBz1yvkeYhz49q7CtB9gE4-C2rcWTmDPwoOHiiJTF5k&ext_cid=0&px_id=73418776&min_cpm=0.0011298988361474888&out_id=0&campaign_type=hq&aid=291&cid=12625&uniq=&mid=4426490193486863238&skin_id=2&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.003390338715029846&cpm=0&verify_hash=3baa053fe21e48e560e433fedccf524f&is_native=1&real_bid=0.003045699924230565&original_bid_usd=0.0035&original_bid=0.0035&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=11,4,5,90,93&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1714158782&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F61863514%2F551812_image.jpg&site=native-push-adult&price=0.0035&hostname=auc-inpage-hz-1-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000035&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.02&cpa=40762d14-0f8b-4c5b-ad94-c6a1cb26d7d1&prev_step_diff=942 IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subject7fbe2fd8a8.com FingerprintD4:8A:8B:7A:EF:BA:99:9B:9C:3A:45:2E:A7:88:D0:9D:CD:84:97:E8 ValidityTue, 23 Apr 2024 03:53:21 GMT - Mon, 22 Jul 2024 03:53:20 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?tag_ab=b&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.tax%2Fd%2FrZPdMuKz9Mj&refdom=poop.tax&auction_time=1714101182&subid=388464194&sid=1404129241&tcid=0&ver=8.159.0&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-26&iabcat=IAB25-3&keywords=&user_fp=1327480139441349969&score=69.91342884289668&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.tax%252Fd%252FrZPdMuKz9Mj%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=107563&crtid=2c48922f67f3db239f07842af569ad8e&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DCXReorKGuSGSGdhnlpUiYIeLYycKiWR3vRdY7BZzIUfLQZ0Sc6NzuZN9fxYyS--wrT3OwarQvlZ9RrMDDsoeTIPjCn1rCPEu2VmuVlQbUM0eAOGOBU8o3ZXfcJfanrUHjqGedL3AB_5DQ5MT16H-s9jRz3yFbV5Gt7MXS49ziFDTAPbHMOEAJ8RP93JeSODZveeuQ8RllzjIh3vMV0WdYSvrvAmrz8DDrdPYqAiBK7OaLyRwoG_59tlBrurzzBXWtyie45-NGzXRiIYH3mTgWaAvZqdUMSJl-aGsw17EUZqieoBgtZeTbaSDs9W9Hk9FI2ZrLEFnlTNq45h2pBi3uc_vW3XbFnQ24-DhUngjCvAba0E_VC5VIoi91pY_44xzfUkCGwnK51HW11tTumrCBMN0URSiO_by2Chv0jyNeXQWD60tsRrB8wjB0UR62UcBRq0WIlxHXOVsN6j_LTIp0DKiEEEfgfY8m8vo9-b6pD-Vs3a-7gbCLvFwVvuMjXRN_zu8OpmAM_nGytTgvibE_vhIgquDy9XYKhmDYvkqV5nbOEnEdkiZb_gS0Q%3D%3D&icons=xcXrgJWbFBBIHbUNtAwrwQle6mYRAPIaqBZAQGSFAgmlRTzhkgj9wB9FhtidZzb82OuYMMGGYlSfbUe3qCt5ZmiD_-V1ytY5_wegozdVW8lK2SZjIAlZjl5q2dZ04WyNqT83tj8kJX1Cg_OYeDgnzIpwMnNKEpKZhYQ7FGGxsUtOE-LSY3RCvT33DxDXzrvoUR2eYLtEiNQEE7dE3VjX0P7OGbOUPMXQXwmz-XVbgByWI4EA5yw67VVvWYXpWst6DHp3otLKGPzJ2dZO5YFdcbRQoLlnIJN9YTPJl5umE5HkGsKoAbfNfOpZzTOHNiwVd9Q1UluCCfiy01pCqpWdL38QBviyn3CRyZpEXzWyjyy6AMAnvcAXKQBPbhc-OoUi074mCbO9bPMP5VgDiydhUnTYuZbkg5mSMWlIHzIRLJozyTvO5qMqZntkH8qkizTlohTvrx_XMgQWCJsxUTqd7-I-oUFyeZjsnCMTDSDLzvQ9Mk8ar4hktAfF4zttzSSYcp9gJ0PWySEAvJJh4FaYSKgknS3d38ENvTX-j91GFrmNAIJXy88s79Jd0N8Dnbx_sSGhZVyod-sM61qFCo9fzpgXOVDSFa9aamxtSQpLdxrOSGRs6hVjp5nfPX02Zligj-pQIyXybBz1yvkeYhz49q7CtB9gE4-C2rcWTmDPwoOHiiJTF5k&ext_cid=0&px_id=73418776&min_cpm=0.0011298988361474888&out_id=0&campaign_type=hq&aid=291&cid=12625&uniq=&mid=4426490193486863238&skin_id=2&vertical_id=11&skin_test=0&from_cache=0&ecpm=0.003390338715029846&cpm=0&verify_hash=3baa053fe21e48e560e433fedccf524f&is_native=1&real_bid=0.003045699924230565&original_bid_usd=0.0035&original_bid=0.0035&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=11,4,5,90,93&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1714158782&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F61863514%2F551812_image.jpg&site=native-push-adult&price=0.0035&hostname=auc-inpage-hz-1-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000035&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.02&cpa=40762d14-0f8b-4c5b-ad94-c6a1cb26d7d1&prev_step_diff=942 HTTP/1.1
Host: 116f21a281.7fbe2fd8a8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 26 Apr 2024 03:13:03 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQz6R_6p8wijrOKs13lhW6-z_ChB5a2XyeHQzALxDO0IBBseZgoBUeJsHfL-wglLfrw2jl2wJw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S386852805%3A1714101182791562&theme=mn&ddm=0 | 64.233.162.84 | 403 Forbidden | 826 B |
URL GET HTTP/3accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQz6R_6p8wijrOKs13lhW6-z_ChB5a2XyeHQzALxDO0IBBseZgoBUeJsHfL-wglLfrw2jl2wJw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S386852805%3A1714101182791562&theme=mn&ddm=0 IP64.233.162.84:443
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint01:16:A3:AE:CA:C9:AC:ED:3A:C9:AA:75:BE:C2:51:EF:65:CE:23:E1 ValidityMon, 08 Apr 2024 06:34:56 GMT - Mon, 01 Jul 2024 06:34:55 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (1644), with no line terminators Hasheb34604f6e9906a7b2fa67281c92a569 7114a50ca0973d31c9e7207e255097d2a1f51d3c 90b1971633015bc3c977c60850188eabb9bfcd277890f233dee47656c2bb2fc6
GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQz6R_6p8wijrOKs13lhW6-z_ChB5a2XyeHQzALxDO0IBBseZgoBUeJsHfL-wglLfrw2jl2wJw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S386852805%3A1714101182791562&theme=mn&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 26 Apr 2024 03:13:02 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: script-src 'nonce-B4lgVXrF8Pw7ZtKgdtIw1A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=62270b63-3dae-446d-add1-2406da420558&prev_step_diff=942 | 45.133.44.25 | 200 OK | 486 B |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=62270b63-3dae-446d-add1-2406da420558&prev_step_diff=942 IP45.133.44.25:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashceeb4e8840c24621c0e0352b42b38a5b 03cbceb0134a39267014595938705e2916580644 50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=62270b63-3dae-446d-add1-2406da420558&prev_step_diff=942 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:13:03 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Sat, 26 Apr 2025 03:13:03 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=758042f1-470d-49e2-a4ee-af926f1caca4&prev_step_diff=832 | 45.133.44.25 | 200 OK | 486 B |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=758042f1-470d-49e2-a4ee-af926f1caca4&prev_step_diff=832 IP45.133.44.25:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashceeb4e8840c24621c0e0352b42b38a5b 03cbceb0134a39267014595938705e2916580644 50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=758042f1-470d-49e2-a4ee-af926f1caca4&prev_step_diff=832 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:13:03 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Sat, 26 Apr 2025 03:13:03 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp | 45.133.44.25 | 200 OK | 1.1 kB |
URL GET HTTP/2static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp IP45.133.44.25:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp Hash2a11e13b2bd67bb9a6cb347d7c73df13 b85460a33f9b229f42c08a6a94ae433a4d5c32ab 1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56
GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:13:03 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Sat, 26 Apr 2025 03:13:03 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cf9c86d5de.f33207dc6c.com/c37eb03648abae911c8ba86cf51fd9e6.js | 45.133.44.52 | 200 OK | 50 kB |
URL GET HTTP/2cf9c86d5de.f33207dc6c.com/c37eb03648abae911c8ba86cf51fd9e6.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectcf9c86d5de.f33207dc6c.com Fingerprint07:43:06:4D:DB:B9:3C:31:4D:0B:61:89:FB:65:A1:AA:78:A1:36:FD ValidityTue, 23 Apr 2024 02:30:49 GMT - Mon, 22 Jul 2024 02:30:48 GMT
File typegzip compressed data, from Unix Hash583c6249576a1acfff1ea23a918f484f 312bdb19eea3f2b5a6a4ffaa416390015faf08a5 fc2b562599956ffc861beb13bc1e25cb065e7ddf9b6fb6af7353e87d5ca56a91
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /c37eb03648abae911c8ba86cf51fd9e6.js HTTP/1.1
Host: cf9c86d5de.f33207dc6c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:13:02 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 25 Apr 2024 13:18:02 GMT
etag: W/"662a580a-29278"
content-encoding: gzip
expires: Fri, 26 Apr 2024 03:18:02 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| metrolagu.cam/watch?v=B9S8VHPtvsQ | 188.114.96.1 | 200 OK | 7.2 kB |
URL POST HTTP/3metrolagu.cam/watch?v=B9S8VHPtvsQ IP188.114.96.1:443
Requested byhttps://mp4skin.com/video?q=bohongi+hati CertificateIssuerGoogle Trust Services LLC Subjectmetrolagu.cam Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT
File typeHTML document, ASCII text, with very long lines (3352) Hashe8341efc62bae99e09495a61f84e855c 72334f813399d8ff31f636388e92ae281244d653 4ecc4f6c34cccb627ef372cf37c5d73eaf8a59fab5529d54313d5e5b7e8e9b8a
POST /watch?v=B9S8VHPtvsQ HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/jembud/6a4d397a4b754d64505a72
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:13:02 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ut%2Bn1EYQxMjPmsqdZIHHqLEgw328OeIr3Ej%2FPxWuTNar1uy7eIrKBByB%2Ff5WxlzIVFxNkxVwW%2B9cWSZxPvl7jynh4C09aBMuQF1sdVeyOoqZ9rKdWrVYQMOuIiET%2FYwg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a365084e3bb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| imgsdn.com/ie?v=4&c=KyH1LLqlSsg5hvtfYj_GAQzPLFwE5dfhnbuVjNnI7mTUtanVOwnj2Bh82DXRdAEZ08obnbh0PNyfZYx_-iY-yQsNFPOmNIbHwmvrD3kulVJAtbJYb0lDb4LU7-lpW51nBwxWgUmigdYRA2QZatThnyajNfyionKHCSwQItELhlvpmu7EX-y1H3zJsfuH4tIiRtGDgHwttlNl_8wX71WKgLfVjwVh9hccqrb7e1GmIKotTihs-bLyc0BF6nKgCfgQCN6M_m4IvMO50TTOFI42-3iB5A0047xzRXcrrXGzJPiFmAG_qjj98PYv5tL24gYyE4J1zArqc-qv6A1-cOorz5z3kIaexVLcyI600ZBrAzWyR1jrvEhERDejUrdqmWP-U37xhiM6_zWSaXSRmzIQuox0JDEjmkx7cOLqoFiyA-mJFUD9xcKkQ3QqpUL-HA==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=28050f8a-168f-4708-9800-be4637f3f6e9&prev_step_diff=832 | 157.90.94.146 | 301 Moved Permanently | 0 B |
URL GET HTTP/1.1imgsdn.com/ie?v=4&c=KyH1LLqlSsg5hvtfYj_GAQzPLFwE5dfhnbuVjNnI7mTUtanVOwnj2Bh82DXRdAEZ08obnbh0PNyfZYx_-iY-yQsNFPOmNIbHwmvrD3kulVJAtbJYb0lDb4LU7-lpW51nBwxWgUmigdYRA2QZatThnyajNfyionKHCSwQItELhlvpmu7EX-y1H3zJsfuH4tIiRtGDgHwttlNl_8wX71WKgLfVjwVh9hccqrb7e1GmIKotTihs-bLyc0BF6nKgCfgQCN6M_m4IvMO50TTOFI42-3iB5A0047xzRXcrrXGzJPiFmAG_qjj98PYv5tL24gYyE4J1zArqc-qv6A1-cOorz5z3kIaexVLcyI600ZBrAzWyR1jrvEhERDejUrdqmWP-U37xhiM6_zWSaXSRmzIQuox0JDEjmkx7cOLqoFiyA-mJFUD9xcKkQ3QqpUL-HA==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=28050f8a-168f-4708-9800-be4637f3f6e9&prev_step_diff=832 IP157.90.94.146:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectnimrute.com FingerprintFE:11:FD:FB:69:FC:E9:22:01:AE:4B:9D:F5:85:C9:1C:FF:4D:44:D4 ValidityMon, 12 Feb 2024 14:13:04 GMT - Sun, 12 May 2024 14:13:03 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ie?v=4&c=KyH1LLqlSsg5hvtfYj_GAQzPLFwE5dfhnbuVjNnI7mTUtanVOwnj2Bh82DXRdAEZ08obnbh0PNyfZYx_-iY-yQsNFPOmNIbHwmvrD3kulVJAtbJYb0lDb4LU7-lpW51nBwxWgUmigdYRA2QZatThnyajNfyionKHCSwQItELhlvpmu7EX-y1H3zJsfuH4tIiRtGDgHwttlNl_8wX71WKgLfVjwVh9hccqrb7e1GmIKotTihs-bLyc0BF6nKgCfgQCN6M_m4IvMO50TTOFI42-3iB5A0047xzRXcrrXGzJPiFmAG_qjj98PYv5tL24gYyE4J1zArqc-qv6A1-cOorz5z3kIaexVLcyI600ZBrAzWyR1jrvEhERDejUrdqmWP-U37xhiM6_zWSaXSRmzIQuox0JDEjmkx7cOLqoFiyA-mJFUD9xcKkQ3QqpUL-HA==&v1=531&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&st=0.02&cpa=28050f8a-168f-4708-9800-be4637f3f6e9&prev_step_diff=832 HTTP/1.1
Host: imgsdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Fri, 26 Apr 2024 03:13:03 GMT
content-length: 0
location: https://img.vmmcdn.com/get/72566133/551818_icon.png
x-app-id: 13
|
|
| pagead2.googlesyndication.com/pagead/js/adsbygoogle.js | 142.250.74.2 | 200 OK | 51 kB |
URL GET HTTP/2pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP142.250.74.2:443
Requested byhttps://metrolagu.cam/watch?v=B9S8VHPtvsQ CertificateIssuerGoogle Trust Services LLC Subject*.g.doubleclick.net Fingerprint1B:FA:17:60:E2:34:D4:FA:D1:13:08:09:6E:8F:ED:E7:A8:8C:6E:7A ValidityMon, 18 Mar 2024 19:37:13 GMT - Mon, 10 Jun 2024 19:37:12 GMT
File typeJavaScript source, ASCII text, with very long lines (3920) Hash531096a9c361a179089dce2472d4aa86 8902d47c4b22e950f06016e977ca37a13a64e498 9522a0d2787ffda2cb39bd52674adfb4cbe85c0724cc835825d9893b201dbd9a
GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://metrolagu.cam/
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Fri, 26 Apr 2024 03:13:03 GMT
expires: Fri, 26 Apr 2024 03:13:03 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 5063309389682366591
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 51437
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| img.vmmcdn.com/get/21082129/551818_image.jpg | 46.4.121.113 | 200 OK | 12 kB |
URL GET HTTP/2img.vmmcdn.com/get/21082129/551818_image.jpg IP46.4.121.113:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectimg.vmmcdn.com Fingerprint35:E7:50:83:81:F0:56:72:43:78:A5:4D:BF:00:F7:2C:AD:25:0F:C4 ValiditySat, 13 Apr 2024 08:24:46 GMT - Fri, 12 Jul 2024 08:24:45 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 720x480, components 3 Hashee921bcd225785444d8ab128ca1d0941 e92f5588c738df6912e3658d883aeb66b486560b 4da4a312766a4b2e3cb69b5d7188a4b073e757ae350687ac22b3dfa81fccf15c
GET /get/21082129/551818_image.jpg HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.14.1
date: Fri, 26 Apr 2024 03:13:03 GMT
content-type: image/jpeg
content-length: 12075
last-modified: Wed, 27 Mar 2024 08:33:26 GMT
cache-control: public, max-age=604800
etag: "6603d9d6-2f2b"
x-proxy-cache: HIT
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: x-requested-with
access-control-allow-headers: x-requested-with
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| imgsdn.com/ie?v=4&c=GnuBTSa8CGdICQLtGHQdIxt9Nw7VD3-90UWOUQpXq3PkkjQdpnbXrLjmmPssNXXG5-B4AEZZKNulgTFJ9zBTLBA_UWoadVJhyVp24hM78PKfjj3gD4OzGskmnJuILi40JTjE5BohCgRY9rIvZo_59h5krqIWGkaDJXLReMY0vAeCo3OPBYV5HSnheUp8BZV6ggscF2ZV_sOsr6yC2nqd8XC8ldSkcg-lsziCbgfnjlDkCMKaf_X9cxQ7pKnZ19gjrpcrrqEq0HWEd_k2wneEATogqR3h_8jXPMGNlpaUncuB2VIxI-rTjnMZbW2ZHvEAZynFXVczb9oh7YFiFeawkzh9mFscrHqu-wwzmzb4b9RFI0Vti-yuTVucH61ZkQ5n_xfbH13AUonQPBMQGDUEg_riuRfRYHhZqfsE2c6ymz_gdf8=&v1=1427&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.02&cpa=5eb448cf-66af-4f46-b204-2de2fb21fb5f&prev_step_diff=942 | 157.90.94.146 | 301 Moved Permanently | 0 B |
URL GET HTTP/1.1imgsdn.com/ie?v=4&c=GnuBTSa8CGdICQLtGHQdIxt9Nw7VD3-90UWOUQpXq3PkkjQdpnbXrLjmmPssNXXG5-B4AEZZKNulgTFJ9zBTLBA_UWoadVJhyVp24hM78PKfjj3gD4OzGskmnJuILi40JTjE5BohCgRY9rIvZo_59h5krqIWGkaDJXLReMY0vAeCo3OPBYV5HSnheUp8BZV6ggscF2ZV_sOsr6yC2nqd8XC8ldSkcg-lsziCbgfnjlDkCMKaf_X9cxQ7pKnZ19gjrpcrrqEq0HWEd_k2wneEATogqR3h_8jXPMGNlpaUncuB2VIxI-rTjnMZbW2ZHvEAZynFXVczb9oh7YFiFeawkzh9mFscrHqu-wwzmzb4b9RFI0Vti-yuTVucH61ZkQ5n_xfbH13AUonQPBMQGDUEg_riuRfRYHhZqfsE2c6ymz_gdf8=&v1=1427&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.02&cpa=5eb448cf-66af-4f46-b204-2de2fb21fb5f&prev_step_diff=942 IP157.90.94.146:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectnimrute.com FingerprintFE:11:FD:FB:69:FC:E9:22:01:AE:4B:9D:F5:85:C9:1C:FF:4D:44:D4 ValidityMon, 12 Feb 2024 14:13:04 GMT - Sun, 12 May 2024 14:13:03 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ie?v=4&c=GnuBTSa8CGdICQLtGHQdIxt9Nw7VD3-90UWOUQpXq3PkkjQdpnbXrLjmmPssNXXG5-B4AEZZKNulgTFJ9zBTLBA_UWoadVJhyVp24hM78PKfjj3gD4OzGskmnJuILi40JTjE5BohCgRY9rIvZo_59h5krqIWGkaDJXLReMY0vAeCo3OPBYV5HSnheUp8BZV6ggscF2ZV_sOsr6yC2nqd8XC8ldSkcg-lsziCbgfnjlDkCMKaf_X9cxQ7pKnZ19gjrpcrrqEq0HWEd_k2wneEATogqR3h_8jXPMGNlpaUncuB2VIxI-rTjnMZbW2ZHvEAZynFXVczb9oh7YFiFeawkzh9mFscrHqu-wwzmzb4b9RFI0Vti-yuTVucH61ZkQ5n_xfbH13AUonQPBMQGDUEg_riuRfRYHhZqfsE2c6ymz_gdf8=&v1=1427&v2=107563&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.02&cpa=5eb448cf-66af-4f46-b204-2de2fb21fb5f&prev_step_diff=942 HTTP/1.1
Host: imgsdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Fri, 26 Apr 2024 03:13:03 GMT
content-length: 0
location: https://img.vmmcdn.com/get/94066336/551812_icon.png
x-app-id: 13
|
|
| img.vmmcdn.com/get/61863514/551812_image.jpg | 138.201.51.142 | 200 OK | 12 kB |
URL GET HTTP/1.1img.vmmcdn.com/get/61863514/551812_image.jpg IP138.201.51.142:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectimg.vmmcdn.com FingerprintA8:37:00:E2:01:F9:B8:25:04:DA:47:64:57:0E:0B:64:E3:8A:0B:C7 ValidityFri, 12 Apr 2024 20:58:24 GMT - Thu, 11 Jul 2024 20:58:23 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 720x480, components 3 Hashee921bcd225785444d8ab128ca1d0941 e92f5588c738df6912e3658d883aeb66b486560b 4da4a312766a4b2e3cb69b5d7188a4b073e757ae350687ac22b3dfa81fccf15c
GET /get/61863514/551812_image.jpg HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 26 Apr 2024 03:13:03 GMT
Content-Type: image/jpeg
Content-Length: 12075
Connection: keep-alive
Last-Modified: Wed, 27 Mar 2024 08:33:26 GMT
Cache-Control: public, max-age=604800
ETag: "6603d9d6-2f2b"
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Request-Headers: x-requested-with
Access-Control-Allow-Headers: x-requested-with
Accept-Ranges: bytes
|
|
| img.vmmcdn.com/get/72566133/551818_icon.png | 46.4.121.113 | 200 OK | 34 kB |
URL GET HTTP/2img.vmmcdn.com/get/72566133/551818_icon.png IP46.4.121.113:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectimg.vmmcdn.com Fingerprint35:E7:50:83:81:F0:56:72:43:78:A5:4D:BF:00:F7:2C:AD:25:0F:C4 ValiditySat, 13 Apr 2024 08:24:46 GMT - Fri, 12 Jul 2024 08:24:45 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hash6329c4738e4ebbb274922df1387b8355 afcd9b7af3c56fb83be0b21d447362ffc71a0682 c95e786e3da1a8ef7555febaf67aaa8e27edd4660d193fd0528c906b79061b52
GET /get/72566133/551818_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.14.1
date: Fri, 26 Apr 2024 03:13:03 GMT
content-type: image/png
content-length: 34121
last-modified: Wed, 27 Mar 2024 08:33:26 GMT
cache-control: public, max-age=604800
etag: "6603d9d6-8549"
x-proxy-cache: HIT
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: x-requested-with
access-control-allow-headers: x-requested-with
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| img.vmmcdn.com/get/94066336/551812_icon.png | 46.4.121.113 | 200 OK | 16 kB |
URL GET HTTP/2img.vmmcdn.com/get/94066336/551812_icon.png IP46.4.121.113:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectimg.vmmcdn.com Fingerprint35:E7:50:83:81:F0:56:72:43:78:A5:4D:BF:00:F7:2C:AD:25:0F:C4 ValiditySat, 13 Apr 2024 08:24:46 GMT - Fri, 12 Jul 2024 08:24:45 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hash98e46036cc72688816be82af7bb79ca2 a9440b902f5df8848e7dbc751574c9d2684f231c 3cf86dd4a41eb5c8054d74ccbe0dddb4e8949623eb51ed1674c1a676d706d536
GET /get/94066336/551812_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.14.1
date: Fri, 26 Apr 2024 03:13:03 GMT
content-type: image/png
content-length: 15536
last-modified: Wed, 27 Mar 2024 08:33:26 GMT
cache-control: public, max-age=604800
etag: "6603d9d6-3cb0"
x-proxy-cache: HIT
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: x-requested-with
access-control-allow-headers: x-requested-with
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| mcpuwpsh.com/get/ | 94.130.197.240 | 200 OK | 4.0 kB |
IP94.130.197.240:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectpuwpush.com Fingerprint53:1A:81:DB:A5:78:D8:1D:93:BF:BA:0F:71:6B:43:8D:3F:33:58:D1 ValidityFri, 01 Mar 2024 09:39:36 GMT - Thu, 30 May 2024 09:39:35 GMT
Hash155c7995b1ec01b8514a2e1fb244b378 b5431425ddcefca89656b791d550556f72ce53de 13f5ae97379bdee356b9483414d5d2c27a8d7606124691492a67871099dc5205
POST /get/ HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://poop.tax/
Content-Type: text/plain;charset=UTF-8
Content-Length: 958
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.16.0
date: Fri, 26 Apr 2024 03:13:03 GMT
content-type: application/json
content-length: 3990
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| metrolagu.cam/jembud/6a4d397a4b754d64505a72 | 188.114.96.1 | 200 OK | 242 B |
URL GET HTTP/2metrolagu.cam/jembud/6a4d397a4b754d64505a72 IP188.114.96.1:443
Requested byhttps://mp4skin.com/video?q=bohongi+hati CertificateIssuerGoogle Trust Services LLC Subjectmetrolagu.cam Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT
File typeHTML document, ASCII text, with no line terminators Hash2106e0c3e967935fe26b5cebfb28b7e0 f23677824f338348ca539a23df66401584b796e1 bfee57d1232d274d6fb1f2a0697f6fac0e357258472920aff46d3b472f9ca05d
GET /jembud/6a4d397a4b754d64505a72 HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:13:02 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qiW%2BMF7zW07swDDDKChzdjMDcAKzVHyeaPvI7q2Bqp6wya5pYXdr%2B1Q848d4Ajvq1DrvQF31Pnd%2FfCkoQZp9F0jjTd3qrY6jcK2e6pTJzeHy98IyjU2s1MX3sxZqrQKs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3650638d4b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| | 188.114.96.1 | 200 OK | 14 kB |
URL User Request GET HTTP/2IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectpoop.tax FingerprintF2:68:F0:86:8F:82:D1:1E:1B:89:58:BA:03:1E:D6:E4:C5:CB:11:96 ValidityMon, 15 Apr 2024 08:31:29 GMT - Sun, 14 Jul 2024 08:31:28 GMT
File typeHTML document, ASCII text, with very long lines (6447) Hash8ffe99be76391a8b837d01e55ca3548c 5f070d53a42a707be222bd81ae76b12161b40dc4 6c092452d5045a845808a672a920bdb1e4a9760bce6b39cb77e06b4205d74c74
GET /d/rZPdMuKz9Mj HTTP/1.1
Host: poop.tax
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:13:01 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e0skEgW6XNo5BgpiZMq8%2Fz1m6%2B6wsz3LEKWUzVtjXtBISxjac9BG1eOw8gxugJHAgpTmycC0b7IqcweWPnxunmqRMYIyHlA99LWrjXpavSGfMQ95jqKgaCepWA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a364fcefda5694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/play.svg | 188.114.96.1 | 200 OK | 633 B |
URL GET HTTP/2assets.poopcdn.com/play.svg IP188.114.96.1:443
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typeSVG Scalable Vector Graphics image Hashfa7e52a78c2db6968656093b3b4f6266 d3c582a7ce14bbe3f2e3a486e8e038d7ccbdfc6a 3ba523164e3d24ae32abd260e3728d4418e4720f145e0571acac76c42e81d3cb
GET /play.svg HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:13:01 GMT
content-type: image/svg+xml
etag: W/"85f08506e5a64050719e7e18a26cd9c4"
last-modified: Thu, 14 Mar 2024 17:17:30 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6614
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q3o7gPVxj9hvNGi4YUQxaw0J11IrpbGoQQRWhQhUNkOps08U9g1aS2WTWAow6Zgy3JQGn6g3nZ7HQs6Fj%2BtFfNkcm3PWqYz7XGoEzorfRSx467cNGKOZySF4ApinoPonflOuPaQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a365012aa81c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/embed2.css | 188.114.96.1 | 200 OK | 2.3 kB |
URL GET HTTP/2assets.poopcdn.com/embed2.css IP188.114.96.1:443
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typeASCII text, with very long lines (2279), with no line terminators Hashf966df8b666f4e6af52c4c5972958a8d 59c598587c742cdd8211376b6a124c27a6a2dc52 943cf282560a6d9565816a7feeaa67cb91804127cf2d34686c932039bec26622
GET /embed2.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:13:01 GMT
content-type: text/css
etag: W/"504eba00908d13eb47133d1f92f8048a"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6615
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WUrL5GGT%2BZ664IiZjd96ufzDdlKZ5qudNSgr3nxilRkxvQ5tZ9cR46cVa%2Fgb3cMehRFb7z91gEncuoVICWhzKByATj5knHHN3vD5WMYtk4DTm36MU3fFEPXg7FUsfS8xhKsEU1I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a364fffa6f1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| metrolagu.cam/adus.js | 188.114.96.1 | 200 OK | 547 B |
IP188.114.96.1:443
Requested byhttps://metrolagu.cam/watch?v=B9S8VHPtvsQ CertificateIssuerGoogle Trust Services LLC Subjectmetrolagu.cam Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT
File typeASCII text, with very long lines (569), with no line terminators Hash3346424e49a2fc4b5eade5e8a02a6f1a 24378e0d3a1993f796055595e8c9aaf982ff1677 4ac1d2df0841732703e7c99b70296ee90e06bf157546b612ba488bfd7fee573a
GET /adus.js HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/watch?v=B9S8VHPtvsQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:13:03 GMT
content-type: application/javascript
last-modified: Mon, 08 Apr 2024 10:19:48 GMT
etag: W/"6613c4c4-223"
expires: Fri, 26 Apr 2024 08:13:11 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 25192
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iJ0TEv894FqjSPz%2BzVyWYxacyt3Jg8gYQ84PnOf3Y55rWMoXfybEVptSNlp7HcRbEt1t7Fd%2F4dcRmb0qeTiolyw15DESz7LVEhAtT9IiTLT4bRLMj8ucU5QVqCDNSqP%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3650a7ed7b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fikedaquabib.com/rotaInGRWQGA24/64343 | 188.42.247.196 | 200 OK | 0 B |
URL GET HTTP/1.1fikedaquabib.com/rotaInGRWQGA24/64343 IP188.42.247.196:443
Requested byhttps://metrolagu.cam/watch?v=B9S8VHPtvsQ CertificateIssuerLet's Encrypt Subjectfikedaquabib.com FingerprintB2:55:98:8B:5C:B3:05:1D:91:A5:02:43:2D:0B:18:86:4D:1E:E9:38 ValidityThu, 28 Mar 2024 23:27:44 GMT - Wed, 26 Jun 2024 23:27:43 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /rotaInGRWQGA24/64343 HTTP/1.1
Host: fikedaquabib.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 03:13:03 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://metrolagu.cam
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sat, 27-Apr-2024 03:13:03 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sat, 27-Apr-2024 03:13:03 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| img.cdn.house/i/1/8O86VYWTdffqhrUtDy-mchLtmrmmfVixxlBl2wCx2pGLd-003YAYU5BNnoVx_ppusOdtugcKsrVYYoIkejy5yjRXlm1aFEjzne-iY-cQS79f114-cS5e25bzRrpcqT71A0PWsUdTCHvsUQPqJzmj3ljOi6e6DCYLiuD1QeVkATAsAyRrH03lQan0wEzS0_qe | 178.63.83.79 | 200 OK | 3.8 kB |
URL GET HTTP/2img.cdn.house/i/1/8O86VYWTdffqhrUtDy-mchLtmrmmfVixxlBl2wCx2pGLd-003YAYU5BNnoVx_ppusOdtugcKsrVYYoIkejy5yjRXlm1aFEjzne-iY-cQS79f114-cS5e25bzRrpcqT71A0PWsUdTCHvsUQPqJzmj3ljOi6e6DCYLiuD1QeVkATAsAyRrH03lQan0wEzS0_qe IP178.63.83.79:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectimg.cdn.house Fingerprint98:AC:05:29:31:CD:6B:03:04:7D:9B:28:08:AA:B1:09:56:1A:CA:30 ValidityThu, 21 Mar 2024 10:50:12 GMT - Wed, 19 Jun 2024 10:50:11 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 192x192, Scaling: [none]x[none], YUV color, decoders should clamp Hash1a1f2a5a03a4b73b5f4aea2c97f0d7af 5c7040376db1f4b23d544c8b557379953d635f58 970c680d5d55f928c2104fcdf34770b580e4e4d56a5958a514dcd3ac585da2a0
GET /i/1/8O86VYWTdffqhrUtDy-mchLtmrmmfVixxlBl2wCx2pGLd-003YAYU5BNnoVx_ppusOdtugcKsrVYYoIkejy5yjRXlm1aFEjzne-iY-cQS79f114-cS5e25bzRrpcqT71A0PWsUdTCHvsUQPqJzmj3ljOi6e6DCYLiuD1QeVkATAsAyRrH03lQan0wEzS0_qe HTTP/1.1
Host: img.cdn.house
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 03:13:03 GMT
content-type: image/webp
content-length: 3804
last-modified: Sun, 21 Jan 2024 10:29:59 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js | 104.17.24.14 | 200 OK | 90 kB |
URL GET HTTP/3cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js IP104.17.24.14:443
Requested byhttps://metrolagu.cam/watch?v=B9S8VHPtvsQ CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hashdc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:13:03 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1419
expires: Wed, 16 Apr 2025 03:13:03 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9R9yaVe29W%2B%2By4czRj2X2ybTRHKQ5nr7lfEZBNSEcQR8B952hm6nARthQnGY1FbUy26l4lIQ%2Fp6S%2BSf5qHJSeSmjpkSOzq9cVW%2B4KBqkd8ZFlO8Hq6oBfx7kbe3zTH00Je1%2F%2BHRB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87a3650acec60b51-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cf9c86d5de.f33207dc6c.com/0d1d1d0ae3f06d802747776c90722fd4.js | 45.133.44.52 | 200 OK | 470 kB |
URL GET HTTP/2cf9c86d5de.f33207dc6c.com/0d1d1d0ae3f06d802747776c90722fd4.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectcf9c86d5de.f33207dc6c.com Fingerprint07:43:06:4D:DB:B9:3C:31:4D:0B:61:89:FB:65:A1:AA:78:A1:36:FD ValidityTue, 23 Apr 2024 02:30:49 GMT - Mon, 22 Jul 2024 02:30:48 GMT
Size470 kB (470121 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /0d1d1d0ae3f06d802747776c90722fd4.js HTTP/1.1
Host: cf9c86d5de.f33207dc6c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:13:02 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 12:49:54 GMT
etag: W/"661e73f2-72c69"
content-encoding: gzip
expires: Fri, 26 Apr 2024 03:18:02 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| storage.multstorage.com/log/count.html | 104.21.30.242 | 200 OK | 882 B |
URL GET HTTP/2storage.multstorage.com/log/count.html IP104.21.30.242:443
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerGoogle Trust Services LLC Subjectmultstorage.com Fingerprint63:F0:24:29:21:22:E5:42:33:61:B5:20:05:1B:EF:36:81:F5:7B:0A ValiditySun, 17 Mar 2024 08:38:54 GMT - Sat, 15 Jun 2024 08:38:53 GMT
File typeHTML document, ASCII text, with very long lines (919), with no line terminators Hash053b1fe641da8057571d40ebaf1624ab 09b2648b7d08c84621298f0b939cea5170a65022 6606334874a3edb8295831f41d3684433e4553ffe0a72e58c90926e00f39c6a4
GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:13:02 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: 917a9a51806e8a23233f7f064dee11a7
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w%2Fmd2zktPXq1p3ADshd7mfT8q7K38zDB0D27CFwOIHx%2Fb6iQAvXtnNjQphpBZ9R0%2BRMQH%2BFtmTyS%2BK9bjZIygMkTRJGaCwIQPa%2BKsTNs5u4r06AJS3QQXupjj3zBsSbVNYMMBKF8TiGqEg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a36503b957b51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| mp4skin.com/embud/6a4d397a4b754d64505a72 | 188.114.96.1 | 200 OK | 242 B |
URL GET HTTP/2mp4skin.com/embud/6a4d397a4b754d64505a72 IP188.114.96.1:443
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerGoogle Trust Services LLC Subjectmp4skin.com FingerprintD8:5D:D0:B5:E5:A7:78:4E:3F:14:9E:09:7E:35:D8:36:08:F2:5A:0E ValiditySat, 02 Mar 2024 00:24:57 GMT - Fri, 31 May 2024 00:24:56 GMT
File typeHTML document, ASCII text, with no line terminators Hash83ffc15db36c785ac1a673c963fcf015 7fb26688830a107a762c5c7d567fda7fbea28ca7 61bf7ee2633aff9dc365cf6766eb5ed24ed86884368c20d97efbc2cc95f53c57
GET /embud/6a4d397a4b754d64505a72 HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:13:01 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r4NnWH2cYldB1LYHCZs8ZVMTv1F0zDqS9m7fDphZoLwPXu9s%2FEdJ0%2FhNi5sl2eODPh6k8x52gWB7z3ITH%2FEiphqY4fnvcfgCAZoCQ8VryUtkx8D5XrQIy%2FLW8vIbXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3650178e0b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/bootstrap.min.css | 188.114.96.1 | 200 OK | 209 kB |
URL GET HTTP/2assets.poopcdn.com/bootstrap.min.css IP188.114.96.1:443
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typeASCII text, with very long lines (625) Size209 kB (208810 bytes) Hash3ad35d9c124d6c7d13f776dde0df9286 1bfc432b338ca01be6b05ab8e87f4a63caa8d82b 10c142c79bbbfe42ce677eedeee70f918de0e759feabc175f423543aee886a6b
GET /bootstrap.min.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:13:01 GMT
content-type: text/css
etag: W/"3ad35d9c124d6c7d13f776dde0df9286"
last-modified: Thu, 14 Mar 2024 17:13:03 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6699
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S650nDT65yGdPlEDKrp2fpqsnKctSZYlX%2FeZdykzPZQ8ooAF%2FqXqRSWVan0PY%2Bprmch4yjS5d65u91gNqdFsZAaoiERacF3g2s342TAiTR7W1AHqqn%2BFrAMxYYqiqvduT2D6LfA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a364fffa6d1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cf9c86d5de.f33207dc6c.com/1db907bfe28934810665eeb126926cf9.js | 45.133.44.52 | 200 OK | 97 kB |
URL GET HTTP/2cf9c86d5de.f33207dc6c.com/1db907bfe28934810665eeb126926cf9.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectcf9c86d5de.f33207dc6c.com Fingerprint07:43:06:4D:DB:B9:3C:31:4D:0B:61:89:FB:65:A1:AA:78:A1:36:FD ValidityTue, 23 Apr 2024 02:30:49 GMT - Mon, 22 Jul 2024 02:30:48 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /1db907bfe28934810665eeb126926cf9.js HTTP/1.1
Host: cf9c86d5de.f33207dc6c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:13:02 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 14:24:01 GMT
etag: W/"661e8a01-17ae8"
content-encoding: gzip
expires: Fri, 26 Apr 2024 03:18:02 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| img.cdn.house/i/1/kT8z-At09ONA8JuN-kghP3z59sDLHxw4iv9WL5fhgEojX3APEyawPJEOw6cUiH8-V2j820atB1JhRagaH8Z5GLXM7811TrStSJ5ZMjzMjzDVrpJ4YrzBE9z3mCrg6LFJEs6f53L64H-JX4Tl8jnCRI8K304hGBhH5CDYFo8K4DNrM2-SgW7nZd9jgPesPhUN | 178.63.83.79 | 200 OK | 3.8 kB |
URL GET HTTP/2img.cdn.house/i/1/kT8z-At09ONA8JuN-kghP3z59sDLHxw4iv9WL5fhgEojX3APEyawPJEOw6cUiH8-V2j820atB1JhRagaH8Z5GLXM7811TrStSJ5ZMjzMjzDVrpJ4YrzBE9z3mCrg6LFJEs6f53L64H-JX4Tl8jnCRI8K304hGBhH5CDYFo8K4DNrM2-SgW7nZd9jgPesPhUN IP178.63.83.79:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectimg.cdn.house Fingerprint98:AC:05:29:31:CD:6B:03:04:7D:9B:28:08:AA:B1:09:56:1A:CA:30 ValidityThu, 21 Mar 2024 10:50:12 GMT - Wed, 19 Jun 2024 10:50:11 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 192x192, Scaling: [none]x[none], YUV color, decoders should clamp Hash1a1f2a5a03a4b73b5f4aea2c97f0d7af 5c7040376db1f4b23d544c8b557379953d635f58 970c680d5d55f928c2104fcdf34770b580e4e4d56a5958a514dcd3ac585da2a0
GET /i/1/kT8z-At09ONA8JuN-kghP3z59sDLHxw4iv9WL5fhgEojX3APEyawPJEOw6cUiH8-V2j820atB1JhRagaH8Z5GLXM7811TrStSJ5ZMjzMjzDVrpJ4YrzBE9z3mCrg6LFJEs6f53L64H-JX4Tl8jnCRI8K304hGBhH5CDYFo8K4DNrM2-SgW7nZd9jgPesPhUN HTTP/1.1
Host: img.cdn.house
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 03:13:03 GMT
content-type: image/webp
content-length: 3804
last-modified: Sun, 21 Jan 2024 10:29:59 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| metrolagu.cam/embed.css | 188.114.96.1 | 200 OK | 1.1 kB |
IP188.114.96.1:443
Requested byhttps://metrolagu.cam/watch?v=B9S8VHPtvsQ CertificateIssuerGoogle Trust Services LLC Subjectmetrolagu.cam Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT
File typeASCII text, with very long lines (1145), with no line terminators Hash69c7d11151f7c8da1183e16ec826fd58 e20f5a01a0e67b7e5a8966ef0e36894ffa1e7ecf 360cdfd896a7ee8339aa947d0ea0457e3463ec025f989ef2e683c1ea4719d7d1
GET /embed.css HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/watch?v=B9S8VHPtvsQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:13:03 GMT
content-type: text/css
last-modified: Thu, 28 Sep 2023 15:07:59 GMT
vary: Accept-Encoding
etag: W/"651596cf-446"
expires: Fri, 26 Apr 2024 08:13:11 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 25192
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZlFk7m8QcPQNQqdbDov8XCGzaVI7zvdh%2FHTPFBRTUjr1ZoXxps0ZMEMdl%2BORV3%2BfgrTHKOzNalIXMcCuv25SMXEELUroDsAUJ9D5vNdY3xl5hErd8%2BuhtMwK8mPU0tcQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a3650a7ed6b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| assets.poopcdn.com/style.css | 188.114.96.1 | 200 OK | 259 kB |
URL GET HTTP/2assets.poopcdn.com/style.css IP188.114.96.1:443
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
Size259 kB (259373 bytes) Hashf94acf4d0db64b4a710fc6fce3bc2a49 63753e2bb0367b37084eba7690d9fb752667ecd3 f4c109f2e81af1df1cf0c41934f699fa249176cb27c7b554d3bc664c89fc1340
GET /style.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:13:01 GMT
content-type: text/css
etag: W/"f94acf4d0db64b4a710fc6fce3bc2a49"
last-modified: Thu, 14 Mar 2024 17:13:04 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6699
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bga2K0kKMP8%2BRSA9PBHQH6Y%2FslxXoS8Cvw6ytN8QpBbbssQbRCOjnv9K863M%2Bfhn9eZZkTHrYB2DY%2FMxrPKuxSLQGuMoQ2spPxp3C5sEGJxpBImq%2BuZMNXsw43XBHtjtsUbhR3k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a364fffa711c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| metrolagu.cam/play.svg | 188.114.96.1 | 200 OK | 633 B |
IP188.114.96.1:443
Requested byhttps://metrolagu.cam/watch?v=B9S8VHPtvsQ CertificateIssuerGoogle Trust Services LLC Subjectmetrolagu.cam Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT
File typeSVG Scalable Vector Graphics image Hashfa7e52a78c2db6968656093b3b4f6266 d3c582a7ce14bbe3f2e3a486e8e038d7ccbdfc6a 3ba523164e3d24ae32abd260e3728d4418e4720f145e0571acac76c42e81d3cb
GET /play.svg HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/embed.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:13:03 GMT
content-type: image/svg+xml
last-modified: Thu, 21 Sep 2023 10:51:20 GMT
etag: W/"650c2028-279"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5659
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FXTloaomOI%2Fy7XHcQnfV7dIgt9%2Bjw7J443d10kvPE3bXB9JWWLyGDRNuaYnANR4CxIV4NER26ZXK%2BLZ%2FUdQtFbB4wBQ9%2BxQYyphZ0cA2QGepH1qhcMA2QR6W0YgR4Dy1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a3650b7f14b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| mp4skin.com/video?q=bohongi+hati | 188.114.96.1 | 200 OK | 633 B |
URL POST HTTP/3mp4skin.com/video?q=bohongi+hati IP188.114.96.1:443
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerGoogle Trust Services LLC Subjectmp4skin.com FingerprintD8:5D:D0:B5:E5:A7:78:4E:3F:14:9E:09:7E:35:D8:36:08:F2:5A:0E ValiditySat, 02 Mar 2024 00:24:57 GMT - Fri, 31 May 2024 00:24:56 GMT
File typeHTML document, ASCII text, with very long lines (672), with no line terminators Hashf18bf9d3dfc3d3c31945126d7b9102ff 6643f7c116d6054415ca4bb1e7a529dd2fa598db 4ac8a5d15688d98af706c7dd7d305789c6c1907661c0b2f2d15582e17577990e
POST /video?q=bohongi+hati HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/embud/6a4d397a4b754d64505a72
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 03:13:02 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bl6NHgFb7XpvKi%2BgI8bzGR2kaFsrd4W6SCGpcxi%2BNuMMzRgffhdUUHNzB5NmjF3HD4gqoKNPUhQ7DM%2FGpb1Vf0drRBs5Bpz%2B1g9nk7wtC3v8MMgr0CZ5dHG16WCmKA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a36503bc38b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| cf9c86d5de.f33207dc6c.com/0d1d1d0ae3f06d802747776c90722fd4.js | 45.133.44.52 | 200 OK | 470 kB |
URL GET HTTP/2cf9c86d5de.f33207dc6c.com/0d1d1d0ae3f06d802747776c90722fd4.js IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectcf9c86d5de.f33207dc6c.com Fingerprint07:43:06:4D:DB:B9:3C:31:4D:0B:61:89:FB:65:A1:AA:78:A1:36:FD ValidityTue, 23 Apr 2024 02:30:49 GMT - Mon, 22 Jul 2024 02:30:48 GMT
Size470 kB (470121 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /0d1d1d0ae3f06d802747776c90722fd4.js HTTP/1.1
Host: cf9c86d5de.f33207dc6c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:13:02 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 12:49:54 GMT
etag: W/"661e73f2-72c69"
content-encoding: gzip
expires: Fri, 26 Apr 2024 03:18:02 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| meenetiy.com/?rb=4pIHNuC-qc7mE70SpTq96KkCTeyNa8zzUauGNDYmJMgQQ6GxB_Z5Sf2I-SodfTKKmx4W4S4_KVT_hBiz_gKboR-o9J1WLljTj4b7kACKTstj_x5fDSSKE8dNUaJJLDWNV9HrHdd8YHTm0WDKkOtUj7dFEIhjLsDj7V7zJwUpwKjuE8R9QSVIOaDX4jOV9tr93IXTy1jXK-oJGG_B3vl_p7_WrR366La2kz7hZqkwJjQJkj9CZ_FukBWjmmFKRV97dg5Hg9ZHmmw%3D&request_ab2=131251&zoneid=6678850&js_build=iclick-v1.782.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fmp4skin.com%2Fvideo%3Fq%3Dbohongi%2Bhati&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2F6a4d397a4b754d64505a72&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.782.0&navlng=en-US&pnt=0&pnrc=0&wasm=1&bs=6daa8226-1f4c-4b69-80c5-31bd98ca6898&userId=08004a1932454388e3b5c49bd47b4221&m=link | 139.45.197.245 | 200 OK | 3.0 kB |
URL GET HTTP/2meenetiy.com/?rb=4pIHNuC-qc7mE70SpTq96KkCTeyNa8zzUauGNDYmJMgQQ6GxB_Z5Sf2I-SodfTKKmx4W4S4_KVT_hBiz_gKboR-o9J1WLljTj4b7kACKTstj_x5fDSSKE8dNUaJJLDWNV9HrHdd8YHTm0WDKkOtUj7dFEIhjLsDj7V7zJwUpwKjuE8R9QSVIOaDX4jOV9tr93IXTy1jXK-oJGG_B3vl_p7_WrR366La2kz7hZqkwJjQJkj9CZ_FukBWjmmFKRV97dg5Hg9ZHmmw%3D&request_ab2=131251&zoneid=6678850&js_build=iclick-v1.782.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fmp4skin.com%2Fvideo%3Fq%3Dbohongi%2Bhati&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2F6a4d397a4b754d64505a72&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.782.0&navlng=en-US&pnt=0&pnrc=0&wasm=1&bs=6daa8226-1f4c-4b69-80c5-31bd98ca6898&userId=08004a1932454388e3b5c49bd47b4221&m=link IP139.45.197.245:443
Requested byhttps://mp4skin.com/video?q=bohongi+hati CertificateIssuerLet's Encrypt Subjectmeenetiy.com FingerprintCF:74:81:D1:53:E3:14:54:77:B9:F7:ED:98:86:46:15:CD:EC:85:20 ValidityThu, 08 Feb 2024 05:28:25 GMT - Wed, 08 May 2024 05:28:24 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (3040), with no line terminators Hash706934d8c2d6413b4589d46fb51fffa5 1969628343210e8a7372943933e6d7da2c4ba26f 9929e187c1376bf7f3a689cc807f2ab7f21152685c55edfbb85ac94642b13b87
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?rb=4pIHNuC-qc7mE70SpTq96KkCTeyNa8zzUauGNDYmJMgQQ6GxB_Z5Sf2I-SodfTKKmx4W4S4_KVT_hBiz_gKboR-o9J1WLljTj4b7kACKTstj_x5fDSSKE8dNUaJJLDWNV9HrHdd8YHTm0WDKkOtUj7dFEIhjLsDj7V7zJwUpwKjuE8R9QSVIOaDX4jOV9tr93IXTy1jXK-oJGG_B3vl_p7_WrR366La2kz7hZqkwJjQJkj9CZ_FukBWjmmFKRV97dg5Hg9ZHmmw%3D&request_ab2=131251&zoneid=6678850&js_build=iclick-v1.782.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fmp4skin.com%2Fvideo%3Fq%3Dbohongi%2Bhati&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2F6a4d397a4b754d64505a72&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.782.0&navlng=en-US&pnt=0&pnrc=0&wasm=1&bs=6daa8226-1f4c-4b69-80c5-31bd98ca6898&userId=08004a1932454388e3b5c49bd47b4221&m=link HTTP/1.1
Host: meenetiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mp4skin.com/
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Cookie: OAID=08004a1932454388e3b5c49bd47b4221; oaidts=1714101182; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 26 Apr 2024 03:13:02 GMT
content-type: application/json
x-trace-id: 220a131df2422be0cf88e4dd60c11bfa
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://mp4skin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=08004a1932454388e3b5c49bd47b4221; expires=Sat, 26 Apr 2025 03:13:02 GMT; path=/; secure; SameSite=None
oaidts=1714101182; expires=Sat, 26 Apr 2025 03:13:02 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Fri, 03 May 2024 03:13:02 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| cf9c86d5de.f33207dc6c.com/1e6048537fd0bf07420ace8536306a3b/114039?version_name=b | 45.133.44.52 | 200 OK | 3.3 kB |
URL GET HTTP/2cf9c86d5de.f33207dc6c.com/1e6048537fd0bf07420ace8536306a3b/114039?version_name=b IP45.133.44.52:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerLet's Encrypt Subjectcf9c86d5de.f33207dc6c.com Fingerprint07:43:06:4D:DB:B9:3C:31:4D:0B:61:89:FB:65:A1:AA:78:A1:36:FD ValidityTue, 23 Apr 2024 02:30:49 GMT - Mon, 22 Jul 2024 02:30:48 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (3671), with no line terminators Hash54a6cb1b28c3199525dce68269e5d945 9557dfd41d6c6e51a253fbec59b88304e437c949 325c1416a27cb79d3a51ce3411ade88d997d72d8de5ac3b98cf4ea33b311af6a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /1e6048537fd0bf07420ace8536306a3b/114039?version_name=b HTTP/1.1
Host: cf9c86d5de.f33207dc6c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 03:13:01 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Fri, 26 Apr 2024 03:18:01 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap | 142.250.74.106 | 200 OK | 18 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap IP142.250.74.106:443
Requested byhttps://poop.tax/d/rZPdMuKz9Mj CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2 ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT
Hash942d6c103643a3b457d90844f34a9b37 e2594da697f0082ee92f0f1d9b163aed142e09e7 654ba530c9e174b31735ff3b7a9cb8399c9c142e7572046eefd3f90b253f4b54
GET /css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Apr 2024 03:13:01 GMT
date: Fri, 26 Apr 2024 03:13:01 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|