Report - poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d

Report Overview

Submitted URL
poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-26 23:59:19
Access
public
Website Title
poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Final URL
poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Tags
suspicious
urlquery detections
Suspicious - Anti-debugging code

Detections

urlquery
3
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
js.capndr.com	316718	2021-08-30	2021-08-30	2024-04-25	398 B	374 B	45.133.44.52
accounts.google.com	81	1997-09-15	2016-03-20	2024-04-26	1.8 kB	6.1 kB	74.125.131.84
nereserv.com	40015	2020-12-21	2020-12-21	2024-04-24	583 B	320 B	94.130.198.6
ads.trafficircles.com	33317	2020-01-27	2020-03-16	2024-03-09	647 B	2.2 kB	52.0.10.233
i.doodcdn.com	56705	2020-01-30	2020-04-06	2024-04-22	428 B	854 B	104.21.34.210
ko144y.video-delivery.net	unknown	unknown	No data	No data	399 B	16 kB	51.83.140.218
static.bookmsg.com	47495	2020-09-15	2020-11-24	2024-04-26	1.1 kB	2.2 kB	45.133.44.25
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-04-25	2.2 kB	200 kB	104.17.24.14
i.doodcdn.co	unknown	2022-04-23	2022-05-04	2024-04-21	3.0 kB	116 kB	172.67.70.190
static.doodcdn.co	unknown	2022-04-23	2024-01-08	2024-04-05	398 B	114 kB	172.67.70.190
img.doodcdn.co	unknown	2022-04-23	2022-05-04	2024-04-22	892 B	64 kB	172.67.70.190
doods.pro	unknown	2023-01-19	2023-03-26	2024-03-14	2.4 kB	43 kB	104.26.8.231
poop.com.co	unknown	2024-02-11	2024-02-11	2024-04-18	1.0 kB	16 kB	188.114.97.1
cf9c86d5de.f33207dc6c.com	unknown	unknown	No data	No data	1.8 kB	751 kB	45.133.44.52
fp.metricswpsh.com	unknown	2021-10-29	2022-04-22	2024-04-26	517 B	381 B	157.90.84.242
metrolagu.cam	unknown	2023-03-24	2023-08-23	2024-04-15	407 B	12 kB	188.114.97.1
us.opencan.net	unknown	2022-12-14	2023-07-13	2024-04-16	594 B	206 B	31.204.132.207
cdn.amnew.net	unknown	2023-08-09	2023-08-09	2024-04-25	424 B	1.7 kB	5.200.15.240
0c0be7a0c2.0ab9f67572.com	unknown	unknown	No data	No data	819 B	320 B	45.133.44.52
116f21a281.7fbe2fd8a8.com	unknown	unknown	No data	No data	6.8 kB	4.4 kB	94.130.198.6
storage.multstorage.com	unknown	2023-09-22	2023-09-22	2024-04-24	523 B	1.6 kB	104.21.30.242

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	f33207dc6c.com	Sinkholed
2024-04-26	medium	0ab9f67572.com	Sinkholed
2024-04-26	medium	f33207dc6c.com	Sinkholed
2024-04-26	medium	f33207dc6c.com	Sinkholed
2024-04-26	medium	f33207dc6c.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (21)

	URL	Size	First Seen	Last Seen
	poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d	6.4 kB	2024-02-14	2024-04-27
Pretty URL poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-14 16:02:56 Last Seen2024-04-27 01:59:28 Times Seen3 Hash 86b7912c1baeb28eb5f4e3a5ea7ad909 6e71ed340391dee0f80fcfade111d8787ec55fa9 cb22b1111f4f4a64e1572010806005c249cd7317ee36bda524a8608e80b53158 Loading...

	poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d	0 B	2023-03-07	2024-05-08
Pretty URL poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-08 11:21:59 Times Seen37434700 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js	90 kB	2023-03-07	2024-05-08
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-08 11:01:14 Times Seen142646 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	doods.pro/e/yicr1zbh2yuw	8.9 kB	2024-04-27	2024-04-27
Pretty URL doods.pro/e/yicr1zbh2yuw IP 104.26.8.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-27 01:59:28 Last Seen2024-04-27 01:59:28 Times Seen1 Hash 9c49a528836b025f5d3270afe4d7b46c 8d19085ebe9d639af75284bfbc2f470c36ac404f 5245dc0682acd8f2f7376681236e751f29ee50c09abd7d433e2731ca7cf19f83 Loading...

	doods.pro/e/yicr1zbh2yuw	89 B	2024-02-14	2024-04-27
Pretty URL doods.pro/e/yicr1zbh2yuw IP 104.26.8.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-14 16:02:56 Last Seen2024-04-27 01:59:28 Times Seen3 Hash 37eaf5484e95ebeac21788eb8cfdff1f 5051c07d6bec2fcb98af74ba6464180a2b34eae7 a389a0c7e25cc75c4de3e205cc17afc8d2559f8a5620aae9b15cb0eda78e2659 Loading...

	storage.multstorage.com/log/count.html	718 B	2023-09-18	2024-05-08
Pretty URL storage.multstorage.com/log/count.html IP 104.21.30.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-18 17:19:52 Last Seen2024-05-08 10:46:12 Times Seen4790 Hash 1f697a0f2411e463adbc1211493fe5a6 93c154152bda427938543b8efbd8d3b594abbac7 08a5735f5232b651af89f552e8d0fb7b21d6605fba48f335318699d80d12703e Loading...

	cf9c86d5de.f33207dc6c.com/526afdf9b717924176eabd0c81f90a31.js	109 kB	2024-04-24	2024-05-07
Pretty URL cf9c86d5de.f33207dc6c.com/526afdf9b717924176eabd0c81f90a31.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-24 00:00:34 Last Seen2024-05-07 11:41:50 Times Seen663 Hash 41230c1446cb19310867b6c3e10f8bec f600745dccd0143bbd1d83d44bd776c74f69866b 713bc0015ac5ef37f48ad9f49aa4521912b705cf01bf19409f98235b28d41dfe Loading...

	cdnjs.cloudflare.com/ajax/libs/videojs-hotkeys/0.2.28/videojs.hotkeys.min.js	4.6 kB	2023-03-09	2024-05-08
Pretty URL cdnjs.cloudflare.com/ajax/libs/videojs-hotkeys/0.2.28/videojs.hotkeys.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:26:57 Last Seen2024-05-08 01:37:44 Times Seen413 Hash f2ecb2bd8a424c8e8cf507ce8bd933c2 3cbc08ca052ea25c3b0834b9291a3ca1e9122e26 4c0745052abbb26087a707bb0a043b43c393674055ba2d4452ac89e6923eb099 Loading...

	js.capndr.com/advertising.js	0 B	2023-03-07	2024-05-08
Pretty URL js.capndr.com/advertising.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-08 11:21:59 Times Seen37434700 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cf9c86d5de.f33207dc6c.com/c37eb03648abae911c8ba86cf51fd9e6.js	169 kB	2024-04-25	2024-05-08
Pretty URL cf9c86d5de.f33207dc6c.com/c37eb03648abae911c8ba86cf51fd9e6.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 17:48:27 Last Seen2024-05-08 10:46:13 Times Seen600 Hash e164f0fc509991890121aa763019689d 16f901a89a57f87c90d6cea80cff9f8bd32756dc fdd439b2c8d28676c5e03847afc19252a3d6d88a670ba48db4ac020866c6b6ec Loading...

	cf9c86d5de.f33207dc6c.com/0d1d1d0ae3f06d802747776c90722fd4.js	470 kB	2024-04-16	2024-05-08
Pretty URL cf9c86d5de.f33207dc6c.com/0d1d1d0ae3f06d802747776c90722fd4.js IP 45.133.44.52 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 15:37:10 Last Seen2024-05-08 10:46:12 Times Seen769 Hash 2902e331e5e735ad63e7510dfc434c5b 8f276d26159f74561fb370144b8cafba8bcc8bd3 26106440376cfc59241a9ef152d26483d436f1c155744bda92a41d3906e60ba2 Loading...

	doods.pro/e/yicr1zbh2yuw	3.6 kB	2024-04-27	2024-04-27
Pretty URL doods.pro/e/yicr1zbh2yuw IP 104.26.8.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-27 01:59:28 Last Seen2024-04-27 01:59:28 Times Seen1 Hash 610434895cd7c17bd495342c310c63c3 1a0680ef33332fbf70a1b58658e144398182c179 495acfdadd50236401bfffbf50b558e69d5bc28f64cf015a6b89fe4658354bcd Loading...

	static.doodcdn.co/js/embed3.js	113 kB	2024-02-04	2024-05-08
Pretty URL static.doodcdn.co/js/embed3.js IP 172.67.70.190 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-04 21:01:01 Last Seen2024-05-08 01:37:44 Times Seen402 Hash 59698656a40921f7585e25a5bb347955 75de624e80155463ff8bb09090b712098eb74dd6 69e11aff34d69dbde839afd8e63b2a65e2cdf15c140f66fa55c477eeb6b33a34 Loading...

	doods.pro/e/yicr1zbh2yuw	7.4 kB	2024-04-27	2024-04-27
Pretty URL doods.pro/e/yicr1zbh2yuw IP 104.26.8.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-27 01:59:28 Last Seen2024-04-27 01:59:28 Times Seen1 Hash eaa599ded259ee709ebc6525d9570ad4 b7debbaa3e217387d46dcdc33da638669421f410 0bdc75667ddefdcbd6b9304428cfddcc4d58a579f4b88f0d61df7103a42ab554 Loading...

	doods.pro/e/yicr1zbh2yuw	1.1 kB	2023-03-29	2024-05-08
Pretty URL doods.pro/e/yicr1zbh2yuw IP 104.26.8.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-29 21:39:55 Last Seen2024-05-08 01:37:44 Times Seen197 Hash 86245ddb205b0d537ad1e6134780076a 76d33d432096e340972d2ec6cac321ddf2296afe 1c835f95475788a5d4dc8337a3cee440ea8761542ca88f033007f24b42b082f9 Loading...

	doods.pro/cdn-cgi/challenge-platform/scripts/jsd/main.js	7.9 kB	2024-04-27	2024-04-27
Pretty URL doods.pro/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 104.26.8.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 01:59:28 Last Seen2024-04-27 01:59:29 Times Seen2 Hash 2b039aa58dc5fe08d9dbb1127b2ea89b 907f4489e31b2acf80f24cf7d01878fcbd2c7bfa 1c2c9f74a98044da482d2ba6e1788ea71d207025b2e670e1038c04bc33c3c8cf Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js	1.3 kB	2023-03-07	2024-05-08
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:34 Last Seen2024-05-08 08:51:26 Times Seen8684 Hash 4412bf8023109ee9eb1f1f226d391329 c273960aa874a87dd022b5e597887142f1b8e34f d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6 Loading...

	i.doodcdn.co/ads/ad.js	18 B	2023-03-07	2024-05-08
Pretty URL i.doodcdn.co/ads/ad.js IP 172.67.70.190 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:38:47 Last Seen2024-05-08 01:37:44 Times Seen2016 Hash 071c641b229d2bfadd243b8fa2a9c88d 4048ed3ad506f9bb9052c23283912d0cfea8bcc6 3716878d3ceb2042b22c092b31c6f43cc862f8464e92ddde416a49624b32716e Loading...

	cdnjs.cloudflare.com/ajax/libs/video.js/7.21.5/video.min.js	589 kB	2023-10-15	2024-05-08
Pretty URL cdnjs.cloudflare.com/ajax/libs/video.js/7.21.5/video.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-15 07:44:37 Last Seen2024-05-08 01:37:44 Times Seen427 Hash d7fdaaab43bc993b85290c713fd2d289 46bf3d27b2cf38b0e999d3b0a7613011181c87f9 c9535ea3a4e0af22e960ac1e32d363a71029f31aa96b29fc894e111fee49329e Loading...

	doods.pro/e/yicr1zbh2yuw	1.1 kB	2024-04-27	2024-04-27
Pretty URL doods.pro/e/yicr1zbh2yuw IP 104.26.8.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-27 01:59:28 Last Seen2024-04-27 01:59:28 Times Seen1 Hash e55be085df624ad686f733a264bd74e0 9adc29240961bbdb741b2deb536971b8fc2ab4d0 b4b4439843ba6459b9841c6981a3002bb6eda01319b6756c11bb041ea4bf953a Loading...

	unknown	247 B	2024-04-27	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-27 01:59:28 Last Seen2024-04-27 01:59:28 Times Seen1 Hash d05d35f463cd3ca2d96b93bf1f3da73a e2fc94e53532927050e749974dd9173b931db850 dc23a93b3462cc4edf85ab6c1c40e58e88e5c7c1828798b96aa7ea3477ff676a Loading...

HTTP Transactions (46)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

104.17.24.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
28 kB (27958 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:58:53 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 76169
expires: Wed, 16 Apr 2025 23:58:53 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=chegGiG5qCKdhmo%2BLBHz0BzCvb3knF7DOkZYdv06haH2HZW6kLktFzv4b5SuG00EIGMB3oYVZCHiVtznznkJQLH%2BtBXEWIEOM8XHVR3MxdIKFXBd3PiElEFuXPPOc3jl2BF4xY%2BO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87aa86018d015690-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

104.17.24.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
28 kB (27958 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://doods.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:58:53 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 76169
expires: Wed, 16 Apr 2025 23:58:53 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3bpPM8EBefh7h6NZ5SYUOMid6Xi38gGCv3gFQaZGyw1PinRC9VMwkJTLv35xoQnN8NupDGq1Pmbn9Z1VDaWfop7NtQYZTtXUqw1LTcbjhdd4iS2b%2BucwY94zXLf5EHPSDkCoA%2BdR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87aa8603391556bd-OSL
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js

104.17.24.14

200 OK

591 B

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://doods.pro/e/yicr1zbh2yuw
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1266)
Size
591 B (591 bytes)
Hash
4412bf8023109ee9eb1f1f226d391329
c273960aa874a87dd022b5e597887142f1b8e34f
d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6

HTTP Headers

GET /ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://doods.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:58:53 GMT
content-type: application/javascript; charset=utf-8
content-length: 591
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec1-514"
last-modified: Mon, 04 May 2020 16:11:45 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 970665
expires: Wed, 16 Apr 2025 23:58:53 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CT%2BqnupR4vEc6dLH%2F4tcmBpLu9vZBfLSPraCvwZB1OhJg%2FsMXtGF2FqJyhVKWUg%2Bg7zwglkBYWkuoO3BcsT%2FnAFwxnaxttCF5ByacU5RynmkRVmUOt6LWemGbLQoABXWtBdjyzT7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87aa8603391956bd-OSL
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/videojs-hotkeys/0.2.28/videojs.hotkeys.min.js

104.17.24.14

200 OK

1.6 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/videojs-hotkeys/0.2.28/videojs.hotkeys.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://doods.pro/e/yicr1zbh2yuw
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (4505)
Size
1.6 kB (1571 bytes)
Hash
f2ecb2bd8a424c8e8cf507ce8bd933c2
3cbc08ca052ea25c3b0834b9291a3ca1e9122e26
4c0745052abbb26087a707bb0a043b43c393674055ba2d4452ac89e6923eb099

HTTP Headers

GET /ajax/libs/videojs-hotkeys/0.2.28/videojs.hotkeys.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://doods.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:58:53 GMT
content-type: application/javascript; charset=utf-8
content-length: 1571
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "630ad3e5-623"
last-modified: Sun, 28 Aug 2022 02:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 973039
expires: Wed, 16 Apr 2025 23:58:53 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rV%2BIpwyn%2F4LOVHA8wlS2vgFhST%2BZI3vSHq8fpTz3FkGMBfhhTG0oCBzEzQ6nXTc9uzLlIv5HFXFb8ckJbFk4M0v4sNZc7xPlQpmM%2FDeprAB1dKXO%2FgHE7VkdDWjbp%2Flx%2BRzGg%2FW8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87aa8603592456bd-OSL
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/video.js/7.21.5/video.min.js

104.17.24.14

200 OK

137 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/video.js/7.21.5/video.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://doods.pro/e/yicr1zbh2yuw
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (48459)
Size
137 kB (137405 bytes)
Hash
d7fdaaab43bc993b85290c713fd2d289
46bf3d27b2cf38b0e999d3b0a7613011181c87f9
c9535ea3a4e0af22e960ac1e32d363a71029f31aa96b29fc894e111fee49329e

HTTP Headers

GET /ajax/libs/video.js/7.21.5/video.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://doods.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:58:53 GMT
content-type: application/javascript; charset=utf-8
content-length: 137405
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64bb5c88-218bd"
last-modified: Sat, 22 Jul 2023 04:35:20 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 185525
expires: Wed, 16 Apr 2025 23:58:53 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nbfXNvCpZBpeyEWfOV1Bwt0R2cuOinLvL2G7XMeXwKyNkvf263ZO1jByfagLi2UPDibThJzK3hozMewRoJqamCQgyaDmMrPLuzqSdLIibQUNCZSEbhhILrhcoch6YvsqLRtaqBba"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87aa8603592356bd-OSL
alt-svc: h3=":443"; ma=86400

i.doodcdn.co/ads/ad.js

172.67.70.190

200 OK

18 B

URL GET HTTP/2
i.doodcdn.co/ads/ad.js
IP
172.67.70.190:443
ASN
#13335 CLOUDFLARENET

Requested by
https://doods.pro/e/yicr1zbh2yuw
Certificate
IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
071c641b229d2bfadd243b8fa2a9c88d
4048ed3ad506f9bb9052c23283912d0cfea8bcc6
3716878d3ceb2042b22c092b31c6f43cc862f8464e92ddde416a49624b32716e

HTTP Headers

GET /ads/ad.js HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://doods.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:58:54 GMT
content-type: application/javascript
content-length: 18
access-control-allow-origin: *
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=20
expires: Fri, 25 Apr 2025 19:45:06 GMT
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
vary: User-Agent,Accept-Encoding
cf-cache-status: HIT
age: 21039
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EVz6TfOX0QEiX290Nd2z0hYs8wxZEJCJqH75FQao7EyT7E7uLPlHXOPHMva%2BalqyLnELdTrYTvukoMIjLIlxgQXDAwtS4C7vXdNXozM0vnuHy03BiiD9Fp18Tya57g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87aa8603b8a556af-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

i.doodcdn.co/img/no_video_3.svg

172.67.70.190

200 OK

2.8 kB

URL GET HTTP/2
i.doodcdn.co/img/no_video_3.svg
IP
172.67.70.190:443
ASN
#13335 CLOUDFLARENET

Requested by
https://doods.pro/e/yicr1zbh2yuw
Certificate
IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
2.8 kB (2812 bytes)
Hash
077bfdaa49ae4877a42611b739ec4752
a2f9e1222b7af9abc05122411ab8902efcc08ead
70d6a17097a8c27edfaad6740e11359d9363f3f04bff1b93483e29c25609fa6c

HTTP Headers

GET /img/no_video_3.svg HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://doods.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:58:54 GMT
content-type: image/svg+xml
content-length: 2812
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
etag: "61d3187c-afc"
expires: Sat, 25 May 2024 18:35:44 GMT
cache-control: public, max-age=2592000, no-transform
access-control-allow-origin: *
cf-cache-status: HIT
age: 21072
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AEx5YyJ9mL93qieOnP4m8iyAltpbt%2FbDfxnfr5NpcKifE28NWt%2F6VH91o1cLccQ%2B79MpYlz5D7GjPsMsxu7%2FLvzqgc0UUxvx8OjWfYyhIW4nwmU86Hs8BT3BVL5kvA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa8603b8a656af-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

static.doodcdn.co/js/embed3.js

172.67.70.190

200 OK

113 kB

URL GET HTTP/2
static.doodcdn.co/js/embed3.js
IP
172.67.70.190:443
ASN
#13335 CLOUDFLARENET

Requested by
https://doods.pro/e/yicr1zbh2yuw
Certificate
IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65494), with no line terminators
Size
113 kB (112790 bytes)
Hash
59698656a40921f7585e25a5bb347955
75de624e80155463ff8bb09090b712098eb74dd6
69e11aff34d69dbde839afd8e63b2a65e2cdf15c140f66fa55c477eeb6b33a34

HTTP Headers

GET /js/embed3.js HTTP/1.1
Host: static.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://doods.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:58:54 GMT
content-type: application/javascript
content-length: 112790
access-control-allow-origin: *
cache-control: public, max-age=2592000, no-transform
cf-bgj: minify
cf-polished: origSize=112944
etag: "65bf48c8-1b930"
expires: Sat, 25 May 2024 18:35:44 GMT
last-modified: Sun, 04 Feb 2024 08:20:24 GMT
cf-cache-status: HIT
age: 21039
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=agqBL8%2BK2KCQIJx9%2B63Kc%2FM4ifJ99L36YT%2FXXdMupYYMmZoWdVWxRfcEhlhQjCqojt7MQOgKpz9Q8tSPhtHskvGlBkS518QTQuZdDDdCgxrZyfARLqZpVoDGLnYI3DkqAzUa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa8603c8ac56af-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

img.doodcdn.co/splash/64k13zd46l4jw8e2.jpg

172.67.70.190

200 OK

31 kB

URL GET HTTP/2
img.doodcdn.co/splash/64k13zd46l4jw8e2.jpg
IP
172.67.70.190:443
ASN
#13335 CLOUDFLARENET

Requested by
https://doods.pro/e/yicr1zbh2yuw
Certificate
IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 406x715, components 3
Size
31 kB (30885 bytes)
Hash
d20d8478a1bdfd3be76d9721f175f23a
ff4ff72eb20070e27f7731eb145b492757ca5f3f
8653fbefbae54e31998bc1b00e928165f0725bdb5c29153f051d6fdb3c3e05cf

HTTP Headers

GET /splash/64k13zd46l4jw8e2.jpg HTTP/1.1
Host: img.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://doods.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:58:54 GMT
content-type: image/jpeg
content-length: 30885
access-control-allow-origin: *
cache-control: max-age=1209600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=31152
etag: "654038fb-79b0"
expires: Fri, 10 May 2024 19:04:20 GMT
last-modified: Mon, 30 Oct 2023 23:15:07 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=In4wFcMO0sbynbqmco8lgmvvrVUxwSpUejDqIWUb3JfiZ1I%2FfjinAiQLxSdMP59RX5DIGz43rS2kHivOrmVlFB7ZrYjo5uk2UDSUho0r%2F7Wqv%2BOOtsBsj7Al76EUfhKF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa8603b8a856af-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cf9c86d5de.f33207dc6c.com/1e6048537fd0bf07420ace8536306a3b/138915?version_name=a

45.133.44.52

200 OK

1.4 kB

URL GET HTTP/2
cf9c86d5de.f33207dc6c.com/1e6048537fd0bf07420ace8536306a3b/138915?version_name=a
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerLet's Encrypt
Subjectcf9c86d5de.f33207dc6c.com
Fingerprint07:43:06:4D:DB:B9:3C:31:4D:0B:61:89:FB:65:A1:AA:78:A1:36:FD
ValidityTue, 23 Apr 2024 02:30:49 GMT - Mon, 22 Jul 2024 02:30:48 GMT

File type
JSON text data
Size
1.4 kB (1384 bytes)
Hash
2cc19b066e0d72cee5cd59a26804b804
ab77c45c1c9e3852f55ecec046af208e75afeaf7
9bec5d5e565e9ab3beafc8a08752b2c535d6e9b662559e0143760d8cda16a809

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1e6048537fd0bf07420ace8536306a3b/138915?version_name=a HTTP/1.1
Host: cf9c86d5de.f33207dc6c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:58:54 GMT
content-type: application/json
content-length: 1384
server: nginx/1.18.0
cache-control: max-age=300
expires: Sat, 27 Apr 2024 00:03:54 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

i.doodcdn.co/css/embed.css

172.67.70.190

200 OK

80 kB

URL GET HTTP/2
i.doodcdn.co/css/embed.css
IP
172.67.70.190:443
ASN
#13335 CLOUDFLARENET

Requested by
https://doods.pro/e/yicr1zbh2yuw
Certificate
IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Size
80 kB (80223 bytes)
Hash
93b59e71bbe88654b8db5c7802ad05b3
276a5b50dd6572231fbd66a62840949eb28e670d
35111823990a6b0b61221bdc3d4c2670cf14c42a4b0d193e1eabf1ea6544b258

HTTP Headers

GET /css/embed.css HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://doods.pro/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:58:54 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2592000, no-transform
cf-bgj: minify
cf-polished: origSize=79890
etag: W/"61d3187c-13812"
expires: Sun, 26 May 2024 16:19:18 GMT
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 21039
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KFwRTs6GVh7PIoUeJn6cpIeg1nDSvLoYsdkFKhBliWT%2F4JfXJeoPau9GDJPFqqOuJfird4A9WzyEv24NW0ImsOI4TQbxhaa6e3nBfHBX%2FXrNsJDWqWrj8HBbmCavVA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87aa8603b8a756af-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

js.capndr.com/advertising.js

45.133.44.52

200 OK

0 B

URL GET HTTP/2
js.capndr.com/advertising.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerLet's Encrypt
Subjectjs.capndr.com
Fingerprint0D:30:A1:FB:7E:A0:EC:89:85:17:27:67:37:21:DA:E0:CB:E3:26:06
ValiditySun, 21 Apr 2024 03:00:41 GMT - Sat, 20 Jul 2024 03:00:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertising.js HTTP/1.1
Host: js.capndr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:58:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 14 Jul 2023 08:23:25 GMT
etag: "64b105fd-0"
expires: Sat, 27 Apr 2024 00:03:54 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

doods.pro/cdn-cgi/challenge-platform/scripts/jsd/main.js

104.26.8.231

302 Found

0 B

URL GET HTTP/3
doods.pro/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
104.26.8.231:443
ASN
#13335 CLOUDFLARENET

Requested by
https://doods.pro/e/yicr1zbh2yuw
Certificate
IssuerGoogle Trust Services LLC
Subjectdoods.pro
Fingerprint7E:E1:E5:CB:1C:1F:CB:FD:3B:36:64:B2:19:7D:6F:D9:5F:27:4E:DB
ValiditySat, 30 Mar 2024 22:00:20 GMT - Fri, 28 Jun 2024 22:00:19 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: doods.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Fri, 26 Apr 2024 23:58:54 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, public
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wXH3M195JjJdxiI%2FH%2BcaEF1l33IVWW74bq1A2Ag%2BX%2B3wQisjFPK1wvBR9SNcT9ZlP5FSErliHcTcC%2FTm2BEy9YB9ChaoSmV7Kdb9AapFiO2S4MaFYImu2GOqfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa86068e8a56a5-OSL
alt-svc: h3=":443"; ma=86400

i.doodcdn.co/fonts/avertastd-regular-webfont.woff2

172.67.70.190

200 OK

24 kB

URL GET HTTP/3
i.doodcdn.co/fonts/avertastd-regular-webfont.woff2
IP
172.67.70.190:443
ASN
#13335 CLOUDFLARENET

Requested by
https://doods.pro/e/yicr1zbh2yuw
Certificate
IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23812, version 1.524
Size
24 kB (23812 bytes)
Hash
eb586e5a1b86dbf1c866e3ed80f9d18e
280ee78d19c017ab9335f769595e5157d3c4a343
714e70103deac0d67f52a6285c5fabee6088ce4d710ce7e74353503837038baf

HTTP Headers

GET /fonts/avertastd-regular-webfont.woff2 HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://doods.pro
DNT: 1
Connection: keep-alive
Referer: https://i.doodcdn.co/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:58:54 GMT
content-type: font/woff2
content-length: 23812
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
cache-control: max-age=2592000
expires: Sun, 26 May 2024 16:20:57 GMT
vary: User-Agent,Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 20431
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rDR1zecgZPlw14Ds0K0pBw6P%2BzPQSq14WHaxvmTskfbXiKv%2Bb0NFU5z7mNI8dPkWRSoNv6n7xWkzZdd49JysnD9glYniTuOzLTy02z22CpTNkQZluXEeIzhK02VIEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87aa86068900569a-OSL
alt-svc: h3=":443"; ma=86400

i.doodcdn.co/img/none.png

172.67.70.190

200 OK

68 B

URL GET HTTP/3
i.doodcdn.co/img/none.png
IP
172.67.70.190:443
ASN
#13335 CLOUDFLARENET

Requested by
https://doods.pro/e/yicr1zbh2yuw
Certificate
IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced
Size
68 B (68 bytes)
Hash
a6f320d9c840c938dffb785dcc2bc663
6be173b1ea8444a4c0ec951445699bfa7cc75289
eba7a7a39459c37cc784afeb2ef1613d0b046b4e1988984fd2f801b568cb7a08

HTTP Headers

GET /img/none.png HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://doods.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:58:54 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
cache-control: public, max-age=2592000, no-transform
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1415, status=webp_bigger
etag: "61d3187c-587"
expires: Sun, 26 May 2024 03:06:39 GMT
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
cf-cache-status: HIT
age: 20785
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FsUpu60kidTcvAN0od3tz9t5C9G%2BFrR0dQrZklgcTMo%2FWcGGcPh8O5XEPgWRhnebA6bzIaKEZLFz%2FRk1hEpwEwrqWd%2BhKpkJBgE2Myp6lCr0zHZWitq6R%2FfVk80NGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa8606888f712d-OSL
alt-svc: h3=":443"; ma=86400

i.doodcdn.com/theme_2/img/loader.svg

104.21.34.210

301 Moved Permanently

167 B

URL GET HTTP/2
i.doodcdn.com/theme_2/img/loader.svg
IP
104.21.34.210:443
ASN
#13335 CLOUDFLARENET

Requested by
https://doods.pro/e/yicr1zbh2yuw
Certificate
IssuerGoogle Trust Services LLC
Subjectdoodcdn.com
FingerprintBF:BF:75:F1:F8:2C:6B:14:57:EF:04:47:A4:FC:01:46:C6:78:A6:CF
ValidityWed, 10 Apr 2024 07:21:20 GMT - Tue, 09 Jul 2024 07:21:19 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
0104c301c5e02bd6148b8703d19b3a73
7436e0b4b1f8c222c38069890b75fa2baf9ca620
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

HTTP Headers

GET /theme_2/img/loader.svg HTTP/1.1
Host: i.doodcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://i.doodcdn.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Fri, 26 Apr 2024 23:58:54 GMT
content-type: text/html
content-length: 167
location: https://i.doodcdn.co/theme_2/img/loader.svg
cache-control: max-age=3600
expires: Sat, 27 Apr 2024 00:58:54 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BITWcomOa41sGapp%2BIV6cOt8LwBf3teqbpL5yuai8%2FVo%2FKgWBtJp3wOKiHIlXcsTBP0eGTkYhYutkGo2xPWdUjX5sL6xF31ia%2BTxEl%2Bk7Y0p7%2FF6%2FQ5oHypCZPigTFmD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa8606dd6856a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=138915

157.90.84.242

200 OK

0 B

URL POST HTTP/1.1
fp.metricswpsh.com/fp?tag_id=138915
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /fp?tag_id=138915 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.com.co/
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Fri, 26 Apr 2024 23:58:54 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://poop.com.co
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

metrolagu.cam/embed.css

188.114.97.1

200 OK

11 kB

URL GET HTTP/2
metrolagu.cam/embed.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerGoogle Trust Services LLC
Subjectmetrolagu.cam
Fingerprint2C:DD:F0:B5:15:2E:A1:34:CC:51:79:CB:A4:80:02:39:2A:7B:0F:CD
ValiditySun, 14 Apr 2024 04:02:38 GMT - Sat, 13 Jul 2024 04:02:37 GMT

File type
ASCII text
Size
11 kB (11006 bytes)
Hash
1ac57b2fc858076467716fbad9268b05
94b3c1ff894b4cb316dfe90962b64db541bb3c46
6291ad32f03939ee9eb7cf8d62641115d0962e49b4869358c1ddee6271d9f0bf

HTTP Headers

GET /embed.css HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:58:53 GMT
content-type: text/css
last-modified: Thu, 28 Sep 2023 15:07:59 GMT
vary: Accept-Encoding
etag: W/"651596cf-446"
expires: Sat, 27 Apr 2024 08:15:29 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 13404
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=66KkIOgJzFNf98IJoXhJNtYymtLdSr0TamjN3k3bmcDYGMPGLfLXlTuvuFk6BMZJr2qYRRpS5%2B6EN%2FtqCE4Z9pZ2x1Q0TZg7RSmPhhOic9ECm7zanOlA9sbx7V92gruK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87aa8601cf7c712e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

0c0be7a0c2.0ab9f67572.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI1MTU5NjU1NDEzMjQ1MzAzMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIxLjAiLCJ0YWdfaWQiOjEzODkxNSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjM0LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9

45.133.44.52

200 OK

0 B

URL GET HTTP/2
0c0be7a0c2.0ab9f67572.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI1MTU5NjU1NDEzMjQ1MzAzMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIxLjAiLCJ0YWdfaWQiOjEzODkxNSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjM0LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerLet's Encrypt
Subject0c0be7a0c2.0ab9f67572.com
Fingerprint1E:76:86:5C:33:12:91:B3:DB:48:95:9C:34:E9:19:B7:9C:E5:BE:83
ValidityTue, 23 Apr 2024 04:00:22 GMT - Mon, 22 Jul 2024 04:00:21 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI1MTU5NjU1NDEzMjQ1MzAzMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuMTIxLjAiLCJ0YWdfaWQiOjEzODkxNSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjM0LCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjB9 HTTP/1.1
Host: 0c0be7a0c2.0ab9f67572.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:58:54 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

doods.pro/cdn-cgi/challenge-platform/h/b/jsd/r/87aa86026ce456b9

104.26.8.231

200 OK

0 B

URL POST HTTP/3
doods.pro/cdn-cgi/challenge-platform/h/b/jsd/r/87aa86026ce456b9
IP
104.26.8.231:443
ASN
#13335 CLOUDFLARENET

Requested by
https://doods.pro/e/yicr1zbh2yuw
Certificate
IssuerGoogle Trust Services LLC
Subjectdoods.pro
Fingerprint7E:E1:E5:CB:1C:1F:CB:FD:3B:36:64:B2:19:7D:6F:D9:5F:27:4E:DB
ValiditySat, 30 Mar 2024 22:00:20 GMT - Fri, 28 Jun 2024 22:00:19 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/87aa86026ce456b9 HTTP/1.1
Host: doods.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12156
Origin: https://doods.pro
DNT: 1
Connection: keep-alive
Referer: https://doods.pro/e/yicr1zbh2yuw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:58:54 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=38PorUXR3sYO1054g8biUulf3QoHmwjYjQGU9y2myUg-1714175934-1.0.1.1-Fv3ra3pArECtJQyajkyUIo8xAjmYROAFZa7lMR65hPQDLQ6jmld97XQPjZGZFglvH8dZGbdIkw31DRu5VYa3fA; path=/; expires=Sat, 26-Apr-25 23:58:54 GMT; domain=.doods.pro; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tUVpGNgF5Lpr%2B3N78FALDPfOXmNVQvg9fe3j7P4sPZhP3CswYWeqcUoOkSCTIhpq3XVB40mODpXtFtWQj7ruanI5PEXoifdHjnAgKugInyVXzrBFKTodv1jQqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87aa86089f7256a5-OSL
alt-svc: h3=":443"; ma=86400

ko144y.video-delivery.net/favicon.ico?i

51.83.140.218

200 OK

15 kB

URL GET HTTP/1.1
ko144y.video-delivery.net/favicon.ico?i
IP
51.83.140.218:443
ASN
#16276 OVH SAS

Requested by
moz-nullprincipal:{ef7cf1f2-b3cf-47a4-917b-136b70ee86f7}?https://doods.pro
Certificate
IssuerSectigo Limited
Subject*.video-delivery.net
FingerprintB2:D2:20:85:E7:38:3D:67:F7:C4:52:00:66:6C:CD:FE:DD:6D:7E:74
ValidityMon, 07 Aug 2023 00:00:00 GMT - Wed, 07 Aug 2024 23:59:59 GMT

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15406 bytes)
Hash
30d3656f43c817e38c3e7d70b2bfbdad
1aa43b43755e7cba5e145d0978517f7bedad7da6
a558a4796f60f07743027eec96b538b2e7758cca8c544ed796ff745837478555

HTTP Headers

GET /favicon.ico?i HTTP/1.1
Host: ko144y.video-delivery.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 26 Apr 2024 23:58:55 GMT
Content-Type: image/vnd.microsoft.icon
Content-Length: 15406
Connection: keep-alive
Last-Modified: Sat, 29 Feb 2020 09:26:04 GMT
ETag: "3c2e-59fb38b06e300"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *

img.doodcdn.co/splash/64k13zd46l4jw8e2.jpg

172.67.70.190

200 OK

31 kB

URL GET HTTP/2
img.doodcdn.co/splash/64k13zd46l4jw8e2.jpg
IP
172.67.70.190:443
ASN
#13335 CLOUDFLARENET

Requested by
https://doods.pro/e/yicr1zbh2yuw
Certificate
IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 406x715, components 3
Size
31 kB (31152 bytes)
Hash
ced1e1ee92af02d06379b9442196d066
a84e9770182cb49582ceab2d7a6b2df618f71ff4
3c4606af5faf7aaeda0412667d77b0425f04db727744da314913a3256db3bff2

HTTP Headers

GET /splash/64k13zd46l4jw8e2.jpg HTTP/1.1
Host: img.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://doods.pro
DNT: 1
Connection: keep-alive
Referer: https://doods.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:58:55 GMT
content-type: image/jpeg
content-length: 31152
last-modified: Mon, 30 Oct 2023 23:15:07 GMT
etag: "654038fb-79b0"
expires: Fri, 10 May 2024 23:58:54 GMT
cache-control: max-age=1209600
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IL2CE%2FuWDMdHEuH%2FvvzyS32mMOoYqtRkp11DQflriKU4m45EhjFqeuP6jhPeIBGrcWcSjnq55UX0TsrhYoUCZiXD2BFcBCXztnZx45oBPsiztl5NiQGflgx%2Bjq6t4Ue1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa860688ff569a-OSL
alt-svc: h3=":443"; ma=86400

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

74.125.131.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint24:73:6B:52:47:71:E2:CB:E3:4E:89:44:4B:29:D9:F4:C2:A0:F1:14
ValidityMon, 08 Apr 2024 07:33:55 GMT - Mon, 01 Jul 2024 07:33:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:axxAgshMqk_XKvF6SJXeUzK6hvCruQ:ZQSXDhWDpY-w5QLR; Expires=Sun, 26-Apr-2026 23:58:59 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 26 Apr 2024 23:58:59 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQwVCPi144DT1ODlESITYBiGtn0m3VDDnUHy25zEaQAStwfFVeXjeuDz6qEKmmULIATtSfpBUQ
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-7JKgBJzKveAhGHYcwW-Yrw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

nereserv.com/in/dip?site=native-push&wl=1&event_id=13eac793-ba74-45a7-ad74-b4d140aef5d6&subid=366282450&sid=13217604&spot_id=492256&created_at=2024-04-26&timezone=0&ver=8.159.0&is_native=1

94.130.198.6

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?site=native-push&wl=1&event_id=13eac793-ba74-45a7-ad74-b4d140aef5d6&subid=366282450&sid=13217604&spot_id=492256&created_at=2024-04-26&timezone=0&ver=8.159.0&is_native=1
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint04:18:87:3E:DE:60:E2:78:66:0A:24:6F:E5:3B:42:79:5B:AC:40:20
ValidityThu, 18 Apr 2024 11:21:02 GMT - Wed, 17 Jul 2024 11:21:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?site=native-push&wl=1&event_id=13eac793-ba74-45a7-ad74-b4d140aef5d6&subid=366282450&sid=13217604&spot_id=492256&created_at=2024-04-26&timezone=0&ver=8.159.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 26 Apr 2024 23:58:59 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

116f21a281.7fbe2fd8a8.com/in/multy

94.130.198.6

204 No Content

0 B

URL OPTIONS HTTP/2
116f21a281.7fbe2fd8a8.com/in/multy
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerLet's Encrypt
Subject7fbe2fd8a8.com
FingerprintD4:8A:8B:7A:EF:BA:99:9B:9C:3A:45:2E:A7:88:D0:9D:CD:84:97:E8
ValidityTue, 23 Apr 2024 03:53:21 GMT - Mon, 22 Jul 2024 03:53:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /in/multy HTTP/1.1
Host: 116f21a281.7fbe2fd8a8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poop.com.co/
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.20.1
date: Fri, 26 Apr 2024 23:58:59 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQwVCPi144DT1ODlESITYBiGtn0m3VDDnUHy25zEaQAStwfFVeXjeuDz6qEKmmULIATtSfpBUQ

74.125.131.84

302 Found

429 B

URL GET HTTP/3
accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQwVCPi144DT1ODlESITYBiGtn0m3VDDnUHy25zEaQAStwfFVeXjeuDz6qEKmmULIATtSfpBUQ
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint01:16:A3:AE:CA:C9:AC:ED:3A:C9:AA:75:BE:C2:51:EF:65:CE:23:E1
ValidityMon, 08 Apr 2024 06:34:56 GMT - Mon, 01 Jul 2024 06:34:55 GMT

File type
HTML document, ASCII text, with very long lines (405)
Size
429 B (429 bytes)
Hash
fc2c3cc4bb787235c61affcb5e7f2107
410ff8770fed769cd1ebd9bfe04f0dc6187adb27
2b5bb4354b5e21b9624a36ff5773d3e71474c97326baee2e3391095d26a93978

HTTP Headers

GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AaSxoQwVCPi144DT1ODlESITYBiGtn0m3VDDnUHy25zEaQAStwfFVeXjeuDz6qEKmmULIATtSfpBUQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:JGzDu6YiR_680V4tE2YdYk3fY1vJ8w:3jRyYDkIR-C0sw7I;Path=/;Expires=Sun, 26-Apr-2026 23:58:59 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 26 Apr 2024 23:58:59 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzzR4xFdMd-k_IXm8beHxxai5QauAL_KfWiT4nIsyNZRrcTjYkIogRSGUPxFZmPdfXfmJtE-g&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-871584048%3A1714175939822167&theme=mn&ddm=0
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-eqf0doY9UGaArZAQDYahlg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 429
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

116f21a281.7fbe2fd8a8.com/in/multy

94.130.198.6

204 No Content

3.0 kB

URL OPTIONS HTTP/2
116f21a281.7fbe2fd8a8.com/in/multy
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerLet's Encrypt
Subject7fbe2fd8a8.com
FingerprintD4:8A:8B:7A:EF:BA:99:9B:9C:3A:45:2E:A7:88:D0:9D:CD:84:97:E8
ValidityTue, 23 Apr 2024 03:53:21 GMT - Mon, 22 Jul 2024 03:53:20 GMT

File type
JSON text data
Size
3.0 kB (3024 bytes)
Hash
5b065ee6099f5ea082166df5ff02f822
5c562a8c71fe50d836acb487be0066059ec74b01
8c0339c0e3222cac8a415ef1ec17433d4e3fd4c0f4b00e52e2b3283b04d5adac

HTTP Headers

POST /in/multy HTTP/1.1
Host: 116f21a281.7fbe2fd8a8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1719
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 26 Apr 2024 23:59:00 GMT
content-type: application/json
content-length: 3024
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2

116f21a281.7fbe2fd8a8.com/in/show/?tag_ab=a&site_id=31492256&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=tz_offset,all,dch_ip&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fpw%3Ft%3D15%26v%3D554b44685047506a756877646b36433842776c6e78673d3d&refdom=poop.com.co&auction_time=1714175939&subid=366282450&sid=13217604&tcid=0&ver=8.159.0&ver_c=&spot_id=492256&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-26&iabcat=IAB25-3&keywords=&user_fp=1327480139441349969&score=0&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D366282450%26spot_id%3D492256%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fpw%253Ft%253D15%2526v%253D554b44685047506a756877646b36433842776c6e78673d3d%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D366282450%26spot_id%3D492256%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fpw%253Ft%253D15%2526v%253D554b44685047506a756877646b36433842776c6e78673d3d%26idzone%3D0%26sid%3D1886&icons=ubjhbo64FAtngv7NrtVhtm99y5e03-rHkwM0pLibMzQQj6_3p_Jiq5WUOP7xjZQmNr7iuJAHKLxl8k-l_-YH4XdB10C26oYcuG8hxizPchTaDJMA1MBJtvl4hVmivSf9jeWAwceseJdHZ3fBT3S--H718Q2zEhOSId63YZIIs6Xhn7g38w&ext_cid=0&px_id=492256&min_cpm=0.18857622807017546&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=751321490855961946&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.051330447086649404&cpm=0&verify_hash=562037781739e9db0c655f2c1c0ee6f8&is_native=4&real_bid=0.00027537275142955445&original_bid_usd=0.001011656&original_bid=0.001011656&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=108,0,114,27,20&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.001011656&hostname=auc-inpage-hz-4-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001011656&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-container&mlf=1&mlc=1&st=0.11&cpa=4f82d0f4-d309-486a-bf79-a6e65f7c097d&prev_step_diff=853

94.130.198.6

200 OK

0 B

URL GET HTTP/2
116f21a281.7fbe2fd8a8.com/in/show/?tag_ab=a&site_id=31492256&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=tz_offset,all,dch_ip&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fpw%3Ft%3D15%26v%3D554b44685047506a756877646b36433842776c6e78673d3d&refdom=poop.com.co&auction_time=1714175939&subid=366282450&sid=13217604&tcid=0&ver=8.159.0&ver_c=&spot_id=492256&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-26&iabcat=IAB25-3&keywords=&user_fp=1327480139441349969&score=0&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D366282450%26spot_id%3D492256%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fpw%253Ft%253D15%2526v%253D554b44685047506a756877646b36433842776c6e78673d3d%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D366282450%26spot_id%3D492256%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fpw%253Ft%253D15%2526v%253D554b44685047506a756877646b36433842776c6e78673d3d%26idzone%3D0%26sid%3D1886&icons=ubjhbo64FAtngv7NrtVhtm99y5e03-rHkwM0pLibMzQQj6_3p_Jiq5WUOP7xjZQmNr7iuJAHKLxl8k-l_-YH4XdB10C26oYcuG8hxizPchTaDJMA1MBJtvl4hVmivSf9jeWAwceseJdHZ3fBT3S--H718Q2zEhOSId63YZIIs6Xhn7g38w&ext_cid=0&px_id=492256&min_cpm=0.18857622807017546&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=751321490855961946&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.051330447086649404&cpm=0&verify_hash=562037781739e9db0c655f2c1c0ee6f8&is_native=4&real_bid=0.00027537275142955445&original_bid_usd=0.001011656&original_bid=0.001011656&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=108,0,114,27,20&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.001011656&hostname=auc-inpage-hz-4-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001011656&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-container&mlf=1&mlc=1&st=0.11&cpa=4f82d0f4-d309-486a-bf79-a6e65f7c097d&prev_step_diff=853
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerLet's Encrypt
Subject7fbe2fd8a8.com
FingerprintD4:8A:8B:7A:EF:BA:99:9B:9C:3A:45:2E:A7:88:D0:9D:CD:84:97:E8
ValidityTue, 23 Apr 2024 03:53:21 GMT - Mon, 22 Jul 2024 03:53:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=a&site_id=31492256&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=tz_offset,all,dch_ip&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fpw%3Ft%3D15%26v%3D554b44685047506a756877646b36433842776c6e78673d3d&refdom=poop.com.co&auction_time=1714175939&subid=366282450&sid=13217604&tcid=0&ver=8.159.0&ver_c=&spot_id=492256&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-26&iabcat=IAB25-3&keywords=&user_fp=1327480139441349969&score=0&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D366282450%26spot_id%3D492256%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fpw%253Ft%253D15%2526v%253D554b44685047506a756877646b36433842776c6e78673d3d%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D366282450%26spot_id%3D492256%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fpw%253Ft%253D15%2526v%253D554b44685047506a756877646b36433842776c6e78673d3d%26idzone%3D0%26sid%3D1886&icons=ubjhbo64FAtngv7NrtVhtm99y5e03-rHkwM0pLibMzQQj6_3p_Jiq5WUOP7xjZQmNr7iuJAHKLxl8k-l_-YH4XdB10C26oYcuG8hxizPchTaDJMA1MBJtvl4hVmivSf9jeWAwceseJdHZ3fBT3S--H718Q2zEhOSId63YZIIs6Xhn7g38w&ext_cid=0&px_id=492256&min_cpm=0.18857622807017546&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=751321490855961946&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.051330447086649404&cpm=0&verify_hash=562037781739e9db0c655f2c1c0ee6f8&is_native=4&real_bid=0.00027537275142955445&original_bid_usd=0.001011656&original_bid=0.001011656&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=108,0,114,27,20&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.001011656&hostname=auc-inpage-hz-4-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000001011656&ext_campaign_id_str=&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-container&mlf=1&mlc=1&st=0.11&cpa=4f82d0f4-d309-486a-bf79-a6e65f7c097d&prev_step_diff=853 HTTP/1.1
Host: 116f21a281.7fbe2fd8a8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 26 Apr 2024 23:59:00 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

116f21a281.7fbe2fd8a8.com/in/show/?tag_ab=a&site_id=31492256&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=tz_offset,all,dch_ip&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fpw%3Ft%3D15%26v%3D554b44685047506a756877646b36433842776c6e78673d3d&refdom=poop.com.co&auction_time=1714175939&subid=366282450&sid=13217604&tcid=0&ver=8.159.0&ver_c=&spot_id=492256&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-26&iabcat=IAB25-3&keywords=&user_fp=1327480139441349969&score=0&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D366282450%26spot_id%3D492256%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fpw%253Ft%253D15%2526v%253D554b44685047506a756877646b36433842776c6e78673d3d%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=443543&crtid=1598e9c0123b835eb6fa10d1dd69c424&url=https%3A%2F%2Fads.trafficircles.com%2Fadx-dir-d%2Fclick%3Frid%3De6ae7446-1f6c-4dc7-9957-842705e098ad%26type%3Drtb%26feed%3D3197%26region%3D%26tc%3D1%26ts%3D1714175939901&icons=q18luF0uV7NL7gSMGs4jvCgIg6543bY1N2jdDRPpDUZJvB4QEJ-QNy13M-QRlgwJVU7LYDQfHa5-Aa64kejx9o46zqNiTjJHCmPT9L7KE-YBlsRehE9BqZAc6IJLetbM5q0DibMwA2OU8c6-GguZUbs8hmQp8_G7hFYNglbCEa_Dpb6gfuu0jxufkY9q0x0qyDV7kwY7hoU88rpJlgy68FW_od7wi9FagKLifLhPy9E&ext_cid=93564&px_id=73492256&min_cpm=0.001347400987518965&out_id=0&campaign_type=hq&aid=3699&cid=15946&uniq=bb257d173c03d8683cd508c29948db334223aa4f3b7328fb726ea30347f1582b&mid=751321490855961946&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.004551496834530383&cpm=0&verify_hash=56d25b580cd9c168134b7d4a63041aff&is_native=1&real_bid=0.0034173561725765467&original_bid_usd=0.0034173561725765467&original_bid=0.0034173561725765467&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=108,0,4,5,90&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=&site=native-push-adult&price=0.0034173561725765467&hostname=auc-inpage-hz-4-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000003417356172576547&ext_campaign_id_str=93564&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-container&st=0.11&cpa=b2bab267-1201-4ee4-8fd7-0fc71d4811b5&prev_step_diff=852

94.130.198.6

200 OK

0 B

URL GET HTTP/2
116f21a281.7fbe2fd8a8.com/in/show/?tag_ab=a&site_id=31492256&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=tz_offset,all,dch_ip&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fpw%3Ft%3D15%26v%3D554b44685047506a756877646b36433842776c6e78673d3d&refdom=poop.com.co&auction_time=1714175939&subid=366282450&sid=13217604&tcid=0&ver=8.159.0&ver_c=&spot_id=492256&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-26&iabcat=IAB25-3&keywords=&user_fp=1327480139441349969&score=0&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D366282450%26spot_id%3D492256%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fpw%253Ft%253D15%2526v%253D554b44685047506a756877646b36433842776c6e78673d3d%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=443543&crtid=1598e9c0123b835eb6fa10d1dd69c424&url=https%3A%2F%2Fads.trafficircles.com%2Fadx-dir-d%2Fclick%3Frid%3De6ae7446-1f6c-4dc7-9957-842705e098ad%26type%3Drtb%26feed%3D3197%26region%3D%26tc%3D1%26ts%3D1714175939901&icons=q18luF0uV7NL7gSMGs4jvCgIg6543bY1N2jdDRPpDUZJvB4QEJ-QNy13M-QRlgwJVU7LYDQfHa5-Aa64kejx9o46zqNiTjJHCmPT9L7KE-YBlsRehE9BqZAc6IJLetbM5q0DibMwA2OU8c6-GguZUbs8hmQp8_G7hFYNglbCEa_Dpb6gfuu0jxufkY9q0x0qyDV7kwY7hoU88rpJlgy68FW_od7wi9FagKLifLhPy9E&ext_cid=93564&px_id=73492256&min_cpm=0.001347400987518965&out_id=0&campaign_type=hq&aid=3699&cid=15946&uniq=bb257d173c03d8683cd508c29948db334223aa4f3b7328fb726ea30347f1582b&mid=751321490855961946&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.004551496834530383&cpm=0&verify_hash=56d25b580cd9c168134b7d4a63041aff&is_native=1&real_bid=0.0034173561725765467&original_bid_usd=0.0034173561725765467&original_bid=0.0034173561725765467&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=108,0,4,5,90&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=&site=native-push-adult&price=0.0034173561725765467&hostname=auc-inpage-hz-4-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000003417356172576547&ext_campaign_id_str=93564&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-container&st=0.11&cpa=b2bab267-1201-4ee4-8fd7-0fc71d4811b5&prev_step_diff=852
IP
94.130.198.6:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerLet's Encrypt
Subject7fbe2fd8a8.com
FingerprintD4:8A:8B:7A:EF:BA:99:9B:9C:3A:45:2E:A7:88:D0:9D:CD:84:97:E8
ValidityTue, 23 Apr 2024 03:53:21 GMT - Mon, 22 Jul 2024 03:53:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/show/?tag_ab=a&site_id=31492256&adblock=0&testab=0&auction_host=apply&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=250&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=tz_offset,all,dch_ip&ssp=3964&page=https%3A%2F%2Fpoop.com.co%2Fpw%3Ft%3D15%26v%3D554b44685047506a756877646b36433842776c6e78673d3d&refdom=poop.com.co&auction_time=1714175939&subid=366282450&sid=13217604&tcid=0&ver=8.159.0&ver_c=&spot_id=492256&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-04-26&iabcat=IAB25-3&keywords=&user_fp=1327480139441349969&score=0&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D366282450%26spot_id%3D492256%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoop.com.co%252Fpw%253Ft%253D15%2526v%253D554b44685047506a756877646b36433842776c6e78673d3d%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=443543&crtid=1598e9c0123b835eb6fa10d1dd69c424&url=https%3A%2F%2Fads.trafficircles.com%2Fadx-dir-d%2Fclick%3Frid%3De6ae7446-1f6c-4dc7-9957-842705e098ad%26type%3Drtb%26feed%3D3197%26region%3D%26tc%3D1%26ts%3D1714175939901&icons=q18luF0uV7NL7gSMGs4jvCgIg6543bY1N2jdDRPpDUZJvB4QEJ-QNy13M-QRlgwJVU7LYDQfHa5-Aa64kejx9o46zqNiTjJHCmPT9L7KE-YBlsRehE9BqZAc6IJLetbM5q0DibMwA2OU8c6-GguZUbs8hmQp8_G7hFYNglbCEa_Dpb6gfuu0jxufkY9q0x0qyDV7kwY7hoU88rpJlgy68FW_od7wi9FagKLifLhPy9E&ext_cid=93564&px_id=73492256&min_cpm=0.001347400987518965&out_id=0&campaign_type=hq&aid=3699&cid=15946&uniq=bb257d173c03d8683cd508c29948db334223aa4f3b7328fb726ea30347f1582b&mid=751321490855961946&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.004551496834530383&cpm=0&verify_hash=56d25b580cd9c168134b7d4a63041aff&is_native=1&real_bid=0.0034173561725765467&original_bid_usd=0.0034173561725765467&original_bid=0.0034173561725765467&exp=1440&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=108,0,4,5,90&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=&site=native-push-adult&price=0.0034173561725765467&hostname=auc-inpage-hz-4-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000003417356172576547&ext_campaign_id_str=93564&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-container&st=0.11&cpa=b2bab267-1201-4ee4-8fd7-0fc71d4811b5&prev_step_diff=852 HTTP/1.1
Host: 116f21a281.7fbe2fd8a8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 26 Apr 2024 23:59:00 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-container&mlf=1&mlc=1&st=0.11&cpa=4a648e49-1159-4f2d-bf28-db083e2cda21&prev_step_diff=853

45.133.44.25

200 OK

486 B

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-container&mlf=1&mlc=1&st=0.11&cpa=4a648e49-1159-4f2d-bf28-db083e2cda21&prev_step_diff=853
IP
45.133.44.25:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
486 B (486 bytes)
Hash
ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-container&mlf=1&mlc=1&st=0.11&cpa=4a648e49-1159-4f2d-bf28-db083e2cda21&prev_step_diff=853 HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:59:00 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-1e6"
expires: Sat, 26 Apr 2025 23:59:00 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp

45.133.44.25

200 OK

1.1 kB

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp
IP
45.133.44.25:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
FingerprintD1:F7:45:48:1F:97:95:82:21:67:D7:E5:0D:16:FA:F3:6C:7C:97:76
ValidityFri, 05 Apr 2024 03:01:07 GMT - Thu, 04 Jul 2024 03:01:06 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.1 kB (1066 bytes)
Hash
2a11e13b2bd67bb9a6cb347d7c73df13
b85460a33f9b229f42c08a6a94ae433a4d5c32ab
1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:59:00 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 08 Dec 2023 10:18:03 GMT
etag: "6572ed5b-42a"
expires: Sat, 26 Apr 2025 23:59:00 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzzR4xFdMd-k_IXm8beHxxai5QauAL_KfWiT4nIsyNZRrcTjYkIogRSGUPxFZmPdfXfmJtE-g&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-871584048%3A1714175939822167&theme=mn&ddm=0

74.125.131.84

403 Forbidden

799 B

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzzR4xFdMd-k_IXm8beHxxai5QauAL_KfWiT4nIsyNZRrcTjYkIogRSGUPxFZmPdfXfmJtE-g&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-871584048%3A1714175939822167&theme=mn&ddm=0
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint01:16:A3:AE:CA:C9:AC:ED:3A:C9:AA:75:BE:C2:51:EF:65:CE:23:E1
ValidityMon, 08 Apr 2024 06:34:56 GMT - Mon, 01 Jul 2024 06:34:55 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (1644), with no line terminators
Size
799 B (799 bytes)
Hash
3ff4effc34fa5d21f234592b155f9a3e
4eb14044114e0f7d584e30dddeea404b14edb60f
7d00a522aeb571601f90a2a4082337b46d69d4e3786f778def60c3521e5e4e11

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AaSxoQzzR4xFdMd-k_IXm8beHxxai5QauAL_KfWiT4nIsyNZRrcTjYkIogRSGUPxFZmPdfXfmJtE-g&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-871584048%3A1714175939822167&theme=mn&ddm=0 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 26 Apr 2024 23:58:59 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-security-policy: script-src 'nonce-MJp3S1DjdwkCGvdLIXj3FA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

us.opencan.net/nty/roiimp.img?event=impressions&bid-id=P3tkeH54fXh-fHB6cHFwfWR-ZHh7e3F_ZHh6e3B9eX9kKHF7cXsvLytkei1_cWR6LHF5ZHF4fXtkeXl-cXF-fHp5eHF-&img=https%3A%2F%2Fcdn.amnew.net%2Ffiles%2F65f2908ac19aa_2024_03_14_05_52_10_image.webp

31.204.132.207

302 Found

0 B

URL GET HTTP/2
us.opencan.net/nty/roiimp.img?event=impressions&bid-id=P3tkeH54fXh-fHB6cHFwfWR-ZHh7e3F_ZHh6e3B9eX9kKHF7cXsvLytkei1_cWR6LHF5ZHF4fXtkeXl-cXF-fHp5eHF-&img=https%3A%2F%2Fcdn.amnew.net%2Ffiles%2F65f2908ac19aa_2024_03_14_05_52_10_image.webp
IP
31.204.132.207:443
ASN
#49544 i3D.net B.V

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerLet's Encrypt
Subject*.opencan.net
FingerprintC6:E9:87:79:78:46:68:21:8A:56:70:F4:A8:5C:20:D0:89:03:07:6B
ValidityWed, 17 Apr 2024 23:03:31 GMT - Tue, 16 Jul 2024 23:03:30 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /nty/roiimp.img?event=impressions&bid-id=P3tkeH54fXh-fHB6cHFwfWR-ZHh7e3F_ZHh6e3B9eX9kKHF7cXsvLytkei1_cWR6LHF5ZHF4fXtkeXl-cXF-fHp5eHF-&img=https%3A%2F%2Fcdn.amnew.net%2Ffiles%2F65f2908ac19aa_2024_03_14_05_52_10_image.webp HTTP/1.1
Host: us.opencan.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: openresty/1.21.4.1
date: Fri, 26 Apr 2024 23:59:01 GMT
content-length: 0
location: https://cdn.amnew.net/files/65f2908ac19aa_2024_03_14_05_52_10_image.webp
X-Firefox-Spdy: h2

cdn.amnew.net/files/65f2908ac19aa_2024_03_14_05_52_10_image.webp

5.200.15.240

200 OK

1.5 kB

URL GET HTTP/2
cdn.amnew.net/files/65f2908ac19aa_2024_03_14_05_52_10_image.webp
IP
5.200.15.240:443
ASN
#49544 i3D.net B.V

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerLet's Encrypt
Subject*.amnew.net
FingerprintD9:73:05:EC:E9:FC:0A:5E:1F:2A:E0:A1:97:85:C1:47:E8:5A:AB:5C
ValidityMon, 04 Mar 2024 23:09:10 GMT - Sun, 02 Jun 2024 23:09:09 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 192x192, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.5 kB (1486 bytes)
Hash
a5ebeea27759de6e7db26a592dc7283f
478f12765a1ef15bd10e5214f0c6b7146e8e0fc6
af2024cabd9fb64e083a3cb40820296470c519a24d17d89f686064e4e6fa035d

HTTP Headers

GET /files/65f2908ac19aa_2024_03_14_05_52_10_image.webp HTTP/1.1
Host: cdn.amnew.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/webp
content-length: 1486
last-modified: Thu, 14 Mar 2024 05:52:11 GMT
etag: "a5ebeea27759de6e7db26a592dc7283f"
accept-ranges: bytes
X-Firefox-Spdy: h2

cf9c86d5de.f33207dc6c.com/c37eb03648abae911c8ba86cf51fd9e6.js

45.133.44.52

200 OK

169 kB

URL GET HTTP/2
cf9c86d5de.f33207dc6c.com/c37eb03648abae911c8ba86cf51fd9e6.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerLet's Encrypt
Subjectcf9c86d5de.f33207dc6c.com
Fingerprint07:43:06:4D:DB:B9:3C:31:4D:0B:61:89:FB:65:A1:AA:78:A1:36:FD
ValidityTue, 23 Apr 2024 02:30:49 GMT - Mon, 22 Jul 2024 02:30:48 GMT

File type

Size
169 kB (168568 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /c37eb03648abae911c8ba86cf51fd9e6.js HTTP/1.1
Host: cf9c86d5de.f33207dc6c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:58:54 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 25 Apr 2024 13:18:02 GMT
etag: W/"662a580a-29278"
content-encoding: gzip
expires: Sat, 27 Apr 2024 00:03:54 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

doods.pro/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js

104.26.8.231

200 OK

7.9 kB

URL GET HTTP/3
doods.pro/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js
IP
104.26.8.231:443
ASN
#13335 CLOUDFLARENET

Requested by
https://doods.pro/e/yicr1zbh2yuw
Certificate
IssuerGoogle Trust Services LLC
Subjectdoods.pro
Fingerprint7E:E1:E5:CB:1C:1F:CB:FD:3B:36:64:B2:19:7D:6F:D9:5F:27:4E:DB
ValiditySat, 30 Mar 2024 22:00:20 GMT - Fri, 28 Jun 2024 22:00:19 GMT

File type
JavaScript source, ASCII text, with very long lines (7871), with no line terminators
Size
7.9 kB (7871 bytes)
Hash
2b039aa58dc5fe08d9dbb1127b2ea89b
907f4489e31b2acf80f24cf7d01878fcbd2c7bfa
1c2c9f74a98044da482d2ba6e1788ea71d207025b2e670e1038c04bc33c3c8cf

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js HTTP/1.1
Host: doods.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:58:54 GMT
content-type: application/javascript; charset=UTF-8
content-encoding: br
x-content-type-options: nosniff
vary: accept-encoding
cache-control: max-age=14400, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bznqVEaba3c%2F3jG6q9iyipqzejCbf8T74YqsHLXZSVMPeMCFNIQlddCZJYS8p%2Bv%2FueqWS5BExuxcwd9PG%2BNxe749urEe%2FtsvDmOJRaPFC%2FvJFMPd4FzEYw3hug%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87aa8606ae9656a5-OSL
alt-svc: h3=":443"; ma=86400

i.doodcdn.co/theme_2/img/loader.svg

172.67.70.190

200 OK

694 B

URL GET HTTP/3
i.doodcdn.co/theme_2/img/loader.svg
IP
172.67.70.190:443
ASN
#13335 CLOUDFLARENET

Requested by
https://doods.pro/e/yicr1zbh2yuw
Certificate
IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
exported SGML document, ASCII text, with very long lines (750), with no line terminators
Size
694 B (694 bytes)
Hash
e0c38124a46835a055de826afbf33d9b
255567da0faa3de6c4bcef1780e9990ba7c9c0ff
e186e235e7552b286f217c94c747abdd5a8df8279c2334a61202817f937ea960

HTTP Headers

GET /theme_2/img/loader.svg HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://i.doodcdn.co/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:58:54 GMT
content-type: image/svg+xml
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
cache-control: max-age=2592000
expires: Sun, 26 May 2024 17:27:16 GMT
access-control-allow-origin: *
cf-cache-status: HIT
age: 21073
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wQw51wpoxVY7DWk7O1ukYZg1Qq%2BIYvuQ2jUXsq1PErcfAncGRYGTYFes1NUt2QYu6q4idGhKvHYCfvpMhoyXzSUokYqoaZbPb19mufwmz8jnYfLVqdRVQjnztifvAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa8608a95a712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

poop.com.co/favicon.ico

188.114.97.1

200 OK

7.4 kB

URL GET HTTP/3
poop.com.co/favicon.ico
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerLet's Encrypt
Subjectpoop.com.co
FingerprintEA:EE:EE:71:08:93:82:E5:DD:72:09:B4:34:3A:43:B8:CC:B7:6D:7F
ValidityWed, 10 Apr 2024 13:32:28 GMT - Tue, 09 Jul 2024 13:32:27 GMT

File type
MS Windows icon resource - 3 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
Size
7.4 kB (7406 bytes)
Hash
75d6f708234ee27c65a34e4525b3208b
9525b03c07b3fe995113ccfb2e2ee605fad936ae
53c058f52071fa4c02cf9bcde6626af585f19d56655909982d73eef9b7f2f1b3

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: poop.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:58:54 GMT
content-type: image/x-icon
last-modified: Sun, 11 Feb 2024 12:12:37 GMT
etag: W/"65c8b9b5-1cee"
cache-control: max-age=43200
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fuoMDXfBQO6tj29RLt1%2Bjn7BweKy5zVpstazziIVVyf8M88UUoe2PqRj16kllxysJiX%2FpZzvbb4q4oSGhtNkbEH2Oe4w5%2Fm37F247w0PbxdUcZtYdL1w9RQJusxhlA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa86023c7f56c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ads.trafficircles.com/adx-dir-d/openrtb/track?rid=e6ae7446-1f6c-4dc7-9957-842705e098ad&feed=3197&region=us&tc=1&ts=1714175939901&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-container&st=0.11&cpa=9e2f5a4c-adde-44a4-aed0-b6954259dab2&prev_step_diff=852

52.0.10.233

302 Found

1.5 kB

URL GET HTTP/2
ads.trafficircles.com/adx-dir-d/openrtb/track?rid=e6ae7446-1f6c-4dc7-9957-842705e098ad&feed=3197&region=us&tc=1&ts=1714175939901&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-container&st=0.11&cpa=9e2f5a4c-adde-44a4-aed0-b6954259dab2&prev_step_diff=852
IP
52.0.10.233:443
ASN
#14618 AMAZON-AES

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerAmazon
Subjecttrafficircles.com
Fingerprint1B:B2:75:82:65:C8:B2:8D:04:83:92:91:47:7D:C8:FC:6B:92:57:9F
ValiditySat, 30 Sep 2023 00:00:00 GMT - Mon, 28 Oct 2024 23:59:59 GMT

File type

Size
1.5 kB (1486 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /adx-dir-d/openrtb/track?rid=e6ae7446-1f6c-4dc7-9957-842705e098ad&feed=3197&region=us&tc=1&ts=1714175939901&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_r-container&st=0.11&cpa=9e2f5a4c-adde-44a4-aed0-b6954259dab2&prev_step_diff=852 HTTP/1.1
Host: ads.trafficircles.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 26 Apr 2024 23:59:00 GMT
content-type: text/html;charset=UTF-8
content-length: 0
location: https://us.opencan.net/nty/roiimp.img?event=impressions&bid-id=P3tkeH54fXh-fHB6cHFwfWR-ZHh7e3F_ZHh6e3B9eX9kKHF7cXsvLytkei1_cWR6LHF5ZHF4fXtkeXl-cXF-fHp5eHF-&img=https%3A%2F%2Fcdn.amnew.net%2Ffiles%2F65f2908ac19aa_2024_03_14_05_52_10_image.webp
server: nginx
set-cookie: new_adx_profile_guid=df6cb4aa-5120-40a4-a534-c5819c70493c;Max-Age=7776000;path=/;SameSite=None; Secure
adx_profile_guid=df6cb4aa-5120-40a4-a534-c5819c70493c; path=/; Max-Age=7776000; Expires=Thu, 25-Jul-2024 23:59:00 GMT
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
X-Firefox-Spdy: h2

poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d

188.114.97.1

200 OK

7.2 kB

URL User Request GET HTTP/2
poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectpoop.com.co
FingerprintEA:EE:EE:71:08:93:82:E5:DD:72:09:B4:34:3A:43:B8:CC:B7:6D:7F
ValidityWed, 10 Apr 2024 13:32:28 GMT - Tue, 09 Jul 2024 13:32:27 GMT

File type
JavaScript source, ASCII text, with very long lines (7229), with no line terminators
Size
7.2 kB (7183 bytes)
Hash
1e0d1ff75dca7f2dad252cd3cff6258e
f66df370652db864ff9527ca14cd6fdf31e434c5
a5090d0fc0cfd38b0e919e026ad0cfd85c37aaaa304475f481a706c5e84da542

HTTP Headers

GET /pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d HTTP/1.1
Host: poop.com.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:58:53 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BHAizZnPooUp7T%2Bphf5tBDI%2BHuCF7aAL2FsLQFaI8T15OZnU%2FBGFkrTpE1y8smJDycM1Hmc3PyakCwmFzj87XCgLYL%2FS4DD2Fh1zbz%2Fuw3iRN5VkkSXFznAv92ZjYA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87aa85fa89980b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cf9c86d5de.f33207dc6c.com/526afdf9b717924176eabd0c81f90a31.js

45.133.44.52

200 OK

109 kB

URL GET HTTP/2
cf9c86d5de.f33207dc6c.com/526afdf9b717924176eabd0c81f90a31.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerLet's Encrypt
Subjectcf9c86d5de.f33207dc6c.com
Fingerprint07:43:06:4D:DB:B9:3C:31:4D:0B:61:89:FB:65:A1:AA:78:A1:36:FD
ValidityTue, 23 Apr 2024 02:30:49 GMT - Mon, 22 Jul 2024 02:30:48 GMT

File type

Size
109 kB (109340 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /526afdf9b717924176eabd0c81f90a31.js HTTP/1.1
Host: cf9c86d5de.f33207dc6c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poop.com.co
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:58:53 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 23 Apr 2024 09:45:19 GMT
etag: W/"6627832f-1ab1c"
content-encoding: gzip
expires: Sat, 27 Apr 2024 00:03:53 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

doods.pro/pass_md5/126456007-91-90-1714175933-9d6c3d0b690ff440e77cb0672b787746/vk22mii3gtpfr3mp4oiee6sb

104.26.8.231

200 OK

106 B

URL GET HTTP/3
doods.pro/pass_md5/126456007-91-90-1714175933-9d6c3d0b690ff440e77cb0672b787746/vk22mii3gtpfr3mp4oiee6sb
IP
104.26.8.231:443
ASN
#13335 CLOUDFLARENET

Requested by
https://doods.pro/e/yicr1zbh2yuw
Certificate
IssuerGoogle Trust Services LLC
Subjectdoods.pro
Fingerprint7E:E1:E5:CB:1C:1F:CB:FD:3B:36:64:B2:19:7D:6F:D9:5F:27:4E:DB
ValiditySat, 30 Mar 2024 22:00:20 GMT - Fri, 28 Jun 2024 22:00:19 GMT

File type
ASCII text, with no line terminators
Size
106 B (106 bytes)
Hash
0cea611fc0d205808671c44fa7aeb022
00ba21b9b5bc2dc795f12cd3bc9a29550c48e34c
07b6e32c822d053384ec4b6e101e5029dd1cc8573160a4b343d7721919b9b830

HTTP Headers

GET /pass_md5/126456007-91-90-1714175933-9d6c3d0b690ff440e77cb0672b787746/vk22mii3gtpfr3mp4oiee6sb HTTP/1.1
Host: doods.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://doods.pro/e/yicr1zbh2yuw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:58:54 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GpbaiEG8f5ARJnMdds%2BtOj4fVHREQnnwKnC1Ty9vz%2B%2FO3UlhLxt9yPBlQlOM2aho0gscR%2FX%2Bq%2BPmIop4uREItMSWbuVl085XmjZQsusCZn3DXP4koa%2FC389rkw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87aa86063e7156a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

i.doodcdn.co/get_slides/15/64k13zd46l4jw8e2.jpg

172.67.70.190

200 OK

3.2 kB

URL GET HTTP/3
i.doodcdn.co/get_slides/15/64k13zd46l4jw8e2.jpg
IP
172.67.70.190:443
ASN
#13335 CLOUDFLARENET

Requested by
https://doods.pro/e/yicr1zbh2yuw
Certificate
IssuerCloudflare, Inc.
Subjectdoodcdn.co
Fingerprint8C:32:D4:AB:AF:53:AF:34:D3:6F:F9:E0:66:DC:21:B2:03:C6:34:F3
ValidityFri, 12 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3268), with no line terminators
Size
3.2 kB (3158 bytes)
Hash
db0b28311228e3608aec90f8f28ffb4a
6c4f58f29e1ddfc982da87f185026f0fc1bca50c
914cbf1cb5eea41bf3a4132e78bca1100b00f3fba705a40ede8ea6e47fb595da

HTTP Headers

GET /get_slides/15/64k13zd46l4jw8e2.jpg HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://doods.pro
DNT: 1
Connection: keep-alive
Referer: https://doods.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 23:58:54 GMT
content-type: text/vtt
access-control-allow-origin: *
last-modified: Fri, 26 Apr 2024 19:04:21 GMT
cache-control: max-age=86400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kd5t%2FbnR4bV0hOzUl3XwgFTlB1onamZN5iUcmCE0LefrufoQ4HSU0bGDztrDtzLmr%2FAHedetJFeTD0dmPnR%2FEpUKcFOBfamgYKyI6DUlEhM%2BAlbs30AQfyL7m20guQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87aa86069907569a-OSL
alt-svc: h3=":443"; ma=86400

doods.pro/e/yicr1zbh2yuw

104.26.8.231

200 OK

32 kB

URL GET HTTP/2
doods.pro/e/yicr1zbh2yuw
IP
104.26.8.231:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerGoogle Trust Services LLC
Subjectdoods.pro
Fingerprint7E:E1:E5:CB:1C:1F:CB:FD:3B:36:64:B2:19:7D:6F:D9:5F:27:4E:DB
ValiditySat, 30 Mar 2024 22:00:20 GMT - Fri, 28 Jun 2024 22:00:19 GMT

File type
HTML document, ASCII text, with very long lines (31558), with no line terminators
Size
32 kB (31558 bytes)
Hash
5a1186099f1a516f7c36a6f2b99dc311
ab36d45e87bf8224466a4dde703f339a981b007d
817216e7d83d31855bdd5c62358868ae01d762da842a05d43e5e8e66b33a64c6

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code

HTTP Headers

GET /e/yicr1zbh2yuw HTTP/1.1
Host: doods.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:58:53 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 25 Apr 2024 23:58:53 GMT
set-cookie: lang=1; domain=.doods.pro; path=/; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QFXsS4NV5Bc1EFm1QFnEC4rl8wSns2tg%2F44PRjUb%2F%2F96N9vLKPW2CmtgfMRDc4hTA79k6LcXccvpLsLLXNdWSl6lhZoo3cvf3JVR9VabrGNkp3cxKTK4bn992g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87aa86026ce456b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

storage.multstorage.com/log/count.html

104.21.30.242

200 OK

882 B

URL GET HTTP/2
storage.multstorage.com/log/count.html
IP
104.21.30.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerGoogle Trust Services LLC
Subjectmultstorage.com
Fingerprint63:F0:24:29:21:22:E5:42:33:61:B5:20:05:1B:EF:36:81:F5:7B:0A
ValiditySun, 17 Mar 2024 08:38:54 GMT - Sat, 15 Jun 2024 08:38:53 GMT

File type
HTML document, ASCII text, with very long lines (919), with no line terminators
Size
882 B (882 bytes)
Hash
053b1fe641da8057571d40ebaf1624ab
09b2648b7d08c84621298f0b939cea5170a65022
6606334874a3edb8295831f41d3684433e4553ffe0a72e58c90926e00f39c6a4

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:58:54 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: b287979358607684cec9ca96c2e360f4
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=egMNxZbKjxFkao%2FHTfeo%2Br3xJFEe%2BXABQCHlW3eE61Ldk3TV0ZawQb8fKVsMaMo9%2B0oHfU9ijIOQYhATO%2FWYeGvImE9Di3rD6kmgeJ2uaUnNDCn2BrJzX4EHOsKH5w3gbG9tqkolwxQDfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87aa86067bdb5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cf9c86d5de.f33207dc6c.com/0d1d1d0ae3f06d802747776c90722fd4.js

45.133.44.52

200 OK

470 kB

URL GET HTTP/2
cf9c86d5de.f33207dc6c.com/0d1d1d0ae3f06d802747776c90722fd4.js
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poop.com.co/pw?t=15&v=554b44685047506a756877646b36433842776c6e78673d3d
Certificate
IssuerLet's Encrypt
Subjectcf9c86d5de.f33207dc6c.com
Fingerprint07:43:06:4D:DB:B9:3C:31:4D:0B:61:89:FB:65:A1:AA:78:A1:36:FD
ValidityTue, 23 Apr 2024 02:30:49 GMT - Mon, 22 Jul 2024 02:30:48 GMT

File type

Size
470 kB (470121 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /0d1d1d0ae3f06d802747776c90722fd4.js HTTP/1.1
Host: cf9c86d5de.f33207dc6c.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poop.com.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 23:58:59 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 16 Apr 2024 12:49:54 GMT
etag: W/"661e73f2-72c69"
content-encoding: gzip
expires: Sat, 27 Apr 2024 00:03:59 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML