Report - poop.skin/e/5m4670oun9xb

Report Overview

Visited public
2024-12-26 23:03:46
Tags
URL
poop.skin/e/5m4670oun9xb
Finishing URL
poo.phd/e/5m4670oun9xb
IP / ASN
172.67.168.206
#13335 CLOUDFLARENET
Title
ngewe pulang sekolah - .mp4 - PoopHD - PoopHD

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fp.metricswpsh.com	unknown	2021-10-29	2022-04-22	2024-12-25	1.0 kB	699 B	157.90.84.242
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24	2024-12-25	478 B	39 kB	104.16.80.73
nereserv.com	40015	2020-12-21	2020-12-21	2024-12-20	2.2 kB	1.3 kB	168.119.25.102
mp4skin.com	unknown	2023-05-01	2023-05-11	2024-12-15	1.6 kB	188 kB	172.67.154.189
683bf625f2.6e6ab61908.com	unknown	2024-11-26	2024-12-26	2024-12-26	14 kB	7.1 kB	116.202.204.105
ab56a2a85e.572a8a28b5.com	unknown	2024-11-26	2024-12-26	2024-12-26	815 B	343 B	45.133.44.52
dx4.poopstream.co	unknown	2024-03-14	2024-10-22	2024-12-22	418 B	13 kB	104.21.58.50
poo.phd	unknown	2024-12-02	2024-12-21	2024-12-21	1.5 kB	13 kB	104.21.16.1
s3t3d2y8.afcdn.net	unknown	2022-06-27	2022-08-08	2024-12-26	890 B	53 kB	95.173.205.15
s.optvz.com	unknown	2020-03-25	2024-10-14	2024-12-25	1.2 kB	474 B	95.211.229.245
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2024-12-25	457 B	29 kB	104.17.24.14
metrolagu.cam	unknown	2023-03-24	2023-08-23	2024-12-22	2.1 kB	64 kB	172.67.147.56
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-12-25	457 B	1.4 kB	188.114.96.1
meenetiy.com	unknown	2023-01-04	2023-01-04	2024-12-15	2.8 kB	39 kB	139.45.197.119
static.bookmsg.com	47495	2020-09-15	2020-11-24	2024-12-20	2.8 kB	6.7 kB	45.133.44.24
be1c6e25e9.ca6d30883b.com	unknown	2024-11-26	2024-12-26	2024-12-26	2.7 kB	1.5 MB	45.133.44.53
pagead2.googlesyndication.com	101	2003-01-21	2012-05-21	2024-12-25	455 B	160 kB	216.58.211.2
storage.multstorage.com	unknown	2023-09-22	2023-09-22	2024-12-20	517 B	1.8 kB	104.21.30.242
accounts.google.com	81	1997-09-15	2012-05-23	2024-12-25	1.7 kB	20 kB	173.194.220.84
poop.skin	unknown	2024-12-19	2024-09-24	2024-12-20	478 B	801 B	172.67.168.206
ax4.poopstream.co	unknown	2024-03-14	2024-10-22	2024-12-22	1.3 kB	6.8 kB	172.67.200.123
enrtx.com	unknown	2024-10-07	2024-11-04	2024-12-22	464 B	4.0 kB	94.130.197.239
www.googletagmanager.com	75	2011-11-11	2012-10-04	2024-12-25	414 B	111 kB	142.250.74.168
uk.pivotsforints.com	unknown	2024-10-19	2024-11-07	2024-12-22	410 B	1.5 kB	23.109.170.127

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-12-26	medium	6e6ab61908.com	Sinkholed
2024-12-26	medium	6e6ab61908.com	Sinkholed
2024-12-26	medium	meenetiy.com	Sinkholed
2024-12-26	medium	meenetiy.com	Sinkholed
2024-12-26	medium	6e6ab61908.com	Sinkholed
2024-12-26	medium	6e6ab61908.com	Sinkholed
2024-12-26	medium	6e6ab61908.com	Sinkholed
2024-12-26	medium	6e6ab61908.com	Sinkholed
2024-12-26	medium	6e6ab61908.com	Sinkholed
2024-12-26	medium	pivotsforints.com	Sinkholed
2024-12-26	medium	ca6d30883b.com	Sinkholed
2024-12-26	medium	ca6d30883b.com	Sinkholed
2024-12-26	medium	ca6d30883b.com	Sinkholed
2024-12-26	medium	meenetiy.com	Sinkholed
2024-12-26	medium	ca6d30883b.com	Sinkholed
2024-12-26	medium	ca6d30883b.com	Sinkholed
2024-12-26	medium	ca6d30883b.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (16)

	URL	From	Size	First Seen	Last Seen
	metrolagu.cam/watch?v=vve-1aKPqmI	ScriptElement	0 B	0001-01-01	2025-06-14
Pretty URL metrolagu.cam/watch?v=vve-1aKPqmI IP 172.67.147.56 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-14 15:42 Times Seen4959254 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	poo.phd/e/5m4670oun9xb	ScriptElement	1.7 kB	2024-12-26	2024-12-26
Pretty URL poo.phd/e/5m4670oun9xb IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-12-26 23:03 Last Seen2024-12-26 23:03 Times Seen2 Hash 70149db652fefb495786f7aecfb1b149 efbfbb45f6914b002e4ead9df4bd8f25809e85e5 55462b5132a11d5e994ba5a27782a320b384a824df43f80f75599ff5d2553c19 Loading...

	be1c6e25e9.ca6d30883b.com/a9d6a07d87f62b3487809a95a3b11612.js	ScriptElement	553 kB	2024-12-26	2024-12-28
Pretty URL be1c6e25e9.ca6d30883b.com/a9d6a07d87f62b3487809a95a3b11612.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-26 13:32 Last Seen2024-12-28 09:22 Times Seen48 Hash 2e876483aeeb7452330722923d2757b1 625974b69dd0310fb965bcf9da2027816afed4cd 0a04d64415ae748465a3b3a51b0cdbd59162eacbdde93433381a73f00c5c1970 Loading...

	be1c6e25e9.ca6d30883b.com/bfc14d10224fb4e562d5d9a7e4e020b6.js	ScriptElement	107 kB	2024-12-11	2025-01-10
Pretty URL be1c6e25e9.ca6d30883b.com/bfc14d10224fb4e562d5d9a7e4e020b6.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-11 21:09 Last Seen2025-01-10 15:41 Times Seen315 Hash de644f1c86b24df53fd021f17f75ac2e 045c83a53bd32d3b059371255bf7b254f5a9233e e2169889c4ed69b44773f6b1bba57b4b49c2b62a7690d4ce66a192809fc90332 Loading...

	poo.phd/e/5m4670oun9xb	ScriptElement	6.4 kB	2023-10-24	2025-06-14
Pretty URL poo.phd/e/5m4670oun9xb IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-24 06:38 Last Seen2025-06-14 13:42 Times Seen246 Hash eeed368413469275e3ee01f81d506e3b f0b2023738dda3d9f81f01101ffddc539dd5c919 4f96b2f1bc98f9dce38413ca59d5fe7c0f994b467965421be18e634d5dfaab9e Loading...

	www.googletagmanager.com/gtag/js?id=G-RRBBHD087X	ScriptElement	331 kB	2024-12-26	2024-12-26
Pretty URL www.googletagmanager.com/gtag/js?id=G-RRBBHD087X IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-26 23:03 Last Seen2024-12-26 23:03 Times Seen2 Hash 485f4963500f8425697ee130434deb9b b14d37a845cd06eadef41666c1614c04d5671d01 abf5af8a1b809fb5ae37443357d67b15e7bbc1073443a51c299ac3a4917e575d Loading...

	uk.pivotsforints.com/ryXb2oiPSKP/64343	ScriptElement	0 B	0001-01-01	2025-06-14
Pretty URL uk.pivotsforints.com/ryXb2oiPSKP/64343 IP 23.109.170.127 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-06-14 15:42 Times Seen4959254 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	be1c6e25e9.ca6d30883b.com/a8514643546b53750c252df18c531ac2.js	ScriptElement	122 kB	2024-12-05	2025-01-22
Pretty URL be1c6e25e9.ca6d30883b.com/a8514643546b53750c252df18c531ac2.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-05 15:05 Last Seen2025-01-22 09:19 Times Seen1163 Hash 19c6f6233262cf16d5b6e475f3d8a44c f172778db5959e847ce5d378947c56fe75f6df56 78c30b418896961856ee26e09ac3990b9e790852ad1333a0d30e8ede9f771a6f Loading...

	storage.multstorage.com/log/count.html	ScriptElement	718 B	2023-09-18	2025-03-01
Pretty URL storage.multstorage.com/log/count.html IP 104.21.30.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-18 17:19 Last Seen2025-03-01 23:33 Times Seen12563 Hash 1f697a0f2411e463adbc1211493fe5a6 93c154152bda427938543b8efbd8d3b594abbac7 08a5735f5232b651af89f552e8d0fb7b21d6605fba48f335318699d80d12703e Loading...

	static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015	ScriptElement	20 kB	2024-06-07	2025-06-14
Pretty URL static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 IP 104.16.80.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-07 09:21 Last Seen2025-06-14 15:32 Times Seen60126 Hash ec18af6d41f6f278b6aed3bdabffa7bc 62c9e2cab76b888829f3c5335e91c320b22329ae 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f Loading...

	be1c6e25e9.ca6d30883b.com/9e4d69f4cab39bd4cbbba618df9906f9.js	ScriptElement	190 kB	2024-12-26	2024-12-28
Pretty URL be1c6e25e9.ca6d30883b.com/9e4d69f4cab39bd4cbbba618df9906f9.js IP 45.133.44.53 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-26 13:32 Last Seen2024-12-28 09:22 Times Seen49 Hash 7f529b5850e51a490ce655d327097ec3 5691a7da072bc4cb55031a2d7e2c71d4bc054d6a 5d3ff6b489dcee7f67046a49b5d4c15af90e1e1f717bf59cce9e318c627f29b9 Loading...

	meenetiy.com/5/6678850	ScriptElement	76 kB	2024-12-26	2024-12-26
Pretty URL meenetiy.com/5/6678850 IP 139.45.197.119 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-26 23:03 Last Seen2024-12-26 23:03 Times Seen1 Hash e6a41cca03f16b8f46b994a54e52d9c9 c611eb60be2ab7e06402d00c729bfd04921c7268 6d3076a5d9e4482c24ac7da13e93c5d58ec24198f467ce2081f7031a7c50cdee Loading...

	unknown	ScriptElement	170 B	2024-12-26	2024-12-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-26 23:03 Last Seen2024-12-26 23:03 Times Seen1 Hash be20a405939351d4f305b2bce3fcb964 dd74de554599bc44aac0b4731c30dfa068541275 e4756cd027c0aa2c58ccb01bfbcd026587d2036cd7f07545d8c42fdb466406f9 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-06-14
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-14 15:30 Times Seen113662 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	poo.phd/e/5m4670oun9xb	ScriptElement	478 B	2024-09-27	2025-06-12
Pretty URL poo.phd/e/5m4670oun9xb IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-09-27 02:34 Last Seen2025-06-12 21:51 Times Seen126 Hash 22c708960fa4273b7d8305d4f16f8a04 ad35d9708e91a80970874efcf312ddf28557b89f 9ba73aeeb78e328dfd69962014fe1ea785cb4c9c4895706011869d3745f770b5 Loading...

	poo.phd/e/5m4670oun9xb	ScriptElement	153 B	2024-02-17	2025-03-08
Pretty URL poo.phd/e/5m4670oun9xb IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-17 06:52 Last Seen2025-03-08 17:15 Times Seen192 Hash 73a6ebf3b00f83c3c9f8bc653869cfc5 924d36f61b7cb12b229ecb1b64691eb49439480c b651edc3f5e0ab0949d63f224d575452108d29873cad2dd54cb59fa15566bd9f Loading...

HTTP Transactions (58)

URL IP Response Size

poop.skin/e/5m4670oun9xb

172.67.168.206

301 Moved Permanently

167 B

URL User Request GET HTTP/2
poop.skin/e/5m4670oun9xb
IP
172.67.168.206:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectpoop.skin
Fingerprint70:A7:75:6A:91:83:AA:50:3C:01:71:D5:FF:40:19:AC:74:BB:AC:B6
ValidityThu, 19 Dec 2024 13:27:36 GMT - Wed, 19 Mar 2025 14:26:15 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
0104c301c5e02bd6148b8703d19b3a73
7436e0b4b1f8c222c38069890b75fa2baf9ca620
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

HTTP Headers

GET /e/5m4670oun9xb HTTP/1.1
Host: poop.skin
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 26 Dec 2024 23:03:19 GMT
content-type: text/html
content-length: 167
location: https://poo.phd/e/5m4670oun9xb
cache-control: max-age=3600
expires: Fri, 27 Dec 2024 00:03:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lj1NmAmZJ2v5fhtpZF2lhzv3u1TtZvbV5%2BjpafiD9J3N6L23kIM6sFhM6WrDA4NRKbI%2BNkJHckzu7XMZNpxkGei8P11rWzBa1324azoz5TAULuw05E1EQY%2FLO0Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f84b41b6f580b31-OSL
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-RRBBHD087X

142.250.74.168

200 OK

110 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-RRBBHD087X
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintFA:A6:D6:5C:A6:DC:BE:D1:9A:34:42:70:3B:66:13:21:40:A4:C9:E4
ValidityMon, 02 Dec 2024 08:35:56 GMT - Mon, 24 Feb 2025 08:35:55 GMT

File type
JavaScript source, ASCII text, with very long lines (5945)
Size
110 kB (109869 bytes)
Hash
485f4963500f8425697ee130434deb9b
b14d37a845cd06eadef41666c1614c04d5671d01
abf5af8a1b809fb5ae37443357d67b15e7bbc1073443a51c299ac3a4917e575d

HTTP Headers

GET /gtag/js?id=G-RRBBHD087X HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 26 Dec 2024 23:03:20 GMT
expires: Thu, 26 Dec 2024 23:03:20 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
server: Google Tag Manager
content-length: 109869
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

dx4.poopstream.co/X3XKLRGk9.jpg

104.21.58.50

200 OK

12 kB

URL GET HTTP/2
dx4.poopstream.co/X3XKLRGk9.jpg
IP
104.21.58.50:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/watch?v=vve-1aKPqmI
Certificate
IssuerGoogle Trust Services
Subjectdx4.poopstream.co
FingerprintC4:6A:D4:A0:31:31:CD:0A:11:F1:11:D3:8B:8A:CC:C5:1B:9F:28:FC
ValidityThu, 19 Dec 2024 08:02:41 GMT - Wed, 19 Mar 2025 09:02:38 GMT

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc58.134.100", baseline, precision 8, 240x427, components 3
Size
12 kB (11618 bytes)
Hash
ed31ccaf8b692d99403889ee453cbe46
f355831e8840de33ff5bd1cc4492504745b92789
c2c5ee2d342788e2999ad4d3f7e34393e8e21b6ebf1b97f01c6582e5dbaa09c8

HTTP Headers

GET /X3XKLRGk9.jpg HTTP/1.1
Host: dx4.poopstream.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:20 GMT
content-type: image/jpeg
content-length: 11618
etag: "ed31ccaf8b692d99403889ee453cbe46"
last-modified: Sun, 15 Dec 2024 07:53:36 GMT
vary: Accept-Encoding
cache-control: max-age=1200
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6l8wOix0cdTVaEKKP0%2BoIU8Ey9qAt0ajHUmmbWf3Q6%2FyyWqSjb8p%2F0mX4iqCCa%2BtVBpUUSviBLPL3bqtjbbjLG9eu%2BD0wg4lthv8jBpcdxhBjx3VJakdgYBTZU3UQWnFQMiqqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f84b421ed87b4f3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5867&min_rtt=443&rtt_var=10801&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3197&recv_bytes=1073&delivery_rate=7463917&cwnd=254&unsent_bytes=0&cid=7529a7bf6812a090&ts=340&x=0"
X-Firefox-Spdy: h2

ax4.poopstream.co/favicon-16x16.png

172.67.200.123

200 OK

612 B

URL GET HTTP/2
ax4.poopstream.co/favicon-16x16.png
IP
172.67.200.123:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerGoogle Trust Services
Subjectax4.poopstream.co
Fingerprint2A:3B:7A:45:B3:66:2B:58:D6:9D:CD:11:2C:75:63:01:6D:0A:29:47
ValidityThu, 19 Dec 2024 09:08:50 GMT - Wed, 19 Mar 2025 10:08:49 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
612 B (612 bytes)
Hash
ac008ea155d4beee1e93247d7434c77d
f8ea94e94e0cc310202a517a9c445c3d70af564e
283e092dad794fdd9212249389fb2acb6d6846f332413ab2af7bbcced9a4957e

HTTP Headers

GET /favicon-16x16.png HTTP/1.1
Host: ax4.poopstream.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:21 GMT
content-type: image/png
content-length: 612
etag: "ac008ea155d4beee1e93247d7434c77d"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=1200
cf-cache-status: HIT
age: 3983
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2gLyXPYdOkQAcm9resufNzBKOsxUaaZs%2F9GbSXj1xsZJLN%2BLiRp%2F3BTvFlxD9lDV8Z8Pop8h2Ey9Cvm4EsmdndDGSR9SmbI0Y%2FvMx9av2LvTg%2BnGFelTpGscHuE5acYpOxVzAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f84b424a85ab4ed-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1815&min_rtt=472&rtt_var=2669&sent=10&recv=13&lost=0&retrans=0&sent_bytes=4263&recv_bytes=1228&delivery_rate=6776911&cwnd=256&unsent_bytes=0&cid=e30092a82e8a51a0&ts=463&x=0"
X-Firefox-Spdy: h2

ax4.poopstream.co/apple-touch-icon.png

172.67.200.123

200 OK

2.8 kB

URL GET HTTP/2
ax4.poopstream.co/apple-touch-icon.png
IP
172.67.200.123:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerGoogle Trust Services
Subjectax4.poopstream.co
Fingerprint2A:3B:7A:45:B3:66:2B:58:D6:9D:CD:11:2C:75:63:01:6D:0A:29:47
ValidityThu, 19 Dec 2024 09:08:50 GMT - Wed, 19 Mar 2025 10:08:49 GMT

File type
PNG image data, 180 x 180, 8-bit colormap, non-interlaced
Size
2.8 kB (2766 bytes)
Hash
e4acc3f05da8195dfa02a437c8b2dba2
f23df2ed14e5d52417b155ccd11187f3250861dc
8b520e4032a17a3fb0410c6e4c7da29f182ca06861aa2d64db1969927e2db0d4

HTTP Headers

GET /apple-touch-icon.png HTTP/1.1
Host: ax4.poopstream.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:21 GMT
content-type: image/png
content-length: 2766
etag: "e4acc3f05da8195dfa02a437c8b2dba2"
last-modified: Thu, 14 Mar 2024 17:13:01 GMT
vary: Accept-Encoding
cache-control: max-age=1200
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3vtyWc%2BL0kXJ34cw4AdD9S289wPtyyuKnp9uvK4QYcoqFUUVFxJrg5WvNvgFf8TaIt2b%2BWC9lkvqre%2Bj9HxQXGCjIqRLl3yXVpVtZzoFrPe4NRveQgFx5k%2BSBNtYclPi5RIf5w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f84b424a859b4ed-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1844&min_rtt=472&rtt_var=2058&sent=13&recv=14&lost=0&retrans=0&sent_bytes=5461&recv_bytes=1228&delivery_rate=6776911&cwnd=256&unsent_bytes=0&cid=e30092a82e8a51a0&ts=788&x=0"
X-Firefox-Spdy: h2

poo.phd/cdn-cgi/rum?

104.21.16.1

204 No Content

0 B

URL POST HTTP/3
poo.phd/cdn-cgi/rum?
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerGoogle Trust Services
Subjectpoo.phd
FingerprintD6:36:DE:79:30:4A:6D:68:F7:8B:44:4B:F5:6B:48:0A:0F:05:B9:C0
ValidityFri, 20 Dec 2024 16:48:14 GMT - Thu, 20 Mar 2025 17:48:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: poo.phd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1275
Origin: https://poo.phd
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/e/5m4670oun9xb
Cookie: _ga_RRBBHD087X=GS1.1.1735254200.1.0.1735254200.0.0.0; _ga=GA1.1.2065267447.1735254201
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Thu, 26 Dec 2024 23:03:21 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://poo.phd
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 8f84b426b99d56cc-OSL
x-frame-options: DENY

storage.multstorage.com/log/count.html

104.21.30.242

200 OK

894 B

URL GET HTTP/2
storage.multstorage.com/log/count.html
IP
104.21.30.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerGoogle Trust Services
Subjectmultstorage.com
Fingerprint96:2B:62:41:7C:56:AE:E2:BF:91:30:F3:03:0A:B7:E6:EC:70:67:7B
ValidityFri, 08 Nov 2024 05:42:46 GMT - Thu, 06 Feb 2025 05:42:45 GMT

File type
HTML document, ASCII text, with very long lines (700)
Size
894 B (894 bytes)
Hash
b728ca9cd183d1b7c3f72116b19b22a3
c1fd73f6b02cf00b8bc60b09cc99495e8494b739
8a7b1ca4bbf273b32ea865d4785a1944d1b2b133678d9b5fe7ee0406f6fd64b2

HTTP Headers

GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:21 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: c4a8521bf3e4ff8991b634bc97bee5cc
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m6SFuCXLnKRu%2F0XeyPrLoJRKVY%2FvWOPvGHzaa1z8PrsU6%2Bs5IZgxbJplq5KV6XssMI%2F2MAjvKrhaN6OdxLUUd0ItIKMxX0fmTaTWjQEAzrUTmF07s%2FfsRxRunX%2BBhSEMgpctCPUbpXFFnA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f84b4274b4c7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=542&min_rtt=502&rtt_var=109&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3282&recv_bytes=1281&delivery_rate=7180165&cwnd=254&unsent_bytes=0&cid=e88241a144ff76c1&ts=62&x=0"
X-Firefox-Spdy: h2

fp.metricswpsh.com/fp?tag_id=114039

157.90.84.242

204 No Content

0 B

URL OPTIONS HTTP/1.1
fp.metricswpsh.com/fp?tag_id=114039
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintEE:9A:59:DB:A9:CD:73:0A:9C:87:AC:9F:FE:A1:90:AA:A1:7E:F8:D4
ValidityThu, 07 Nov 2024 10:40:28 GMT - Wed, 05 Feb 2025 10:40:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poo.phd/
Origin: https://poo.phd
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Thu, 26 Dec 2024 23:03:21 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://poo.phd
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

fp.metricswpsh.com/fp?tag_id=114039

157.90.84.242

500 Internal Server Error

36 B

URL OPTIONS HTTP/1.1
fp.metricswpsh.com/fp?tag_id=114039
IP
157.90.84.242:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintEE:9A:59:DB:A9:CD:73:0A:9C:87:AC:9F:FE:A1:90:AA:A1:7E:F8:D4
ValidityThu, 07 Nov 2024 10:40:28 GMT - Wed, 05 Feb 2025 10:40:27 GMT

File type
JSON text data
Size
36 B (36 bytes)
Hash
0849660b654e3a313882a44c0e7dc08a
b1493d6ce204eb99837d9b33849d1458093a6e6d
6e73b83ae8fcdaf81421a4236c9f817a9e4ea0fa931bf696f72872b266bd83e6

HTTP Headers

POST /fp?tag_id=114039 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1948
Origin: https://poo.phd
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 500 Internal Server Error
Server: nginx/1.20.1
Date: Thu, 26 Dec 2024 23:03:21 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 36
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://poo.phd
Vary: Origin

static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

104.16.80.73

200 OK

38 kB

URL GET HTTP/2
static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
IP
104.16.80.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerGoogle Trust Services
Subjectcloudflareinsights.com
FingerprintA3:1D:4E:72:41:6A:D8:04:03:98:90:E7:8B:07:8D:A6:88:FE:B6:A3
ValidityFri, 01 Nov 2024 08:16:38 GMT - Thu, 30 Jan 2025 08:16:37 GMT

File type
gzip compressed data, from Unix
Size
38 kB (38391 bytes)
Hash
590c095d501364c2bcd3ed9f23327a88
2f7a529d0e64c3197a56e6b4521eefd1d748e826
209d88b8c8ed954646fe2285b84c6783b7fe8108a594068fe1c328016adba036

HTTP Headers

GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poo.phd
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:20 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.6.1"
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f84b42199f81bfa-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

nereserv.com/in/dip?site=native-push&wl=1&event_id=f19e4fe8-44e2-4648-b5e3-85c51e2e8608&subid=357529620&sid=2189038158&spot_id=418774&created_at=2024-12-26&timezone=0&ver=8.202.1&is_native=1

168.119.25.102

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?site=native-push&wl=1&event_id=f19e4fe8-44e2-4648-b5e3-85c51e2e8608&subid=357529620&sid=2189038158&spot_id=418774&created_at=2024-12-26&timezone=0&ver=8.202.1&is_native=1
IP
168.119.25.102:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintEE:9A:59:DB:A9:CD:73:0A:9C:87:AC:9F:FE:A1:90:AA:A1:7E:F8:D4
ValidityThu, 07 Nov 2024 10:40:28 GMT - Wed, 05 Feb 2025 10:40:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?site=native-push&wl=1&event_id=f19e4fe8-44e2-4648-b5e3-85c51e2e8608&subid=357529620&sid=2189038158&spot_id=418774&created_at=2024-12-26&timezone=0&ver=8.202.1&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poo.phd
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 26 Dec 2024 23:03:21 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

mp4skin.com/embed.css

172.67.154.189

200 OK

741 B

URL GET HTTP/3
mp4skin.com/embed.css
IP
172.67.154.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mp4skin.com/watch?V=qqqRuFM3thI
Certificate
IssuerGoogle Trust Services
Subjectmp4skin.com
FingerprintD8:8E:3D:C3:C6:C0:99:9D:EB:BD:C7:C8:A3:E1:6A:CE:80:58:75:7D
ValiditySun, 22 Dec 2024 09:59:40 GMT - Sat, 22 Mar 2025 10:54:20 GMT

File type
gzip compressed data, from Unix
Size
741 B (741 bytes)
Hash
d134971dea0547419a6d7c8f4e524cfa
da027b59e5c55551b86cfdd11e59a7716f6389ab
24379b3cacd2836b352b7238522548ae58c112730cec5ccf31fe26f195655913

HTTP Headers

GET /embed.css HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/watch?V=qqqRuFM3thI
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 26 Dec 2024 23:03:21 GMT
content-type: text/css
last-modified: Tue, 21 Nov 2023 14:03:56 GMT
vary: Accept-Encoding
etag: W/"655cb8cc-446"
expires: Fri, 27 Dec 2024 02:01:55 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: HIT
age: 32486
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ObaFfBCkTZhSK6eoMH8XsPcgJls55yrclUNPC%2B58l8bDbrHofR9kg9gyo3eyzjI%2FP7aHDeArtjBfaGs3LTQF9gVWst%2BcIbfeQFBWCPLZUXOiZ4Sc%2BWSLXiwflJehfA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f84b4298e43569c-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5561&min_rtt=2373&rtt_var=3055&sent=15&recv=10&lost=0&retrans=0&sent_bytes=5147&recv_bytes=1635&delivery_rate=2439&cwnd=12000&unsent_bytes=0&cid=11e2551b012f8ff4&ts=723&x=1", cfExtPri, cfHdrFlush;dur=0

nereserv.com/in/dip?site=native-push&wl=1&event_id=4b64e877-7e81-473e-a988-ed2a7b65c62e&subid=388464194&sid=949871452&spot_id=418776&created_at=2024-12-26&timezone=0&ver=8.202.1&is_native=1

168.119.25.102

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?site=native-push&wl=1&event_id=4b64e877-7e81-473e-a988-ed2a7b65c62e&subid=388464194&sid=949871452&spot_id=418776&created_at=2024-12-26&timezone=0&ver=8.202.1&is_native=1
IP
168.119.25.102:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintEE:9A:59:DB:A9:CD:73:0A:9C:87:AC:9F:FE:A1:90:AA:A1:7E:F8:D4
ValidityThu, 07 Nov 2024 10:40:28 GMT - Wed, 05 Feb 2025 10:40:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?site=native-push&wl=1&event_id=4b64e877-7e81-473e-a988-ed2a7b65c62e&subid=388464194&sid=949871452&spot_id=418776&created_at=2024-12-26&timezone=0&ver=8.202.1&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poo.phd
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 26 Dec 2024 23:03:22 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

nereserv.com/in/dip?event_id=0585e834-10de-4a1c-8836-abeaab7c2b1e&subid=500843478&spot_id=503362&created_at=2024-12-26&timezone=0&ver=1.158.2

168.119.25.102

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?event_id=0585e834-10de-4a1c-8836-abeaab7c2b1e&subid=500843478&spot_id=503362&created_at=2024-12-26&timezone=0&ver=1.158.2
IP
168.119.25.102:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintEE:9A:59:DB:A9:CD:73:0A:9C:87:AC:9F:FE:A1:90:AA:A1:7E:F8:D4
ValidityThu, 07 Nov 2024 10:40:28 GMT - Wed, 05 Feb 2025 10:40:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?event_id=0585e834-10de-4a1c-8836-abeaab7c2b1e&subid=500843478&spot_id=503362&created_at=2024-12-26&timezone=0&ver=1.158.2 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poo.phd
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 26 Dec 2024 23:03:22 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

683bf625f2.6e6ab61908.com/in/multy

116.202.204.105

204 No Content

0 B

URL POST HTTP/2
683bf625f2.6e6ab61908.com/in/multy
IP
116.202.204.105:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subject6e6ab61908.com
Fingerprint95:2D:CE:2B:C1:DB:C5:A4:DA:34:1D:FF:1B:79:47:E1:78:4F:C8:86
ValiditySun, 22 Dec 2024 14:03:26 GMT - Sat, 22 Mar 2025 14:03:25 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /in/multy HTTP/1.1
Host: 683bf625f2.6e6ab61908.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poo.phd/
Origin: https://poo.phd
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.24.0
date: Thu, 26 Dec 2024 23:03:22 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

683bf625f2.6e6ab61908.com/in/multy

116.202.204.105

204 No Content

0 B

URL POST HTTP/2
683bf625f2.6e6ab61908.com/in/multy
IP
116.202.204.105:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subject6e6ab61908.com
Fingerprint95:2D:CE:2B:C1:DB:C5:A4:DA:34:1D:FF:1B:79:47:E1:78:4F:C8:86
ValiditySun, 22 Dec 2024 14:03:26 GMT - Sat, 22 Mar 2025 14:03:25 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /in/multy HTTP/1.1
Host: 683bf625f2.6e6ab61908.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://poo.phd/
Origin: https://poo.phd
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.24.0
date: Thu, 26 Dec 2024 23:03:22 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

ab56a2a85e.572a8a28b5.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNjM0ODc0MDAzNzk0Mjg3MDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEzNi4wIiwidGFnX2lkIjoxMTQwMzksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4yNiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ==

45.133.44.52

200 OK

0 B

URL GET HTTP/2
ab56a2a85e.572a8a28b5.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNjM0ODc0MDAzNzk0Mjg3MDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEzNi4wIiwidGFnX2lkIjoxMTQwMzksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4yNiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ==
IP
45.133.44.52:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subjectab56a2a85e.572a8a28b5.com
FingerprintC7:94:2D:1D:8C:61:E0:F0:33:60:6D:2F:F5:96:C5:DA:B5:38:0E:A7
ValidityMon, 23 Dec 2024 02:47:59 GMT - Sun, 23 Mar 2025 02:47:58 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNjM0ODc0MDAzNzk0Mjg3MDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjEzNi4wIiwidGFnX2lkIjoxMTQwMzksInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC4yNiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowfQ== HTTP/1.1
Host: ab56a2a85e.572a8a28b5.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poo.phd
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:22 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
x-cdn-host-id: ds8137
X-Firefox-Spdy: h2

meenetiy.com/5/6678850

139.45.197.119

200 OK

36 kB

URL GET HTTP/2
meenetiy.com/5/6678850
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://mp4skin.com/watch?V=qqqRuFM3thI
Certificate
IssuerLet's Encrypt
Subjectmeenetiy.com
Fingerprint94:A2:14:A5:42:BA:42:10:29:6D:F7:11:0E:F4:7A:A7:67:A9:6D:BA
ValidityTue, 24 Dec 2024 05:12:15 GMT - Mon, 24 Mar 2025 05:12:14 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
36 kB (35582 bytes)
Hash
2d2d11101b3d6e129ddeaaff71a81a21
26495ad0f2810cfebd8c31b47d6377ecb7a5f327
bfbb9ba0dceca8c635274527fe94c2f5cba1b2b791910ef64de6a0d9c763b629

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6678850 HTTP/1.1
Host: meenetiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 26 Dec 2024 23:03:21 GMT
content-type: application/javascript
x-trace-id: 0c74e280dc16ab977629470ca6111548
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00813e94674843eee24e13ac04ad9abe; expires=Fri, 26 Dec 2025 23:03:21 GMT; path=/; secure; SameSite=None
oaidts=1735254201; expires=Fri, 26 Dec 2025 23:03:21 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

mp4skin.com/embud/6278396e756f303736346d35

172.67.154.189

200 OK

184 kB

URL GET HTTP/2
mp4skin.com/embud/6278396e756f303736346d35
IP
172.67.154.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerGoogle Trust Services
Subjectmp4skin.com
FingerprintD8:8E:3D:C3:C6:C0:99:9D:EB:BD:C7:C8:A3:E1:6A:CE:80:58:75:7D
ValiditySun, 22 Dec 2024 09:59:40 GMT - Sat, 22 Mar 2025 10:54:20 GMT

File type
HTML document, ASCII text
Size
184 kB (183489 bytes)
Hash
0cad5e41e5c01fddc6c7114023a0a6fb
f4a2ef7699ccaa1930b428cedae0aed673108116
a7c7cfb89534f367a6ec12b91880faaec9155a789555e6c690d51e42ff67476f

HTTP Headers

GET /embud/6278396e756f303736346d35 HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:21 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pYzdftxOG2MlkTNTjXHDMUoRTviT7kFWoLZH4PHRHgK8HHXvBKR71CAtW4ZvGYAF9fsM8yfdP5nzSLn1Hc8FPc3z1OgTlCC6QiuSbwn%2BvEy0SSpaFQcaQ%2FWRYtWKmA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f84b421ed82b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=670&min_rtt=510&rtt_var=316&sent=8&recv=10&lost=0&retrans=0&sent_bytes=3272&recv_bytes=1273&delivery_rate=6950400&cwnd=254&unsent_bytes=0&cid=e22cea757f5b71c3&ts=537&x=0"
X-Firefox-Spdy: h2

meenetiy.com/?rb=TGt8drTBxJJgGLylFuOvXn_QtTbqq-9FYT3mwbU9EXQcL0T5joYmSP0RLFd9hLWHLjOxeF7Ms41JlKDCRO2-EnLi7i914pQZLxvD1IlwSaL9LntU-emf4L_Ivh2xF10iSKTyo1TCJMk8gRck3jPWdqZ2zssuUn8IeLey9xmDi-m_0XL9Bt8v9CRAAAd3OxDAFSNc_F2TxeP04r7DdnHQm0odjELu2JkeKg2KkFm-j4nGJg7rzk8mCneXyGPaXmyjxY071yl2vkVnOHuD&request_ab2=0&zoneid=6678850&js_build=iclick-v1.1028.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fmp4skin.com%2Fwatch%3FV%3DqqqRuFM3thI&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2F6278396e756f303736346d35&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=&js_build=iclick-v1.1028.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=885867d9-b370-4673-a6b9-66f9b5a699b7&wasm=1&userId=00813e94674843eee24e13ac04ad9abe&m=link

139.45.197.119

202 Accepted

0 B

URL GET HTTP/2
meenetiy.com/?rb=TGt8drTBxJJgGLylFuOvXn_QtTbqq-9FYT3mwbU9EXQcL0T5joYmSP0RLFd9hLWHLjOxeF7Ms41JlKDCRO2-EnLi7i914pQZLxvD1IlwSaL9LntU-emf4L_Ivh2xF10iSKTyo1TCJMk8gRck3jPWdqZ2zssuUn8IeLey9xmDi-m_0XL9Bt8v9CRAAAd3OxDAFSNc_F2TxeP04r7DdnHQm0odjELu2JkeKg2KkFm-j4nGJg7rzk8mCneXyGPaXmyjxY071yl2vkVnOHuD&request_ab2=0&zoneid=6678850&js_build=iclick-v1.1028.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fmp4skin.com%2Fwatch%3FV%3DqqqRuFM3thI&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2F6278396e756f303736346d35&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=&js_build=iclick-v1.1028.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=885867d9-b370-4673-a6b9-66f9b5a699b7&wasm=1&userId=00813e94674843eee24e13ac04ad9abe&m=link
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://mp4skin.com/watch?V=qqqRuFM3thI
Certificate
IssuerLet's Encrypt
Subjectmeenetiy.com
Fingerprint94:A2:14:A5:42:BA:42:10:29:6D:F7:11:0E:F4:7A:A7:67:A9:6D:BA
ValidityTue, 24 Dec 2024 05:12:15 GMT - Mon, 24 Mar 2025 05:12:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=TGt8drTBxJJgGLylFuOvXn_QtTbqq-9FYT3mwbU9EXQcL0T5joYmSP0RLFd9hLWHLjOxeF7Ms41JlKDCRO2-EnLi7i914pQZLxvD1IlwSaL9LntU-emf4L_Ivh2xF10iSKTyo1TCJMk8gRck3jPWdqZ2zssuUn8IeLey9xmDi-m_0XL9Bt8v9CRAAAd3OxDAFSNc_F2TxeP04r7DdnHQm0odjELu2JkeKg2KkFm-j4nGJg7rzk8mCneXyGPaXmyjxY071yl2vkVnOHuD&request_ab2=0&zoneid=6678850&js_build=iclick-v1.1028.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fmp4skin.com%2Fwatch%3FV%3DqqqRuFM3thI&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2F6278396e756f303736346d35&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=&js_build=iclick-v1.1028.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=885867d9-b370-4673-a6b9-66f9b5a699b7&wasm=1&userId=00813e94674843eee24e13ac04ad9abe&m=link HTTP/1.1
Host: meenetiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mp4skin.com/
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Cookie: OAID=00813e94674843eee24e13ac04ad9abe; oaidts=1735254201
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 202 Accepted
server: nginx
date: Thu, 26 Dec 2024 23:03:22 GMT
content-length: 0
x-trace-id: ed94e5554e6c5c37d7ceb737e874652b
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://mp4skin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
set-cookie: OAID=00813e94674843eee24e13ac04ad9abe; expires=Fri, 26 Dec 2025 23:03:22 GMT; path=/; secure; SameSite=None
oaidts=1735254202; expires=Fri, 26 Dec 2025 23:03:22 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Thu, 02 Jan 2025 23:03:22 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2

683bf625f2.6e6ab61908.com/in/show/?tag_ab=b&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoo.phd%2Fe%2F5m4670oun9xb&refdom=poo.phd&auction_time=1735254202&subid=357529620&sid=2189038158&tcid=0&ver=8.202.1&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-12-26&iabcat=IAB25-3&keywords=&user_fp=15935199871133172074&score=37.778654605738474&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoo.phd%252Fe%252F5m4670oun9xb%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoo.phd%252Fe%252F5m4670oun9xb%26idzone%3D0%26sid%3D1886&icons=Q1hysDt0SP10XHVFASjGdodrFGrqF01f2WqwNY_NSmFBjEdc4Pq1HS4FOXDUdrE-p4DBP7_TkI2kt7tFj3532orJZ5YiBtixBOsyoBm4nuT-dZqRxTrpK9g7oP6D-HehqKmkDUtf7Sn0I6QYFfM0tOucg10T2TY7tsFRt7mXMa4vfFkKYg&ext_cid=0&px_id=418774&min_cpm=0.0045017923115978145&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=2342540283984470596&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0011060903786874047&cpm=0&verify_hash=9e9bf4ac2e6d6d57a1a4a4fff85ed182&is_native=4&real_bid=0.0001490666824414707&original_bid_usd=0.000606702&original_bid=0.000606702&show_type=0&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=108,0,114,27,150,20,4&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.000606702&hostname=auc-inpage-hz-10-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000000606702&ext_campaign_id_str=&is_webview=0&client_price=0&direct_client_price=0&priority=0&client_payment_model=&is_in_app=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=e6c53bd6-2e9f-440b-9613-66b1681dc943&prev_step_diff=507

116.202.204.105

200 OK

0 B

URL GET HTTP/2
683bf625f2.6e6ab61908.com/in/show/?tag_ab=b&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoo.phd%2Fe%2F5m4670oun9xb&refdom=poo.phd&auction_time=1735254202&subid=357529620&sid=2189038158&tcid=0&ver=8.202.1&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-12-26&iabcat=IAB25-3&keywords=&user_fp=15935199871133172074&score=37.778654605738474&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoo.phd%252Fe%252F5m4670oun9xb%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoo.phd%252Fe%252F5m4670oun9xb%26idzone%3D0%26sid%3D1886&icons=Q1hysDt0SP10XHVFASjGdodrFGrqF01f2WqwNY_NSmFBjEdc4Pq1HS4FOXDUdrE-p4DBP7_TkI2kt7tFj3532orJZ5YiBtixBOsyoBm4nuT-dZqRxTrpK9g7oP6D-HehqKmkDUtf7Sn0I6QYFfM0tOucg10T2TY7tsFRt7mXMa4vfFkKYg&ext_cid=0&px_id=418774&min_cpm=0.0045017923115978145&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=2342540283984470596&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0011060903786874047&cpm=0&verify_hash=9e9bf4ac2e6d6d57a1a4a4fff85ed182&is_native=4&real_bid=0.0001490666824414707&original_bid_usd=0.000606702&original_bid=0.000606702&show_type=0&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=108,0,114,27,150,20,4&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.000606702&hostname=auc-inpage-hz-10-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000000606702&ext_campaign_id_str=&is_webview=0&client_price=0&direct_client_price=0&priority=0&client_payment_model=&is_in_app=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=e6c53bd6-2e9f-440b-9613-66b1681dc943&prev_step_diff=507
IP
116.202.204.105:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subject6e6ab61908.com
Fingerprint95:2D:CE:2B:C1:DB:C5:A4:DA:34:1D:FF:1B:79:47:E1:78:4F:C8:86
ValiditySun, 22 Dec 2024 14:03:26 GMT - Sat, 22 Mar 2025 14:03:25 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/show/?tag_ab=b&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoo.phd%2Fe%2F5m4670oun9xb&refdom=poo.phd&auction_time=1735254202&subid=357529620&sid=2189038158&tcid=0&ver=8.202.1&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-12-26&iabcat=IAB25-3&keywords=&user_fp=15935199871133172074&score=37.778654605738474&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoo.phd%252Fe%252F5m4670oun9xb%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoo.phd%252Fe%252F5m4670oun9xb%26idzone%3D0%26sid%3D1886&icons=Q1hysDt0SP10XHVFASjGdodrFGrqF01f2WqwNY_NSmFBjEdc4Pq1HS4FOXDUdrE-p4DBP7_TkI2kt7tFj3532orJZ5YiBtixBOsyoBm4nuT-dZqRxTrpK9g7oP6D-HehqKmkDUtf7Sn0I6QYFfM0tOucg10T2TY7tsFRt7mXMa4vfFkKYg&ext_cid=0&px_id=418774&min_cpm=0.0045017923115978145&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=2342540283984470596&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.0011060903786874047&cpm=0&verify_hash=9e9bf4ac2e6d6d57a1a4a4fff85ed182&is_native=4&real_bid=0.0001490666824414707&original_bid_usd=0.000606702&original_bid=0.000606702&show_type=0&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=108,0,114,27,150,20,4&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.000606702&hostname=auc-inpage-hz-10-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000000606702&ext_campaign_id_str=&is_webview=0&client_price=0&direct_client_price=0&priority=0&client_payment_model=&is_in_app=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&mlc=1&st=0.02&cpa=e6c53bd6-2e9f-440b-9613-66b1681dc943&prev_step_diff=507 HTTP/1.1
Host: 683bf625f2.6e6ab61908.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Thu, 26 Dec 2024 23:03:22 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

683bf625f2.6e6ab61908.com/in/show/?tag_ab=b&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoo.phd%2Fe%2F5m4670oun9xb&refdom=poo.phd&auction_time=1735254202&subid=357529620&sid=2189038158&tcid=0&ver=8.202.1&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-12-26&iabcat=IAB25-3&keywords=&user_fp=15935199871133172074&score=37.778654605738474&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoo.phd%252Fe%252F5m4670oun9xb%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoo.phd%252Fe%252F5m4670oun9xb%26idzone%3D0%26sid%3D1886&icons=7VPSCyTlJij_0HJ33RRgHWycIBy6CdW8xAmQW3BmcIg_Dg6ATQMS2RyPCuEoAaCHLVk_XjkRP110BCuUGd1dpaa474Mo0Zv5BiLZTu7xSyD3LO59UXLk_ySYsAEPgaARhpn4j_Xy-neUaFuxD1nnfHwJUp87MdgzxibsU3e30dbO3FIsDQ&ext_cid=0&px_id=418774&min_cpm=0.018481931625144776&out_id=0&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=2342540283984470596&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.00454101063202434&cpm=0&verify_hash=b3821adce1b4a408ccbc7727471c0e64&is_native=4&real_bid=0.0001490666824414707&original_bid_usd=0.000606702&original_bid=0.000606702&show_type=0&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,27,150,20,108,4,0&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.000606702&hostname=auc-inpage-hz-10-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000000606702&ext_campaign_id_str=&is_webview=0&client_price=0&direct_client_price=0&priority=0&client_payment_model=&is_in_app=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&st=0.02&cpa=6fcd5887-6690-4e14-9840-c094a33b18b5&prev_step_diff=507

116.202.204.105

200 OK

0 B

URL GET HTTP/2
683bf625f2.6e6ab61908.com/in/show/?tag_ab=b&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoo.phd%2Fe%2F5m4670oun9xb&refdom=poo.phd&auction_time=1735254202&subid=357529620&sid=2189038158&tcid=0&ver=8.202.1&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-12-26&iabcat=IAB25-3&keywords=&user_fp=15935199871133172074&score=37.778654605738474&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoo.phd%252Fe%252F5m4670oun9xb%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoo.phd%252Fe%252F5m4670oun9xb%26idzone%3D0%26sid%3D1886&icons=7VPSCyTlJij_0HJ33RRgHWycIBy6CdW8xAmQW3BmcIg_Dg6ATQMS2RyPCuEoAaCHLVk_XjkRP110BCuUGd1dpaa474Mo0Zv5BiLZTu7xSyD3LO59UXLk_ySYsAEPgaARhpn4j_Xy-neUaFuxD1nnfHwJUp87MdgzxibsU3e30dbO3FIsDQ&ext_cid=0&px_id=418774&min_cpm=0.018481931625144776&out_id=0&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=2342540283984470596&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.00454101063202434&cpm=0&verify_hash=b3821adce1b4a408ccbc7727471c0e64&is_native=4&real_bid=0.0001490666824414707&original_bid_usd=0.000606702&original_bid=0.000606702&show_type=0&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,27,150,20,108,4,0&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.000606702&hostname=auc-inpage-hz-10-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000000606702&ext_campaign_id_str=&is_webview=0&client_price=0&direct_client_price=0&priority=0&client_payment_model=&is_in_app=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&st=0.02&cpa=6fcd5887-6690-4e14-9840-c094a33b18b5&prev_step_diff=507
IP
116.202.204.105:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subject6e6ab61908.com
Fingerprint95:2D:CE:2B:C1:DB:C5:A4:DA:34:1D:FF:1B:79:47:E1:78:4F:C8:86
ValiditySun, 22 Dec 2024 14:03:26 GMT - Sat, 22 Mar 2025 14:03:25 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/show/?tag_ab=b&site_id=31418774&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=mq&pr=&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoo.phd%2Fe%2F5m4670oun9xb&refdom=poo.phd&auction_time=1735254202&subid=357529620&sid=2189038158&tcid=0&ver=8.202.1&ver_c=&spot_id=418774&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-12-26&iabcat=IAB25-3&keywords=&user_fp=15935199871133172074&score=37.778654605738474&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoo.phd%252Fe%252F5m4670oun9xb%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoo.phd%252Fe%252F5m4670oun9xb%26idzone%3D0%26sid%3D1886&icons=7VPSCyTlJij_0HJ33RRgHWycIBy6CdW8xAmQW3BmcIg_Dg6ATQMS2RyPCuEoAaCHLVk_XjkRP110BCuUGd1dpaa474Mo0Zv5BiLZTu7xSyD3LO59UXLk_ySYsAEPgaARhpn4j_Xy-neUaFuxD1nnfHwJUp87MdgzxibsU3e30dbO3FIsDQ&ext_cid=0&px_id=418774&min_cpm=0.018481931625144776&out_id=0&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=2342540283984470596&skin_id=71&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.00454101063202434&cpm=0&verify_hash=b3821adce1b4a408ccbc7727471c0e64&is_native=4&real_bid=0.0001490666824414707&original_bid_usd=0.000606702&original_bid=0.000606702&show_type=0&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,27,150,20,108,4,0&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.000606702&hostname=auc-inpage-hz-10-b&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.000000606702&ext_campaign_id_str=&is_webview=0&client_price=0&direct_client_price=0&priority=0&client_payment_model=&is_in_app=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=gamblingBlueMessage-view-t_r-body&mlf=1&st=0.02&cpa=6fcd5887-6690-4e14-9840-c094a33b18b5&prev_step_diff=507 HTTP/1.1
Host: 683bf625f2.6e6ab61908.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Thu, 26 Dec 2024 23:03:22 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

683bf625f2.6e6ab61908.com/in/multy

116.202.204.105

200 OK

4.8 kB

URL POST HTTP/2
683bf625f2.6e6ab61908.com/in/multy
IP
116.202.204.105:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subject6e6ab61908.com
Fingerprint95:2D:CE:2B:C1:DB:C5:A4:DA:34:1D:FF:1B:79:47:E1:78:4F:C8:86
ValiditySun, 22 Dec 2024 14:03:26 GMT - Sat, 22 Mar 2025 14:03:25 GMT

File type
JSON text data
Size
4.8 kB (4828 bytes)
Hash
156ee5162bc34c18b658ea4eb315dfa1
a23ddf9673d1f75a6a852adb174731e9211f3d11
2d83b678980e174c37d03ea8cd1b69453285aadb0a1c3450d73784ccb69336a3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /in/multy HTTP/1.1
Host: 683bf625f2.6e6ab61908.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1738
Origin: https://poo.phd
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Thu, 26 Dec 2024 23:03:22 GMT
content-type: application/json
content-length: 4828
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

173.194.220.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
173.194.220.84:443
ASN
#15169 GOOGLE

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerGoogle Trust Services
Subjectaccounts.google.com
Fingerprint69:38:7E:29:3C:FF:37:1E:96:50:B5:FA:A1:F2:98:30:3B:BE:E6:8D
ValidityMon, 02 Dec 2024 08:37:47 GMT - Mon, 24 Feb 2025 08:37:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:zXF6qL0sCEtO3ac2-DEKCvu0jHFamw:jHvYjObuQDKMwRaT; Expires=Sat, 26-Dec-2026 23:03:22 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 26 Dec 2024 23:03:22 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AeZLP98oJrEPl7vuSP135yE_yUtu-V27rufa_JFTnNQYySWd-BpuyW-hxxmirPhSPXoQRaq_TjNobg
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: unsafe-none
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-G7zBcBTpPtGEZUsliF2sqQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp

45.133.44.24

200 OK

486 B

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
Fingerprint6B:98:BE:D7:28:05:BB:C1:1E:1B:28:3A:0F:F9:79:86:2D:94:63:BF
ValiditySun, 01 Dec 2024 03:02:39 GMT - Sat, 01 Mar 2025 03:02:38 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
486 B (486 bytes)
Hash
ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:22 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 31 May 2024 10:56:43 GMT
etag: "6659aceb-1e6"
expires: Fri, 26 Dec 2025 23:03:22 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
x-cdn-host-id: ds5058
accept-ranges: bytes
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp

45.133.44.24

200 OK

486 B

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
Fingerprint6B:98:BE:D7:28:05:BB:C1:1E:1B:28:3A:0F:F9:79:86:2D:94:63:BF
ValiditySun, 01 Dec 2024 03:02:39 GMT - Sat, 01 Mar 2025 03:02:38 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
486 B (486 bytes)
Hash
ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:22 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 31 May 2024 10:56:43 GMT
etag: "6659aceb-1e6"
expires: Fri, 26 Dec 2025 23:03:22 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
x-cdn-host-id: ds5058
accept-ranges: bytes
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp

45.133.44.24

200 OK

1.1 kB

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
Fingerprint6B:98:BE:D7:28:05:BB:C1:1E:1B:28:3A:0F:F9:79:86:2D:94:63:BF
ValiditySun, 01 Dec 2024 03:02:39 GMT - Sat, 01 Mar 2025 03:02:38 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.1 kB (1066 bytes)
Hash
2a11e13b2bd67bb9a6cb347d7c73df13
b85460a33f9b229f42c08a6a94ae433a4d5c32ab
1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:22 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 31 May 2024 10:56:43 GMT
etag: "6659aceb-42a"
expires: Fri, 26 Dec 2025 23:03:22 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
x-cdn-host-id: ds5058
accept-ranges: bytes
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp

45.133.44.24

200 OK

1.1 kB

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
Fingerprint6B:98:BE:D7:28:05:BB:C1:1E:1B:28:3A:0F:F9:79:86:2D:94:63:BF
ValiditySun, 01 Dec 2024 03:02:39 GMT - Sat, 01 Mar 2025 03:02:38 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.1 kB (1066 bytes)
Hash
2a11e13b2bd67bb9a6cb347d7c73df13
b85460a33f9b229f42c08a6a94ae433a4d5c32ab
1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:22 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 31 May 2024 10:56:43 GMT
etag: "6659aceb-42a"
expires: Fri, 26 Dec 2025 23:03:22 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
x-cdn-host-id: ds5058
accept-ranges: bytes
X-Firefox-Spdy: h2

116.202.204.105

200 OK

0 B

URL GET HTTP/2
683bf625f2.6e6ab61908.com/in/show/?tag_ab=b&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=shq&pr=&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoo.phd%2Fe%2F5m4670oun9xb&refdom=poo.phd&auction_time=1735254202&subid=388464194&sid=949871452&tcid=0&ver=8.202.1&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-12-26&iabcat=IAB25-3&keywords=&user_fp=15935199871133172074&score=38.03003192707105&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoo.phd%252Fe%252F5m4670oun9xb%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoo.phd%252Fe%252F5m4670oun9xb%26idzone%3D0%26sid%3D1886&icons=kvYG3VqAcewx12OfqOvAhUG2f7jOwhnBoNP3LIuz2hcKmW-eaHEvtoYi5K8BrKKh59-57-v4j0mDJyXfy9l9MuYZBW7WRt66rO-9gUZq2CIBw3CD1qIyjSUqrBj7YLqKiQL6f8Pg4xPeJzC0fm90EEVomY3BYwGtwO_dssC_OXOGwD-tyw&ext_cid=0&px_id=418776&min_cpm=0.02436327725138179&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=4747963503605939686&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.005986057262486751&cpm=0&verify_hash=4325981f010221beb6d4280c10718056&is_native=4&real_bid=0.000150122455348847&original_bid_usd=0.000610999&original_bid=0.000610999&show_type=0&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=150,4,108,0,114,20,27&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.000610999&hostname=auc-inpage-hz-7-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000006109989999999999&ext_campaign_id_str=&is_webview=0&client_price=0&direct_client_price=0&priority=0&client_payment_model=&is_in_app=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=6aa0e619-620c-4c67-96df-3f9cb06c9b7d&prev_step_diff=665
IP
116.202.204.105:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subject6e6ab61908.com
Fingerprint95:2D:CE:2B:C1:DB:C5:A4:DA:34:1D:FF:1B:79:47:E1:78:4F:C8:86
ValiditySun, 22 Dec 2024 14:03:26 GMT - Sat, 22 Mar 2025 14:03:25 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/show/?tag_ab=b&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=shq&pr=&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoo.phd%2Fe%2F5m4670oun9xb&refdom=poo.phd&auction_time=1735254202&subid=388464194&sid=949871452&tcid=0&ver=8.202.1&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-12-26&iabcat=IAB25-3&keywords=&user_fp=15935199871133172074&score=38.03003192707105&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoo.phd%252Fe%252F5m4670oun9xb%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=b0681ff5c1739e7f8bdbb8527f77d810&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoo.phd%252Fe%252F5m4670oun9xb%26idzone%3D0%26sid%3D1886&icons=kvYG3VqAcewx12OfqOvAhUG2f7jOwhnBoNP3LIuz2hcKmW-eaHEvtoYi5K8BrKKh59-57-v4j0mDJyXfy9l9MuYZBW7WRt66rO-9gUZq2CIBw3CD1qIyjSUqrBj7YLqKiQL6f8Pg4xPeJzC0fm90EEVomY3BYwGtwO_dssC_OXOGwD-tyw&ext_cid=0&px_id=418776&min_cpm=0.02436327725138179&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=4747963503605939686&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.005986057262486751&cpm=0&verify_hash=4325981f010221beb6d4280c10718056&is_native=4&real_bid=0.000150122455348847&original_bid_usd=0.000610999&original_bid=0.000610999&show_type=0&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=150,4,108,0,114,20,27&need_redirect_show=0&applied_features=main-skins-settings,prod&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp&site=native-push-adult&price=0.000610999&hostname=auc-inpage-hz-7-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000006109989999999999&ext_campaign_id_str=&is_webview=0&client_price=0&direct_client_price=0&priority=0&client_payment_model=&is_in_app=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&mlf=1&mlc=1&st=0.02&cpa=6aa0e619-620c-4c67-96df-3f9cb06c9b7d&prev_step_diff=665 HTTP/1.1
Host: 683bf625f2.6e6ab61908.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Thu, 26 Dec 2024 23:03:22 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

683bf625f2.6e6ab61908.com/in/show/?tag_ab=b&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=shq&pr=&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoo.phd%2Fe%2F5m4670oun9xb&refdom=poo.phd&auction_time=1735254202&subid=388464194&sid=949871452&tcid=0&ver=8.202.1&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-12-26&iabcat=IAB25-3&keywords=&user_fp=15935199871133172074&score=38.03003192707105&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoo.phd%252Fe%252F5m4670oun9xb%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=623611_91332056&crtid=9961f9e3e56cff28a9381fe334325f58&url=https%3A%2F%2Fs.optvz.com%2Fclick.php%3Fd%3DH4sIAAAAAAAAA02Q22rDMAyGX6U3uZyxDj5dDkZvBivsDWwnIaaHhDbbOtDDz8lCN36Dvl.yhBAFMMF60QplmOfp1tBzg_v6YntT8zX2fcnDx2VWeTyv2ftTW65PbeVTuRwb2sfSNvQCOmj2Dhq0lzVBlcp5WkqVvrY4bPEGFayIMwzeOSvgyKBh1Cjn71RaVUYJoIJWjAoMV0OE2lgxbL1HFqO9CIOQgBFdJVAlgUNdgw0KGmKWvuuyCz5HMH3qkcAGhkQmeWxttLr2aJnGUU1Du47Rsqt2V.1O1uIiAiZkfBCLVEYtW30RPsivfSJ1S1yyv.7t8P7v95.IHwjbmOucVHcf86nk43J5.QQnh1dxlDjnrk9dDBq65Hy9XuyD92BjyvQDL3Hp3M8BAAA-&icons=5uXuO3Gt8s0FX70O172EcoO4astqgaQoDsJb5X4nnBvUmsmQhqrmvUmSuWv3c4hpNDjJFE5YAt4TMEGwXVdmtv0LWB68_eNPHrhai0g28oElygzMtxX9V3MJwe2_K5Esld568eNXeq4kZyZtEOv3vMyjC-OXDWtUwCtLikkPCcZeaadIvNGwGsnw4ph_b1E-gfryG6pQpTPtJzf44K11_ahYPZG8P9r1JqgQg-9I7vZ9TlUTS1_Anyj-IcMUoZuOLgAjfbh3lEl4ir5Lmx-eshCgK2UmOonHfjY1oA2XNiN3VXpcWGMNXMQQqrau1VHnDxnLpCi-dG2k6-dPJnctqvdBAQcfW4xr5IJZREjj6F7Jg0DgSy0sXeN-uj6cSg2P5tchhBGHrNz_uGXUNIqkDH2DzZFBhHpDKtOjLLVuh9TBEym-XMcAUOu4-8pDRA3VQ4W3ulemDG8BxpAs9Yafmf9ZNq4OuQPuXgjIPeLMAgig_-iBRR97CVae2Ao7v6zZwSIyASCx7eqGIjcf-5m9O9BO-_AcyqcTdQgYdWMx4nWBf-mNdPXDJt3IojkWtp8GLJIPGBjt-QICvLkHfU-BPDA8cN4J81L2Mbk9wW4LJQ5z1B2hsHO-pxeWimb-RYaZnx15NEzulQipbq_an380Xzi671-xsADi6olxsArX0FW9NBAbqalaMs9ONYr1PV1FGkSq9bxKsiQ8ikYQ-0li2pKSILOs9t6x2CWxL0_8obXxG6RbvhoEGmCb21Glp809SFEbp5_ra8vFAf--Dkqvf2Yc4T4VMuydTrwJabKnWHZKqTHz1lM1pSfNRV3ezZqJsBW5JOiXtGgfKqbLzaPfjWxc3cSRyhx5fVWrt_T7hUMKGnm40DmwbhJgoZ0PCHpqhRU3JgmzvOoDqhoZmuCvjMYYYMRjtTRMuDtJfZJ9L_T0ZOY0SiTlBtXwMiSasHzetbViA1xicLhUYR71xjD8T2Gwz-upJBPjDfJADwVH8Xcobyo87iqQLjTg0YXw4q6UTGxM7iISUqyQrvafmY5SEzo_bpeN3bvRofYZgX2vNTy0Wuk9_JgvAu8jh4AyTVeQJhKP7ZgtlKb4MuQARNy_K1pLFOXH0EyCUBwBrpfK521kiDX3shWkwj3E&ext_cid=3915968&px_id=75418776&min_cpm=0.00028696799017305537&out_id=0&campaign_type=shq&aid=120&cid=19408&uniq=7ac0506d747c368270884125ad38d51737b0b218630c1a240a0f27679d2f8a6f&mid=4747963503605939686&skin_id=2&vertical_id=4&skin_test=0&from_cache=0&ecpm=0.001496250003576285&cpm=0.0015&verify_hash=6510ecc275d0a996a7050179bb38e937&is_native=1&real_bid=0.001496250003576285&original_bid_usd=0.0015&original_bid=0.0015&show_type=0&exp=120&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=90,98,70,4,69&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1735340602&image_url=https%3A%2F%2Fs3t3d2y8.afcdn.net%2Flibrary%2F623611%2Fc7d2d5d099f922e99df1bc2a94e6aaa062057dcb.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-7-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=3915968&is_webview=0&client_price=0&direct_client_price=0&priority=0&client_payment_model=&is_in_app=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.02&cpa=4e4272cb-dd78-48e2-a874-358a2aedcb52&prev_step_diff=664

116.202.204.105

200 OK

0 B

URL GET HTTP/2
683bf625f2.6e6ab61908.com/in/show/?tag_ab=b&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=shq&pr=&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoo.phd%2Fe%2F5m4670oun9xb&refdom=poo.phd&auction_time=1735254202&subid=388464194&sid=949871452&tcid=0&ver=8.202.1&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-12-26&iabcat=IAB25-3&keywords=&user_fp=15935199871133172074&score=38.03003192707105&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoo.phd%252Fe%252F5m4670oun9xb%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=623611_91332056&crtid=9961f9e3e56cff28a9381fe334325f58&url=https%3A%2F%2Fs.optvz.com%2Fclick.php%3Fd%3DH4sIAAAAAAAAA02Q22rDMAyGX6U3uZyxDj5dDkZvBivsDWwnIaaHhDbbOtDDz8lCN36Dvl.yhBAFMMF60QplmOfp1tBzg_v6YntT8zX2fcnDx2VWeTyv2ftTW65PbeVTuRwb2sfSNvQCOmj2Dhq0lzVBlcp5WkqVvrY4bPEGFayIMwzeOSvgyKBh1Cjn71RaVUYJoIJWjAoMV0OE2lgxbL1HFqO9CIOQgBFdJVAlgUNdgw0KGmKWvuuyCz5HMH3qkcAGhkQmeWxttLr2aJnGUU1Du47Rsqt2V.1O1uIiAiZkfBCLVEYtW30RPsivfSJ1S1yyv.7t8P7v95.IHwjbmOucVHcf86nk43J5.QQnh1dxlDjnrk9dDBq65Hy9XuyD92BjyvQDL3Hp3M8BAAA-&icons=5uXuO3Gt8s0FX70O172EcoO4astqgaQoDsJb5X4nnBvUmsmQhqrmvUmSuWv3c4hpNDjJFE5YAt4TMEGwXVdmtv0LWB68_eNPHrhai0g28oElygzMtxX9V3MJwe2_K5Esld568eNXeq4kZyZtEOv3vMyjC-OXDWtUwCtLikkPCcZeaadIvNGwGsnw4ph_b1E-gfryG6pQpTPtJzf44K11_ahYPZG8P9r1JqgQg-9I7vZ9TlUTS1_Anyj-IcMUoZuOLgAjfbh3lEl4ir5Lmx-eshCgK2UmOonHfjY1oA2XNiN3VXpcWGMNXMQQqrau1VHnDxnLpCi-dG2k6-dPJnctqvdBAQcfW4xr5IJZREjj6F7Jg0DgSy0sXeN-uj6cSg2P5tchhBGHrNz_uGXUNIqkDH2DzZFBhHpDKtOjLLVuh9TBEym-XMcAUOu4-8pDRA3VQ4W3ulemDG8BxpAs9Yafmf9ZNq4OuQPuXgjIPeLMAgig_-iBRR97CVae2Ao7v6zZwSIyASCx7eqGIjcf-5m9O9BO-_AcyqcTdQgYdWMx4nWBf-mNdPXDJt3IojkWtp8GLJIPGBjt-QICvLkHfU-BPDA8cN4J81L2Mbk9wW4LJQ5z1B2hsHO-pxeWimb-RYaZnx15NEzulQipbq_an380Xzi671-xsADi6olxsArX0FW9NBAbqalaMs9ONYr1PV1FGkSq9bxKsiQ8ikYQ-0li2pKSILOs9t6x2CWxL0_8obXxG6RbvhoEGmCb21Glp809SFEbp5_ra8vFAf--Dkqvf2Yc4T4VMuydTrwJabKnWHZKqTHz1lM1pSfNRV3ezZqJsBW5JOiXtGgfKqbLzaPfjWxc3cSRyhx5fVWrt_T7hUMKGnm40DmwbhJgoZ0PCHpqhRU3JgmzvOoDqhoZmuCvjMYYYMRjtTRMuDtJfZJ9L_T0ZOY0SiTlBtXwMiSasHzetbViA1xicLhUYR71xjD8T2Gwz-upJBPjDfJADwVH8Xcobyo87iqQLjTg0YXw4q6UTGxM7iISUqyQrvafmY5SEzo_bpeN3bvRofYZgX2vNTy0Wuk9_JgvAu8jh4AyTVeQJhKP7ZgtlKb4MuQARNy_K1pLFOXH0EyCUBwBrpfK521kiDX3shWkwj3E&ext_cid=3915968&px_id=75418776&min_cpm=0.00028696799017305537&out_id=0&campaign_type=shq&aid=120&cid=19408&uniq=7ac0506d747c368270884125ad38d51737b0b218630c1a240a0f27679d2f8a6f&mid=4747963503605939686&skin_id=2&vertical_id=4&skin_test=0&from_cache=0&ecpm=0.001496250003576285&cpm=0.0015&verify_hash=6510ecc275d0a996a7050179bb38e937&is_native=1&real_bid=0.001496250003576285&original_bid_usd=0.0015&original_bid=0.0015&show_type=0&exp=120&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=90,98,70,4,69&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1735340602&image_url=https%3A%2F%2Fs3t3d2y8.afcdn.net%2Flibrary%2F623611%2Fc7d2d5d099f922e99df1bc2a94e6aaa062057dcb.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-7-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=3915968&is_webview=0&client_price=0&direct_client_price=0&priority=0&client_payment_model=&is_in_app=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.02&cpa=4e4272cb-dd78-48e2-a874-358a2aedcb52&prev_step_diff=664
IP
116.202.204.105:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subject6e6ab61908.com
Fingerprint95:2D:CE:2B:C1:DB:C5:A4:DA:34:1D:FF:1B:79:47:E1:78:4F:C8:86
ValiditySun, 22 Dec 2024 14:03:26 GMT - Sat, 22 Mar 2025 14:03:25 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /in/show/?tag_ab=b&site_id=31418776&adblock=0&testab=1&auction_host=apply&mm=0&yc=0&render_type=shq&pr=&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=all,dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fpoo.phd%2Fe%2F5m4670oun9xb&refdom=poo.phd&auction_time=1735254202&subid=388464194&sid=949871452&tcid=0&ver=8.202.1&ver_c=&spot_id=418776&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2024-12-26&iabcat=IAB25-3&keywords=&user_fp=15935199871133172074&score=38.03003192707105&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fpoo.phd%252Fe%252F5m4670oun9xb%26idzone%3D0%26sid%3D1886&is_cpm=1&resp_type=&crid=623611_91332056&crtid=9961f9e3e56cff28a9381fe334325f58&url=https%3A%2F%2Fs.optvz.com%2Fclick.php%3Fd%3DH4sIAAAAAAAAA02Q22rDMAyGX6U3uZyxDj5dDkZvBivsDWwnIaaHhDbbOtDDz8lCN36Dvl.yhBAFMMF60QplmOfp1tBzg_v6YntT8zX2fcnDx2VWeTyv2ftTW65PbeVTuRwb2sfSNvQCOmj2Dhq0lzVBlcp5WkqVvrY4bPEGFayIMwzeOSvgyKBh1Cjn71RaVUYJoIJWjAoMV0OE2lgxbL1HFqO9CIOQgBFdJVAlgUNdgw0KGmKWvuuyCz5HMH3qkcAGhkQmeWxttLr2aJnGUU1Du47Rsqt2V.1O1uIiAiZkfBCLVEYtW30RPsivfSJ1S1yyv.7t8P7v95.IHwjbmOucVHcf86nk43J5.QQnh1dxlDjnrk9dDBq65Hy9XuyD92BjyvQDL3Hp3M8BAAA-&icons=5uXuO3Gt8s0FX70O172EcoO4astqgaQoDsJb5X4nnBvUmsmQhqrmvUmSuWv3c4hpNDjJFE5YAt4TMEGwXVdmtv0LWB68_eNPHrhai0g28oElygzMtxX9V3MJwe2_K5Esld568eNXeq4kZyZtEOv3vMyjC-OXDWtUwCtLikkPCcZeaadIvNGwGsnw4ph_b1E-gfryG6pQpTPtJzf44K11_ahYPZG8P9r1JqgQg-9I7vZ9TlUTS1_Anyj-IcMUoZuOLgAjfbh3lEl4ir5Lmx-eshCgK2UmOonHfjY1oA2XNiN3VXpcWGMNXMQQqrau1VHnDxnLpCi-dG2k6-dPJnctqvdBAQcfW4xr5IJZREjj6F7Jg0DgSy0sXeN-uj6cSg2P5tchhBGHrNz_uGXUNIqkDH2DzZFBhHpDKtOjLLVuh9TBEym-XMcAUOu4-8pDRA3VQ4W3ulemDG8BxpAs9Yafmf9ZNq4OuQPuXgjIPeLMAgig_-iBRR97CVae2Ao7v6zZwSIyASCx7eqGIjcf-5m9O9BO-_AcyqcTdQgYdWMx4nWBf-mNdPXDJt3IojkWtp8GLJIPGBjt-QICvLkHfU-BPDA8cN4J81L2Mbk9wW4LJQ5z1B2hsHO-pxeWimb-RYaZnx15NEzulQipbq_an380Xzi671-xsADi6olxsArX0FW9NBAbqalaMs9ONYr1PV1FGkSq9bxKsiQ8ikYQ-0li2pKSILOs9t6x2CWxL0_8obXxG6RbvhoEGmCb21Glp809SFEbp5_ra8vFAf--Dkqvf2Yc4T4VMuydTrwJabKnWHZKqTHz1lM1pSfNRV3ezZqJsBW5JOiXtGgfKqbLzaPfjWxc3cSRyhx5fVWrt_T7hUMKGnm40DmwbhJgoZ0PCHpqhRU3JgmzvOoDqhoZmuCvjMYYYMRjtTRMuDtJfZJ9L_T0ZOY0SiTlBtXwMiSasHzetbViA1xicLhUYR71xjD8T2Gwz-upJBPjDfJADwVH8Xcobyo87iqQLjTg0YXw4q6UTGxM7iISUqyQrvafmY5SEzo_bpeN3bvRofYZgX2vNTy0Wuk9_JgvAu8jh4AyTVeQJhKP7ZgtlKb4MuQARNy_K1pLFOXH0EyCUBwBrpfK521kiDX3shWkwj3E&ext_cid=3915968&px_id=75418776&min_cpm=0.00028696799017305537&out_id=0&campaign_type=shq&aid=120&cid=19408&uniq=7ac0506d747c368270884125ad38d51737b0b218630c1a240a0f27679d2f8a6f&mid=4747963503605939686&skin_id=2&vertical_id=4&skin_test=0&from_cache=0&ecpm=0.001496250003576285&cpm=0.0015&verify_hash=6510ecc275d0a996a7050179bb38e937&is_native=1&real_bid=0.001496250003576285&original_bid_usd=0.0015&original_bid=0.0015&show_type=0&exp=120&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28X11%3B%20Linux%20x86_64%3B%20rv%3A96.0%29%20Gecko%2F20100101%20Firefox%2F96.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=90,98,70,4,69&need_redirect_show=0&applied_features=prod,main-skins-settings&show_count=1&expiration_timestamp=1735340602&image_url=https%3A%2F%2Fs3t3d2y8.afcdn.net%2Flibrary%2F623611%2Fc7d2d5d099f922e99df1bc2a94e6aaa062057dcb.jpg&site=native-push-adult&price=0&hostname=auc-inpage-hz-7-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0&ext_campaign_id_str=3915968&is_webview=0&client_price=0&direct_client_price=0&priority=0&client_payment_model=&is_in_app=0&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-b_l-body&st=0.02&cpa=4e4272cb-dd78-48e2-a874-358a2aedcb52&prev_step_diff=664 HTTP/1.1
Host: 683bf625f2.6e6ab61908.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.24.0
date: Thu, 26 Dec 2024 23:03:22 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp

45.133.44.24

200 OK

486 B

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
Fingerprint6B:98:BE:D7:28:05:BB:C1:1E:1B:28:3A:0F:F9:79:86:2D:94:63:BF
ValiditySun, 01 Dec 2024 03:02:39 GMT - Sat, 01 Mar 2025 03:02:38 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp
Size
486 B (486 bytes)
Hash
ceeb4e8840c24621c0e0352b42b38a5b
03cbceb0134a39267014595938705e2916580644
50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:22 GMT
content-type: image/webp
content-length: 486
server: nginx/1.24.0
last-modified: Fri, 31 May 2024 10:56:43 GMT
etag: "6659aceb-1e6"
expires: Fri, 26 Dec 2025 23:03:22 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
x-cdn-host-id: ds5058
accept-ranges: bytes
X-Firefox-Spdy: h2

static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp

45.133.44.24

200 OK

1.1 kB

URL GET HTTP/2
static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp
IP
45.133.44.24:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subjectstatic.bookmsg.com
Fingerprint6B:98:BE:D7:28:05:BB:C1:1E:1B:28:3A:0F:F9:79:86:2D:94:63:BF
ValiditySun, 01 Dec 2024 03:02:39 GMT - Sat, 01 Mar 2025 03:02:38 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.1 kB (1066 bytes)
Hash
2a11e13b2bd67bb9a6cb347d7c73df13
b85460a33f9b229f42c08a6a94ae433a4d5c32ab
1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56

HTTP Headers

GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:22 GMT
content-type: image/webp
content-length: 1066
server: nginx/1.24.0
last-modified: Fri, 31 May 2024 10:56:43 GMT
etag: "6659aceb-42a"
expires: Fri, 26 Dec 2025 23:03:22 GMT
cache-control: max-age=31536000
x-proxy-cache: HIT
x-cdn-host-id: ds5058
accept-ranges: bytes
X-Firefox-Spdy: h2

s3t3d2y8.afcdn.net/library/623611/c7d2d5d099f922e99df1bc2a94e6aaa062057dcb.jpg

95.173.205.15

200 OK

26 kB

URL GET HTTP/2
s3t3d2y8.afcdn.net/library/623611/c7d2d5d099f922e99df1bc2a94e6aaa062057dcb.jpg
IP
95.173.205.15:443
ASN
#49025 PRO-ZETA a.s.

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subjectafcdn.net
Fingerprint89:E4:C0:25:63:2C:85:6C:4C:12:FE:2E:C3:BE:F0:23:B4:E0:9A:45
ValidityMon, 23 Dec 2024 13:21:22 GMT - Sun, 23 Mar 2025 13:21:21 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3
Size
26 kB (25802 bytes)
Hash
401907dbfd7c961559df157f0b7cc0c1
c7d2d5d099f922e99df1bc2a94e6aaa062057dcb
d28b97cde9ff196441a9074e8c36eb8ea37b85221de8a7fef0491c2cf5eeb96b

HTTP Headers

GET /library/623611/c7d2d5d099f922e99df1bc2a94e6aaa062057dcb.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:22 GMT
content-type: image/jpeg
content-length: 25802
last-modified: Mon, 09 Aug 2021 11:06:04 GMT
etag: "61110c1c-64ca"
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
expires: Tue, 14 Jan 2025 12:02:04 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-77-nzt: EwwBX63NDQH3UaIIAAwBuUwKAQH38QEAAAwBnJIhJwG3vB3AAQ
x-77-nzt-ray: 2a494a153660d35edfe06d67cb18d629
x-77-cache: HIT
x-77-age: 565841
server: CDN77-Turbo
x-77-pop: osloNO
accept-ranges: bytes
X-Firefox-Spdy: h2

s.optvz.com/cimp.php?data=TVRjek5USTFOREl3TW53M01UZGtaV1l3TVRVNVl6Y3laalU1T1RJMFlXSXlNR0ZtT0dReU1ETTVZdy0tfC9saWJyYXJ5LzYyMzYxMS9jN2QyZDVkMDk5ZjkyMmU5OWRmMWJjMmE5NGU2YWFhMDYyMDU3ZGNiLmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfG15YmlkLmlvfDYyMzYxMXw1OTk5MTh8MTAxMTYzNnw1NDY4ODI0fDUwOHwzOTE1OTY4fDkxMzMyMDU2fDE1fDN8MHwwfDI1MzQ0fDc1NDE4Nzc2fDAuMnw3NXxVU0R8VVNEfDF8MXwzNHx8MXxOT1J8fDIwfDJ8MXx8OTQ5ODcxNDUyfGZlZWM3OThjYTE1ZmJmMjMxNjk0MWIzNWI4MmQ2YTYwfDF8MHxwb28ucGhkfDB8MHwwfDAuMDF8MXwwfGV4Y2hhbmdlX25hdGl2ZV9hZHwwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwxfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfHwyNHwyMnwwfDF8MHx8fDB8MHwwfDB8MHwwfDB8MHwwfDB8OXwwfDB8MHwwfDF8MnwwfHJ0Yi5leG9jbGljay5jb218T0t8YTEwNzUwNmUwNDc4NWE3NDVlMzYyMTk4ODFhMGUyMzM-

95.211.229.245

302 Found

0 B

URL GET HTTP/1.1
s.optvz.com/cimp.php?data=TVRjek5USTFOREl3TW53M01UZGtaV1l3TVRVNVl6Y3laalU1T1RJMFlXSXlNR0ZtT0dReU1ETTVZdy0tfC9saWJyYXJ5LzYyMzYxMS9jN2QyZDVkMDk5ZjkyMmU5OWRmMWJjMmE5NGU2YWFhMDYyMDU3ZGNiLmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfG15YmlkLmlvfDYyMzYxMXw1OTk5MTh8MTAxMTYzNnw1NDY4ODI0fDUwOHwzOTE1OTY4fDkxMzMyMDU2fDE1fDN8MHwwfDI1MzQ0fDc1NDE4Nzc2fDAuMnw3NXxVU0R8VVNEfDF8MXwzNHx8MXxOT1J8fDIwfDJ8MXx8OTQ5ODcxNDUyfGZlZWM3OThjYTE1ZmJmMjMxNjk0MWIzNWI4MmQ2YTYwfDF8MHxwb28ucGhkfDB8MHwwfDAuMDF8MXwwfGV4Y2hhbmdlX25hdGl2ZV9hZHwwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwxfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfHwyNHwyMnwwfDF8MHx8fDB8MHwwfDB8MHwwfDB8MHwwfDB8OXwwfDB8MHwwfDF8MnwwfHJ0Yi5leG9jbGljay5jb218T0t8YTEwNzUwNmUwNDc4NWE3NDVlMzYyMTk4ODFhMGUyMzM-
IP
95.211.229.245:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subjectoptvz.com
FingerprintAE:FE:57:B3:E6:6F:49:8B:16:9E:53:74:D7:67:95:2B:C6:06:CB:A3
ValidityWed, 13 Nov 2024 09:44:51 GMT - Tue, 11 Feb 2025 09:44:50 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cimp.php?data=TVRjek5USTFOREl3TW53M01UZGtaV1l3TVRVNVl6Y3laalU1T1RJMFlXSXlNR0ZtT0dReU1ETTVZdy0tfC9saWJyYXJ5LzYyMzYxMS9jN2QyZDVkMDk5ZjkyMmU5OWRmMWJjMmE5NGU2YWFhMDYyMDU3ZGNiLmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfG15YmlkLmlvfDYyMzYxMXw1OTk5MTh8MTAxMTYzNnw1NDY4ODI0fDUwOHwzOTE1OTY4fDkxMzMyMDU2fDE1fDN8MHwwfDI1MzQ0fDc1NDE4Nzc2fDAuMnw3NXxVU0R8VVNEfDF8MXwzNHx8MXxOT1J8fDIwfDJ8MXx8OTQ5ODcxNDUyfGZlZWM3OThjYTE1ZmJmMjMxNjk0MWIzNWI4MmQ2YTYwfDF8MHxwb28ucGhkfDB8MHwwfDAuMDF8MXwwfGV4Y2hhbmdlX25hdGl2ZV9hZHwwfDB8MzE0MzI0MnwtMXwwfDMxNDMyNDR8fHwxfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfHwyNHwyMnwwfDF8MHx8fDB8MHwwfDB8MHwwfDB8MHwwfDB8OXwwfDB8MHwwfDF8MnwwfHJ0Yi5leG9jbGljay5jb218T0t8YTEwNzUwNmUwNDc4NWE3NDVlMzYyMTk4ODFhMGUyMzM- HTTP/1.1
Host: s.optvz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 26 Dec 2024 23:03:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22676de0baa992c9.051369922469843627%22%3B%7D; expires=Sat, 26 Dec 2026 23:03:22 GMT; path=; domain=.optvz.com; Secure; SameSite=none
Location: https://s3t3d2y8.afcdn.net/library/623611/c7d2d5d099f922e99df1bc2a94e6aaa062057dcb.jpg
X-Robots-Tag: noindex, follow

s3t3d2y8.afcdn.net/library/623611/c7d2d5d099f922e99df1bc2a94e6aaa062057dcb.jpg

95.173.205.15

200 OK

26 kB

URL GET HTTP/2
s3t3d2y8.afcdn.net/library/623611/c7d2d5d099f922e99df1bc2a94e6aaa062057dcb.jpg
IP
95.173.205.15:443
ASN
#49025 PRO-ZETA a.s.

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subjectafcdn.net
Fingerprint89:E4:C0:25:63:2C:85:6C:4C:12:FE:2E:C3:BE:F0:23:B4:E0:9A:45
ValidityMon, 23 Dec 2024 13:21:22 GMT - Sun, 23 Mar 2025 13:21:21 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3
Size
26 kB (25802 bytes)
Hash
401907dbfd7c961559df157f0b7cc0c1
c7d2d5d099f922e99df1bc2a94e6aaa062057dcb
d28b97cde9ff196441a9074e8c36eb8ea37b85221de8a7fef0491c2cf5eeb96b

HTTP Headers

GET /library/623611/c7d2d5d099f922e99df1bc2a94e6aaa062057dcb.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:22 GMT
content-type: image/jpeg
content-length: 25802
last-modified: Mon, 09 Aug 2021 11:06:04 GMT
etag: "61110c1c-64ca"
accept-ch: Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Model,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
expires: Tue, 14 Jan 2025 12:02:04 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-77-nzt: EwwBX63NDQH3UaIIAAwBuUwKAQH38QEAAAwBnJIhJwG3vB3AAQ
x-77-nzt-ray: 2a494a153660d35edfe06d678ee1f32e
x-77-cache: HIT
x-77-age: 565841
server: CDN77-Turbo
x-77-pop: osloNO
accept-ranges: bytes
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AeZLP98oJrEPl7vuSP135yE_yUtu-V27rufa_JFTnNQYySWd-BpuyW-hxxmirPhSPXoQRaq_TjNobg

173.194.220.84

302 Found

423 B

URL GET HTTP/3
accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AeZLP98oJrEPl7vuSP135yE_yUtu-V27rufa_JFTnNQYySWd-BpuyW-hxxmirPhSPXoQRaq_TjNobg
IP
173.194.220.84:443
ASN
#15169 GOOGLE

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint36:7C:F6:D0:DA:DB:45:E1:80:A6:76:D2:C1:A5:38:1A:0B:8D:99:4E
ValidityMon, 02 Dec 2024 08:35:57 GMT - Mon, 24 Feb 2025 08:35:56 GMT

File type
HTML document, ASCII text, with very long lines (393)
Size
423 B (423 bytes)
Hash
7cd0680e96bda9d7b9a5a6912a2ac028
ddc917296347cad86704b73816f5b56059f7ad5a
67e0fc6a83801e3bf31372bd8881769467bf922036964933c2057f5555484915

HTTP Headers

GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AeZLP98oJrEPl7vuSP135yE_yUtu-V27rufa_JFTnNQYySWd-BpuyW-hxxmirPhSPXoQRaq_TjNobg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:yOViwZtICM0_rwKExNsYDVEk72sxfg:hkNDy4Apa_Wc0K7Y;Path=/;Expires=Sat, 26-Dec-2026 23:03:22 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 26 Dec 2024 23:03:22 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AeZLP99L1NuX7hjkYOzozHdSF-E2MtJxyuD0ERs4DeXhTl7ZyyDxqfh_OCH7Kvy-myd1PAAEoTEjyQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1675458210%3A1735254202794696&ddm=1
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-9K5YXP9UEJ9lT1NU5zSCvQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 423
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

nereserv.com/in/dip?event_id=0585e834-10de-4a1c-8836-abeaab7c2b1e&subid=500843478&spot_id=503362&created_at=2024-12-26&timezone=0&ver=1.158.2

168.119.25.102

200 OK

0 B

URL GET HTTP/2
nereserv.com/in/dip?event_id=0585e834-10de-4a1c-8836-abeaab7c2b1e&subid=500843478&spot_id=503362&created_at=2024-12-26&timezone=0&ver=1.158.2
IP
168.119.25.102:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintEE:9A:59:DB:A9:CD:73:0A:9C:87:AC:9F:FE:A1:90:AA:A1:7E:F8:D4
ValidityThu, 07 Nov 2024 10:40:28 GMT - Wed, 05 Feb 2025 10:40:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/dip?event_id=0585e834-10de-4a1c-8836-abeaab7c2b1e&subid=500843478&spot_id=503362&created_at=2024-12-26&timezone=0&ver=1.158.2 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poo.phd
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 26 Dec 2024 23:03:23 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AeZLP99L1NuX7hjkYOzozHdSF-E2MtJxyuD0ERs4DeXhTl7ZyyDxqfh_OCH7Kvy-myd1PAAEoTEjyQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1675458210%3A1735254202794696&ddm=1

173.194.220.84

403 Forbidden

12 kB

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AeZLP99L1NuX7hjkYOzozHdSF-E2MtJxyuD0ERs4DeXhTl7ZyyDxqfh_OCH7Kvy-myd1PAAEoTEjyQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1675458210%3A1735254202794696&ddm=1
IP
173.194.220.84:443
ASN
#15169 GOOGLE

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint36:7C:F6:D0:DA:DB:45:E1:80:A6:76:D2:C1:A5:38:1A:0B:8D:99:4E
ValidityMon, 02 Dec 2024 08:35:57 GMT - Mon, 24 Feb 2025 08:35:56 GMT

File type
gzip compressed data, max compression
Size
12 kB (12434 bytes)
Hash
0466bfab5d00e5e31fbc56dc3bb96a26
1e4f7f679837c201dec85125214aa05c6d7d6cab
9c194d91949b2945f7d27ce11d79d3ad6e266dc9aa92484e2763d72382d10d99

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AeZLP99L1NuX7hjkYOzozHdSF-E2MtJxyuD0ERs4DeXhTl7ZyyDxqfh_OCH7Kvy-myd1PAAEoTEjyQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1675458210%3A1735254202794696&ddm=1 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 26 Dec 2024 23:03:22 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-tk2FAKCoLU1fe4lyrOnUOg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com/recaptcha/api.js https://translate.google.com/translate_a/element.js https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.google.com/tools/feedback/help_api.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/feedback/js/ghelp/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.1PNB2j8wR4U.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

104.17.24.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/watch?v=vve-1aKPqmI
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint64:3F:50:40:E0:BD:89:CB:A9:C8:BE:E5:74:F6:9E:D6:2E:1A:32:02
ValidityTue, 26 Nov 2024 07:25:18 GMT - Mon, 24 Feb 2025 07:25:17 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
28 kB (27958 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:23 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 594982
expires: Tue, 16 Dec 2025 23:03:23 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=njQ2X1CSI600GcPXeTzAKjBZdos0hgIy6W0z5WmrbnSfJVN7lk%2BO67YSjCbmZQo9F1%2BCi2X50ZoqQ%2B4tjkgtoifuHqwlmR1AOKo10YjbDyzmbvi6yCyAk1ezZMdlo7WrV4O4VtnB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8f84b4328b0fb51d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

uk.pivotsforints.com/ryXb2oiPSKP/64343

23.109.170.127

200 OK

20 B

URL GET HTTP/1.1
uk.pivotsforints.com/ryXb2oiPSKP/64343
IP
23.109.170.127:443
ASN
#7979 SERVERS-COM

Requested by
https://metrolagu.cam/watch?v=vve-1aKPqmI
Certificate
IssuerLet's Encrypt
Subjectuk.pivotsforints.com
Fingerprint6E:77:CC:13:94:33:A4:40:26:03:41:D7:70:DD:8B:3D:1B:A4:A1:8D
ValidityTue, 24 Dec 2024 06:08:28 GMT - Mon, 24 Mar 2025 06:08:27 GMT

File type
gzip compressed data, from Unix
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ryXb2oiPSKP/64343 HTTP/1.1
Host: uk.pivotsforints.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 26 Dec 2024 23:03:23 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://metrolagu.cam
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Fri, 27-Dec-2024 23:03:23 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Fri, 27-Dec-2024 23:03:23 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

metrolagu.cam/play.svg

172.67.147.56

200 OK

54 kB

URL GET HTTP/3
metrolagu.cam/play.svg
IP
172.67.147.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/watch?v=vve-1aKPqmI
Certificate
IssuerGoogle Trust Services
Subjectmetrolagu.cam
Fingerprint87:2E:BA:C2:E3:F4:34:E9:D2:45:40:BD:CB:5D:20:18:B4:E8:2A:9F
ValidityFri, 06 Dec 2024 16:54:35 GMT - Thu, 06 Mar 2025 16:54:34 GMT

File type
SVG Scalable Vector Graphics image
Size
54 kB (53595 bytes)
Hash
85f08506e5a64050719e7e18a26cd9c4
cda07433539f1346406e7dde1a92ea6346d593d7
b6280b025f54d1e117f8515da139cc3d7c64955a5342fd81498431578336dd08

HTTP Headers

GET /play.svg HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/embed.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 26 Dec 2024 23:03:23 GMT
content-type: image/svg+xml
last-modified: Thu, 21 Sep 2023 10:51:20 GMT
etag: W/"650c2028-279"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2392
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fBgVb5gtbhsPv%2FtSbKAewVJwwPUSS0K4DwjEOeGCq1ixeBpSnA8bbHRsFjq9U2U0D4FZOZrChk%2Fw4zagvapKM6IoUBu0uTe%2BtC3R2Cb%2FG7PVfzp0mWRacKa%2Ft6xc7vUS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f84b4333ca45695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3696&min_rtt=1807&rtt_var=1745&sent=18&recv=10&lost=0&retrans=0&sent_bytes=8047&recv_bytes=1858&delivery_rate=32815&cwnd=12000&unsent_bytes=0&cid=f611683d09ee8552&ts=970&x=1", cfExtPri, cfHdrFlush;dur=0

enrtx.com/get/

94.130.197.239

200 OK

3.7 kB

URL POST HTTP/2
enrtx.com/get/
IP
94.130.197.239:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subjectpuwpush.com
Fingerprint61:BC:31:65:90:EA:DD:3B:91:05:29:93:84:00:89:BB:11:CB:81:2F
ValidityWed, 30 Oct 2024 10:28:34 GMT - Tue, 28 Jan 2025 10:28:33 GMT

File type
JSON text data
Size
3.7 kB (3684 bytes)
Hash
07d79e37729a97e2bd61cc7109348941
9ce7722950078b59c67c67e29fd12a28a9284857
38d181738f90d5c015c8ac54d58fb5e4252c031c2cd990a37fda1b9a4733bbd6

HTTP Headers

POST /get/ HTTP/1.1
Host: enrtx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://poo.phd/
Content-Type: text/plain;charset=UTF-8
Content-Length: 1072
Origin: https://poo.phd
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.16.0
date: Thu, 26 Dec 2024 23:03:23 GMT
content-type: application/json
content-length: 3684
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

poo.phd/cdn-cgi/rum?

104.21.16.1

204 No Content

0 B

URL POST HTTP/3
poo.phd/cdn-cgi/rum?
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerGoogle Trust Services
Subjectpoo.phd
FingerprintD6:36:DE:79:30:4A:6D:68:F7:8B:44:4B:F5:6B:48:0A:0F:05:B9:C0
ValidityFri, 20 Dec 2024 16:48:14 GMT - Thu, 20 Mar 2025 17:48:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: poo.phd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 787
Origin: https://poo.phd
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/e/5m4670oun9xb
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 204 No Content
date: Thu, 26 Dec 2024 23:03:44 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://poo.phd
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 8f84b4b65adf56cc-OSL
x-frame-options: DENY

metrolagu.cam/jembud/6278396e756f303736346d35

172.67.147.56

200 OK

244 B

URL GET HTTP/2
metrolagu.cam/jembud/6278396e756f303736346d35
IP
172.67.147.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mp4skin.com/watch?V=qqqRuFM3thI
Certificate
IssuerGoogle Trust Services
Subjectmetrolagu.cam
Fingerprint87:2E:BA:C2:E3:F4:34:E9:D2:45:40:BD:CB:5D:20:18:B4:E8:2A:9F
ValidityFri, 06 Dec 2024 16:54:35 GMT - Thu, 06 Mar 2025 16:54:34 GMT

File type
HTML document, ASCII text, with no line terminators
Size
244 B (244 bytes)
Hash
f3ea3167d0f1d81770d8b6b3c954c5dd
cc6a477b6a6f82f567b654f1a10375017c63ad20
cb5817b6e2bcb37bce378a4a22d425c476ed4d5eddce3250f0a7e600c80ba88f

HTTP Headers

GET /jembud/6278396e756f303736346d35 HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:22 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yYVhpDRiV19x1dmi0xZ5VkDlVZT8HWO8uL05kup%2FykmqFTCOuIi44WLj35sQgRnmS%2F2BCGxPsyBlUQ8eJ7n69qWQNrJFmmLIoh90uWTddBQBjNFhJosI0FNmIblIgzy%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f84b429d8b30b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1067&min_rtt=472&rtt_var=1198&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3204&recv_bytes=1154&delivery_rate=7133004&cwnd=254&unsent_bytes=0&cid=3bbde669d52f2979&ts=527&x=0"
X-Firefox-Spdy: h2

metrolagu.cam/watch?v=vve-1aKPqmI

172.67.147.56

200 OK

5.5 kB

URL POST HTTP/3
metrolagu.cam/watch?v=vve-1aKPqmI
IP
172.67.147.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mp4skin.com/watch?V=qqqRuFM3thI
Certificate
IssuerGoogle Trust Services
Subjectmetrolagu.cam
Fingerprint87:2E:BA:C2:E3:F4:34:E9:D2:45:40:BD:CB:5D:20:18:B4:E8:2A:9F
ValidityFri, 06 Dec 2024 16:54:35 GMT - Thu, 06 Mar 2025 16:54:34 GMT

File type
HTML document, ASCII text, with very long lines (5622), with no line terminators
Size
5.5 kB (5476 bytes)
Hash
d1b0680843bcd57047a6587482157abe
07ee9fc946bd1db93a8112bbe854f52fedf079db
0c736fcb2ba4fea79457f12d21bd8d56662519e59a228ce7f484941fe70a9471

HTTP Headers

POST /watch?v=vve-1aKPqmI HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 29
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/jembud/6278396e756f303736346d35
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 26 Dec 2024 23:03:23 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BXt9BYckO68ZM1w4Uwd6QDR1wsvEu7QGpP23m1KdLIfyfsK8sf%2FxmHqCXvO%2F0Y0JRhNs8dwdfkYCoqyIs3T%2FWiQHrHXY41XKpquGHS4IylwjmhJhOx1zrAvNjcZqXzWU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f84b42f589d5695-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3669&min_rtt=3124&rtt_var=1561&sent=12&recv=6&lost=0&retrans=0&sent_bytes=4067&recv_bytes=1222&delivery_rate=188495&cwnd=12000&unsent_bytes=0&cid=f611683d09ee8552&ts=582&x=1", cfExtPri, cfHdrFlush;dur=0

be1c6e25e9.ca6d30883b.com/a8514643546b53750c252df18c531ac2.js

45.133.44.53

200 OK

122 kB

URL GET HTTP/2
be1c6e25e9.ca6d30883b.com/a8514643546b53750c252df18c531ac2.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subjectbe1c6e25e9.ca6d30883b.com
FingerprintF1:3B:3F:E0:9B:7B:44:B3:01:BC:63:4D:73:F9:46:DB:81:3A:4E:9E
ValidityMon, 23 Dec 2024 02:15:00 GMT - Sun, 23 Mar 2025 02:14:59 GMT

File type

Size
122 kB (122015 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /a8514643546b53750c252df18c531ac2.js HTTP/1.1
Host: be1c6e25e9.ca6d30883b.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poo.phd
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:20 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 05 Dec 2024 14:47:03 GMT
etag: W/"6751bce7-1dc9f"
content-encoding: gzip
expires: Thu, 26 Dec 2024 23:08:20 GMT
cache-control: max-age=300
x-proxy-cache: HIT
x-cdn-host-id: ds8137
access-control-allow-origin: *
X-Firefox-Spdy: h2

be1c6e25e9.ca6d30883b.com/e467a7c7bf230cd596e05c71a25fb676/114039?version_name=b&domain=poo.phd

45.133.44.53

200 OK

3.7 kB

URL GET HTTP/2
be1c6e25e9.ca6d30883b.com/e467a7c7bf230cd596e05c71a25fb676/114039?version_name=b&domain=poo.phd
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subjectbe1c6e25e9.ca6d30883b.com
FingerprintF1:3B:3F:E0:9B:7B:44:B3:01:BC:63:4D:73:F9:46:DB:81:3A:4E:9E
ValidityMon, 23 Dec 2024 02:15:00 GMT - Sun, 23 Mar 2025 02:14:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (4203), with no line terminators
Size
3.7 kB (3729 bytes)
Hash
9c78a2a2da4a06f6a5326dbc3dbc3d27
2f09c257423df591b7e0710c293132d90dd1d5f3
b2fd64dbb8dc8443161748fad15638e7071e8c96e64a78311ea09d210c453dd4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /e467a7c7bf230cd596e05c71a25fb676/114039?version_name=b&domain=poo.phd HTTP/1.1
Host: be1c6e25e9.ca6d30883b.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://poo.phd
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:21 GMT
content-type: application/json
server: nginx/1.18.0
cache-control: max-age=300
expires: Thu, 26 Dec 2024 23:08:21 GMT
x-proxy-cache: HIT
x-cdn-host-id: ds8137
access-control-allow-origin: *
X-Firefox-Spdy: h2

be1c6e25e9.ca6d30883b.com/a9d6a07d87f62b3487809a95a3b11612.js

45.133.44.53

200 OK

553 kB

URL GET HTTP/2
be1c6e25e9.ca6d30883b.com/a9d6a07d87f62b3487809a95a3b11612.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subjectbe1c6e25e9.ca6d30883b.com
FingerprintF1:3B:3F:E0:9B:7B:44:B3:01:BC:63:4D:73:F9:46:DB:81:3A:4E:9E
ValidityMon, 23 Dec 2024 02:15:00 GMT - Sun, 23 Mar 2025 02:14:59 GMT

File type

Size
553 kB (552723 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /a9d6a07d87f62b3487809a95a3b11612.js HTTP/1.1
Host: be1c6e25e9.ca6d30883b.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:21 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 26 Dec 2024 12:39:46 GMT
etag: W/"676d4e92-86f13"
content-encoding: gzip
expires: Thu, 26 Dec 2024 23:08:21 GMT
cache-control: max-age=300
x-proxy-cache: HIT
x-cdn-host-id: ds8137
access-control-allow-origin: *
X-Firefox-Spdy: h2

meenetiy.com/wrr?z=6678850&p_rid=885867d9-b370-4673-a6b9-66f9b5a699b7&rb=TGt8drTBxJJgGLylFuOvXn_QtTbqq-9FYT3mwbU9EXQcL0T5joYmSP0RLFd9hLWHLjOxeF7Ms41JlKDCRO2-EnLi7i914pQZLxvD1IlwSaL9LntU-emf4L_Ivh2xF10iSKTyo1TCJMk8gRck3jPWdqZ2zssuUn8IeLey9xmDi-m_0XL9Bt8v9CRAAAd3OxDAFSNc_F2TxeP04r7DdnHQm0odjELu2JkeKg2KkFm-j4nGJg7rzk8mCneXyGPaXmyjxY071yl2vkVnOHuD&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fmp4skin.com%2Fwatch%3FV%3DqqqRuFM3thI&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2F6278396e756f303736346d35&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=&js_build=iclick-v1.1028.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&wasm=1&dmn=meenetiy.com&userId=00813e94674843eee24e13ac04ad9abe

139.45.197.119

200 OK

2 B

URL GET HTTP/2
meenetiy.com/wrr?z=6678850&p_rid=885867d9-b370-4673-a6b9-66f9b5a699b7&rb=TGt8drTBxJJgGLylFuOvXn_QtTbqq-9FYT3mwbU9EXQcL0T5joYmSP0RLFd9hLWHLjOxeF7Ms41JlKDCRO2-EnLi7i914pQZLxvD1IlwSaL9LntU-emf4L_Ivh2xF10iSKTyo1TCJMk8gRck3jPWdqZ2zssuUn8IeLey9xmDi-m_0XL9Bt8v9CRAAAd3OxDAFSNc_F2TxeP04r7DdnHQm0odjELu2JkeKg2KkFm-j4nGJg7rzk8mCneXyGPaXmyjxY071yl2vkVnOHuD&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fmp4skin.com%2Fwatch%3FV%3DqqqRuFM3thI&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2F6278396e756f303736346d35&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=&js_build=iclick-v1.1028.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&wasm=1&dmn=meenetiy.com&userId=00813e94674843eee24e13ac04ad9abe
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://mp4skin.com/watch?V=qqqRuFM3thI
Certificate
IssuerLet's Encrypt
Subjectmeenetiy.com
Fingerprint94:A2:14:A5:42:BA:42:10:29:6D:F7:11:0E:F4:7A:A7:67:A9:6D:BA
ValidityTue, 24 Dec 2024 05:12:15 GMT - Mon, 24 Mar 2025 05:12:14 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wrr?z=6678850&p_rid=885867d9-b370-4673-a6b9-66f9b5a699b7&rb=TGt8drTBxJJgGLylFuOvXn_QtTbqq-9FYT3mwbU9EXQcL0T5joYmSP0RLFd9hLWHLjOxeF7Ms41JlKDCRO2-EnLi7i914pQZLxvD1IlwSaL9LntU-emf4L_Ivh2xF10iSKTyo1TCJMk8gRck3jPWdqZ2zssuUn8IeLey9xmDi-m_0XL9Bt8v9CRAAAd3OxDAFSNc_F2TxeP04r7DdnHQm0odjELu2JkeKg2KkFm-j4nGJg7rzk8mCneXyGPaXmyjxY071yl2vkVnOHuD&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=-1&wh=-1&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=https%3A%2F%2Fmp4skin.com%2Fwatch%3FV%3DqqqRuFM3thI&drf=https%3A%2F%2Fmp4skin.com%2Fembud%2F6278396e756f303736346d35&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&tt=1&wgl=&js_build=iclick-v1.1028.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&wasm=1&dmn=meenetiy.com&userId=00813e94674843eee24e13ac04ad9abe HTTP/1.1
Host: meenetiy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mp4skin.com/
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 26 Dec 2024 23:03:22 GMT
content-type: text/plain
content-length: 2
x-trace-id: a5a451a4e03a6c5a8105ada010e4c2ac
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://mp4skin.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=00813e94674843eee24e13ac04ad9abe; expires=Fri, 26 Dec 2025 23:03:22 GMT; path=/; secure; SameSite=None
oaidts=1735254202; expires=Fri, 26 Dec 2025 23:03:22 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Thu, 02 Jan 2025 23:03:22 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

metrolagu.cam/embed.css

172.67.147.56

200 OK

1.1 kB

URL GET HTTP/3
metrolagu.cam/embed.css
IP
172.67.147.56:443
ASN
#13335 CLOUDFLARENET

Requested by
https://metrolagu.cam/watch?v=vve-1aKPqmI
Certificate
IssuerGoogle Trust Services
Subjectmetrolagu.cam
Fingerprint87:2E:BA:C2:E3:F4:34:E9:D2:45:40:BD:CB:5D:20:18:B4:E8:2A:9F
ValidityFri, 06 Dec 2024 16:54:35 GMT - Thu, 06 Mar 2025 16:54:34 GMT

File type
ASCII text, with very long lines (1145), with no line terminators
Size
1.1 kB (1094 bytes)
Hash
69c7d11151f7c8da1183e16ec826fd58
e20f5a01a0e67b7e5a8966ef0e36894ffa1e7ecf
360cdfd896a7ee8339aa947d0ea0457e3463ec025f989ef2e683c1ea4719d7d1

HTTP Headers

GET /embed.css HTTP/1.1
Host: metrolagu.cam
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://metrolagu.cam/watch?v=vve-1aKPqmI
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 26 Dec 2024 23:03:23 GMT
content-type: text/css
last-modified: Thu, 28 Sep 2023 15:07:59 GMT
vary: Accept-Encoding
etag: W/"651596cf-446"
expires: Fri, 27 Dec 2024 09:21:03 GMT
cache-control: max-age=43200
content-encoding: gzip
cf-cache-status: HIT
age: 6140
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xW3BUw4lo%2BevzQ6jJ%2FXdGSGBRF%2ByFkM0CLrImzxm%2B7Q3abscgP%2FifkxIDRmO35e7NJO5iVQjQDbe4xwpoAI7F0uHnoMJgDUjzy9IOvVAnUKuIF73M08P7mJySYcBjlfh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f84b4326be95695-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3437&min_rtt=1807&rtt_var=1636&sent=16&recv=8&lost=0&retrans=0&sent_bytes=6902&recv_bytes=1542&delivery_rate=4988&cwnd=12000&unsent_bytes=0&cid=f611683d09ee8552&ts=831&x=1", cfExtPri, cfHdrFlush;dur=0

mp4skin.com/watch?V=qqqRuFM3thI

172.67.154.189

200 OK

635 B

URL POST HTTP/3
mp4skin.com/watch?V=qqqRuFM3thI
IP
172.67.154.189:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerGoogle Trust Services
Subjectmp4skin.com
FingerprintD8:8E:3D:C3:C6:C0:99:9D:EB:BD:C7:C8:A3:E1:6A:CE:80:58:75:7D
ValiditySun, 22 Dec 2024 09:59:40 GMT - Sat, 22 Mar 2025 10:54:20 GMT

File type
HTML document, ASCII text, with very long lines (674), with no line terminators
Size
635 B (635 bytes)
Hash
0c5228d1a215a54c96128e83aec78ceb
633193f15c1d208fffd77f9c813813b391b20a11
03b81a87d1cf55a834ddda42c73c8827b9abee2ecd7cd7885e9b7dc0a782723f

HTTP Headers

POST /watch?V=qqqRuFM3thI HTTP/1.1
Host: mp4skin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 29
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/embud/6278396e756f303736346d35
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 26 Dec 2024 23:03:21 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6d3J1udM0snFoJ5OYE2VP6tgeCNjGZGsXy6T4FCFvjHSpV8oZUVKriw4vzo7GF1PewcnVyawKLRFTK5O4jMCyxwwQDd7%2FFeDIsAd3XA9pO0PQbw0%2BsHqYrZajkCtEA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f84b4263983569c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5829&min_rtt=2373&rtt_var=3358&sent=12&recv=8&lost=0&retrans=0&sent_bytes=4090&recv_bytes=1318&delivery_rate=250284&cwnd=12000&unsent_bytes=0&cid=11e2551b012f8ff4&ts=440&x=1", cfExtPri, cfHdrFlush;dur=0

be1c6e25e9.ca6d30883b.com/9e4d69f4cab39bd4cbbba618df9906f9.js

45.133.44.53

200 OK

190 kB

URL GET HTTP/2
be1c6e25e9.ca6d30883b.com/9e4d69f4cab39bd4cbbba618df9906f9.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subjectbe1c6e25e9.ca6d30883b.com
FingerprintF1:3B:3F:E0:9B:7B:44:B3:01:BC:63:4D:73:F9:46:DB:81:3A:4E:9E
ValidityMon, 23 Dec 2024 02:15:00 GMT - Sun, 23 Mar 2025 02:14:59 GMT

File type

Size
190 kB (190522 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /9e4d69f4cab39bd4cbbba618df9906f9.js HTTP/1.1
Host: be1c6e25e9.ca6d30883b.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:21 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 26 Dec 2024 12:39:50 GMT
etag: W/"676d4e96-2e83a"
content-encoding: gzip
expires: Thu, 26 Dec 2024 23:08:21 GMT
cache-control: max-age=300
x-proxy-cache: HIT
x-cdn-host-id: ds8137
access-control-allow-origin: *
X-Firefox-Spdy: h2

be1c6e25e9.ca6d30883b.com/bfc14d10224fb4e562d5d9a7e4e020b6.js

45.133.44.53

200 OK

107 kB

URL GET HTTP/2
be1c6e25e9.ca6d30883b.com/bfc14d10224fb4e562d5d9a7e4e020b6.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subjectbe1c6e25e9.ca6d30883b.com
FingerprintF1:3B:3F:E0:9B:7B:44:B3:01:BC:63:4D:73:F9:46:DB:81:3A:4E:9E
ValidityMon, 23 Dec 2024 02:15:00 GMT - Sun, 23 Mar 2025 02:14:59 GMT

File type

Size
107 kB (107378 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bfc14d10224fb4e562d5d9a7e4e020b6.js HTTP/1.1
Host: be1c6e25e9.ca6d30883b.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:21 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 11 Dec 2024 14:14:15 GMT
etag: W/"67599e37-1a372"
content-encoding: gzip
expires: Thu, 26 Dec 2024 23:08:21 GMT
cache-control: max-age=300
x-proxy-cache: HIT
x-cdn-host-id: ds8137
access-control-allow-origin: *
X-Firefox-Spdy: h2

be1c6e25e9.ca6d30883b.com/a9d6a07d87f62b3487809a95a3b11612.js

45.133.44.53

200 OK

553 kB

URL GET HTTP/2
be1c6e25e9.ca6d30883b.com/a9d6a07d87f62b3487809a95a3b11612.js
IP
45.133.44.53:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerLet's Encrypt
Subjectbe1c6e25e9.ca6d30883b.com
FingerprintF1:3B:3F:E0:9B:7B:44:B3:01:BC:63:4D:73:F9:46:DB:81:3A:4E:9E
ValidityMon, 23 Dec 2024 02:15:00 GMT - Sun, 23 Mar 2025 02:14:59 GMT

File type

Size
553 kB (552723 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /a9d6a07d87f62b3487809a95a3b11612.js HTTP/1.1
Host: be1c6e25e9.ca6d30883b.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:21 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 26 Dec 2024 12:39:46 GMT
etag: W/"676d4e92-86f13"
content-encoding: gzip
expires: Thu, 26 Dec 2024 23:08:21 GMT
cache-control: max-age=300
x-proxy-cache: HIT
x-cdn-host-id: ds8137
access-control-allow-origin: *
X-Firefox-Spdy: h2

pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

216.58.211.2

200 OK

159 kB

URL GET HTTP/2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP
216.58.211.2:443
ASN
#15169 GOOGLE

Requested by
https://metrolagu.cam/watch?v=vve-1aKPqmI
Certificate
IssuerGoogle Trust Services
Subject*.g.doubleclick.net
FingerprintBA:DF:E8:69:61:F6:F8:D5:A5:A9:E9:A2:92:F0:8A:AA:A7:E6:7A:EA
ValidityMon, 02 Dec 2024 08:35:56 GMT - Mon, 24 Feb 2025 08:35:55 GMT

File type
JavaScript source, ASCII text, with very long lines (3679)
Size
159 kB (159284 bytes)
Hash
0322cfd4cd88b32828a17c1e43f977cd
83002e8046058956b232a971001708f90f01fe65
cd06d9fa2a1b4f93fa74a1fc76b465fa08e80e1cf98cb08e9344645108e0b45a

HTTP Headers

GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://metrolagu.cam/
Origin: https://metrolagu.cam
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Thu, 26 Dec 2024 23:03:23 GMT
expires: Thu, 26 Dec 2024 23:03:23 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 4163617329273953449
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 53258
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ax4.poopstream.co/play.svg

172.67.200.123

200 OK

633 B

URL GET HTTP/2
ax4.poopstream.co/play.svg
IP
172.67.200.123:443
ASN
#13335 CLOUDFLARENET

Requested by
https://poo.phd/e/5m4670oun9xb
Certificate
IssuerGoogle Trust Services
Subjectax4.poopstream.co
Fingerprint2A:3B:7A:45:B3:66:2B:58:D6:9D:CD:11:2C:75:63:01:6D:0A:29:47
ValidityThu, 19 Dec 2024 09:08:50 GMT - Wed, 19 Mar 2025 10:08:49 GMT

File type
SVG Scalable Vector Graphics image
Size
633 B (633 bytes)
Hash
fa7e52a78c2db6968656093b3b4f6266
d3c582a7ce14bbe3f2e3a486e8e038d7ccbdfc6a
3ba523164e3d24ae32abd260e3728d4418e4720f145e0571acac76c42e81d3cb

HTTP Headers

GET /play.svg HTTP/1.1
Host: ax4.poopstream.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://poo.phd/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:20 GMT
content-type: image/svg+xml
etag: W/"85f08506e5a64050719e7e18a26cd9c4"
last-modified: Thu, 14 Mar 2024 17:17:30 GMT
vary: Accept-Encoding
cache-control: max-age=1200
cf-cache-status: HIT
age: 6143
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BTLPkcXrghloCMFeFGDa%2FA%2BPmzh5WBbvcGvJ%2BMOxHjioMHVeuqX1NaTSNeyyroaCVh5W3uEuotOkUVtV7EYWr6qHSMAlT%2BKps0XEuIhD7MSfaLo%2B4WJlrZbl%2B1pNLp5MsahiLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f84b421fcedb4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=550&min_rtt=472&rtt_var=185&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3194&recv_bytes=1068&delivery_rate=6776911&cwnd=253&unsent_bytes=0&cid=e30092a82e8a51a0&ts=30&x=0"
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=00813e94674843eee24e13ac04ad9abe

188.114.96.1

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=00813e94674843eee24e13ac04ad9abe
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mp4skin.com/watch?V=qqqRuFM3thI
Certificate
IssuerGoogle Trust Services
Subjectmy.rtmark.net
Fingerprint8A:B7:CD:87:FA:39:07:A8:88:41:1C:9E:2D:0E:97:51:61:75:C1:34
ValidityWed, 06 Nov 2024 10:31:42 GMT - Tue, 04 Feb 2025 10:31:41 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
65 B (65 bytes)
Hash
3bc2daa7c9d4e8170b5502adb2d23fdc
afe19690955923fbfe263cedcc7adcab008a4699
af24e1f336dac8ae5e9cb6b681044b86b548ea78537fb88d9d99f650538c4a21

HTTP Headers

GET /gid.js?userId=00813e94674843eee24e13ac04ad9abe HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mp4skin.com
DNT: 1
Connection: keep-alive
Referer: https://mp4skin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:22 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mp4skin.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
set-cookie: ID=00813e94674843eee24e13ac04ad9abe; expires=Fri, 26 Dec 2025 23:03:22 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DC7NX0M67aPW1IiUERLLwwjtsoNBdLMrUJt6i%2FhGx7efkbIgSZppbRf1Vn63edpMakr8igAAytTIO6BZHp%2BB7TqJtGMe%2F3nBifhQsGP8C4DQrF52gZ4MM6%2B0XNOxzIBv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8f84b42bbd1c56c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=505&min_rtt=392&rtt_var=209&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3201&recv_bytes=1100&delivery_rate=7812949&cwnd=254&unsent_bytes=0&cid=7984e533c886deec&ts=61&x=0"
X-Firefox-Spdy: h2

poo.phd/e/5m4670oun9xb

104.21.16.1

200 OK

12 kB

URL User Request GET HTTP/2
poo.phd/e/5m4670oun9xb
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectpoo.phd
FingerprintD6:36:DE:79:30:4A:6D:68:F7:8B:44:4B:F5:6B:48:0A:0F:05:B9:C0
ValidityFri, 20 Dec 2024 16:48:14 GMT - Thu, 20 Mar 2025 17:48:11 GMT

File type
HTML document, ASCII text, with very long lines (6442)
Size
12 kB (11503 bytes)
Hash
c8fcbf48f009a870caf937b1d23b27e4
6d91a21777da9cb3c893885e586956fb948436b6
1ad438eb3bb9ed27be6a46717b6d1062f0794477b215296b0ef3c7ba7581952d

HTTP Headers

GET /e/5m4670oun9xb HTTP/1.1
Host: poo.phd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 26 Dec 2024 23:03:20 GMT
content-type: text/html;charset=UTF-8
cache-control: public, max-age=3600, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3F3vm8kWNWTigGje9%2BlFnEqjJKSkzpIVa0M0tfz2IvQjSqLYH0WIByZVTP4zRKbqqfVen%2F0YQunSiYIe6Fs%2BApZU82iu0%2FS%2B5k9aQjSA6ayDr5hVkmlgJSNE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8f84b41c4e6b568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6725&min_rtt=491&rtt_var=10750&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3191&recv_bytes=1121&delivery_rate=7144736&cwnd=254&unsent_bytes=0&cid=d8a9840d80018a46&ts=547&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML