Report - 7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com/5RJebh88426XDMK843mrvbzoemif4954WVPEVTBIREEPXSG12405EBOM36237x14

Report Overview

Visited public
2025-06-22 21:22:37
Tags
Submit Tags
URL
7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com/5RJebh88426XDMK843mrvbzoemif4954WVPEVTBIREEPXSG12405EBOM36237x14
Finishing URL
www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
IP / ASN
159.65.226.43
#14061 DIGITALOCEAN-ASN
Title
We are sorry to see you go

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
api.optoutsystem.com	97848	2009-03-06	2018-11-08	2025-06-19	2.4 kB	2.2 kB	44.238.219.221
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-06-18	560 B	49 kB	142.250.74.35
7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com	unknown	2022-08-18	2025-06-22	2025-06-22	3.4 kB	1.7 kB	159.65.226.43
www.tabdocklight.com	unknown	2025-05-22	2025-06-03	2025-06-16	4.4 kB	1.2 MB	172.67.220.253
pagead2.googlesyndication.com	101	2003-01-21	2012-05-21	2025-06-19	3.2 kB	5.5 kB	142.250.178.34
sentry.io	2743	2012-04-07	2016-08-31	2025-06-19	630 B	556 B	35.186.247.156
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-06-18	472 B	3.2 kB	142.250.74.10

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-06-22 21:22:15	high	159.65.226.43	Client IP	ETPRO EXPLOIT_KIT FoxTDS Initial Check

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-06-22	medium	tabdocklight.com	Sinkholed
2025-06-22	medium	tabdocklight.com	Sinkholed
2025-06-22	medium	tabdocklight.com	Sinkholed
2025-06-22	medium	tabdocklight.com	Sinkholed
2025-06-22	medium	tabdocklight.com	Sinkholed
2025-06-22	medium	tabdocklight.com	Sinkholed
2025-06-22	medium	tabdocklight.com	Sinkholed
2025-06-22	medium	tabdocklight.com	Sinkholed
2025-06-22	medium	tabdocklight.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	www.tabdocklight.com/assets/index-ZUnOmLfp.js	ScriptElement	25 kB	2025-06-17	2025-06-22
Pretty URL www.tabdocklight.com/assets/index-ZUnOmLfp.js IP 172.67.220.253 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-17 08:24 Last Seen2025-06-22 21:22 Times Seen23 Hash 02bc35e013e1e11f874d0a2a71544ae1 5b73b7f7e44d904b36c13bb2a73d326b25288b46 5c1f0aee9d5d1ca575431af8095daac60df400bb21dca2c3d470e974340563e8 Loading...

	www.tabdocklight.com/assets/clsx-RUMLefpv.js	ImportedModule	119 kB	2025-06-17	2025-06-22
Pretty URL www.tabdocklight.com/assets/clsx-RUMLefpv.js IP 172.67.220.253 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2025-06-17 08:24 Last Seen2025-06-22 21:22 Times Seen24 Hash 33d86584b615c263eadbfc48a827f92b b7b9065d7740d83d6e7ba12d012270df8f003274 ab6b729402e0edb220e8e4c4dd859f46d450beb8e914d6b229d303921ed779c4 Loading...

	7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com/5RJebh88426XDMK843mrvbzoemif4954WVPEVTBIREEPXSG12405EBOM36237x14	ScriptElement	400 B	2025-03-03	2025-07-09
Pretty URL 7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com/5RJebh88426XDMK843mrvbzoemif4954WVPEVTBIREEPXSG12405EBOM36237x14 IP 159.65.226.43 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-03 06:02 Last Seen2025-07-09 03:54 Times Seen434 Hash f347cfca7cf29117b42a43951045269e ff490b78e3712762bade64a2b25ee038165cff65 18396e46ad65b630911ed42e114895cc4d5e02e7f0461f27bf074b2e91c0ccfe Loading...

	7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com/t/5RJebh88426XDMK843mrvbzoemif4954WVPEVTBIREEPXSG12405EBOM36237x14	ScriptElement	244 B	2025-06-22	2025-06-25
Pretty URL 7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com/t/5RJebh88426XDMK843mrvbzoemif4954WVPEVTBIREEPXSG12405EBOM36237x14 IP 159.65.226.43 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML true Observations First Seen2025-06-22 21:22 Last Seen2025-06-25 21:26 Times Seen2 Hash ea0293899d6eea2596b91a4ace5a1e8a 0006957373c8abd40af7e35d9e54ab59ec9381fc 5386e6fff4da51e0accd101f45569d8ca8a5cccae56cc87b231c91eadaaa7c87 Loading...

	www.tabdocklight.com/assets/index-oRsW6Llc.js	ScriptElement	837 kB	2025-06-17	2025-06-22
Pretty URL www.tabdocklight.com/assets/index-oRsW6Llc.js IP 172.67.220.253 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-17 08:24 Last Seen2025-06-22 21:22 Times Seen24 Hash 7475a5a392b9d84e4f74bb1887a678fa 60b0ac9a3124a5c5395d9d480a9a0ac99f599664 d7067ba682863b784ed2ccbe9aa4a4ca089219ca414b271f0be45bd5e7c59fd5 Loading...

HTTP Transactions (29)

URL IP Response Size

GET fonts.googleapis.com/css2?family=Inter:wght@100..900&display=swap

142.250.74.10

200 OK

2.6 kB

URL GET
fonts.googleapis.com/css2?family=Inter:wght@100..900&display=swap
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint58:09:05:96:27:31:E2:3D:AB:89:AD:1C:2E:C3:03:82:B0:27:3D:86
ValidityMon, 02 Jun 2025 08:36:37 GMT - Mon, 25 Aug 2025 08:36:36 GMT

File type
ASCII text
Size
2.6 kB (2555 bytes)
Hash
3e401c727fb8698993b14abc4a8f7d27
887e94af9a5ca6553b0b7cd1e057723fea941c2a
8ca878e47877bd4d06f591946ceec0f1b0d74486cb098e64416cfe4700e07ea5

HTTP Headers

GET /css2?family=Inter:wght@100..900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.tabdocklight.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 22 Jun 2025 21:22:18 GMT
date: Sun, 22 Jun 2025 21:22:18 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

OPTIONS api.optoutsystem.com/optout/optout-key/page/248000

44.238.219.221

204 No Content

0 B

URL OPTIONS
api.optoutsystem.com/optout/optout-key/page/248000
IP
44.238.219.221:443
ASN
#16509 AMAZON-02

Requested by
https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Certificate
IssuerAmazon
Subject*.optoutsystem.com
Fingerprint4B:45:77:B2:11:BA:4C:E0:08:12:CE:D1:38:2C:65:F2:BF:51:FC:1F
ValidityMon, 31 Mar 2025 00:00:00 GMT - Wed, 29 Apr 2026 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /optout/optout-key/page/248000 HTTP/1.1
Host: api.optoutsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Referer: https://www.tabdocklight.com/
Origin: https://www.tabdocklight.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Sun, 22 Jun 2025 21:22:19 GMT
vary: Origin
access-control-allow-origin: https://www.tabdocklight.com
access-control-allow-credentials: true
access-control-max-age: 86400
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: authorization
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/inter/v19/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2

142.250.74.35

200 OK

48 kB

URL GET
fonts.gstatic.com/s/inter/v19/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint6C:DD:E7:B7:B0:02:A6:B7:4F:2D:EB:A1:11:A3:4B:1C:31:F9:07:F7
ValidityMon, 02 Jun 2025 08:36:37 GMT - Mon, 25 Aug 2025 08:36:36 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48532, version 1.0
Size
48 kB (48532 bytes)
Hash
225835e6e0496c54dc2aca9f3d533892
942ef5298bbe74bfe44e445def5f2bfc94027fa8
acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087

HTTP Headers

GET /s/inter/v19/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.tabdocklight.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48532
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 19 Jun 2025 10:50:44 GMT
expires: Fri, 19 Jun 2026 10:50:44 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 28 May 2025 18:51:44 GMT
content-type: font/woff2
age: 297096
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET 7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com/5RJebh88426XDMK843mrvbzoemif4954WVPEVTBIREEPXSG12405EBOM36237x14

159.65.226.43

200 OK

458 B

URL User Request GET
7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com/5RJebh88426XDMK843mrvbzoemif4954WVPEVTBIREEPXSG12405EBOM36237x14
IP
159.65.226.43:80
ASN
#14061 DIGITALOCEAN-ASN

File type
JavaScript source, ASCII text, with very long lines (398)
Size
458 B (458 bytes)
Hash
0a3e69b8b37a6df0acd7e7f5d9d3b854
680de96cfe2aff1b030bfbd4a7cfa2529993ea61
0f3a07f36d6bddee418f7d7548bc165b09817e10764a359d2773388cdec9ff8a

Detections

NIDS	Severity	Alert
suricata	high	ETPRO EXPLOIT_KIT FoxTDS Initial Check

HTTP Headers

GET /5RJebh88426XDMK843mrvbzoemif4954WVPEVTBIREEPXSG12405EBOM36237x14 HTTP/1.1
Host: 7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-Address: gin_throttle_mw_7200000000_91.90.42.154
X-Ratelimit-Limit: 500
X-Ratelimit-Remaining: 499
X-Ratelimit-Reset: 1750630935
Date: Sun, 22 Jun 2025 21:22:15 GMT
Content-Length: 458

GET www.tabdocklight.com/assets/index-rXJICDJD.css

172.67.220.253

200 OK

1.3 kB

URL GET
www.tabdocklight.com/assets/index-rXJICDJD.css
IP
172.67.220.253:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Certificate
IssuerGoogle Trust Services
Subjecttabdocklight.com
Fingerprint63:A5:F4:81:9F:E5:B0:33:9F:99:66:3B:51:A1:17:66:33:5B:46:5B
ValidityThu, 22 May 2025 13:44:14 GMT - Wed, 20 Aug 2025 14:42:58 GMT

File type
ASCII text, with very long lines (1325)
Size
1.3 kB (1326 bytes)
Hash
4432855f50071f8b18ed60721e0f51de
92a4d6637402233afc5d8cdc081a79e881559ff0
c0164dd1715c654a661c2f34ac9fc3ee07cabdd8c58e21cbc868e93f7f460909

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/index-rXJICDJD.css HTTP/1.1
Host: www.tabdocklight.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 22 Jun 2025 21:22:18 GMT
content-type: text/css
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JTg17hpL064i%2FGaqZRf8%2FJsAzL2kO56tvu8mF2RWc5ubkx6O2nrUQftxfaL00bjnKofhV1PENlbbDCppnIgEu0R6%2FgnQlWek5jjRnxOxTt3qx6rmd4HqtjZ%2F6WCOJDtSM2Il6JwrcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 953ecce0bbb2568a-OSL
cf-cache-status: HIT
age: 335
cache-control: public, max-age=14400
etag: W/"0x8DD98F560136A9C"
last-modified: Thu, 22 May 2025 05:56:20 GMT
domain-integrity-check: true
x-azure-ref: 20250522T185556Z-17699cffc96twhskhC1STO4ynn00000001yg00000000kmm0
x-cache: TCP_HIT
x-cache-info: L1_T2
x-fd-int-roxy-purgeid: 83698580
x-ms-request-id: 4f044d54-601e-0028-2ede-ca477a000000
x-ms-version: 2018-03-28
x-spoke-cache: true
x-spoke-cache-at: Sun Jun 22 2025 21:16:42 GMT+0000 (Coordinated Universal Time)
content-encoding: br
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3631&min_rtt=595&rtt_var=3031&sent=85&recv=116&lost=0&retrans=0&sent_bytes=7734&recv_bytes=7110&delivery_rate=413241&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=15507&unsent_bytes=0&cid=3cbc204106380b1c&ts=252&inflight_dur=32&x=44"

GET www.tabdocklight.com/assets/index-oRsW6Llc.js

172.67.220.253

200 OK

837 kB

URL GET
www.tabdocklight.com/assets/index-oRsW6Llc.js
IP
172.67.220.253:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Certificate
IssuerGoogle Trust Services
Subjecttabdocklight.com
Fingerprint63:A5:F4:81:9F:E5:B0:33:9F:99:66:3B:51:A1:17:66:33:5B:46:5B
ValidityThu, 22 May 2025 13:44:14 GMT - Wed, 20 Aug 2025 14:42:58 GMT

File type
JavaScript source, ASCII text, with very long lines (17580)
Size
837 kB (837446 bytes)
Hash
7475a5a392b9d84e4f74bb1887a678fa
60b0ac9a3124a5c5395d9d480a9a0ac99f599664
d7067ba682863b784ed2ccbe9aa4a4ca089219ca414b271f0be45bd5e7c59fd5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/index-oRsW6Llc.js HTTP/1.1
Host: www.tabdocklight.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 22 Jun 2025 21:22:18 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q3TWt3isMo25iRQHqR39uxPhr%2B1pN0cwqN%2Ftz0OZt%2FDTtLVZYOtUbt25XxN4UVMGXj2lL1lWFBVZUEyLTDlvKzgUeiVm95QnNm7IpnDJrewSWLMRWMxWyZn7hVfeBRkJTVk0xrlgDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 953ecce0bbb1568a-OSL
cf-cache-status: HIT
age: 335
cache-control: public, max-age=14400
etag: W/"0x8DDAD5EA96A836A"
last-modified: Tue, 17 Jun 2025 05:20:23 GMT
domain-integrity-check: true
x-azure-ref: 20250617T053329Z-17cd6bcf67526jbnhC1SVGkw3w0000000grg000000000kag
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 83698596
x-ms-request-id: 4c470a64-401e-003f-7547-dfee71000000
x-ms-version: 2018-03-28
x-spoke-cache: true
x-spoke-cache-at: Sun Jun 22 2025 21:16:42 GMT+0000 (Coordinated Universal Time)
content-encoding: br
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3631&min_rtt=595&rtt_var=3031&sent=85&recv=116&lost=0&retrans=0&sent_bytes=7734&recv_bytes=7110&delivery_rate=413241&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=15507&unsent_bytes=0&cid=3cbc204106380b1c&ts=253&inflight_dur=32&x=44"

HEAD pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?=1750627339687

142.250.178.34

200 OK

0 B

URL HEAD
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?=1750627339687
IP
142.250.178.34:443
ASN
#15169 GOOGLE

Requested by
https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Certificate
IssuerGoogle Trust Services
Subject*.g.doubleclick.net
Fingerprint84:E0:95:A7:B0:AD:C7:14:6D:3A:8F:52:B9:8A:24:71:29:A9:E4:CC
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /pagead/js/adsbygoogle.js?=1750627339687 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.tabdocklight.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Sun, 22 Jun 2025 21:22:19 GMT
expires: Sun, 22 Jun 2025 21:22:19 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 9062352025913772599
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 53333
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET 7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com/5RJebh88426XDMK843mrvbzoemif4954WVPEVTBIREEPXSG12405EBOM36237x14

0.0.0.0

0 B

URL User Request GET
7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com/5RJebh88426XDMK843mrvbzoemif4954WVPEVTBIREEPXSG12405EBOM36237x14
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ETPRO EXPLOIT_KIT FoxTDS Initial Check

HTTP Headers

GET /5RJebh88426XDMK843mrvbzoemif4954WVPEVTBIREEPXSG12405EBOM36237x14 HTTP/1.1
Host: 7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET 7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com/t/5RJebh88426XDMK843mrvbzoemif4954WVPEVTBIREEPXSG12405EBOM36237x14

159.65.226.43

200 OK

270 B

URL User Request GET
7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com/t/5RJebh88426XDMK843mrvbzoemif4954WVPEVTBIREEPXSG12405EBOM36237x14
IP
159.65.226.43:80
ASN
#14061 DIGITALOCEAN-ASN

File type
JavaScript source, ASCII text
Size
270 B (270 bytes)
Hash
90350db5c9ae7171d42792f7283c59b5
d792663efbe40a994b4de42d2cd5a8392fc712f5
13635f617bd70cc97d708da9369cc8bde1612856daa0eae154a4bf7345cfdc98

HTTP Headers

GET /t/5RJebh88426XDMK843mrvbzoemif4954WVPEVTBIREEPXSG12405EBOM36237x14 HTTP/1.1
Host: 7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com/5RJebh88426XDMK843mrvbzoemif4954WVPEVTBIREEPXSG12405EBOM36237x14
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-Address: gin_throttle_mw_7200000000_91.90.42.154
X-Ratelimit-Limit: 500
X-Ratelimit-Remaining: 497
X-Ratelimit-Reset: 1750630935
Date: Sun, 22 Jun 2025 21:22:16 GMT
Content-Length: 270

GET www.tabdocklight.com/favicon.svg

172.67.220.253

200 OK

552 B

URL GET
www.tabdocklight.com/favicon.svg
IP
172.67.220.253:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Certificate
IssuerGoogle Trust Services
Subjecttabdocklight.com
Fingerprint63:A5:F4:81:9F:E5:B0:33:9F:99:66:3B:51:A1:17:66:33:5B:46:5B
ValidityThu, 22 May 2025 13:44:14 GMT - Wed, 20 Aug 2025 14:42:58 GMT

File type
SVG Scalable Vector Graphics image
Size
552 B (552 bytes)
Hash
31b80ed5eec1550e0edf662f65482c48
70646d79d67a64d3bf556994f8acb8ea4f6d188a
091bb10503146884448a8af965872f9d26c2f72cdbcec9153dcef0f57a13e400

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.svg HTTP/1.1
Host: www.tabdocklight.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 22 Jun 2025 21:22:19 GMT
content-type: image/svg+xml
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I5suG%2B3GtVnaKHZIKtYOvRWkWqCDYWjNcDeRUYRqAEskir%2BbFAxl%2FMIpaIlUIgx%2Fsup7fNnGuXsNy7v9YKoLPFWdd8jqsUParLHjtdg2BhjzTsWsf0BoCF1TuTLvElHFLqjE7laLGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 953ecce5dc31568a-OSL
cf-cache-status: HIT
age: 578
cache-control: public, max-age=14400
etag: W/"0x8DDA614C61785E1"
last-modified: Sat, 07 Jun 2025 22:43:50 GMT
domain-integrity-check: true
x-azure-ref: 20250609T020644Z-r1f7f6d9747xz6qzhC1STOaxbg0000000hm00000000041rm
x-cache: TCP_HIT
x-fd-int-roxy-purgeid: 83698588
x-ms-request-id: 346481e5-c01e-008e-10fe-d7551f000000
x-ms-version: 2018-03-28
x-spoke-cache: true
x-spoke-cache-at: Sun Jun 22 2025 21:12:41 GMT+0000 (Coordinated Universal Time)
content-encoding: br
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1612&min_rtt=0&rtt_var=930&sent=312&recv=129&lost=0&retrans=0&sent_bytes=272040&recv_bytes=8001&delivery_rate=18275487&ss_exit_cwnd=27932&ss_exit_reason=2&cwnd=21640&unsent_bytes=0&cid=3cbc204106380b1c&ts=1049&inflight_dur=79&x=44"

HEAD pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?=1750627339690

142.250.178.34

200 OK

0 B

URL HEAD
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?=1750627339690
IP
142.250.178.34:443
ASN
#15169 GOOGLE

Requested by
https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Certificate
IssuerGoogle Trust Services
Subject*.g.doubleclick.net
Fingerprint84:E0:95:A7:B0:AD:C7:14:6D:3A:8F:52:B9:8A:24:71:29:A9:E4:CC
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /pagead/js/adsbygoogle.js?=1750627339690 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.tabdocklight.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Sun, 22 Jun 2025 21:22:19 GMT
expires: Sun, 22 Jun 2025 21:22:19 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 13227928685311892307
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 53329
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25

172.67.220.253

200 OK

1.1 kB

URL User Request GET
www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
IP
172.67.220.253:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjecttabdocklight.com
Fingerprint63:A5:F4:81:9F:E5:B0:33:9F:99:66:3B:51:A1:17:66:33:5B:46:5B
ValidityThu, 22 May 2025 13:44:14 GMT - Wed, 20 Aug 2025 14:42:58 GMT

File type
HTML document, ASCII text
Size
1.1 kB (1090 bytes)
Hash
29fbede481694a713196a9dd5a00bc58
a812124109c08b1a40f20451dd5af65b94ce599b
fb0420cf29c4e9f89ce1cee958ee74c205a7ff8e1c3acb253ce0a666a8c2afc6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25 HTTP/1.1
Host: www.tabdocklight.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 22 Jun 2025 21:22:18 GMT
content-type: text/html
content-encoding: br
cf-ray: 953eccde8ea9b512-OSL
cf-cache-status: DYNAMIC
cache-control: public, max-age=3600
last-modified: Tue, 17 Jun 2025 05:20:23 GMT
domain-integrity-check: true
x-azure-ref: 20250622T212218Z-1575cfbf57fd8tp5hC1STOs33c0000000660000000004hp4
x-cache: TCP_HIT
x-cache-info: L1_T2
x-fd-int-roxy-purgeid: 83698596
x-ms-request-id: efe0627c-c01e-0098-50b1-e306b3000000
x-ms-version: 2018-03-28
x-spoke-cache: true
x-spoke-cache-at: Sun Jun 22 2025 21:22:18 GMT+0000 (Coordinated Universal Time)
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=om9PVzR4qqXe1HRxSigwzVTYaDDy%2FiI538pRHBEKPVyrTIwDOFNQyYroCxNnQvYpQeFuLYG80LTXBRBpJGqz14ZLfNZA%2FadsAfh3fOpttGRtRkc%2FIzQdYvdO9xY3h%2BH%2Bokz5DaAeEg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6677&min_rtt=645&rtt_var=12013&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3214&recv_bytes=1200&delivery_rate=4636072&cwnd=254&unsent_bytes=0&cid=ceb2c9a13e24d54a&ts=157&x=0"
X-Firefox-Spdy: h2

GET www.tabdocklight.com/assets/index-ZUnOmLfp.js

172.67.220.253

200 OK

25 kB

URL GET
www.tabdocklight.com/assets/index-ZUnOmLfp.js
IP
172.67.220.253:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Certificate
IssuerGoogle Trust Services
Subjecttabdocklight.com
Fingerprint63:A5:F4:81:9F:E5:B0:33:9F:99:66:3B:51:A1:17:66:33:5B:46:5B
ValidityThu, 22 May 2025 13:44:14 GMT - Wed, 20 Aug 2025 14:42:58 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (25265)
Size
25 kB (25274 bytes)
Hash
02bc35e013e1e11f874d0a2a71544ae1
5b73b7f7e44d904b36c13bb2a73d326b25288b46
5c1f0aee9d5d1ca575431af8095daac60df400bb21dca2c3d470e974340563e8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/index-ZUnOmLfp.js HTTP/1.1
Host: www.tabdocklight.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.tabdocklight.com/assets/index-oRsW6Llc.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 22 Jun 2025 21:22:20 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Y2kNfZjv2S7i6j13vAy%2FthoBuXvQ7YG%2FHqmH6SItLWCsnN5ospHxVIP%2BddYW8uj0g%2F9Y1pKyS%2FgKWwyletNgZjsbPqWeVJG1UsQK7hnpRB1M7fQbVOYVQqqo2%2FUkhc2CSB9xc84tA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 953eccebbc79568a-OSL
cf-cache-status: HIT
age: 331
cache-control: public, max-age=14400
etag: W/"0x8DDAD5EA95FFD93"
last-modified: Tue, 17 Jun 2025 05:20:23 GMT
domain-integrity-check: true
x-azure-ref: 20250617T053335Z-17cd6bcf675gdq5dhC1SVGdues0000000hs000000000324m
x-cache: TCP_HIT
x-cache-info: L1_T2
x-fd-int-roxy-purgeid: 83698596
x-ms-request-id: a5500d31-701e-00b7-5447-df92f7000000
x-ms-version: 2018-03-28
x-spoke-cache: true
x-spoke-cache-at: Sun Jun 22 2025 21:16:48 GMT+0000 (Coordinated Universal Time)
content-encoding: br
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1325&min_rtt=0&rtt_var=594&sent=364&recv=138&lost=0&retrans=0&sent_bytes=322637&recv_bytes=9448&delivery_rate=18275487&ss_exit_cwnd=27932&ss_exit_reason=2&cwnd=21640&unsent_bytes=0&cid=3cbc204106380b1c&ts=1990&inflight_dur=90&x=44"

POST api.optoutsystem.com/optout/optout-key/decrypt

44.238.219.221

200 OK

528 B

URL POST
api.optoutsystem.com/optout/optout-key/decrypt
IP
44.238.219.221:443
ASN
#16509 AMAZON-02

Requested by
https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Certificate
IssuerAmazon
Subject*.optoutsystem.com
Fingerprint4B:45:77:B2:11:BA:4C:E0:08:12:CE:D1:38:2C:65:F2:BF:51:FC:1F
ValidityMon, 31 Mar 2025 00:00:00 GMT - Wed, 29 Apr 2026 23:59:59 GMT

File type
JSON text data
Size
528 B (528 bytes)
Hash
86c4cf4f5005aae94ccb4c29d946a59c
2940701bfbc52d64bb931ca6c18acff3673ae93e
3fe7a5294c885f81b453489132c158488c0113a3395e21d1f045ced788f34711

HTTP Headers

POST /optout/optout-key/decrypt HTTP/1.1
Host: api.optoutsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 91
Origin: https://www.tabdocklight.com
DNT: 1
Connection: keep-alive
Referer: https://www.tabdocklight.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 22 Jun 2025 21:22:19 GMT
content-type: application/json; charset=utf-8
content-length: 528
vary: Origin
access-control-allow-origin: https://www.tabdocklight.com
access-control-allow-credentials: true
x-ratelimit-remaining: 1499
x-ratelimit-reset: 1750627399
x-ratelimit-limit: 1500
cache-control: no-cache
pragma: no-cache
expires: -1
X-Firefox-Spdy: h2

GET api.optoutsystem.com/optout/optout-key/page/248000

44.238.219.221

200 OK

172 B

URL GET
api.optoutsystem.com/optout/optout-key/page/248000
IP
44.238.219.221:443
ASN
#16509 AMAZON-02

Requested by
https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Certificate
IssuerAmazon
Subject*.optoutsystem.com
Fingerprint4B:45:77:B2:11:BA:4C:E0:08:12:CE:D1:38:2C:65:F2:BF:51:FC:1F
ValidityMon, 31 Mar 2025 00:00:00 GMT - Wed, 29 Apr 2026 23:59:59 GMT

File type
JSON text data
Size
172 B (172 bytes)
Hash
f138aa519c0af778da470765aea3514e
3192ff5f13ccf822a1a4ed5f33d3ac695e26e318
dd6d49a44dc3392bc0c6b2e93705c201ed8c700962257cd7fb2b516cc0d76e09

HTTP Headers

GET /optout/optout-key/page/248000 HTTP/1.1
Host: api.optoutsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0eXBlIjoib3B0b3V0IiwiY2FtcGFpZ25faWQiOjI0ODAwMCwibWFpbGVyX2lkIjoxNDgwNDksImNtYV9pZCI6NzI3MzkyMjIsImlhdCI6MTc1MDYyNzMzOSwiZXhwIjoxNzUyNDQxNzM5fQ.LptEKR6cEDa8wpeXpnUmRAUkFQOd08MQvGnzkIa4DdQ
Origin: https://www.tabdocklight.com
DNT: 1
Connection: keep-alive
Referer: https://www.tabdocklight.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 22 Jun 2025 21:22:19 GMT
content-type: application/json; charset=utf-8
content-length: 172
vary: Origin
access-control-allow-origin: https://www.tabdocklight.com
access-control-allow-credentials: true
x-ratelimit-remaining: 1498
x-ratelimit-reset: 1750627399
x-ratelimit-limit: 1500
cache-control: no-cache
pragma: no-cache
expires: -1
X-Firefox-Spdy: h2

HEAD pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?=1750627338755

142.250.178.34

200 OK

0 B

URL HEAD
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?=1750627338755
IP
142.250.178.34:443
ASN
#15169 GOOGLE

Requested by
https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Certificate
IssuerGoogle Trust Services
Subject*.g.doubleclick.net
Fingerprint84:E0:95:A7:B0:AD:C7:14:6D:3A:8F:52:B9:8A:24:71:29:A9:E4:CC
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /pagead/js/adsbygoogle.js?=1750627338755 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.tabdocklight.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Sun, 22 Jun 2025 21:22:18 GMT
expires: Sun, 22 Jun 2025 21:22:18 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 15932625807523720608
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 53329
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

OPTIONS api.optoutsystem.com/optout/optout-key/decrypt

44.238.219.221

204 No Content

0 B

URL OPTIONS
api.optoutsystem.com/optout/optout-key/decrypt
IP
44.238.219.221:443
ASN
#16509 AMAZON-02

Requested by
https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Certificate
IssuerAmazon
Subject*.optoutsystem.com
Fingerprint4B:45:77:B2:11:BA:4C:E0:08:12:CE:D1:38:2C:65:F2:BF:51:FC:1F
ValidityMon, 31 Mar 2025 00:00:00 GMT - Wed, 29 Apr 2026 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /optout/optout-key/decrypt HTTP/1.1
Host: api.optoutsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.tabdocklight.com/
Origin: https://www.tabdocklight.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Sun, 22 Jun 2025 21:22:19 GMT
vary: Origin
access-control-allow-origin: https://www.tabdocklight.com
access-control-allow-credentials: true
access-control-max-age: 86400
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE,PATCH
access-control-allow-headers: content-type
X-Firefox-Spdy: h2

HEAD pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?=1750627338763

142.250.178.34

200 OK

0 B

URL HEAD
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?=1750627338763
IP
142.250.178.34:443
ASN
#15169 GOOGLE

Requested by
https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Certificate
IssuerGoogle Trust Services
Subject*.g.doubleclick.net
Fingerprint84:E0:95:A7:B0:AD:C7:14:6D:3A:8F:52:B9:8A:24:71:29:A9:E4:CC
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /pagead/js/adsbygoogle.js?=1750627338763 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.tabdocklight.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Sun, 22 Jun 2025 21:22:18 GMT
expires: Sun, 22 Jun 2025 21:22:18 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 5797645835856487483
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 53335
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

HEAD pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?=1750627338799

142.250.178.34

200 OK

0 B

URL HEAD
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?=1750627338799
IP
142.250.178.34:443
ASN
#15169 GOOGLE

Requested by
https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Certificate
IssuerGoogle Trust Services
Subject*.g.doubleclick.net
Fingerprint84:E0:95:A7:B0:AD:C7:14:6D:3A:8F:52:B9:8A:24:71:29:A9:E4:CC
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /pagead/js/adsbygoogle.js?=1750627338799 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.tabdocklight.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Sun, 22 Jun 2025 21:22:18 GMT
expires: Sun, 22 Jun 2025 21:22:18 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 15900964183811166599
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 53246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.tabdocklight.com/assets/index-ZK6TGWZV.css

172.67.220.253

200 OK

22 kB

URL GET
www.tabdocklight.com/assets/index-ZK6TGWZV.css
IP
172.67.220.253:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Certificate
IssuerGoogle Trust Services
Subjecttabdocklight.com
Fingerprint63:A5:F4:81:9F:E5:B0:33:9F:99:66:3B:51:A1:17:66:33:5B:46:5B
ValidityThu, 22 May 2025 13:44:14 GMT - Wed, 20 Aug 2025 14:42:58 GMT

File type
ASCII text, with very long lines (22152)
Size
22 kB (22153 bytes)
Hash
b82b5b2a65d71874db38588f79c433f9
2d0c740d763776932ab1995e24f31f7856989472
f40fe61df5eb33c7aaafdcdb684b0589d349a4d2ff34e3fe3eff8dc008b3f17d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/index-ZK6TGWZV.css HTTP/1.1
Host: www.tabdocklight.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 22 Jun 2025 21:22:20 GMT
content-type: text/css
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hCoHDg1is1wMOfdy6%2Fj0DeT41b4VMLneltU8SJp951EhoUvT4aFCXWg8XzcjShCno0r4jCOWTd%2BPKsIYJvdfTGEbLQYZtT%2BwbngylRe3lSKbyLB5OAm826ivW6%2F9HAaYauheofKeyw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 953ecceb6c71568a-OSL
cf-cache-status: HIT
age: 331
cache-control: public, max-age=14400
etag: W/"0x8DD98F560195D31"
last-modified: Thu, 22 May 2025 05:56:20 GMT
domain-integrity-check: true
x-azure-ref: 20250522T185559Z-r1f7f6d9747cmv89hC1STO6bvs00000002v0000000007gyg
x-cache: TCP_REMOTE_HIT
x-cache-info: L2_T2
x-fd-int-roxy-purgeid: 83698580
x-ms-request-id: 012f2ef9-101e-0079-54df-ca7f8d000000
x-ms-version: 2018-03-28
x-spoke-cache: true
x-spoke-cache-at: Sun Jun 22 2025 21:16:48 GMT+0000 (Coordinated Universal Time)
content-encoding: br
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1556&min_rtt=0&rtt_var=810&sent=317&recv=133&lost=0&retrans=0&sent_bytes=273437&recv_bytes=8980&delivery_rate=18275487&ss_exit_cwnd=27932&ss_exit_reason=2&cwnd=21640&unsent_bytes=0&cid=3cbc204106380b1c&ts=1942&inflight_dur=81&x=44"

GET www.tabdocklight.com/assets/clsx-RUMLefpv.js

172.67.220.253

200 OK

119 kB

URL GET
www.tabdocklight.com/assets/clsx-RUMLefpv.js
IP
172.67.220.253:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Certificate
IssuerGoogle Trust Services
Subjecttabdocklight.com
Fingerprint63:A5:F4:81:9F:E5:B0:33:9F:99:66:3B:51:A1:17:66:33:5B:46:5B
ValidityThu, 22 May 2025 13:44:14 GMT - Wed, 20 Aug 2025 14:42:58 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
119 kB (119399 bytes)
Hash
33d86584b615c263eadbfc48a827f92b
b7b9065d7740d83d6e7ba12d012270df8f003274
ab6b729402e0edb220e8e4c4dd859f46d450beb8e914d6b229d303921ed779c4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/clsx-RUMLefpv.js HTTP/1.1
Host: www.tabdocklight.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 22 Jun 2025 21:22:20 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H6%2FSsezNvPOQl6szHY5Hma2gl5iIb7cEhdc3qQq%2F5rar%2FgIu3cY0YgQzwC%2BsJc426ciPfbVGxoATzCfLjlas0rnvlbhB4AuGobL9oOsiDM3ytf7WB%2Fj3Zv%2B%2FFHfCy9pfyPvl9uYQEA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 953ecceb6c73568a-OSL
cf-cache-status: HIT
age: 331
cache-control: public, max-age=14400
etag: W/"0x8DDAD5EA9615CEF"
last-modified: Tue, 17 Jun 2025 05:20:23 GMT
domain-integrity-check: true
x-azure-ref: 20250617T053335Z-17cd6bcf675d4fsnhC1SVG0bk40000000h8000000000318z
x-cache: TCP_HIT
x-cache-info: L1_T2
x-fd-int-roxy-purgeid: 83698596
x-ms-request-id: cab25c03-401e-0029-5947-dfbddd000000
x-ms-version: 2018-03-28
x-spoke-cache: true
x-spoke-cache-at: Sun Jun 22 2025 21:16:48 GMT+0000 (Coordinated Universal Time)
content-encoding: br
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1492&min_rtt=0&rtt_var=736&sent=324&recv=134&lost=0&retrans=0&sent_bytes=279873&recv_bytes=9026&delivery_rate=18275487&ss_exit_cwnd=27932&ss_exit_reason=2&cwnd=21640&unsent_bytes=0&cid=3cbc204106380b1c&ts=1949&inflight_dur=84&x=44"

GET 7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com/favicon.ico

159.65.226.43

404 Not Found

0 B

URL GET
7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com/favicon.ico
IP
159.65.226.43:80
ASN
#14061 DIGITALOCEAN-ASN

Requested by
http://7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com/t/5RJebh88426XDMK843mrvbzoemif4954WVPEVTBIREEPXSG12405EBOM36237x14

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com/t/5RJebh88426XDMK843mrvbzoemif4954WVPEVTBIREEPXSG12405EBOM36237x14
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
X-Address: gin_throttle_mw_7200000000_91.90.42.154
X-Ratelimit-Limit: 500
X-Ratelimit-Remaining: 496
X-Ratelimit-Reset: 1750630935
Date: Sun, 22 Jun 2025 21:22:17 GMT
Content-Length: 0

POST sentry.io/api/1314267/envelope/?sentry_key=6c20ba397902400f9d47007cf6200a24&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.64.0

35.186.247.156

200 OK

2 B

URL POST
sentry.io/api/1314267/envelope/?sentry_key=6c20ba397902400f9d47007cf6200a24&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.64.0
IP
35.186.247.156:443
ASN
#15169 GOOGLE

Requested by
https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Certificate
IssuerDigiCert Inc
Subjectsentry.io
Fingerprint33:6A:80:2B:88:EE:62:F2:64:C6:75:F9:B4:9D:B1:A1:18:83:73:AA
ValidityWed, 03 Jul 2024 00:00:00 GMT - Tue, 22 Jul 2025 23:59:59 GMT

File type
JSON text data
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

HTTP Headers

POST /api/1314267/envelope/?sentry_key=6c20ba397902400f9d47007cf6200a24&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.64.0 HTTP/1.1
Host: sentry.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.tabdocklight.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 470
Origin: https://www.tabdocklight.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 22 Jun 2025 21:22:18 GMT
content-type: application/json
content-length: 2
vary: origin, access-control-request-method, access-control-request-headers
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy: cross-origin
x-envoy-upstream-service-time: 0
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

HEAD pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?=1750627338901

142.250.178.34

200 OK

0 B

URL HEAD
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?=1750627338901
IP
142.250.178.34:443
ASN
#15169 GOOGLE

Requested by
https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Certificate
IssuerGoogle Trust Services
Subject*.g.doubleclick.net
Fingerprint84:E0:95:A7:B0:AD:C7:14:6D:3A:8F:52:B9:8A:24:71:29:A9:E4:CC
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /pagead/js/adsbygoogle.js?=1750627338901 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.tabdocklight.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Sun, 22 Jun 2025 21:22:19 GMT
expires: Sun, 22 Jun 2025 21:22:19 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 2599740453939686448
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 53334
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.tabdocklight.com/assets/clsx-RUMLefpv.js

172.67.220.253

200 OK

119 kB

URL GET
www.tabdocklight.com/assets/clsx-RUMLefpv.js
IP
172.67.220.253:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Certificate
IssuerGoogle Trust Services
Subjecttabdocklight.com
Fingerprint63:A5:F4:81:9F:E5:B0:33:9F:99:66:3B:51:A1:17:66:33:5B:46:5B
ValidityThu, 22 May 2025 13:44:14 GMT - Wed, 20 Aug 2025 14:42:58 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
119 kB (119399 bytes)
Hash
33d86584b615c263eadbfc48a827f92b
b7b9065d7740d83d6e7ba12d012270df8f003274
ab6b729402e0edb220e8e4c4dd859f46d450beb8e914d6b229d303921ed779c4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/clsx-RUMLefpv.js HTTP/1.1
Host: www.tabdocklight.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.tabdocklight.com/assets/index-ZUnOmLfp.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 22 Jun 2025 21:22:20 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5OHor4lZ6SsWeCZLYwg6qeHS8DVLregWlXZUObev3pliLTOHSQJCbbXY98ikPqDL8aJcKNBAg49hEa3crJTzSyu5%2FRQ226R2KDgs%2FE%2Fi6dYtx%2Bw22PW0ulWx1cTTC0C3p0tSS90ZNg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 953eccebec80568a-OSL
cf-cache-status: HIT
age: 331
cache-control: public, max-age=14400
etag: W/"0x8DDAD5EA9615CEF"
last-modified: Tue, 17 Jun 2025 05:20:23 GMT
domain-integrity-check: true
x-azure-ref: 20250617T053335Z-17cd6bcf675d4fsnhC1SVG0bk40000000h8000000000318z
x-cache: TCP_HIT
x-cache-info: L1_T2
x-fd-int-roxy-purgeid: 83698596
x-ms-request-id: cab25c03-401e-0029-5947-dfbddd000000
x-ms-version: 2018-03-28
x-spoke-cache: true
x-spoke-cache-at: Sun Jun 22 2025 21:16:48 GMT+0000 (Coordinated Universal Time)
content-encoding: br
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1286&min_rtt=0&rtt_var=524&sent=374&recv=140&lost=0&retrans=0&sent_bytes=332012&recv_bytes=9773&delivery_rate=18275487&ss_exit_cwnd=27932&ss_exit_reason=2&cwnd=21640&unsent_bytes=0&cid=3cbc204106380b1c&ts=2025&inflight_dur=92&x=44"

HEAD pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?=1750627340057

142.250.178.34

200 OK

0 B

URL HEAD
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?=1750627340057
IP
142.250.178.34:443
ASN
#15169 GOOGLE

Requested by
https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Certificate
IssuerGoogle Trust Services
Subject*.g.doubleclick.net
Fingerprint84:E0:95:A7:B0:AD:C7:14:6D:3A:8F:52:B9:8A:24:71:29:A9:E4:CC
ValidityMon, 02 Jun 2025 08:35:30 GMT - Mon, 25 Aug 2025 08:35:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /pagead/js/adsbygoogle.js?=1750627340057 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.tabdocklight.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Sun, 22 Jun 2025 21:22:20 GMT
expires: Sun, 22 Jun 2025 21:22:20 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 9951812217853706118
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 53341
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET www.tabdocklight.com/assets/index-ZUnOmLfp.js

172.67.220.253

200 OK

25 kB

URL GET
www.tabdocklight.com/assets/index-ZUnOmLfp.js
IP
172.67.220.253:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
Certificate
IssuerGoogle Trust Services
Subjecttabdocklight.com
Fingerprint63:A5:F4:81:9F:E5:B0:33:9F:99:66:3B:51:A1:17:66:33:5B:46:5B
ValidityThu, 22 May 2025 13:44:14 GMT - Wed, 20 Aug 2025 14:42:58 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (25265)
Size
25 kB (25274 bytes)
Hash
02bc35e013e1e11f874d0a2a71544ae1
5b73b7f7e44d904b36c13bb2a73d326b25288b46
5c1f0aee9d5d1ca575431af8095daac60df400bb21dca2c3d470e974340563e8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/index-ZUnOmLfp.js HTTP/1.1
Host: www.tabdocklight.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.tabdocklight.com/o-ngjc-h82-a38f2ff5ac6b09fcb6ab5350f9df2a25
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 22 Jun 2025 21:22:20 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ihY7PClr2Cl96H4DgOfAqlJxaum2LG37rQQIHBu4kE5%2FU95iTlPxgUWsjWJy3B0X9ZcIgcfwSHHCVwPClS2yIK5UzjPpA%2F6q9V7WpV6HywhXe2iOWqAfZA55psCr00z1gFnumIhcEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 953ecceb6c72568a-OSL
cf-cache-status: HIT
age: 331
cache-control: public, max-age=14400
etag: W/"0x8DDAD5EA95FFD93"
last-modified: Tue, 17 Jun 2025 05:20:23 GMT
domain-integrity-check: true
x-azure-ref: 20250617T053335Z-17cd6bcf675gdq5dhC1SVGdues0000000hs000000000324m
x-cache: TCP_HIT
x-cache-info: L1_T2
x-fd-int-roxy-purgeid: 83698596
x-ms-request-id: a5500d31-701e-00b7-5447-df92f7000000
x-ms-version: 2018-03-28
x-spoke-cache: true
x-spoke-cache-at: Sun Jun 22 2025 21:16:48 GMT+0000 (Coordinated Universal Time)
content-encoding: br
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1492&min_rtt=0&rtt_var=736&sent=327&recv=134&lost=0&retrans=0&sent_bytes=282459&recv_bytes=9026&delivery_rate=18275487&ss_exit_cwnd=27932&ss_exit_reason=2&cwnd=21640&unsent_bytes=0&cid=3cbc204106380b1c&ts=1950&inflight_dur=84&x=44"

GET 7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com/favicon.ico

159.65.226.43

404 Not Found

0 B

URL GET
7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com/favicon.ico
IP
159.65.226.43:80
ASN
#14061 DIGITALOCEAN-ASN

Requested by
http://7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com/5RJebh88426XDMK843mrvbzoemif4954WVPEVTBIREEPXSG12405EBOM36237x14

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com/5RJebh88426XDMK843mrvbzoemif4954WVPEVTBIREEPXSG12405EBOM36237x14
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
X-Address: gin_throttle_mw_7200000000_91.90.42.154
X-Ratelimit-Limit: 500
X-Ratelimit-Remaining: 498
X-Ratelimit-Reset: 1750630935
Date: Sun, 22 Jun 2025 21:22:15 GMT
Content-Length: 0

GET 7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com/t/5RJebh88426XDMK843mrvbzoemif4954WVPEVTBIREEPXSG12405EBOM36237x14

0.0.0.0

0 B

URL User Request GET
7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com/t/5RJebh88426XDMK843mrvbzoemif4954WVPEVTBIREEPXSG12405EBOM36237x14
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /t/5RJebh88426XDMK843mrvbzoemif4954WVPEVTBIREEPXSG12405EBOM36237x14 HTTP/1.1
Host: 7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://7riyd2qsy9pzytvoakxe.tr.acsifauthentique.com/5RJebh88426XDMK843mrvbzoemif4954WVPEVTBIREEPXSG12405EBOM36237x14
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (29)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL OPTIONS

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

File type

Size