dood.yt/e/69pb6m3cwa2y5jah04nz8itu38bur6ij
104.21.29.158302 Found 0 B URL HTTP/2 dood.yt/e/69pb6m3cwa2y5jah04nz8itu38bur6ij
IP 104.21.29.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /e/69pb6m3cwa2y5jah04nz8itu38bur6ij HTTP/1.1
Host: dood.yt
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Thu, 23 Mar 2023 04:36:50 GMT
content-length: 0
set-cookie: lang=1; domain=.dood.yt; path=/
referer=; domain=.dood.yt; path=/; expires=Thu, 23-Mar-2023 04:37:50 GMT
location: /e/496v7y7iwx8qlwfa4mhtf7h6kqzuc0h
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I%2FPOwaXZND7Xw6po1iEMJjculKg4rvxrGYPZroJ2iIIvooVatcf4%2FeqnDrr4EmDfMC1fYl6CmWTAHQCetkTRFfBLyri6iOaodYxH%2FbgAnORsOey5uZ4pYQpx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ac3f9c51942b4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bea3185dd820a31c1981317f37c3456d
1a548a5d27270fc11df9011837a7149571cedd78
469b97bf9f57401b3c9571039483589f2815f4794212b75c7c85cfefe0ae71e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9"
Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10783
Expires: Thu, 23 Mar 2023 07:36:33 GMT
Date: Thu, 23 Mar 2023 04:36:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 210a2a42cfc4f4aced144f5de9babcc6
ece6ecfb2db8d036c3bfc7f02f8ea387e3f965db
59553a312d3fb34f1f0aea469f7e7cc810ff9993481ddbd73ea5d461cf97ed51
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "59553A312D3FB34F1F0AEA469F7E7CC810FF9993481DDBD73EA5D461CF97ED51"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10738
Expires: Thu, 23 Mar 2023 07:35:48 GMT
Date: Thu, 23 Mar 2023 04:36:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 51a5d4696a6090c295850554508b51ce
c44e143c2223546e64b19f543b8101aaf3b11e97
8794223d5e8d4d276c35e2fdcc24bf99694240634dd749cd9b5bf874dec055cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8794223D5E8D4D276C35E2FDCC24BF99694240634DD749CD9B5BF874DEC055CF"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13583
Expires: Thu, 23 Mar 2023 08:23:13 GMT
Date: Thu, 23 Mar 2023 04:36:50 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Alert, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 23 Mar 2023 04:15:05 GMT
content-type: application/json
age: 1305
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: wJFUEDZS4EduDQJ/ie+xrUOUZVWZ99uHI5tQF2XaHZl/DEAuwV8eUa6cSpRl/78XVFraUnnFzT0=
x-amz-request-id: WJ1GTPJQXSYRVMRD
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 23 Mar 2023 03:59:47 GMT
age: 2223
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 04:36:50 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
104.17.24.14200 OK 28 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (65451)
Hash 4b5f47439b640180cc3450f7de05d0d8
5a0dc9bcab80ddc409dd35fcb00a88fe6846fee2
1f85e8b327f42c17c025d69849914068536d9aa95412fe473ae90ffb2f4ebd82
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.yt/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 04:36:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 5392669
expires: Tue, 12 Mar 2024 04:36:50 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6YlM62lexBQmgip0FnyOz%2F2OrYN%2BgKxHmdiOlHhFivOjqrgcgkZy5pjMKt09piu%2FL3ntLMJJpPg5r1zJ7s%2FHCkTj8sbBDatJCaEj2DMjaIVehg1n2k%2F2HJwMbOCcWR6kBDHzFXXs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7ac3f9c8d8defac0-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
104.17.24.14200 OK 591 B URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (1266)
Hash 414869f16aa77a65b4928a018f7f1abb
cea521f7a2958a50239526ed6b068f0937527653
afee364ce513c6517247b81cce5eb5eadb1dbbb35e439eb3fa97bbc15fac2cd3
GET /ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.yt/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 04:36:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 591
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec1-514"
last-modified: Mon, 04 May 2020 16:11:45 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 12140103
expires: Tue, 12 Mar 2024 04:36:50 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rcvl3Rnig%2FAwNi4lilURs8GIRhL0%2FNyTKWvIlIZkyJmEmTbItHetVvkneRvb4FFJLJrrwSfplZhGusP7xiyG%2FXVYM0AKhtYno4j2xsiUPqSdj72benA1cduMVquVzYq1DofNNpbi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7ac3f9c8d8dffac0-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.doodcdn.co/css/embed.css
104.26.7.74200 OK 80 kB URL HTTP/2 i.doodcdn.co/css/embed.css
IP 104.26.7.74:0
File type Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash 010e9740f2148647b93ae896d452119c
888e44accbd7e78a0654fd4eaf7541269d95e4e9
d33d9d5fc2eef77dd7cda0770e9bc8213f058f2ead19b7d9b7ed731bcd081a47
GET /css/embed.css HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.yt/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 04:36:50 GMT
content-type: text/css
content-length: 79720
access-control-allow-origin: *
cache-control: public, max-age=2592000, no-transform
cf-bgj: minify
cf-polished: origSize=79890
etag: "61d3187c-13812"
expires: Fri, 21 Apr 2023 06:48:55 GMT
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
cf-cache-status: HIT
age: 78328
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EeJg8WiCdx8dn8bqF8JadTSVMgoXdSdZo7WkfPjzvUZtKd25g3WonKktP77pYJKkDElqMfMcOW5F7SJkBbqkSq8dUiW%2BO0U35Jwc%2BpkNxo531Qk2VXAEq1b3zFtCzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac3f9c92a05b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.doodcdn.co/img/no_video_3.svg
104.26.7.74200 OK 38 kB URL HTTP/2 i.doodcdn.co/img/no_video_3.svg
IP 104.26.7.74:0
Hash c68f419bbe5a8693aa8294dad72d2b2f
bec03e7339e0f31afa1bb63f6c4c9cd70d80450c
3bcb805bd1fb6499f75f6e71ad5c1b0f648fbc2b9c27a4ba3b7a503a868c8c17
GET /img/no_video_3.svg HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.yt/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 04:36:50 GMT
content-type: image/svg+xml
content-length: 2812
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
etag: "61d3187c-afc"
expires: Thu, 20 Apr 2023 08:39:36 GMT
cache-control: public, max-age=2592000, no-transform
access-control-allow-origin: *
cf-cache-status: HIT
age: 78328
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WIRXj2CW920bjiFxVt%2BbYGbja8S%2BFVbcL9pm4ECKOmeAMdJnGJeWz%2F9SMKVJXLQW7%2FJOAOetSbMb1w3fsqgREw7bYm%2F4pljvhfBbCWzY6%2FhTzO6PXV1iccr86RzIGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac3f9c92a02b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.doodcdn.co/ads/ad.js
104.26.7.74200 OK 18 B IP 104.26.7.74:0
File type ASCII text, with no line terminators
Hash 071c641b229d2bfadd243b8fa2a9c88d
4048ed3ad506f9bb9052c23283912d0cfea8bcc6
3716878d3ceb2042b22c092b31c6f43cc862f8464e92ddde416a49624b32716e
GET /ads/ad.js HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.yt/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 04:36:50 GMT
content-type: application/javascript
content-length: 18
access-control-allow-origin: *
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=20
expires: Thu, 21 Mar 2024 06:48:55 GMT
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
vary: User-Agent,Accept-Encoding
cf-cache-status: HIT
age: 78328
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3k8D3S3PhAexDO3l8vpwtr%2FXTUFerurbXeYtix7ryn9XkCjBJ%2FtvZ%2BqedJE3jgiUbuvqqJi3cFDlg4yO%2BSW0hV0L6zg0UZkpNxQTdhUc7O45V9GpGha1qbrz1jnZ6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ac3f9c92a03b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.doodcdn.co/js/embed2.js
104.26.7.74200 OK 339 kB URL HTTP/2 i.doodcdn.co/js/embed2.js
IP 104.26.7.74:0
File type Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Size 339 kB (339271 bytes)
Hash cac27d72c22014f70500e507a7a82231
edcac36287bfc654b2ee6c0fe0727cdc725a9fe5
01c49e02b98bc8a4275650b65787cdd100c362abc7e54e8b9e99396b6117c2c6
GET /js/embed2.js HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.yt/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 04:36:50 GMT
content-type: application/javascript
content-length: 339271
access-control-allow-origin: *
cache-control: public, max-age=2592000, no-transform
cf-bgj: minify
cf-polished: origSize=339527
etag: "61d3187c-52e47"
expires: Fri, 21 Apr 2023 06:48:55 GMT
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
cf-cache-status: HIT
age: 78328
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tvymRUg7DGK%2Bpy1MIOXE3e3o8%2Fu2enQuZvkOMnL2r%2B81uL968zFAkiYYjaW279xZ%2FEEgaEv2OktPt1FxkQUMy26x1zQ2U5i0YIRZnUziDCbWDx1bFerTyBcT5su1bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac3f9c92a00b527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.doodcdn.co/splash/kwpc9wtgekausw3p.jpg
104.26.7.74200 OK 103 kB URL HTTP/2 img.doodcdn.co/splash/kwpc9wtgekausw3p.jpg
IP 104.26.7.74:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1264x715, components 3\012- data
Size 103 kB (103006 bytes)
Hash 392fa8b56c36958e9b96eaba7e0625c2
795bd9c32d8e801bdedf394de9df85c5297dd2d6
3e356b2f3a6040df043663f30c42a3b6128680cfde151ed9a2672bc2c770e98f
GET /splash/kwpc9wtgekausw3p.jpg HTTP/1.1
Host: img.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.yt/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 04:36:50 GMT
content-type: image/jpeg
content-length: 103006
access-control-allow-origin: *
cache-control: max-age=1209600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=103824, status=webp_bigger
etag: "641ae1f5-19590"
expires: Wed, 05 Apr 2023 11:48:34 GMT
last-modified: Wed, 22 Mar 2023 11:09:41 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l8%2BJ5qM6SkW%2FCRhEV5eKmTwakaxtb7rtdmJrjvnFqSc7%2B1LIWqaSV%2BcyhNryXori%2FzYL3OMz9Cn4%2FtJiyxAoOsi6CRVATS9qqlmC5%2BSwbPfNQHM9cd9%2FB0wbl1rt5jZt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac3f9c92a0bb527-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
d1f05vr3sjsuy7.cloudfront.net/?srvfd=908056
54.230.245.27200 OK 96 kB URL HTTP/2 d1f05vr3sjsuy7.cloudfront.net/?srvfd=908056
IP 54.230.245.27:0
File type Unicode text, UTF-8 text, with very long lines (15948)
Hash ec33825c8f8c7a93f972297aa757eb1a
96852bc9783de50ed08c655d078e2588b4cc56d7
b3290959be8a1be2b77ff4d1310752d13d922dbb46e24ba1505b1efe62b2b026
GET /?srvfd=908056 HTTP/1.1
Host: d1f05vr3sjsuy7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.yt/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 96173
date: Thu, 23 Mar 2023 04:36:50 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uC85pZW7LRNIIkGTipLkMrILG58TwWo_W4qTMS40idNKUqZ3SmHeDg==
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Retry-After, Content-Length, Alert, Cache-Control, Expires, Content-Type, Backoff, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 23 Mar 2023 04:14:33 GMT
age: 1338
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 99d8bc78a3c3513b89a1060f0a1089f8
577f83ec84bfc2f3776579d6d835b03d7b21a4ac
cd81f3eea29bc080c417dc01d85e4344c7a9ff2d7d998ea3615f1c84e6d2115c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CD81F3EEA29BC080C417DC01D85E4344C7A9FF2D7D998EA3615F1C84E6D2115C"
Last-Modified: Tue, 21 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19458
Expires: Thu, 23 Mar 2023 10:01:09 GMT
Date: Thu, 23 Mar 2023 04:36:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9d02ec7b55ad0e3adfd21e53b06b4a06
f8591f2b3e18cbcdd4211525589574561426085c
e916e970ad34e7dd1ed58ada05c3b265ac83be5526198ed4653191c5dc7a1fba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E916E970AD34E7DD1ED58ADA05C3B265AC83BE5526198ED4653191C5DC7A1FBA"
Last-Modified: Tue, 21 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19461
Expires: Thu, 23 Mar 2023 10:01:12 GMT
Date: Thu, 23 Mar 2023 04:36:51 GMT
Connection: keep-alive
ausoafab.net/5/5495238/?oo=1&aab=1
139.45.197.239200 OK 97 B URL HTTP/2 ausoafab.net/5/5495238/?oo=1&aab=1
IP 139.45.197.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 5a876de35158c6841e872d82e16efecd
c6a44b1474a94f06c6fa1ebfafed32c2eab7a158
765ee3fc32b082fa0df114cbf021fe7ef55c8290324e520e35ec7b0e930727b6
GET /5/5495238/?oo=1&aab=1 HTTP/1.1
Host: ausoafab.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.yt
Connection: keep-alive
Referer: https://dood.yt/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 04:36:51 GMT
content-type: application/json
content-length: 97
x-trace-id: eb719477a453fc99801cd6f943192c49
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://dood.yt
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=bb57b9f04535495f9d3f6fcfd18c12e9; expires=Fri, 22 Mar 2024 04:36:51 GMT; path=/; secure; SameSite=None
oaidts=1679546211; expires=Fri, 22 Mar 2024 04:36:51 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
ishedtotigai.info/NVd2TWcaaBU+WmwtLBsqWRUuDFVWFi98LnA1JwMIYDBPJCZiPFA5DlFqT31fBWJAaxdcM0t8QUYjFzkSRmpHaw5bMRlwQUNqR2NUAXlFf0kHcQNwVhMjBiwACGZQPRNBO0t8UQJuQ3lRB2ZOflUE
104.21.11.226204 No Content 0 B URL HTTP/2 ishedtotigai.info/NVd2TWcaaBU+WmwtLBsqWRUuDFVWFi98LnA1JwMIYDBPJCZiPFA5DlFqT31fBWJAaxdcM0t8QUYjFzkSRmpHaw5bMRlwQUNqR2NUAXlFf0kHcQNwVhMjBiwACGZQPRNBO0t8UQJuQ3lRB2ZOflUE
IP 104.21.11.226:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /NVd2TWcaaBU+WmwtLBsqWRUuDFVWFi98LnA1JwMIYDBPJCZiPFA5DlFqT31fBWJAaxdcM0t8QUYjFzkSRmpHaw5bMRlwQUNqR2NUAXlFf0kHcQNwVhMjBiwACGZQPRNBO0t8UQJuQ3lRB2ZOflUE HTTP/1.1
Host: ishedtotigai.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.yt/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Thu, 23 Mar 2023 04:36:51 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p%2BUFQSawFoaLxL0iQa51mbkLuQLup%2BL8YODbnPKMEtmpdpc71Q%2Fn2rHlwBjtNAGPJHNezJqV%2FnjDM%2BXLQEuXJLdHhS6CFSmXvmJ6O%2Fm3meCq54bCJnx2b2bUN24Ij1fZo6RoVg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ac3f9cc0901b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 050ca4dc2182e0a27573b0d9f32b7834
bec14dc5af0d0b32210470673511acd8db404308
b6129b9d1848f75265dca4446c5399927bdaf15c7b49c083765847b0fe276eaf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B6129B9D1848F75265DCA4446C5399927BDAF15C7B49C083765847B0FE276EAF"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8323
Expires: Thu, 23 Mar 2023 06:55:34 GMT
Date: Thu, 23 Mar 2023 04:36:51 GMT
Connection: keep-alive
ausoafab.net/tag.min.js
139.45.197.239200 OK 23 kB IP 139.45.197.239:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash c62a63d6a7d335fd4686fe20e147143d
c08cf1705e0b6d672c572a44e305e020f7732638
1840014c5d0155ee533d1e4e3d3fc25e30e3d193a07f2d2444e09572d49bd89a
Analyzer Verdict Alert fortinet Malware
GET /tag.min.js HTTP/1.1
Host: ausoafab.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.yt/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 04:36:51 GMT
content-type: text/javascript; charset=utf-8
content-length: 23299
content-encoding: br
x-trace-id: 6ec902898e044258dd8c3c0865f27b1a
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Tue, 21 Mar 2023 13:00:59 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ishedtotigai.info/RHFYV1RrTjskaRE5Dhg2Pj8/Bhw8Kxo6OAUXHjwSHRoSYwMFOH4jPSBMYWBgdkVrcSQtFWVmbGICLDYgMQJlZnItHz44aWIHZWZ6dF9qeWdiBGVmcjABOTBpdVcoIyAoTGlhY31EbGFmdUlrZGc
104.21.11.226204 No Content 0 B URL HTTP/2 ishedtotigai.info/RHFYV1RrTjskaRE5Dhg2Pj8/Bhw8Kxo6OAUXHjwSHRoSYwMFOH4jPSBMYWBgdkVrcSQtFWVmbGICLDYgMQJlZnItHz44aWIHZWZ6dF9qeWdiBGVmcjABOTBpdVcoIyAoTGlhY31EbGFmdUlrZGc
IP 104.21.11.226:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /RHFYV1RrTjskaRE5Dhg2Pj8/Bhw8Kxo6OAUXHjwSHRoSYwMFOH4jPSBMYWBgdkVrcSQtFWVmbGICLDYgMQJlZnItHz44aWIHZWZ6dF9qeWdiBGVmcjABOTBpdVcoIyAoTGlhY31EbGFmdUlrZGc HTTP/1.1
Host: ishedtotigai.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.yt/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 23 Mar 2023 04:36:51 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q4kDabJ%2Bbtu8aF6LACkpKmTbfVubcw8R2uMlk5%2Bc%2FrlEuupnggBVBaHkd5hF1k8e2guYYQy19NqNJFzDSNUX2HExqSr29JwGw%2BJaw5%2BDF%2FoaOhDSbDkXbx2%2BpDYKDQS0zz7RWg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ac3f9cc3916b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ishedtotigai.info/dEFWaEZbfjUbezpxIhojMzYeDiocAA4fHFFzFD12TSUUIDInEgBQYAAoMlV/RHBkXX5SMT8Me0Z4cBsyFTUjG3tFZz8GIBt8cB57RW9mRnBEb2VOM0lwcBw2FSZrWWAENSIEe0V3YVFzQHdkWX5HdWc
104.21.11.226204 No Content 0 B URL HTTP/2 ishedtotigai.info/dEFWaEZbfjUbezpxIhojMzYeDiocAA4fHFFzFD12TSUUIDInEgBQYAAoMlV/RHBkXX5SMT8Me0Z4cBsyFTUjG3tFZz8GIBt8cB57RW9mRnBEb2VOM0lwcBw2FSZrWWAENSIEe0V3YVFzQHdkWX5HdWc
IP 104.21.11.226:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dEFWaEZbfjUbezpxIhojMzYeDiocAA4fHFFzFD12TSUUIDInEgBQYAAoMlV/RHBkXX5SMT8Me0Z4cBsyFTUjG3tFZz8GIBt8cB57RW9mRnBEb2VOM0lwcBw2FSZrWWAENSIEe0V3YVFzQHdkWX5HdWc HTTP/1.1
Host: ishedtotigai.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.yt/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 23 Mar 2023 04:36:51 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OQDa4ba4EOnbwQU%2Bc6ZxRxDH3L0cWQMJwsZUuZ7AOBZ83H7X%2FX%2BxYXxb4tus2kX0W6g9YZZQW8Vo5sEHCWk%2BBC5JAgDTOoAuDf1G3Iv%2FiMjlsE6jRAB73Tax%2BMpBGAwaq6SQ5A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ac3f9cc391eb51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash f2291e02f435b0bdb6011e603864baad
19ae57ac8d9ea408223585681b9e2817e1f62bc7
d5663bc90dbebbaf53efee21e092f700f54a4b7325cb1b6592143b1b91b17034
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 04:36:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash f2291e02f435b0bdb6011e603864baad
19ae57ac8d9ea408223585681b9e2817e1f62bc7
d5663bc90dbebbaf53efee21e092f700f54a4b7325cb1b6592143b1b91b17034
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 04:36:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tanceteventu.com/MDhzSThRWhAkB1EFEW9NQlRObAp2HUEPXAFeQ3xOQgsAI0tFQURnW1xXBi1eQlcdPRZeXQdsCnZ6JQx1SGErCAt8fksBbEl5Ah9uSHIpAXF0bjYhQXttOgZwWWpWe3pmeSIwf0dhNQtqfV42J21/ex0AC2NPJQdid24XCHoEQhUhW3VwGS0dAnoyDFtidTAMdWZuKi51AQw4HWwETyUbU3d3ICFidnoDMHZcehABbEMNJAgIU3YkEHx6CCV/W0hqJxhwRwgkCABldwkbe2J9OSJ0ZW42GFViQTIcAXFbKwtCYn05InZ2XyMbVXJVMiB2ZmIdB3JmCCExW3gVPQxpXWkLGwhifDURcXJuNXxTUVAhHWl0dR4cX19eEBF+A21DC1RTTzUYaXduHggJdW8jHX5legtxS2pfPidpZ2pBAQl2bzoRDHEeGTpXXkhOLF1ydzZ9XFNzIg1XSg
18.66.147.111200 OK 1.2 kB URL HTTP/2 tanceteventu.com/MDhzSThRWhAkB1EFEW9NQlRObAp2HUEPXAFeQ3xOQgsAI0tFQURnW1xXBi1eQlcdPRZeXQdsCnZ6JQx1SGErCAt8fksBbEl5Ah9uSHIpAXF0bjYhQXttOgZwWWpWe3pmeSIwf0dhNQtqfV42J21/ex0AC2NPJQdid24XCHoEQhUhW3VwGS0dAnoyDFtidTAMdWZuKi51AQw4HWwETyUbU3d3ICFidnoDMHZcehABbEMNJAgIU3YkEHx6CCV/W0hqJxhwRwgkCABldwkbe2J9OSJ0ZW42GFViQTIcAXFbKwtCYn05InZ2XyMbVXJVMiB2ZmIdB3JmCCExW3gVPQxpXWkLGwhifDURcXJuNXxTUVAhHWl0dR4cX19eEBF+A21DC1RTTzUYaXduHggJdW8jHX5legtxS2pfPidpZ2pBAQl2bzoRDHEeGTpXXkhOLF1ydzZ9XFNzIg1XSg
IP 18.66.147.111:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3044), with no line terminators
Hash fa2f90bd4340d52d3880385d4c94aceb
9b4f311be23cb1a4fcbf00094d6d3303212471ad
01a752e43e93dd3af309340db58784d952cc2669ff3fcd56a08bc2e6aa690e26
GET /MDhzSThRWhAkB1EFEW9NQlRObAp2HUEPXAFeQ3xOQgsAI0tFQURnW1xXBi1eQlcdPRZeXQdsCnZ6JQx1SGErCAt8fksBbEl5Ah9uSHIpAXF0bjYhQXttOgZwWWpWe3pmeSIwf0dhNQtqfV42J21/ex0AC2NPJQdid24XCHoEQhUhW3VwGS0dAnoyDFtidTAMdWZuKi51AQw4HWwETyUbU3d3ICFidnoDMHZcehABbEMNJAgIU3YkEHx6CCV/W0hqJxhwRwgkCABldwkbe2J9OSJ0ZW42GFViQTIcAXFbKwtCYn05InZ2XyMbVXJVMiB2ZmIdB3JmCCExW3gVPQxpXWkLGwhifDURcXJuNXxTUVAhHWl0dR4cX19eEBF+A21DC1RTTzUYaXduHggJdW8jHX5legtxS2pfPidpZ2pBAQl2bzoRDHEeGTpXXkhOLF1ydzZ9XFNzIg1XSg HTTP/1.1
Host: tanceteventu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.yt/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1195
date: Thu, 23 Mar 2023 04:36:51 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 da78abc509aafffb42eec33ca2dc60d4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-cf-id: rtRigyKIxs3_CTZC13PWVXV_c8gis50On-8x7chKEwTT_jNl6FEUog==
X-Firefox-Spdy: h2
tanceteventu.com/OVBRdXRYMjIYS1htM1MBSzxsUEZ/dWMzEAg2YUACS2MiHwdMKWZbF1U/JBESSz8/AVpXNSVQRn8kHCEuVQo8HSduASI0IgkGNzQiTQIQJEFvBWBBLGESCD82UhUdPB58aQAbF20WAwU1XDciJTB7NBI9A3MGECc1cxImLyN6YBwxNlUZHSMxeBoHIyZgBTpAMms3PjsibyQXNCYNNQkzRHcVJjwsaCcDFzZvZRwxNVYVBDc6YRkXRRJ7OxMgI3s8EzE1Xh0JHjFuAWAaNm4SFzEjXhUZIyFRCRc0IVcBYBo2aAEmPCxeBQUjHWseEAItXQUXAiF7A3wRMG43FzAxCR4zFjVdBgRFLXsYYTchbhYLITZeYBkzNWg6BzMTeBI9IyxuERAhIggJHiIxaBEQNBBzFWAWE24BFDEnCAoeJzVNBXcfB1Y+IUgzbgUiNAJKIiA5GlA0
18.66.147.111200 OK 1.2 kB URL HTTP/2 tanceteventu.com/OVBRdXRYMjIYS1htM1MBSzxsUEZ/dWMzEAg2YUACS2MiHwdMKWZbF1U/JBESSz8/AVpXNSVQRn8kHCEuVQo8HSduASI0IgkGNzQiTQIQJEFvBWBBLGESCD82UhUdPB58aQAbF20WAwU1XDciJTB7NBI9A3MGECc1cxImLyN6YBwxNlUZHSMxeBoHIyZgBTpAMms3PjsibyQXNCYNNQkzRHcVJjwsaCcDFzZvZRwxNVYVBDc6YRkXRRJ7OxMgI3s8EzE1Xh0JHjFuAWAaNm4SFzEjXhUZIyFRCRc0IVcBYBo2aAEmPCxeBQUjHWseEAItXQUXAiF7A3wRMG43FzAxCR4zFjVdBgRFLXsYYTchbhYLITZeYBkzNWg6BzMTeBI9IyxuERAhIggJHiIxaBEQNBBzFWAWE24BFDEnCAoeJzVNBXcfB1Y+IUgzbgUiNAJKIiA5GlA0
IP 18.66.147.111:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3044), with no line terminators
Hash d43a1efd690de596367e28d22a385b95
034e44f8f34215776b97e80835ab88bdada308b5
4c57ec1051ee94c92f7ffa96ff35f30c84dfb7fafb654eb0d8d5ce28a9191bd8
GET /OVBRdXRYMjIYS1htM1MBSzxsUEZ/dWMzEAg2YUACS2MiHwdMKWZbF1U/JBESSz8/AVpXNSVQRn8kHCEuVQo8HSduASI0IgkGNzQiTQIQJEFvBWBBLGESCD82UhUdPB58aQAbF20WAwU1XDciJTB7NBI9A3MGECc1cxImLyN6YBwxNlUZHSMxeBoHIyZgBTpAMms3PjsibyQXNCYNNQkzRHcVJjwsaCcDFzZvZRwxNVYVBDc6YRkXRRJ7OxMgI3s8EzE1Xh0JHjFuAWAaNm4SFzEjXhUZIyFRCRc0IVcBYBo2aAEmPCxeBQUjHWseEAItXQUXAiF7A3wRMG43FzAxCR4zFjVdBgRFLXsYYTchbhYLITZeYBkzNWg6BzMTeBI9IyxuERAhIggJHiIxaBEQNBBzFWAWE24BFDEnCAoeJzVNBXcfB1Y+IUgzbgUiNAJKIiA5GlA0 HTTP/1.1
Host: tanceteventu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.yt/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1190
date: Thu, 23 Mar 2023 04:36:51 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 da78abc509aafffb42eec33ca2dc60d4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-cf-id: Dvcp7i0UaDQfe5hBaiRkDpQOToVmNuiJb-Hp8I-RA5D9gUmBiuzL_g==
X-Firefox-Spdy: h2
tanceteventu.com/TldTaHEvNTAFTi9qMU4EPDtuTUMIcmEuFX8xY10HPGQgAgI7LmRGEiI4JgwXPDg9HF8gMidNQwgUATArDQ49DxwJBCQtIzQSNSIddxUwAzs5ATgcGwYTFiY3JAEfKzMHLxUPJDcRO1waBxUGIz8dJAEMNB8aAxA7a2UVPR16JxURBggFBCUlAhYVLhUIFjkqGT5jAgUgFhALDxMCBTQ6Ohw4OTpBIRMCWgkdDwsMNi8/Bjo6Nh4nLiA6MAEgOAMTFCo0LTsdIRB+DT09JT4wASA4GBIAHDAqPDckM38ZJD0WDC0CBRUcGD4qNC0/EicoCwIXPUEmIAQgXAQbCzAVCR0CCxMCPz8GJApiYDofAAQAICMJNGMMOioFEho0DGc5LyU+HwAPPwY0PwwmKgESWyl+PHUCAiE5I1U7Ph4AGwE6MTI+JiYaPQ9H
18.66.147.111200 OK 1.5 kB URL HTTP/2 tanceteventu.com/TldTaHEvNTAFTi9qMU4EPDtuTUMIcmEuFX8xY10HPGQgAgI7LmRGEiI4JgwXPDg9HF8gMidNQwgUATArDQ49DxwJBCQtIzQSNSIddxUwAzs5ATgcGwYTFiY3JAEfKzMHLxUPJDcRO1waBxUGIz8dJAEMNB8aAxA7a2UVPR16JxURBggFBCUlAhYVLhUIFjkqGT5jAgUgFhALDxMCBTQ6Ohw4OTpBIRMCWgkdDwsMNi8/Bjo6Nh4nLiA6MAEgOAMTFCo0LTsdIRB+DT09JT4wASA4GBIAHDAqPDckM38ZJD0WDC0CBRUcGD4qNC0/EicoCwIXPUEmIAQgXAQbCzAVCR0CCxMCPz8GJApiYDofAAQAICMJNGMMOioFEho0DGc5LyU+HwAPPwY0PwwmKgESWyl+PHUCAiE5I1U7Ph4AGwE6MTI+JiYaPQ9H
IP 18.66.147.111:0
Hash 19d69faa6056d51ad5a5652587e5a002
b6fbf485d3d4bf1c7d85b2b95bc2282e175daa41
5ef28bdc394e343c5922e5278eddd7191a0cc44d7856ef31c3ba01314c900af5
GET /TldTaHEvNTAFTi9qMU4EPDtuTUMIcmEuFX8xY10HPGQgAgI7LmRGEiI4JgwXPDg9HF8gMidNQwgUATArDQ49DxwJBCQtIzQSNSIddxUwAzs5ATgcGwYTFiY3JAEfKzMHLxUPJDcRO1waBxUGIz8dJAEMNB8aAxA7a2UVPR16JxURBggFBCUlAhYVLhUIFjkqGT5jAgUgFhALDxMCBTQ6Ohw4OTpBIRMCWgkdDwsMNi8/Bjo6Nh4nLiA6MAEgOAMTFCo0LTsdIRB+DT09JT4wASA4GBIAHDAqPDckM38ZJD0WDC0CBRUcGD4qNC0/EicoCwIXPUEmIAQgXAQbCzAVCR0CCxMCPz8GJApiYDofAAQAICMJNGMMOioFEho0DGc5LyU+HwAPPwY0PwwmKgESWyl+PHUCAiE5I1U7Ph4AGwE6MTI+JiYaPQ9H HTTP/1.1
Host: tanceteventu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.yt/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1182
date: Thu, 23 Mar 2023 04:36:51 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 da78abc509aafffb42eec33ca2dc60d4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-cf-id: 48rxNB7sSHNVyk0vlflJws2uoO9-ADfPKxwZty7Un2d1JA_UDRldYg==
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 6e965ba75b84abf96ca0d83da48d2fbb
4c2eb4c06cabee4d0f0606e88e9e074e2f767168
4b39bfe671df590e9c5baf75008d76f4272d8ffbafd7108e7592f8165b6806c6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6373
Cache-Control: max-age=127334
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 04:36:51 GMT
Etag: "641b0ce4-1d7"
Expires: Fri, 24 Mar 2023 15:59:05 GMT
Last-Modified: Wed, 22 Mar 2023 14:12:52 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 471
tanceteventu.com/utx?cb=sM0pdq7pKkWY&top=dood.yt&tid=908056
18.66.147.111204 No Content 0 B URL HTTP/2 tanceteventu.com/utx?cb=sM0pdq7pKkWY&top=dood.yt&tid=908056
IP 18.66.147.111:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=sM0pdq7pKkWY&top=dood.yt&tid=908056 HTTP/1.1
Host: tanceteventu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.yt
Connection: keep-alive
Referer: https://dood.yt/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 23 Mar 2023 04:36:51 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://dood.yt
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 23 Mar 2023 04:37:51 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 da78abc509aafffb42eec33ca2dc60d4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-cf-id: xbtK80A3XGkLW6CWPuVS416Rrc8syA2vIFWJGxVGEDXq7H4w4Q2bYQ==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 9f0607231b4674d2bfb5a6798b0b4093
6c14f5c952e413365703144951b09b7126ff8e2d
869816689cb9507d294d69f953e8ea33452a177d405816ad86f729b123ceaa98
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 04:36:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fj463co.dood.video/favicon.ico?i
141.94.141.188200 OK 15 kB URL HTTP/1.1 fj463co.dood.video/favicon.ico?i
IP 141.94.141.188:0
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash 30d3656f43c817e38c3e7d70b2bfbdad
1aa43b43755e7cba5e145d0978517f7bedad7da6
a558a4796f60f07743027eec96b538b2e7758cca8c544ed796ff745837478555
GET /favicon.ico?i HTTP/1.1
Host: fj463co.dood.video
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 04:36:51 GMT
Content-Type: image/vnd.microsoft.icon
Content-Length: 15406
Connection: keep-alive
Last-Modified: Sat, 29 Feb 2020 09:26:04 GMT
ETag: "3c2e-59fb38b06e300"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
tanceteventu.com/utx?cb=18cTjUrjTNeN&top=dood.yt&tid=901258
18.66.147.111204 No Content 0 B URL HTTP/2 tanceteventu.com/utx?cb=18cTjUrjTNeN&top=dood.yt&tid=901258
IP 18.66.147.111:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=18cTjUrjTNeN&top=dood.yt&tid=901258 HTTP/1.1
Host: tanceteventu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.yt
Connection: keep-alive
Referer: https://dood.yt/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 23 Mar 2023 04:36:51 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://dood.yt
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 23 Mar 2023 04:37:51 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 da78abc509aafffb42eec33ca2dc60d4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amz-cf-id: LfYl39i7PBXo3An_W33ZkG3ls9jGeKMMVaRs3GiDjABiIJP1iT7Ymw==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 958f762c57254c5515636063a33012df
4eb1e8242d043644572b5ed03a235c6a539bf5a6
15cc5b2a74602267d1de8eb5109246787f0f2c037a89ea9bf51bacb448cd0a84
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "15CC5B2A74602267D1DE8EB5109246787F0F2C037A89EA9BF51BACB448CD0A84"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4322
Expires: Thu, 23 Mar 2023 05:48:53 GMT
Date: Thu, 23 Mar 2023 04:36:51 GMT
Connection: keep-alive
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 6e965ba75b84abf96ca0d83da48d2fbb
4c2eb4c06cabee4d0f0606e88e9e074e2f767168
4b39bfe671df590e9c5baf75008d76f4272d8ffbafd7108e7592f8165b6806c6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6299
Cache-Control: max-age=127260
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 04:36:51 GMT
Etag: "641b0ce4-1d7"
Expires: Fri, 24 Mar 2023 15:57:51 GMT
Last-Modified: Wed, 22 Mar 2023 14:12:52 GMT
Server: ECAcc (ska/F7A5)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.43.107.188101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.107.188:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +r4MTm0F4zPxsr8Yg1pyFQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: v1IPxfETTlckoNvagGx7Pxih3M8=
d1f05vr3sjsuy7.cloudfront.net/tMTZlZmhSWQsAV0VfAVtRAQ5VU14XXBYJBkELIjE9QncTFRpAegsPDBdCHwJVARAJBwZWC0MDBlILVEAJVVRYUk5FRgoNVVtFAR4eXF0NEwIXQwRbBV5MDAoEUBNXIF0fBkBUWBlBDAgMXkEWQ1oBWBFDWgEHVUhYFAUnQ1oBQQwIXgUTViRNAwYdUFwUBS-dDWgFEE0NbcAdVU0YBH0BUWFZTBg0HFAQjVFgABlVXWAATV1YOWEQAAAdJE1cgWQEDS1ZORAtU
54.230.245.27200 OK 620 B URL HTTP/2 d1f05vr3sjsuy7.cloudfront.net/tMTZlZmhSWQsAV0VfAVtRAQ5VU14XXBYJBkELIjE9QncTFRpAegsPDBdCHwJVARAJBwZWC0MDBlILVEAJVVRYUk5FRgoNVVtFAR4eXF0NEwIXQwRbBV5MDAoEUBNXIF0fBkBUWBlBDAgMXkEWQ1oBWBFDWgEHVUhYFAUnQ1oBQQwIXgUTViRNAwYdUFwUBS-dDWgFEE0NbcAdVU0YBH0BUWFZTBg0HFAQjVFgABlVXWAATV1YOWEQAAAdJE1cgWQEDS1ZORAtU
IP 54.230.245.27:0
File type ASCII text, with very long lines (853), with no line terminators
Hash a4456ce026c3f3a805427d1719b79fbb
0aad22e38ba1a9697884121a035a81fb247c424c
80c27bb10e7caf7d52139ec3b4a872319239a4a42bd4215e825b3f7e6549a678
GET /tMTZlZmhSWQsAV0VfAVtRAQ5VU14XXBYJBkELIjE9QncTFRpAegsPDBdCHwJVARAJBwZWC0MDBlILVEAJVVRYUk5FRgoNVVtFAR4eXF0NEwIXQwRbBV5MDAoEUBNXIF0fBkBUWBlBDAgMXkEWQ1oBWBFDWgEHVUhYFAUnQ1oBQQwIXgUTViRNAwYdUFwUBS-dDWgFEE0NbcAdVU0YBH0BUWFZTBg0HFAQjVFgABlVXWAATV1YOWEQAAAdJE1cgWQEDS1ZORAtU HTTP/1.1
Host: d1f05vr3sjsuy7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tanceteventu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 620
date: Thu, 23 Mar 2023 04:36:51 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YzTOqAQByce9oGL3gDJ7ZYo3NGEfWfuKuR4rCJUdguKvr-NMLARwTQ==
X-Firefox-Spdy: h2
d1f05vr3sjsuy7.cloudfront.net/BVEMxYXA3LF8HTyAqVVxJZHIDVEhyKUIOHiR+VAQyGwYFBRMfEnUOCnI3SwVNZGVdAB4zfhcEHjd+AEcRMCEMVVYgM14KTT4wVRkGOShZFBpyNlBcHTs5WA0cNWYDJ0V6cxRTQHw0WA8UOzRCREJkLUVEQmRyAU9AcXBzREJkNFgPRmBmAiNVZnNJV0RxcH-NEQmQxR0RDFXIBVF5kahRTQDMmUgofcXF3U0BlcwFQQGVmA1EWPTFUBx8sZgMnQWR2H1FWIX4A
54.230.245.27200 OK 446 B URL HTTP/2 d1f05vr3sjsuy7.cloudfront.net/BVEMxYXA3LF8HTyAqVVxJZHIDVEhyKUIOHiR+VAQyGwYFBRMfEnUOCnI3SwVNZGVdAB4zfhcEHjd+AEcRMCEMVVYgM14KTT4wVRkGOShZFBpyNlBcHTs5WA0cNWYDJ0V6cxRTQHw0WA8UOzRCREJkLUVEQmRyAU9AcXBzREJkNFgPRmBmAiNVZnNJV0RxcH-NEQmQxR0RDFXIBVF5kahRTQDMmUgofcXF3U0BlcwFQQGVmA1EWPTFUBx8sZgMnQWR2H1FWIX4A
IP 54.230.245.27:0
File type ASCII text, with very long lines (593), with no line terminators
Hash 71080e1f3ff4921a79e681625d32b538
41eee45de3b0fb6decb1ddfae9ca3f3e034730b5
e82263422c6afc03a7efdb0e9725a9d9883ae08304675f209772f4aa4d8ec4f0
GET /BVEMxYXA3LF8HTyAqVVxJZHIDVEhyKUIOHiR+VAQyGwYFBRMfEnUOCnI3SwVNZGVdAB4zfhcEHjd+AEcRMCEMVVYgM14KTT4wVRkGOShZFBpyNlBcHTs5WA0cNWYDJ0V6cxRTQHw0WA8UOzRCREJkLUVEQmRyAU9AcXBzREJkNFgPRmBmAiNVZnNJV0RxcH-NEQmQxR0RDFXIBVF5kahRTQDMmUgofcXF3U0BlcwFQQGVmA1EWPTFUBx8sZgMnQWR2H1FWIX4A HTTP/1.1
Host: d1f05vr3sjsuy7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tanceteventu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 446
date: Thu, 23 Mar 2023 04:36:51 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: M4cdgL4AKUwEguq7yn3trpBzVx3qVv1WiMahYzwe8ma33UJQvWywKw==
X-Firefox-Spdy: h2
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash d9953e302da737e3f0f5a063a2edf22f
c2b69a751c9f75194c5f2b002ba69557e356b37c
dfa1c8089b13051dad68cf2f0f18783ed5e12fc713c9ace2037088502f8189d3
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.yt
Connection: keep-alive
Referer: https://dood.yt/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 04:36:51 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://dood.yt
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=256a18d1e3b84a6eb852d4f50a9ea49e; expires=Fri, 22 Mar 2024 04:36:51 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
d1f05vr3sjsuy7.cloudfront.net/CRXZCYngmGSwERzEfJl9BckJwVktjHDENFjVLCBIxFgUyFh4kIBUKNSsRdEQMPxJ/Ul4pFywFRWMTLAFFdFAjBhp4QmQXGXgbLRgRKRojR0oDQ2xSXXdGahURKxItFQtgRHIMDGBEclNIa0ZnUTpgRHIVEStAdkdLB1NwUgBzQmdROmBEchAOYEUDU0hwWH-JLXXdGJQcbLhlnUD53RnNSSHRGc0dKdRArEB0jGTpHSgNHcldWdVA3X0k
54.230.245.27200 OK 264 B URL HTTP/2 d1f05vr3sjsuy7.cloudfront.net/CRXZCYngmGSwERzEfJl9BckJwVktjHDENFjVLCBIxFgUyFh4kIBUKNSsRdEQMPxJ/Ul4pFywFRWMTLAFFdFAjBhp4QmQXGXgbLRgRKRojR0oDQ2xSXXdGahURKxItFQtgRHIMDGBEclNIa0ZnUTpgRHIVEStAdkdLB1NwUgBzQmdROmBEchAOYEUDU0hwWH-JLXXdGJQcbLhlnUD53RnNSSHRGc0dKdRArEB0jGTpHSgNHcldWdVA3X0k
IP 54.230.245.27:0
File type ASCII text, with no line terminators
Hash 12fc803f21fafdafcfc56baf92289915
f10e347a6e8c7caa405d6642133aad9a3d7e2c8e
895cdbe31ced2358ab62b8d26777574b131360e6cfd74e17e6a91363c3a00912
GET /CRXZCYngmGSwERzEfJl9BckJwVktjHDENFjVLCBIxFgUyFh4kIBUKNSsRdEQMPxJ/Ul4pFywFRWMTLAFFdFAjBhp4QmQXGXgbLRgRKRojR0oDQ2xSXXdGahURKxItFQtgRHIMDGBEclNIa0ZnUTpgRHIVEStAdkdLB1NwUgBzQmdROmBEchAOYEUDU0hwWH-JLXXdGJQcbLhlnUD53RnNSSHRGc0dKdRArEB0jGTpHSgNHcldWdVA3X0k HTTP/1.1
Host: d1f05vr3sjsuy7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tanceteventu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 264
date: Thu, 23 Mar 2023 04:36:51 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: PGKbMMUjOiWjcNb5hKOaNq-C5v1SvYRectVtgVPNcS5s_4VnTvTASQ==
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.173.27200 OK 421 B IP 172.64.173.27:0
File type ASCII text, with no line terminators
Hash 6314e34ee6ec9faf8e526865e97a9cf3
6202443fdea9cb2f1a3fec2a3ffc04f873c7c300
e87c2a8f53b5518839fd717d3f673213f640740aa00349836651f661c1708d4e
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dood.yt/
Origin: https://dood.yt
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 04:36:51 GMT
content-type: text/plain
set-cookie: csu=1472712166740610@1@1679546211; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://dood.yt
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3OKkt6HewFDaGdflDGIgSVQViqk2WRo1ji%2FnHWDFfmQIJ3C6C71uYNTC%2BuIOhwOAQI90Sn5T4tvrRCKAvExIZPeWfKApjgT2APqlf%2FpEx5hFwZY%2BDwc44YAgunYCxTJa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ac3f9cdca7a7463-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.buypass.com/
23.36.76.129200 OK 1.8 kB IP 23.36.76.129:0
ASN #20940 Akamai International B.V.
Hash aa74ec917dff3b51f36b11f1236e55de
e2a43fa0af8b8a2bb8b198382469273dc21c29f5
6308b4ea517fc5ef506e3b5e1b0bda98afe770498a50dec1bc4d4b632deb5dfc
POST / HTTP/1.1
Host: ocsp.buypass.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 78
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Access-Control-Allow-Origin: https://www.buypass.no
Access-Control-Allow-Headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Buypass-Session-Id,X-Buypass-Locale
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET,POST
MDC-correlationId: 99c1cf18-1d96-4402-b076-c713bb780c4a
Content-Length: 1701
Date: Thu, 23 Mar 2023 04:36:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash baf1cc37da37251cd316deaa752a8b90
520a0b448fdfe3aa568f4f9a4b94a09fa83d3e53
cb727c8a535404bad16daac1de40c0bdb4d603e30296b8c19d97502b23d08d51
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CB727C8A535404BAD16DAAC1DE40C0BDB4D603E30296B8C19D97502B23D08D51"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11054
Expires: Thu, 23 Mar 2023 07:41:06 GMT
Date: Thu, 23 Mar 2023 04:36:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0541b9ea951137a1b2f1197c33554df1
b02b6be8ea756363c31ee51796c91bac0207477b
f83e3379fd78d4f0e6e9e51caa503981a32cd2f2482a488b8560a7b5addb39e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F83E3379FD78D4F0E6E9E51CAA503981A32CD2F2482A488B8560A7B5ADDB39E9"
Last-Modified: Mon, 20 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2823
Expires: Thu, 23 Mar 2023 05:23:55 GMT
Date: Thu, 23 Mar 2023 04:36:52 GMT
Connection: keep-alive
ausoafab.net/5/5495238/?abt_opts=1&oo=1&aab=1&js_build=iclick-v1.510.0&userId=256a18d1e3b84a6eb852d4f50a9ea49e
139.45.197.239200 OK 3.5 kB URL HTTP/2 ausoafab.net/5/5495238/?abt_opts=1&oo=1&aab=1&js_build=iclick-v1.510.0&userId=256a18d1e3b84a6eb852d4f50a9ea49e
IP 139.45.197.239:0
Hash a0cbbe34575d0e12c0f94b0e1b2cc9be
a3e5cefd930ff12df0189c349992c246d1268416
5e8c62e4a9069984a2d4a452ff388304a87f44930bc29f6610b7b650baa6c6e0
GET /5/5495238/?abt_opts=1&oo=1&aab=1&js_build=iclick-v1.510.0&userId=256a18d1e3b84a6eb852d4f50a9ea49e HTTP/1.1
Host: ausoafab.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.yt
Connection: keep-alive
Referer: https://dood.yt/
Cookie: OAID=bb57b9f04535495f9d3f6fcfd18c12e9; oaidts=1679546211
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 04:36:51 GMT
content-type: application/json
x-trace-id: b565f7670527df110c5438ccd7e4273a
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://dood.yt
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=256a18d1e3b84a6eb852d4f50a9ea49e; expires=Fri, 22 Mar 2024 04:36:51 GMT; path=/; secure; SameSite=None
oaidts=1679546211; expires=Fri, 22 Mar 2024 04:36:51 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Thu, 30 Mar 2023 04:36:51 GMT; path=/; secure; SameSite=None
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.173.27200 OK 117 kB IP 172.64.173.27:0
Size 117 kB (117108 bytes)
Hash 92ee1357b3b8cae1fd8b828488046bc2
315e15b89f7b7dadb3a167c09448b8e4691ba91b
eebe0723320745ca0e38d790d48e57c6c4ec1a79fe2f1aa702b461ac8a99a284
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dood.yt/
Origin: https://dood.yt
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 Mar 2023 04:36:51 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://dood.yt
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2269
last-modified: Thu, 23 Mar 2023 03:59:02 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sZL6DwQwDQhad98igSssCH9OTpgsHzj5KpwfaFR9y1r4UEQ3xmCKBawOd07vi6VtQUxm%2Bx2ig9kyNKQvGAMoJnQ%2BFIHMjzIOzhn2WawqbxsYto844fhPRuvfITblS190"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac3f9cdca727463-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
nanouwho.com/1?z=3203051
139.45.197.242200 OK 146 kB IP 139.45.197.242:0
File type ASCII text, with very long lines (38800)
Size 146 kB (146399 bytes)
Hash d6f11fb9c383e2b2c90be65deba7fa61
04f331223817e49aa51cd3d5e768d8dd05d3497b
ee44c75ec9071e04536a9f9f39b56f5f12a1c381ec4b6c5786daf4e9d468c974
GET /1?z=3203051 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.yt/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 04:36:52 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: dd53fbc1b88930bdae4b95d75569b2e6
access-control-expose-headers: X-Sc
x-sc: SaZYhCFCCWghXvwnfrj3LwOmNz0OsrPI7_oqdI2ozWYt7DQCb59EHInPdkvo9Z5rFKuwWi6LAHPRdkeJU9S5ou8th0A=
set-cookie: scm=1; expires=Fri, 22 Mar 2024 04:36:52 GMT; secure; SameSite=None
OAID=9328fcb30a33495eaa22eb4c0fd7748b; expires=Fri, 22 Mar 2024 04:36:52 GMT; secure; SameSite=None
oaidts=1679546212; expires=Fri, 22 Mar 2024 04:36:52 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
nanouwho.com/9?z=3203051&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.yt%2Fe%2F496v7y7iwx8qlwfa4mhtf7h6kqzuc0h&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=256a18d1e3b84a6eb852d4f50a9ea49e
139.45.197.242200 OK 2.5 kB URL HTTP/2 nanouwho.com/9?z=3203051&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.yt%2Fe%2F496v7y7iwx8qlwfa4mhtf7h6kqzuc0h&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=256a18d1e3b84a6eb852d4f50a9ea49e
IP 139.45.197.242:0
File type JSON data\012- , ASCII text, with very long lines (6251), with no line terminators
Hash be5c6c09fec6802d5beb833c8ee0714f
0eb99c8840bbc8ac01672e2353e215ba63c267da
7731d7fb3e9e4ebdc7f2bba3a7e8aa27753b95630eaf1b834e037abe1567580f
POST /9?z=3203051&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.yt%2Fe%2F496v7y7iwx8qlwfa4mhtf7h6kqzuc0h&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=256a18d1e3b84a6eb852d4f50a9ea49e HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 87
Origin: https://dood.yt
Connection: keep-alive
Referer: https://dood.yt/
Cookie: scm=1; OAID=9328fcb30a33495eaa22eb4c0fd7748b; oaidts=1679546212
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 04:36:52 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://dood.yt
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 75be6a16ade94cc82ebcfc51862bbf29
access-control-expose-headers: X-Sc
set-cookie: OAID=256a18d1e3b84a6eb852d4f50a9ea49e; expires=Fri, 22 Mar 2024 04:36:52 GMT; secure; SameSite=None
oaidts=1679546212; expires=Fri, 22 Mar 2024 04:36:52 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
upgulpinon.com/9?z=5030496&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.yt%2Fe%2F496v7y7iwx8qlwfa4mhtf7h6kqzuc0h&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=256a18d1e3b84a6eb852d4f50a9ea49e
139.45.197.242204 No Content 0 B URL HTTP/2 upgulpinon.com/9?z=5030496&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.yt%2Fe%2F496v7y7iwx8qlwfa4mhtf7h6kqzuc0h&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=256a18d1e3b84a6eb852d4f50a9ea49e
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /9?z=5030496&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.yt%2Fe%2F496v7y7iwx8qlwfa4mhtf7h6kqzuc0h&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=256a18d1e3b84a6eb852d4f50a9ea49e HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dood.yt/
Origin: https://dood.yt
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Thu, 23 Mar 2023 04:36:52 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://dood.yt
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
betotodilea.com/500/4245378?excludes=&oaid=256a18d1e3b84a6eb852d4f50a9ea49e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fdood.yt%2Fe%2F496v7y7iwx8qlwfa4mhtf7h6kqzuc0h&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 betotodilea.com/500/4245378?excludes=&oaid=256a18d1e3b84a6eb852d4f50a9ea49e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fdood.yt%2Fe%2F496v7y7iwx8qlwfa4mhtf7h6kqzuc0h&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/4245378?excludes=&oaid=256a18d1e3b84a6eb852d4f50a9ea49e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fdood.yt%2Fe%2F496v7y7iwx8qlwfa4mhtf7h6kqzuc0h&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://dood.yt/
Origin: https://dood.yt
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 04:36:52 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://dood.yt
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash aa2c1fe8f6b7d276daccd46a89c29014
8b7d29728c2cc633daf199026a8f0a5fc04a60e3
10291ea5a5359ecdfee6a299ae87ef834b654155e192b88f96430dee3caef704
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 04:36:52 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 22 Mar 2023 15:49:41 GMT
Expires: Wed, 29 Mar 2023 15:49:40 GMT
Etag: "8b7d29728c2cc633daf199026a8f0a5fc04a60e3"
Cache-Control: max-age=558167,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ac3f9d4c9b0b50c-OSL
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.254200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.254:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1183
Origin: https://dood.yt
Connection: keep-alive
Referer: https://dood.yt/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Thu, 23 Mar 2023 04:37:39 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://dood.yt
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
upgulpinon.com/11?rnd=2531374330&z=5030496&b=15763363&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=ow4bNg-O-D-XXq6Qhl-0P9wsvSC30r5AP_NwyORCcc6Z7Uy7Q7amTUrj6nYKrcTwShMXflnnKVmCkMU8nR_V8nZPko07oplE9Nb9Cx6wrZa9Y2uNGMDeqS3YCyOLn8CXS2l8aC_LAKn2-LYgsU0XDTxuxkNn0hwEreiHyzn8f5C9JaoSWwasOAzW39-q1IJ0V11bT9MIzUmjM1FP1TeNVCJFWKbvVNQZKLEiDegrohfxejFKQo_QGgRhpRaah_xTJ8IkYJZNUWRolobiQHEQnDds4uDtbVw3p_bN3qvxP1rOT7Mw5OPXf_yOSHNbkTvTpfuSq776a7xrYY1tYw4Bp_v588aGL_rQtV6AsGVP152xjp3yHARRivXlPp9D1-MzLWQzNOLAQqtvWxzHrO_9QcQmY8SNmcYExtFEtOsDW0-zRza9oNsh5gLInfxZtpQyLd6v76K1xyS6xymTAer8FWcVbbgrZYwn_L_ANoSgSJhyzvk9DpTwT7oPf5QN7jefy8FGT5B7PcyYS6inKI6GzW39-CObyxhs0rChbT7G3DzjmUmS6n-MaYNT0tUbd8bNC8_acVXYSOF_d5zTX19dPiAzHUhTNc8WfShQZ_VeI74se6pP9VCddKzFHQnxZrHuopW_6u3i_sDsMpn9IHElP8XNQADGOTuiXSWJGQ==&ruid=a8438650-454f-445e-8424-e92e81ca96fc&subid=662627448002715648&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.yt%2Fe%2F496v7y7iwx8qlwfa4mhtf7h6kqzuc0h&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=197
139.45.197.242200 OK 0 B URL HTTP/2 upgulpinon.com/11?rnd=2531374330&z=5030496&b=15763363&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=ow4bNg-O-D-XXq6Qhl-0P9wsvSC30r5AP_NwyORCcc6Z7Uy7Q7amTUrj6nYKrcTwShMXflnnKVmCkMU8nR_V8nZPko07oplE9Nb9Cx6wrZa9Y2uNGMDeqS3YCyOLn8CXS2l8aC_LAKn2-LYgsU0XDTxuxkNn0hwEreiHyzn8f5C9JaoSWwasOAzW39-q1IJ0V11bT9MIzUmjM1FP1TeNVCJFWKbvVNQZKLEiDegrohfxejFKQo_QGgRhpRaah_xTJ8IkYJZNUWRolobiQHEQnDds4uDtbVw3p_bN3qvxP1rOT7Mw5OPXf_yOSHNbkTvTpfuSq776a7xrYY1tYw4Bp_v588aGL_rQtV6AsGVP152xjp3yHARRivXlPp9D1-MzLWQzNOLAQqtvWxzHrO_9QcQmY8SNmcYExtFEtOsDW0-zRza9oNsh5gLInfxZtpQyLd6v76K1xyS6xymTAer8FWcVbbgrZYwn_L_ANoSgSJhyzvk9DpTwT7oPf5QN7jefy8FGT5B7PcyYS6inKI6GzW39-CObyxhs0rChbT7G3DzjmUmS6n-MaYNT0tUbd8bNC8_acVXYSOF_d5zTX19dPiAzHUhTNc8WfShQZ_VeI74se6pP9VCddKzFHQnxZrHuopW_6u3i_sDsMpn9IHElP8XNQADGOTuiXSWJGQ==&ruid=a8438650-454f-445e-8424-e92e81ca96fc&subid=662627448002715648&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.yt%2Fe%2F496v7y7iwx8qlwfa4mhtf7h6kqzuc0h&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=197
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /11?rnd=2531374330&z=5030496&b=15763363&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=ow4bNg-O-D-XXq6Qhl-0P9wsvSC30r5AP_NwyORCcc6Z7Uy7Q7amTUrj6nYKrcTwShMXflnnKVmCkMU8nR_V8nZPko07oplE9Nb9Cx6wrZa9Y2uNGMDeqS3YCyOLn8CXS2l8aC_LAKn2-LYgsU0XDTxuxkNn0hwEreiHyzn8f5C9JaoSWwasOAzW39-q1IJ0V11bT9MIzUmjM1FP1TeNVCJFWKbvVNQZKLEiDegrohfxejFKQo_QGgRhpRaah_xTJ8IkYJZNUWRolobiQHEQnDds4uDtbVw3p_bN3qvxP1rOT7Mw5OPXf_yOSHNbkTvTpfuSq776a7xrYY1tYw4Bp_v588aGL_rQtV6AsGVP152xjp3yHARRivXlPp9D1-MzLWQzNOLAQqtvWxzHrO_9QcQmY8SNmcYExtFEtOsDW0-zRza9oNsh5gLInfxZtpQyLd6v76K1xyS6xymTAer8FWcVbbgrZYwn_L_ANoSgSJhyzvk9DpTwT7oPf5QN7jefy8FGT5B7PcyYS6inKI6GzW39-CObyxhs0rChbT7G3DzjmUmS6n-MaYNT0tUbd8bNC8_acVXYSOF_d5zTX19dPiAzHUhTNc8WfShQZ_VeI74se6pP9VCddKzFHQnxZrHuopW_6u3i_sDsMpn9IHElP8XNQADGOTuiXSWJGQ==&ruid=a8438650-454f-445e-8424-e92e81ca96fc&subid=662627448002715648&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.yt%2Fe%2F496v7y7iwx8qlwfa4mhtf7h6kqzuc0h&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=197 HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.yt
Connection: keep-alive
Referer: https://dood.yt/
Cookie: scm=1; OAID=256a18d1e3b84a6eb852d4f50a9ea49e; oaidts=1679546212
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 04:36:52 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://dood.yt
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 4fb4ca9975e64cdeb7e22c66f204d4c9
access-control-expose-headers: X-Sc
set-cookie: OAID=256a18d1e3b84a6eb852d4f50a9ea49e; expires=Fri, 22 Mar 2024 04:36:52 GMT; secure; SameSite=None
oaidts=1679546212; expires=Fri, 22 Mar 2024 04:36:52 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
upgulpinon.com/121?rnd=73231114&z=5030496&b=15763363&c=6332999&var=&d=https%3A%2F%2Fwww.nbfcs.org%2F%23signUp%3D662627448002715648&cln={CELL_NUMBER}&btp=7&rb=ow4bNg-O-D-XXq6Qhl-0P9wsvSC30r5AP_NwyORCcc6Z7Uy7Q7amTUrj6nYKrcTwShMXflnnKVmCkMU8nR_V8nZPko07oplE9Nb9Cx6wrZa9Y2uNGMDeqS3YCyOLn8CXS2l8aC_LAKn2-LYgsU0XDTxuxkNn0hwEreiHyzn8f5C9JaoSWwasOAzW39-q1IJ0V11bT9MIzUmjM1FP1TeNVCJFWKbvVNQZKLEiDegrohfxejFKQo_QGgRhpRaah_xTJ8IkYJZNUWRolobiQHEQnDds4uDtbVw3p_bN3qvxP1rOT7Mw5OPXf_yOSHNbkTvTpfuSq776a7xrYY1tYw4Bp_v588aGL_rQtV6AsGVP152xjp3yHARRivXlPp9D1-MzLWQzNOLAQqtvWxzHrO_9QcQmY8SNmcYExtFEtOsDW0-zRza9oNsh5gLInfxZtpQyLd6v76K1xyS6xymTAer8FWcVbbgrZYwn_L_ANoSgSJhyzvk9DpTwT7oPf5QN7jefy8FGT5B7PcyYS6inKI6GzW39-CObyxhs0rChbT7G3DzjmUmS6n-MaYNT0tUbd8bNC8_acVXYSOF_d5zTX19dPiAzHUhTNc8WfShQZ_VeI74se6pP9VCddKzFHQnxZrHuopW_6u3i_sDsMpn9IHElP8XNQADGOTuiXSWJGQ==&bag=vXSjkPZD_Erquwu1Ze7sJhm2JcTd9GFI&ruid=a8438650-454f-445e-8424-e92e81ca96fc&subid=662627448002715648
139.45.197.242302 Found 0 B URL HTTP/2 upgulpinon.com/121?rnd=73231114&z=5030496&b=15763363&c=6332999&var=&d=https%3A%2F%2Fwww.nbfcs.org%2F%23signUp%3D662627448002715648&cln={CELL_NUMBER}&btp=7&rb=ow4bNg-O-D-XXq6Qhl-0P9wsvSC30r5AP_NwyORCcc6Z7Uy7Q7amTUrj6nYKrcTwShMXflnnKVmCkMU8nR_V8nZPko07oplE9Nb9Cx6wrZa9Y2uNGMDeqS3YCyOLn8CXS2l8aC_LAKn2-LYgsU0XDTxuxkNn0hwEreiHyzn8f5C9JaoSWwasOAzW39-q1IJ0V11bT9MIzUmjM1FP1TeNVCJFWKbvVNQZKLEiDegrohfxejFKQo_QGgRhpRaah_xTJ8IkYJZNUWRolobiQHEQnDds4uDtbVw3p_bN3qvxP1rOT7Mw5OPXf_yOSHNbkTvTpfuSq776a7xrYY1tYw4Bp_v588aGL_rQtV6AsGVP152xjp3yHARRivXlPp9D1-MzLWQzNOLAQqtvWxzHrO_9QcQmY8SNmcYExtFEtOsDW0-zRza9oNsh5gLInfxZtpQyLd6v76K1xyS6xymTAer8FWcVbbgrZYwn_L_ANoSgSJhyzvk9DpTwT7oPf5QN7jefy8FGT5B7PcyYS6inKI6GzW39-CObyxhs0rChbT7G3DzjmUmS6n-MaYNT0tUbd8bNC8_acVXYSOF_d5zTX19dPiAzHUhTNc8WfShQZ_VeI74se6pP9VCddKzFHQnxZrHuopW_6u3i_sDsMpn9IHElP8XNQADGOTuiXSWJGQ==&bag=vXSjkPZD_Erquwu1Ze7sJhm2JcTd9GFI&ruid=a8438650-454f-445e-8424-e92e81ca96fc&subid=662627448002715648
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /121?rnd=73231114&z=5030496&b=15763363&c=6332999&var=&d=https%3A%2F%2Fwww.nbfcs.org%2F%23signUp%3D662627448002715648&cln={CELL_NUMBER}&btp=7&rb=ow4bNg-O-D-XXq6Qhl-0P9wsvSC30r5AP_NwyORCcc6Z7Uy7Q7amTUrj6nYKrcTwShMXflnnKVmCkMU8nR_V8nZPko07oplE9Nb9Cx6wrZa9Y2uNGMDeqS3YCyOLn8CXS2l8aC_LAKn2-LYgsU0XDTxuxkNn0hwEreiHyzn8f5C9JaoSWwasOAzW39-q1IJ0V11bT9MIzUmjM1FP1TeNVCJFWKbvVNQZKLEiDegrohfxejFKQo_QGgRhpRaah_xTJ8IkYJZNUWRolobiQHEQnDds4uDtbVw3p_bN3qvxP1rOT7Mw5OPXf_yOSHNbkTvTpfuSq776a7xrYY1tYw4Bp_v588aGL_rQtV6AsGVP152xjp3yHARRivXlPp9D1-MzLWQzNOLAQqtvWxzHrO_9QcQmY8SNmcYExtFEtOsDW0-zRza9oNsh5gLInfxZtpQyLd6v76K1xyS6xymTAer8FWcVbbgrZYwn_L_ANoSgSJhyzvk9DpTwT7oPf5QN7jefy8FGT5B7PcyYS6inKI6GzW39-CObyxhs0rChbT7G3DzjmUmS6n-MaYNT0tUbd8bNC8_acVXYSOF_d5zTX19dPiAzHUhTNc8WfShQZ_VeI74se6pP9VCddKzFHQnxZrHuopW_6u3i_sDsMpn9IHElP8XNQADGOTuiXSWJGQ==&bag=vXSjkPZD_Erquwu1Ze7sJhm2JcTd9GFI&ruid=a8438650-454f-445e-8424-e92e81ca96fc&subid=662627448002715648 HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: scm=1; OAID=256a18d1e3b84a6eb852d4f50a9ea49e; oaidts=1679546212
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Thu, 23 Mar 2023 04:36:52 GMT
content-length: 0
location: https://www.nbfcs.org/#signUp=662627448002715648
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: fdd3acc3cc168d17e70e3456d71fefc2
access-control-expose-headers: X-Sc
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 358d914f6a2b9d3fb93e013d3198f274
5f61f04d3664ad45306d037b55f05ad02421d625
9f7516e065761b2ee22efb34f463b67ece29cff2008ca00a9d01c323a8ec84e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9F7516E065761B2EE22EFB34F463B67ECE29CFF2008CA00A9D01C323A8EC84E9"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15187
Expires: Thu, 23 Mar 2023 08:49:59 GMT
Date: Thu, 23 Mar 2023 04:36:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4807
Expires: Thu, 23 Mar 2023 05:56:59 GMT
Date: Thu, 23 Mar 2023 04:36:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4807
Expires: Thu, 23 Mar 2023 05:56:59 GMT
Date: Thu, 23 Mar 2023 04:36:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4807
Expires: Thu, 23 Mar 2023 05:56:59 GMT
Date: Thu, 23 Mar 2023 04:36:52 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae396653-384e-48e4-9824-4bf9d53f211b.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae396653-384e-48e4-9824-4bf9d53f211b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 90be67fd11de3a169f4de942f6418f3f
55bd99cc5490b60e7a653ffa5f2a8c288ef66e87
b07e34257bbaa41c941650a839adad82d4999d92ee62402dbec969d9464c89b0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae396653-384e-48e4-9824-4bf9d53f211b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10959
x-amzn-requestid: a7e3f891-6f0e-48af-9a37-3cb8f9cae223
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B9xD8G-pIAMFagQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64156218-3334d770691739b77f855b0b;Sampled=0
x-amzn-remapped-date: Sat, 18 Mar 2023 07:02:48 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: RmTQewe6KB0ictxZUj2umye1wlB6l5FkLEoXfGsR2adHPRU9KyXxWQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 03:55:26 GMT
age: 2486
etag: "55bd99cc5490b60e7a653ffa5f2a8c288ef66e87"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffed036ca-a43b-426f-a0f3-fb8f2e221171.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffed036ca-a43b-426f-a0f3-fb8f2e221171.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 27bd1bd539c3711ff340f243098cab93
4860b7e75775fe187a9253a4d38222e36552f529
34278c150d0686e999228226d0d92e3e7ed1116978ab94fd21b3047c44a69972
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffed036ca-a43b-426f-a0f3-fb8f2e221171.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6430
x-amzn-requestid: abbe5dc0-5218-46ef-b264-30aa5d0a87b3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BzanbGRCIAMF96g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64113e2f-3c198b4a31aaa8f263ec8db5;Sampled=0
x-amzn-remapped-date: Wed, 15 Mar 2023 03:40:31 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: eETIf_ygzcHX6nt_w_o0UXc5Myk3aCUzDfWf4LhwILPkeAWkd4yctA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 de2dd11312f7d5ad3bcd0cb112c7fd0e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 13:48:21 GMT
age: 53311
etag: "4860b7e75775fe187a9253a4d38222e36552f529"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F340c6dd8-fc2f-45fc-9318-44a28c249325.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F340c6dd8-fc2f-45fc-9318-44a28c249325.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6de676f6856031e5c1baebe9166a8269
d81a4852f956999fa28a5f667ed73506843d0731
71f282ba594e454a2abf1c3700ade4d9461d6d48ac2726f746f3da5a63e29c38
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F340c6dd8-fc2f-45fc-9318-44a28c249325.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9687
x-amzn-requestid: b7c8cd8c-6103-4aa4-9016-f02cf368908d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM8JGHyEoAMFzJw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b73d3-2fb1fd1b5be3289047f8aed4;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:32:03 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: pwTgv5KbsBUYyFFmAaQkVuceVkWmy6S5-JrC5QptjI6eZYMu23hopg==
via: 1.1 773bf3616e85ce2b187fa78710a6beb2.cloudfront.net (CloudFront), 1.1 efcf7b9d0f917f9ebf314db03e52d9b6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:47:44 GMT
age: 24548
etag: "d81a4852f956999fa28a5f667ed73506843d0731"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c831201ad81f55c63c1b101ce854a810
0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5
c854489720d2ca4a95eef00addda0fcdaf481402d044df7725282654a97eb54a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5556
x-amzn-requestid: dd5a8417-ddd5-469d-aa84-e880f4b84464
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CHqKFGRsoAMFTGQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6419570d-3f28a7502b56eda47dd82ba7;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 07:04:45 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: JImqyag05jmvEwsJSvKFVuisuS5KNKfr7xRuN0YPyneNXvVxKkFMzg==
via: 1.1 ee6ea1e4552345de209d26f9ffb35d4a.cloudfront.net (CloudFront), 1.1 5292c0d5844327feadb38f1efe42ebc6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 05:35:55 GMT
age: 82857
etag: "0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea5d4e17-e42c-49fb-a54b-d7d97ad50ba4.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea5d4e17-e42c-49fb-a54b-d7d97ad50ba4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 40d24dfcd9f0afe0e4077384f16cc494
76213c7d5c759471ed3823888860f918ac7e8f13
fbbbef0498ddf14bc9b204273a3cd416c357dceed20339c3e8c64a16b0be3caf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea5d4e17-e42c-49fb-a54b-d7d97ad50ba4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7083
x-amzn-requestid: 52c38747-4a30-4831-87ca-7e72e5602ed0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CHY_gFu8IAMFh9g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64193b96-49c53b7c2e5ed4fc0217e357;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 05:07:34 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: XUrSSF8TgZSClR4MqJ0kuXGO-8KIguNmGe5lmVwzKXZO6CN0F9mimg==
via: 1.1 f3802d173009698413044360f84de06c.cloudfront.net (CloudFront), 1.1 f313d3df80c4dab8f5399614116801cc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:51:03 GMT
age: 24349
etag: "76213c7d5c759471ed3823888860f918ac7e8f13"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 800c2662fd6ab8829a02b7d63084c38d
0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239
76545e9f75dc558fdb7b54550934c7775318fb4150a9309f60e65d982d2e576e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5950
x-amzn-requestid: ce85112e-428d-4ca1-9dac-1d6c8c6dc74a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CKyF9EI3oAMFtyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a96f2-05c5948d6f74948b1c67d68c;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 05:49:38 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: tu0ENc_6tfykYc23nLfwYEMsi5HIfaDWF6dvzVTfX5rfjr3JrmMrCA==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 aabd01c4a20dae837d162bd972422efc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 22:02:44 GMT
age: 57605
etag: "0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
interstitial-07.com/contents/s/ab/75/0f/feca63ef6c43fcd306f0acca0f/01217366813920.png
139.45.197.152200 OK 10 kB URL HTTP/2 interstitial-07.com/contents/s/ab/75/0f/feca63ef6c43fcd306f0acca0f/01217366813920.png
IP 139.45.197.152:0
File type PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced\012- data
Hash ab750ffeca63ef6c43fcd306f0acca0f
ca03763826f6eb5ecab58aabb703bf4f8ed70f6d
d30a6314b4cea1873ea02ae3d9b4c36f35840bb2f91573a5b4192f28f5ce0fef
GET /contents/s/ab/75/0f/feca63ef6c43fcd306f0acca0f/01217366813920.png HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=YR7WEoN1Dpobtqo&cd_meta_crid=50538&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D1398681016%26z%3D3203051%26b%3D15936366%26c%3D6377955%26var%3D%26d%3Dhttps%253A%252F%252Fbeesy.pro%253Fzoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%2526country%253D%257Bcountry%257D%2526browser%253D%257Bbrowser%257D%2526campaignid%253D%257Bcampaignid%257D%2526cost%253D%257Bcost%257D%2526clickid%253D%2524%257BSUBID%257D%26cln%3D1%26btp%3D7%26rb%3DCFeKQf7sGvjC5hGIE7NAchB7oKqP5Cc3ncmmX9yrLpfnik-PZL0as5gMiZv4yvHaXskErnTHjijuRsPg-AFQb5DdkOMR3Ys3d0u87q4G7Ta0p47ar1hLbuL2HaAYQiRqxPPg3zdYJINrl-SKOOZY8ClR_2upkkm7yS_bnxkq6SYuOBlxwqMwrej12dACLSedHBhnR4YaGwSusI1C6LXNtXRDzxw7rUnNnEJ-lZyeMyLMbj8Y5U59PAcEpEuymRKoEYrZyUGzucU6b76Uf7utBIasvLcQuA8mGI_vf4sHcadXXzHuYLO57pU6IDKZqD5cbyK2glBrN8rbfygQ2stRVRyDxWvl1PWk1vEECVQy-1pryntfp4-gXMO_bNnHrWj_p1xVnlaosLtliqgQdujDBbfOVVhIZFK7FKEIpxNRz1GVuZu1GaPE5XJM2rYbIhLnJR21ELgDX0pPO1CP7kxdJME1Gk-vrR46epVk7_uVUJxj3vT6GoMwacmE_AtTbG_XBd5wEA%3D%3D%26bag%3DKh3ZNesuHwchFbOw831bEA%3D%3D%26ruid%3Db9b203c4-9c29-4ac0-9248-24aec7162425%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fdood.yt%252Fe%252F496v7y7iwx8qlwfa4mhtf7h6kqzuc0h%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 04:36:52 GMT
content-type: image/png
content-length: 10337
last-modified: Thu, 01 Dec 2022 07:51:57 GMT
vary: Accept-Encoding
etag: "63885d1d-2861"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
offerimage.com/www/images/c203639f459b6e675afc744dd5393fc6.jpeg
104.22.33.172200 OK 11 kB URL HTTP/2 offerimage.com/www/images/c203639f459b6e675afc744dd5393fc6.jpeg
IP 104.22.33.172:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash c203639f459b6e675afc744dd5393fc6
c83a0142c1a7f6a07c2dd360243197a27f560932
64b4e386658d3f5764261f576a4673eb506fcad5e38e69ef085723f8dab72263
GET /www/images/c203639f459b6e675afc744dd5393fc6.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.yt/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 04:36:52 GMT
content-type: image/jpeg
content-length: 10857
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6388849a-2a69"
expires: Thu, 23 Mar 2023 05:56:29 GMT
last-modified: Thu, 01 Dec 2022 10:40:26 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 81623
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac3f9d6cddd1669-ARN
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 361343db373c9e7606a670c65a2775f2
90fb41ef2aa099b85e0d5c908dd56b8f7ad9d8c5
2511ae7482cbeca44823d33555f83814b78ceb117e7643d7dc120b850329af33
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2511AE7482CBECA44823D33555F83814B78CEB117E7643D7DC120B850329AF33"
Last-Modified: Tue, 21 Mar 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15226
Expires: Thu, 23 Mar 2023 08:50:38 GMT
Date: Thu, 23 Mar 2023 04:36:52 GMT
Connection: keep-alive
interstitial-07.com/contents/s/c8/9c/b6/0f051883d9d922dae4352cbb97/01280699640214.jpeg
139.45.197.152200 OK 211 kB URL HTTP/2 interstitial-07.com/contents/s/c8/9c/b6/0f051883d9d922dae4352cbb97/01280699640214.jpeg
IP 139.45.197.152:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 900x600, components 3\012- data
Size 211 kB (210623 bytes)
Hash c89cb60f051883d9d922dae4352cbb97
bd9836a0d38c18e8dae78819d0194746a6b947a6
3f71671001ce4f04021316b8b497c1749225feb0a895a3e0f2acb8e6202382c7
GET /contents/s/c8/9c/b6/0f051883d9d922dae4352cbb97/01280699640214.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=YR7WEoN1Dpobtqo&cd_meta_crid=50538&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D1398681016%26z%3D3203051%26b%3D15936366%26c%3D6377955%26var%3D%26d%3Dhttps%253A%252F%252Fbeesy.pro%253Fzoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%2526country%253D%257Bcountry%257D%2526browser%253D%257Bbrowser%257D%2526campaignid%253D%257Bcampaignid%257D%2526cost%253D%257Bcost%257D%2526clickid%253D%2524%257BSUBID%257D%26cln%3D1%26btp%3D7%26rb%3DCFeKQf7sGvjC5hGIE7NAchB7oKqP5Cc3ncmmX9yrLpfnik-PZL0as5gMiZv4yvHaXskErnTHjijuRsPg-AFQb5DdkOMR3Ys3d0u87q4G7Ta0p47ar1hLbuL2HaAYQiRqxPPg3zdYJINrl-SKOOZY8ClR_2upkkm7yS_bnxkq6SYuOBlxwqMwrej12dACLSedHBhnR4YaGwSusI1C6LXNtXRDzxw7rUnNnEJ-lZyeMyLMbj8Y5U59PAcEpEuymRKoEYrZyUGzucU6b76Uf7utBIasvLcQuA8mGI_vf4sHcadXXzHuYLO57pU6IDKZqD5cbyK2glBrN8rbfygQ2stRVRyDxWvl1PWk1vEECVQy-1pryntfp4-gXMO_bNnHrWj_p1xVnlaosLtliqgQdujDBbfOVVhIZFK7FKEIpxNRz1GVuZu1GaPE5XJM2rYbIhLnJR21ELgDX0pPO1CP7kxdJME1Gk-vrR46epVk7_uVUJxj3vT6GoMwacmE_AtTbG_XBd5wEA%3D%3D%26bag%3DKh3ZNesuHwchFbOw831bEA%3D%3D%26ruid%3Db9b203c4-9c29-4ac0-9248-24aec7162425%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fdood.yt%252Fe%252F496v7y7iwx8qlwfa4mhtf7h6kqzuc0h%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 04:36:52 GMT
content-type: image/jpeg
content-length: 210623
last-modified: Thu, 01 Dec 2022 07:51:52 GMT
vary: Accept-Encoding
etag: "63885d18-336bf"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
unphionetor.com/vctx?t=72747
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vctx?t=72747
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /vctx?t=72747 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 23 Mar 2023 04:36:53 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: b40a09aad11c9a9e72f733509e61e522
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
unphionetor.com/fv.js?t=72747&cb=844623160
139.45.197.236200 OK 2.2 kB URL HTTP/2 unphionetor.com/fv.js?t=72747&cb=844623160
IP 139.45.197.236:0
File type ASCII text, with very long lines (5213), with no line terminators
Hash 0254fb1dad74628b7ad0f97d304fac92
35f7af13a08eb87023ec7df4d3c35c21b2cde79d
47fb6ce428ca80ea69b772e4f66e4e5c622a4005db601746033d04511bd27536
GET /fv.js?t=72747&cb=844623160 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 04:36:53 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: a1678a8676a48693fdc142765ef017dc
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
nanouwho.com/11?rnd=2534665273&z=3203051&b=15936366&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=CFeKQf7sGvjC5hGIE7NAchB7oKqP5Cc3ncmmX9yrLpfnik-PZL0as5gMiZv4yvHaXskErnTHjijuRsPg-AFQb5DdkOMR3Ys3d0u87q4G7Ta0p47ar1hLbuL2HaAYQiRqxPPg3zdYJINrl-SKOOZY8ClR_2upkkm7yS_bnxkq6SYuOBlxwqMwrej12dACLSedHBhnR4YaGwSusI1C6LXNtXRDzxw7rUnNnEJ-lZyeMyLMbj8Y5U59PAcEpEuymRKoEYrZyUGzucU6b76Uf7utBIasvLcQuA8mGI_vf4sHcadXXzHuYLO57pU6IDKZqD5cbyK2glBrN8rbfygQ2stRVRyDxWvl1PWk1vEECVQy-1pryntfp4-gXMO_bNnHrWj_p1xVnlaosLtliqgQdujDBbfOVVhIZFK7FKEIpxNRz1GVuZu1GaPE5XJM2rYbIhLnJR21ELgDX0pPO1CP7kxdJME1Gk-vrR46epVk7_uVUJxj3vT6GoMwacmE_AtTbG_XBd5wEA==&ruid=b9b203c4-9c29-4ac0-9248-24aec7162425&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.yt%2Fe%2F496v7y7iwx8qlwfa4mhtf7h6kqzuc0h&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
139.45.197.242200 OK 0 B URL HTTP/2 nanouwho.com/11?rnd=2534665273&z=3203051&b=15936366&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=CFeKQf7sGvjC5hGIE7NAchB7oKqP5Cc3ncmmX9yrLpfnik-PZL0as5gMiZv4yvHaXskErnTHjijuRsPg-AFQb5DdkOMR3Ys3d0u87q4G7Ta0p47ar1hLbuL2HaAYQiRqxPPg3zdYJINrl-SKOOZY8ClR_2upkkm7yS_bnxkq6SYuOBlxwqMwrej12dACLSedHBhnR4YaGwSusI1C6LXNtXRDzxw7rUnNnEJ-lZyeMyLMbj8Y5U59PAcEpEuymRKoEYrZyUGzucU6b76Uf7utBIasvLcQuA8mGI_vf4sHcadXXzHuYLO57pU6IDKZqD5cbyK2glBrN8rbfygQ2stRVRyDxWvl1PWk1vEECVQy-1pryntfp4-gXMO_bNnHrWj_p1xVnlaosLtliqgQdujDBbfOVVhIZFK7FKEIpxNRz1GVuZu1GaPE5XJM2rYbIhLnJR21ELgDX0pPO1CP7kxdJME1Gk-vrR46epVk7_uVUJxj3vT6GoMwacmE_AtTbG_XBd5wEA==&ruid=b9b203c4-9c29-4ac0-9248-24aec7162425&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.yt%2Fe%2F496v7y7iwx8qlwfa4mhtf7h6kqzuc0h&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /11?rnd=2534665273&z=3203051&b=15936366&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=CFeKQf7sGvjC5hGIE7NAchB7oKqP5Cc3ncmmX9yrLpfnik-PZL0as5gMiZv4yvHaXskErnTHjijuRsPg-AFQb5DdkOMR3Ys3d0u87q4G7Ta0p47ar1hLbuL2HaAYQiRqxPPg3zdYJINrl-SKOOZY8ClR_2upkkm7yS_bnxkq6SYuOBlxwqMwrej12dACLSedHBhnR4YaGwSusI1C6LXNtXRDzxw7rUnNnEJ-lZyeMyLMbj8Y5U59PAcEpEuymRKoEYrZyUGzucU6b76Uf7utBIasvLcQuA8mGI_vf4sHcadXXzHuYLO57pU6IDKZqD5cbyK2glBrN8rbfygQ2stRVRyDxWvl1PWk1vEECVQy-1pryntfp4-gXMO_bNnHrWj_p1xVnlaosLtliqgQdujDBbfOVVhIZFK7FKEIpxNRz1GVuZu1GaPE5XJM2rYbIhLnJR21ELgDX0pPO1CP7kxdJME1Gk-vrR46epVk7_uVUJxj3vT6GoMwacmE_AtTbG_XBd5wEA==&ruid=b9b203c4-9c29-4ac0-9248-24aec7162425&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.yt%2Fe%2F496v7y7iwx8qlwfa4mhtf7h6kqzuc0h&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.yt
Connection: keep-alive
Referer: https://dood.yt/
Cookie: scm=1; OAID=256a18d1e3b84a6eb852d4f50a9ea49e; oaidts=1679546212
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 04:36:53 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://dood.yt
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 5b49d0f2386dff5370ea7d535a769767
access-control-expose-headers: X-Sc
set-cookie: OAID=256a18d1e3b84a6eb852d4f50a9ea49e; expires=Fri, 22 Mar 2024 04:36:53 GMT; secure; SameSite=None
oaidts=1679546212; expires=Fri, 22 Mar 2024 04:36:53 GMT; secure; SameSite=None
oaidvc=1; expires=Fri, 22 Mar 2024 04:36:53 GMT; secure; SameSite=None
CNT=1_v1_bivzAAEAAADvSwAA; expires=Thu, 23 Mar 2023 05:36:53 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
i.doodcdn.com/theme_2/img/loader.svg
104.21.34.210301 Moved Permanently 0 B URL HTTP/2 i.doodcdn.com/theme_2/img/loader.svg
IP 104.21.34.210:0
GET /theme_2/img/loader.svg HTTP/1.1
Host: i.doodcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://i.doodcdn.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Thu, 23 Mar 2023 04:36:51 GMT
location: https://i.doodcdn.co/theme_2/img/loader.svg
cache-control: max-age=3600
expires: Thu, 23 Mar 2023 05:36:51 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zWzyRh%2BhuH72kxxNbfdAxQ5ZxYtbigMJ%2Fe4gG0fbArybJsUsp7Jsw4%2BqDZfNexB8lQrIgacxk99TYgZkbGtfZelOAX%2FCb8Cozbcx%2BEYcl%2BFJYHlVtx%2Fm146gwiOvfy1T"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac3f9cbab58b505-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.205302 Found 0 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.205:0
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.yt/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 23 Mar 2023 04:36:51 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AQMjQ7QBJPgUs4xLrI_LUNKdtyWvSomg9xiIBggyTR6tNqJoQYJndycNxhkZCmcaBLmsuI_ZXAWbrg
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSigninPassiveLoginHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSigninPassiveLoginHttp/external"}]}, {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-mqprLBVWkfvKSfy2OgpwnQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy: unsafe-none; report-to="AccountsSigninPassiveLoginHttp"
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-type: application/binary
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
set-cookie: __Host-GAPS=1:qg4UF68Hir9Fk9aIs0r6wBzJofSScg:Y1cn8hyPjIxZcGwk; Expires=Sat, 22-Mar-2025 04:36:51 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
interstitial-07.com/?l=YR7WEoN1Dpobtqo&cd_meta_crid=50538&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D1398681016%26z%3D3203051%26b%3D15936366%26c%3D6377955%26var%3D%26d%3Dhttps%253A%252F%252Fbeesy.pro%253Fzoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%2526country%253D%257Bcountry%257D%2526browser%253D%257Bbrowser%257D%2526campaignid%253D%257Bcampaignid%257D%2526cost%253D%257Bcost%257D%2526clickid%253D%2524%257BSUBID%257D%26cln%3D1%26btp%3D7%26rb%3DCFeKQf7sGvjC5hGIE7NAchB7oKqP5Cc3ncmmX9yrLpfnik-PZL0as5gMiZv4yvHaXskErnTHjijuRsPg-AFQb5DdkOMR3Ys3d0u87q4G7Ta0p47ar1hLbuL2HaAYQiRqxPPg3zdYJINrl-SKOOZY8ClR_2upkkm7yS_bnxkq6SYuOBlxwqMwrej12dACLSedHBhnR4YaGwSusI1C6LXNtXRDzxw7rUnNnEJ-lZyeMyLMbj8Y5U59PAcEpEuymRKoEYrZyUGzucU6b76Uf7utBIasvLcQuA8mGI_vf4sHcadXXzHuYLO57pU6IDKZqD5cbyK2glBrN8rbfygQ2stRVRyDxWvl1PWk1vEECVQy-1pryntfp4-gXMO_bNnHrWj_p1xVnlaosLtliqgQdujDBbfOVVhIZFK7FKEIpxNRz1GVuZu1GaPE5XJM2rYbIhLnJR21ELgDX0pPO1CP7kxdJME1Gk-vrR46epVk7_uVUJxj3vT6GoMwacmE_AtTbG_XBd5wEA%3D%3D%26bag%3DKh3ZNesuHwchFbOw831bEA%3D%3D%26ruid%3Db9b203c4-9c29-4ac0-9248-24aec7162425%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fdood.yt%252Fe%252F496v7y7iwx8qlwfa4mhtf7h6kqzuc0h%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
139.45.197.152200 OK 0 B URL HTTP/2 interstitial-07.com/?l=YR7WEoN1Dpobtqo&cd_meta_crid=50538&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D1398681016%26z%3D3203051%26b%3D15936366%26c%3D6377955%26var%3D%26d%3Dhttps%253A%252F%252Fbeesy.pro%253Fzoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%2526country%253D%257Bcountry%257D%2526browser%253D%257Bbrowser%257D%2526campaignid%253D%257Bcampaignid%257D%2526cost%253D%257Bcost%257D%2526clickid%253D%2524%257BSUBID%257D%26cln%3D1%26btp%3D7%26rb%3DCFeKQf7sGvjC5hGIE7NAchB7oKqP5Cc3ncmmX9yrLpfnik-PZL0as5gMiZv4yvHaXskErnTHjijuRsPg-AFQb5DdkOMR3Ys3d0u87q4G7Ta0p47ar1hLbuL2HaAYQiRqxPPg3zdYJINrl-SKOOZY8ClR_2upkkm7yS_bnxkq6SYuOBlxwqMwrej12dACLSedHBhnR4YaGwSusI1C6LXNtXRDzxw7rUnNnEJ-lZyeMyLMbj8Y5U59PAcEpEuymRKoEYrZyUGzucU6b76Uf7utBIasvLcQuA8mGI_vf4sHcadXXzHuYLO57pU6IDKZqD5cbyK2glBrN8rbfygQ2stRVRyDxWvl1PWk1vEECVQy-1pryntfp4-gXMO_bNnHrWj_p1xVnlaosLtliqgQdujDBbfOVVhIZFK7FKEIpxNRz1GVuZu1GaPE5XJM2rYbIhLnJR21ELgDX0pPO1CP7kxdJME1Gk-vrR46epVk7_uVUJxj3vT6GoMwacmE_AtTbG_XBd5wEA%3D%3D%26bag%3DKh3ZNesuHwchFbOw831bEA%3D%3D%26ruid%3Db9b203c4-9c29-4ac0-9248-24aec7162425%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fdood.yt%252Fe%252F496v7y7iwx8qlwfa4mhtf7h6kqzuc0h%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
IP 139.45.197.152:0
GET /?l=YR7WEoN1Dpobtqo&cd_meta_crid=50538&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D1398681016%26z%3D3203051%26b%3D15936366%26c%3D6377955%26var%3D%26d%3Dhttps%253A%252F%252Fbeesy.pro%253Fzoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%2526country%253D%257Bcountry%257D%2526browser%253D%257Bbrowser%257D%2526campaignid%253D%257Bcampaignid%257D%2526cost%253D%257Bcost%257D%2526clickid%253D%2524%257BSUBID%257D%26cln%3D1%26btp%3D7%26rb%3DCFeKQf7sGvjC5hGIE7NAchB7oKqP5Cc3ncmmX9yrLpfnik-PZL0as5gMiZv4yvHaXskErnTHjijuRsPg-AFQb5DdkOMR3Ys3d0u87q4G7Ta0p47ar1hLbuL2HaAYQiRqxPPg3zdYJINrl-SKOOZY8ClR_2upkkm7yS_bnxkq6SYuOBlxwqMwrej12dACLSedHBhnR4YaGwSusI1C6LXNtXRDzxw7rUnNnEJ-lZyeMyLMbj8Y5U59PAcEpEuymRKoEYrZyUGzucU6b76Uf7utBIasvLcQuA8mGI_vf4sHcadXXzHuYLO57pU6IDKZqD5cbyK2glBrN8rbfygQ2stRVRyDxWvl1PWk1vEECVQy-1pryntfp4-gXMO_bNnHrWj_p1xVnlaosLtliqgQdujDBbfOVVhIZFK7FKEIpxNRz1GVuZu1GaPE5XJM2rYbIhLnJR21ELgDX0pPO1CP7kxdJME1Gk-vrR46epVk7_uVUJxj3vT6GoMwacmE_AtTbG_XBd5wEA%3D%3D%26bag%3DKh3ZNesuHwchFbOw831bEA%3D%3D%26ruid%3Db9b203c4-9c29-4ac0-9248-24aec7162425%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fdood.yt%252Fe%252F496v7y7iwx8qlwfa4mhtf7h6kqzuc0h%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.yt/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 04:36:52 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.25
set-cookie: reverse=EmSmMIuNOGPuc_KcfJIzMTLUvSupeGqFo-14WVKbyhA; expires=Thu, 23-Mar-2023 05:36:52 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2
ku2d3a7pa8mdi.com/BNM/BNM.php?c=1799975
62.122.171.6200 OK 0 B URL HTTP/2 ku2d3a7pa8mdi.com/BNM/BNM.php?c=1799975
IP 62.122.171.6:0
Analyzer Verdict Alert quad9 Sinkholed
GET /BNM/BNM.php?c=1799975 HTTP/1.1
Host: ku2d3a7pa8mdi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://dood.yt/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 04:36:51 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-route-id: check.sumbit.dl
set-cookie: UID=23032223368c1b809032fd4e3ab16c2c82cf; Path=/; Expires=Fri, 22 Mar 2024 04:36:51 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
216.58.207.205302 Found 0 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 216.58.207.205:0
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.yt/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 23 Mar 2023 04:36:51 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AWnogHdxj_gnoYOXaxv8jpyL2_Fd6ERf_A-fvOIpq55FgwjKTCw1TXSTVaPKaBAJeHJ6x2je9LIanQ
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: unsafe-none; report-to="AccountsSigninPassiveLoginHttp"
report-to: {"group":"AccountsSigninPassiveLoginHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSigninPassiveLoginHttp/external"}]}, {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-l_z409B-ds2PVEw8LiQEHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /cspreport
content-type: application/binary
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
set-cookie: __Host-GAPS=1:Wlm57fEEm7XPP-xh1RPpVWcoRMlTOw:ChTUMZurOVL28ZOd; Expires=Sat, 22-Mar-2025 04:36:51 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.173.27200 OK 0 B IP 172.64.173.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dood.yt/
Origin: https://dood.yt
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 23 Mar 2023 04:36:51 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://dood.yt
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 2269
last-modified: Thu, 23 Mar 2023 03:59:02 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TeoJprrZXMoF1ECx0xHt8RlU2VQ02WyL2GXTKZp6k12lCKY1Y8NRG6RFKn91I9SFl5a4XpB3kPy%2FD%2BLT7VRfuDUO73RY8xQnwYidj879Jx0RMEbWm5IGnvZrX8261Dnk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac3f9cd9a3a7463-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
upgulpinon.com/9?z=5030496&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.yt%2Fe%2F496v7y7iwx8qlwfa4mhtf7h6kqzuc0h&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=256a18d1e3b84a6eb852d4f50a9ea49e
139.45.197.242200 OK 0 B URL HTTP/2 upgulpinon.com/9?z=5030496&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.yt%2Fe%2F496v7y7iwx8qlwfa4mhtf7h6kqzuc0h&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=256a18d1e3b84a6eb852d4f50a9ea49e
IP 139.45.197.242:0
POST /9?z=5030496&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.yt%2Fe%2F496v7y7iwx8qlwfa4mhtf7h6kqzuc0h&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=256a18d1e3b84a6eb852d4f50a9ea49e HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 87
Origin: https://dood.yt
Connection: keep-alive
Referer: https://dood.yt/
Cookie: scm=1; OAID=fae3ff5530a04538af6a4c53f72d7a5e; oaidts=1679546212
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 04:36:52 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://dood.yt
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 513881730d04f05d21cd8feb9d05c6ef
access-control-expose-headers: X-Sc
set-cookie: OAID=256a18d1e3b84a6eb852d4f50a9ea49e; expires=Fri, 22 Mar 2024 04:36:52 GMT; secure; SameSite=None
oaidts=1679546212; expires=Fri, 22 Mar 2024 04:36:52 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.200.35:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.yt/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: WLjly0jbNCOJ1Wqbs1qPQSQS9h2rFOYgnsyprBygEeSeU23Grkp51eC0lVmzX3EU2nxMrZg1p9VSOXoB4h14/g==
date: Thu, 23 Mar 2023 04:36:51 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2