dood.wf/d/b5ss9hbdk51u
104.26.8.113301 Moved Permanently 0 B IP 104.26.8.113:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /d/b5ss9hbdk51u HTTP/1.1
Host: dood.wf
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 04 Oct 2022 10:13:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 04 Oct 2022 11:13:12 GMT
Location: https://dood.wf/d/b5ss9hbdk51u
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H7JSCQQMB%2FUii6ICFzBckmqND7ZDci6LygCy1NawI8f5fvfCIo8NrHU4a1RPVxLjwf0ee%2BoUzao9AXAyHQIWK4DKjmJA3dyjnX1i2aK7ilhsdbiIi5zoq7o%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 754d24c40c03b511-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Backoff, Retry-After, Content-Length
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 04 Oct 2022 09:47:04 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: tnZ9GhPBVt2AOhMWc3FxuhsYnqtb0JYh1I6umvPExBHizaeQAAtbVg==
Age: 1569
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9955bda9c9ef64bc5700a14af0bae25e
8de7b7469e905af0374bdfcc3006bbb844f13e94
1f611155394fac39439b8ec8217d8cd493d6b588d372d264e0d66c03129c50c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F611155394FAC39439B8EC8217D8CD493D6B588D372D264E0D66C03129C50C6"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6601
Expires: Tue, 04 Oct 2022 12:03:14 GMT
Date: Tue, 04 Oct 2022 10:13:13 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 04 Oct 2022 05:28:28 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: alrkBj1m1s17tv96BAWppT5bfU45ipQYZSr9JbfrY1pcnRabWWxKwQ==
age: 17086
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 792d8c58aba48cc1f2f79401000ab30c
6ab4945a09e3fe0634c618e2232dd85898467712
7745c01d4cc02382e3d3e81a5076bddae95d20681537b3b8dd37791a6a89099a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7745C01D4CC02382E3D3E81A5076BDDAE95D20681537B3B8DD37791A6A89099A"
Last-Modified: Mon, 03 Oct 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10650
Expires: Tue, 04 Oct 2022 13:10:43 GMT
Date: Tue, 04 Oct 2022 10:13:13 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:13:13 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 792d8c58aba48cc1f2f79401000ab30c
6ab4945a09e3fe0634c618e2232dd85898467712
7745c01d4cc02382e3d3e81a5076bddae95d20681537b3b8dd37791a6a89099a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7745C01D4CC02382E3D3E81A5076BDDAE95D20681537B3B8DD37791A6A89099A"
Last-Modified: Mon, 03 Oct 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10650
Expires: Tue, 04 Oct 2022 13:10:43 GMT
Date: Tue, 04 Oct 2022 10:13:13 GMT
Connection: keep-alive
dood.wf/d/b5ss9hbdk51u
104.26.8.113200 OK 31 kB IP 104.26.8.113:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7166), with no line terminators
Hash 1875fe1690b08fdf8554c71299b86095
e8ea2f4b316664097119b12758fea0c10ca0bd0b
1de5236f20d6b6b8fe208707b4259dbd96e66db3dc5b5ed98fe429b4b6262373
GET /d/b5ss9hbdk51u HTTP/1.1
Host: dood.wf
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Tue, 04 Oct 2022 10:13:13 GMT
content-type: text/html; charset=UTF-8
expires: Mon, 03 Oct 2022 10:13:13 GMT
set-cookie: lang=1; domain=.dood.wf; path=/; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TVmiw6AbnA%2Fxnw6Q14JPCWkLsUBhPlGk1DRN3RYouhDRq9fHT6Ta133WgjExEQC13A1VyZMVeHc%2BIbB4PA9sojM%2Ftf5EblWta14DfmV89FtZfSOMEQ30CKw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754d24c61f140b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 044d427ef873f234ee3b58283eb5330f
2dad4ed00f77529805c175e0fde44cae0984c42e
2da369baa81e15354344237be7bd3101d71af187eb620450acc0804d148a0bbd
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "2DA369BAA81E15354344237BE7BD3101D71AF187EB620450ACC0804D148A0BBD"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4944
Expires: Tue, 04 Oct 2022 11:35:37 GMT
Date: Tue, 04 Oct 2022 10:13:13 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 044d427ef873f234ee3b58283eb5330f
2dad4ed00f77529805c175e0fde44cae0984c42e
2da369baa81e15354344237be7bd3101d71af187eb620450acc0804d148a0bbd
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "2DA369BAA81E15354344237BE7BD3101D71AF187EB620450ACC0804D148A0BBD"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4944
Expires: Tue, 04 Oct 2022 11:35:37 GMT
Date: Tue, 04 Oct 2022 10:13:13 GMT
Connection: keep-alive
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
104.17.25.14200 OK 591 B URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (1266)
Hash 414869f16aa77a65b4928a018f7f1abb
cea521f7a2958a50239526ed6b068f0937527653
afee364ce513c6517247b81cce5eb5eadb1dbbb35e439eb3fa97bbc15fac2cd3
GET /ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 10:13:13 GMT
content-type: application/javascript; charset=utf-8
content-length: 591
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec1-514"
last-modified: Mon, 04 May 2020 16:11:45 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2695374
expires: Sun, 24 Sep 2023 10:13:13 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kGW5MVM6r6piH4%2Fmdm48eojJlUfChECYpsspHOqIxDdVZNP3cPUcn8uj8Rs5jhxY3dDQP2tLhAaKigxFMYq4k0d0lP4JwRNjzqLsmVaWVw5LBoMH%2BgSyKz2UXCldirfWXPK5Tvv7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 754d24c7fda1b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.doodcdn.co/img/no_video_3.svg
172.67.70.190200 OK 2.8 kB URL HTTP/2 i.doodcdn.co/img/no_video_3.svg
IP 172.67.70.190:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (2789)
Hash 077bfdaa49ae4877a42611b739ec4752
a2f9e1222b7af9abc05122411ab8902efcc08ead
70d6a17097a8c27edfaad6740e11359d9363f3f04bff1b93483e29c25609fa6c
GET /img/no_video_3.svg HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 04 Oct 2022 10:13:13 GMT
content-type: image/svg+xml
content-length: 2812
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
etag: "61d3187c-afc"
expires: Wed, 02 Nov 2022 08:08:00 GMT
cache-control: public, max-age=2592000, no-transform
access-control-allow-origin: *
cf-cache-status: HIT
age: 45642
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nuN8vivjHP%2Frsac5Uobdx64EGCp%2BMaZxhxMJZBwdKm1ftIYW9ipzjxUlZAPnWm1dhBGg496azn7AksBcNuPzhKML1ZW66eJNKW1z6mWxiGdiLjJWUpXiX66B9ZetPg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754d24c83aa5b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9e40b2c69615f45f2bc898334ab3e343
6a569648ed10564e126d3bbf3f91352e6b3f6d4f
4f1d0982c58b9bbeaa266b99292baa1a00c9e39280f73d5a525722c851e15981
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 10:13:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 044d427ef873f234ee3b58283eb5330f
2dad4ed00f77529805c175e0fde44cae0984c42e
2da369baa81e15354344237be7bd3101d71af187eb620450acc0804d148a0bbd
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "2DA369BAA81E15354344237BE7BD3101D71AF187EB620450ACC0804D148A0BBD"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4944
Expires: Tue, 04 Oct 2022 11:35:37 GMT
Date: Tue, 04 Oct 2022 10:13:13 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 9e40b2c69615f45f2bc898334ab3e343
6a569648ed10564e126d3bbf3f91352e6b3f6d4f
4f1d0982c58b9bbeaa266b99292baa1a00c9e39280f73d5a525722c851e15981
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 10:13:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e1d5b56539bbafd20976bd972c239913
c28acfb54d01d5e6ddb4c383394d67abf1c60b68
2ca1379bdf174d87276661b669692f2d888b23d983d900311d63b6853d0e719b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2CA1379BDF174D87276661B669692F2D888B23D983D900311D63B6853D0E719B"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8222
Expires: Tue, 04 Oct 2022 12:30:15 GMT
Date: Tue, 04 Oct 2022 10:13:13 GMT
Connection: keep-alive
alas4kanmfa6a4mubte.com/get/1841679?zoneid=1841679&jp=_cla74xu6rydyutlt28edqm&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=3768284167608861
62.122.171.6200 OK 29 kB URL HTTP/2 alas4kanmfa6a4mubte.com/get/1841679?zoneid=1841679&jp=_cla74xu6rydyutlt28edqm&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=3768284167608861
IP 62.122.171.6:0
Hash aa348fa8db404eb398e3dc9785b1f6ee
11d7cbd2d76c3ec18581538202fa1a98e9be692f
25230e1a839f6ee541a2e197b840ed048775e668e7ac692a8db7d01463d31dae
GET /get/1841679?zoneid=1841679&jp=_cla74xu6rydyutlt28edqm&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=3768284167608861 HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:13:13 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=2210040513393330e3b3bb4db9adac413419; Path=/; Expires=Wed, 04 Oct 2023 10:13:13 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b45b15bb651cc185ea82d91a51f06b5a
44987727be72bb12b4e4fc4fac50145835512750
f0b61426de169cf2efde87ac98d5123ea785004ad05c05932a099b644b2fdf64
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 10:13:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.bncloudfl.com/bn/b0b/79f/7da/b0b79f7daf8253d9fbd7c7e163d1dfe405c48824.png
104.22.14.198200 OK 53 kB URL HTTP/2 cdn.bncloudfl.com/bn/b0b/79f/7da/b0b79f7daf8253d9fbd7c7e163d1dfe405c48824.png
IP 104.22.14.198:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 2b78bbe847928bc6f3e28f42cc12047c
4fded29e043af8f4a6910531b27e93a84da6b375
28babb4537229a8e8a04435cc14c31576f2018e071de3c87ab656516453e6327
GET /bn/b0b/79f/7da/b0b79f7daf8253d9fbd7c7e163d1dfe405c48824.png HTTP/1.1
Host: cdn.bncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 10:13:13 GMT
content-type: image/webp
content-length: 52926
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=432000
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=75477
content-disposition: inline; filename="b0b79f7daf8253d9fbd7c7e163d1dfe405c48824.webp"
etag: 62ba247cb98f42d40a1f9a775d2bb4f1
expires: Thu, 06 Oct 2022 09:49:33 GMT
last-modified: Tue, 04 Oct 2022 09:07:30 GMT
vary: Accept
x-openstack-request-id: txe6162a66df3e46c88a3da-00633bf7d9
x-proxy-cache: HIT
x-timestamp: 1664874449.60311
x-trans-id: txe6162a66df3e46c88a3da-00633bf7d9
cf-cache-status: HIT
age: 1420
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 754d24ca5d850b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
alas4kanmfa6a4mubte.com/lv/esnk/1841679/code.js
62.122.171.6200 OK 48 kB URL HTTP/2 alas4kanmfa6a4mubte.com/lv/esnk/1841679/code.js
IP 62.122.171.6:0
File type ASCII text, with very long lines (65530)
Hash 85a52077dade0dd47ddd2c138314cdb8
5bf6df9edc8aef98ba0f0289d428c470549a90d5
adff43e7ac918204afeb9bf3c8dba8df3eec02aaf66e6e0fff5f1aa24bb2e8c8
GET /lv/esnk/1841679/code.js HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:13:13 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 14:00:58 GMT
vary: Accept-Encoding
etag: W/"6333021a-1e318"
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7a4aacea3845ef01bba1e65c98922d10
d3341291f3f5ab84c79ac4a07d62218b7624486e
79d20cf48936577f83f9be6cbc4ed7cce82325adf0aa1ccaf37ad5134dc6e80c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "79D20CF48936577F83F9BE6CBC4ED7CCE82325ADF0AA1CCAF37AD5134DC6E80C"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14372
Expires: Tue, 04 Oct 2022 14:12:46 GMT
Date: Tue, 04 Oct 2022 10:13:14 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 04 Oct 2022 09:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Tue, 04 Oct 2022 10:27:25 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 2UX_6H_uBIalDFikK0s2DD3xoYanL5rzH91w-q9Ey1ttRaQbR5_zjg==
Age: 2621
alas4kanmfa6a4mubte.com/chicken.gif?z=1841679&pb=c9180889e12429ca9c033b2d56869b581664885593&psp=LSJGpyfcJ7xdt-nFKpTErWCpcBJjbU9ZJ4v1AThfJT_6qWX30j6Md1SLgCwwkLK4Q8DVcI61O9YEGGbfO8fl7Dpam0yg57qg8OfmHW2vpq-zsBjT-q375SA5GAmTtdprV_eTSk0e57fYBkO1FrNwRgoEIPNWVV7m5tnDu7jCwIJAn1AagsRH3HfdLUuK9F1D586JNec7G4Nmks3sMQtqaH4qPyPcZSNKk1oShG-jhQfbfpN79eshIq_UMxOZ99zJoOX-pts34ItoUmLIvNgLTScEPUHHLhXoxaJQeEw_C3_Y3G1DSPWQB8aw8hgfHzYF0cz3Ezh20kbv9sQM4OXOppbdIWmrMpu9O5st1VbzKgKizgUka2_mkySnKy_YXLkcziO3fenl4UXevaIfd6dBiZGbgHJMUY7h6kug-I0ao0gr407l6wpAI3RuwDa0kXu0QUWUaaRzTGynvwUCLwYgvC_mnLeMI7gGW8__lphaAuhkpzt_ZQAc7rABbE0NZfQYbmGOo7yP8s19_mWG_h4m4IcjR-jU6oAb_S3OZEhT_Zx7udLpaCAUR1fJOMS2xyNmvsFvB69hFsE8ETd_IPs_F6vfl6D6tXgKuGA4HLd4xG7LIDJL2nQAp__bPRENLnuN5Hp42-uSFkhbSsoyGsieA84aSnm6OtfDmPSWNoDg_klauuAQiUY1gqSBRo2kDNXTGJNdHNcJAl-ttQmVlaBNJGuwbW6-7xdj61liSFp2q035BvT-CtRP1FjjcGnUIQyAgBYoG7PI-j9kB4kP_wjEfGc5mN_6WuEossL0_l8HJKN71eZhRTVX310kccexvCGFv1erGBJs6ru3qHXg8wOOd6EsQD1mDQtH6ZNaHih-fnkEjI5pBr3EJKxHNQSteA8jHOh1aTIc4YzG&abvar=0&os=0
62.122.171.6200 OK 43 B URL HTTP/2 alas4kanmfa6a4mubte.com/chicken.gif?z=1841679&pb=c9180889e12429ca9c033b2d56869b581664885593&psp=LSJGpyfcJ7xdt-nFKpTErWCpcBJjbU9ZJ4v1AThfJT_6qWX30j6Md1SLgCwwkLK4Q8DVcI61O9YEGGbfO8fl7Dpam0yg57qg8OfmHW2vpq-zsBjT-q375SA5GAmTtdprV_eTSk0e57fYBkO1FrNwRgoEIPNWVV7m5tnDu7jCwIJAn1AagsRH3HfdLUuK9F1D586JNec7G4Nmks3sMQtqaH4qPyPcZSNKk1oShG-jhQfbfpN79eshIq_UMxOZ99zJoOX-pts34ItoUmLIvNgLTScEPUHHLhXoxaJQeEw_C3_Y3G1DSPWQB8aw8hgfHzYF0cz3Ezh20kbv9sQM4OXOppbdIWmrMpu9O5st1VbzKgKizgUka2_mkySnKy_YXLkcziO3fenl4UXevaIfd6dBiZGbgHJMUY7h6kug-I0ao0gr407l6wpAI3RuwDa0kXu0QUWUaaRzTGynvwUCLwYgvC_mnLeMI7gGW8__lphaAuhkpzt_ZQAc7rABbE0NZfQYbmGOo7yP8s19_mWG_h4m4IcjR-jU6oAb_S3OZEhT_Zx7udLpaCAUR1fJOMS2xyNmvsFvB69hFsE8ETd_IPs_F6vfl6D6tXgKuGA4HLd4xG7LIDJL2nQAp__bPRENLnuN5Hp42-uSFkhbSsoyGsieA84aSnm6OtfDmPSWNoDg_klauuAQiUY1gqSBRo2kDNXTGJNdHNcJAl-ttQmVlaBNJGuwbW6-7xdj61liSFp2q035BvT-CtRP1FjjcGnUIQyAgBYoG7PI-j9kB4kP_wjEfGc5mN_6WuEossL0_l8HJKN71eZhRTVX310kccexvCGFv1erGBJs6ru3qHXg8wOOd6EsQD1mDQtH6ZNaHih-fnkEjI5pBr3EJKxHNQSteA8jHOh1aTIc4YzG&abvar=0&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
GET /chicken.gif?z=1841679&pb=c9180889e12429ca9c033b2d56869b581664885593&psp=LSJGpyfcJ7xdt-nFKpTErWCpcBJjbU9ZJ4v1AThfJT_6qWX30j6Md1SLgCwwkLK4Q8DVcI61O9YEGGbfO8fl7Dpam0yg57qg8OfmHW2vpq-zsBjT-q375SA5GAmTtdprV_eTSk0e57fYBkO1FrNwRgoEIPNWVV7m5tnDu7jCwIJAn1AagsRH3HfdLUuK9F1D586JNec7G4Nmks3sMQtqaH4qPyPcZSNKk1oShG-jhQfbfpN79eshIq_UMxOZ99zJoOX-pts34ItoUmLIvNgLTScEPUHHLhXoxaJQeEw_C3_Y3G1DSPWQB8aw8hgfHzYF0cz3Ezh20kbv9sQM4OXOppbdIWmrMpu9O5st1VbzKgKizgUka2_mkySnKy_YXLkcziO3fenl4UXevaIfd6dBiZGbgHJMUY7h6kug-I0ao0gr407l6wpAI3RuwDa0kXu0QUWUaaRzTGynvwUCLwYgvC_mnLeMI7gGW8__lphaAuhkpzt_ZQAc7rABbE0NZfQYbmGOo7yP8s19_mWG_h4m4IcjR-jU6oAb_S3OZEhT_Zx7udLpaCAUR1fJOMS2xyNmvsFvB69hFsE8ETd_IPs_F6vfl6D6tXgKuGA4HLd4xG7LIDJL2nQAp__bPRENLnuN5Hp42-uSFkhbSsoyGsieA84aSnm6OtfDmPSWNoDg_klauuAQiUY1gqSBRo2kDNXTGJNdHNcJAl-ttQmVlaBNJGuwbW6-7xdj61liSFp2q035BvT-CtRP1FjjcGnUIQyAgBYoG7PI-j9kB4kP_wjEfGc5mN_6WuEossL0_l8HJKN71eZhRTVX310kccexvCGFv1erGBJs6ru3qHXg8wOOd6EsQD1mDQtH6ZNaHih-fnkEjI5pBr3EJKxHNQSteA8jHOh1aTIc4YzG&abvar=0&os=0 HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=2210040513393330e3b3bb4db9adac413419
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:13:14 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OAICAP=AC4xCwAAAAAAAAAB; Path=/; Expires=Thu, 03 Nov 2022 10:13:14 GMT; Secure; SameSite=None
OAIBLOCK=AC4xCwAAAABjO73Q; Path=/; Expires=Thu, 03 Nov 2022 10:13:14 GMT; Secure; SameSite=None
OACICAP=ACJMGgAAAAAAAAAB; Path=/; Expires=Thu, 03 Nov 2022 10:13:14 GMT; Secure; SameSite=None
OACIBLOCK=ACJMGgAAAABjO73Q; Path=/; Expires=Thu, 03 Nov 2022 10:13:14 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Wed, 05 Oct 2022 10:13:14 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
alas4kanmfa6a4mubte.com/chicken.gif?z=1841674&pb=c9180889e12429ca9c033b2d56869b581664885593&psp=use4mFIWtx7GumZ5ap9SXyfnYxPu-orWwlkRpt_RGjs7hPNW5f613DHd_ONiWosG-rCyYXzdP4DPVOqUFeH6Z-spR8ijd79HSvQpOzXZ2S9L-AgcPH0F-k2lpw5yMkTxRFJqMDHp1G2KfdM5N4jKjfrf9s3fdp6whBIrQwmPSEtD0LuxZRscEcyttEY0_bFG9I1l4mLBMpZdFkQUZbzUK2V7RS7gRaW0CEVnemA3gPa7aw8XiEix9OE6kAkgr_BFjrYebSEiQ0hlfxqHlTwTxlpU9Mp3WeCssiXrHCDiudYA-SdyZRtiq3w_dpW3Ui660uf5LpXCIAANt8g2Dy1eM3EXMRwKBqLzB04IDX0TdkCkq1aeMPeCuFccjdjg7-sHcYJ_Tn92AEmzOJn-9t7jgq4gS-thYOCj2TivKyAHJLttMBoZLH4CTY1wVq0EEn9K0YBP2FfY6qFqNU-RreUMJtKTe7Vpf4qFZCHzW5y0p_D5DXPZHKJ8aMLfBGajs_g5jthIfBUuOtMs_iG0105E9o_j8a5LD07uldLWwySPreyKetkVcVOB4cr1gDKRb4EkgsLyUJInR6fDjiLBgFkaxobqmYLMFQoEG5otZv_RwGy71cM3izCunwP7kWlJPzbrFh3AbHk6_DXal6hTy4ZJcIJ0OEinJ_nRrM3qpt4nbVa0cCvzHDl9LQRFEiQpo0fdCOxr9wQQbPuCSuRfm9oGw_jvtvKRY2D3ZzN9RKsGJ9UpKWjr017D7c1DbO48_6VYvCWWl7XhjW_L1EOWeBV6XCQxGRym9NnYLByoFpyrXCFnI7ML3pgG5-BfvZx_KuWuMGEBlgF0ggCJzT4InOjG9K0I5TpOWmat7R0iXPEVxNuTGbK57XBo0vcl2Rm5jOfJ4xrP3XSb7Efq&abvar=0&os=0
62.122.171.6200 OK 43 B URL HTTP/2 alas4kanmfa6a4mubte.com/chicken.gif?z=1841674&pb=c9180889e12429ca9c033b2d56869b581664885593&psp=use4mFIWtx7GumZ5ap9SXyfnYxPu-orWwlkRpt_RGjs7hPNW5f613DHd_ONiWosG-rCyYXzdP4DPVOqUFeH6Z-spR8ijd79HSvQpOzXZ2S9L-AgcPH0F-k2lpw5yMkTxRFJqMDHp1G2KfdM5N4jKjfrf9s3fdp6whBIrQwmPSEtD0LuxZRscEcyttEY0_bFG9I1l4mLBMpZdFkQUZbzUK2V7RS7gRaW0CEVnemA3gPa7aw8XiEix9OE6kAkgr_BFjrYebSEiQ0hlfxqHlTwTxlpU9Mp3WeCssiXrHCDiudYA-SdyZRtiq3w_dpW3Ui660uf5LpXCIAANt8g2Dy1eM3EXMRwKBqLzB04IDX0TdkCkq1aeMPeCuFccjdjg7-sHcYJ_Tn92AEmzOJn-9t7jgq4gS-thYOCj2TivKyAHJLttMBoZLH4CTY1wVq0EEn9K0YBP2FfY6qFqNU-RreUMJtKTe7Vpf4qFZCHzW5y0p_D5DXPZHKJ8aMLfBGajs_g5jthIfBUuOtMs_iG0105E9o_j8a5LD07uldLWwySPreyKetkVcVOB4cr1gDKRb4EkgsLyUJInR6fDjiLBgFkaxobqmYLMFQoEG5otZv_RwGy71cM3izCunwP7kWlJPzbrFh3AbHk6_DXal6hTy4ZJcIJ0OEinJ_nRrM3qpt4nbVa0cCvzHDl9LQRFEiQpo0fdCOxr9wQQbPuCSuRfm9oGw_jvtvKRY2D3ZzN9RKsGJ9UpKWjr017D7c1DbO48_6VYvCWWl7XhjW_L1EOWeBV6XCQxGRym9NnYLByoFpyrXCFnI7ML3pgG5-BfvZx_KuWuMGEBlgF0ggCJzT4InOjG9K0I5TpOWmat7R0iXPEVxNuTGbK57XBo0vcl2Rm5jOfJ4xrP3XSb7Efq&abvar=0&os=0
IP 62.122.171.6:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
GET /chicken.gif?z=1841674&pb=c9180889e12429ca9c033b2d56869b581664885593&psp=use4mFIWtx7GumZ5ap9SXyfnYxPu-orWwlkRpt_RGjs7hPNW5f613DHd_ONiWosG-rCyYXzdP4DPVOqUFeH6Z-spR8ijd79HSvQpOzXZ2S9L-AgcPH0F-k2lpw5yMkTxRFJqMDHp1G2KfdM5N4jKjfrf9s3fdp6whBIrQwmPSEtD0LuxZRscEcyttEY0_bFG9I1l4mLBMpZdFkQUZbzUK2V7RS7gRaW0CEVnemA3gPa7aw8XiEix9OE6kAkgr_BFjrYebSEiQ0hlfxqHlTwTxlpU9Mp3WeCssiXrHCDiudYA-SdyZRtiq3w_dpW3Ui660uf5LpXCIAANt8g2Dy1eM3EXMRwKBqLzB04IDX0TdkCkq1aeMPeCuFccjdjg7-sHcYJ_Tn92AEmzOJn-9t7jgq4gS-thYOCj2TivKyAHJLttMBoZLH4CTY1wVq0EEn9K0YBP2FfY6qFqNU-RreUMJtKTe7Vpf4qFZCHzW5y0p_D5DXPZHKJ8aMLfBGajs_g5jthIfBUuOtMs_iG0105E9o_j8a5LD07uldLWwySPreyKetkVcVOB4cr1gDKRb4EkgsLyUJInR6fDjiLBgFkaxobqmYLMFQoEG5otZv_RwGy71cM3izCunwP7kWlJPzbrFh3AbHk6_DXal6hTy4ZJcIJ0OEinJ_nRrM3qpt4nbVa0cCvzHDl9LQRFEiQpo0fdCOxr9wQQbPuCSuRfm9oGw_jvtvKRY2D3ZzN9RKsGJ9UpKWjr017D7c1DbO48_6VYvCWWl7XhjW_L1EOWeBV6XCQxGRym9NnYLByoFpyrXCFnI7ML3pgG5-BfvZx_KuWuMGEBlgF0ggCJzT4InOjG9K0I5TpOWmat7R0iXPEVxNuTGbK57XBo0vcl2Rm5jOfJ4xrP3XSb7Efq&abvar=0&os=0 HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=2210040513393330e3b3bb4db9adac413419
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:13:14 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OAICAP=AC4xCwAAAAAAAAAB; Path=/; Expires=Thu, 03 Nov 2022 10:13:14 GMT; Secure; SameSite=None
OAIBLOCK=AC4xCwAAAABjO73Q; Path=/; Expires=Thu, 03 Nov 2022 10:13:14 GMT; Secure; SameSite=None
OACICAP=ACJMGgAAAAAAAAAB; Path=/; Expires=Thu, 03 Nov 2022 10:13:14 GMT; Secure; SameSite=None
OACIBLOCK=ACJMGgAAAABjO73Q; Path=/; Expires=Thu, 03 Nov 2022 10:13:14 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Wed, 05 Oct 2022 10:13:14 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 129fe858bf2aa7291fd2c6dd4cf9d226
e3e048b964b851ebbdcfb5bd80ebdbad13720cf6
addc7e4ddab73c8c7ee50f6d33fc1e4ff73b71cc014e481049a393c3b87b0924
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 10:13:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 10:13:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/recaptcha__en.js
142.250.74.163200 OK 159 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (711)
Size 159 kB (158844 bytes)
Hash b4ed95d4318e3b78b936c9c0f1ffa96e
b53c9376b1459afb07fb4b5c2e8d8dad776d3a02
3c21880cb7be6bec40f9d40c23ad39c9758999cf950cec07b86c83b21fde175f
GET /recaptcha/releases/a9s0j4pCVT6gaTEkLiFbtZPH/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.wf
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 158844
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 01:05:31 GMT
expires: Sun, 01 Oct 2023 01:05:31 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 26 Sep 2022 04:02:34 GMT
content-type: text/javascript
age: 292063
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 16ebfb2aa621547ecf581e26fc828a7d
f78993331f6f5b8af6409a9ad2fc50b77070f68a
0f81fd1d6be9ccc04b74f0348aafe642c7b9ab7dffb7e8a679b5d67cc2e5fac3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3242
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 10:13:14 GMT
Last-Modified: Tue, 04 Oct 2022 09:19:12 GMT
Server: ECS (ska/F70C)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 0ac04f7c449093fff4f846a7ae56cd4f
50aeb5664545a0dec4173920a274e906bcbcdf6f
18eff2566317aba7b70ee558e8cba42231eb4eae31e903501dc122c751d6993b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 04 Oct 2022 10:13:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
feltlonelyand.xyz/utx?tid=926820&top=dood.wf&cb=ffyqQo3yZ4jB
143.204.55.43204 No Content 0 B URL HTTP/2 feltlonelyand.xyz/utx?tid=926820&top=dood.wf&cb=ffyqQo3yZ4jB
IP 143.204.55.43:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?tid=926820&top=dood.wf&cb=ffyqQo3yZ4jB HTTP/1.1
Host: feltlonelyand.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.wf
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Tue, 04 Oct 2022 10:13:14 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://dood.wf
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Tue, 04 Oct 2022 10:14:14 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: utmQmQGtzhGzJ3geHo7jbxMgA2uzKLEZXjaxCgb6bajy1k8Q6VuTfg==
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.13.69.101101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.13.69.101:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: awTE52rRL1CtvqqOchNVwg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Na+JZXtHGwLD3751GM0DCw0jzO0=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b43ae97deb04dbfffda7174334ce401e
6506d551332969e08cbe3ee3aa2f80e702304253
28fc48516e6f5f39d9350209f5bcfd4f2af5866c30d2c108a8ff1b3404c4a341
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28FC48516E6F5F39D9350209F5BCFD4F2AF5866C30D2C108A8FF1B3404C4A341"
Last-Modified: Sun, 02 Oct 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4615
Expires: Tue, 04 Oct 2022 11:30:09 GMT
Date: Tue, 04 Oct 2022 10:13:14 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 227b8ba491a969bb395ffb89f18c9967
a01b448bdf8efbd05bb8e317152408e6d0354744
1bbd0d90e1db599d6e9e561b291504560d48c7104f92ca5e4de893bb6ea6f72f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 10:13:14 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 03 Oct 2022 00:52:19 GMT
Expires: Mon, 10 Oct 2022 00:52:18 GMT
Etag: "a01b448bdf8efbd05bb8e317152408e6d0354744"
Cache-Control: max-age=484143,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 754d24cdbed3b529-OSL
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.254200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.254:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dood.wf/
Content-Type: text/plain;charset=UTF-8
Origin: https://dood.wf
Content-Length: 1518
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Tue, 04 Oct 2022 10:13:36 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://dood.wf
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
tsapphires.buzz/
107.22.28.167200 OK 0 B IP 107.22.28.167:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: tsapphires.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 382
Origin: https://dood.wf
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
tsapphires.buzz/
107.22.28.167200 OK 0 B IP 107.22.28.167:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: tsapphires.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dood.wf/
Content-Type: text/plain;charset=UTF-8
Origin: https://dood.wf
Content-Length: 353
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
tsapphires.buzz/
107.22.28.167200 OK 0 B IP 107.22.28.167:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: tsapphires.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dood.wf/
Content-Type: text/plain;charset=UTF-8
Origin: https://dood.wf
Content-Length: 348
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12971
Expires: Tue, 04 Oct 2022 13:49:26 GMT
Date: Tue, 04 Oct 2022 10:13:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12971
Expires: Tue, 04 Oct 2022 13:49:26 GMT
Date: Tue, 04 Oct 2022 10:13:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12971
Expires: Tue, 04 Oct 2022 13:49:26 GMT
Date: Tue, 04 Oct 2022 10:13:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ff433c9569a3557d806b1480aeafece9
20bbd46383b85326837f45290ff87df708b3b310
e8e5212b8d90257f23bdb0d1d643b5e7d7528d964056c3a4a269b5e09f409f2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8E5212B8D90257F23BDB0D1D643B5E7D7528D964056C3A4A269B5E09F409F2D"
Last-Modified: Sun, 02 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12971
Expires: Tue, 04 Oct 2022 13:49:26 GMT
Date: Tue, 04 Oct 2022 10:13:15 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d8c08f8066cc732de8befd6ccd629a95
22aab05208a01ae5def4d63dc145085630f57bcb
f8a560a0563518d992d0bd2655d2b5c406435a18e874ca00b51374d2ff901770
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F545190f2-96f3-40f8-bd46-cebe7171aee7.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9917
x-amzn-requestid: 2dff93d9-795d-4885-9b82-610b0d235a82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTGEnIAMF1zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-117afa703663ada75627792c;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: DOS5kVEVqBrCVMKRw07fX-6HDgWVb9lJwkVM2pXs0PQHys6CBJUVfQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:44:20 GMT
age: 44935
etag: "22aab05208a01ae5def4d63dc145085630f57bcb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6779181f9c06975f2a662da743893939
585e7146fd24cdc2496b05baafea04091dc541e2
8e9a9f92fd89b7cdce77884ccd76b83ab82d28f125ebfc1cb0d371d4046b7985
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a61745f-0c9b-404a-ba22-0a69cf2f0383.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4858
x-amzn-requestid: fb21c414-2994-444a-a838-e643fd05b171
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvTEfPoAMFfeQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-593dd8043b0490e7301cac0d;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: SGeDEPoXxsTV5UwkZnn3MJPbjhHhrKSsueHPxVapV_7Icl6daFk3oA==
via: 1.1 773ca14e6bd4bf9244988cb69fc9dca8.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:44:20 GMT
age: 44935
etag: "585e7146fd24cdc2496b05baafea04091dc541e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962fb2a2-ad40-48cf-87a7-de082c564a5e.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962fb2a2-ad40-48cf-87a7-de082c564a5e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f2287c489794dab0e9ba923a2057988f
2b9f6828a38da81b40dcad033572e48b4c5896db
e853fa2acf2425d14cb9746e8bbd45c8765598d2bb630859086b4668182dbf6c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962fb2a2-ad40-48cf-87a7-de082c564a5e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8534
x-amzn-requestid: 8ae51cd3-697b-47ed-8493-8f83e2bc7469
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpHuHlXoAMFucg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5564-165d72034440cf810d42f3bd;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LPt8LUVoKhXjfz-jZHLmnWD15tQgSLRaxl-Bsl0UU83G7wm3jj7_mg==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:44:34 GMT
age: 44921
etag: "2b9f6828a38da81b40dcad033572e48b4c5896db"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg
34.120.237.76200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6c6882c60d7ca6f918c77104e3ad1d52
20ef861be49c652a938e0145e4ca3a60159367e2
861f5870990fbd2939d151ae18384cf311e87067ca9a50818efe0c2d51b83088
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8641c47a-9aff-4f73-bb07-6770cbbcc8d6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5504
x-amzn-requestid: 37405eb0-5c75-46a9-84c0-e8ed726995d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpHvHPvoAMF3mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5564-77fd550b58af612525e74761;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:34:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: O1yNc4H21kixhUEE7099oNqs7a5ZnJBBjlZbsbmLvaXyzXzrK0dL3w==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:44:33 GMT
age: 44922
etag: "20ef861be49c652a938e0145e4ca3a60159367e2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdb412b7-1bf6-4a48-b9f1-b171f540e434.jpeg
34.120.237.76200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdb412b7-1bf6-4a48-b9f1-b171f540e434.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 24a4a122273ef9f772852031eb13114a
c20f1fac9020eb4bd6c84583f73872979639b991
8e1ffbed5f156637ed2f22e81d03f6d85eff0c28237c1639ea5f977e92ee7b70
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdb412b7-1bf6-4a48-b9f1-b171f540e434.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4151
x-amzn-requestid: f709a11e-cbea-4965-8502-94ddbd8768bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZcpvSF3YIAMFdow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633b5661-29bfa31d51e8f60b38136dba;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: iHjSrLdzntzVnJ-qaRf834nLglcKXY1cTgLY5VcCyKtp0lwN2gGnnw==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 03 Oct 2022 21:44:20 GMT
age: 44935
etag: "c20f1fac9020eb4bd6c84583f73872979639b991"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3178d2f-9a52-4d0e-a26b-5a90ef8578f2.jpeg
34.120.237.76200 OK 3.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3178d2f-9a52-4d0e-a26b-5a90ef8578f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 488ec5b4267ccb1cdc4e6e08556f7f3b
42dd7ec0c606dbd3ccc0074f61d3b4b12f2e3c88
d9b05fe92962a58b9a8e8dbd4757969aa361be12018107ae649ffcdb8a0f8d84
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3178d2f-9a52-4d0e-a26b-5a90ef8578f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3430
x-amzn-requestid: 22a0e400-1567-4c9c-aca9-782f3f81a8ef
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZKLCrEn4IAMFZWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6333f210-11fa888c78719c44160accf8;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 07:04:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: czAJIO54qhc57-FC2v3o_6iUysen6MFHxo4KWJL7Uhs3ZBmRalqgMw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 09:44:26 GMT
age: 1729
etag: "42dd7ec0c606dbd3ccc0074f61d3b4b12f2e3c88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 0a25532c4133886e22a425cacca9c027
41a1b476967aed6ac227717098cd8be3209b45b3
f50b860d2b3b4d59df90ad6b36c84639141ca9dd9530a74e07fd79fd9387f52e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 04 Oct 2022 10:13:19 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 03 Oct 2022 06:25:20 GMT
Expires: Mon, 10 Oct 2022 06:25:19 GMT
Etag: "41a1b476967aed6ac227717098cd8be3209b45b3"
Cache-Control: max-age=504119,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 754d24eb5cb7b529-OSL
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash b7c956ddd8299b1cecebabc0b9f2ef14
7b8278b98358389b4bf1d888c1e2d5af172caf07
dc2f38936248ad56666d92eb7a4e58d051f79d7efc8d5ce34c4cca7ff9d81966
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.wf
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:13:19 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://dood.wf
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=9dfc9593d723438ea3852302f7b57e85; expires=Wed, 04 Oct 2023 10:13:19 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
betotodilea.com/500/4857535?excludes=&oaid=9dfc9593d723438ea3852302f7b57e85&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fdood.wf%2Fd%2Fb5ss9hbdk51u&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 betotodilea.com/500/4857535?excludes=&oaid=9dfc9593d723438ea3852302f7b57e85&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fdood.wf%2Fd%2Fb5ss9hbdk51u&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/4857535?excludes=&oaid=9dfc9593d723438ea3852302f7b57e85&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fdood.wf%2Fd%2Fb5ss9hbdk51u&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://dood.wf/
Origin: https://dood.wf
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:13:19 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://dood.wf
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
betotodilea.com/500/4857535?excludes=&oaid=9dfc9593d723438ea3852302f7b57e85&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fdood.wf%2Fd%2Fb5ss9hbdk51u&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 10 kB URL HTTP/2 betotodilea.com/500/4857535?excludes=&oaid=9dfc9593d723438ea3852302f7b57e85&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fdood.wf%2Fd%2Fb5ss9hbdk51u&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash b2bad8c4fc3c532920312f215aeb5ddd
2ecfcb8223489dc706594df1fdfb427191b6041b
b545086ca17e690cf74d6257858f67efc26522937c1bc85acc7598465ca4ed16
GET /500/4857535?excludes=&oaid=9dfc9593d723438ea3852302f7b57e85&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fdood.wf%2Fd%2Fb5ss9hbdk51u&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://dood.wf
Connection: keep-alive
Referer: https://dood.wf/
Cookie: OAID=ebf69555c9ba412cb0b50697409a9cb3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:13:19 GMT
content-type: application/javascript
x-trace-id: 57ee13e5566a575eb79ddeed729fb813
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://dood.wf
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=9dfc9593d723438ea3852302f7b57e85; expires=Wed, 04 Oct 2023 10:13:19 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
tsapphires.buzz/cUZtRncqZFR0QUl0XWRbU2RBZBFEIlx%2EREYkQHREFSRAchYXdUB%2EEUB2QHdDFXZbf0dGJ1skRVNqT35HRCBbIxQSaw92FhVrWXJBSGsPdk9Ba1V1FkNxDnUWRCBZIlVdZB4xVV1kGTUWATYFLwUUNUMkAgs8T2pVQHZDc1VdIAwqBBRqCycbAiNBIBYdNQgb
107.22.28.167200 OK 0 B URL HTTP/2 tsapphires.buzz/cUZtRncqZFR0QUl0XWRbU2RBZBFEIlx%2EREYkQHREFSRAchYXdUB%2EEUB2QHdDFXZbf0dGJ1skRVNqT35HRCBbIxQSaw92FhVrWXJBSGsPdk9Ba1V1FkNxDnUWRCBZIlVdZB4xVV1kGTUWATYFLwUUNUMkAgs8T2pVQHZDc1VdIAwqBBRqCycbAiNBIBYdNQgb
IP 107.22.28.167:0
GET /cUZtRncqZFR0QUl0XWRbU2RBZBFEIlx%2EREYkQHREFSRAchYXdUB%2EEUB2QHdDFXZbf0dGJ1skRVNqT35HRCBbIxQSaw92FhVrWXJBSGsPdk9Ba1V1FkNxDnUWRCBZIlVdZB4xVV1kGTUWATYFLwUUNUMkAgs8T2pVQHZDc1VdIAwqBBRqCycbAiNBIBYdNQgb HTTP/1.1
Host: tsapphires.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
set-cookie: 3ce52f7cbd39d0ea2d3666d891061827=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
cache-control: public, max-age=86400
etag: W/"8445-WkuYr7rcTAPVpSgxBvAMtxwDnIo"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
i.doodcdn.co/theme_2/css/bootstrap.min.css
172.67.70.190200 OK 0 B URL HTTP/2 i.doodcdn.co/theme_2/css/bootstrap.min.css
IP 172.67.70.190:0
GET /theme_2/css/bootstrap.min.css HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 10:13:13 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
vary: Accept-Encoding,User-Agent
cache-control: public, max-age=2592000
expires: Wed, 04 Oct 2023 08:10:17 GMT
access-control-allow-origin: *
cf-cache-status: HIT
age: 3253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YdeAGSMrvTt36dPsJxNUFAyLIHS3om6b4f%2B7KvHI%2Fv9j7ZYGTZOR6foksr9dlXCbS9h7UxrLgZd1Knxv9FkvzwCxSLhvG0jXt6dekERXnAf0QyMhVDUdNhYODJ1MXw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754d24c84aafb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.doodcdn.co/theme_2/css/style.css?v=0.1
172.67.70.190200 OK 0 B URL HTTP/2 i.doodcdn.co/theme_2/css/style.css?v=0.1
IP 172.67.70.190:0
GET /theme_2/css/style.css?v=0.1 HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 10:13:13 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=249272
expires: Tue, 03 Oct 2023 08:48:07 GMT
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: HIT
age: 63817
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G965pKRz5YcSsIHLNTvec%2BQZIUuhejbuTPxTpySYU%2B%2F5o4%2FQ%2B%2FUG7ikjhoqfn7eGspSEKeY7YE8GaNOTvbl%2FrRAud9sTXa3yn4wTRmBCiA5NWZeNrUCRYQPuP9yOyw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 754d24c83aa3b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
104.21.84.149200 OK 0 B IP 104.21.84.149:0
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 04 Oct 2022 10:13:14 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 1267
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HhkUAW82Q8gnXRtnRwD1rWxnwKGlrxKynFNbSmiA3pp76vTa98MLy3yYiiHHfic1SR7A4fe4l6A7O1V%2BfuO3MzXOeRyRc4TdAtHm%2Fy%2B%2FBj2HnfR4pq2iaXNRoSyh%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 754d24cb79bf0b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap
IP 142.250.74.10:0
GET /css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 04 Oct 2022 10:13:13 GMT
date: Tue, 04 Oct 2022 10:13:13 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
alas4kanmfa6a4mubte.com/get/1841674?zoneid=1841674&jp=_clzrhnzpwdbu6klkdzk9ka&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=7145983888154811
62.122.171.6200 OK 0 B URL HTTP/2 alas4kanmfa6a4mubte.com/get/1841674?zoneid=1841674&jp=_clzrhnzpwdbu6klkdzk9ka&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=7145983888154811
IP 62.122.171.6:0
GET /get/1841674?zoneid=1841674&jp=_clzrhnzpwdbu6klkdzk9ka&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=7145983888154811 HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:13:13 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=221004051367f2e80a77ad47078d2e70d0c9; Path=/; Expires=Wed, 04 Oct 2023 10:13:13 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
betotodilea.com/400/4857535
139.45.197.237200 OK 0 B URL HTTP/2 betotodilea.com/400/4857535
IP 139.45.197.237:0
GET /400/4857535 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:13:13 GMT
content-type: application/javascript
x-trace-id: c4734f19d843b9f7c97ab9c0af81ec17
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=ebf69555c9ba412cb0b50697409a9cb3; expires=Wed, 04 Oct 2023 10:13:13 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
alas4kanmfa6a4mubte.com/lv/esnk/1841674/code.js
62.122.171.6200 OK 0 B URL HTTP/2 alas4kanmfa6a4mubte.com/lv/esnk/1841674/code.js
IP 62.122.171.6:0
GET /lv/esnk/1841674/code.js HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 04 Oct 2022 10:13:13 GMT
content-type: application/javascript
last-modified: Tue, 27 Sep 2022 14:00:58 GMT
vary: Accept-Encoding
etag: W/"6333021a-1e318"
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
pringed.space/WVo1MDMieEZHbCwoWRIJezJBREMqYBofVzY1UR5EP3VGRx0zKRccESo3UxIJaHYXQ14veA8SB3dqFxwRLTtSb1o9eA8SCmtsDQIDe3YXQ0Y7BVxUAXtgF1YGPWsMAwQ7dwcDVzt3AVFVancMVgJpdwQEV2lsDAAEOGxXAhEk
107.22.28.167200 OK 0 B URL HTTP/2 pringed.space/WVo1MDMieEZHbCwoWRIJezJBREMqYBofVzY1UR5EP3VGRx0zKRccESo3UxIJaHYXQ14veA8SB3dqFxwRLTtSb1o9eA8SCmtsDQIDe3YXQ0Y7BVxUAXtgF1YGPWsMAwQ7dwcDVzt3AVFVancMVgJpdwQEV2lsDAAEOGxXAhEk
IP 107.22.28.167:0
Analyzer Verdict Alert fortinet Malware
GET /WVo1MDMieEZHbCwoWRIJezJBREMqYBofVzY1UR5EP3VGRx0zKRccESo3UxIJaHYXQ14veA8SB3dqFxwRLTtSb1o9eA8SCmtsDQIDe3YXQ0Y7BVxUAXtgF1YGPWsMAwQ7dwcDVzt3AVFVancMVgJpdwQEV2lsDAAEOGxXAhEk HTTP/1.1
Host: pringed.space
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
set-cookie: e9e044dd99d426c4c90eba8d832194d0=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
etag: W/"e0f5-DHhbuukoTU7CvB/Kwl0QOzVQPic"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2