dood.wf/d/l477559o37uh
301 Moved Permanently 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /d/l477559o37uh HTTP/1.1
Host: dood.wf
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 24 Sep 2022 23:36:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 25 Sep 2022 00:36:55 GMT
Location: https://dood.wf/d/l477559o37uh
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uAL4MF%2BWDPWhmTvb2EeoUxCad9DaOk0L9oX5LZxkKE7F02xA8kES1NqwCQ78FNWf444onJE3K1uhLFAlJjVUlOiv6f8pYs4G7uOlEdZtS0En8v1hA3BYuLs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74ff58506a55b52d-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4879
Expires: Sun, 25 Sep 2022 00:58:14 GMT
Date: Sat, 24 Sep 2022 23:36:55 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 24 Sep 2022 22:37:38 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: XIKqHQi23HYMdOOfhbMQkCMGA0SypO6_105Jl89Xudj_Swy-hDnCVw==
Age: 3557
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 24 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: EesdrsTdEDlWOv7Zjdr7NpWx9LzDicxhXVEwJ-WODDlyiDL1Kl00QQ==
age: 68501
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 7076f68bad4bd98841c14739882d89ed
16b8c3f3caa8b2d8584e9c085883b49513fbb9e8
71aab8b73429b0e649ef3129241e4f1b8e4fbd4fa7b0bdd2f670856986ee4565
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "71AAB8B73429B0E649EF3129241E4F1B8E4FBD4FA7B0BDD2F670856986EE4565"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2161
Expires: Sun, 25 Sep 2022 00:12:56 GMT
Date: Sat, 24 Sep 2022 23:36:55 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 23:36:55 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 7076f68bad4bd98841c14739882d89ed
16b8c3f3caa8b2d8584e9c085883b49513fbb9e8
71aab8b73429b0e649ef3129241e4f1b8e4fbd4fa7b0bdd2f670856986ee4565
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "71AAB8B73429B0E649EF3129241E4F1B8E4FBD4FA7B0BDD2F670856986EE4565"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2161
Expires: Sun, 25 Sep 2022 00:12:56 GMT
Date: Sat, 24 Sep 2022 23:36:55 GMT
Connection: keep-alive
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
200 OK 28 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
File type ASCII text, with very long lines (65451)
Hash 638a4990025383a0f83ebf29bdb84a68
153e8818dc42f598e47fde8cf398f1447649a4d0
878e34b89800bb271d3588e526eb3598eb3822e263f3bdaf53645847d39d0ad6
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 23:36:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 3912394
expires: Thu, 14 Sep 2023 23:36:55 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G7OxoMMsMDdkqNkHkxazj%2BczoQU8AM0wf2jRSe0qgpi05x%2BLcynW1tyw4%2BvfHd2p3fF4TcDWU2mB9PiTkAVBU6%2FWsgORpQo6PzhKQJ1ZLWgeMAQyVN1Jyb6GgD6hc2jVoxWpmYWK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74ff5852ffca0b49-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
200 OK 591 B URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
IP
File type ASCII text, with very long lines (1266)
Hash 414869f16aa77a65b4928a018f7f1abb
cea521f7a2958a50239526ed6b068f0937527653
afee364ce513c6517247b81cce5eb5eadb1dbbb35e439eb3fa97bbc15fac2cd3
GET /ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 23:36:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 591
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec1-514"
last-modified: Mon, 04 May 2020 16:11:45 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1879596
expires: Thu, 14 Sep 2023 23:36:55 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rfIDEakGD4QVxHVy3gGUnTCCGsZ7cIJmEHf2W%2BiwC2HYaI6YgDcdBf9ZDAHzhJsVsftL6CwVQOqjdGSqzrSNGNB0K7MWgcOfnSKOI%2FaKzsoeScGA1r%2BpTLasELOQMT2cTIKhIBHw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74ff5852ffce0b49-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash b8361edb2d37c71e715b6e297767afb9
a164e40a38f4083cad7868c0326b475b97e6ea35
dcddfda5b8fe7620475d5bec9f121c5e28df523643fdad582b1a4291f1ef2bf4
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "DCDDFDA5B8FE7620475D5BEC9F121C5E28DF523643FDAD582B1A4291F1EF2BF4"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14905
Expires: Sun, 25 Sep 2022 03:45:20 GMT
Date: Sat, 24 Sep 2022 23:36:55 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash b8361edb2d37c71e715b6e297767afb9
a164e40a38f4083cad7868c0326b475b97e6ea35
dcddfda5b8fe7620475d5bec9f121c5e28df523643fdad582b1a4291f1ef2bf4
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "DCDDFDA5B8FE7620475D5BEC9F121C5E28DF523643FDAD582B1A4291F1EF2BF4"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14905
Expires: Sun, 25 Sep 2022 03:45:20 GMT
Date: Sat, 24 Sep 2022 23:36:55 GMT
Connection: keep-alive
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash b8361edb2d37c71e715b6e297767afb9
a164e40a38f4083cad7868c0326b475b97e6ea35
dcddfda5b8fe7620475d5bec9f121c5e28df523643fdad582b1a4291f1ef2bf4
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "DCDDFDA5B8FE7620475D5BEC9F121C5E28DF523643FDAD582B1A4291F1EF2BF4"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14905
Expires: Sun, 25 Sep 2022 03:45:20 GMT
Date: Sat, 24 Sep 2022 23:36:55 GMT
Connection: keep-alive
i.doodcdn.co/img/no_video_3.svg
200 OK 2.8 kB URL HTTP/2 i.doodcdn.co/img/no_video_3.svg
IP
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (2789)
Hash 077bfdaa49ae4877a42611b739ec4752
a2f9e1222b7af9abc05122411ab8902efcc08ead
70d6a17097a8c27edfaad6740e11359d9363f3f04bff1b93483e29c25609fa6c
GET /img/no_video_3.svg HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 24 Sep 2022 23:36:55 GMT
content-type: image/svg+xml
content-length: 2812
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
etag: "61d3187c-afc"
expires: Mon, 24 Oct 2022 08:07:33 GMT
cache-control: public, max-age=2592000, no-transform
access-control-allow-origin: *
cf-cache-status: HIT
age: 7522
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2KiVpfn73APQK6N0SVaADucIlC4pEftuaQsipO8FgtoS4A2jA3Vw38%2FRGTxVodT87VTBRRpMyergM%2Fk3j5Czw2FD3dzCLzMDlLaYgDrkoESql11Jjj3JEdlXCtwXcw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74ff58536ce80b02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash cfbe772bfdcc656e94ceed53256863ca
34055ed3761ab4b69af25a2cb70ca7a337a9f79b
7464464772c70e6a9f1b516b9fc3b60f4e567c10f968c573d5a187f5f22d0722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 23:36:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash b8361edb2d37c71e715b6e297767afb9
a164e40a38f4083cad7868c0326b475b97e6ea35
dcddfda5b8fe7620475d5bec9f121c5e28df523643fdad582b1a4291f1ef2bf4
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "DCDDFDA5B8FE7620475D5BEC9F121C5E28DF523643FDAD582B1A4291F1EF2BF4"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14905
Expires: Sun, 25 Sep 2022 03:45:20 GMT
Date: Sat, 24 Sep 2022 23:36:55 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash cfbe772bfdcc656e94ceed53256863ca
34055ed3761ab4b69af25a2cb70ca7a337a9f79b
7464464772c70e6a9f1b516b9fc3b60f4e567c10f968c573d5a187f5f22d0722
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 23:36:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 84bfe586dc00e6c23db64e0ad3c6d96b
e83f5c9fffde8cb05f3f7303278e6ef37643c2de
06156ae62e2ebb659c8cf55480cee68ad5014510b10ad7041f7e735fc95520e3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "06156AE62E2EBB659C8CF55480CEE68AD5014510B10AD7041F7E735FC95520E3"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4999
Expires: Sun, 25 Sep 2022 01:00:14 GMT
Date: Sat, 24 Sep 2022 23:36:55 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 24 Sep 2022 23:04:17 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Sat, 24 Sep 2022 23:55:58 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: j5mHoyTMCrk2eyQg8fLzwV761e2xKpONnflBSLruoaxJ33XmfQd6ig==
Age: 1958
cdn.pncloudfl.com/pn/744/081/678/7440816781d0d85a30283dca9b3b28d80826b38f.jpg
200 OK 37 kB URL HTTP/2 cdn.pncloudfl.com/pn/744/081/678/7440816781d0d85a30283dca9b3b28d80826b38f.jpg
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash c994c44c682769b6bbb4079385f02ca0
431277bc9ea5c81f48a73dc0a3aeaa84db3d345a
8b19dee80ecbf597df8b5db23627cf5e0e3cad541dd0260162238d8ad9314c2d
GET /pn/744/081/678/7440816781d0d85a30283dca9b3b28d80826b38f.jpg HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 23:36:55 GMT
content-type: image/webp
content-length: 37090
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=73232
content-disposition: inline; filename="7440816781d0d85a30283dca9b3b28d80826b38f.webp"
etag: 71f517f39d38846c02be3576ea99b943
expires: Sun, 25 Sep 2022 02:06:59 GMT
last-modified: Wed, 21 Sep 2022 01:58:36 GMT
vary: Accept
x-openstack-request-id: tx3b5a6acb74eb4fb5bcc97-00632a700b
x-proxy-cache: HIT
x-timestamp: 1663725515.95097
x-trans-id: tx3b5a6acb74eb4fb5bcc97-00632a700b
cf-cache-status: HIT
age: 163796
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 74ff58558b50b4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 23ba09c14e337ac70d877d2ed33dc795
175d5155889b45711d0a9050116591ad25e74891
cb117ac56fe205bfca3b512ed3d8ddb46a7115446d099739cc4d111c853696ae
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 23:36:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
betotodilea.com/400/4857535
200 OK 74 kB URL HTTP/2 betotodilea.com/400/4857535
IP
Hash 7e057ec6c82fddaaa6724fb8f765fb3c
87b1d9e751731a210e516d563887cbfc7359f49c
91a2a86ca5fd60dbebe9ed0ace2f663e512b94ca5af580b55a93d4804f7d1bbb
GET /400/4857535 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 23:36:55 GMT
content-type: application/javascript
x-trace-id: 35f7851dc5726d4e0631e672541603fe
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=c45aa334686646a985c084248b34cbab; expires=Sun, 24 Sep 2023 23:36:55 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c4bba50ffa4883fdd2fe37c8f1fcd9a5
751b095814d4892c43aa810e89370f0f0a7eba11
ab22bd9aea50b9f76207ec4ac41562a4186340cf90ff354b89612fdb88dfd569
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AB22BD9AEA50B9F76207EC4AC41562A4186340CF90FF354B89612FDB88DFD569"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4043
Expires: Sun, 25 Sep 2022 00:44:18 GMT
Date: Sat, 24 Sep 2022 23:36:55 GMT
Connection: keep-alive
cdn.pncloudfl.com/pn/b3c/a46/243/b3ca46243dd1beb6a1169d26cfa361bac2d7b97e.jpg
200 OK 44 kB URL HTTP/2 cdn.pncloudfl.com/pn/b3c/a46/243/b3ca46243dd1beb6a1169d26cfa361bac2d7b97e.jpg
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash 5b5185d2fccd2dca3c94db1ba3359efc
5be904c10086b3af052ea9a79f6b60e1150ecf4b
a4834b0c05e82cc70c7778348a3c205f25f3a22e9775e137c3d8187b3f6a3fb5
GET /pn/b3c/a46/243/b3ca46243dd1beb6a1169d26cfa361bac2d7b97e.jpg HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 23:36:55 GMT
content-type: image/webp
content-length: 43534
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=77637
content-disposition: inline; filename="b3ca46243dd1beb6a1169d26cfa361bac2d7b97e.webp"
etag: 1b8a2ca51633977e4d71e0297479bdcf
expires: Mon, 26 Sep 2022 21:22:19 GMT
last-modified: Thu, 22 Sep 2022 10:27:55 GMT
vary: Accept
x-openstack-request-id: txe70ca3ba19e54f508ede7-00632c38e6
x-proxy-cache: HIT
x-timestamp: 1663842474.88163
x-trans-id: txe70ca3ba19e54f508ede7-00632c38e6
cf-cache-status: HIT
age: 8076
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 74ff58559b5ab4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js?render=explicit
200 OK 555 B URL HTTP/2 www.google.com/recaptcha/api.js?render=explicit
IP
File type ASCII text, with very long lines (852), with no line terminators
Hash 318907269467046b2f44c93c99f4d1d2
27026320734143f5c36db9ee3b07705a4da7bfbe
7eb1c6d07f3941f1b20d1a2674c43656e01a528e2f1672b70b6a3b3d6239b2f3
GET /recaptcha/api.js?render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sat, 24 Sep 2022 23:36:55 GMT
date: Sat, 24 Sep 2022 23:36:55 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 555
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
alas4kanmfa6a4mubte.com/chicken.gif?z=1841674&pb=39b091d01e8f9f4d49b2d7b7710e11de1664069815&psp=SdkqSPNX_rbhMA-lw1S1IWpwuXZFDChyOMT05SKhejsuBXxokZibIO1OE8EQbe_Rhqs0mWcPL6UUnfOdCq8nA03JSAjSXB5jPN_5NKRPkl4tPm_0p97sVNQvSPfS1ca3nGYHELEkqKKWvlbRBXI3EJXJogx6HJ0qKRZDvQH0EgyRfmspUw7jcmH6VuTEmdLPDj1RELwv9NB58Lzih6BLw7EGM4vbgi_v_KGafr60hCZz4n_uSpnReOEXDJrTJ0ntPlUUsaBc8dLUMEahxTCFU3MK2t2X5wim4MNYnCB7OZRGHx8yaTnIQixI-OPdb99Z00W8Gn5b9vP7ThAlui-KHjsETkhxFhbjLUU2kxeks0OstBDadPeJyW36LMaFoUD1TnU9g7QC-CDT5aLBG2zBF7Z6GaMmk9lkacAsY7B5C5yukfwj7PyPoihyrlLTYzElDuJSDka1DR7SX1qf7uqWGtdv-P8TBHGqTU9VnMHgV2cFNJp0Wyac1xNhgQhswN5RvVjZoki8asYa7yegmNRV9lgTtUS_wHxc1pTCAHFb6zNiGvbamMNTdqW4QfdL1C4NwLE3qdpAep_K-llaaYQ1QH_PZAS6ghkU4XzsWA4l4VHIjrpyVyieOGVHu4-dpwcCLzzKsnvvnO1xKRmH8syay12GX2oKsPLvDMwR0nQCXtnnFwbdFs0DumcGkXj0QZe0hCAtFKyvu1DG2hYmB_coOx4mThUR_KEOj0Qv4zLvSO0JZRZ6g_QY_037llez5pgRlRPjpoKQ9kh4&abvar=0&os=0
200 OK 43 B URL HTTP/2 alas4kanmfa6a4mubte.com/chicken.gif?z=1841674&pb=39b091d01e8f9f4d49b2d7b7710e11de1664069815&psp=SdkqSPNX_rbhMA-lw1S1IWpwuXZFDChyOMT05SKhejsuBXxokZibIO1OE8EQbe_Rhqs0mWcPL6UUnfOdCq8nA03JSAjSXB5jPN_5NKRPkl4tPm_0p97sVNQvSPfS1ca3nGYHELEkqKKWvlbRBXI3EJXJogx6HJ0qKRZDvQH0EgyRfmspUw7jcmH6VuTEmdLPDj1RELwv9NB58Lzih6BLw7EGM4vbgi_v_KGafr60hCZz4n_uSpnReOEXDJrTJ0ntPlUUsaBc8dLUMEahxTCFU3MK2t2X5wim4MNYnCB7OZRGHx8yaTnIQixI-OPdb99Z00W8Gn5b9vP7ThAlui-KHjsETkhxFhbjLUU2kxeks0OstBDadPeJyW36LMaFoUD1TnU9g7QC-CDT5aLBG2zBF7Z6GaMmk9lkacAsY7B5C5yukfwj7PyPoihyrlLTYzElDuJSDka1DR7SX1qf7uqWGtdv-P8TBHGqTU9VnMHgV2cFNJp0Wyac1xNhgQhswN5RvVjZoki8asYa7yegmNRV9lgTtUS_wHxc1pTCAHFb6zNiGvbamMNTdqW4QfdL1C4NwLE3qdpAep_K-llaaYQ1QH_PZAS6ghkU4XzsWA4l4VHIjrpyVyieOGVHu4-dpwcCLzzKsnvvnO1xKRmH8syay12GX2oKsPLvDMwR0nQCXtnnFwbdFs0DumcGkXj0QZe0hCAtFKyvu1DG2hYmB_coOx4mThUR_KEOj0Qv4zLvSO0JZRZ6g_QY_037llez5pgRlRPjpoKQ9kh4&abvar=0&os=0
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
GET /chicken.gif?z=1841674&pb=39b091d01e8f9f4d49b2d7b7710e11de1664069815&psp=SdkqSPNX_rbhMA-lw1S1IWpwuXZFDChyOMT05SKhejsuBXxokZibIO1OE8EQbe_Rhqs0mWcPL6UUnfOdCq8nA03JSAjSXB5jPN_5NKRPkl4tPm_0p97sVNQvSPfS1ca3nGYHELEkqKKWvlbRBXI3EJXJogx6HJ0qKRZDvQH0EgyRfmspUw7jcmH6VuTEmdLPDj1RELwv9NB58Lzih6BLw7EGM4vbgi_v_KGafr60hCZz4n_uSpnReOEXDJrTJ0ntPlUUsaBc8dLUMEahxTCFU3MK2t2X5wim4MNYnCB7OZRGHx8yaTnIQixI-OPdb99Z00W8Gn5b9vP7ThAlui-KHjsETkhxFhbjLUU2kxeks0OstBDadPeJyW36LMaFoUD1TnU9g7QC-CDT5aLBG2zBF7Z6GaMmk9lkacAsY7B5C5yukfwj7PyPoihyrlLTYzElDuJSDka1DR7SX1qf7uqWGtdv-P8TBHGqTU9VnMHgV2cFNJp0Wyac1xNhgQhswN5RvVjZoki8asYa7yegmNRV9lgTtUS_wHxc1pTCAHFb6zNiGvbamMNTdqW4QfdL1C4NwLE3qdpAep_K-llaaYQ1QH_PZAS6ghkU4XzsWA4l4VHIjrpyVyieOGVHu4-dpwcCLzzKsnvvnO1xKRmH8syay12GX2oKsPLvDMwR0nQCXtnnFwbdFs0DumcGkXj0QZe0hCAtFKyvu1DG2hYmB_coOx4mThUR_KEOj0Qv4zLvSO0JZRZ6g_QY_037llez5pgRlRPjpoKQ9kh4&abvar=0&os=0 HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=2209241836a5a7b5a6e65c45678629ef4ce5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 23:36:55 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACImuwAAAAAAAAAB; Path=/; Expires=Mon, 24 Oct 2022 23:36:56 GMT; Secure; SameSite=None
OACIBLOCK=ACImuwAAAABjLo7Q; Path=/; Expires=Mon, 24 Oct 2022 23:36:56 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Sun, 25 Sep 2022 23:36:56 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
alas4kanmfa6a4mubte.com/chicken.gif?z=1841674&pb=39b091d01e8f9f4d49b2d7b7710e11de1664069815&psp=7qJG75tTBBJcNP65KhS5x9mJXBghSdaow6zlUm_NheGsRl1FjJNQ9CcObi3zFzzGZuKqeLEpqczt7M-V22cAgb8YPjJ-mGS-aDUqMgrrbI_q6zQJ8seh2eFiezfjitsz9faI2r0SCp0Xs6moS_dxLx58MPpQh1PiFFgJ2HJvdV1iNsQNT3OQrihzK41Rw9yiHjVywoGODsu7pazr9dlJpWUPL9ZAQ87oBdL3HLQ4X9hkNvEvtVDKGZQm4WjSqSF4UTTIoyTUR00V6l1JEvjpsXRl82gDSu3f2JkzWTV7FY8IwuJ1H2KPH8jt8rlyZS_tyN-5AACRjZaOxL8pad62zrZYbZZ387W_V9ET6kxZl5axj4sAi66-IpOIxQdVfpod58qApb8jZMrRG42vXKX5MAVCHJ9_Omz0Q3GeeBYxVutFmAaYSHJakYRL0q6OlFI__nxewyhWVItAzydvfbb33HN7z54AEFTenDfAFL_SGtaNAZE73SVIrxyEIeNnMggdBoo9GfUTiHENbXomQWudODz46Bp5MdTbrjqozitNmvrfkwB4uBwhO7mFlcGBJYG5OQBlbbM9lC8WBQspONIdHJOzBgDRgYt81rfS_h8nyUni4qbcQE18ud8vapt2FRm_RdC4bkd8DEz_imXZDrl2Ilm9e9_tWIRGggzNhyTloUAZJMELhU8mH-G7EdZkhZcHf4LhBAmEXLfIoEqZ2KJ6f2-ErhN_BlvYd98YEDz-KqsL3qQ=&abvar=0&os=0
200 OK 43 B URL HTTP/2 alas4kanmfa6a4mubte.com/chicken.gif?z=1841674&pb=39b091d01e8f9f4d49b2d7b7710e11de1664069815&psp=7qJG75tTBBJcNP65KhS5x9mJXBghSdaow6zlUm_NheGsRl1FjJNQ9CcObi3zFzzGZuKqeLEpqczt7M-V22cAgb8YPjJ-mGS-aDUqMgrrbI_q6zQJ8seh2eFiezfjitsz9faI2r0SCp0Xs6moS_dxLx58MPpQh1PiFFgJ2HJvdV1iNsQNT3OQrihzK41Rw9yiHjVywoGODsu7pazr9dlJpWUPL9ZAQ87oBdL3HLQ4X9hkNvEvtVDKGZQm4WjSqSF4UTTIoyTUR00V6l1JEvjpsXRl82gDSu3f2JkzWTV7FY8IwuJ1H2KPH8jt8rlyZS_tyN-5AACRjZaOxL8pad62zrZYbZZ387W_V9ET6kxZl5axj4sAi66-IpOIxQdVfpod58qApb8jZMrRG42vXKX5MAVCHJ9_Omz0Q3GeeBYxVutFmAaYSHJakYRL0q6OlFI__nxewyhWVItAzydvfbb33HN7z54AEFTenDfAFL_SGtaNAZE73SVIrxyEIeNnMggdBoo9GfUTiHENbXomQWudODz46Bp5MdTbrjqozitNmvrfkwB4uBwhO7mFlcGBJYG5OQBlbbM9lC8WBQspONIdHJOzBgDRgYt81rfS_h8nyUni4qbcQE18ud8vapt2FRm_RdC4bkd8DEz_imXZDrl2Ilm9e9_tWIRGggzNhyTloUAZJMELhU8mH-G7EdZkhZcHf4LhBAmEXLfIoEqZ2KJ6f2-ErhN_BlvYd98YEDz-KqsL3qQ=&abvar=0&os=0
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
GET /chicken.gif?z=1841674&pb=39b091d01e8f9f4d49b2d7b7710e11de1664069815&psp=7qJG75tTBBJcNP65KhS5x9mJXBghSdaow6zlUm_NheGsRl1FjJNQ9CcObi3zFzzGZuKqeLEpqczt7M-V22cAgb8YPjJ-mGS-aDUqMgrrbI_q6zQJ8seh2eFiezfjitsz9faI2r0SCp0Xs6moS_dxLx58MPpQh1PiFFgJ2HJvdV1iNsQNT3OQrihzK41Rw9yiHjVywoGODsu7pazr9dlJpWUPL9ZAQ87oBdL3HLQ4X9hkNvEvtVDKGZQm4WjSqSF4UTTIoyTUR00V6l1JEvjpsXRl82gDSu3f2JkzWTV7FY8IwuJ1H2KPH8jt8rlyZS_tyN-5AACRjZaOxL8pad62zrZYbZZ387W_V9ET6kxZl5axj4sAi66-IpOIxQdVfpod58qApb8jZMrRG42vXKX5MAVCHJ9_Omz0Q3GeeBYxVutFmAaYSHJakYRL0q6OlFI__nxewyhWVItAzydvfbb33HN7z54AEFTenDfAFL_SGtaNAZE73SVIrxyEIeNnMggdBoo9GfUTiHENbXomQWudODz46Bp5MdTbrjqozitNmvrfkwB4uBwhO7mFlcGBJYG5OQBlbbM9lC8WBQspONIdHJOzBgDRgYt81rfS_h8nyUni4qbcQE18ud8vapt2FRm_RdC4bkd8DEz_imXZDrl2Ilm9e9_tWIRGggzNhyTloUAZJMELhU8mH-G7EdZkhZcHf4LhBAmEXLfIoEqZ2KJ6f2-ErhN_BlvYd98YEDz-KqsL3qQ=&abvar=0&os=0 HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=2209241836a5a7b5a6e65c45678629ef4ce5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 23:36:55 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACEgHAAAAAAAAAAB; Path=/; Expires=Mon, 24 Oct 2022 23:36:56 GMT; Secure; SameSite=None
OACIBLOCK=ACEgHAAAAABjLo7Q; Path=/; Expires=Mon, 24 Oct 2022 23:36:56 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Sun, 25 Sep 2022 23:36:56 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
alas4kanmfa6a4mubte.com/chicken.gif?z=1841679&pb=39b091d01e8f9f4d49b2d7b7710e11de1664069815&psp=1UQKSSZN7NocLBkFLV0N_N8ufpfPMu7SaqkyVJettH64WAcbgkqHQCMqoBuULGHfHgAUiyZkjbigCQYWb1A6S07gZhr2omfr0lMo7rcXGePFA0rj1BjTLGKjKGTtWt3cWqIFKib7bEnOaPBC4Ar5RuK1oPW2L6oWRxTAwslb4lod8Co6DPSDmcATMuzqoJv0fLU4lWC0ATkToXw7QxuBjRe9b7ZywE-A0zAGzZ6_egC1EruT0ecGjDy6H42CGs90PgSEbkgoPkNBS0jLqrRWBR97dYxM1Rf0UK_bq95V8FgXwFLmGNMNLOpTNXlLIK75-VtZHlPopsC27cRMaZFuw_KSJy4VyEpMNIlvMHWZr4Z2NvbrqTjlYWib4aCJMMoTotw08O2_5IuOAsQ--WYb6qOrqUR3wbYfxJOv1h9eBx29c5Hm1_zTNKP_m_g3NchtEkkfRt0rxq8htxa0sDlbB02nsJ0DxO9c3Y4Rb-aUXZD3mmwiSRSClrgakujvOxwwCC9635AghIlHZJdY1oenNUIWR4CfmGciM3O4kOP3bNOQkvEcEwEDN7Usw-3Jn-1XiYRJXIutyUIx8xjlLD8ciO1j_tzCOPliKWUZXLcsEMEwtpQic-w1HrdaEVQGDy0ocbLs6AbS7U_GCD9Nw-xuB9X5PIeM8BVamLC-2j4b3AIepodO5mL8J-WBF1hNRciblgOQk21sp9P8WhV7FwLXFYs=&abvar=0&os=0
200 OK 43 B URL HTTP/2 alas4kanmfa6a4mubte.com/chicken.gif?z=1841679&pb=39b091d01e8f9f4d49b2d7b7710e11de1664069815&psp=1UQKSSZN7NocLBkFLV0N_N8ufpfPMu7SaqkyVJettH64WAcbgkqHQCMqoBuULGHfHgAUiyZkjbigCQYWb1A6S07gZhr2omfr0lMo7rcXGePFA0rj1BjTLGKjKGTtWt3cWqIFKib7bEnOaPBC4Ar5RuK1oPW2L6oWRxTAwslb4lod8Co6DPSDmcATMuzqoJv0fLU4lWC0ATkToXw7QxuBjRe9b7ZywE-A0zAGzZ6_egC1EruT0ecGjDy6H42CGs90PgSEbkgoPkNBS0jLqrRWBR97dYxM1Rf0UK_bq95V8FgXwFLmGNMNLOpTNXlLIK75-VtZHlPopsC27cRMaZFuw_KSJy4VyEpMNIlvMHWZr4Z2NvbrqTjlYWib4aCJMMoTotw08O2_5IuOAsQ--WYb6qOrqUR3wbYfxJOv1h9eBx29c5Hm1_zTNKP_m_g3NchtEkkfRt0rxq8htxa0sDlbB02nsJ0DxO9c3Y4Rb-aUXZD3mmwiSRSClrgakujvOxwwCC9635AghIlHZJdY1oenNUIWR4CfmGciM3O4kOP3bNOQkvEcEwEDN7Usw-3Jn-1XiYRJXIutyUIx8xjlLD8ciO1j_tzCOPliKWUZXLcsEMEwtpQic-w1HrdaEVQGDy0ocbLs6AbS7U_GCD9Nw-xuB9X5PIeM8BVamLC-2j4b3AIepodO5mL8J-WBF1hNRciblgOQk21sp9P8WhV7FwLXFYs=&abvar=0&os=0
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
GET /chicken.gif?z=1841679&pb=39b091d01e8f9f4d49b2d7b7710e11de1664069815&psp=1UQKSSZN7NocLBkFLV0N_N8ufpfPMu7SaqkyVJettH64WAcbgkqHQCMqoBuULGHfHgAUiyZkjbigCQYWb1A6S07gZhr2omfr0lMo7rcXGePFA0rj1BjTLGKjKGTtWt3cWqIFKib7bEnOaPBC4Ar5RuK1oPW2L6oWRxTAwslb4lod8Co6DPSDmcATMuzqoJv0fLU4lWC0ATkToXw7QxuBjRe9b7ZywE-A0zAGzZ6_egC1EruT0ecGjDy6H42CGs90PgSEbkgoPkNBS0jLqrRWBR97dYxM1Rf0UK_bq95V8FgXwFLmGNMNLOpTNXlLIK75-VtZHlPopsC27cRMaZFuw_KSJy4VyEpMNIlvMHWZr4Z2NvbrqTjlYWib4aCJMMoTotw08O2_5IuOAsQ--WYb6qOrqUR3wbYfxJOv1h9eBx29c5Hm1_zTNKP_m_g3NchtEkkfRt0rxq8htxa0sDlbB02nsJ0DxO9c3Y4Rb-aUXZD3mmwiSRSClrgakujvOxwwCC9635AghIlHZJdY1oenNUIWR4CfmGciM3O4kOP3bNOQkvEcEwEDN7Usw-3Jn-1XiYRJXIutyUIx8xjlLD8ciO1j_tzCOPliKWUZXLcsEMEwtpQic-w1HrdaEVQGDy0ocbLs6AbS7U_GCD9Nw-xuB9X5PIeM8BVamLC-2j4b3AIepodO5mL8J-WBF1hNRciblgOQk21sp9P8WhV7FwLXFYs=&abvar=0&os=0 HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=2209241836a5a7b5a6e65c45678629ef4ce5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 23:36:55 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: OACICAP=ACIPDQAAAAAAAAAB; Path=/; Expires=Mon, 24 Oct 2022 23:36:56 GMT; Secure; SameSite=None
OACIBLOCK=ACIPDQAAAABjLo7Q; Path=/; Expires=Mon, 24 Oct 2022 23:36:56 GMT; Secure; SameSite=None
ppucnt=0; Path=/; Expires=Sun, 25 Sep 2022 23:36:56 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 267300d587831dda7559c30c40cc614e
d7ff0b9754e61f5d4178eddb5e63c3390ab559c8
ec7aad1a3116ce8ef5258b49de87cf3456c8c4890206fa5d46c8e510ded80ac0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 23:36:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash da681c2f112645651e5b32be2cfcd052
2e57e4163b8ed8ceebe8c6dde5ff1aa5efc7b946
302a7e1f8156051b7c793c61fbe3e81096374431e22bd9821b4aa38e1a5772f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 23:36:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/recaptcha__en.js
200 OK 158 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/recaptcha__en.js
IP
File type ASCII text, with very long lines (826)
Size 158 kB (158248 bytes)
Hash db1b5789e9915e9c82f5df92e5982980
2e193e502995501c85f45fd89d9f83707a7f9573
db9c82b18117d7cff0f674de758f5bbb39bc6dee969cee679c741090968b9206
GET /recaptcha/releases/ovmhLiigaw4D9ujHYlHcKKhP/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.wf
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 158248
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 22 Sep 2022 07:11:34 GMT
expires: Fri, 22 Sep 2023 07:11:34 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 19 Sep 2022 04:01:43 GMT
content-type: text/javascript
age: 231922
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash da681c2f112645651e5b32be2cfcd052
2e57e4163b8ed8ceebe8c6dde5ff1aa5efc7b946
302a7e1f8156051b7c793c61fbe3e81096374431e22bd9821b4aa38e1a5772f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Sep 2022 23:36:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 7664138cc52240f42d9b791676bd0ed1
9b6ebbdc0488f5a98cedb61b8386f25f57095fe8
d1542833d112f926467446f3e4e07b5889bdd5eb7b5edcff5ea9d49e0b6adb6a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "D1542833D112F926467446F3E4E07B5889BDD5EB7B5EDCFF5EA9D49E0B6ADB6A"
Last-Modified: Sat, 24 Sep 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4500
Expires: Sun, 25 Sep 2022 00:51:56 GMT
Date: Sat, 24 Sep 2022 23:36:56 GMT
Connection: keep-alive
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: S8VAH84z27uHiDrW6h3msA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: lNRVuQ+noUVhtO0UDDyoIHFD90I=
andindee.buzz/utx?tid=926820&top=dood.wf&cb=XPgqct7uKa0W
204 No Content 0 B URL HTTP/2 andindee.buzz/utx?tid=926820&top=dood.wf&cb=XPgqct7uKa0W
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?tid=926820&top=dood.wf&cb=XPgqct7uKa0W HTTP/1.1
Host: andindee.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.wf
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 24 Sep 2022 23:36:56 GMT
content-type: text/plain
access-control-allow-credentials: true
access-control-allow-origin: https://dood.wf
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 24 Sep 2022 23:37:56 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FeMeTMO9xZWOb6wLzi0NMbS0B2sZlMO%2BS2QuN%2B86RVIKbYZE2PbLHxKkTisGT30Y1EwhZCN5ivVsJJlEZn0opDRebqhl5aVNw8wIGRHhblnWZbD2nYSG39gzX0G6FO7c"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74ff5858bd5276f0-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
200 OK 344 B IP
ASN #20940 Akamai International B.V.
Hash 7664138cc52240f42d9b791676bd0ed1
9b6ebbdc0488f5a98cedb61b8386f25f57095fe8
d1542833d112f926467446f3e4e07b5889bdd5eb7b5edcff5ea9d49e0b6adb6a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "D1542833D112F926467446F3E4E07B5889BDD5EB7B5EDCFF5EA9D49E0B6ADB6A"
Last-Modified: Sat, 24 Sep 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4500
Expires: Sun, 25 Sep 2022 00:51:56 GMT
Date: Sat, 24 Sep 2022 23:36:56 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f464219ae940d1a4ac7b088d96501497
4dc6ca2c66a78e549f28ccd00502eb05458c66e6
5ffb914fe2e2fafcf84a6b3a611b2120ad72a1355115ee1ec1d7134ae7cd8cb7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5FFB914FE2E2FAFCF84A6B3A611B2120AD72A1355115EE1EC1D7134AE7CD8CB7"
Last-Modified: Fri, 23 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16364
Expires: Sun, 25 Sep 2022 04:09:40 GMT
Date: Sat, 24 Sep 2022 23:36:56 GMT
Connection: keep-alive
alas4kanmfa6a4mubte.com/lv/esnk/1841679/code.js
200 OK 48 kB URL HTTP/2 alas4kanmfa6a4mubte.com/lv/esnk/1841679/code.js
IP
Hash cf5b8cf34579621c08bc27b23fe3ae46
5bea90c293407c18c8059b165982c3c1356cacd9
734ac7b103af26b601b3355ff56383746c5951b1eca07950c91f97f6f40be86e
GET /lv/esnk/1841679/code.js HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 23:36:55 GMT
content-type: application/javascript
last-modified: Wed, 07 Sep 2022 13:38:24 GMT
vary: Accept-Encoding
etag: W/"63189ed0-1e740"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dood.wf/
Content-Type: text/plain;charset=UTF-8
Origin: https://dood.wf
Content-Length: 1518
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 24 Sep 2022 23:37:14 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://dood.wf
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
sultingcoe.buzz/
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: sultingcoe.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 386
Origin: https://dood.wf
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
sultingcoe.buzz/
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: sultingcoe.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dood.wf/
Content-Type: text/plain;charset=UTF-8
Origin: https://dood.wf
Content-Length: 351
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
sultingcoe.buzz/
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: sultingcoe.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dood.wf/
Content-Type: text/plain;charset=UTF-8
Origin: https://dood.wf
Content-Length: 354
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8687
Expires: Sun, 25 Sep 2022 02:01:44 GMT
Date: Sat, 24 Sep 2022 23:36:57 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 39 kB IP
ASN #20940 Akamai International B.V.
Hash e924f94a3c79a3ecdfc74029456d6824
43a3457e37cf7d66e65391b20503c4b9ba1fea86
aa98fa8e7c553552f5575852fc4aec2f0bff9133589432c5e7b58ac29895c43c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8687
Expires: Sun, 25 Sep 2022 02:01:44 GMT
Date: Sat, 24 Sep 2022 23:36:57 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8687
Expires: Sun, 25 Sep 2022 02:01:44 GMT
Date: Sat, 24 Sep 2022 23:36:57 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 7038cca95198779d8bb479045eb56652
e9dcf9451e849f4d55b0909b33a51bd0b1a35296
0fc47dba3f2789b7c509a4916b1fe3c7b6b30c6778e5354742256125730310f3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8687
Expires: Sun, 25 Sep 2022 02:01:44 GMT
Date: Sat, 24 Sep 2022 23:36:57 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c48523c-250d-4030-8145-14c8967dc600.jpeg
200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c48523c-250d-4030-8145-14c8967dc600.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dfdacc8edea3c24dad020d7e9c11b3f4
2b6e37596e88b62f288dc8e8c937fd904fae28d5
338a44f3bcc01bdd197f037dd8f8bf58a18dea00127465488efe76fb72a6fdff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c48523c-250d-4030-8145-14c8967dc600.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8914
x-amzn-requestid: 8cfdc32e-f04a-4fd6-a1f1-632934a682fd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y-_EUHqJoAMF7MQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7881-14a6d8ef126409964607e0aa;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:37:05 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: kdF6En2vbJhRH1bkYMOuNm5XOIsT1qs3FE281N1SKn1FbyW-oNZsEw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:37:06 GMT
age: 7191
etag: "2b6e37596e88b62f288dc8e8c937fd904fae28d5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b8b1112-7394-4d92-9fc1-54f8e005817f.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b8b1112-7394-4d92-9fc1-54f8e005817f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 716068d10c9e3a16d3a8e727992f71ec
f18edf7b5080b39e00bde335c16ca0f771428e8e
5991be1a009df210adc123f9f8081f669368a3a1891305717fc40ead172917a3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3b8b1112-7394-4d92-9fc1-54f8e005817f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10845
x-amzn-requestid: b819b750-c0b1-46b1-9e6c-010912fa87b7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y-_EzFpWoAMFxdA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7884-3671ba9f0fc6b3e52e25f8a7;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:37:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: L6IiWD_BO-6-lBIZ-DGLVNr19LxOcEYX402OmOgqNRsbzbpfZWuhgw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:58:23 GMT
age: 5914
etag: "f18edf7b5080b39e00bde335c16ca0f771428e8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb442b904-290c-4a62-b7de-aadc1622cac4.jpeg
200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb442b904-290c-4a62-b7de-aadc1622cac4.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4ecc2a02c5bf02ae98849085d835b2dd
5fc6f043ab0929c95b84b78c9d03befbe0fadea0
ac308de6a557df495017c8cd16d431711daee7107686c1b74cd4e6f0e63de961
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb442b904-290c-4a62-b7de-aadc1622cac4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8883
x-amzn-requestid: 684fdd05-960b-42cb-8544-3347a4bf9b36
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y--PmEaqIAMFz4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632f7730-2642e1df108d0f7a5d98b126;Sampled=0
x-amzn-remapped-date: Sat, 24 Sep 2022 21:31:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Ww7Y221O3YKYU2YLj-uLBxsJoTTCvV4nZd1Vlh2DK1TAFv2BINUJ4w==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:37:05 GMT
age: 7192
etag: "5fc6f043ab0929c95b84b78c9d03befbe0fadea0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16a0ebb5-2746-43ce-9354-d29ae28778f1.jpeg
200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16a0ebb5-2746-43ce-9354-d29ae28778f1.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 75eb09cb0472d311d2deaf4475a2fb29
9e7b0fd5b7c45213e1808361867a254c8e313a30
c18626d0131533976be196823911d5146042e6bd8028389cb4f17a64ee0ec1e4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16a0ebb5-2746-43ce-9354-d29ae28778f1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7690
x-amzn-requestid: e50abd36-e3d6-4177-ad5a-57ef7f743e1b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yv2HqHJqIAMFe9w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63296a30-7de1ba3633620fed1eb26a04;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 07:22:24 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: N1964asC-XTl9uXwzmgOj5dqDU1mJPKyDl-ZTqhg6wFcDcZFG5ncNQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 17:44:34 GMT
age: 21143
etag: "9e7b0fd5b7c45213e1808361867a254c8e313a30"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 3-257, spot sensor temperature 0.000000, unit celsius, color scheme 0, show scale bar, calibration: offset 0.000000, slope 241253891388563521536.000000\012- data
Hash b3a72e81317074689a71dac7059e4b6a
b6d56333d7f1ea7ddc8838d84de498ff913c5464
e665a8821b5e7b2e78787647a08d629bf70cbf4cbfee2057c8601cf0565154a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1deb918e-bcb0-4629-aaa7-0ae0322969be.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12826
x-amzn-requestid: f075cf62-acfc-4bc1-be14-7c3dafb7aaed
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YfVRNFP-oAMFgrA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6322cf3a-184b678042d64ac9266b1128;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 07:07:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: W6ZD1652Yn1xqZG7ehDcirlYoG8Hcsrdj11Fzfgj7zb-OiU8xHj1gw==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 21:37:32 GMT
age: 7165
etag: "b6d56333d7f1ea7ddc8838d84de498ff913c5464"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3056f6d6-1a08-46ac-94a1-eb08e1b784e1.jpeg
200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3056f6d6-1a08-46ac-94a1-eb08e1b784e1.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9bbdad67489e993cebd23ffb04ebd02c
3a69c08b4d25d1dae1abbabd103d6d295a2f5425
ee3839246f3bada3e3190c240c8ac64d8012a87c062c5e006ed80a7edcd773a5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3056f6d6-1a08-46ac-94a1-eb08e1b784e1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7404
x-amzn-requestid: ef623ade-f397-40a9-b88d-0394f22a8d8b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YpOJPGYyoAMFVEA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6326c3d4-2da73ceb54b36ade5bf4ce1a;Sampled=0
x-amzn-remapped-date: Sun, 18 Sep 2022 07:08:04 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: jqPyyJr0H9dHTBuQb9Z8bNBwMXhBz5pz09u_j1R0Qpp-iGUGFXm0VQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 13:56:57 GMT
age: 34800
etag: "3a69c08b4d25d1dae1abbabd103d6d295a2f5425"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash af56ebb29d27fb6a049680fe85c8828b
235a3579a72192a6a1fc0366d6d8671e2630b9f5
68454f522f57ca84315459fbf178251544804533512e9bebb8a6e3f3bce12895
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 24 Sep 2022 23:37:01 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 22 Sep 2022 18:25:22 GMT
Expires: Thu, 29 Sep 2022 18:25:21 GMT
Etag: "235a3579a72192a6a1fc0366d6d8671e2630b9f5"
Cache-Control: max-age=412699,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74ff5876ad9d0b02-OSL
my.rtmark.net/gid.js
200 OK 65 B IP
File type JSON data\012- , ASCII text
Hash 31737a7939f7e1bf2c4ad4af18a461e3
7ae6038a24ab72e60fc15488039d43a617bd6465
306bf3528eeb70b4915b1b24f51841e9877a877c62539aa67b282d61dcf5feac
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.wf
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 23:37:01 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://dood.wf
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=35065a642d9e4ff380d71451d7a4bc42; expires=Sun, 24 Sep 2023 23:37:01 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
betotodilea.com/500/4857535?excludes=&oaid=35065a642d9e4ff380d71451d7a4bc42&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fdood.wf%2Fd%2Fl477559o37uh&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
200 OK 0 B URL HTTP/2 betotodilea.com/500/4857535?excludes=&oaid=35065a642d9e4ff380d71451d7a4bc42&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fdood.wf%2Fd%2Fl477559o37uh&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/4857535?excludes=&oaid=35065a642d9e4ff380d71451d7a4bc42&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fdood.wf%2Fd%2Fl477559o37uh&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://dood.wf/
Origin: https://dood.wf
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 23:37:01 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://dood.wf
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
betotodilea.com/500/4857535?excludes=&oaid=35065a642d9e4ff380d71451d7a4bc42&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fdood.wf%2Fd%2Fl477559o37uh&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
200 OK 14 kB URL HTTP/2 betotodilea.com/500/4857535?excludes=&oaid=35065a642d9e4ff380d71451d7a4bc42&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fdood.wf%2Fd%2Fl477559o37uh&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
Hash c74cd6449a03972fe99b93beb98f740f
24a2c3b7dcf95605c0e3efcf3c40fbcb3f623702
5fa1b0a037421981190592a36dc3b33bc5c7e1c5e5a3ce07c574054c544ed30f
GET /500/4857535?excludes=&oaid=35065a642d9e4ff380d71451d7a4bc42&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fdood.wf%2Fd%2Fl477559o37uh&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://dood.wf
Connection: keep-alive
Referer: https://dood.wf/
Cookie: OAID=c45aa334686646a985c084248b34cbab
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 23:37:01 GMT
content-type: application/javascript
x-trace-id: c046ad8a879652e0e356abb022d0b215
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://dood.wf
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=35065a642d9e4ff380d71451d7a4bc42; expires=Sun, 24 Sep 2023 23:37:01 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
alas4kanmfa6a4mubte.com/lv/esnk/1841674/code.js
200 OK 0 B URL HTTP/2 alas4kanmfa6a4mubte.com/lv/esnk/1841674/code.js
IP
GET /lv/esnk/1841674/code.js HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 23:36:55 GMT
content-type: application/javascript
last-modified: Wed, 07 Sep 2022 13:38:24 GMT
vary: Accept-Encoding
etag: W/"63189ed0-1e740"
x-js-ab1: current
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap
IP
GET /css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 24 Sep 2022 23:36:55 GMT
date: Sat, 24 Sep 2022 23:36:55 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
alas4kanmfa6a4mubte.com/get/1841674?zoneid=1841674&jp=_clyqd1mi4e6i7pmu6ufwdd&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8834780285556287
200 OK 0 B URL HTTP/2 alas4kanmfa6a4mubte.com/get/1841674?zoneid=1841674&jp=_clyqd1mi4e6i7pmu6ufwdd&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8834780285556287
IP
GET /get/1841674?zoneid=1841674&jp=_clyqd1mi4e6i7pmu6ufwdd&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8834780285556287 HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 23:36:55 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=220924183637f01562f2814798b3b344e0f0; Path=/; Expires=Sun, 24 Sep 2023 23:36:55 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
alas4kanmfa6a4mubte.com/get/1841679?zoneid=1841679&jp=_cl269xpsorjz8be7jtyx1f&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=6020030518453781
200 OK 0 B URL HTTP/2 alas4kanmfa6a4mubte.com/get/1841679?zoneid=1841679&jp=_cl269xpsorjz8be7jtyx1f&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=6020030518453781
IP
GET /get/1841679?zoneid=1841679&jp=_cl269xpsorjz8be7jtyx1f&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=6020030518453781 HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 24 Sep 2022 23:36:55 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=2209241836a5a7b5a6e65c45678629ef4ce5; Path=/; Expires=Sun, 24 Sep 2023 23:36:55 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
200 OK 0 B IP
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 23:36:56 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 6496
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BqOWZILcnzkGzAi0obalteJ%2BXRYDfUcv2xvTxlaQwQPnHCGSDwIyWdbJohWN0J6V401GAtsbbGw4%2B8jms66XrH8tMijHhSUY%2Bl2K%2BtwrbRlW87t4XCa5%2BewpKDbFeg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74ff58560f68b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dood.wf/d/l477559o37uh
200 OK 0 B IP
GET /d/l477559o37uh HTTP/1.1
Host: dood.wf
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sat, 24 Sep 2022 23:36:55 GMT
content-type: text/html; charset=UTF-8
expires: Fri, 23 Sep 2022 23:36:55 GMT
set-cookie: lang=1; domain=.dood.wf; path=/; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c5qzEMKLh6%2B%2Bp%2F6NIs6sS9tPjlYwsI7jD7lSqinSh8k4DcrAqz8PXlF2%2BHfvyqIxnoET7O7zEgXsIw%2ByDKrIMsZOTM0L41NFu3zUxqXIFxNjCOanuxBsJ0w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74ff58519cbdb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.doodcdn.co/theme_2/css/bootstrap.min.css
200 OK 0 B URL HTTP/2 i.doodcdn.co/theme_2/css/bootstrap.min.css
IP
GET /theme_2/css/bootstrap.min.css HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 23:36:55 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
vary: Accept-Encoding,User-Agent
cache-control: public, max-age=2592000
expires: Sun, 24 Sep 2023 08:10:07 GMT
access-control-allow-origin: *
cf-cache-status: HIT
age: 51688
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6tVdlz4lSkw8mmpEjzFZqcOb%2B%2Fr8DUUqHxrGbleBgRosRxVQjBZQ1l7Nv8h%2FwY5PdeJHYK8b1nBah3L%2B7laAFyDiHpbnCiTjVXp2zQ%2F%2B7nUp%2BWdv5IR%2Bpi7MAwV6yw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74ff58535ce60b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.doodcdn.co/theme_2/css/style.css?v=0.1
200 OK 0 B URL HTTP/2 i.doodcdn.co/theme_2/css/style.css?v=0.1
IP
GET /theme_2/css/style.css?v=0.1 HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 24 Sep 2022 23:36:55 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=249272
expires: Sun, 24 Sep 2023 08:47:56 GMT
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: HIT
age: 25779
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TzDuLsZHG57JELrEBg%2BnLZjgGAoDQrVCOu7093ggbZwEsvx5OjnkhuGR65ZnOnifP0YFXZJklTUR70u8i%2BHZa68FHqYMgAcm%2BWaS95xZMsii%2FwpoEqcNyzEnvhLq4g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74ff58536ce90b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
sultingcoe.buzz/aE1odjczb1FEAVB%2EWFQbSm9EVFFdKVlPBF8vRUQEDC9FQlYOfkVPUVl9RUcDDH1eTwdfLF4UBUphSkUAX3RdFw5fYFlHAwpgXEVWWWBRFVULYFBFAFkpC0BSX3pYFRVEbxsBFURvGwNbHCQGEVQHKEYUQhI3SloVWX1GQxVEKwkaRA1hDhdbGyhEEFYEPg0r
200 OK 0 B URL HTTP/2 sultingcoe.buzz/aE1odjczb1FEAVB%2EWFQbSm9EVFFdKVlPBF8vRUQEDC9FQlYOfkVPUVl9RUcDDH1eTwdfLF4UBUphSkUAX3RdFw5fYFlHAwpgXEVWWWBRFVULYFBFAFkpC0BSX3pYFRVEbxsBFURvGwNbHCQGEVQHKEYUQhI3SloVWX1GQxVEKwkaRA1hDhdbGyhEEFYEPg0r
IP
GET /aE1odjczb1FEAVB%2EWFQbSm9EVFFdKVlPBF8vRUQEDC9FQlYOfkVPUVl9RUcDDH1eTwdfLF4UBUphSkUAX3RdFw5fYFlHAwpgXEVWWWBRFVULYFBFAFkpC0BSX3pYFRVEbxsBFURvGwNbHCQGEVQHKEYUQhI3SloVWX1GQxVEKwkaRA1hDhdbGyhEEFYEPg0r HTTP/1.1
Host: sultingcoe.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
set-cookie: 8cd03f391f82d76d1315910bc0d4bf03=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
cache-control: public, max-age=86400
etag: W/"8445-QupF8XJXCJYb17hQaHA1SjN9f2E"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
0 B IP
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
pringed.space/aVdYSmwSdSs9MxwlNGhWSz8sPhwabXdlCAY4PGQbD3grPUIDJHpmTho6PmhWWHt6OQEfdWJoWEdnemZOHTY%2FFQUNdWJoVVthYHhcS3t6ORkLCDEuXktteixZDWZheVsLemp5CAt6bCsKWnphLF1Zeml%2BCFlhYXpbCGE6eE4U
200 OK 0 B URL HTTP/2 pringed.space/aVdYSmwSdSs9MxwlNGhWSz8sPhwabXdlCAY4PGQbD3grPUIDJHpmTho6PmhWWHt6OQEfdWJoWEdnemZOHTY%2FFQUNdWJoVVthYHhcS3t6ORkLCDEuXktteixZDWZheVsLemp5CAt6bCsKWnphLF1Zeml%2BCFlhYXpbCGE6eE4U
IP
Analyzer Verdict Alert fortinet Malware
GET /aVdYSmwSdSs9MxwlNGhWSz8sPhwabXdlCAY4PGQbD3grPUIDJHpmTho6PmhWWHt6OQEfdWJoWEdnemZOHTY%2FFQUNdWJoVVthYHhcS3t6ORkLCDEuXktteixZDWZheVsLemp5CAt6bCsKWnphLF1Zeml%2BCFlhYXpbCGE6eE4U HTTP/1.1
Host: pringed.space
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.wf/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
set-cookie: 3a1a5810e29568c5e482be3643ece737=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
etag: W/"e0f0-MUSm+nedseYnwdT3TiR0z2Rcd4w"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
172.67.75.223
139.45.197.237
23.36.77.32
62.122.171.6