| cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js | 104.17.24.14 | 200 OK | 28 kB |
URL GET HTTP/2cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js IP104.17.24.14:443
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hash220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:44:59 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 35839
expires: Tue, 15 Apr 2025 07:44:59 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=edpNX%2F%2BOh8pSzL%2BPJKBuv7Lb9kTxeJdix3%2FGzj9Vb8GUQnMwsSLF0qU%2FKRfaWh9nCdhbc5T%2B%2FgHfhS4kYbLsI7Vla6p03RqgzYvw%2ByG%2BPMkSDKx1Yag7zNygVG3UBE9Sy9T1Gcbd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 879cb6064984b4f1-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-RRBBHD087X | 142.250.74.168 | 200 OK | 101 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=G-RRBBHD087X IP142.250.74.168:443
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT
File typeJavaScript source, ASCII text, with very long lines (5945) Size101 kB (100610 bytes) Hash393c9cd20c6a7b8dc3880f0a521d40a1 0d00fc1c4e7cb05a961fbb83b3f3d24c7cc9d69a 8ff406bbbe3650cbf3684872a3dedcc3d5fe8763d274bb65ffbd6b6ab690b280
GET /gtag/js?id=G-RRBBHD087X HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 25 Apr 2024 07:44:59 GMT
expires: Thu, 25 Apr 2024 07:44:59 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 100610
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| img.doodcdn.co/snaps/83dmajl798m59d3u.jpg | 104.26.7.74 | 200 OK | 25 kB |
URL GET HTTP/3img.doodcdn.co/snaps/83dmajl798m59d3u.jpg IP104.26.7.74:443
Requested byhttps://metrolagu.cam/watch?v=uumh7vKfruE CertificateIssuerCloudflare, Inc. Subjectdoodcdn.co Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3 ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 404x720, components 3 Hash154a171a4f01fa24f2bb2273aba4e6ea b05f751a9bd84a5a7335d4ea92903a84d6cf7dbc 583df97f1b439b30f6f91997cb99ac74ad68f31faedcaafadcf66e188694e0e2
GET /snaps/83dmajl798m59d3u.jpg HTTP/1.1
Host: img.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:45:00 GMT
content-type: image/jpeg
content-length: 24921
access-control-allow-origin: *
cache-control: max-age=1209600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=25165
etag: "66177b48-624d"
expires: Wed, 08 May 2024 20:47:08 GMT
last-modified: Thu, 11 Apr 2024 05:55:20 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z5kMncv9rkRPJVFL2fx0ZZr6CsIVYBVuZrWNop%2F%2Bd50gqcRuRdlcpf1jqcS9cq9YzF%2F2Q3GMys3zXjijC7SaJ3WePm9t5XeniyAERVJGikEoN7a9nUHPgluK9uiBHcEO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb606aca50b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/fonts/avertastd-regular-webfont.woff2 | 188.114.96.1 | 200 OK | 24 kB |
URL GET HTTP/2assets.poopcdn.com/fonts/avertastd-regular-webfont.woff2 IP188.114.96.1:443
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 23812, version 1.524 Hasheb586e5a1b86dbf1c866e3ed80f9d18e 280ee78d19c017ab9335f769595e5157d3c4a343 714e70103deac0d67f52a6285c5fabee6088ce4d710ce7e74353503837038baf
GET /fonts/avertastd-regular-webfont.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:45:00 GMT
content-type: font/woff2
content-length: 23812
access-control-allow-origin: https://poop.tax
etag: "eb586e5a1b86dbf1c866e3ed80f9d18e"
last-modified: Thu, 14 Mar 2024 17:32:25 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 850
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IjPYU%2B7%2F9gqX6bfEIccywuqFErX62Krt%2F79IX6Tv%2FfGvwedNtjnaD%2BD%2BzKFZ21NzuwUdewZVbN8qu4eTltWrc%2BVV%2Bqs5UzQGUqBal9Dy%2F2fDjDw9WGdFjfaGtL3n2adqjoA0Lmk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879cb607ca385687-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/fontawesome/webfonts/fa-duotone-900.woff2 | 188.114.96.1 | 200 OK | 184 kB |
URL GET HTTP/2assets.poopcdn.com/fontawesome/webfonts/fa-duotone-900.woff2 IP188.114.96.1:443
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 184476, version 330.-16253 Size184 kB (184476 bytes) Hash2a6dec1227f9970376f578270a642d06 150a6a7ffdec6e2e2ff4c712d7cee8bd9b930284 e228b909313044a18dec1a674cfd4935071c36eb3eb6a0cd38a45afac6ae3996
GET /fontawesome/webfonts/fa-duotone-900.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:45:00 GMT
content-type: font/woff2
content-length: 184476
access-control-allow-origin: https://poop.tax
etag: "2a6dec1227f9970376f578270a642d06"
last-modified: Thu, 14 Mar 2024 17:23:02 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 850
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VbKCRNh0nH%2BvXOFuC%2Bkqe%2Fkz0WGbGEcYygTDn9GVcjyfiRu9lcc1hG%2FfIhChLhGhnGCLd5r8Hyigq4QANcOZRKKD1Wd3clEKkqnfUe9iN8UBL3Le%2FlrOHE7WS1sdWWMMzVUPkrw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879cb607ca395687-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/fonts/avertastd-bold-webfont.woff2 | 188.114.96.1 | 200 OK | 24 kB |
URL GET HTTP/2assets.poopcdn.com/fonts/avertastd-bold-webfont.woff2 IP188.114.96.1:443
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 23604, version 1.0 Hashe9133fd11f14c09a2e4556c395a0ef7d 00fad09605f3342df5c9aeba130156fe19ade8b0 06244cc9cd0c998581b1bf93f5222deee7d2d0b09299190e163961afa973ba91
GET /fonts/avertastd-bold-webfont.woff2 HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Referer: https://assets.poopcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:45:00 GMT
content-type: font/woff2
content-length: 23604
access-control-allow-origin: https://poop.tax
etag: "e9133fd11f14c09a2e4556c395a0ef7d"
last-modified: Thu, 14 Mar 2024 17:32:22 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 850
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jV4Zup4fezLEUfekofSLnWBMA70H7mhJpB3PNjnXPz%2BlEGcb3pCmy1gL8RSjoyDeA%2Fq2PJWDC3v%2FJNY67irV9aDf%2FkJfzzMe9xeqaqSNgYXA2nUz5OQ%2BmdhsvNCohyDGH4urOK8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879cb607da3a5687-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/apple-touch-icon.png | 188.114.96.1 | 200 OK | 2.8 kB |
URL GET HTTP/2assets.poopcdn.com/apple-touch-icon.png IP188.114.96.1:443
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typePNG image data, 180 x 180, 8-bit colormap, non-interlaced Hashe4acc3f05da8195dfa02a437c8b2dba2 f23df2ed14e5d52417b155ccd11187f3250861dc 8b520e4032a17a3fb0410c6e4c7da29f182ca06861aa2d64db1969927e2db0d4
GET /apple-touch-icon.png HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:45:00 GMT
content-type: image/png
content-length: 2766
etag: "e4acc3f05da8195dfa02a437c8b2dba2"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6179
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MGGdOv5kE0biAFJSlTxdSAj1eVXAH9o%2FVbFNFDmz2pFrYvNRITPk%2FF9IbXBREpLmc3yrzxsTXUU8Rmb44xATJ0i4X228JfVZUuppbvY63BAwzBAlUT8ZqdgJDMT8cUqOjFrtZXw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879cb6089ad55687-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/favicon-16x16.png | 188.114.96.1 | 200 OK | 612 B |
URL GET HTTP/2assets.poopcdn.com/favicon-16x16.png IP188.114.96.1:443
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hashac008ea155d4beee1e93247d7434c77d f8ea94e94e0cc310202a517a9c445c3d70af564e 283e092dad794fdd9212249389fb2acb6d6846f332413ab2af7bbcced9a4957e
GET /favicon-16x16.png HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:45:00 GMT
content-type: image/png
content-length: 612
etag: "ac008ea155d4beee1e93247d7434c77d"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kCWPvRl4%2BU57kySSyB%2BMp9ji3OqUf%2Bnw2C8Tq4xwg2C%2FaRWsXy0L5e5FGgPU8cpwjB%2Bq9q14lzc%2BDlRjdDowcDbkj68H%2Fr7B6DWJiXhrOXZpZIhfHeW6u2GRGyJ9LtfVABWDanY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879cb6089ad75687-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fp.metricswpsh.com/fp?tag_id=114039 | 157.90.84.242 | 200 OK | 0 B |
URL POST HTTP/1.1fp.metricswpsh.com/fp?tag_id=114039 IP157.90.84.242:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.tax/
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Thu, 25 Apr 2024 07:45:00 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://poop.tax
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
|
|
| assets.poopcdn.com/play.svg | 188.114.96.1 | 200 OK | 337 B |
URL GET HTTP/2assets.poopcdn.com/play.svg IP188.114.96.1:443
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typeSVG Scalable Vector Graphics image Hash85f08506e5a64050719e7e18a26cd9c4 cda07433539f1346406e7dde1a92ea6346d593d7 b6280b025f54d1e117f8515da139cc3d7c64955a5342fd81498431578336dd08
GET /play.svg HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:45:00 GMT
content-type: image/svg+xml
etag: W/"85f08506e5a64050719e7e18a26cd9c4"
last-modified: Thu, 14 Mar 2024 17:17:30 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2236
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hBsCsS6fffNdT4vZMG6ZM%2FKacGXijn%2BaT5cv3ISmjQggWvYQ8jKPkqvPZ8xjCN1Mfc59I504VvPrII8hO97bvIks5yqUhkUy7AEIJAU9J6FaEHmr4Bt9USm09gUqWfNPD1b9uZM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879cb607ca335687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fp.metricswpsh.com/fp?tag_id=114039 | 157.90.84.242 | 200 OK | 58 B |
URL POST HTTP/1.1fp.metricswpsh.com/fp?tag_id=114039 IP157.90.84.242:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hash87385fcd2a67fc74d2fa67366ba68ea2 a604cdbb1d31ce257e8643eee9219c9c724c200c 9307cbb21345500294eae459b18a8ffb2bd2fcccd928a09efbc1e324fa9c9995
POST /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1836
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 25 Apr 2024 07:45:00 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://poop.tax
Set-Cookie: id=14664774012150894406; Expires=Fri, 25 Apr 2025 07:45:00 GMT; Secure; SameSite=None
Vary: Origin
|
|
| nereserv.com/in/dip?site=native-push&wl=1&event_id=67f67f5e-fdf3-4434-916e-9fe0e133b38c&subid=388464194&sid=251536434&spot_id=418776&created_at=2024-04-25&timezone=0&ver=8.158.1&is_native=1 | 157.90.84.246 | 200 OK | 0 B |
URL GET HTTP/2nereserv.com/in/dip?site=native-push&wl=1&event_id=67f67f5e-fdf3-4434-916e-9fe0e133b38c&subid=388464194&sid=251536434&spot_id=418776&created_at=2024-04-25&timezone=0&ver=8.158.1&is_native=1 IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=67f67f5e-fdf3-4434-916e-9fe0e133b38c&subid=388464194&sid=251536434&spot_id=418776&created_at=2024-04-25&timezone=0&ver=8.158.1&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 25 Apr 2024 07:45:00 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| nereserv.com/in/dip?site=native-push&wl=1&event_id=6a692830-49fd-4538-a498-48b9f9d6197b&subid=357529620&sid=1332750930&spot_id=418774&created_at=2024-04-25&timezone=0&ver=8.158.1&is_native=1 | 157.90.84.246 | 200 OK | 0 B |
URL GET HTTP/2nereserv.com/in/dip?site=native-push&wl=1&event_id=6a692830-49fd-4538-a498-48b9f9d6197b&subid=357529620&sid=1332750930&spot_id=418774&created_at=2024-04-25&timezone=0&ver=8.158.1&is_native=1 IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subjectnotification.tubecup.net Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20 ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=6a692830-49fd-4538-a498-48b9f9d6197b&subid=357529620&sid=1332750930&spot_id=418774&created_at=2024-04-25&timezone=0&ver=8.158.1&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 25 Apr 2024 07:45:00 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| ef919a7d9f.30f6a0aa8e.com/in/multy | 157.90.84.246 | 200 OK | 0 B |
URL POST HTTP/2ef919a7d9f.30f6a0aa8e.com/in/multy IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subject30f6a0aa8e.com Fingerprint16:29:00:E5:6C:60:6C:43:65:A5:C4:9B:4C:95:FF:C8:99:55:70:92 ValiditySun, 21 Apr 2024 14:01:53 GMT - Sat, 20 Jul 2024 14:01:52 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /in/multy HTTP/1.1
Host: ef919a7d9f.30f6a0aa8e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.tax/
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx/1.20.1
date: Thu, 25 Apr 2024 07:45:01 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| ef919a7d9f.30f6a0aa8e.com/in/multy | 157.90.84.246 | 200 OK | 0 B |
URL POST HTTP/2ef919a7d9f.30f6a0aa8e.com/in/multy IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subject30f6a0aa8e.com Fingerprint16:29:00:E5:6C:60:6C:43:65:A5:C4:9B:4C:95:FF:C8:99:55:70:92 ValiditySun, 21 Apr 2024 14:01:53 GMT - Sat, 20 Jul 2024 14:01:52 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /in/multy HTTP/1.1
Host: ef919a7d9f.30f6a0aa8e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.tax/
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx/1.20.1
date: Thu, 25 Apr 2024 07:45:01 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| 96b600f50a.a0e351a3aa.com/ab53eeb29e62691b807c79280e298496.js | 45.133.44.53 | 200 OK | 150 kB |
URL GET HTTP/296b600f50a.a0e351a3aa.com/ab53eeb29e62691b807c79280e298496.js IP45.133.44.53:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subject96b600f50a.a0e351a3aa.com FingerprintAD:AF:F1:6D:B3:03:A9:36:49:20:2F:CC:29:B3:F0:E6:2D:A0:EA:6D ValidityMon, 22 Apr 2024 02:20:27 GMT - Sun, 21 Jul 2024 02:20:26 GMT
File typegzip compressed data, from Unix Size150 kB (149757 bytes) Hash8c9666b1e9b2bdfc39aa4cecd0a908c6 8e855dae674462156506ac8d9f5a2b6420394f4a e850bbfcd081654314dcb3d1bf47821fdcda7e73146217935be1d4b75c198fb3
GET /ab53eeb29e62691b807c79280e298496.js HTTP/1.1
Host: 96b600f50a.a0e351a3aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:45:00 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 23 Apr 2024 09:45:19 GMT
etag: W/"6627832f-1ab1c"
content-encoding: gzip
expires: Thu, 25 Apr 2024 07:50:00 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube | 108.177.14.84 | 302 Found | 0 B |
URL GET HTTP/2accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube IP108.177.14.84:443
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerGoogle Trust Services LLC Subjectaccounts.google.com Fingerprint24:73:6B:52:47:71:E2:CB:E3:4E:89:44:4B:29:D9:F4:C2:A0:F1:14 ValidityMon, 08 Apr 2024 07:33:55 GMT - Mon, 01 Jul 2024 07:33:54 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:HJWAOPcoZCUu9lO_KPV5qlUMjssiKQ:yD8Aip8bG8axwSUZ; Expires=Sat, 25-Apr-2026 07:45:01 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 25 Apr 2024 07:45:01 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQzn5RYRslHavyKJqNBSqmAIf7hFmdjryJpeRjJI3gpEz_rGIR17Nm4jv1_iWKTzipwjwt_rWw
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-n71hwgwpojud_KtJK93gMw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/gid.js | 139.45.195.8 | 200 OK | 65 B |
IP139.45.195.8:443
Requested byhttps://mp4skin.com/watch?V=qqqRuFM3thI CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hashb844c0eabddb6ea5b14633d340218b5c 777be4f13c84f79b60fe569a00574d0c474592ae ae0fdb0effe43e11ba81cca00194739c45e597c58669466f3ad5b821cafe5648
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 07:45:01 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://mp4skin.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0800492b987b4680e2f3ec4420b33760; expires=Fri, 25 Apr 2025 07:45:01 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQzn5RYRslHavyKJqNBSqmAIf7hFmdjryJpeRjJI3gpEz_rGIR17Nm4jv1_iWKTzipwjwt_rWw | 108.177.14.84 | 302 Found | 429 B |
URL GET HTTP/2accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQzn5RYRslHavyKJqNBSqmAIf7hFmdjryJpeRjJI3gpEz_rGIR17Nm4jv1_iWKTzipwjwt_rWw IP108.177.14.84:443
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerGoogle Trust Services LLC Subjectaccounts.google.com Fingerprint24:73:6B:52:47:71:E2:CB:E3:4E:89:44:4B:29:D9:F4:C2:A0:F1:14 ValidityMon, 08 Apr 2024 07:33:55 GMT - Mon, 01 Jul 2024 07:33:54 GMT
File typeHTML document, ASCII text, with very long lines (406) Hash0680a42d28f3653b6b87a5f2e9e9b27d 995e2ef51a72d8bcb9e6b3770e8d24ae82a5560b fa50f72be3bc49478f7b705ef006b95c60faf882738b636cac1d95689f0574bf
GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQzn5RYRslHavyKJqNBSqmAIf7hFmdjryJpeRjJI3gpEz_rGIR17Nm4jv1_iWKTzipwjwt_rWw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:U3eSG7YQ9UKPpgGmDEvF8SSRXZjwIA:MMVBCFdIPWMN0P_p;Path=/;Expires=Sat, 25-Apr-2026 07:45:01 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 25 Apr 2024 07:45:01 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQyh_IJNfbq33YYC9y9spR_CCaJYPpr-cshGrD-2qX9ci18NHF7tyg-9Z5WS7lB3MJf5l79UzA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1710286428%3A1714031101355462&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-tDDI0nmrwMtMfOFIRJBaWQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 429
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ef919a7d9f.30f6a0aa8e.com/in/multy | 157.90.84.246 | 200 OK | 5.4 kB |
URL POST HTTP/2ef919a7d9f.30f6a0aa8e.com/in/multy IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subject30f6a0aa8e.com Fingerprint16:29:00:E5:6C:60:6C:43:65:A5:C4:9B:4C:95:FF:C8:99:55:70:92 ValiditySun, 21 Apr 2024 14:01:53 GMT - Sat, 20 Jul 2024 14:01:52 GMT
Hashf4270a7d8358991d424bb536c03b3652 4ec6e7225c228290cff0b1f5da25ca8bd8144c5f 0bfdfbba093b2d649e9239024700f72b792ec6b6ee750985b209c70d6ccc3ae5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /in/multy HTTP/1.1
Host: ef919a7d9f.30f6a0aa8e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1753
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 25 Apr 2024 07:45:01 GMT
content-type: application/json
content-length: 5394
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| img.doodcdn.co/snaps/83dmajl798m59d3u.jpg | 104.26.7.74 | 200 OK | 25 kB |
URL GET HTTP/3img.doodcdn.co/snaps/83dmajl798m59d3u.jpg IP104.26.7.74:443
Requested byhttps://metrolagu.cam/watch?v=uumh7vKfruE CertificateIssuerCloudflare, Inc. Subjectdoodcdn.co Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3 ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 404x720, components 3 Hash154a171a4f01fa24f2bb2273aba4e6ea b05f751a9bd84a5a7335d4ea92903a84d6cf7dbc 583df97f1b439b30f6f91997cb99ac74ad68f31faedcaafadcf66e188694e0e2
GET /snaps/83dmajl798m59d3u.jpg HTTP/1.1
Host: img.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:01 GMT
content-type: image/jpeg
content-length: 24921
access-control-allow-origin: *
cache-control: max-age=1209600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=25165
etag: "66177b48-624d"
expires: Wed, 08 May 2024 20:47:08 GMT
last-modified: Thu, 11 Apr 2024 05:55:20 GMT
cf-cache-status: HIT
age: 1
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q2OI1SNiHzEHtvpxGdmRG6WhAr4iylxcEVTxndIYIhV3nVPosrCAQc4I9nthBGxEyMt%2FPmcXyMzd5btnjY61vIp7DB250BqeQpcqtP0K8m4ZF0NDbmXsE8pY%2BeiN1hMC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb61169d056c6-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ef919a7d9f.30f6a0aa8e.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.tax%2Fd%2FNZv3DAQgRwP&refdom=poop.tax&auction_time=1714031101&subid=357529620&sid=1332750930&tcid=0&ver=8.158.1&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-25&iabcat=IAB25-3&keywords=adult&user_fp=1085635384331788990&score=0&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.tax%252Fd%252FNZv3DAQgRwP%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=8e4f323bf604fc61ecb4f0310da6d366&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fimpactserving.com%252FRedirect.eng%253FMediaSegmentId%253D60678%2526dcid%253D3_ctx_efbe08c9-ebe9-41d5-bb60-e975b9b8ebb8%2526vmId%253D00000000-0000-0000-0000-000000000000%2526abr%253Dfalse%2526timeZoneOffset%253D%2526v%253DpKQymUyZW66D0tC8rENN9LHFkwzV1cVHWeVO9mJiDQn4aS_B0lgn3oU5LfBplOion6T_An6B5wrU0A82wbhT60-LPGz_80k94RiV26BcwCtdtJbeEiBB47XbwdAa4FGzbVt3XnXUfPxMaQya6z8pXr9CmEWoULlnOrFJDkCtKlk3lY_cze6zOdcEiAXI_mLKu8T-WO3h178wePkrcpjQevp9BxpW2rSuu3OvY8XW9aOaJ2828K-UeTN9h1WKWP-xpe3vq8lqOrVKROxSW6hcU7AjSiwUq3cbRgmxwzNyovHm8NOQLg-SBj1rgmfiUFnriPIaf-gmnnVEXrXT99SJkLB2bF13mc3EnR6k50Qb-4qgigB78iuODUEMN5L-ac_1N0CFUJgKa6nZFmJFAL8SfVaRxx_s2TvqvR14PDILRmKRPXfUwQ8aFXIPMZ_5NxPUkIRQseHlwEyNzIkULe8VuY9XKK0mKQKDCr06p-1nlEMELQl9FBFtg0ahzjogPdiWTbx8oRb2mdd_Or0nMAl85_9yEmxgtk5lhifd5ZOkMrkcRt3wpTLwO6Yoh8xV6V26NDNtlf37hb-5Bj0fUnngdgqWRwvD7tMIOwpHfMZHUSsyKtGnrFqMjGmW2BvKVzjJ9rTu-1uKnCQSXYWQ7BkKYH5wIE80ZHVB8zkop434t9cSy5_jzbnqCBO48EcPY639ZP45UPZNGzgkINnru8XpJLq9BtGTdixGDkJ2CDsDR5DAiNMIKNk1zq4OREBLuGTeAqkreds86pbDu25kTVnoszfjVqee9Tu-9HFrH23EcGjS-248yqPVV4SE-WvrJQEBGB1UOG_MjDela-4EV_S4UbXfE4NB_tOOt9boH4JNi0LE1ssi7-6l2I0t7549dSNdOQjc2g3ovUPl4FKmlIyBpPIiIsjnBuW2BC31Nye_KTFzcBbiic_hjy2vnlpZyaWpUbTk9WlCBMsb-afvy4-KOJF6JAwKw8jRr5Hn_yZWpIM1%2526kw%253Dadult%2526mw%253D1024%2526mh%253D768%2526xml%253D1%2526at%253D&icons=ZuVhPm62tyxQbp_jhWrzmU7msXocgSPSlKQWeRABB0PITlslYEMsNZinQaR_4I-A1SzdRylhfCaqXfBjry5axvoAM6Hsu34Y1tP_cjW6iggOJqOd8etn42O6b8vzVTkCoJGajoj9at-Dhmogab-PiNDbbHSvIZzsvHHGUfgDa0PXOJL2-Q&ext_cid=0&px_id=55418774&min_cpm=0.03287005764702883&out_id=1&campaign_type=lq-pop&aid=352&cid=15019&uniq=&mid=3513392631344447117&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.030984930362231444&cpm=0&verify_hash=b32c68353436a9a83a9bef0d1995a054&is_native=2&real_bid=0.0008422560310363777&original_bid_usd=0.00144&original_bid=0.00144&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=89,4,11,27,108,0&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_daf423b5d5ec5c56f9cfc24448f7947b90792d96_icon.webp&site=native-push-adult&price=0.00144&hostname=auc-inpage-hz-12-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000014400000000000002&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=6f5fad32-9c17-473c-97b4-8b6dd5b5edc9&prev_step_diff=781 | 157.90.84.246 | 200 OK | 0 B |
URL GET HTTP/2ef919a7d9f.30f6a0aa8e.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.tax%2Fd%2FNZv3DAQgRwP&refdom=poop.tax&auction_time=1714031101&subid=357529620&sid=1332750930&tcid=0&ver=8.158.1&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-25&iabcat=IAB25-3&keywords=adult&user_fp=1085635384331788990&score=0&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.tax%252Fd%252FNZv3DAQgRwP%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=8e4f323bf604fc61ecb4f0310da6d366&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fimpactserving.com%252FRedirect.eng%253FMediaSegmentId%253D60678%2526dcid%253D3_ctx_efbe08c9-ebe9-41d5-bb60-e975b9b8ebb8%2526vmId%253D00000000-0000-0000-0000-000000000000%2526abr%253Dfalse%2526timeZoneOffset%253D%2526v%253DpKQymUyZW66D0tC8rENN9LHFkwzV1cVHWeVO9mJiDQn4aS_B0lgn3oU5LfBplOion6T_An6B5wrU0A82wbhT60-LPGz_80k94RiV26BcwCtdtJbeEiBB47XbwdAa4FGzbVt3XnXUfPxMaQya6z8pXr9CmEWoULlnOrFJDkCtKlk3lY_cze6zOdcEiAXI_mLKu8T-WO3h178wePkrcpjQevp9BxpW2rSuu3OvY8XW9aOaJ2828K-UeTN9h1WKWP-xpe3vq8lqOrVKROxSW6hcU7AjSiwUq3cbRgmxwzNyovHm8NOQLg-SBj1rgmfiUFnriPIaf-gmnnVEXrXT99SJkLB2bF13mc3EnR6k50Qb-4qgigB78iuODUEMN5L-ac_1N0CFUJgKa6nZFmJFAL8SfVaRxx_s2TvqvR14PDILRmKRPXfUwQ8aFXIPMZ_5NxPUkIRQseHlwEyNzIkULe8VuY9XKK0mKQKDCr06p-1nlEMELQl9FBFtg0ahzjogPdiWTbx8oRb2mdd_Or0nMAl85_9yEmxgtk5lhifd5ZOkMrkcRt3wpTLwO6Yoh8xV6V26NDNtlf37hb-5Bj0fUnngdgqWRwvD7tMIOwpHfMZHUSsyKtGnrFqMjGmW2BvKVzjJ9rTu-1uKnCQSXYWQ7BkKYH5wIE80ZHVB8zkop434t9cSy5_jzbnqCBO48EcPY639ZP45UPZNGzgkINnru8XpJLq9BtGTdixGDkJ2CDsDR5DAiNMIKNk1zq4OREBLuGTeAqkreds86pbDu25kTVnoszfjVqee9Tu-9HFrH23EcGjS-248yqPVV4SE-WvrJQEBGB1UOG_MjDela-4EV_S4UbXfE4NB_tOOt9boH4JNi0LE1ssi7-6l2I0t7549dSNdOQjc2g3ovUPl4FKmlIyBpPIiIsjnBuW2BC31Nye_KTFzcBbiic_hjy2vnlpZyaWpUbTk9WlCBMsb-afvy4-KOJF6JAwKw8jRr5Hn_yZWpIM1%2526kw%253Dadult%2526mw%253D1024%2526mh%253D768%2526xml%253D1%2526at%253D&icons=ZuVhPm62tyxQbp_jhWrzmU7msXocgSPSlKQWeRABB0PITlslYEMsNZinQaR_4I-A1SzdRylhfCaqXfBjry5axvoAM6Hsu34Y1tP_cjW6iggOJqOd8etn42O6b8vzVTkCoJGajoj9at-Dhmogab-PiNDbbHSvIZzsvHHGUfgDa0PXOJL2-Q&ext_cid=0&px_id=55418774&min_cpm=0.03287005764702883&out_id=1&campaign_type=lq-pop&aid=352&cid=15019&uniq=&mid=3513392631344447117&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.030984930362231444&cpm=0&verify_hash=b32c68353436a9a83a9bef0d1995a054&is_native=2&real_bid=0.0008422560310363777&original_bid_usd=0.00144&original_bid=0.00144&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=89,4,11,27,108,0&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_daf423b5d5ec5c56f9cfc24448f7947b90792d96_icon.webp&site=native-push-adult&price=0.00144&hostname=auc-inpage-hz-12-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000014400000000000002&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=6f5fad32-9c17-473c-97b4-8b6dd5b5edc9&prev_step_diff=781 IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subject30f6a0aa8e.com Fingerprint16:29:00:E5:6C:60:6C:43:65:A5:C4:9B:4C:95:FF:C8:99:55:70:92 ValiditySun, 21 Apr 2024 14:01:53 GMT - Sat, 20 Jul 2024 14:01:52 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.tax%2Fd%2FNZv3DAQgRwP&refdom=poop.tax&auction_time=1714031101&subid=357529620&sid=1332750930&tcid=0&ver=8.158.1&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-25&iabcat=IAB25-3&keywords=adult&user_fp=1085635384331788990&score=0&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.tax%252Fd%252FNZv3DAQgRwP%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=8e4f323bf604fc61ecb4f0310da6d366&url=https%3A%2F%2Fvjxxx.com%2Fcheck-check-bots%3Furl%3Dhttps%253A%252F%252Fimpactserving.com%252FRedirect.eng%253FMediaSegmentId%253D60678%2526dcid%253D3_ctx_efbe08c9-ebe9-41d5-bb60-e975b9b8ebb8%2526vmId%253D00000000-0000-0000-0000-000000000000%2526abr%253Dfalse%2526timeZoneOffset%253D%2526v%253DpKQymUyZW66D0tC8rENN9LHFkwzV1cVHWeVO9mJiDQn4aS_B0lgn3oU5LfBplOion6T_An6B5wrU0A82wbhT60-LPGz_80k94RiV26BcwCtdtJbeEiBB47XbwdAa4FGzbVt3XnXUfPxMaQya6z8pXr9CmEWoULlnOrFJDkCtKlk3lY_cze6zOdcEiAXI_mLKu8T-WO3h178wePkrcpjQevp9BxpW2rSuu3OvY8XW9aOaJ2828K-UeTN9h1WKWP-xpe3vq8lqOrVKROxSW6hcU7AjSiwUq3cbRgmxwzNyovHm8NOQLg-SBj1rgmfiUFnriPIaf-gmnnVEXrXT99SJkLB2bF13mc3EnR6k50Qb-4qgigB78iuODUEMN5L-ac_1N0CFUJgKa6nZFmJFAL8SfVaRxx_s2TvqvR14PDILRmKRPXfUwQ8aFXIPMZ_5NxPUkIRQseHlwEyNzIkULe8VuY9XKK0mKQKDCr06p-1nlEMELQl9FBFtg0ahzjogPdiWTbx8oRb2mdd_Or0nMAl85_9yEmxgtk5lhifd5ZOkMrkcRt3wpTLwO6Yoh8xV6V26NDNtlf37hb-5Bj0fUnngdgqWRwvD7tMIOwpHfMZHUSsyKtGnrFqMjGmW2BvKVzjJ9rTu-1uKnCQSXYWQ7BkKYH5wIE80ZHVB8zkop434t9cSy5_jzbnqCBO48EcPY639ZP45UPZNGzgkINnru8XpJLq9BtGTdixGDkJ2CDsDR5DAiNMIKNk1zq4OREBLuGTeAqkreds86pbDu25kTVnoszfjVqee9Tu-9HFrH23EcGjS-248yqPVV4SE-WvrJQEBGB1UOG_MjDela-4EV_S4UbXfE4NB_tOOt9boH4JNi0LE1ssi7-6l2I0t7549dSNdOQjc2g3ovUPl4FKmlIyBpPIiIsjnBuW2BC31Nye_KTFzcBbiic_hjy2vnlpZyaWpUbTk9WlCBMsb-afvy4-KOJF6JAwKw8jRr5Hn_yZWpIM1%2526kw%253Dadult%2526mw%253D1024%2526mh%253D768%2526xml%253D1%2526at%253D&icons=ZuVhPm62tyxQbp_jhWrzmU7msXocgSPSlKQWeRABB0PITlslYEMsNZinQaR_4I-A1SzdRylhfCaqXfBjry5axvoAM6Hsu34Y1tP_cjW6iggOJqOd8etn42O6b8vzVTkCoJGajoj9at-Dhmogab-PiNDbbHSvIZzsvHHGUfgDa0PXOJL2-Q&ext_cid=0&px_id=55418774&min_cpm=0.03287005764702883&out_id=1&campaign_type=lq-pop&aid=352&cid=15019&uniq=&mid=3513392631344447117&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.030984930362231444&cpm=0&verify_hash=b32c68353436a9a83a9bef0d1995a054&is_native=2&real_bid=0.0008422560310363777&original_bid_usd=0.00144&original_bid=0.00144&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=89,4,11,27,108,0&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_daf423b5d5ec5c56f9cfc24448f7947b90792d96_icon.webp&site=native-push-adult&price=0.00144&hostname=auc-inpage-hz-12-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000014400000000000002&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=6f5fad32-9c17-473c-97b4-8b6dd5b5edc9&prev_step_diff=781 HTTP/1.1
Host: ef919a7d9f.30f6a0aa8e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 25 Apr 2024 07:45:01 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| ef919a7d9f.30f6a0aa8e.com/in/multy | 157.90.84.246 | 200 OK | 4.8 kB |
URL POST HTTP/2ef919a7d9f.30f6a0aa8e.com/in/multy IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subject30f6a0aa8e.com Fingerprint16:29:00:E5:6C:60:6C:43:65:A5:C4:9B:4C:95:FF:C8:99:55:70:92 ValiditySun, 21 Apr 2024 14:01:53 GMT - Sat, 20 Jul 2024 14:01:52 GMT
Hash72c06964e0020614464acfd79200eca9 79890496981df1b2e7b5d04724669d0b783ebf5e 06d5319bc0e7489b5726213d685d54c38c5337035c9bb05e60f73b7c5fcb723c
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /in/multy HTTP/1.1
Host: ef919a7d9f.30f6a0aa8e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1752
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 25 Apr 2024 07:45:01 GMT
content-type: application/json
content-length: 4776
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| ef919a7d9f.30f6a0aa8e.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.tax%2Fd%2FNZv3DAQgRwP&refdom=poop.tax&auction_time=1714031101&subid=357529620&sid=1332750930&tcid=0&ver=8.158.1&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-25&iabcat=IAB25-3&keywords=adult&user_fp=1085635384331788990&score=0&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.tax%252Fd%252FNZv3DAQgRwP%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=49675&crtid=13178bb3bc33949d085fd4507647972b&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DjQsWa_ARUikpTD6etdd1fBQQV7HLvUgpC9V-v0hQ7BVO72sbRiNRZVo83ZrkYSQCJ0QcuVIp-Zm_cOqaANG-WqFM4gMgoEPEMCeISt56T9WwHVEwmhf7W4cILihCo9_bzZ_DidpBC23ktydsath1DaQSejpD89WLyJVX6JX3HxTmLngLhOaC-QuzDxm4g7HNKY2E-9BocJ92f7Nlb20W-GFLJ9b_xGsUepH0p4aRZpf7xpk_ZetmjITYGbOLaldeOyP_IJ0tj3LIqeEjyjtUYGnM_64JNyjZT4d8m8rHsPEr9P6I3706C6i19ICJWRuqRCXfHcYejZJecvy_CQQdAwj0CsYc_xvODmNVmMjjsFKsKB5twvFhnt8Mn4TxdbSQrumqtVf3h1jg3meHDDRs_K4vU2sz1vLAF5nkS_7DWnxJ6Byo1p9FPW7p9woWoAM8vcDiEqZJsyssJoCtb0Y1H9BNY3Q2HkK8YLCo9Ybof5Zanw1NjJFi0BulsRNkPMlW3XmtPpnqJSwgdrvn0mcI-4mVxcnj9vq8EKd_9mwnxU-PROqhDAQm2jTeAltbeK2-eaF1L18yUezCHFr1Kwc%3D&icons=o1Ud1yTv8N5TuUkjq2B2t41zzxp2JLdfg6tdNT6Z8jn7lEBKlrui5f7Q44MCaPi7RkMc_DANC8MVH1ne_beNymDwKE1RXiRKmpjaYzPXlQBSkCXECrCZJti9jCna8zQ1h-rPTDXZyL3FU6LwaAElGWjptmPuOYL_AhK1cgZhU_Fh-eawbMzuZpJIZqYKm9J-W2UNykh2ei6fJHDAhDhF2TYpy1FlgDq-bqfpwQoYCSieIBM4ONZ1YCN2kH__MSOZMpGBiENdNo1xX2mLrTNkBF-Vd39m7uCNIh4uNKb3l9bmkoq3SNri1T_3CY43qhLiTX17JzTB2Gu4oXAelMCpWXx9x_HpaC-RizlFcND7XjjYtJVHKqyfytTwWi4LqsD2pNaWiioBDzGgs_kVwha3KY3KkewU7_vMzfdHso5XhRnfIvruRVHEjSSAqx9edQuqc032Q43tiXzL7eiRHjQ6sZD642WFjrExGMcR-YE6YVzYueiIKZVLkw7dWXVKU45F6J04-ndu1vx8xaY1nKP-gm-osri-JHfpXrbL9fta4nR4kjXZV6k2VJGMtpQjs737ymdLSNPFAdyMhtEm6Lpq3aNjL4RzQ98J7gf0VrYn6_7RtgnkUtNA3BAfvWMRQ21WI2SopPFztQlUG7R5U8Zw6nEjD0hJh4enobWVr7-rdYegmmB_0dULAU5KemfuGxsRFcDFEhBcUoqLtaf66WwaYJgMDUj_ON3y&ext_cid=49675&px_id=73418774&min_cpm=0.0073750796163178315&out_id=0&campaign_type=hq&aid=291&cid=2703&uniq=&mid=3513392631344447117&skin_id=2&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.1252835513291196&cpm=0&verify_hash=934270147086b964ef96b62f23c20be3&is_native=1&real_bid=0.015178239917755068&original_bid_usd=0.0196&original_bid=0.0196&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,90,5,98&need_redirect_show=0&applied_features=stage-skins-settings,test_skins&show_count=1&expiration_timestamp=1714088701&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F75100307%2F537617_image.png&site=native-push-adult&price=0.0196&hostname=auc-inpage-hz-12-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000019600000000000002&ext_campaign_id_str=49675&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&st=0.02&cpa=c8a3c918-4749-46a0-93a8-c975e474171b&prev_step_diff=781 | 157.90.84.246 | 200 OK | 0 B |
URL GET HTTP/2ef919a7d9f.30f6a0aa8e.com/in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.tax%2Fd%2FNZv3DAQgRwP&refdom=poop.tax&auction_time=1714031101&subid=357529620&sid=1332750930&tcid=0&ver=8.158.1&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-25&iabcat=IAB25-3&keywords=adult&user_fp=1085635384331788990&score=0&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.tax%252Fd%252FNZv3DAQgRwP%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=49675&crtid=13178bb3bc33949d085fd4507647972b&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DjQsWa_ARUikpTD6etdd1fBQQV7HLvUgpC9V-v0hQ7BVO72sbRiNRZVo83ZrkYSQCJ0QcuVIp-Zm_cOqaANG-WqFM4gMgoEPEMCeISt56T9WwHVEwmhf7W4cILihCo9_bzZ_DidpBC23ktydsath1DaQSejpD89WLyJVX6JX3HxTmLngLhOaC-QuzDxm4g7HNKY2E-9BocJ92f7Nlb20W-GFLJ9b_xGsUepH0p4aRZpf7xpk_ZetmjITYGbOLaldeOyP_IJ0tj3LIqeEjyjtUYGnM_64JNyjZT4d8m8rHsPEr9P6I3706C6i19ICJWRuqRCXfHcYejZJecvy_CQQdAwj0CsYc_xvODmNVmMjjsFKsKB5twvFhnt8Mn4TxdbSQrumqtVf3h1jg3meHDDRs_K4vU2sz1vLAF5nkS_7DWnxJ6Byo1p9FPW7p9woWoAM8vcDiEqZJsyssJoCtb0Y1H9BNY3Q2HkK8YLCo9Ybof5Zanw1NjJFi0BulsRNkPMlW3XmtPpnqJSwgdrvn0mcI-4mVxcnj9vq8EKd_9mwnxU-PROqhDAQm2jTeAltbeK2-eaF1L18yUezCHFr1Kwc%3D&icons=o1Ud1yTv8N5TuUkjq2B2t41zzxp2JLdfg6tdNT6Z8jn7lEBKlrui5f7Q44MCaPi7RkMc_DANC8MVH1ne_beNymDwKE1RXiRKmpjaYzPXlQBSkCXECrCZJti9jCna8zQ1h-rPTDXZyL3FU6LwaAElGWjptmPuOYL_AhK1cgZhU_Fh-eawbMzuZpJIZqYKm9J-W2UNykh2ei6fJHDAhDhF2TYpy1FlgDq-bqfpwQoYCSieIBM4ONZ1YCN2kH__MSOZMpGBiENdNo1xX2mLrTNkBF-Vd39m7uCNIh4uNKb3l9bmkoq3SNri1T_3CY43qhLiTX17JzTB2Gu4oXAelMCpWXx9x_HpaC-RizlFcND7XjjYtJVHKqyfytTwWi4LqsD2pNaWiioBDzGgs_kVwha3KY3KkewU7_vMzfdHso5XhRnfIvruRVHEjSSAqx9edQuqc032Q43tiXzL7eiRHjQ6sZD642WFjrExGMcR-YE6YVzYueiIKZVLkw7dWXVKU45F6J04-ndu1vx8xaY1nKP-gm-osri-JHfpXrbL9fta4nR4kjXZV6k2VJGMtpQjs737ymdLSNPFAdyMhtEm6Lpq3aNjL4RzQ98J7gf0VrYn6_7RtgnkUtNA3BAfvWMRQ21WI2SopPFztQlUG7R5U8Zw6nEjD0hJh4enobWVr7-rdYegmmB_0dULAU5KemfuGxsRFcDFEhBcUoqLtaf66WwaYJgMDUj_ON3y&ext_cid=49675&px_id=73418774&min_cpm=0.0073750796163178315&out_id=0&campaign_type=hq&aid=291&cid=2703&uniq=&mid=3513392631344447117&skin_id=2&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.1252835513291196&cpm=0&verify_hash=934270147086b964ef96b62f23c20be3&is_native=1&real_bid=0.015178239917755068&original_bid_usd=0.0196&original_bid=0.0196&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,90,5,98&need_redirect_show=0&applied_features=stage-skins-settings,test_skins&show_count=1&expiration_timestamp=1714088701&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F75100307%2F537617_image.png&site=native-push-adult&price=0.0196&hostname=auc-inpage-hz-12-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000019600000000000002&ext_campaign_id_str=49675&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&st=0.02&cpa=c8a3c918-4749-46a0-93a8-c975e474171b&prev_step_diff=781 IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subject30f6a0aa8e.com Fingerprint16:29:00:E5:6C:60:6C:43:65:A5:C4:9B:4C:95:FF:C8:99:55:70:92 ValiditySun, 21 Apr 2024 14:01:53 GMT - Sat, 20 Jul 2024 14:01:52 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /in/show/?tag_ab=a&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.tax%2Fd%2FNZv3DAQgRwP&refdom=poop.tax&auction_time=1714031101&subid=357529620&sid=1332750930&tcid=0&ver=8.158.1&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-25&iabcat=IAB25-3&keywords=adult&user_fp=1085635384331788990&score=0&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.tax%252Fd%252FNZv3DAQgRwP%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=49675&crtid=13178bb3bc33949d085fd4507647972b&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DjQsWa_ARUikpTD6etdd1fBQQV7HLvUgpC9V-v0hQ7BVO72sbRiNRZVo83ZrkYSQCJ0QcuVIp-Zm_cOqaANG-WqFM4gMgoEPEMCeISt56T9WwHVEwmhf7W4cILihCo9_bzZ_DidpBC23ktydsath1DaQSejpD89WLyJVX6JX3HxTmLngLhOaC-QuzDxm4g7HNKY2E-9BocJ92f7Nlb20W-GFLJ9b_xGsUepH0p4aRZpf7xpk_ZetmjITYGbOLaldeOyP_IJ0tj3LIqeEjyjtUYGnM_64JNyjZT4d8m8rHsPEr9P6I3706C6i19ICJWRuqRCXfHcYejZJecvy_CQQdAwj0CsYc_xvODmNVmMjjsFKsKB5twvFhnt8Mn4TxdbSQrumqtVf3h1jg3meHDDRs_K4vU2sz1vLAF5nkS_7DWnxJ6Byo1p9FPW7p9woWoAM8vcDiEqZJsyssJoCtb0Y1H9BNY3Q2HkK8YLCo9Ybof5Zanw1NjJFi0BulsRNkPMlW3XmtPpnqJSwgdrvn0mcI-4mVxcnj9vq8EKd_9mwnxU-PROqhDAQm2jTeAltbeK2-eaF1L18yUezCHFr1Kwc%3D&icons=o1Ud1yTv8N5TuUkjq2B2t41zzxp2JLdfg6tdNT6Z8jn7lEBKlrui5f7Q44MCaPi7RkMc_DANC8MVH1ne_beNymDwKE1RXiRKmpjaYzPXlQBSkCXECrCZJti9jCna8zQ1h-rPTDXZyL3FU6LwaAElGWjptmPuOYL_AhK1cgZhU_Fh-eawbMzuZpJIZqYKm9J-W2UNykh2ei6fJHDAhDhF2TYpy1FlgDq-bqfpwQoYCSieIBM4ONZ1YCN2kH__MSOZMpGBiENdNo1xX2mLrTNkBF-Vd39m7uCNIh4uNKb3l9bmkoq3SNri1T_3CY43qhLiTX17JzTB2Gu4oXAelMCpWXx9x_HpaC-RizlFcND7XjjYtJVHKqyfytTwWi4LqsD2pNaWiioBDzGgs_kVwha3KY3KkewU7_vMzfdHso5XhRnfIvruRVHEjSSAqx9edQuqc032Q43tiXzL7eiRHjQ6sZD642WFjrExGMcR-YE6YVzYueiIKZVLkw7dWXVKU45F6J04-ndu1vx8xaY1nKP-gm-osri-JHfpXrbL9fta4nR4kjXZV6k2VJGMtpQjs737ymdLSNPFAdyMhtEm6Lpq3aNjL4RzQ98J7gf0VrYn6_7RtgnkUtNA3BAfvWMRQ21WI2SopPFztQlUG7R5U8Zw6nEjD0hJh4enobWVr7-rdYegmmB_0dULAU5KemfuGxsRFcDFEhBcUoqLtaf66WwaYJgMDUj_ON3y&ext_cid=49675&px_id=73418774&min_cpm=0.0073750796163178315&out_id=0&campaign_type=hq&aid=291&cid=2703&uniq=&mid=3513392631344447117&skin_id=2&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.1252835513291196&cpm=0&verify_hash=934270147086b964ef96b62f23c20be3&is_native=1&real_bid=0.015178239917755068&original_bid_usd=0.0196&original_bid=0.0196&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,90,5,98&need_redirect_show=0&applied_features=stage-skins-settings,test_skins&show_count=1&expiration_timestamp=1714088701&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F75100307%2F537617_image.png&site=native-push-adult&price=0.0196&hostname=auc-inpage-hz-12-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000019600000000000002&ext_campaign_id_str=49675&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&st=0.02&cpa=c8a3c918-4749-46a0-93a8-c975e474171b&prev_step_diff=781 HTTP/1.1
Host: ef919a7d9f.30f6a0aa8e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 25 Apr 2024 07:45:01 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js | 104.17.24.14 | 200 OK | 28 kB |
URL GET HTTP/3cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js IP104.17.24.14:443
Requested byhttps://metrolagu.cam/watch?v=uumh7vKfruE CertificateIssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hashdc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:01 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 40720
expires: Tue, 15 Apr 2025 07:45:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Djjkjon0lDpGvhZ%2ByXZUGKeYUoHBabUvHWVtokAIXXR%2BfwefMrrSyg9TJPibabxYb%2F5wifb5zOn7%2B3166YP9RLJR69DIwv2bW1Gf2n474D1lI3BVbTXsZkKruCq8grS4FjlFHcri"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 879cb6118f76b518-OSL
alt-svc: h3=":443"; ma=86400
|
|
| static.bookmsg.com/creatives/US/US_daf423b5d5ec5c56f9cfc24448f7947b90792d96_icon.webp | 45.133.44.24 | 200 OK | 578 B |
URL GET HTTP/2static.bookmsg.com/creatives/US/US_daf423b5d5ec5c56f9cfc24448f7947b90792d96_icon.webp IP45.133.44.24:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashbbff6416cdbcebabfd2de6a0ca68eae1 0c478e635b2dafc2d192c690d0fdcc0ad8903ab5 4e9ca917e9a46f53938c71b97d74f1b8f462a66d53252c8715c4e50bd89dfe34
GET /creatives/US/US_daf423b5d5ec5c56f9cfc24448f7947b90792d96_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:45:01 GMT
content-type: image/webp
content-length: 578
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-242"
expires: Fri, 25 Apr 2025 07:45:01 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/DE/DE_4c0f319d1a96beb4e3d95713256cda506ce66fd8_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=fd6fe950-8694-4249-8af1-307ad5e8bed1&prev_step_diff=966 | 45.133.44.24 | 200 OK | 752 B |
URL GET HTTP/2static.bookmsg.com/creatives/DE/DE_4c0f319d1a96beb4e3d95713256cda506ce66fd8_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=fd6fe950-8694-4249-8af1-307ad5e8bed1&prev_step_diff=966 IP45.133.44.24:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hash5efcecfcd357e0f2733fb6e09605b12d d3570c35786feb642cc2be6ed2b5907f46e0c7f2 5697845a65dcf4abf831944b560bcde2e0e482daaa205b8b46023d86fa1f5e07
GET /creatives/DE/DE_4c0f319d1a96beb4e3d95713256cda506ce66fd8_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=fd6fe950-8694-4249-8af1-307ad5e8bed1&prev_step_diff=966 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:45:01 GMT
content-type: image/webp
content-length: 752
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-2f0"
expires: Fri, 25 Apr 2025 07:45:01 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/DE/DE_4c0f319d1a96beb4e3d95713256cda506ce66fd8.webp | 45.133.44.24 | 200 OK | 3.3 kB |
URL GET HTTP/2static.bookmsg.com/creatives/DE/DE_4c0f319d1a96beb4e3d95713256cda506ce66fd8.webp IP45.133.44.24:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 300x200, Scaling: [none]x[none], YUV color, decoders should clamp Hashc861dc0bbbaea49a943334f44d6c6f4c a0e7e648b8749aceb4989ff6722d74bf4aac1543 6a22e4c151ea8365e1df836097f16d7a17caa5985633a39d811280c7318c5ae8
GET /creatives/DE/DE_4c0f319d1a96beb4e3d95713256cda506ce66fd8.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:45:01 GMT
content-type: image/webp
content-length: 3288
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-cd8"
expires: Fri, 25 Apr 2025 07:45:01 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| static.bookmsg.com/creatives/US/US_daf423b5d5ec5c56f9cfc24448f7947b90792d96_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=fdaf00a7-6c34-40d2-a0b1-b0840cd06558&prev_step_diff=781 | 45.133.44.24 | 200 OK | 578 B |
URL GET HTTP/2static.bookmsg.com/creatives/US/US_daf423b5d5ec5c56f9cfc24448f7947b90792d96_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=fdaf00a7-6c34-40d2-a0b1-b0840cd06558&prev_step_diff=781 IP45.133.44.24:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subjectstatic.bookmsg.com FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76 ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp Hashbbff6416cdbcebabfd2de6a0ca68eae1 0c478e635b2dafc2d192c690d0fdcc0ad8903ab5 4e9ca917e9a46f53938c71b97d74f1b8f462a66d53252c8715c4e50bd89dfe34
GET /creatives/US/US_daf423b5d5ec5c56f9cfc24448f7947b90792d96_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=fdaf00a7-6c34-40d2-a0b1-b0840cd06558&prev_step_diff=781 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:45:01 GMT
content-type: image/webp
content-length: 578
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-242"
expires: Fri, 25 Apr 2025 07:45:01 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| ef919a7d9f.30f6a0aa8e.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.tax%2Fd%2FNZv3DAQgRwP&refdom=poop.tax&auction_time=1714031101&subid=388464194&sid=251536434&tcid=0&ver=8.158.1&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-25&iabcat=IAB25-3&keywords=adult&user_fp=1085635384331788990&score=100&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.tax%252Fd%252FNZv3DAQgRwP%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=deae48f43f5e35e3b89590e2a8a8b9da&url=https%3A%2F%2Fphgofi.com%2Ft%2F8Xe681lg8sn65gDJj_LNQlMd-PajZ59NyR1DdX1G3D8uZCtjHtuxmJ2c3UwFf6FcQXDDsDgEJyHviyfZrXbpLeqWsqmRiXkZBht0AMU6axMLIOcl60ftQwaH0JkzmSPEYpGleef-opMeRfWPdO92X0211Sfn2-tLqS_ncABiUt3650uxK7TmmcYOZdDtdRYiqOC58rLIomK8IP_OmVMiewtFc6l1DoBd15emkLbDTrNaaRI57At2USnobpeUFPKn78_Lyvh0PsgeoL-_p8-0nj8scoZ4FsPmwvFfPus1KdoyQhTrkQmrR0kzzWbU4jqed_OF7GusMMu4pzCptgLZngRB17lRKakFqKIIFwc7P3p7Ncn1I7362l4TGnTQMJ2Z_SFu9UQ4M-NiPwz_Tg%3D%3D&icons=rsq_eSP2ZSl4C-HCGl9NmroUrZPcRx7XJ6nAnmSZyxBg596zq9hHmpANpE2zVv15YlgnaE7JK1yCAbeb9NJMRCuVr2CZnLYC45m_gvPPRQTrQaKUwJb_e9ibsTCeqCoTXb65u84F1m4dZcLppCY8IegsmTbpbr0r58bv4DxsnU4RTOIr4g&ext_cid=1133291&px_id=51418776&min_cpm=0.05115625080222936&out_id=1&campaign_type=lq&aid=172&cid=1945&uniq=d5c7af06188e3a8eb909617af613c4bb78a5d625fe3f3baad671f07830dd9088&mid=2073683734796869880&skin_id=2&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.00840532205169652&cpm=0&verify_hash=652f47eff2bcb548bbc5f2a47c176048&is_native=1&real_bid=0.0001468079996109&original_bid_usd=0.00023999999999999998&original_bid=0.00023999999999999998&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,88,95,96,27,129,5&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1714290301&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FDE%2FDE_4c0f319d1a96beb4e3d95713256cda506ce66fd8.webp&site=native-push-adult&price=0.00023999999999999998&hostname=auc-inpage-hz-6-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000024&ext_campaign_id_str=1133291&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=6d150e1a-c315-4d6a-83f7-ee407eb0f5b2&prev_step_diff=966 | 157.90.84.246 | 200 OK | 0 B |
URL GET HTTP/2ef919a7d9f.30f6a0aa8e.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.tax%2Fd%2FNZv3DAQgRwP&refdom=poop.tax&auction_time=1714031101&subid=388464194&sid=251536434&tcid=0&ver=8.158.1&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-25&iabcat=IAB25-3&keywords=adult&user_fp=1085635384331788990&score=100&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.tax%252Fd%252FNZv3DAQgRwP%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=deae48f43f5e35e3b89590e2a8a8b9da&url=https%3A%2F%2Fphgofi.com%2Ft%2F8Xe681lg8sn65gDJj_LNQlMd-PajZ59NyR1DdX1G3D8uZCtjHtuxmJ2c3UwFf6FcQXDDsDgEJyHviyfZrXbpLeqWsqmRiXkZBht0AMU6axMLIOcl60ftQwaH0JkzmSPEYpGleef-opMeRfWPdO92X0211Sfn2-tLqS_ncABiUt3650uxK7TmmcYOZdDtdRYiqOC58rLIomK8IP_OmVMiewtFc6l1DoBd15emkLbDTrNaaRI57At2USnobpeUFPKn78_Lyvh0PsgeoL-_p8-0nj8scoZ4FsPmwvFfPus1KdoyQhTrkQmrR0kzzWbU4jqed_OF7GusMMu4pzCptgLZngRB17lRKakFqKIIFwc7P3p7Ncn1I7362l4TGnTQMJ2Z_SFu9UQ4M-NiPwz_Tg%3D%3D&icons=rsq_eSP2ZSl4C-HCGl9NmroUrZPcRx7XJ6nAnmSZyxBg596zq9hHmpANpE2zVv15YlgnaE7JK1yCAbeb9NJMRCuVr2CZnLYC45m_gvPPRQTrQaKUwJb_e9ibsTCeqCoTXb65u84F1m4dZcLppCY8IegsmTbpbr0r58bv4DxsnU4RTOIr4g&ext_cid=1133291&px_id=51418776&min_cpm=0.05115625080222936&out_id=1&campaign_type=lq&aid=172&cid=1945&uniq=d5c7af06188e3a8eb909617af613c4bb78a5d625fe3f3baad671f07830dd9088&mid=2073683734796869880&skin_id=2&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.00840532205169652&cpm=0&verify_hash=652f47eff2bcb548bbc5f2a47c176048&is_native=1&real_bid=0.0001468079996109&original_bid_usd=0.00023999999999999998&original_bid=0.00023999999999999998&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,88,95,96,27,129,5&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1714290301&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FDE%2FDE_4c0f319d1a96beb4e3d95713256cda506ce66fd8.webp&site=native-push-adult&price=0.00023999999999999998&hostname=auc-inpage-hz-6-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000024&ext_campaign_id_str=1133291&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=6d150e1a-c315-4d6a-83f7-ee407eb0f5b2&prev_step_diff=966 IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subject30f6a0aa8e.com Fingerprint16:29:00:E5:6C:60:6C:43:65:A5:C4:9B:4C:95:FF:C8:99:55:70:92 ValiditySun, 21 Apr 2024 14:01:53 GMT - Sat, 20 Jul 2024 14:01:52 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.tax%2Fd%2FNZv3DAQgRwP&refdom=poop.tax&auction_time=1714031101&subid=388464194&sid=251536434&tcid=0&ver=8.158.1&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-25&iabcat=IAB25-3&keywords=adult&user_fp=1085635384331788990&score=100&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.tax%252Fd%252FNZv3DAQgRwP%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=deae48f43f5e35e3b89590e2a8a8b9da&url=https%3A%2F%2Fphgofi.com%2Ft%2F8Xe681lg8sn65gDJj_LNQlMd-PajZ59NyR1DdX1G3D8uZCtjHtuxmJ2c3UwFf6FcQXDDsDgEJyHviyfZrXbpLeqWsqmRiXkZBht0AMU6axMLIOcl60ftQwaH0JkzmSPEYpGleef-opMeRfWPdO92X0211Sfn2-tLqS_ncABiUt3650uxK7TmmcYOZdDtdRYiqOC58rLIomK8IP_OmVMiewtFc6l1DoBd15emkLbDTrNaaRI57At2USnobpeUFPKn78_Lyvh0PsgeoL-_p8-0nj8scoZ4FsPmwvFfPus1KdoyQhTrkQmrR0kzzWbU4jqed_OF7GusMMu4pzCptgLZngRB17lRKakFqKIIFwc7P3p7Ncn1I7362l4TGnTQMJ2Z_SFu9UQ4M-NiPwz_Tg%3D%3D&icons=rsq_eSP2ZSl4C-HCGl9NmroUrZPcRx7XJ6nAnmSZyxBg596zq9hHmpANpE2zVv15YlgnaE7JK1yCAbeb9NJMRCuVr2CZnLYC45m_gvPPRQTrQaKUwJb_e9ibsTCeqCoTXb65u84F1m4dZcLppCY8IegsmTbpbr0r58bv4DxsnU4RTOIr4g&ext_cid=1133291&px_id=51418776&min_cpm=0.05115625080222936&out_id=1&campaign_type=lq&aid=172&cid=1945&uniq=d5c7af06188e3a8eb909617af613c4bb78a5d625fe3f3baad671f07830dd9088&mid=2073683734796869880&skin_id=2&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.00840532205169652&cpm=0&verify_hash=652f47eff2bcb548bbc5f2a47c176048&is_native=1&real_bid=0.0001468079996109&original_bid_usd=0.00023999999999999998&original_bid=0.00023999999999999998&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,88,95,96,27,129,5&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1714290301&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FDE%2FDE_4c0f319d1a96beb4e3d95713256cda506ce66fd8.webp&site=native-push-adult&price=0.00023999999999999998&hostname=auc-inpage-hz-6-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.00000024&ext_campaign_id_str=1133291&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=6d150e1a-c315-4d6a-83f7-ee407eb0f5b2&prev_step_diff=966 HTTP/1.1
Host: ef919a7d9f.30f6a0aa8e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 25 Apr 2024 07:45:01 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| metrolagu.cam/watch?v=uumh7vKfruE | 188.114.97.1 | 200 OK | 3.1 kB |
URL POST HTTP/3metrolagu.cam/watch?v=uumh7vKfruE IP188.114.97.1:443
Requested byhttps://mp4skin.com/watch?V=qqqRuFM3thI CertificateIssuerGoogle Trust Services LLC Subjectmetrolagu.cam Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT
File typeHTML document, ASCII text, with very long lines (3352) Hash1865f83610e8117920468528b149ead4 62dc62e23d2a9df5f0f8e874e7ef56586b3c44bf 685b00bb496802fe33d310f9bb3620943cdb768ebfe662473164837c07bdcebe
POST /watch?v=uumh7vKfruE HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/jembud/5077526751414433765a4e
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:01 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TSYiaxeDJd71fvUCx8MxvFKLYIirJqxiZolvG4Ks0IdV5dURNjeKSLZYCezLYqvgnCuVguh4nqwpvw94QqLIywMbLu8ZB6y7Q1I05wnZly%2FvAwAPydDByDfFxkCLNx9C"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879cb60f59570b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQyh_IJNfbq33YYC9y9spR_CCaJYPpr-cshGrD-2qX9ci18NHF7tyg-9Z5WS7lB3MJf5l79UzA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1710286428%3A1714031101355462&theme=mn&ddm=0 | 108.177.14.84 | 403 Forbidden | 3.4 kB |
URL GET HTTP/3accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQyh_IJNfbq33YYC9y9spR_CCaJYPpr-cshGrD-2qX9ci18NHF7tyg-9Z5WS7lB3MJf5l79UzA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1710286428%3A1714031101355462&theme=mn&ddm=0 IP108.177.14.84:443
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerGoogle Trust Services LLC Subject*.google.com Fingerprint01:16:A3:AE:CA:C9:AC:ED:3A:C9:AA:75:BE:C2:51:EF:65:CE:23:E1 ValidityMon, 08 Apr 2024 06:34:56 GMT - Mon, 01 Jul 2024 06:34:55 GMT
File typegzip compressed data, max compression Hash128cf991b31eb3678cca812601e0dd71 d600d830ce1ba607b102cea9cfc8efcbe119640e a7bb2747e710fc5b1309afbf6d7c0fee85986afff64ed6ef8b9030ad12a79337
GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQyh_IJNfbq33YYC9y9spR_CCaJYPpr-cshGrD-2qX9ci18NHF7tyg-9Z5WS7lB3MJf5l79UzA&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1710286428%3A1714031101355462&theme=mn&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 25 Apr 2024 07:45:01 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-uP2IjSD4tUofmLQyiXG-0Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| imgsdn.com/ie?v=4&c=3v0WLRn8aNEvWXXhJjotHVkhnxUL-Z7cae4lm5baLPY7sPXbwIqaX6LJwMzEhjkKPZ3aaMXc8nwEq7TTD7jplI081r6TNkxexI9j_Fincztid0XS0Q75j0vw0c5iJdAIJ1h952gejFEhcZvIS2lavoLTBfyKWS8WjsFQXh9MT_yYRakz4HiiJOn7KsXuslgaB6-iow61VEWSqTU_ecXMhkof9h-6wBcH_fooPlPrfRqcEmRSgV4N79sp8JoG-ur-8Gfl_B44g0XSRFd82DYDq2lobZBDfmDel5EQ6MLr2lLuvIS41E_8DQR3yQ0xW21ehvhVR4F9Qk6V0LELYevsOo42xpnQ5v40vj-ZMbJpt3oE0lIV0GScSmWUN7ItLHxsf5PTpGa3quUnEefPv-XWJMZS6q0gPXhBdW2kUbfe-P7EHE93RHD6WgC60euIHk71s5qxIm9LCbSYvOrksXF3&v1=457&v2=49675&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&st=0.02&cpa=df2b56da-470a-42f8-9e79-6a0db4c1fea7&prev_step_diff=780 | 213.239.207.252 | 301 Moved Permanently | 0 B |
URL GET HTTP/1.1imgsdn.com/ie?v=4&c=3v0WLRn8aNEvWXXhJjotHVkhnxUL-Z7cae4lm5baLPY7sPXbwIqaX6LJwMzEhjkKPZ3aaMXc8nwEq7TTD7jplI081r6TNkxexI9j_Fincztid0XS0Q75j0vw0c5iJdAIJ1h952gejFEhcZvIS2lavoLTBfyKWS8WjsFQXh9MT_yYRakz4HiiJOn7KsXuslgaB6-iow61VEWSqTU_ecXMhkof9h-6wBcH_fooPlPrfRqcEmRSgV4N79sp8JoG-ur-8Gfl_B44g0XSRFd82DYDq2lobZBDfmDel5EQ6MLr2lLuvIS41E_8DQR3yQ0xW21ehvhVR4F9Qk6V0LELYevsOo42xpnQ5v40vj-ZMbJpt3oE0lIV0GScSmWUN7ItLHxsf5PTpGa3quUnEefPv-XWJMZS6q0gPXhBdW2kUbfe-P7EHE93RHD6WgC60euIHk71s5qxIm9LCbSYvOrksXF3&v1=457&v2=49675&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&st=0.02&cpa=df2b56da-470a-42f8-9e79-6a0db4c1fea7&prev_step_diff=780 IP213.239.207.252:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subjectnimrute.com FingerprintFE:11:FD:FB:69:FC:E9:22:01:AE:4B:9D:F5:85:C9:1C:FF:4D:44:D4 ValidityMon, 12 Feb 2024 14:13:04 GMT - Sun, 12 May 2024 14:13:03 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ie?v=4&c=3v0WLRn8aNEvWXXhJjotHVkhnxUL-Z7cae4lm5baLPY7sPXbwIqaX6LJwMzEhjkKPZ3aaMXc8nwEq7TTD7jplI081r6TNkxexI9j_Fincztid0XS0Q75j0vw0c5iJdAIJ1h952gejFEhcZvIS2lavoLTBfyKWS8WjsFQXh9MT_yYRakz4HiiJOn7KsXuslgaB6-iow61VEWSqTU_ecXMhkof9h-6wBcH_fooPlPrfRqcEmRSgV4N79sp8JoG-ur-8Gfl_B44g0XSRFd82DYDq2lobZBDfmDel5EQ6MLr2lLuvIS41E_8DQR3yQ0xW21ehvhVR4F9Qk6V0LELYevsOo42xpnQ5v40vj-ZMbJpt3oE0lIV0GScSmWUN7ItLHxsf5PTpGa3quUnEefPv-XWJMZS6q0gPXhBdW2kUbfe-P7EHE93RHD6WgC60euIHk71s5qxIm9LCbSYvOrksXF3&v1=457&v2=49675&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&st=0.02&cpa=df2b56da-470a-42f8-9e79-6a0db4c1fea7&prev_step_diff=780 HTTP/1.1
Host: imgsdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Thu, 25 Apr 2024 07:45:00 GMT
content-length: 0
location: https://img.vmmcdn.com/get/14395386/553672_icon.png
x-app-id: 12
|
|
| img.cdn.house/i/1/RWNtYvNuyyjznrc2QGJ5lOk9Cf8_JvY33TvH6q2RZp__Ef821Me_EP6kMrs-u9wA9H2i9THGtF7E6_hgMOSCKuCuQMQKzdtB7nulQ12Vl4xuwy2ZsGV_vPiIL1qinld2ka4EDvofLnKQdHIFGGO5JwoTNhRNlaiy875xGSCsq2p7uQv2zS4g-ZgtCNtkDhT4 | 176.9.17.3 | 200 OK | 3.8 kB |
URL GET HTTP/2img.cdn.house/i/1/RWNtYvNuyyjznrc2QGJ5lOk9Cf8_JvY33TvH6q2RZp__Ef821Me_EP6kMrs-u9wA9H2i9THGtF7E6_hgMOSCKuCuQMQKzdtB7nulQ12Vl4xuwy2ZsGV_vPiIL1qinld2ka4EDvofLnKQdHIFGGO5JwoTNhRNlaiy875xGSCsq2p7uQv2zS4g-ZgtCNtkDhT4 IP176.9.17.3:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subjectimg.cdn.house Fingerprint98:AC:05:29:31:CD:6B:03:04:7D:9B:28:08:AA:B1:09:56:1A:CA:30 ValidityThu, 21 Mar 2024 10:50:12 GMT - Wed, 19 Jun 2024 10:50:11 GMT
File typeRIFF (little-endian) data, Web/P image, VP8 encoding, 192x192, Scaling: [none]x[none], YUV color, decoders should clamp Hash1a1f2a5a03a4b73b5f4aea2c97f0d7af 5c7040376db1f4b23d544c8b557379953d635f58 970c680d5d55f928c2104fcdf34770b580e4e4d56a5958a514dcd3ac585da2a0
GET /i/1/RWNtYvNuyyjznrc2QGJ5lOk9Cf8_JvY33TvH6q2RZp__Ef821Me_EP6kMrs-u9wA9H2i9THGtF7E6_hgMOSCKuCuQMQKzdtB7nulQ12Vl4xuwy2ZsGV_vPiIL1qinld2ka4EDvofLnKQdHIFGGO5JwoTNhRNlaiy875xGSCsq2p7uQv2zS4g-ZgtCNtkDhT4 HTTP/1.1
Host: img.cdn.house
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 07:45:01 GMT
content-type: image/webp
content-length: 3804
last-modified: Sun, 21 Jan 2024 10:29:43 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| imgsdn.com/ie?v=4&c=RHFomGk9WahXNZtUvTMY4jkNcGWDmapWLNUxPBpdSxgV5KrR583W7OGe61zQQBO5D071cplPqxAMUQK5Mx7Zpp0WPO1dhXziXV3fGxR0dtO5P2n_RO3em1VOpRSAl155fcR5aJQMeSTg5dz4Wo1t82r6nkGGkebyOmZe6AqAZeo2V9RryqME41pK1LghIELRUqnKdx3X5a3WXda1pqvDvjrAy-QCQSAyuhqm_6s01jH436hUJDrYFb-wZr4ePjS8U1ix6YxOPCLdSYJ5A0kOdEquslxyrnZ5GzMM_k6AO1RPTcUduq09rdEkJ938_DVr6zY7eZUvn2ygbDJBiZQrV7b_XDAEd3z9x-m6-DKrTiRqduc3T3ey0KJfDr7AMGZMzOR2ON_fZm1g27eEEWkrxARf0r78Dm-gohe6YFKp6O9Agc4--lV6KsfoFA==&v1=457&v2=49675&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.02&cpa=a74af705-415e-405c-a81d-50d38e0fecac&prev_step_diff=966 | 213.239.207.252 | 301 Moved Permanently | 0 B |
URL GET HTTP/1.1imgsdn.com/ie?v=4&c=RHFomGk9WahXNZtUvTMY4jkNcGWDmapWLNUxPBpdSxgV5KrR583W7OGe61zQQBO5D071cplPqxAMUQK5Mx7Zpp0WPO1dhXziXV3fGxR0dtO5P2n_RO3em1VOpRSAl155fcR5aJQMeSTg5dz4Wo1t82r6nkGGkebyOmZe6AqAZeo2V9RryqME41pK1LghIELRUqnKdx3X5a3WXda1pqvDvjrAy-QCQSAyuhqm_6s01jH436hUJDrYFb-wZr4ePjS8U1ix6YxOPCLdSYJ5A0kOdEquslxyrnZ5GzMM_k6AO1RPTcUduq09rdEkJ938_DVr6zY7eZUvn2ygbDJBiZQrV7b_XDAEd3z9x-m6-DKrTiRqduc3T3ey0KJfDr7AMGZMzOR2ON_fZm1g27eEEWkrxARf0r78Dm-gohe6YFKp6O9Agc4--lV6KsfoFA==&v1=457&v2=49675&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.02&cpa=a74af705-415e-405c-a81d-50d38e0fecac&prev_step_diff=966 IP213.239.207.252:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subjectnimrute.com FingerprintFE:11:FD:FB:69:FC:E9:22:01:AE:4B:9D:F5:85:C9:1C:FF:4D:44:D4 ValidityMon, 12 Feb 2024 14:13:04 GMT - Sun, 12 May 2024 14:13:03 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ie?v=4&c=RHFomGk9WahXNZtUvTMY4jkNcGWDmapWLNUxPBpdSxgV5KrR583W7OGe61zQQBO5D071cplPqxAMUQK5Mx7Zpp0WPO1dhXziXV3fGxR0dtO5P2n_RO3em1VOpRSAl155fcR5aJQMeSTg5dz4Wo1t82r6nkGGkebyOmZe6AqAZeo2V9RryqME41pK1LghIELRUqnKdx3X5a3WXda1pqvDvjrAy-QCQSAyuhqm_6s01jH436hUJDrYFb-wZr4ePjS8U1ix6YxOPCLdSYJ5A0kOdEquslxyrnZ5GzMM_k6AO1RPTcUduq09rdEkJ938_DVr6zY7eZUvn2ygbDJBiZQrV7b_XDAEd3z9x-m6-DKrTiRqduc3T3ey0KJfDr7AMGZMzOR2ON_fZm1g27eEEWkrxARf0r78Dm-gohe6YFKp6O9Agc4--lV6KsfoFA==&v1=457&v2=49675&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.02&cpa=a74af705-415e-405c-a81d-50d38e0fecac&prev_step_diff=966 HTTP/1.1
Host: imgsdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Thu, 25 Apr 2024 07:45:00 GMT
content-length: 0
location: https://img.vmmcdn.com/get/54661559/71049_icon.png
x-app-id: 12
|
|
| img.vmmcdn.com/get/75100307/537617_image.png | 138.201.51.142 | 200 OK | 24 kB |
URL GET HTTP/1.1img.vmmcdn.com/get/75100307/537617_image.png IP138.201.51.142:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subjectimg.vmmcdn.com FingerprintA8:37:00:E2:01:F9:B8:25:04:DA:47:64:57:0E:0B:64:E3:8A:0B:C7 ValidityFri, 12 Apr 2024 20:58:24 GMT - Thu, 11 Jul 2024 20:58:23 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 720x480, components 3 Hash307aeea51b76acce9d3f26bc4c839e3f 4da4a32a7c560a84f62b67affa22b884e4db239c 3634b5e2ac7bc001bd824971b02ba4d34f086e71c5d12fc48ae926c2255c2a47
GET /get/75100307/537617_image.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 25 Apr 2024 07:45:01 GMT
Content-Type: image/png
Content-Length: 24026
Connection: keep-alive
Last-Modified: Wed, 01 Nov 2023 13:41:02 GMT
Cache-Control: public, max-age=604800
ETag: "6542556e-5dda"
X-Proxy-Cache: HIT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Request-Headers: x-requested-with
Access-Control-Allow-Headers: x-requested-with
Accept-Ranges: bytes
|
|
| fikedaquabib.com/rotaInGRWQGA24/64343 | 23.109.170.24 | 200 OK | 20 B |
URL GET HTTP/1.1fikedaquabib.com/rotaInGRWQGA24/64343 IP23.109.170.24:443
Requested byhttps://metrolagu.cam/watch?v=uumh7vKfruE CertificateIssuerLet's Encrypt Subjectfikedaquabib.com FingerprintB2:55:98:8B:5C:B3:05:1D:91:A5:02:43:2D:0B:18:86:4D:1E:E9:38 ValidityThu, 28 Mar 2024 23:27:44 GMT - Wed, 26 Jun 2024 23:27:43 GMT
File typegzip compressed data, from Unix Hash7029066c27ac6f5ef18d660d5741979a 46c6643f07aa7f6bfe7118de926b86defc5087c4 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /rotaInGRWQGA24/64343 HTTP/1.1
Host: fikedaquabib.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 25 Apr 2024 07:45:01 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://metrolagu.cam
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Fri, 26-Apr-2024 07:45:01 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Fri, 26-Apr-2024 07:45:01 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| img.vmmcdn.com/get/65518508/71049_image.png | 46.4.121.113 | 200 OK | 29 kB |
URL GET HTTP/2img.vmmcdn.com/get/65518508/71049_image.png IP46.4.121.113:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subjectimg.vmmcdn.com Fingerprint35:E7:50:83:81:F0:56:72:43:78:A5:4D:BF:00:F7:2C:AD:25:0F:C4 ValiditySat, 13 Apr 2024 08:24:46 GMT - Fri, 12 Jul 2024 08:24:45 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 720x480, components 3 Hash2496a53117b8f8e722de99020213c3ea 23ed87f686c8d992d44493879887ca272daa7869 7fdb6dda35bca244a975110707f038d31352b0a797d98b07e6ccb3b77c831bba
GET /get/65518508/71049_image.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.14.1
date: Thu, 25 Apr 2024 07:45:01 GMT
content-type: image/png
content-length: 28584
last-modified: Thu, 14 Sep 2023 16:47:15 GMT
cache-control: public, max-age=604800
etag: "65033913-6fa8"
x-proxy-cache: HIT
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: x-requested-with
access-control-allow-headers: x-requested-with
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| img.vmmcdn.com/get/14395386/553672_icon.png | 46.4.121.113 | 200 OK | 87 kB |
URL GET HTTP/2img.vmmcdn.com/get/14395386/553672_icon.png IP46.4.121.113:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subjectimg.vmmcdn.com Fingerprint35:E7:50:83:81:F0:56:72:43:78:A5:4D:BF:00:F7:2C:AD:25:0F:C4 ValiditySat, 13 Apr 2024 08:24:46 GMT - Fri, 12 Jul 2024 08:24:45 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hash16850ad969e047a0fcbb184fc3e3c2bc 749b204e6b8081dfbe187cfce39fc87ec92a14c0 5aa8d55d1c65caa972838e3a89f28f48241b278101ed6a713956297545208410
GET /get/14395386/553672_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.14.1
date: Thu, 25 Apr 2024 07:45:01 GMT
content-type: image/png
content-length: 86801
last-modified: Fri, 19 Apr 2024 08:53:16 GMT
cache-control: public, max-age=604800
etag: "662230fc-15311"
x-proxy-cache: HIT
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: x-requested-with
access-control-allow-headers: x-requested-with
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| mcpuwpsh.com/get/ | 94.130.197.240 | 200 OK | 4.2 kB |
IP94.130.197.240:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subjectpuwpush.com Fingerprint53:1A:81:DB:A5:78:D8:1D:93:BF:BA:0F:71:6B:43:8D:3F:33:58:D1 ValidityFri, 01 Mar 2024 09:39:36 GMT - Thu, 30 May 2024 09:39:35 GMT
Hashd38efd2404cc7eed488692e419a911cc 5c4a4ddd7c5ce460c8ff641424102c0be6ccddb0 06529bd3e74a64048e90cefdcf3f958f461272ae6a1fc85da0a37d2980f0839a
POST /get/ HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://poop.tax/
Content-Type: text/plain;charset=UTF-8
Content-Length: 991
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.16.0
date: Thu, 25 Apr 2024 07:45:01 GMT
content-type: application/json
content-length: 4195
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| pagead2.googlesyndication.com/pagead/js/adsbygoogle.js | 142.250.74.66 | 200 OK | 51 kB |
URL GET HTTP/2pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP142.250.74.66:443
Requested byhttps://metrolagu.cam/watch?v=uumh7vKfruE CertificateIssuerGoogle Trust Services LLC Subject*.g.doubleclick.net Fingerprint1B:FA:17:60:E2:34:D4:FA:D1:13:08:09:6E:8F:ED:E7:A8:8C:6E:7A ValidityMon, 18 Mar 2024 19:37:13 GMT - Mon, 10 Jun 2024 19:37:12 GMT
File typeJavaScript source, ASCII text, with very long lines (3920) Hashd8e5aa67caa01bc5c18270c562d46f2a 5269aee1fd5872c4d81195e50f16e21e0db0548f 4fa7dec5446f5197471b5086583d7e6f6223c0b8dad3f30b8fdd81e9d64e2a38
GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://metrolagu.cam/
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Thu, 25 Apr 2024 07:45:02 GMT
expires: Thu, 25 Apr 2024 07:45:02 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 11695425799148217767
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 51288
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| img.vmmcdn.com/get/54661559/71049_icon.png | 46.4.121.113 | 200 OK | 77 kB |
URL GET HTTP/2img.vmmcdn.com/get/54661559/71049_icon.png IP46.4.121.113:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subjectimg.vmmcdn.com Fingerprint35:E7:50:83:81:F0:56:72:43:78:A5:4D:BF:00:F7:2C:AD:25:0F:C4 ValiditySat, 13 Apr 2024 08:24:46 GMT - Fri, 12 Jul 2024 08:24:45 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hashe40bebadddf9f24d3473604087b72b61 9b18cd68b37aa261fd07341fa561f31621451138 b09761af91e52adb991dcaa32c2c407f222f91b2aa188296ae124082a5ea1ef9
GET /get/54661559/71049_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.14.1
date: Thu, 25 Apr 2024 07:45:02 GMT
content-type: image/png
content-length: 77160
last-modified: Sat, 27 Nov 2021 11:12:16 GMT
cache-control: public, max-age=604800
etag: "61a21290-12d68"
x-proxy-cache: HIT
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: x-requested-with
access-control-allow-headers: x-requested-with
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| storage.multstorage.com/log/count.html | 104.21.30.242 | 200 OK | 882 B |
URL GET HTTP/2storage.multstorage.com/log/count.html IP104.21.30.242:443
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerGoogle Trust Services LLC Subjectmultstorage.com Fingerprint63:F0:24:29:21:22:E5:42:33:61:B5:20:05:1B:EF:36:81:F5:7B:0A ValiditySun, 17 Mar 2024 08:38:54 GMT - Sat, 15 Jun 2024 08:38:53 GMT
File typeHTML document, ASCII text, with very long lines (919), with no line terminators Hash053b1fe641da8057571d40ebaf1624ab 09b2648b7d08c84621298f0b939cea5170a65022 6606334874a3edb8295831f41d3684433e4553ffe0a72e58c90926e00f39c6a4
GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:45:00 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: ae03dc07d99ab7e5ee956e0154b59c43
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oLErDr6%2BdTfF8AOTe1WLxhc3tL25HdWReW6iS%2FZsqCmSFoUdHhgTqcvaXf1LT5VkwTNFUMVbKkR8PqbF47zvZaRVbORSCw%2B1mrRcImx6srIl%2BROytl%2FRm3RqIo%2BtLpBOXPozTaZv2ixjvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879cb60a8846b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 96b600f50a.a0e351a3aa.com/d7ff2f66a5c3df345a93e5789dd2c3ff.js | 45.133.44.53 | 200 OK | 470 kB |
URL GET HTTP/296b600f50a.a0e351a3aa.com/d7ff2f66a5c3df345a93e5789dd2c3ff.js IP45.133.44.53:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subject96b600f50a.a0e351a3aa.com FingerprintAD:AF:F1:6D:B3:03:A9:36:49:20:2F:CC:29:B3:F0:E6:2D:A0:EA:6D ValidityMon, 22 Apr 2024 02:20:27 GMT - Sun, 21 Jul 2024 02:20:26 GMT
Size470 kB (470121 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /d7ff2f66a5c3df345a93e5789dd2c3ff.js HTTP/1.1
Host: 96b600f50a.a0e351a3aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:45:00 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 12:49:54 GMT
etag: W/"661e73f2-72c69"
content-encoding: gzip
expires: Thu, 25 Apr 2024 07:50:00 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/bootstrap.min.css | 188.114.96.1 | 200 OK | 209 kB |
URL GET HTTP/2assets.poopcdn.com/bootstrap.min.css IP188.114.96.1:443
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typeASCII text, with very long lines (625) Size209 kB (208810 bytes) Hash3ad35d9c124d6c7d13f776dde0df9286 1bfc432b338ca01be6b05ab8e87f4a63caa8d82b 10c142c79bbbfe42ce677eedeee70f918de0e759feabc175f423543aee886a6b
GET /bootstrap.min.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:44:59 GMT
content-type: text/css
etag: W/"3ad35d9c124d6c7d13f776dde0df9286"
last-modified: Thu, 14 Mar 2024 17:13:03 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6860
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N16jCMs8idBsZYKQgY4%2FZWlBB%2FnVqP5KcqhZhJ4tC25bA%2F8ZTc34yABrldiPbohfwtT%2Fbee5JRIW8H3lenEI5DX8fba48zaD8qCIgthUefMhSLVo5KbIh47ZlSun%2BiTPgRfazJY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879cb606a9615687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 96b600f50a.a0e351a3aa.com/6f908e07455db1a39a6b4cc9a2dfd993.js | 45.133.44.53 | 200 OK | 168 kB |
URL GET HTTP/296b600f50a.a0e351a3aa.com/6f908e07455db1a39a6b4cc9a2dfd993.js IP45.133.44.53:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subject96b600f50a.a0e351a3aa.com FingerprintAD:AF:F1:6D:B3:03:A9:36:49:20:2F:CC:29:B3:F0:E6:2D:A0:EA:6D ValidityMon, 22 Apr 2024 02:20:27 GMT - Sun, 21 Jul 2024 02:20:26 GMT
Size168 kB (168545 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /6f908e07455db1a39a6b4cc9a2dfd993.js HTTP/1.1
Host: 96b600f50a.a0e351a3aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:45:00 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 18 Apr 2024 12:59:21 GMT
etag: W/"66211929-29261"
content-encoding: gzip
expires: Thu, 25 Apr 2024 07:50:00 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| 96b600f50a.a0e351a3aa.com/d7ff2f66a5c3df345a93e5789dd2c3ff.js | 45.133.44.53 | 200 OK | 470 kB |
URL GET HTTP/296b600f50a.a0e351a3aa.com/d7ff2f66a5c3df345a93e5789dd2c3ff.js IP45.133.44.53:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subject96b600f50a.a0e351a3aa.com FingerprintAD:AF:F1:6D:B3:03:A9:36:49:20:2F:CC:29:B3:F0:E6:2D:A0:EA:6D ValidityMon, 22 Apr 2024 02:20:27 GMT - Sun, 21 Jul 2024 02:20:26 GMT
Size470 kB (470121 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /d7ff2f66a5c3df345a93e5789dd2c3ff.js HTTP/1.1
Host: 96b600f50a.a0e351a3aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:45:00 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 12:49:54 GMT
etag: W/"661e73f2-72c69"
content-encoding: gzip
expires: Thu, 25 Apr 2024 07:50:00 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| metrolagu.cam/play.svg | 188.114.97.1 | 200 OK | 633 B |
IP188.114.97.1:443
Requested byhttps://metrolagu.cam/watch?v=uumh7vKfruE CertificateIssuerGoogle Trust Services LLC Subjectmetrolagu.cam Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT
File typeSVG Scalable Vector Graphics image Hashfa7e52a78c2db6968656093b3b4f6266 d3c582a7ce14bbe3f2e3a486e8e038d7ccbdfc6a 3ba523164e3d24ae32abd260e3728d4418e4720f145e0571acac76c42e81d3cb
GET /play.svg HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/embed.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:01 GMT
content-type: image/svg+xml
last-modified: Thu, 21 Sep 2023 10:51:20 GMT
etag: W/"650c2028-279"
cache-control: max-age=14400
cf-cache-status: HIT
age: 592
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XtG5Q%2F5KpHi8evs%2BL6ociH8g9QxpzgEPWz7pEzIWM6o%2FPcn6fBJmBRtjbofb3M0hMaXBvEDxMlvfkFxvncOGdZjjM66u8Gm%2B%2BRjjoPeC4UpezPvkNAOSurzVzjgSzT96"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb6126b0e0b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap | 142.250.74.138 | 200 OK | 18 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap IP142.250.74.138:443
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2 ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT
Hash942d6c103643a3b457d90844f34a9b37 e2594da697f0082ee92f0f1d9b163aed142e09e7 654ba530c9e174b31735ff3b7a9cb8399c9c142e7572046eefd3f90b253f4b54
GET /css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 25 Apr 2024 07:44:59 GMT
date: Thu, 25 Apr 2024 07:44:59 GMT
cache-control: private, max-age=86400
content-security-policy-report-only: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| metrolagu.cam/embed.css | 188.114.97.1 | 200 OK | 1.1 kB |
IP188.114.97.1:443
Requested byhttps://metrolagu.cam/watch?v=uumh7vKfruE CertificateIssuerGoogle Trust Services LLC Subjectmetrolagu.cam Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT
File typeASCII text, with very long lines (1145), with no line terminators Hash69c7d11151f7c8da1183e16ec826fd58 e20f5a01a0e67b7e5a8966ef0e36894ffa1e7ecf 360cdfd896a7ee8339aa947d0ea0457e3463ec025f989ef2e683c1ea4719d7d1
GET /embed.css HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/watch?v=uumh7vKfruE
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:01 GMT
content-type: text/css
last-modified: Thu, 28 Sep 2023 15:07:59 GMT
vary: Accept-Encoding
etag: W/"651596cf-446"
expires: Thu, 25 Apr 2024 07:56:03 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 42538
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2FxoBUhuADd%2Ff33YveIMoOPL4gxzoRaGHaXrHkMM1OlEtjSYTXsRn%2FkYMG0mmkGcpqbzXM26w3wYH5hs47MEcWv%2FPda2Vh9%2BrNszBrwjVWFS4RvepLr30eTAaRvRdsLB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879cb6116a870b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 70b25fad84.ecaecc3e17.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIzNDAxMDc2OTQ5MTQ2MDkxNTAiLCJ0aW1lem9uZSI6MCwidmVyIjoiMy4xMjEuMCIsInRhZ19pZCI6MTE0MDM5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuMTcsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MH0= | 45.133.44.53 | 200 OK | 0 B |
URL GET HTTP/270b25fad84.ecaecc3e17.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIzNDAxMDc2OTQ5MTQ2MDkxNTAiLCJ0aW1lem9uZSI6MCwidmVyIjoiMy4xMjEuMCIsInRhZ19pZCI6MTE0MDM5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuMTcsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MH0= IP45.133.44.53:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subject70b25fad84.ecaecc3e17.com FingerprintFE:23:54:AE:9D:F5:3E:7B:A3:9D:DA:6F:CC:59:5D:24:23:E3:13:0B ValidityMon, 22 Apr 2024 02:50:24 GMT - Sun, 21 Jul 2024 02:50:23 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIzNDAxMDc2OTQ5MTQ2MDkxNTAiLCJ0aW1lem9uZSI6MCwidmVyIjoiMy4xMjEuMCIsInRhZ19pZCI6MTE0MDM5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuMTcsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MH0= HTTP/1.1
Host: 70b25fad84.ecaecc3e17.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:45:00 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| meenetiy.com/5/6678850 | 139.45.197.245 | 200 OK | 81 kB |
IP139.45.197.245:443
Requested byhttps://mp4skin.com/watch?V=qqqRuFM3thI CertificateIssuerLet's Encrypt Subjectmeenetiy.com FingerprintCF:74:81:D1:53:E3:14:54:77:B9:F7:ED:98:86:46:15:CD:EC:85:20 ValidityThu, 08 Feb 2024 05:28:25 GMT - Wed, 08 May 2024 05:28:24 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash15408379a1a540d6dc4145f11b0a1cb4 e32720031147a23f54f772b25015487604a4267f 37ff8eb416fa37181ca1f1cd9b83ce38a5d67f806a66b0b07aa27439a19aae2b
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /5/6678850 HTTP/1.1
Host: meenetiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 07:45:01 GMT
content-type: application/javascript
x-trace-id: 798cb479c7519dddbded2f27b7df70bb
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00804999c6f14ed5f145b7af86f9d0c6; expires=Fri, 25 Apr 2025 07:45:01 GMT; path=/; secure; SameSite=None
oaidts=1714031101; expires=Fri, 25 Apr 2025 07:45:01 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| metrolagu.cam/adus.js | 188.114.97.1 | 200 OK | 547 B |
IP188.114.97.1:443
Requested byhttps://metrolagu.cam/watch?v=uumh7vKfruE CertificateIssuerGoogle Trust Services LLC Subjectmetrolagu.cam Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT
File typeASCII text, with very long lines (569), with no line terminators Hash3346424e49a2fc4b5eade5e8a02a6f1a 24378e0d3a1993f796055595e8c9aaf982ff1677 4ac1d2df0841732703e7c99b70296ee90e06bf157546b612ba488bfd7fee573a
GET /adus.js HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/watch?v=uumh7vKfruE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:01 GMT
content-type: application/javascript
last-modified: Mon, 08 Apr 2024 10:19:48 GMT
etag: W/"6613c4c4-223"
expires: Thu, 25 Apr 2024 08:01:50 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 42191
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5zo38iLmekas2v09IQQXbkSs7NRAS%2BlyxYpw%2FWO2KmUZTJESyQy%2Fng3V6e9S3G5k%2F5Pgwnme88yBUNbsEoKU72jgghGZSLRg%2B9hJaGgAwdK7HKSHRBlQeJQs8trvXnzN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb6117a8b0b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| 96b600f50a.a0e351a3aa.com/db0d47e1b9df736087d413834daa80c9/114039?version_name=a | 45.133.44.53 | 200 OK | 3.3 kB |
URL GET HTTP/296b600f50a.a0e351a3aa.com/db0d47e1b9df736087d413834daa80c9/114039?version_name=a IP45.133.44.53:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subject96b600f50a.a0e351a3aa.com FingerprintAD:AF:F1:6D:B3:03:A9:36:49:20:2F:CC:29:B3:F0:E6:2D:A0:EA:6D ValidityMon, 22 Apr 2024 02:20:27 GMT - Sun, 21 Jul 2024 02:20:26 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (3671), with no line terminators Hash9df6c1c5cfe9cb92cf6642b3e784a483 ea5bfc863167fb37c058c63fca22f9e8df2fbb91 1903cbfde4d2328dbbfb9ec13d8f1f4c93c34cd6fb39617941a10e8e54452c74
GET /db0d47e1b9df736087d413834daa80c9/114039?version_name=a HTTP/1.1
Host: 96b600f50a.a0e351a3aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.tax
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:45:00 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Thu, 25 Apr 2024 07:50:00 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|
| mp4skin.com/watch?V=qqqRuFM3thI | 188.114.96.1 | 200 OK | 633 B |
URL POST HTTP/3mp4skin.com/watch?V=qqqRuFM3thI IP188.114.96.1:443
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerGoogle Trust Services LLC Subjectmp4skin.com FingerprintD8:5D:D0:B5:E5:A7:78:4E:3F:14:9E:09:7E:35:D8:36:08:F2:5A:0E ValiditySat, 02 Mar 2024 00:24:57 GMT - Fri, 31 May 2024 00:24:56 GMT
File typeHTML document, ASCII text, with very long lines (672), with no line terminators Hash28932bbfbf3d06b4961dfb9245ef394c 55fb12f0e3e98c7a31b6f5b2efa55f08b0c17b9d e414894f98fe448ec38a7f72fb372d47d0d077aa51ef5d471082ca40a2928cfe
POST /watch?V=qqqRuFM3thI HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/embud/5077526751414433765a4e
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:00 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xCGlgziAeFwOPfXgr%2Bp9%2FxtzsF%2BQ13trpCm37q5zMslIDD5LgvUyw0i49NQydyjgwOPhFqqGHqTKUrskvD62X3EGMvADbvnUI3QHYqtiOHM%2Bp73DW%2Bg3rXoEYfWgyw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879cb60a7d630b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| metrolagu.cam/jembud/5077526751414433765a4e | 188.114.97.1 | 200 OK | 242 B |
URL GET HTTP/2metrolagu.cam/jembud/5077526751414433765a4e IP188.114.97.1:443
Requested byhttps://mp4skin.com/watch?V=qqqRuFM3thI CertificateIssuerGoogle Trust Services LLC Subjectmetrolagu.cam Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT
File typeHTML document, ASCII text, with no line terminators Hash77a10174f45c1074281de6dcc13d506d bc721f7e8f7e04ea17a47971aef19327df2410e1 3ac8a1749795842fae61eaa97442683eeef260e2a939c4d02beb546810db1870
GET /jembud/5077526751414433765a4e HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:45:01 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OT4q%2Bm7NmVTa3FmWCHYGjKRFwCQGxU5eRitT3NpyO7f7kI34vbahrGVynV91cad%2FtF1sVW6Wczw4LnfiD%2FKOgH9Qgkghq1OAj%2BUnJgjaiIy%2F1sF8YFTE0uxySPQJ37AS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879cb60cebed56a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| mp4skin.com/embud/5077526751414433765a4e | 188.114.96.1 | 200 OK | 241 B |
URL GET HTTP/2mp4skin.com/embud/5077526751414433765a4e IP188.114.96.1:443
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerGoogle Trust Services LLC Subjectmp4skin.com FingerprintD8:5D:D0:B5:E5:A7:78:4E:3F:14:9E:09:7E:35:D8:36:08:F2:5A:0E ValiditySat, 02 Mar 2024 00:24:57 GMT - Fri, 31 May 2024 00:24:56 GMT
File typeHTML document, ASCII text, with no line terminators Hash655551a394fe1878d639dca70a7ed1fa 7b3dc5b4f202a6eba4f6aaeb02900a2296f39a5f 2c27e9174fbf1757103bdb39f603bd52f3ca527f76307f74795c8047fb76bf3b
GET /embud/5077526751414433765a4e HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:45:00 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uKPCfMDhrLSxJ2gqqTcT6xZVgWha2WC20vFfxnMDSfCpFQ6ecvCOWt8w2EyWjX1nOHwh01jWD4mFVSMO70uwrv%2FZ7fX85Vgbb0P%2B0DIiP2%2FwUBfNd2eGY2NMRIwGZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879cb6080b5e0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| meenetiy.com/?rb=ejmNGapYiXDtJXBRGE024vr1lHCyDKXfKH2B4OUIakwxKzyKeDykjAL8WT6dMsi3K5dy-N7-qpWfbPiK8uXi_UuaxJqYN61k1Q-gOHv4l1oDULyg3ChF7QyPm__AdwFT_m63dlI-ZgPOrg8m9lso5YTXOBizvUIwyNAhNPTNb5J6pdDDLt5N7BNXzqQt92o4E-e-SuCPVCY_MLrwZmjJelDUn21QdPvsXwFzoFdKVA_ItH4nfyHcCf_mWRzBWPc9JMqCBqFsbws%3D&request_ab2=131250&zoneid=6678850&js_build=iclick-v1.779.2-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fmp4skin.com%2Fwatch%3FV%3DqqqRuFM3thI&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2F5077526751414433765a4e&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.779.2-auto&navlng=en-US&pnt=0&pnrc=0&wasm=1&bs=23b4bbce-342c-4d0d-95dc-48a21fa45021&userId=0800492b987b4680e2f3ec4420b33760&m=link | 139.45.197.245 | 200 OK | 2.8 kB |
URL GET HTTP/2meenetiy.com/?rb=ejmNGapYiXDtJXBRGE024vr1lHCyDKXfKH2B4OUIakwxKzyKeDykjAL8WT6dMsi3K5dy-N7-qpWfbPiK8uXi_UuaxJqYN61k1Q-gOHv4l1oDULyg3ChF7QyPm__AdwFT_m63dlI-ZgPOrg8m9lso5YTXOBizvUIwyNAhNPTNb5J6pdDDLt5N7BNXzqQt92o4E-e-SuCPVCY_MLrwZmjJelDUn21QdPvsXwFzoFdKVA_ItH4nfyHcCf_mWRzBWPc9JMqCBqFsbws%3D&request_ab2=131250&zoneid=6678850&js_build=iclick-v1.779.2-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fmp4skin.com%2Fwatch%3FV%3DqqqRuFM3thI&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2F5077526751414433765a4e&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.779.2-auto&navlng=en-US&pnt=0&pnrc=0&wasm=1&bs=23b4bbce-342c-4d0d-95dc-48a21fa45021&userId=0800492b987b4680e2f3ec4420b33760&m=link IP139.45.197.245:443
Requested byhttps://mp4skin.com/watch?V=qqqRuFM3thI CertificateIssuerLet's Encrypt Subjectmeenetiy.com FingerprintCF:74:81:D1:53:E3:14:54:77:B9:F7:ED:98:86:46:15:CD:EC:85:20 ValidityThu, 08 Feb 2024 05:28:25 GMT - Wed, 08 May 2024 05:28:24 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (2781), with no line terminators Hash4b0fc066b204a515abadf5bf720646cb 222cea48bc09fe88f6fb6972770f4c1816c1f43d ea77013c90c3aa4f37eee515ca0107d4ecf70218124634d0005a62b31b6f5bbe
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?rb=ejmNGapYiXDtJXBRGE024vr1lHCyDKXfKH2B4OUIakwxKzyKeDykjAL8WT6dMsi3K5dy-N7-qpWfbPiK8uXi_UuaxJqYN61k1Q-gOHv4l1oDULyg3ChF7QyPm__AdwFT_m63dlI-ZgPOrg8m9lso5YTXOBizvUIwyNAhNPTNb5J6pdDDLt5N7BNXzqQt92o4E-e-SuCPVCY_MLrwZmjJelDUn21QdPvsXwFzoFdKVA_ItH4nfyHcCf_mWRzBWPc9JMqCBqFsbws%3D&request_ab2=131250&zoneid=6678850&js_build=iclick-v1.779.2-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fmp4skin.com%2Fwatch%3FV%3DqqqRuFM3thI&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2F5077526751414433765a4e&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.779.2-auto&navlng=en-US&pnt=0&pnrc=0&wasm=1&bs=23b4bbce-342c-4d0d-95dc-48a21fa45021&userId=0800492b987b4680e2f3ec4420b33760&m=link HTTP/1.1
Host: meenetiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mp4skin.com/
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Cookie: OAID=0800492b987b4680e2f3ec4420b33760; oaidts=1714031101; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 07:45:01 GMT
content-type: application/json
x-trace-id: 8f3793cf2d2947bad34a5af2f82ed8ac
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://mp4skin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0800492b987b4680e2f3ec4420b33760; expires=Fri, 25 Apr 2025 07:45:01 GMT; path=/; secure; SameSite=None
oaidts=1714031101; expires=Fri, 25 Apr 2025 07:45:01 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Thu, 02 May 2024 07:45:01 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| meenetiy.com/5/6678850/?abt_opts=1&js_build=iclick-v1.779.2-auto&userId=0800492b987b4680e2f3ec4420b33760 | 139.45.197.245 | 200 OK | 3.7 kB |
URL GET HTTP/2meenetiy.com/5/6678850/?abt_opts=1&js_build=iclick-v1.779.2-auto&userId=0800492b987b4680e2f3ec4420b33760 IP139.45.197.245:443
Requested byhttps://mp4skin.com/watch?V=qqqRuFM3thI CertificateIssuerLet's Encrypt Subjectmeenetiy.com FingerprintCF:74:81:D1:53:E3:14:54:77:B9:F7:ED:98:86:46:15:CD:EC:85:20 ValidityThu, 08 Feb 2024 05:28:25 GMT - Wed, 08 May 2024 05:28:24 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (3684), with no line terminators Hash777f0f9c26ec5953a353f0d4db57b12b 4a902c47a722bf73a36ec41051f6cf4287600aba 970aa4964be7c921c2ca418d44beb09f216ecf76c0447ecaf2ebb7154f1020e9
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /5/6678850/?abt_opts=1&js_build=iclick-v1.779.2-auto&userId=0800492b987b4680e2f3ec4420b33760 HTTP/1.1
Host: meenetiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Cookie: OAID=00804999c6f14ed5f145b7af86f9d0c6; oaidts=1714031101
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 07:45:01 GMT
content-type: application/json
x-trace-id: 34a45f738af4e60a487963c0ce28dfb4
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://mp4skin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0800492b987b4680e2f3ec4420b33760; expires=Fri, 25 Apr 2025 07:45:01 GMT; path=/; secure; SameSite=None
oaidts=1714031101; expires=Fri, 25 Apr 2025 07:45:01 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Thu, 02 May 2024 07:45:01 GMT; path=/; secure; SameSite=None
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| mp4skin.com/embed.css | 188.114.96.1 | 200 OK | 755 B |
IP188.114.96.1:443
Requested byhttps://mp4skin.com/watch?V=qqqRuFM3thI CertificateIssuerGoogle Trust Services LLC Subjectmp4skin.com FingerprintD8:5D:D0:B5:E5:A7:78:4E:3F:14:9E:09:7E:35:D8:36:08:F2:5A:0E ValiditySat, 02 Mar 2024 00:24:57 GMT - Fri, 31 May 2024 00:24:56 GMT
File typeASCII text, with very long lines (757), with no line terminators Hash893c3050971d660ec53ed6ea64582a05 a06d1563bdeb65aa5f5d68b7f0cefdd6778b6056 a2e4ffd0ece96aa94f183f77575fb2dcdf08483df0fbb8f1324cc9f088e9d1c9
GET /embed.css HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/watch?V=qqqRuFM3thI
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 07:45:00 GMT
content-type: text/css
cache-control: max-age=43200
cf-bgj: minify
cf-polished: origSize=1094
etag: W/"655cb8cc-446"
expires: Thu, 25 Apr 2024 09:28:44 GMT
last-modified: Tue, 21 Nov 2023 14:03:56 GMT
cf-cache-status: HIT
age: 36976
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B9KTkc80Gq0vAotkv5U04h2P4%2F3fNNOurBzsIJafR9lz5rYvxVPtKXzjJXa1CLdmwm0QZX2xDDkdg6Y32PlmU1Fu4ngUKRIzyQTEv%2BAruQutfI%2B7I4SdXNt2WNQ5%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb60c4e7f0b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| assets.poopcdn.com/style.css | 188.114.96.1 | 200 OK | 259 kB |
URL GET HTTP/2assets.poopcdn.com/style.css IP188.114.96.1:443
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
Size259 kB (259373 bytes) Hashf94acf4d0db64b4a710fc6fce3bc2a49 63753e2bb0367b37084eba7690d9fb752667ecd3 f4c109f2e81af1df1cf0c41934f699fa249176cb27c7b554d3bc664c89fc1340
GET /style.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:44:59 GMT
content-type: text/css
etag: W/"f94acf4d0db64b4a710fc6fce3bc2a49"
last-modified: Thu, 14 Mar 2024 17:13:04 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6860
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OxHlDD2pyDqrHOORnM5rudTZAMXt6k8lwo1QXxAlC3DUmsKuN%2B5lYLsaEq9yQ3ymjVvk5JrDmLiSLxkkAeBwtMtWHiH1b4ByKXHHL4ivsKAUl7USP8W%2B18un%2BKjuFPdOXMyLtoc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879cb606b96a5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ef919a7d9f.30f6a0aa8e.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.tax%2Fd%2FNZv3DAQgRwP&refdom=poop.tax&auction_time=1714031101&subid=388464194&sid=251536434&tcid=0&ver=8.158.1&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-25&iabcat=IAB25-3&keywords=adult&user_fp=1085635384331788990&score=100&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.tax%252Fd%252FNZv3DAQgRwP%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=49675&crtid=f4bc8cd691515e1eeae62c073e5070e3&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DyYaLKn5NIbNn3ySTDT3HCkZFnPprFv62TFgnRRiJe-DgoALp64r_VwqYS-nvyWPTCa_7u48MjqhOM1cNgSQq-V8JKb4LBZQTj9Yq9dchCvSwiGDlPAp-kyIjyonM3u6jSRvaB_BDKpSHiRoimb2JCfHqEzU8Ec8Tss3j24F0XRqsCSuiqwO8JzRGDQrUezSwOQZpbtYcU7NCRqRLMWx7VWxwIVJhqJqll2b9eWGuEIIDL7wf1MASJXiRvcAjOZWV-ET_5emRN2jEs_9xchLE1wxZaHVnFb7lFMo3-2y8pxUPYD3aUju3uazKYUQ44-t9lXgfcyWDZs4I44n-ZzQRq1wmeoLjj_BviOHeZXyPNx1_TZlh9Wy0aZaSppac8m7ZdJiZK_Bq0Oe9wdWFPAprE1l0RRO0ie4leRCVllX_VuIu4tjpgW9HMOdVLNg1BPg4TACzgDkF3GrdIQjWsTFKOnrS6ejLAWNrlahBl86Mzd077JCOkWKlqWTlAi_1KFgInE6dcHFBFrcYdyCMZrmQ1ohYF4NcfTVGNaYfaPgLkBfQhXgUc0cOVY2g4e6fR68ptPXk7iWYXzV1j5yrkJua&icons=50-3j6AsmfsuJDKaqkJoYkH-QUAQYUN0jzEBxIM4Q21Qsg7MXtHDELd0d1lvcKWpTAx7nkd7Duw85mC5mnCAAAUSeIY2tQiQstsrIi4pbaMRWRXbaHOp5nPxkOlRFquTqELKlG5HFe757CAXYUFjncjak35ui7nQ9cFekP47yAltpFW6wAa54UEJzejU0XpQH2B6o2TbtwkizMbdtYrmcgpA3dVziMqwY6NcxcOSJTcsew1R_pUNFAwMrQ-2x9ENC45YU8kMaoAHjaR-e8Dwp0bo-3AI6pppAyT0TuPJ4xaxuLKlt9QwA_tA78h06vXrKhuJ6qZNkUHLXHuvd9Z-d1a_efCPed1xDoFthJXRiMaB7CLcRVeDXIDB_hx2_azzdvMbeXYxIl7_3Fflam0h1AyPyI95qV0vIiPAQd-7rlxNoPKIi82MWVB8SkirldYrBv4p0duyoVmiqvmkZfP3d_plc5GVbeqgDOa3YyMZQuZ8MeQFN1OQqpJSceJ9UU3PkaqBSezdDAOVFchfnQIEkvnNwMwn09pNaCYE0HnZmER7VGVa35QWiUD6LFWi3O6D3YYgXKW2Ia2n9ExqCseHza-UAd8zUHwZyBE-TS_BvBq6Y_XQMhqjy1mvlzFUH_ByAULuibMl_NUcCtz-WBaBXEBqD8x7ZZ1bDG9o8ZMyhLLLbsZtW0_kn6F9mdk23NDB&ext_cid=49675&px_id=73418776&min_cpm=0.0033633352505932942&out_id=0&campaign_type=hq&aid=291&cid=2703&uniq=&mid=2073683734796869880&skin_id=2&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.05713437771877515&cpm=0&verify_hash=d1ceb7840869167af6f02db7185a5b37&is_native=1&real_bid=0.015178239917755068&original_bid_usd=0.0196&original_bid=0.0196&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=90,4,5,98&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1714088701&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F65518508%2F71049_image.png&site=native-push-adult&price=0.0196&hostname=auc-inpage-hz-6-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000019600000000000002&ext_campaign_id_str=49675&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.02&cpa=70163656-d53b-4904-8419-b47ea0237dba&prev_step_diff=966 | 157.90.84.246 | 200 OK | 0 B |
URL GET HTTP/2ef919a7d9f.30f6a0aa8e.com/in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.tax%2Fd%2FNZv3DAQgRwP&refdom=poop.tax&auction_time=1714031101&subid=388464194&sid=251536434&tcid=0&ver=8.158.1&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-25&iabcat=IAB25-3&keywords=adult&user_fp=1085635384331788990&score=100&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.tax%252Fd%252FNZv3DAQgRwP%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=49675&crtid=f4bc8cd691515e1eeae62c073e5070e3&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DyYaLKn5NIbNn3ySTDT3HCkZFnPprFv62TFgnRRiJe-DgoALp64r_VwqYS-nvyWPTCa_7u48MjqhOM1cNgSQq-V8JKb4LBZQTj9Yq9dchCvSwiGDlPAp-kyIjyonM3u6jSRvaB_BDKpSHiRoimb2JCfHqEzU8Ec8Tss3j24F0XRqsCSuiqwO8JzRGDQrUezSwOQZpbtYcU7NCRqRLMWx7VWxwIVJhqJqll2b9eWGuEIIDL7wf1MASJXiRvcAjOZWV-ET_5emRN2jEs_9xchLE1wxZaHVnFb7lFMo3-2y8pxUPYD3aUju3uazKYUQ44-t9lXgfcyWDZs4I44n-ZzQRq1wmeoLjj_BviOHeZXyPNx1_TZlh9Wy0aZaSppac8m7ZdJiZK_Bq0Oe9wdWFPAprE1l0RRO0ie4leRCVllX_VuIu4tjpgW9HMOdVLNg1BPg4TACzgDkF3GrdIQjWsTFKOnrS6ejLAWNrlahBl86Mzd077JCOkWKlqWTlAi_1KFgInE6dcHFBFrcYdyCMZrmQ1ohYF4NcfTVGNaYfaPgLkBfQhXgUc0cOVY2g4e6fR68ptPXk7iWYXzV1j5yrkJua&icons=50-3j6AsmfsuJDKaqkJoYkH-QUAQYUN0jzEBxIM4Q21Qsg7MXtHDELd0d1lvcKWpTAx7nkd7Duw85mC5mnCAAAUSeIY2tQiQstsrIi4pbaMRWRXbaHOp5nPxkOlRFquTqELKlG5HFe757CAXYUFjncjak35ui7nQ9cFekP47yAltpFW6wAa54UEJzejU0XpQH2B6o2TbtwkizMbdtYrmcgpA3dVziMqwY6NcxcOSJTcsew1R_pUNFAwMrQ-2x9ENC45YU8kMaoAHjaR-e8Dwp0bo-3AI6pppAyT0TuPJ4xaxuLKlt9QwA_tA78h06vXrKhuJ6qZNkUHLXHuvd9Z-d1a_efCPed1xDoFthJXRiMaB7CLcRVeDXIDB_hx2_azzdvMbeXYxIl7_3Fflam0h1AyPyI95qV0vIiPAQd-7rlxNoPKIi82MWVB8SkirldYrBv4p0duyoVmiqvmkZfP3d_plc5GVbeqgDOa3YyMZQuZ8MeQFN1OQqpJSceJ9UU3PkaqBSezdDAOVFchfnQIEkvnNwMwn09pNaCYE0HnZmER7VGVa35QWiUD6LFWi3O6D3YYgXKW2Ia2n9ExqCseHza-UAd8zUHwZyBE-TS_BvBq6Y_XQMhqjy1mvlzFUH_ByAULuibMl_NUcCtz-WBaBXEBqD8x7ZZ1bDG9o8ZMyhLLLbsZtW0_kn6F9mdk23NDB&ext_cid=49675&px_id=73418776&min_cpm=0.0033633352505932942&out_id=0&campaign_type=hq&aid=291&cid=2703&uniq=&mid=2073683734796869880&skin_id=2&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.05713437771877515&cpm=0&verify_hash=d1ceb7840869167af6f02db7185a5b37&is_native=1&real_bid=0.015178239917755068&original_bid_usd=0.0196&original_bid=0.0196&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=90,4,5,98&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1714088701&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F65518508%2F71049_image.png&site=native-push-adult&price=0.0196&hostname=auc-inpage-hz-6-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000019600000000000002&ext_campaign_id_str=49675&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.02&cpa=70163656-d53b-4904-8419-b47ea0237dba&prev_step_diff=966 IP157.90.84.246:443 ASN#24940 Hetzner Online GmbH
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subject30f6a0aa8e.com Fingerprint16:29:00:E5:6C:60:6C:43:65:A5:C4:9B:4C:95:FF:C8:99:55:70:92 ValiditySun, 21 Apr 2024 14:01:53 GMT - Sat, 20 Jul 2024 14:01:52 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /in/show/?tag_ab=a&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoop.tax%2Fd%2FNZv3DAQgRwP&refdom=poop.tax&auction_time=1714031101&subid=388464194&sid=251536434&tcid=0&ver=8.158.1&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-25&iabcat=IAB25-3&keywords=adult&user_fp=1085635384331788990&score=100&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.tax%252Fd%252FNZv3DAQgRwP%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=49675&crtid=f4bc8cd691515e1eeae62c073e5070e3&url=http%3A%2F%2Fargodol.com%2Fie%3Fv%3D4%26c%3DyYaLKn5NIbNn3ySTDT3HCkZFnPprFv62TFgnRRiJe-DgoALp64r_VwqYS-nvyWPTCa_7u48MjqhOM1cNgSQq-V8JKb4LBZQTj9Yq9dchCvSwiGDlPAp-kyIjyonM3u6jSRvaB_BDKpSHiRoimb2JCfHqEzU8Ec8Tss3j24F0XRqsCSuiqwO8JzRGDQrUezSwOQZpbtYcU7NCRqRLMWx7VWxwIVJhqJqll2b9eWGuEIIDL7wf1MASJXiRvcAjOZWV-ET_5emRN2jEs_9xchLE1wxZaHVnFb7lFMo3-2y8pxUPYD3aUju3uazKYUQ44-t9lXgfcyWDZs4I44n-ZzQRq1wmeoLjj_BviOHeZXyPNx1_TZlh9Wy0aZaSppac8m7ZdJiZK_Bq0Oe9wdWFPAprE1l0RRO0ie4leRCVllX_VuIu4tjpgW9HMOdVLNg1BPg4TACzgDkF3GrdIQjWsTFKOnrS6ejLAWNrlahBl86Mzd077JCOkWKlqWTlAi_1KFgInE6dcHFBFrcYdyCMZrmQ1ohYF4NcfTVGNaYfaPgLkBfQhXgUc0cOVY2g4e6fR68ptPXk7iWYXzV1j5yrkJua&icons=50-3j6AsmfsuJDKaqkJoYkH-QUAQYUN0jzEBxIM4Q21Qsg7MXtHDELd0d1lvcKWpTAx7nkd7Duw85mC5mnCAAAUSeIY2tQiQstsrIi4pbaMRWRXbaHOp5nPxkOlRFquTqELKlG5HFe757CAXYUFjncjak35ui7nQ9cFekP47yAltpFW6wAa54UEJzejU0XpQH2B6o2TbtwkizMbdtYrmcgpA3dVziMqwY6NcxcOSJTcsew1R_pUNFAwMrQ-2x9ENC45YU8kMaoAHjaR-e8Dwp0bo-3AI6pppAyT0TuPJ4xaxuLKlt9QwA_tA78h06vXrKhuJ6qZNkUHLXHuvd9Z-d1a_efCPed1xDoFthJXRiMaB7CLcRVeDXIDB_hx2_azzdvMbeXYxIl7_3Fflam0h1AyPyI95qV0vIiPAQd-7rlxNoPKIi82MWVB8SkirldYrBv4p0duyoVmiqvmkZfP3d_plc5GVbeqgDOa3YyMZQuZ8MeQFN1OQqpJSceJ9UU3PkaqBSezdDAOVFchfnQIEkvnNwMwn09pNaCYE0HnZmER7VGVa35QWiUD6LFWi3O6D3YYgXKW2Ia2n9ExqCseHza-UAd8zUHwZyBE-TS_BvBq6Y_XQMhqjy1mvlzFUH_ByAULuibMl_NUcCtz-WBaBXEBqD8x7ZZ1bDG9o8ZMyhLLLbsZtW0_kn6F9mdk23NDB&ext_cid=49675&px_id=73418776&min_cpm=0.0033633352505932942&out_id=0&campaign_type=hq&aid=291&cid=2703&uniq=&mid=2073683734796869880&skin_id=2&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.05713437771877515&cpm=0&verify_hash=d1ceb7840869167af6f02db7185a5b37&is_native=1&real_bid=0.015178239917755068&original_bid_usd=0.0196&original_bid=0.0196&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=90,4,5,98&need_redirect_show=0&applied_features=test_skins,stage-skins-settings&show_count=1&expiration_timestamp=1714088701&image_url=https%3A%2F%2Fimg.vmmcdn.com%2Fget%2F65518508%2F71049_image.png&site=native-push-adult&price=0.0196&hostname=auc-inpage-hz-6-c&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000019600000000000002&ext_campaign_id_str=49675&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.02&cpa=70163656-d53b-4904-8419-b47ea0237dba&prev_step_diff=966 HTTP/1.1
Host: ef919a7d9f.30f6a0aa8e.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 25 Apr 2024 07:45:01 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
|
|
| | 188.114.96.1 | 200 OK | 14 kB |
URL User Request GET HTTP/2IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectpoop.tax FingerprintF2:68:F0:86:8F:82:D1:1E:1B:89:58:BA:03:1E:D6:E4:C5:CB:11:96 ValidityMon, 15 Apr 2024 08:31:29 GMT - Sun, 14 Jul 2024 08:31:28 GMT
File typeHTML document, ASCII text, with very long lines (6447) Hash866353bd7bc922e6848d799842325cf5 9b541351ae62038c20c78de788e54477b778f9c7 6d200825464ece596423b210cb1b1ed123c427d059f030b6eee7098eb01462dc
GET /d/NZv3DAQgRwP HTTP/1.1
Host: poop.tax
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:44:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QJQ8sGXFrzVJxmVr%2BduXckgN%2F1OR16P2jUYcIGE581FLY5Hk%2FidkXsWYqXBhGmr9ENnklhc2V6oPJX8ulr6dYxfI3EQ1LYQ4%2FD1MebaWMmrptoucsGeDHNFG8w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879cb60398360b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| assets.poopcdn.com/embed2.css | 188.114.96.1 | 200 OK | 2.3 kB |
URL GET HTTP/2assets.poopcdn.com/embed2.css IP188.114.96.1:443
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subjectassets.poopcdn.com FingerprintB1:9A:05:DF:15:05:35:EC:C6:A8:59:F8:18:1A:71:7E:5A:F7:72:9A ValidityThu, 14 Mar 2024 16:08:31 GMT - Wed, 12 Jun 2024 16:08:30 GMT
File typeASCII text, with very long lines (2279), with no line terminators Hashf966df8b666f4e6af52c4c5972958a8d 59c598587c742cdd8211376b6a124c27a6a2dc52 943cf282560a6d9565816a7feeaa67cb91804127cf2d34686c932039bec26622
GET /embed2.css HTTP/1.1
Host: assets.poopcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:44:59 GMT
content-type: text/css
etag: W/"504eba00908d13eb47133d1f92f8048a"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2236
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WYhUbhjM5EU%2FQmQigFe7kDlZczTP5SqL5Af2qFyoWi8bNNs7ubP4yAckc%2FFc%2BAHoL7iia3w8L7BsBugsYzQIQq6gEXw8opQqLmoUvzL7RaCONvq7ZAwX170OQe8uqZ3q3zqFgOQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879cb606b9695687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 96b600f50a.a0e351a3aa.com/b060992ef1ff518f404c2b251a45c688.js | 45.133.44.53 | 200 OK | 97 kB |
URL GET HTTP/296b600f50a.a0e351a3aa.com/b060992ef1ff518f404c2b251a45c688.js IP45.133.44.53:443 ASN#39572 DataWeb Global Group B.V.
Requested byhttps://poop.tax/d/NZv3DAQgRwP CertificateIssuerLet's Encrypt Subject96b600f50a.a0e351a3aa.com FingerprintAD:AF:F1:6D:B3:03:A9:36:49:20:2F:CC:29:B3:F0:E6:2D:A0:EA:6D ValidityMon, 22 Apr 2024 02:20:27 GMT - Sun, 21 Jul 2024 02:20:26 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b060992ef1ff518f404c2b251a45c688.js HTTP/1.1
Host: 96b600f50a.a0e351a3aa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.tax/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:45:00 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 14:24:01 GMT
etag: W/"661e8a01-17ae8"
content-encoding: gzip
expires: Thu, 25 Apr 2024 07:50:00 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
|
|