{"report_id":"394e93a1-8fa1-480c-9c2f-33971ad9d254","version":0,"status":"done","tags":[],"date":"2026-07-12T18:17:15Z","url":{"schema":"http","addr":"dorado.best/register","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"172.67.170.139","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"dorado.best/register","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"title":"Dorado - Crypto Games | Crypto Gambling","dom":{"size":253801,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (65534), with no line terminators","md5":"b15523fc08c3291a2270afc1efff91f9","sha1":"ab3f9ba8905b4a75400b8843c83c0e8a62b47b67","sha256":"a47b0587fcc46fc7defce487a1825616f5d21d74bd3fe68be19edb75647b029a","sha512":"209ddc5046464fd4b0210e015bcb05fd41cc64b9ad06701900f6eb89c72a48f6811ed40856b1ff15ec74f66c262fbb1603cef1da4cdc533fd9c0f988db59ba92","ssdeep":"6144:0EgIWJjdEz4ZWUFSccsr6KIsLRoA3AJsi8Tpqi:06cBEMsOSehIsLRoA3Ah8T8i","tlshash":"2644f98db9c3788ab32675b9403731dab73e5c5c408cd90ef650a4e578b07984b2bde9","dom_hash":"domhash8fda0f5906b59d05dca2943c46c6b9ae","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"dorado.best/register","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"172.67.170.139","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-16T18:17:15Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"dorado.best","ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-05-27","domain_rank":0,"first_seen":"2026-07-10T22:56:50.962087Z","last_seen":"2026-07-10T22:56:50.962088Z","alert_count":33,"request_count":33,"received_data":9212554,"sent_data":14977,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"challenges.cloudflare.com","ip":{"addr":"104.18.95.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":11393,"first_seen":"2021-10-20T05:02:03Z","last_seen":"2026-07-05T23:33:46.327486Z","alert_count":0,"request_count":2,"received_data":331411,"sent_data":1093,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"get.geojs.io","ip":{"addr":"104.26.1.100","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-02-18","domain_rank":99948,"first_seen":"2017-03-30T18:44:25Z","last_seen":"2026-07-10T22:56:50.77206Z","alert_count":0,"request_count":1,"received_data":989,"sent_data":434,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"dorado.best/register","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-07-13T08:14:01.093176Z","times_seen":719559,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/assets/js/CAVOPnXO.js","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9e9635563c4bce67f63540fcef7e6925","sha1":"c036ce9804d1f94b0b6154f1a6e288809e66913e","sha256":"48f6f8dbb912f7f2b5093252e8072cafd6776bf5580355c9a9ca06e1023ee5fe","sha512":"e4b23ce5ea341c46f04dad397515de97db57499c4f722db7b63a9b385ca164324324f5a41f28964da658432871f7dca2a6568ee47a679bafd6f1ee574655322a","ssdeep":"","tlshash":"a7014c572a64a6b61297d1c6c4395585d204743d9874b0d49ba88de695c004624a5f37","size":695,"data":"","first_seen":"2026-05-11T18:13:57.943497Z","last_seen":"2026-07-12T22:04:21.094701Z","times_seen":15,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/register","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-07-13T08:05:45.994613Z","times_seen":232878,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/api.js","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.95.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"15221d51bd292126fd260c66336db19c","sha1":"d0ca22a3b568b71997d266bf6fe48bdedd932807","sha256":"90acf284e78ceb1183e080909b7558617bd981480fd3000ae1b433d5eb28c459","sha512":"7477e39dc11f4c71e65ca6192e71a74cad6d93b8b4ba702fdac40ea0af2029b6b8f395aae2b20c0c39a8f31d1e1f32db92a9b41632e4e2da5624d7b0d9fddb8f","ssdeep":"1536:tM5A+jXSq5RDMDpydrdopXOe1H05V46MlsgV0Dixw5MB:tEuYR0ydrMXOe1U8lP0Dixw5MB","tlshash":"81732bc472aa7862139ac0f4913b6753b3257d3aa84c8850d467dc653b7cd869233fba","size":75049,"data":"","first_seen":"2026-07-09T15:43:08.802758Z","last_seen":"2026-07-13T00:17:01.035981Z","times_seen":6287,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/register","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"db51f547e865ac830a6beb695df47422","sha1":"b9f385abc057668d1f5ccde31a2d35c756c7817e","sha256":"755a36cd76e3332c5d2441ef914f9c1c8c59382241d3ec5a1d82378523b054a8","sha512":"7d3890025d4d1b497bfd795cbef67d466e5be796294732a902d4e34fd139a1351b36c125131afb9a7de36bcf27423b451938bb63ddba677ae77274bfb76481b5","ssdeep":"","tlshash":"3251132b1a4f7c583676e12b4739f108625700ab5d2697127b8c5b6fafe171c8020fee","size":3015,"data":"","first_seen":"2026-06-18T23:16:26.676552Z","last_seen":"2026-07-12T22:04:21.101278Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/register","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d7b2a76fa75b085dec33ad8b157107a9","sha1":"7da90ab346f2b256aad90f8a89826e66ba381877","sha256":"dac241a2ccf88791a28dbecd974632bcef5eae74b551659817fab0ccfa54f24f","sha512":"3f48562defefbd91003526680a258d0320676a12ae2168b210f1781323ba134dcb19072cb3c50cae873f65452daed7190067d2bd8ba677ebb80bf38810616eff","ssdeep":"","tlshash":"1911009d8a3322a02b26314a1bffb254b478007b4444e40e758cea4cafd4e20c1d7ea9","size":1016,"data":"","first_seen":"2026-06-18T23:16:26.677855Z","last_seen":"2026-07-12T22:04:21.101856Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/assets/js/DCKxLHEB.js","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6dfca59875be46db21197758a34cece6","sha1":"2559f01e9a30f06d485c6d24694ad1d17c9c8624","sha256":"612b4d1a71544a5e50bc973f2fd7d47bc76e5a2360374312d81b83eb14fa8896","sha512":"2e4652990475ba9e51f1a13714f065beca8514c03b22f6d24f448bbbcf5f99098b385f7125470102b26783ead9102e3728018d9d7a7d96edf24b40d8b4aad31f","ssdeep":"768:T2hqMS9m5P2S+riimzJomTDQILSsKGG/vVZsiCtyF+hR:T28Cpo7hseV+y4b","tlshash":"6bc2a4da7393f22b0ee28891c07e4112f134691574174068b6ac5ee6bda59cfb4bef30","size":26830,"data":"","first_seen":"2026-07-08T05:34:52.849045Z","last_seen":"2026-07-12T22:04:21.075452Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/assets/js/BV1_Eelu.js","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"27746c4500d3517b3f7fcb9447d7506b","sha1":"cf606d8c76faf2ee04c8fc1e1574d72a785c7fef","sha256":"ae9a2c4c8b2325da05bfc884d1a130ca8e6e716c193e24ac8d9924929ea63a6c","sha512":"ff71739756fccf38504aa3e73c42690f60570cfc082e664b17125b9b540a4f0b0983a9e707f4b8b0b10ae3198362b5edf2ddac5e6a973df2d6e1593699cb87e8","ssdeep":"192:jGtQKVrQNVpRucdtTtuTVMjYWUIGv2vlUi8041AboMMNKi5vIP0c2HE8MpnoJ0RT:jGtQKaFtkTVMjPUovMKROQmqVv0Vvw6C","tlshash":"b932fa79672c52fcb753c5acab3b9072972ec5b8727ed2b04c6fca7150a3580d1ab450","size":11752,"data":"","first_seen":"2026-07-08T05:34:52.830797Z","last_seen":"2026-07-12T22:04:21.076587Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/f/av0/rch/gldyy/0x4AAAAAADwDwQtgnyf4eRrP/dark/fbE/new/normal?lang=auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.95.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"95c6a63c8242fbff8d28c77e36ca4152","sha1":"209b60b0a827a36b7242708b152aa6174db1bc61","sha256":"6179e4d7cc287237ef1e687b270e364a13ef6ab2174785dc1a65a91c96934079","sha512":"6a556c0aa5753ec288828c47f10011f91eff47ff057f53c216177c3ffa9e994960159e3e5a1c659e9b8c263a71aa99b64901fddab765929524936041ac2140ba","ssdeep":"6144:uEgIWJjdEz4ZWUFSccsr6KIsLRoA3AJsi8Tpqi:u6cBEMsOSehIsLRoA3Ah8T8i","tlshash":"3134f98db9c3788ab32635b9403731dab77e5c5c408cd90ef650a4e578b07984b2bde9","size":236214,"data":"","first_seen":"2026-07-12T18:17:21.568676Z","last_seen":"2026-07-12T18:17:21.568676Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/f/av0/rch/gldyy/0x4AAAAAADwDwQtgnyf4eRrP/dark/fbE/new/normal?lang=auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.95.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"9e925e9341b490bfd3b4c4ca3b0c1ef2","sha1":"c2543fff3bfa6f144c2f06a7de6cd10c0b650cae","sha256":"1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408","sha512":"1f4be9bd3c61e621ef43bb2e0a2d7836786f730e4e0e6aa546899bceab0571904dfc6efc94c1324b1a22ae446f0a995b533054b1dbd09d0cda03e0985786d59a","ssdeep":"","tlshash":"2a30000000000003000c00000000000000000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:43Z","last_seen":"2026-07-13T08:17:17.703723Z","times_seen":773046,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/assets/js/CbzW0EQV.js","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1823427a599b4012fc6a9c56cc04b828","sha1":"ebb5294b68c2a33bd9c834d4536fd32784e2a8c0","sha256":"a953e98dc8946e30632f16be48f61483534fcec07aed608a8dad5fb340ae5b64","sha512":"b37163eadd7dfaf9a62ef6e08e11b4e2b3c0ac3b9dda142094a1737008da5387d47ad975a769072f2b8a26d2d8119f6195d6a20b9dc752d4447fdec8f7bc709b","ssdeep":"1536:BtSr+tsQtS3t/tWcwGRpo72uwRBma6pOCtBT1s0:BtSr+tsQtS3t/t5xRpo72Dma6BtBT1s0","tlshash":"49830100e099bfedf97618d5546e900c722f2b84d70e48a5bab87c35269e0c17b57fca","size":81788,"data":"","first_seen":"2026-07-10T09:32:37.408065Z","last_seen":"2026-07-12T22:04:21.082387Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/assets/js/Dv62VFuI.js","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f6fbd13c7b677d45c098edc9291fde1a","sha1":"696a113287004ab2a7b73ae0f24a0bdd07c1c44e","sha256":"780cc91916a954c025a8b5ef1110140d57ec4d8e1720105aff400f1d51863814","sha512":"fef510fec8b50ef49df0f3e5946d4221bf2f9449ae513ce1ed5d0cf0c53b916989a5fb7eb734088f094c7d9f2aab3839536be85923419d02b7c33a16cf5a44c2","ssdeep":"1536:JA0floTi2S7kVNTWmttvs+7Y4xGGyZ69fjw/BXoiD8I5oV48smHMvZRCUKLfq5N6:9vqLMym5NvsHPWW","tlshash":"c843090af299b26a47f334d2393f450de23e0ec0799e8091b97994861df150a977bf2d","size":58916,"data":"","first_seen":"2026-07-10T09:32:37.428428Z","last_seen":"2026-07-12T22:04:21.096302Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/assets/js/o9vGyEoy.js","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3c8b6236c40d941967f1d9ef2923f5b8","sha1":"f6bf4e8361a441e1c34a0f492979cac95c964fbb","sha256":"d5d3e0680f3f3de279bf3c7a57f716ab5ea45e1f30d7ffdc7fe1fc3012b3be2b","sha512":"0d74bfd98c90fab5dc785eb2b223ebbbfeb8e472c35b7739c66195bf657e1cfe0b07681ec1905d81a8a34b0378dc435860bcd7ed16f6c024ea6a94813824368f","ssdeep":"3072:3r/tGcffshpFx58FMKxE5jZRccKn9ncsCYI+CxGhs4P6yfnDfvTF6mcELBMxdB6E:3WfpjTKnVqmsnRgFl+YrNk","tlshash":"44645d18e1857ebde57312c2346f920db23d0f84e94a84a5e9bcdc2815a9584f327bed","size":309477,"data":"","first_seen":"2026-07-10T09:32:37.39721Z","last_seen":"2026-07-12T22:04:21.085554Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/api/v1/analytics/tracker.js","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6ce5a213e70c1ce00dc0e57c1701ce22","sha1":"5cdc7310a2092464d280068b7ced49bd8e2beb3a","sha256":"4ce69e6485c3ed37d5ec98744ccd17f0552bae2a8befc39fefd11d93620ef59c","sha512":"167c03db64550836cae3564d5b039c4e8a3d17b1100acea2091e48b1515d312fa24c134531d8dfee4f860204b6ff8b456752e991e4d0d39ba0c49e64b23d995c","ssdeep":"192:youZKubFPI1ACY7zrrHBCb3WCqfqfIZ3xbDf++m:EZKuFbCSHrHnf6","tlshash":"92f1e2b9a9eb30b471a3f03ca7af600571767183341dca01ba9db5002fde5198675ef9","size":8056,"data":"","first_seen":"2026-06-18T23:16:26.64408Z","last_seen":"2026-07-12T22:04:21.072333Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/assets/js/CuJfd-yq.js","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a80d79b06e4482665a657ac1de4ddb49","sha1":"9f8886cfb9c79f5aae61043b7158d07107709cd1","sha256":"a00eefb2f5fb518fbaaaa9ca4df046906ebb0c6ae4bfd800dd0f9b561d1d2e65","sha512":"a680dd9f3b38c03d0548709b18835fafeb238396e5cbb49458f34a4d271b5bf674df200600795d4c5ea5e292637ef16d013f4a8ae192ec093f110668b6ca417f","ssdeep":"768:O2LSL89rC3QaR0XfLF9+Oh8LXoPRnPh1CFuMdDJSRo4fVY:O2LSLXJILwL4/8n","tlshash":"ded22300e558bffdf53209c945af800cb12f0b85da0e45a4fa787d292a664c57a1bbdf","size":30107,"data":"","first_seen":"2026-07-10T09:32:37.409284Z","last_seen":"2026-07-12T22:04:21.079919Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/static/js/analytics-tracker.js","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6ce5a213e70c1ce00dc0e57c1701ce22","sha1":"5cdc7310a2092464d280068b7ced49bd8e2beb3a","sha256":"4ce69e6485c3ed37d5ec98744ccd17f0552bae2a8befc39fefd11d93620ef59c","sha512":"167c03db64550836cae3564d5b039c4e8a3d17b1100acea2091e48b1515d312fa24c134531d8dfee4f860204b6ff8b456752e991e4d0d39ba0c49e64b23d995c","ssdeep":"192:youZKubFPI1ACY7zrrHBCb3WCqfqfIZ3xbDf++m:EZKuFbCSHrHnf6","tlshash":"92f1e2b9a9eb30b471a3f03ca7af600571767183341dca01ba9db5002fde5198675ef9","size":8056,"data":"","first_seen":"2026-06-18T23:16:26.64408Z","last_seen":"2026-07-12T22:04:21.072333Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/assets/js/2MDc7oUd.js","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3d8c7829b8bc9ac485217d195fcd99e7","sha1":"7a8c475e5107f9aacff483075cfe97560271a459","sha256":"1a9c4cacbca46bc20bed87799ef797b90256cb041a061a5ac6d1c6812b627e6e","sha512":"3902c95d3e20bece01a73fa25d0a797b55750bf59769b08750bc1049dc17526606d957824c752e299e3d05199fafcc81325d58a6042f6d189b4b9ff51bbbffd5","ssdeep":"","tlshash":"41810008b1edafbd756a44877a2f480cf12b3964de392853bdbda46109510d0af27fc9","size":3929,"data":"","first_seen":"2026-07-10T09:32:37.432769Z","last_seen":"2026-07-12T22:04:21.082993Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/assets/js/BdSiXnl-.js","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9dfa3645d86310a4cb0c004f919836d2","sha1":"5189963399179e36910c62f9697770bd484238aa","sha256":"0fe8d6f93df923ec809708a2b256d308f033a42a2c59222059d2fad5b525212f","sha512":"c47aa586e9e5c07525a9477ab0142803ecd0a15d9901cba0708016be5065bed127425282d50d741f6061ab7b72498c63e675d8c1a3b448fe65aff45a859d9fad","ssdeep":"384:ecqOfbAdtyvsX+FjDg3ilnWGJ9Exlw8RKhf9x1Oz7lSMtDvCIqhD2vc7lo2h/ihC:ecqOfsKr91OHl7vCIqNSc7Zh/i2BzvF","tlshash":"d6f2d9b6b241b0144fab13a280b71165f3ba5dee241d403672a8ec9e34f5d4c627ffa5","size":37245,"data":"","first_seen":"2026-07-08T05:34:52.850283Z","last_seen":"2026-07-12T22:04:21.09057Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/assets/js/hm6tICSa.js","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ae7741c4efe78adac26276d4b961e897","sha1":"f5bd78fe7e4ddb4c6b169123b574e53771a277a8","sha256":"9b6a99eac7d29d4e25a8f3d025277b3f8c192c802652b9258558a08efc612b18","sha512":"f8890902f9b23bde79c2c0003a00513071e8d064bd0058710be28cc12ec9af78a4c137366a3504d42c71785a55ac5eac5e64daac893834334681195560c1a3c0","ssdeep":"3072:hpBNVrGm8/xpUP3YiMAFLxMJtIQeEY1Ld5i5sK2EdcNv4ype+Jq:hpBPiTUPBlLceEYNd5wsK2Er","tlshash":"95141aec3955f5126ab312b7009f1807733c252b280d49a0b651fddeb4b845eb17bfaa","size":209246,"data":"","first_seen":"2026-07-08T05:34:52.847808Z","last_seen":"2026-07-12T22:04:21.08606Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"dorado.best/assets/js/2MDc7oUd.js","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:44.911Z","timestamp":1783880204911,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"GET /assets/js/2MDc7oUd.js HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript; charset=utf-8\r\netag: \"djqqm99olf5d315-gzip\"\r\nlast-modified: Sun, 05 Jul 2026 15:20:12 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\ndate: Sun, 12 Jul 2026 18:16:44 GMT\r\nserver-timing: cfExtPri\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=1,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Prhk7pASybnYvicBIlxhNP29OZwAKtAwbwR7fTdvPeypWYhk3lV%2F7GU6Czg%2F2Q0QFNPVvGk5lvKPDMjzYrPl%2BP6IVn9K%2BFt9PSxpMfQ3TtaNHipwOjNMUHKBlfPKxA%3D%3D\"}]}\r\ncf-ray: a1a20a70b93d0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 1434\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3929,"size_decoded":2327,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (3929), with no line terminators","md5":"3d8c7829b8bc9ac485217d195fcd99e7","sha1":"7a8c475e5107f9aacff483075cfe97560271a459","sha256":"1a9c4cacbca46bc20bed87799ef797b90256cb041a061a5ac6d1c6812b627e6e","sha512":"3902c95d3e20bece01a73fa25d0a797b55750bf59769b08750bc1049dc17526606d957824c752e299e3d05199fafcc81325d58a6042f6d189b4b9ff51bbbffd5","ssdeep":"","tlshash":"41810008b1edafbd756a44877a2f480cf12b3964de392853bdbda46109510d0af27fc9","first_seen":"2026-07-10T09:32:37.432769Z","last_seen":"2026-07-12T22:04:21.082993Z","times_seen":6,"resource_available":true,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/api/v1/analytics/track/batch","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://dorado.best/register","date":"2026-07-12T18:17:08.475Z","timestamp":1783880228475,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"POST /api/v1/analytics/track/batch HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nContent-Length: 241\r\nOrigin: https://dorado.best\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":241,"data":"{\"events\":[{\"session_id\":\"f50cbc62b1804976ac6738a3b376ec5d\",\"event_type\":\"heartbeat\",\"page_path\":\"/register\",\"device_type\":\"desktop\",\"os_name\":\"Windows\",\"browser\":\"Firefox\",\"domain_id\":null,\"event_data\":null,\"duration\":null,\"user_id\":null}]}"}},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://dorado.best\r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' wss:; font-src 'self' data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 18:17:08 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0rul2%2B7JIsoeSBn8ZbBNM7EE0wK8xATN5l8llKqD8gPg2LrJuOFq9HBr0q2kHBmycb3U1oi%2BtRq0gayQPK75%2FYG3%2BYP6w9LiMWxUeqHIcWgqDvEK6y4ilF7v71vy%2Bg%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a1a20b040a720883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":36,"size_decoded":1606,"mime_type":"application/json","magic":"JSON text data","md5":"5e0fe72aaab5aa03f78682ef9fbb2e7f","sha1":"f776de56a25101755b468894bea9757f9dbc5c9d","sha256":"70796bda23e30e377b3756062af7464aba0a8495acee59b473ca480a1913cd68","sha512":"4c2323a933ddcae887bd0ba850b948b95577b4706873cb8bb60037f7885ce00af772bcb65aadedac014dc973c4d4270b84b07527339ca658e59e996dc62004d1","ssdeep":"","tlshash":"94800410d0050074744015107000f517151d1033050517c45174150403d401d0173403","first_seen":"2026-04-11T22:57:13.103781Z","last_seen":"2026-07-12T22:04:21.074165Z","times_seen":12,"resource_available":false,"data":null}},"time_used":83,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":82,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/fonts/FixelDisplay-Bold.woff2","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:37.649Z","timestamp":1783880197649,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"GET /fonts/FixelDisplay-Bold.woff2 HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\nserver-timing: cfExtPri\r\ncontent-type: font/woff2\r\netag: \"djqqm934turz1ssg\"\r\nlast-modified: Sun, 05 Jul 2026 15:20:11 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\ndate: Sun, 12 Jul 2026 18:16:37 GMT\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nOtpGmgWZUvX6z8mno8Z80dG%2B0sHmBD91CNvua8jYr2K8P%2FC7GxglV0QIRYSVuw7t443PXDHj%2BpCL0yyNGzIBCe2YghMbg5xWbkretB5MYreKsqgiP9vZyN8SlcW9g%3D%3D\"}]}\r\ncf-ray: a1a20a4358300883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 83968\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":83968,"size_decoded":84798,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), CFF, length 83968, version 1.0","md5":"164db87bdc87f05f791bf8241ce3dc16","sha1":"be1d75951f3dc29059b1369a700b03501a080701","sha256":"bfad27f46a18f35f154121a256c7562c1e9acbd5c88c48035bd88133c9d752d4","sha512":"bea59b86fffd7a44653fc5912c3befd7e74b89f582723418420a12ac1e4456ee599ba0efe257d5d263012a50cf588b4f77941561f14d030cef19b643f87861cc","ssdeep":"1536:a9jqGPqZgSTETFWPb8/5PBDLG9W1iHjLwaPYka43AVi:ajxqZg8EhWDUJGEaxYi3AVi","tlshash":"0d830227fd03d7659ebc928d2a4b3996dd7e1d403148aee46c0decf814ec9a18c8b593","first_seen":"2025-11-20T08:06:51.222475Z","last_seen":"2026-07-12T22:04:21.08502Z","times_seen":19,"resource_available":false,"data":null}},"time_used":255,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":114,"receive":141,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/assets/js/BV1_Eelu.js","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:37.658Z","timestamp":1783880197658,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"GET /assets/js/BV1_Eelu.js HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript; charset=utf-8\r\netag: \"djqqm99olf5d92g-gzip\"\r\nlast-modified: Sun, 05 Jul 2026 15:20:12 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\ndate: Sun, 12 Jul 2026 18:16:37 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TPLTo0pOzmNNJvZ3WUG%2F4suYvC%2FObfX3JUKQEI5ICG%2Bmfu%2B%2FsXgWrDGKlH9tT61qIKsWbU%2BwTC7iAKRJYsYl0JLLf1WqES7yLXUWvcJBz7ZfT2MVNUqDp6ooft07tg%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=1,i=?0\r\ncf-ray: a1a20a4358370883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11752,"size_decoded":5838,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (11752), with no line terminators","md5":"27746c4500d3517b3f7fcb9447d7506b","sha1":"cf606d8c76faf2ee04c8fc1e1574d72a785c7fef","sha256":"ae9a2c4c8b2325da05bfc884d1a130ca8e6e716c193e24ac8d9924929ea63a6c","sha512":"ff71739756fccf38504aa3e73c42690f60570cfc082e664b17125b9b540a4f0b0983a9e707f4b8b0b10ae3198362b5edf2ddac5e6a973df2d6e1593699cb87e8","ssdeep":"192:jGtQKVrQNVpRucdtTtuTVMjYWUIGv2vlUi8041AboMMNKi5vIP0c2HE8MpnoJ0RT:jGtQKaFtkTVMjPUovMKROQmqVv0Vvw6C","tlshash":"b932fa79672c52fcb753c5acab3b9072972ec5b8727ed2b04c6fca7150a3580d1ab450","first_seen":"2026-07-08T05:34:52.830797Z","last_seen":"2026-07-12T22:04:21.076587Z","times_seen":9,"resource_available":true,"data":null}},"time_used":119,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/api/v1/analytics/tracker.js","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:37.663Z","timestamp":1783880197663,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"GET /api/v1/analytics/tracker.js HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-cache, no-store, must-revalidate, no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' wss:; font-src 'self' data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'\r\ncontent-type: application/javascript\r\ndate: Sun, 12 Jul 2026 18:16:37 GMT\r\netag: ae9e082b311f7199c59a97cea164ffd1\r\nlast-modified: Tue, 26 May 2026 00:01:40 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=msl3szeC7jKR50lMMY6HuXRuEwSeu%2F9bpZs%2B5w3lsLIn49qoT%2FpC0Al9fvigqMCkVEbi4GFVUxqSYYMb7%2FR%2FSLChvD%2FCmYVwr5O2qFjN2r2EjXLPQwBLlKRmMdcYAw%3D%3D\"}]}\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1a20a43683b0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8056,"size_decoded":4141,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"6ce5a213e70c1ce00dc0e57c1701ce22","sha1":"5cdc7310a2092464d280068b7ced49bd8e2beb3a","sha256":"4ce69e6485c3ed37d5ec98744ccd17f0552bae2a8befc39fefd11d93620ef59c","sha512":"167c03db64550836cae3564d5b039c4e8a3d17b1100acea2091e48b1515d312fa24c134531d8dfee4f860204b6ff8b456752e991e4d0d39ba0c49e64b23d995c","ssdeep":"192:youZKubFPI1ACY7zrrHBCb3WCqfqfIZ3xbDf++m:EZKuFbCSHrHnf6","tlshash":"92f1e2b9a9eb30b471a3f03ca7af600571767183341dca01ba9db5002fde5198675ef9","first_seen":"2026-06-18T23:16:26.64408Z","last_seen":"2026-07-12T22:04:21.072333Z","times_seen":11,"resource_available":true,"data":null}},"time_used":129,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":129,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/assets/js/CbzW0EQV.js","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:44.908Z","timestamp":1783880204908,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"GET /assets/js/CbzW0EQV.js HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript; charset=utf-8\r\netag: \"djqqm99olf5d1r3w-gzip\"\r\nlast-modified: Sun, 05 Jul 2026 15:20:12 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\ndate: Sun, 12 Jul 2026 18:16:45 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tS%2BJE3YVis830rI2gYHQuxg3IJmhKyEDkWwDN90uTGPhiNYlc0FaroqbA8fhbeKkO4HJog%2Be0nWQvsVC248HZ9y4XuXkJolMMP%2FkysRw22NIiGsd730Ionw85t8pKg%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=1,i=?0\r\ncf-ray: a1a20a70b93b0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":81788,"size_decoded":17928,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65530), with no line terminators","md5":"1823427a599b4012fc6a9c56cc04b828","sha1":"ebb5294b68c2a33bd9c834d4536fd32784e2a8c0","sha256":"a953e98dc8946e30632f16be48f61483534fcec07aed608a8dad5fb340ae5b64","sha512":"b37163eadd7dfaf9a62ef6e08e11b4e2b3c0ac3b9dda142094a1737008da5387d47ad975a769072f2b8a26d2d8119f6195d6a20b9dc752d4447fdec8f7bc709b","ssdeep":"1536:BtSr+tsQtS3t/tWcwGRpo72uwRBma6pOCtBT1s0:BtSr+tsQtS3t/t5xRpo72Dma6BtBT1s0","tlshash":"49830100e099bfedf97618d5546e900c722f2b84d70e48a5bab87c35269e0c17b57fca","first_seen":"2026-07-10T09:32:37.408065Z","last_seen":"2026-07-12T22:04:21.082387Z","times_seen":6,"resource_available":true,"data":null}},"time_used":169,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/crown.svg","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:38.056Z","timestamp":1783880198056,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"GET /crown.svg HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://dorado.best/assets/css/index-RWuAfwbU.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\ncontent-encoding: gzip\r\ncontent-type: image/svg+xml\r\netag: \"djqqm932g4e112y-gzip\"\r\nlast-modified: Sun, 05 Jul 2026 15:20:11 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\ndate: Sun, 12 Jul 2026 18:16:38 GMT\r\nserver-timing: cfExtPri\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XyOZ%2BDOxiQgqJtmRHM%2BdUKqnXIYZ636HxuvkRq%2FG6xzRknIA8dk950wsxWKW72bChCwmalD4fSPvj1qr9Ct8XpnxADAUbLTHnWoc9YXzmLbSS4I4389m0P2SuaPSnA%3D%3D\"}]}\r\ncf-ray: a1a20a45d8a80883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 712\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1402,"size_decoded":1568,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"317a46913b7fe8533a1ec209b528f064","sha1":"1f17e8dbf89a950cc155e7f272b99c5d29fd1ca1","sha256":"b0066d6adadde89c423a24bc759b41b9e180448a38849d7693319a14b6fbe842","sha512":"4470b54cf2a78a79505f8f7d129d242ab5bc687c61d3f8cf33b55f349d432a6dde13476a592d47a79237ec3563acfe8d87388d9a4450aea90051175ac904c38a","ssdeep":"","tlshash":"e82174f9e5b0a5f8b04aeb74ec27b0f570ea18f67ba287d54652a1a0e5540cd408ccc4","first_seen":"2026-06-18T23:16:26.653228Z","last_seen":"2026-07-12T22:04:21.088115Z","times_seen":7,"resource_available":false,"data":null}},"time_used":116,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":116,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/gift.svg","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:38.058Z","timestamp":1783880198058,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"GET /gift.svg HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://dorado.best/assets/css/index-RWuAfwbU.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\ncontent-encoding: gzip\r\ncontent-type: image/svg+xml\r\netag: \"djqqm93lhzhn1z4-gzip\"\r\nlast-modified: Sun, 05 Jul 2026 15:20:11 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\ndate: Sun, 12 Jul 2026 18:16:38 GMT\r\nserver-timing: cfExtPri\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8Rim7YXd3wGCZG3CuqVncGv65tl1HtcdBFWcwGYknUl4rww8U5pePBtez3TuJPwro83wFtyBPNckDQXN40kpYfLhWqTApPisRt4TqBD6aPmiwN4YBTbVwWUd9dSOLQ%3D%3D\"}]}\r\ncf-ray: a1a20a45d8aa0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 1078\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2560,"size_decoded":1929,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"04c20c3ec80a375a0bdb8e40519f9b7f","sha1":"b372f15619cf9b2841bef027b24e4eb3083795b8","sha256":"55cb792559f44868a87d4750955a00a9ff629d5ef654bb840af72ed1a69aef93","sha512":"f71a091d9caa002366bbc5bef245d5d8c33ec4ea67e2709cd17d3903f95c2c5feedb2079a6c2e21bef110d4c6048ecf01bdd8f06d9d00eb3b8187c0467d46959","ssdeep":"","tlshash":"815182f6248c6698cb065371cf6ae765e07b33f47276d0881394bf916d1c63e1989c98","first_seen":"2026-06-18T23:16:26.663435Z","last_seen":"2026-07-12T22:04:21.077246Z","times_seen":7,"resource_available":false,"data":null}},"time_used":116,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":116,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/api/v1/domain/cfg","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:38.086Z","timestamp":1783880198086,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"POST /api/v1/domain/cfg HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nContent-Length: 21\r\nOrigin: https://dorado.best\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":21,"data":"{\"ref\":\"dorado.best\"}"}},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://dorado.best\r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' wss:; font-src 'self' data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 18:16:38 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oxoXXKmHVkaBNQx1wiAFvHynTlwkgod%2By3QwD98ZY1CDrFV8VRKzaUxz7e%2FKV9xmGKmcCzUweL4Kzdq6LDztKoA%2FeVrnTejlpg7PVnJ9tzM%2BpKPvNbMlNtslFmjv5Q%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a1a20a4608af0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":24942,"size_decoded":19126,"mime_type":"application/json","magic":"JSON text data","md5":"b235ae73c8ed9f3208ea2ae5a08238b9","sha1":"84f9408c9fc1ce6b6486c3a264ba059b572ef2e2","sha256":"199951fd0ff4064fc19c1cfd2cfa00fa678aababfe91eb06d8be7c2f2ce6cd91","sha512":"7dd795bfdf7f80594cce6dd66d348857f8abf8ba652b6c18fde73c1d453f70570fc02fb578526d65fc2efe351939dd2171705375433411aa8908463478a4b8e8","ssdeep":"768:h3lCLK8ZeCpFXuiFYAMPq800j/HX8L2kylcdZrEvK1J:h3YPMCPuSMy8TX8rdB8EJ","tlshash":"ceb2e13d76209f38d8160ca87e1fffdc4507e5e8baca312692724075588228ec9dd6e3","first_seen":"2026-07-12T18:17:21.533867Z","last_seen":"2026-07-12T18:17:21.533867Z","times_seen":1,"resource_available":false,"data":null}},"time_used":114,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":95,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/f/av0/rch/gldyy/0x4AAAAAADwDwQtgnyf4eRrP/dark/fbE/new/normal?lang=auto","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.95.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:44.698Z","timestamp":1783880204698,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Jun 2026 20:15:28 GMT","end":"Mon, 14 Sep 2026 21:15:13 GMT"},"fingerprint":{"sha1":"77:27:72:42:CF:51:E8:8C:7C:3E:8C:4C:A1:F0:9A:86:96:B9:0A:16","sha256":"ED:7C:F7:38:B3:0F:00:86:32:D1:14:CE:C0:FF:CA:0E:7C:86:EE:49:51:EF:A4:4B:AA:5C:B6:7C:00:B5:3D:F3"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/g/turnstile/f/av0/rch/gldyy/0x4AAAAAADwDwQtgnyf4eRrP/dark/fbE/new/normal?lang=auto HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Sun, 12 Jul 2026 18:16:44 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npermissions-policy: accelerometer=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),xr-spatial-tracking=*\r\ncontent-security-policy: default-src 'none'; script-src 'nonce-LfznWHS4PQve8R3eyoeCNQ' 'unsafe-eval'; script-src-attr 'none'; worker-src blob:; style-src 'unsafe-inline'; img-src 'self'; connect-src 'self' https://hagen.challenges.cloudflare.com https://brunhild.challenges.cloudflare.com; frame-src 'self' blob:; child-src 'self' blob:; form-action 'none'; base-uri 'self'; trusted-types WMqk0 default; require-trusted-types-for 'script'; sandbox allow-same-origin allow-scripts allow-popups allow-forms\r\ncross-origin-embedder-policy: require-corp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\norigin-agent-cluster: ?1\r\naccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\ncritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA\r\nreferrer-policy: same-origin\r\ndocument-policy: js-profiling\r\npriority: u=6,i=?0\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: a1a20a6f5c5a8deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: 4zfhrmj2;dur=253933, cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":253933,"size_decoded":99670,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (65536), with no line terminators","md5":"0de862f8295ee79ea271a278b08fb624","sha1":"b9d50b0e2c2130b5033915df49e70c3aaf9b6755","sha256":"bf5354e41b29c14f4aaadf282db3467349d37ab8fca9206b6207b119f2e655c8","sha512":"14b4172b9452a12cc0bbe635c4650ea125baf751c95ee7ddb1c25f63eaeed8d71af9190dc31ccd518f76740b7bc084745579bbd6b1a46dc79370544f38fc17f5","ssdeep":"6144:/EgIWJjdEz4ZWUFSccsr6KIsLRoA3AJsi8Tpqi:/6cBEMsOSehIsLRoA3Ah8T8i","tlshash":"a944f98db9c3788ab32675b9403731dab73e5c5c408cd90ef650a4e578b07984b2bde9","first_seen":"2026-07-12T18:17:21.540033Z","last_seen":"2026-07-12T18:17:21.540033Z","times_seen":1,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":14,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/assets/js/CuJfd-yq.js","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:44.915Z","timestamp":1783880204915,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"GET /assets/js/CuJfd-yq.js HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript; charset=utf-8\r\netag: \"djqqm99olf5dn8b-gzip\"\r\nlast-modified: Sun, 05 Jul 2026 15:20:12 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\ndate: Sun, 12 Jul 2026 18:16:45 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FT0SfkR2A8Mxm2VWosJ6vrhdjBWdshv2sbufEt6ZH8cTAW%2B1aZvNgG4oXLdZvNpFThhCvtwojZFgHXyvBHb5waqy80Q%2Fyybxd9qrIm6dHJyTvi6W9J7kORAyK%2Fx3HQ%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=1,i=?0\r\ncf-ray: a1a20a70b93f0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":30107,"size_decoded":8319,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (30105), with no line terminators","md5":"a80d79b06e4482665a657ac1de4ddb49","sha1":"9f8886cfb9c79f5aae61043b7158d07107709cd1","sha256":"a00eefb2f5fb518fbaaaa9ca4df046906ebb0c6ae4bfd800dd0f9b561d1d2e65","sha512":"a680dd9f3b38c03d0548709b18835fafeb238396e5cbb49458f34a4d271b5bf674df200600795d4c5ea5e292637ef16d013f4a8ae192ec093f110668b6ca417f","ssdeep":"768:O2LSL89rC3QaR0XfLF9+Oh8LXoPRnPh1CFuMdDJSRo4fVY:O2LSLXJILwL4/8n","tlshash":"ded22300e558bffdf53209c945af800cb12f0b85da0e45a4fa787d292a664c57a1bbdf","first_seen":"2026-07-10T09:32:37.409284Z","last_seen":"2026-07-12T22:04:21.079919Z","times_seen":6,"resource_available":true,"data":null}},"time_used":116,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":116,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/api/v1/analytics/track/batch","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://dorado.best/register","date":"2026-07-12T18:17:08.479Z","timestamp":1783880228479,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"POST /api/v1/analytics/track/batch HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nContent-Length: 241\r\nOrigin: https://dorado.best\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":241,"data":"{\"events\":[{\"session_id\":\"f50cbc62b1804976ac6738a3b376ec5d\",\"event_type\":\"heartbeat\",\"page_path\":\"/register\",\"device_type\":\"desktop\",\"os_name\":\"Windows\",\"browser\":\"Firefox\",\"domain_id\":null,\"event_data\":null,\"duration\":null,\"user_id\":null}]}"}},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://dorado.best\r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' wss:; font-src 'self' data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 18:17:08 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jcYj2flHb86t1tUgcUr9IyiJ54Q%2Fv4B1pp6P7MjwKFm3g2fQmOLNnbAZnYd9nI8zf8n5IhUlWvSdUz%2FgNIt1sQjnWqI19sOG%2FvoKv3eDGBIGztWSC8JYoqeQjVhCyg%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a1a20b040a730883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":36,"size_decoded":1602,"mime_type":"application/json","magic":"JSON text data","md5":"5e0fe72aaab5aa03f78682ef9fbb2e7f","sha1":"f776de56a25101755b468894bea9757f9dbc5c9d","sha256":"70796bda23e30e377b3756062af7464aba0a8495acee59b473ca480a1913cd68","sha512":"4c2323a933ddcae887bd0ba850b948b95577b4706873cb8bb60037f7885ce00af772bcb65aadedac014dc973c4d4270b84b07527339ca658e59e996dc62004d1","ssdeep":"","tlshash":"94800410d0050074744015107000f517151d1033050517c45174150403d401d0173403","first_seen":"2026-04-11T22:57:13.103781Z","last_seen":"2026-07-12T22:04:21.074165Z","times_seen":12,"resource_available":false,"data":null}},"time_used":85,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":83,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/assets/js/DCKxLHEB.js","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:37.655Z","timestamp":1783880197655,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"GET /assets/js/DCKxLHEB.js HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript; charset=utf-8\r\netag: \"djqqm99olf5dkpa-gzip\"\r\nlast-modified: Sun, 05 Jul 2026 15:20:12 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\ndate: Sun, 12 Jul 2026 18:16:37 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LajuPKovvdiXL6xhI7b5HuQLnu%2BqpjfcoNq%2Bd%2B4xW9I6QJEBDFkSgmZQ3udq5R9I6F4MIDavQr3U43OYyBT106l9Mf2dV4uayqWkZE2TMMrzhodn9GB411BkVOZDrw%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=1,i=?0\r\ncf-ray: a1a20a4358350883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26830,"size_decoded":9029,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (26830), with no line terminators","md5":"6dfca59875be46db21197758a34cece6","sha1":"2559f01e9a30f06d485c6d24694ad1d17c9c8624","sha256":"612b4d1a71544a5e50bc973f2fd7d47bc76e5a2360374312d81b83eb14fa8896","sha512":"2e4652990475ba9e51f1a13714f065beca8514c03b22f6d24f448bbbcf5f99098b385f7125470102b26783ead9102e3728018d9d7a7d96edf24b40d8b4aad31f","ssdeep":"768:T2hqMS9m5P2S+riimzJomTDQILSsKGG/vVZsiCtyF+hR:T28Cpo7hseV+y4b","tlshash":"6bc2a4da7393f22b0ee28891c07e4112f134691574174068b6ac5ee6bda59cfb4bef30","first_seen":"2026-07-08T05:34:52.849045Z","last_seen":"2026-07-12T22:04:21.075452Z","times_seen":9,"resource_available":true,"data":null}},"time_used":122,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/api/v1/analytics/track/batch","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:37.987Z","timestamp":1783880197987,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"POST /api/v1/analytics/track/batch HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nContent-Length: 245\r\nOrigin: https://dorado.best\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":245,"data":"{\"events\":[{\"session_id\":\"f50cbc62b1804976ac6738a3b376ec5d\",\"event_type\":\"session_start\",\"page_path\":\"/register\",\"device_type\":\"desktop\",\"os_name\":\"Windows\",\"browser\":\"Firefox\",\"domain_id\":null,\"event_data\":null,\"duration\":null,\"user_id\":null}]}"}},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://dorado.best\r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' wss:; font-src 'self' data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 18:16:38 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OO%2BAlnXuiyM3uyMEoiqwinKyitDaOG01J23XMTF0eKt8Q%2FiKXvuMYOFzETODjxxa2YVXP2vJU4DksDo%2FYSjVPCGhY2rYG1uV4vcpwk9LZGcFopt22%2Fsdvt4AEFmlYQ%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a1a20a4568910883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":36,"size_decoded":1604,"mime_type":"application/json","magic":"JSON text data","md5":"5e0fe72aaab5aa03f78682ef9fbb2e7f","sha1":"f776de56a25101755b468894bea9757f9dbc5c9d","sha256":"70796bda23e30e377b3756062af7464aba0a8495acee59b473ca480a1913cd68","sha512":"4c2323a933ddcae887bd0ba850b948b95577b4706873cb8bb60037f7885ce00af772bcb65aadedac014dc973c4d4270b84b07527339ca658e59e996dc62004d1","ssdeep":"","tlshash":"94800410d0050074744015107000f517151d1033050517c45174150403d401d0173403","first_seen":"2026-04-11T22:57:13.103781Z","last_seen":"2026-07-12T22:04:21.074165Z","times_seen":12,"resource_available":false,"data":null}},"time_used":86,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":84,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/api/v1/analytics/track/batch","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:37.989Z","timestamp":1783880197989,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"POST /api/v1/analytics/track/batch HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nContent-Length: 241\r\nOrigin: https://dorado.best\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":241,"data":"{\"events\":[{\"session_id\":\"f50cbc62b1804976ac6738a3b376ec5d\",\"event_type\":\"page_view\",\"page_path\":\"/register\",\"device_type\":\"desktop\",\"os_name\":\"Windows\",\"browser\":\"Firefox\",\"domain_id\":null,\"event_data\":null,\"duration\":null,\"user_id\":null}]}"}},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://dorado.best\r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' wss:; font-src 'self' data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 18:16:38 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BfIhWN%2B9qToh85WrQdRP743hvde2u1nL3VUUHG7obw8L%2BVubk6pJQ0A6QXDAaj84zbEA7GbhT%2BR8vcIG67bqURsNu0yjjQVgfer498CiTSw%2BccicGh45pGpqH5Y7CA%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a1a20a4578920883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":36,"size_decoded":1606,"mime_type":"application/json","magic":"JSON text data","md5":"5e0fe72aaab5aa03f78682ef9fbb2e7f","sha1":"f776de56a25101755b468894bea9757f9dbc5c9d","sha256":"70796bda23e30e377b3756062af7464aba0a8495acee59b473ca480a1913cd68","sha512":"4c2323a933ddcae887bd0ba850b948b95577b4706873cb8bb60037f7885ce00af772bcb65aadedac014dc973c4d4270b84b07527339ca658e59e996dc62004d1","ssdeep":"","tlshash":"94800410d0050074744015107000f517151d1033050517c45174150403d401d0173403","first_seen":"2026-04-11T22:57:13.103781Z","last_seen":"2026-07-12T22:04:21.074165Z","times_seen":12,"resource_available":false,"data":null}},"time_used":140,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":139,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/api/v1/analytics/track/batch","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:38.096Z","timestamp":1783880198096,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"POST /api/v1/analytics/track/batch HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nContent-Length: 245\r\nOrigin: https://dorado.best\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":245,"data":"{\"events\":[{\"session_id\":\"f50cbc62b1804976ac6738a3b376ec5d\",\"event_type\":\"session_start\",\"page_path\":\"/register\",\"device_type\":\"desktop\",\"os_name\":\"Windows\",\"browser\":\"Firefox\",\"domain_id\":null,\"event_data\":null,\"duration\":null,\"user_id\":null}]}"}},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://dorado.best\r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' wss:; font-src 'self' data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 18:16:38 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\npriority: u=4,i=?0\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7SssUq%2BqkJbGG1%2FYFztsihad0eE1Rxk%2BJEttSocAEnQkykh4DuImxVl3j%2BqWiKzgmLI7jhQjwBXxFu41tJaZQ9frNCrWJJ0Is3tweEJTUa4GAIrUMf0pXarxhysooQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a20a4618b30883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":36,"size_decoded":1604,"mime_type":"application/json","magic":"JSON text data","md5":"5e0fe72aaab5aa03f78682ef9fbb2e7f","sha1":"f776de56a25101755b468894bea9757f9dbc5c9d","sha256":"70796bda23e30e377b3756062af7464aba0a8495acee59b473ca480a1913cd68","sha512":"4c2323a933ddcae887bd0ba850b948b95577b4706873cb8bb60037f7885ce00af772bcb65aadedac014dc973c4d4270b84b07527339ca658e59e996dc62004d1","ssdeep":"","tlshash":"94800410d0050074744015107000f517151d1033050517c45174150403d401d0173403","first_seen":"2026-04-11T22:57:13.103781Z","last_seen":"2026-07-12T22:04:21.074165Z","times_seen":12,"resource_available":false,"data":null}},"time_used":139,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":137,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/g/73f5d73b1f13/api.js","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.95.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:44.463Z","timestamp":1783880204463,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 16 Jun 2026 20:15:28 GMT","end":"Mon, 14 Sep 2026 21:15:13 GMT"},"fingerprint":{"sha1":"77:27:72:42:CF:51:E8:8C:7C:3E:8C:4C:A1:F0:9A:86:96:B9:0A:16","sha256":"ED:7C:F7:38:B3:0F:00:86:32:D1:14:CE:C0:FF:CA:0E:7C:86:EE:49:51:EF:A4:4B:AA:5C:B6:7C:00:B5:3D:F3"}}},"request":{"raw":"GET /turnstile/v0/g/73f5d73b1f13/api.js HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Sun, 12 Jul 2026 18:16:44 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Thu, 09 Jul 2026 13:13:20 GMT\r\ncache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\npriority: u=3,i=?0\r\netag: W/\"6a4f9e70.00000000-12529\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: a1a20a6de8398deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":75049,"size_decoded":24623,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"15221d51bd292126fd260c66336db19c","sha1":"d0ca22a3b568b71997d266bf6fe48bdedd932807","sha256":"90acf284e78ceb1183e080909b7558617bd981480fd3000ae1b433d5eb28c459","sha512":"7477e39dc11f4c71e65ca6192e71a74cad6d93b8b4ba702fdac40ea0af2029b6b8f395aae2b20c0c39a8f31d1e1f32db92a9b41632e4e2da5624d7b0d9fddb8f","ssdeep":"1536:tM5A+jXSq5RDMDpydrdopXOe1H05V46MlsgV0Dixw5MB:tEuYR0ydrMXOe1U8lP0Dixw5MB","tlshash":"81732bc472aa7862139ac0f4913b6753b3257d3aa84c8850d467dc653b7cd869233fba","first_seen":"2026-07-09T15:43:08.802758Z","last_seen":"2026-07-13T00:17:01.035981Z","times_seen":6287,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/fonts/FixelDisplay-SemiBold.woff2","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:37.644Z","timestamp":1783880197644,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"GET /fonts/FixelDisplay-SemiBold.woff2 HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\nserver-timing: cfExtPri\r\ncontent-type: font/woff2\r\netag: \"djqqm934turz1sm0\"\r\nlast-modified: Sun, 05 Jul 2026 15:20:11 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\ndate: Sun, 12 Jul 2026 18:16:37 GMT\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XHoDVf2DShsMUFu9aSezTpGkeb9cYEZea%2BRFQ4a%2BsXPA3DEJYsglJSGtsg5gjBthUErnxGx%2Fr7aL73Dh5UGpubZXosBX6cRc55pXgy1qAxWvRDdKue9kc1gYqq4NIQ%3D%3D\"}]}\r\ncf-ray: a1a20a43482f0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 83736\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":83736,"size_decoded":84566,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), CFF, length 83736, version 1.0","md5":"0c998ae40d18a7d96809ced49502b7ce","sha1":"8f9ea2ac949b1f7e478ae5e8469f28bb6697ca92","sha256":"728c47503952eba499d80ebb87bfff862b37bc72668a6486bfd2b46d0d3ef791","sha512":"fe0f62be621dc524b91e12da49809a3c1f20d2baf16681b24203659f230dcff5746cf64cc2907d1caf01967ec0fc01ae21a9bd81bc876920ab1a23219a83bbb4","ssdeep":"1536:4UJVntdEgdrQ4l/Qy3l9Rh0y8DTesomJ5YYo70:1JVl4y3l9jkDasPJ5r60","tlshash":"ab8312df4adf17ddeb140bb08a5fe4c7f4a9fd9d2b36d810d5662321643289644382b8","first_seen":"2025-11-20T08:06:51.21343Z","last_seen":"2026-07-12T22:04:21.084502Z","times_seen":17,"resource_available":false,"data":null}},"time_used":259,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":115,"receive":144,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/assets/js/hm6tICSa.js","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:37.653Z","timestamp":1783880197653,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"GET /assets/js/hm6tICSa.js HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript; charset=utf-8\r\netag: \"djqqm99qz5jb4hge-gzip\"\r\nlast-modified: Sun, 05 Jul 2026 15:20:12 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\ndate: Sun, 12 Jul 2026 18:16:37 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9GMovFqQY5LeW7aQl7SV0CDrMFtsfJJzMYofIXvSe9mYVgj%2Bbic3bqnVDUWdFmscPDF5SKvay5yYiuEcQIJMynvuF%2Fw2oD70DxzdZLZ1kcNmW%2BDFI0sKA%2BWITJUJQQ%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=1,i=?0\r\ncf-ray: a1a20a4358330883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":209246,"size_decoded":69895,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"ae7741c4efe78adac26276d4b961e897","sha1":"f5bd78fe7e4ddb4c6b169123b574e53771a277a8","sha256":"9b6a99eac7d29d4e25a8f3d025277b3f8c192c802652b9258558a08efc612b18","sha512":"f8890902f9b23bde79c2c0003a00513071e8d064bd0058710be28cc12ec9af78a4c137366a3504d42c71785a55ac5eac5e64daac893834334681195560c1a3c0","ssdeep":"3072:hpBNVrGm8/xpUP3YiMAFLxMJtIQeEY1Ld5i5sK2EdcNv4ype+Jq:hpBPiTUPBlLceEYNd5wsK2Er","tlshash":"95141aec3955f5126ab312b7009f1807733c252b280d49a0b651fddeb4b845eb17bfaa","first_seen":"2026-07-08T05:34:52.847808Z","last_seen":"2026-07-12T22:04:21.08606Z","times_seen":9,"resource_available":true,"data":null}},"time_used":245,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":127,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/assets/js/Dv62VFuI.js","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:37.659Z","timestamp":1783880197659,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"GET /assets/js/Dv62VFuI.js HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript; charset=utf-8\r\netag: \"djqqm99olf5d19gk-gzip\"\r\nlast-modified: Sun, 05 Jul 2026 15:20:12 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\ndate: Sun, 12 Jul 2026 18:16:37 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qxj75iGZuU7Lg98UNJj2LbreB07A5WN6B%2Bgj%2BKtiWcbHOCsaGcqLSu%2BTsuQt9dGLTG4zmzKtsWDs4APiT7fYxaR1HZ43gbZQgmAPRCrWAfALhf%2F7JHgz8VTMJW%2BOrQ%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=1,i=?0\r\ncf-ray: a1a20a4368390883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":58916,"size_decoded":17428,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (58916), with no line terminators","md5":"f6fbd13c7b677d45c098edc9291fde1a","sha1":"696a113287004ab2a7b73ae0f24a0bdd07c1c44e","sha256":"780cc91916a954c025a8b5ef1110140d57ec4d8e1720105aff400f1d51863814","sha512":"fef510fec8b50ef49df0f3e5946d4221bf2f9449ae513ce1ed5d0cf0c53b916989a5fb7eb734088f094c7d9f2aab3839536be85923419d02b7c33a16cf5a44c2","ssdeep":"1536:JA0floTi2S7kVNTWmttvs+7Y4xGGyZ69fjw/BXoiD8I5oV48smHMvZRCUKLfq5N6:9vqLMym5NvsHPWW","tlshash":"c843090af299b26a47f334d2393f450de23e0ec0799e8091b97994861df150a977bf2d","first_seen":"2026-07-10T09:32:37.428428Z","last_seen":"2026-07-12T22:04:21.096302Z","times_seen":6,"resource_available":true,"data":null}},"time_used":169,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":117,"receive":52,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/giftbo.svg","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:38.048Z","timestamp":1783880198048,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"GET /giftbo.svg HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\ncontent-encoding: gzip\r\ncontent-type: image/svg+xml\r\netag: \"djqqm93q9g9l3m4jt-gzip\"\r\nlast-modified: Sun, 05 Jul 2026 15:20:11 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\ndate: Sun, 12 Jul 2026 18:16:38 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7rGkK5qztEe%2F1qFNiYrxz3Diwqd5N%2FTw1D1yFr2Ikic8OYg8iCVVIplUFVZ67VfgKB5gcGyzZoxBiMzbQB07rIf5vNDI6jKP90D51PW6Q9UlsJ6OOmDPN%2BCQz7QEbQ%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncf-ray: a1a20a45c8a10883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6071177,"size_decoded":5457988,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ab26a0700a6c68413b0c6a566a4c94f4","sha1":"3fdbce01e7df3818335ff33555b38320d6329421","sha256":"6963b2010908d6d5904fb279faf9bcd796aad16f79d5296e9c99e5f23b14fed4","sha512":"56557ad892343c939c5db3393a55d69567a20c27f43e51f5fd45ae7607948c7c82e7a4022b134c9b28f61a5dec0378a390d72f5f6c948285c36e91b4eff00c43","ssdeep":"24576:hjzDvQLKgn6WEejhaOe7SWw889Bwccsp8q3j9y90Iyu0:9Y02JB8Gu0","tlshash":"c02523b89340cde0ff64cb5c30272b906e78259342ca91b25f1cb17be6d5714949bdea","first_seen":"2026-06-18T23:16:26.645392Z","last_seen":"2026-07-12T22:04:21.079313Z","times_seen":7,"resource_available":false,"data":null}},"time_used":661,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":539,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/backauth.svg","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:38.052Z","timestamp":1783880198052,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"GET /backauth.svg HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://dorado.best/assets/css/index-RWuAfwbU.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\ncontent-encoding: gzip\r\ncontent-type: image/svg+xml\r\netag: \"djqqm920ce6swkla-gzip\"\r\nlast-modified: Sun, 05 Jul 2026 15:20:11 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\ndate: Sun, 12 Jul 2026 18:16:38 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JJjZUcQ4hiWWsffEZMW5LrtgVN2%2Bh10arqW44KYE8I6B4OogL5nZkI%2FJwnkYqdP0RLhpR3PnZgAwR2oBLY5t1RFoYbR%2F4xklmhfji28iuY%2Fr7vX%2F8m8gID9FBo4EgQ%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\ncf-ray: a1a20a45d8a30883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1519678,"size_decoded":1504515,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"5c476feae0114439c99ab94ca65ade25","sha1":"be4425fcdb8edf8aac0662fda10f090d81476816","sha256":"41f372e777d04ee1214c34bb499ca7d24c9903456c8a407ce0e54fcec2e0f552","sha512":"a6e8d3a7bfb6057a009d52c49ab0d46dcea24c417665d30738ad9eed51a54cd84c342956fdc230b41c6a9aedd2f38e19531755e6f8a722f111d4b2e04c13c7e5","ssdeep":"24576:caO7YXW89j5bczQTaEQ8tlNMxSjxVAsIydBA:55r9RtBxA","tlshash":"73252370ae8fbd17824cb792b139af5d57c40e55584fe2c2d1b134b60d888528aef87b","first_seen":"2026-06-18T23:16:26.662196Z","last_seen":"2026-07-12T22:04:21.087115Z","times_seen":7,"resource_available":false,"data":null}},"time_used":473,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":115,"receive":358,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/coinb.svg","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:38.055Z","timestamp":1783880198055,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"GET /coinb.svg HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://dorado.best/assets/css/index-RWuAfwbU.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\ncontent-encoding: gzip\r\ncontent-type: image/svg+xml\r\netag: \"djqqm9302e022uj-gzip\"\r\nlast-modified: Sun, 05 Jul 2026 15:20:11 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\ndate: Sun, 12 Jul 2026 18:16:38 GMT\r\nserver-timing: cfExtPri\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Y0JI%2FPKwJwUdaqpYOb1AsC%2FS2Pat3J98j1yTxOM%2F2ZB3YZaXnsfA4iJfKYGGO0ldZobNrphRsaj0OmPeTZAyYP4NXWmFuuGO5wmZM8mhsJWKMg%2Fzo%2BDc1dpwN3kmwA%3D%3D\"}]}\r\ncf-ray: a1a20a45d8a70883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 1529\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3691,"size_decoded":2390,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"69743a1e219ed63cebc201644f37fd4d","sha1":"3cf94b275798f7ef29f2d3208a7ae08e73cbb661","sha256":"ba763e59303433210f480f437797fc7e77fd773255fe23bb4234b86b4155439d","sha512":"66b337e2c8cbee5a0c35c6a161d334b6902d946fb6c6da8d95e750a96ceebf82d903813590cbda3e4a9954e1581c721105b2116de08fc39feb61ef8c2bcaa9f3","ssdeep":"","tlshash":"817145fb51e872d4e703e7b1cb696165373b33fa7796ca480318be5c79251598c88c84","first_seen":"2026-06-18T23:16:26.652444Z","last_seen":"2026-07-12T22:04:21.069689Z","times_seen":7,"resource_available":false,"data":null}},"time_used":114,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":114,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/api/v1/analytics/track/batch","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:38.097Z","timestamp":1783880198097,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"POST /api/v1/analytics/track/batch HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nContent-Length: 241\r\nOrigin: https://dorado.best\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":241,"data":"{\"events\":[{\"session_id\":\"f50cbc62b1804976ac6738a3b376ec5d\",\"event_type\":\"page_view\",\"page_path\":\"/register\",\"device_type\":\"desktop\",\"os_name\":\"Windows\",\"browser\":\"Firefox\",\"domain_id\":null,\"event_data\":null,\"duration\":null,\"user_id\":null}]}"}},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://dorado.best\r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' wss:; font-src 'self' data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 18:16:38 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GKPfzFNSeS0tbqxhVoXn%2BLMJCN2CTLYWPSiRIBm7q3V9z7FzfpaQOWbo8YOh98CDiB4F%2BOAF2KL2RjURo8GF7oTwk3ap2EBxxjG6uHFuBlUuTm%2FYpMruTOUalaxYdw%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a1a20a4618b40883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":36,"size_decoded":1602,"mime_type":"application/json","magic":"JSON text data","md5":"5e0fe72aaab5aa03f78682ef9fbb2e7f","sha1":"f776de56a25101755b468894bea9757f9dbc5c9d","sha256":"70796bda23e30e377b3756062af7464aba0a8495acee59b473ca480a1913cd68","sha512":"4c2323a933ddcae887bd0ba850b948b95577b4706873cb8bb60037f7885ce00af772bcb65aadedac014dc973c4d4270b84b07527339ca658e59e996dc62004d1","ssdeep":"","tlshash":"94800410d0050074744015107000f517151d1033050517c45174150403d401d0173403","first_seen":"2026-04-11T22:57:13.103781Z","last_seen":"2026-07-12T22:04:21.074165Z","times_seen":12,"resource_available":false,"data":null}},"time_used":138,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":132,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/api/v1/analytics/track/batch","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:38.112Z","timestamp":1783880198112,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"POST /api/v1/analytics/track/batch HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nContent-Length: 241\r\nOrigin: https://dorado.best\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":241,"data":"{\"events\":[{\"session_id\":\"f50cbc62b1804976ac6738a3b376ec5d\",\"event_type\":\"page_view\",\"page_path\":\"/register\",\"device_type\":\"desktop\",\"os_name\":\"Windows\",\"browser\":\"Firefox\",\"domain_id\":null,\"event_data\":null,\"duration\":null,\"user_id\":null}]}"}},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://dorado.best\r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-store, no-cache, must-revalidate, private\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' wss:; font-src 'self' data:; frame-ancestors 'none'; base-uri 'self'; form-action 'self'\r\ncontent-type: application/json\r\ndate: Sun, 12 Jul 2026 18:16:38 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: DENY\r\nx-xss-protection: 1; mode=block\r\npriority: u=4,i=?0\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=u5KS11%2FScDrRTYx3hFRb1FdDNsj9RfwTkxg6ywXgqG5RdU%2BNnuEsXn6VWl9fQ59IGvRZA9SgnxWu11FVE4SXLzRo%2FmdRPyfHEbaRwk%2B%2BIenlSwocVPxflYEV%2Fwyewg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a1a20a4638b70883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":36,"size_decoded":1608,"mime_type":"application/json","magic":"JSON text data","md5":"5e0fe72aaab5aa03f78682ef9fbb2e7f","sha1":"f776de56a25101755b468894bea9757f9dbc5c9d","sha256":"70796bda23e30e377b3756062af7464aba0a8495acee59b473ca480a1913cd68","sha512":"4c2323a933ddcae887bd0ba850b948b95577b4706873cb8bb60037f7885ce00af772bcb65aadedac014dc973c4d4270b84b07527339ca658e59e996dc62004d1","ssdeep":"","tlshash":"94800410d0050074744015107000f517151d1033050517c45174150403d401d0173403","first_seen":"2026-04-11T22:57:13.103781Z","last_seen":"2026-07-12T22:04:21.074165Z","times_seen":12,"resource_available":false,"data":null}},"time_used":133,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":131,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/register","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-12T18:16:37.146Z","timestamp":1783880197146,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"GET /register HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-cache, no-store, must-revalidate, no-store, no-cache, must-revalidate, private\r\npriority: u=0,i\r\ncontent-security-policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://analytics.tiktok.com https://business-api.tiktok.com https://static.cloudflareinsights.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com; img-src * data: blob:; media-src * data: blob:; connect-src * data: blob: wss: ws: https://challenges.cloudflare.com; font-src * data: blob:; worker-src 'self' blob:; frame-src 'self' blob: https: https://challenges.cloudflare.com; frame-ancestors 'self';\r\ncontent-type: text/html; charset=utf-8\r\ndate: Sun, 12 Jul 2026 18:16:37 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\npragma: no-cache\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HnBOdx2Hu%2BDFJ%2F%2BnsidYGnmWHBf3JNRJTFtvHGTZuh1M3WI8b4gGC25Js9QYI1cHqnv8XUDXllGiE%2BQLMOJ5F%2FEVosuvGOy2zYrjjSCZx1B%2F196FcrGwqTlm1xCzcA%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: zstd\r\ncf-ray: a1a20a40dfa40883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9381,"size_decoded":5532,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"b3f77e3f3cd8096ab7d02a2a6104f4e7","sha1":"fd1c74e38a85798f4be08eb77fb3071d6d9f61f8","sha256":"a9b0ee99289e39e066366dc9a8381e3633bb17b88878345a7b8cc8c92faef5ca","sha512":"b920422cb3dc330167d5facf0f1ce135075f2f85d2da0033c5fc7180554c4c7f9062e989ffee06932bf728f74424085466085ab3c6f8e7ead294b3ed70cb3551","ssdeep":"192:+gEcaGq2uhXcKes1m1+lUc7t4K5VyioM9I6MuZAovgHnkEMB:+7c+x6cldbMCIs","tlshash":"bf12e9275a9abc453770e22797f9f0086d5200af0d06d60576cd2b6e5fc1b688173fba","first_seen":"2026-07-10T09:32:37.392114Z","last_seen":"2026-07-12T22:04:21.08862Z","times_seen":6,"resource_available":true,"data":null}},"time_used":245,"timings":{"blocked":-1,"dns":85,"connect":17,"send":0,"wait":143,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/fonts/FixelDisplay-Regular.woff2","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:37.643Z","timestamp":1783880197643,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"GET /fonts/FixelDisplay-Regular.woff2 HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\nserver-timing: cfExtPri\r\ncontent-type: font/woff2\r\netag: \"djqqm934turz1m8w\"\r\nlast-modified: Sun, 05 Jul 2026 15:20:11 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\ndate: Sun, 12 Jul 2026 18:16:37 GMT\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2F655aruV6Nq4J4CkqbszvUqRZOAtoCZRnSCNfB6%2B411%2B%2FHK8TLT4pWt%2FHazNiYhFlOJ4ulJ55mCkZoAyYkkBIzFvzQf862m%2FAWHN6r0OrTq4FMgoT24XMSaVQLSJ0g%3D%3D\"}]}\r\ncf-ray: a1a20a43482e0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 75488\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":75488,"size_decoded":76324,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), CFF, length 75488, version 1.0","md5":"0030fa5586360a29f90764c5bff5147d","sha1":"4aebea2f8ca357f36d572208c7f0e5ab8763b63c","sha256":"ab549d93f0e99c1aea8164e7f3695b1c6b0cb0a0e6d22ea14ccde0b254f65080","sha512":"59f9fd937eabd4a0e190d617bff4b317aab17889668c7875c0da4dd06ebc79a8d849273eae72026cbbd5fb20fab925657f90dcb054b7d82c3825569139557be1","ssdeep":"1536:r+Nd68drDxSQx0H+mk+RaPEdmRDRerEhTdypFjm/LNF83:gnrjc+mkOa8dmR8roOFR","tlshash":"c67302534f30f7e0f1088ded462fad10f3d0bb129b1e66bae563e1518a7a526027468f","first_seen":"2025-11-20T08:06:51.201234Z","last_seen":"2026-07-12T22:04:21.083539Z","times_seen":20,"resource_available":false,"data":null}},"time_used":246,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":113,"receive":133,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/assets/js/o9vGyEoy.js","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:37.650Z","timestamp":1783880197650,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"GET /assets/js/o9vGyEoy.js HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript; charset=utf-8\r\netag: \"djqqm99olf5d6msl-gzip\"\r\nlast-modified: Sun, 05 Jul 2026 15:20:12 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\ndate: Sun, 12 Jul 2026 18:16:37 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DaBpS7V4hBb2I8fqlBRUkqaet9aQIeqF0G1hO0GUOMLCtD57RENe1ldMEvXa7GXIBoU9CS7OGRh2PuWyXI94WcPaohrv9dbSHCoBjGsOelRh0alV8QKPl1LwnsD4pA%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1a20a4358310883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":309477,"size_decoded":82057,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64576)","md5":"3c8b6236c40d941967f1d9ef2923f5b8","sha1":"f6bf4e8361a441e1c34a0f492979cac95c964fbb","sha256":"d5d3e0680f3f3de279bf3c7a57f716ab5ea45e1f30d7ffdc7fe1fc3012b3be2b","sha512":"0d74bfd98c90fab5dc785eb2b223ebbbfeb8e472c35b7739c66195bf657e1cfe0b07681ec1905d81a8a34b0378dc435860bcd7ed16f6c024ea6a94813824368f","ssdeep":"3072:3r/tGcffshpFx58FMKxE5jZRccKn9ncsCYI+CxGhs4P6yfnDfvTF6mcELBMxdB6E:3WfpjTKnVqmsnRgFl+YrNk","tlshash":"44645d18e1857ebde57312c2346f920db23d0f84e94a84a5e9bcdc2815a9584f327bed","first_seen":"2026-07-10T09:32:37.39721Z","last_seen":"2026-07-12T22:04:21.085554Z","times_seen":6,"resource_available":true,"data":null}},"time_used":262,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":143,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/assets/js/BdSiXnl-.js","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:37.656Z","timestamp":1783880197656,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"GET /assets/js/BdSiXnl-.js HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript; charset=utf-8\r\netag: \"djqqm99olf5dsql-gzip\"\r\nlast-modified: Sun, 05 Jul 2026 15:20:12 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\ndate: Sun, 12 Jul 2026 18:16:37 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=duqWnm2mHPho1ly0LiFyfsPEmTsnK8R5V7%2B%2BCgvUFpgK7MdRxB%2Fa263kybrLBdePGiBQNuCzZIYcbJLcVSDTBcHlW4iHUuq6mr9SIllB3oMfIWpZ%2FMayTA4%2BeZWfug%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=1,i=?0\r\ncf-ray: a1a20a4358360883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":37245,"size_decoded":14435,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (37239), with no line terminators","md5":"9dfa3645d86310a4cb0c004f919836d2","sha1":"5189963399179e36910c62f9697770bd484238aa","sha256":"0fe8d6f93df923ec809708a2b256d308f033a42a2c59222059d2fad5b525212f","sha512":"c47aa586e9e5c07525a9477ab0142803ecd0a15d9901cba0708016be5065bed127425282d50d741f6061ab7b72498c63e675d8c1a3b448fe65aff45a859d9fad","ssdeep":"384:ecqOfbAdtyvsX+FjDg3ilnWGJ9Exlw8RKhf9x1Oz7lSMtDvCIqhD2vc7lo2h/ihC:ecqOfsKr91OHl7vCIqNSc7Zh/i2BzvF","tlshash":"d6f2d9b6b241b0144fab13a280b71165f3ba5dee241d403672a8ec9e34f5d4c627ffa5","first_seen":"2026-07-08T05:34:52.850283Z","last_seen":"2026-07-12T22:04:21.09057Z","times_seen":9,"resource_available":true,"data":null}},"time_used":170,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":121,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/static/js/analytics-tracker.js","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:37.898Z","timestamp":1783880197898,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"GET /static/js/analytics-tracker.js HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-expose-headers: X-Session-Id\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; img-src * data: blob:; connect-src * data: blob: wss: ws:; font-src * data:; worker-src * blob:; frame-ancestors *;\r\ncontent-type: application/javascript\r\ndate: Sun, 12 Jul 2026 18:16:38 GMT\r\netag: ae9e082b311f7199c59a97cea164ffd1\r\nlast-modified: Tue, 26 May 2026 00:01:40 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=*, autoplay=*, payment=*\r\nreferrer-policy: unsafe-url\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=65%2B7g7fcbRitscB46LR53RqHlwBQgCaZ4RiISzYtUMgKt8v%2FiaYUa4cikY6FXVRZ6myDOdJiSzOMVvKcvL7FESQIVOhTymgLVb70RWcELKijAGTWqpXCeiAgcINekQ%3D%3D\"}]}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a1a20a44d87f0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8056,"size_decoded":3877,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"6ce5a213e70c1ce00dc0e57c1701ce22","sha1":"5cdc7310a2092464d280068b7ced49bd8e2beb3a","sha256":"4ce69e6485c3ed37d5ec98744ccd17f0552bae2a8befc39fefd11d93620ef59c","sha512":"167c03db64550836cae3564d5b039c4e8a3d17b1100acea2091e48b1515d312fa24c134531d8dfee4f860204b6ff8b456752e991e4d0d39ba0c49e64b23d995c","ssdeep":"192:youZKubFPI1ACY7zrrHBCb3WCqfqfIZ3xbDf++m:EZKuFbCSHrHnf6","tlshash":"92f1e2b9a9eb30b471a3f03ca7af600571767183341dca01ba9db5002fde5198675ef9","first_seen":"2026-06-18T23:16:26.64408Z","last_seen":"2026-07-12T22:04:21.072333Z","times_seen":11,"resource_available":true,"data":null}},"time_used":134,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":134,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"get.geojs.io/v1/ip/country.json","fqdn":"get.geojs.io","domain":"geojs.io","tld":"io"},"ip":{"addr":"104.26.1.100","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:38.197Z","timestamp":1783880198197,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"geojs.io","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Jun 2026 09:05:21 GMT","end":"Sun, 13 Sep 2026 10:05:19 GMT"},"fingerprint":{"sha1":"B3:F2:DC:EC:52:71:F9:79:D2:00:8E:C8:AA:A1:86:8A:C1:E3:43:88","sha256":"11:6A:66:F9:3D:73:5D:D0:5E:A8:3D:AE:47:BE:47:E4:A4:52:BA:81:19:C0:F1:09:0A:1E:E0:7D:58:D9:26:39"}}},"request":{"raw":"GET /v1/ip/country.json HTTP/1.1\r\nHost: get.geojs.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://dorado.best\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Sun, 12 Jul 2026 18:16:38 GMT\r\ncontent-type: application/json\r\ncache-control: max-age=0, must-revalidate\r\nlast-modified: Sun, 12 Jul 2026 18:16:38 GMT\r\nx-request-id: 56dd69cb299b93a2aa0361997692303c-ASH\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET\r\ngeojs-backend: ash-01\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eRm68EHRa3KLt%2B3vA5Z5IQ0lXOuSkh8UfYZbFp2uvdA5lqR3oN74Mkdi28boG%2FglvlOROOlY2iqoAZ1EyX3AU25NsAO8MGmYpgwcM7jyzm%2Foj9w1IM%2BS%2FctEWfiYQA%3D%3D\"}]}\r\npriority: u=4,i=?0\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nx-content-type-options: nosniff\r\ncf-ray: a1a20a46ded74e4c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":73,"size_decoded":981,"mime_type":"application/json","magic":"JSON text data","md5":"46a6a0cb45e9fe8a937c1d379f58d2c5","sha1":"055617a08af5aa9a2aba05aa432407288c559367","sha256":"b09f253b6d83ab759c733d9bc894d8ab857dc68b5f1d96f91dbdb764ef816f37","sha512":"9331a0d3aec182cd05fa258fd0bdacca9d1a6d8a1d329d54b2f921435932c0f8d91b1bad9e7e82b118d21f754cecdc340b159d2b1d62a530349d6991b1a5dca5","ssdeep":"","tlshash":"32a0019e24a28b589860d2a5248a61a59586e64292aa6d0692c83b69da402dc6401271","first_seen":"2026-06-07T21:04:41.962532Z","last_seen":"2026-07-13T02:02:47.923456Z","times_seen":153,"resource_available":false,"data":null}},"time_used":126,"timings":{"blocked":0,"dns":3,"connect":9,"send":0,"wait":114,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/logo-192.png","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:38.635Z","timestamp":1783880198635,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"GET /logo-192.png HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\nserver-timing: cfExtPri\r\ncontent-type: image/png\r\netag: \"djqqm942647b3r5\"\r\nlast-modified: Sun, 05 Jul 2026 15:20:11 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\ndate: Sun, 12 Jul 2026 18:16:38 GMT\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ksrqp6%2FObfcJ49zRBX3kJ69aoYmdxFO2EqiY%2F16Aji7dIJQB2fBhwCvjcJGy29tsdvmEpYEvpMUf9kq2HiZyfRVrbqeAGO5oClJsEPoZWXrghHXPbFhF3PmFV%2B0zRg%3D%3D\"}]}\r\ncf-ray: a1a20a4979690883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 4865\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4865,"size_decoded":5692,"mime_type":"image/png","magic":"PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced","md5":"1d0ed51bab0312a96a347490b839f95e","sha1":"94f210d33b4d6319b338875abbb160a237e030b3","sha256":"c06a428f61e2e5e3f3db2a944484b2fb6c2ab651dc610276892750a2adda9085","sha512":"3a2cab48e2b64b6b1135b167fd8d9d9f297466ddc234085a1c9385e2b0379f1abaa54dcdc8ede1c80f96302c420351211bea4169b2944ed722d13142af0309df","ssdeep":"96:WSGhmIcw9ytnV8OKGjlN8AbjwCDNgFWc4T+5V6u8NCAhcqftwkpkr:WSmmIfmV8OKilNzrvTMVp88+cytwuE","tlshash":"4ea18eaddf43950820bf2ee5c18c48d5245f67afbc6c5004cd64f62e9466c4c6f6b64d","first_seen":"2026-06-18T23:16:26.666586Z","last_seen":"2026-07-12T22:04:21.078387Z","times_seen":10,"resource_available":false,"data":null}},"time_used":116,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":116,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/Logo.svg","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:38.634Z","timestamp":1783880198634,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"GET /Logo.svg HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\ncontent-encoding: gzip\r\ncontent-type: image/svg+xml\r\netag: \"djqqm91vkxew4vc3-gzip\"\r\nlast-modified: Sun, 05 Jul 2026 15:20:11 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\ndate: Sun, 12 Jul 2026 18:16:38 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bV0tubOfQNRrU%2BLs0nAnLSavtHdhOfhTLCUEFhJFVpeJZ%2BZMAnyhXY%2BILeiPLTwvOW%2BQ0WX6i%2BaC%2FrJAzRYNvPBu7V1%2FRMzfla7bMRMNrOP1X2QWwL%2FnwQVt%2FO7Gzg%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\ncf-ray: a1a20a4979680883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":227235,"size_decoded":163859,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b04c39a8706545d26e49faac0b8b58bb","sha1":"66f5beaeed341ef7f407b1689c27a802f3493ff5","sha256":"3cbc0cda353d3d249af15a292441337a0e73d9cf681aeaa5c6420c3ed610dad6","sha512":"6c32d65adda37cba5b66e1d274e1bdcc97066c226620bb735a9e30f1cd9f3ebfbfcef071216d4271cd1d5791d573ed409aee7b2f1a0b53c926b587f629f37092","ssdeep":"6144:6RDfz+RkgLf5imL1QxhF6c1EqG/v9OYGgTnSJhYwFQ:6RDr+RzLRt1Qxh8GQv9ONgTnEhy","tlshash":"d82402b712937d92b2058e89d0143b157d647cafa324658cfccce10ae1fea54cea8db1","first_seen":"2026-06-18T23:16:26.658065Z","last_seen":"2026-07-12T22:04:21.093728Z","times_seen":7,"resource_available":false,"data":null}},"time_used":164,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":63,"receive":101,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/assets/js/CAVOPnXO.js","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:37.652Z","timestamp":1783880197652,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"GET /assets/js/CAVOPnXO.js HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript; charset=utf-8\r\netag: \"djqqm99olf5djb-gzip\"\r\nlast-modified: Sun, 05 Jul 2026 15:20:12 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\ndate: Sun, 12 Jul 2026 18:16:37 GMT\r\nserver-timing: cfExtPri\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=1,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4rowpNdEw25F6d0FdlVQg2SDA80rZEvwa01R5QbCaV0xkYXeJROEavvAJhO3227umKOsvFHc%2BANCACMlbcZIH8cM7JBWBABxFaALcjgdpNyOyY%2FRdFQhkHPkvvlP1A%3D%3D\"}]}\r\ncf-ray: a1a20a4358320883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 428\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":695,"size_decoded":1315,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (695), with no line terminators","md5":"9e9635563c4bce67f63540fcef7e6925","sha1":"c036ce9804d1f94b0b6154f1a6e288809e66913e","sha256":"48f6f8dbb912f7f2b5093252e8072cafd6776bf5580355c9a9ca06e1023ee5fe","sha512":"e4b23ce5ea341c46f04dad397515de97db57499c4f722db7b63a9b385ca164324324f5a41f28964da658432871f7dca2a6568ee47a679bafd6f1ee574655322a","ssdeep":"","tlshash":"a7014c572a64a6b61297d1c6c4395585d204743d9874b0d49ba88de695c004624a5f37","first_seen":"2026-05-11T18:13:57.943497Z","last_seen":"2026-07-12T22:04:21.094701Z","times_seen":15,"resource_available":true,"data":null}},"time_used":118,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/assets/css/index-RWuAfwbU.css","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:37.661Z","timestamp":1783880197661,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"GET /assets/css/index-RWuAfwbU.css HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-encoding: gzip\r\ncontent-type: text/css; charset=utf-8\r\netag: \"djqqm99qz5jb615s-gzip\"\r\nlast-modified: Sun, 05 Jul 2026 15:20:12 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\ndate: Sun, 12 Jul 2026 18:16:37 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Nr%2B4wKFmyxZGCQ4bUg9MBR6HX17cpjodkUldsy4uoXR3qbdG8KLf0dJNSbGR%2BYexfUbu1yK2ypkOGx3zaCNc256kl%2BqqrXbwL%2F38t17ngh%2F6BKtrVlR5ZMeWAWZt9A%3D%3D\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\ncf-ray: a1a20a43683a0883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":281440,"size_decoded":50746,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"d96c03a6ee0073fdc1cf9a549287bac1","sha1":"7239b1e7f6714d5cce6b69cc2b2bd6feb4b7bca5","sha256":"2597a9bd525c2fc96a04ae6713137cbcd44f99bd7e947a4a72a24027a80ef245","sha512":"c00eeb2d5f99df836b3344a546dd4d16877dfb5aa4c30869a3d67c205fcb2f188f873646aa255c1fc13d71a80977ec45b4adf931ebad59526d38e5bcb60763b4","ssdeep":"1536:n5FWyRtop5nt2Hur28FB4FAxzx7ucpvrjXJKXjiwFiCn6dJQ1IIUSH+n5QFJZfZP:ZRt8nt2Orlnx7t2n1ym+7w9KujXd","tlshash":"8f5467227758252cb03bd8a1b4d16bde7028c207f67757ede564b239c5cb1a32b3668c","first_seen":"2026-07-10T09:32:37.433667Z","last_seen":"2026-07-12T22:04:21.091544Z","times_seen":6,"resource_available":false,"data":null}},"time_used":224,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":106,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"dorado.best/plinko/plinko_background.svg","fqdn":"dorado.best","domain":"dorado.best","tld":"best"},"ip":{"addr":"104.21.63.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://dorado.best/register","date":"2026-07-12T18:16:38.054Z","timestamp":1783880198054,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dorado.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 11:03:48 GMT","end":"Sun, 06 Sep 2026 12:02:24 GMT"},"fingerprint":{"sha1":"8E:86:D5:56:34:24:C2:1C:13:5F:E9:8C:6F:74:CA:C7:5E:22:73:13","sha256":"F5:4C:38:43:5E:8D:43:08:B9:55:D3:56:88:29:18:EB:7F:C1:82:3E:2F:A2:E4:01:9F:FE:8F:7A:61:7E:83:84"}}},"request":{"raw":"GET /plinko/plinko_background.svg HTTP/1.1\r\nHost: dorado.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://dorado.best/assets/css/index-RWuAfwbU.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 \r\naccess-control-expose-headers: X-Session-Id\r\ncache-control: no-store, no-cache, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-security-policy: default-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://connect.facebook.net https://analytics.tiktok.com https://business-api.tiktok.com https://static.cloudflareinsights.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com; img-src * data: blob:; media-src * data: blob:; connect-src * data: blob: wss: ws: https://challenges.cloudflare.com; font-src * data: blob:; worker-src 'self' blob:; frame-src 'self' blob: https: https://challenges.cloudflare.com; frame-ancestors 'self';\r\ndate: Sun, 12 Jul 2026 18:16:38 GMT\r\npermissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), autoplay=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\"), payment=(self \"https://pp.gmbl.org.uk\" \"https://api.trytostart.com\")\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RRw0wuLwzqfpR51TS3sC7GwU4p2TS8W6NC4ngfGWph56ke4EQv24z7V%2F1kKMkZBnFIaixozRg0khCsJXYh48XmI2Xtna%2BRb%2FB4AEhMf0XinOBVQyHBnAkLfxuXk3Mg%3D%3D\"}]}\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\ncf-ray: a1a20a45d8a50883-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9,"size_decoded":1754,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"9e076f5885f5cc16a4b5aeb8de4adff5","sha1":"475c848673a3f79fa778f01c2bd5a721d4c41707","sha256":"e3ebaa16dd9d9b9fc107c42183fb6cf9d22927e1af03dbbdfa0ccc38e4e4ac31","sha512":"4d384838c78c74f56de20de3fe125b9fe4d40b7c9fb5d767b647f05aede6bf63431f4f08ac464e188e77b227becc3ab4ba86272f30b53d91b15003d814e06d2e","ssdeep":"","tlshash":"4a50000c3000030c0000003000c00030000c03000c0000300000c00c000000000000cc","first_seen":"2023-04-05T14:05:15Z","last_seen":"2026-07-13T08:05:14.620831Z","times_seen":9494,"resource_available":true,"data":null}},"time_used":136,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":135,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"dorado.best","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}
