Report - dood.la/d/kpujguixkyxm

Report Overview

Submitted URL
dood.la/d/kpujguixkyxm
IP
104.26.1.94
ASN
#13335 CLOUDFLARENET
Submitted
2022-11-28 22:22:08
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
dood.la	63208	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	804 B	1.3 kB	172.67.69.187
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
tzegilo.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	349 B	6.3 kB	172.67.194.45
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	374 B	1.2 kB	142.250.74.164
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	964 B	104.18.32.68
pringed.space	227872	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	513 B	24 kB	54.162.51.18
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.2 kB	34 kB	34.120.237.76
my.rtmark.net	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	368 B	736 B	139.45.195.8
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	435 B	746 B	142.250.74.10
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	48 kB	23.36.76.226
i.doodcdn.co	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	43 kB	172.67.70.190
poleonaryprac.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	408 B	670 B	54.230.111.98
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
cdn.pncloudfl.com	13313	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	796 B	44 kB	104.22.59.221
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	6.1 kB	93.184.220.29
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	30 kB	104.17.25.14
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	2.9 kB	23.36.77.32
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	3.5 kB	142.250.74.3
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	34.216.88.5
alas4kanmfa6a4mubte.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.2 kB	60 kB	62.122.171.6
betotodilea.com	52465	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	50 kB	139.45.197.237
www.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	425 B	164 kB	142.250.74.163
fleraprt.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	471 B	2.4 kB	139.45.195.254
everefor.buzz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.9 kB	21 kB	54.162.51.18

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-28	medium	dood.la/d/kpujguixkyxm	Malware
2022-11-28	medium	pringed.space/eUk3YUICa0QWHQw7W0N4WyFDFTIKcxhOJhYmU08uGGZEFmwTOhVNYAokUUN4SGUVEi8Paw1Ddld5FU1gDShQPisdaw1De0t%2FD1NyW2UVEjcbFl4FcFtzFQd3HXgOUnUbZAVSJhtkAwAkSmQOB3NJZAZVJkl%2FDlF1GH9VU2AE	Malware
2022-11-28	medium	dood.la/d/kpujguixkyxm	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-11-28	medium	fleraprt.com	Sinkholed

JavaScript (21)

	URL	Size	First Seen	Last Seen
	dood.la/sw.js	101 kB	2023-03-07	2024-03-13
Pretty URL dood.la/sw.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:23:56 Last Seen2024-03-13 21:41:01 Times Seen308 Hash a3b19e0f1a400f3ba23056585d6b302b 479d1a856952c570a0f09065a95ea6b7bacb3548 1a38fa21b9f532624acc45112374c352cb1170099c76eea2b17a8a081dae3ac8 Loading...

	dood.la/d/kpujguixkyxm	128 B	2023-03-07	2024-04-19
Pretty URL dood.la/d/kpujguixkyxm IP 172.67.69.187 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:23:56 Last Seen2024-04-19 09:19:44 Times Seen241 Hash 31388edfefb21eb72db4bf8d374ee88e 4ccfa08807e09b3aaba086c40e9ae24878688ae2 73e1a4176b0dcad5a9bfa024a1e97761cef43a334be237e44149bc2889bf6096 Loading...

	tzegilo.com/stattag.js	13 kB	2023-03-08	2023-03-12
Pretty URL tzegilo.com/stattag.js IP 172.67.194.45 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:59 Last Seen2023-03-12 10:48:49 Times Seen1 Hash d0de06f954f7dedba242231b0ec4052d 188d75bb9077832384f889dd15584845790bc146 efae63871ebdeb69e7d64c6782924f72584f962d540b8c55237cba93c026af16 Loading...

	dood.la/d/kpujguixkyxm	908 B	2023-03-07	2023-11-30
Pretty URL dood.la/d/kpujguixkyxm IP 172.67.69.187 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:23:56 Last Seen2023-11-30 13:01:38 Times Seen26 Hash 0c5216dbee24119206c34c4d0dd1418a db22a0a9ff5e5f5cb2efead689a2881395d78413 bd5d35aae43d671baa40f8fe7fae6e863c4502625c4032c7d281dc231c515fe3 Loading...

	dood.la/d/kpujguixkyxm	1.4 kB	2023-03-11	2023-03-11
Pretty URL dood.la/d/kpujguixkyxm IP 172.67.69.187 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:05:05 Last Seen2023-03-11 22:05:05 Times Seen1 Hash 85759d9cb6fc1ab796c53fc830c834a5 b694a8bc3dd399ead9f41f5402a0e590fa2fc7d3 aeae588382df75c067f4b8d9609c24c24c9bda2e94b9989cbca3e216e1c4b935 Loading...

	www.google.com/recaptcha/api.js?render=explicit	852 B	2023-03-08	2023-03-11
Pretty URL www.google.com/recaptcha/api.js?render=explicit IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:25:31 Last Seen2023-03-11 23:51:55 Times Seen1 Hash 0a9779102047d5d9895bffb15a704c0b bd3885958e498d39a74eebc600b10600bf910818 50ee83be07a71933978e0a2001ecdbf96fe461466a4a00ac93b780ef76655b19 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js	88 kB	2023-03-07	2024-04-20
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-04-20 08:21:27 Times Seen95108 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	alas4kanmfa6a4mubte.com/lv/esnk/1841678/code.js	109 kB	2023-03-11	2023-03-11
Pretty URL alas4kanmfa6a4mubte.com/lv/esnk/1841678/code.js IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:05:05 Last Seen2023-03-11 22:24:15 Times Seen1 Hash 5d4aecea038154fdcd5b12adca92a6a6 c26763bccaaf7a9893a09ad966652f89659b1cc3 d8e7288dfb480a7576a6a3c978eee7d48bebd76cd6755b9bc3ad9beafe8f2166 Loading...

	http:blank	580 B	2023-03-11	2023-03-11
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:05:05 Last Seen2023-03-11 22:05:05 Times Seen1 Hash 2fa134ed145afe8de2457dee29c9a4a6 b6abda4c485fc426d230d90066de1b45cc5cc0a6 5b3f392950d24861d2d9dd9e557e66b5489d003f217811735f32522f9bd75fd5 Loading...

	alas4kanmfa6a4mubte.com/get/1841678?zoneid=1841678&jp=_clbn5jje4f2mp1ohn5tq69&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=5457448320467978	2.9 kB	2023-03-11	2023-03-11
Pretty URL alas4kanmfa6a4mubte.com/get/1841678?zoneid=1841678&jp=_clbn5jje4f2mp1ohn5tq69&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=5457448320467978 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:05:05 Last Seen2023-03-11 22:05:05 Times Seen1 Hash d30aaa502f2c7bf11746357c733bd2da fe0c7808ceb5e106a80aa6e49049e2bb64d9905b 911e5b8db694933b446d68d4e24df8d776e2e8ba7836c679ace15124ad487c73 Loading...

	betotodilea.com/400/4857535	83 kB	2023-03-11	2023-03-11
Pretty URL betotodilea.com/400/4857535 IP 139.45.197.237 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:05:05 Last Seen2023-03-11 22:05:05 Times Seen1 Hash c53c4dca62a5758faf9d2cdb0f5c6871 992c4dd33988f1cb3ece5cbd4a0453f87ef540ca 4002d085166520484db33c33f640baad2a7ea9de8d628be9ec7c03d88d36b0bf Loading...

	dood.la/e/kpujguixkyxm	1.4 kB	2023-03-11	2023-03-11
Pretty URL dood.la/e/kpujguixkyxm IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:05:05 Last Seen2023-03-11 22:05:05 Times Seen1 Hash 6d9a3ce3355c30926017c9f40b2b079f 08679bbccebd22e2f3c8e27f827c8dbfb2f94181 ee11722d0ed5ac693701ce737388327353c87677d02ce69e6e783374b784ed95 Loading...

	pringed.space/eUk3YUICa0QWHQw7W0N4WyFDFTIKcxhOJhYmU08uGGZEFmwTOhVNYAokUUN4SGUVEi8Paw1Ddld5FU1gDShQPisdaw1De0t%2FD1NyW2UVEjcbFl4FcFtzFQd3HXgOUnUbZAVSJhtkAwAkSmQOB3NJZAZVJkl%2FDlF1GH9VU2AE	58 kB	2023-03-11	2023-03-11
Pretty URL pringed.space/eUk3YUICa0QWHQw7W0N4WyFDFTIKcxhOJhYmU08uGGZEFmwTOhVNYAokUUN4SGUVEi8Paw1Ddld5FU1gDShQPisdaw1De0t%2FD1NyW2UVEjcbFl4FcFtzFQd3HXgOUnUbZAVSJhtkAwAkSmQOB3NJZAZVJkl%2FDlF1GH9VU2AE IP 54.162.51.18 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:05:05 Last Seen2023-03-11 22:05:05 Times Seen1 Hash ca9796052d58f7d0ef819ddf91600abb 2733600ea79d9bd9a23665f31242cfd84ca0a26b e418446a4be9ef536a604bcb712e482285eb6f4e55c0485aee489098ee27e902 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js	1.3 kB	2023-03-07	2024-04-20
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:34 Last Seen2024-04-20 08:16:56 Times Seen8191 Hash 4412bf8023109ee9eb1f1f226d391329 c273960aa874a87dd022b5e597887142f1b8e34f d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6 Loading...

	dood.la/d/kpujguixkyxm	173 B	2023-03-07	2024-04-19
Pretty URL dood.la/d/kpujguixkyxm IP 172.67.69.187 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:23:56 Last Seen2024-04-19 09:19:45 Times Seen229 Hash 6eb327087de85a2001e5a79b52341faf a34825f7d4187da0f6e56af2e160b7ff7ff4ade1 11006b5a78900a80067ab5aae6edaae78495535b3a261a7a6cd92929c5c64b73 Loading...

	alas4kanmfa6a4mubte.com/lv/esnk/1841675/code.js	109 kB	2023-03-11	2023-03-11
Pretty URL alas4kanmfa6a4mubte.com/lv/esnk/1841675/code.js IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:05:05 Last Seen2023-03-11 22:24:15 Times Seen1 Hash eebaefbfb7d371b4e77177a6d8fc3adf e037e9deebea56b2799be436c6bbd7b7f15b564a f533deca14e6504fb6845aebc875aa5834c9b34b8980e082b9b645c96473050f Loading...

	dood.la/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1669665600	35 kB	2023-03-11	2023-03-11
Pretty URL dood.la/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1669665600 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:05:05 Last Seen2023-03-11 22:05:05 Times Seen1 Hash 50beba5cb83e90393bb64bf232be51f7 794b2ec0b874bbf5ba12e03a312d65868e600342 c8bb8a835e7a17d2c1f7b4f8d35562efb20a6251de582338cbb12fc407b4812b Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js	90 kB	2023-03-07	2024-04-20
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-20 08:16:56 Times Seen138420 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	dood.la/e/kpujguixkyxm	715 B	2023-03-07	2023-03-17
Pretty URL dood.la/e/kpujguixkyxm IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:30 Last Seen2023-03-17 12:47:57 Times Seen1 Hash de2830925e9f61d95de70e9b4d2e0a14 d93996d44cfd574255705f550faa40e844b23766 aea6396eacf3d883b6b802d0c21388a8a33316414afff1b074a80f58e7b7a4fb Loading...

	http:blank	580 B	2023-03-11	2023-03-11
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:05:05 Last Seen2023-03-11 22:05:05 Times Seen1 Hash 9f2cb744a51bdbb8880f82914dbc8d7e 6314d6f8ab34a0173db8e6e1001c98ed8c4ba61f 7e9e5eceb1cdbcd7bd588a4072faa69ba5a043ab4bc2da87e321fb073c4b4413 Loading...

	www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js	409 kB	2023-03-08	2023-03-17
Pretty URL www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js IP 142.250.74.163 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:03 Last Seen2023-03-17 23:14:58 Times Seen1 Hash b2507198388fcc94ca9e94ed4c5561c5 8853fc86f1c616bd20a73e3e24442036fd90fd2f 02c7565a86d6d3a80295b85161d78fc88d8c79a0e314c0c7777570237a365ed0 Loading...

HTTP Transactions (69)

URL IP Response Size

dood.la/d/kpujguixkyxm

172.67.69.187

301 Moved Permanently

0 B

URL HTTP/1.1
dood.la/d/kpujguixkyxm
IP
172.67.69.187:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /d/kpujguixkyxm HTTP/1.1
Host: dood.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Mon, 28 Nov 2022 22:21:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 28 Nov 2022 23:21:57 GMT
Location: https://dood.la/d/kpujguixkyxm
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fvvA1RVEe9K2uhHmkhcXmJccv%2BszR%2F%2BrJFCk94qmj2EBPP9FYATAQPhHKPtea6w%2BGzrrrcjgucvo%2BUznEJe1%2FYgG1WY1vmB1TcaiuyZpNwbw7Sv4STga4kQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77167fe09906fac4-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
150792cfc458af013998f4ef6bdf5f74
d5179b2dcb11d06f82606bf6eb6648319998d63e
72937c756d3feeae6d04a6f445398b0436bdf559f8c7437e3a3233263943900e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "72937C756D3FEEAE6D04A6F445398B0436BDF559F8C7437E3A3233263943900E"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7616
Expires: Tue, 29 Nov 2022 00:28:53 GMT
Date: Mon, 28 Nov 2022 22:21:57 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9408cc0694fcbea57966c3a3ba906092
fddcee1fdcf3209298e41a4b1b5560357fa165f0
6ef7120d9463f56e3ddfadd5766d02da8523f34061b13bdba54bf9ab72a1e979

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3548
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:21:57 GMT
Last-Modified: Mon, 28 Nov 2022 21:22:49 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3b56944f0e5716fd4fad2ec18994d4be
61cafa4de31ba960d1145ec37272f6f6b6944e0c
4fd46b0b6a2ea24f5ce175985a3933c04b4c01bd3e32bee2e50a61a65eef7af4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4FD46B0B6A2EA24F5CE175985A3933C04B4C01BD3E32BEE2E50A61A65EEF7AF4"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11259
Expires: Tue, 29 Nov 2022 01:29:36 GMT
Date: Mon, 28 Nov 2022 22:21:57 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 28 Nov 2022 22:17:50 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 247
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: kqNzmqK3bDXgGR8bBa6D6pitANZiy6HOcI5pDNApPcpGyDmoHhlW3VFwa0/+AQByUYl7pR0yUXs=
x-amz-request-id: 0QK1H5H900CNJZ82
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 28 Nov 2022 21:45:11 GMT
age: 2206
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
4a1af0f30aad4a7df7db1bb6d0a0327c
01282ab52611e307b1852082e8037e6545cbec46
d58e3e78ff283fb8e9651f3966e7b3147677c103292a35f176be3bc1c47ae883

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5696
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:21:57 GMT
Etag: "63847059-118"
Last-Modified: Mon, 28 Nov 2022 20:47:01 GMT
Server: ECS (amb/6BAC)
X-Cache: HIT
Content-Length: 280

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 22:21:57 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
4a1af0f30aad4a7df7db1bb6d0a0327c
01282ab52611e307b1852082e8037e6545cbec46
d58e3e78ff283fb8e9651f3966e7b3147677c103292a35f176be3bc1c47ae883

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5696
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:21:57 GMT
Last-Modified: Mon, 28 Nov 2022 20:47:01 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
74fcf5b41902da0bc73ea19d1afce9e7
aef50f0556d364f7ea00ebbd435e56094e054d2a
befd14ed77d4d85d4e45d43c624b75eb32277d2ee0fc115e98c5ee4c519e7331

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5174
Cache-Control: max-age=170963
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:21:57 GMT
Etag: "63851922-118"
Expires: Wed, 30 Nov 2022 21:51:20 GMT
Last-Modified: Mon, 28 Nov 2022 20:25:06 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
74fcf5b41902da0bc73ea19d1afce9e7
aef50f0556d364f7ea00ebbd435e56094e054d2a
befd14ed77d4d85d4e45d43c624b75eb32277d2ee0fc115e98c5ee4c519e7331

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5174
Cache-Control: max-age=170963
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:21:57 GMT
Etag: "63851922-118"
Expires: Wed, 30 Nov 2022 21:51:20 GMT
Last-Modified: Mon, 28 Nov 2022 20:25:06 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 280

cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

104.17.25.14

200 OK

28 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65451)
Size
28 kB (27748 bytes)
Hash
638a4990025383a0f83ebf29bdb84a68
153e8818dc42f598e47fde8cf398f1447649a4d0
878e34b89800bb271d3588e526eb3598eb3822e263f3bdaf53645847d39d0ad6

HTTP Headers

GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.la/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:21:57 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2841141
expires: Sat, 18 Nov 2023 22:21:57 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BeIA3oyXZezbCM8ZY6bh5SRhyAhHD1SuATEN0BdY2TMg0iIyneyKX56bQLcMqfr%2FB3ryEr0ngTNft56Osdi%2B1mch56S4jpnDHiZLSDWPi32rEwpKjQ3twLw1sp5T9mpBbnMJowkl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 77167fe56ab7b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.77.32

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
bc5267e77886f31e601de57469b12a6a
7c31ba91186eff5d78613e41ad6e4f00da0f0e0a
9a4397d75f08d8eafe861b11fe24747e8a0da5472c8e3594a1fed2fca6918c48

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "9A4397D75F08D8EAFE861B11FE24747E8A0DA5472C8E3594A1FED2FCA6918C48"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3737
Expires: Mon, 28 Nov 2022 23:24:15 GMT
Date: Mon, 28 Nov 2022 22:21:58 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.77.32

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
bc5267e77886f31e601de57469b12a6a
7c31ba91186eff5d78613e41ad6e4f00da0f0e0a
9a4397d75f08d8eafe861b11fe24747e8a0da5472c8e3594a1fed2fca6918c48

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "9A4397D75F08D8EAFE861B11FE24747E8A0DA5472C8E3594A1FED2FCA6918C48"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3737
Expires: Mon, 28 Nov 2022 23:24:15 GMT
Date: Mon, 28 Nov 2022 22:21:58 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.77.32

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
bc5267e77886f31e601de57469b12a6a
7c31ba91186eff5d78613e41ad6e4f00da0f0e0a
9a4397d75f08d8eafe861b11fe24747e8a0da5472c8e3594a1fed2fca6918c48

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "9A4397D75F08D8EAFE861B11FE24747E8A0DA5472C8E3594A1FED2FCA6918C48"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3737
Expires: Mon, 28 Nov 2022 23:24:15 GMT
Date: Mon, 28 Nov 2022 22:21:58 GMT
Connection: keep-alive

cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js

104.17.25.14

200 OK

591 B

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1266)
Size
591 B (591 bytes)
Hash
414869f16aa77a65b4928a018f7f1abb
cea521f7a2958a50239526ed6b068f0937527653
afee364ce513c6517247b81cce5eb5eadb1dbbb35e439eb3fa97bbc15fac2cd3

HTTP Headers

GET /ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.la/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:21:58 GMT
content-type: application/javascript; charset=utf-8
content-length: 591
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec1-514"
last-modified: Mon, 04 May 2020 16:11:45 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2268011
expires: Sat, 18 Nov 2023 22:21:58 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KYralhNVzzcrR4W5obwWcke2jdK0Ni%2BEHA1liqjjj79VAIkMa5VahHEqjDpCVFtwIRolQxXAzWkor3IjroPB0iUx4D93s%2FUZKZp3CKX9pkvwCHlCZndgd%2F%2FfSSa6PMGBCz2Gs1zN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 77167fe5ab06b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

i.doodcdn.co/img/no_video_3.svg

172.67.70.190

200 OK

2.8 kB

URL HTTP/2
i.doodcdn.co/img/no_video_3.svg
IP
172.67.70.190:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (2789)
Size
2.8 kB (2812 bytes)
Hash
077bfdaa49ae4877a42611b739ec4752
a2f9e1222b7af9abc05122411ab8902efcc08ead
70d6a17097a8c27edfaad6740e11359d9363f3f04bff1b93483e29c25609fa6c

HTTP Headers

GET /img/no_video_3.svg HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.la/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:21:58 GMT
content-type: image/svg+xml
content-length: 2812
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
etag: "61d3187c-afc"
expires: Wed, 28 Dec 2022 08:11:37 GMT
cache-control: public, max-age=2592000, no-transform
access-control-allow-origin: *
cf-cache-status: HIT
age: 2701
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F5JShDBd1clpcq46VE6f8q%2B9sAsMwbAB0qRDbVW5Zr2QVtQVkW2YnBcn0QkOfCyxwU8WMPekqDCQs0fin%2FcCByM2dq8XpVLbDuarz3CeQf1SHYnP4F4AISizCUApYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77167fe5c98a0b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
74fcf5b41902da0bc73ea19d1afce9e7
aef50f0556d364f7ea00ebbd435e56094e054d2a
befd14ed77d4d85d4e45d43c624b75eb32277d2ee0fc115e98c5ee4c519e7331

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5175
Cache-Control: max-age=170963
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:21:58 GMT
Etag: "63851922-118"
Expires: Wed, 30 Nov 2022 21:51:21 GMT
Last-Modified: Mon, 28 Nov 2022 20:25:06 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 280

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:21:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

e1.o.lencr.org/

23.36.77.32

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
bc5267e77886f31e601de57469b12a6a
7c31ba91186eff5d78613e41ad6e4f00da0f0e0a
9a4397d75f08d8eafe861b11fe24747e8a0da5472c8e3594a1fed2fca6918c48

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "9A4397D75F08D8EAFE861B11FE24747E8A0DA5472C8E3594A1FED2FCA6918C48"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3737
Expires: Mon, 28 Nov 2022 23:24:15 GMT
Date: Mon, 28 Nov 2022 22:21:58 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 28 Nov 2022 22:08:55 GMT
cache-control: public,max-age=3600
age: 783
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:21:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

i.doodcdn.co/theme_2/css/style.css?v=0.1

172.67.70.190

200 OK

38 kB

URL HTTP/2
i.doodcdn.co/theme_2/css/style.css?v=0.1
IP
172.67.70.190:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65465)
Size
38 kB (38112 bytes)
Hash
7b397c8738c9073f81ebbc6710d5b1dd
81cb15d44638d79fc8ee42454f49c09993a79895
ff5eccf23a27c26ec7e9c5507718842b7120b64c07a858a8533993e09f718b95

HTTP Headers

GET /theme_2/css/style.css?v=0.1 HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.la/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:21:58 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=249272
expires: Tue, 28 Nov 2023 08:49:13 GMT
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: HIT
age: 19687
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ppwG%2F5cv0kC6tP9k1Iva0lzGTBEfc9POtlNYWAKia3f1un9mmVWh%2BEVSf98hozSJ5KhwVKuuK%2BrTyveDKhmmVdvEYkHs%2B7RjaAl7Avxn8RnCbYikrXhdjBI5dEhfbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77167fe5c9870b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
712226bd114736e61b233d2fbce2e58b
9d1ef23f90e8e0d41bde6e748207df2af349dd61
8d82578be05749bf9fdcc6317312adc3cf1f3ebda99e6fc8a9587aaf46781a72

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8D82578BE05749BF9FDCC6317312ADC3CF1F3EBDA99E6FC8A9587AAF46781A72"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5683
Expires: Mon, 28 Nov 2022 23:56:41 GMT
Date: Mon, 28 Nov 2022 22:21:58 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
2eb31571209dd50eaf8be1012bd54944
d2c2772686f39aaa2b8bace41dbefdb289983cd2
118581a41cbab28f0d6ecf180d3fc91c2d235d31cf7d4f1f2bfe690f4abd2016

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5966
Cache-Control: max-age=94316
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:21:58 GMT
Etag: "6383eaa4-118"
Expires: Wed, 30 Nov 2022 00:33:54 GMT
Last-Modified: Sun, 27 Nov 2022 22:54:28 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
2eb31571209dd50eaf8be1012bd54944
d2c2772686f39aaa2b8bace41dbefdb289983cd2
118581a41cbab28f0d6ecf180d3fc91c2d235d31cf7d4f1f2bfe690f4abd2016

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5966
Cache-Control: max-age=94316
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:21:58 GMT
Etag: "6383eaa4-118"
Expires: Wed, 30 Nov 2022 00:33:54 GMT
Last-Modified: Sun, 27 Nov 2022 22:54:28 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 280

cdn.pncloudfl.com/pn/ce0/855/a1c/ce0855a1ce703cabd942ea69b2047da05ddc1f7e.jpg

104.22.59.221

200 OK

17 kB

URL HTTP/2
cdn.pncloudfl.com/pn/ce0/855/a1c/ce0855a1ce703cabd942ea69b2047da05ddc1f7e.jpg
IP
104.22.59.221:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 192x192, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
17 kB (16994 bytes)
Hash
f2d231d6ba0f3ac9d15f42bb17968bd9
05d2e88b9dbcfdfc6afe2e0d262e7d3c811aab46
db5691f200c5ed5dc75c3277972b32d4266f039f1a3fd9e0c999f16bb8d0570c

HTTP Headers

GET /pn/ce0/855/a1c/ce0855a1ce703cabd942ea69b2047da05ddc1f7e.jpg HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:21:58 GMT
content-type: image/webp
content-length: 16994
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=jpeg, origSize=37067
content-disposition: inline; filename="ce0855a1ce703cabd942ea69b2047da05ddc1f7e.webp"
etag: efda43af4df0bf60b174098843c8445f
expires: Wed, 30 Nov 2022 16:58:14 GMT
last-modified: Mon, 20 Jun 2022 15:55:04 GMT
vary: Accept
x-openstack-request-id: txf8669bd896a948cd94e7f-0062b19140
x-proxy-cache: HIT
x-timestamp: 1655740503.56087
x-trans-id: txf8669bd896a948cd94e7f-0062b19140
cf-cache-status: HIT
age: 19424
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 77167fe83aa5b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.pncloudfl.com/pn/8e2/982/80f/8e298280f70974edc97b20286765030b1fff2df5.jpg

104.22.59.221

200 OK

25 kB

URL HTTP/2
cdn.pncloudfl.com/pn/8e2/982/80f/8e298280f70974edc97b20286765030b1fff2df5.jpg
IP
104.22.59.221:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 192x192, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
25 kB (24890 bytes)
Hash
b95f70fa5f7654672e97bd45c45c5080
7726c41c3391ef6bbf6601d0fb0b50be2951b3c5
4006c6d727fb04978436bca7ade0e874bd11a5626412541c416ada9a411dc3e8

HTTP Headers

GET /pn/8e2/982/80f/8e298280f70974edc97b20286765030b1fff2df5.jpg HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:21:58 GMT
content-type: image/webp
content-length: 24890
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
cache-control: max-age=172800
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=jpeg, origSize=54562
content-disposition: inline; filename="8e298280f70974edc97b20286765030b1fff2df5.webp"
etag: 3b54bc3bbec1be63607d30d75b1d7db8
expires: Tue, 29 Nov 2022 20:08:39 GMT
last-modified: Mon, 20 Jun 2022 16:08:11 GMT
vary: Accept
x-openstack-request-id: txbfc3af61609342d4ab3aa-0062b18432
x-proxy-cache: HIT
x-timestamp: 1655741290.25623
x-trans-id: txbfc3af61609342d4ab3aa-0062b18432
cf-cache-status: HIT
age: 94399
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 77167fe85ad0b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a7b9f5f5fc76f824948e1275447b1e6a
2d27b66acebc145c4e2a55869c0ef2af2b9a0a88
feb3a7867c62764c29232f8399bc9e87eebfa074b7b361594c52d46266582132

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FEB3A7867C62764C29232F8399BC9E87EEBFA074B7B361594C52D46266582132"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9283
Expires: Tue, 29 Nov 2022 00:56:41 GMT
Date: Mon, 28 Nov 2022 22:21:58 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
2eb31571209dd50eaf8be1012bd54944
d2c2772686f39aaa2b8bace41dbefdb289983cd2
118581a41cbab28f0d6ecf180d3fc91c2d235d31cf7d4f1f2bfe690f4abd2016

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5966
Cache-Control: max-age=94316
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:21:58 GMT
Etag: "6383eaa4-118"
Expires: Wed, 30 Nov 2022 00:33:54 GMT
Last-Modified: Sun, 27 Nov 2022 22:54:28 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 280

push.services.mozilla.com/

34.216.88.5

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.216.88.5:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: rpEIdX33bnHiF4Wrzv9vaQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: gKlovgxlWA4xZqsXM/ya2s1aTrI=

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
8d8b15331315026393a08caf8f936461
2e4c5cc8ac6b5bd0388859e3c98978702a6ec491
79ce55527e6fa31129afec92c875c69ca36f9904a5bba3df8f0aabcd16f5ebc4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1487
Cache-Control: max-age=123703
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:21:58 GMT
Etag: "63846eee-116"
Expires: Wed, 30 Nov 2022 08:43:41 GMT
Last-Modified: Mon, 28 Nov 2022 08:18:54 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 278

alas4kanmfa6a4mubte.com/chicken.gif?z=1841678&pb=bcf495226de0926febd97fc46b7d799a1669681318&psp=YTIUYySpunNUEDpkbw1cppwefrRdpu5g3PKD5jnxwIqLeo9jTA9XqbTB8M5B2o8JMN6RbdzphcdEYb_RJ53n3X3vno0QrAH9w57DFZTTaN6wQmEIfYHbbUCYF4yD62lus5kAsXibO4jotJRZkmppWZrQ9TdwgeoXcq0_l44Rz4dTbh7g25ZJMcMo8sIJMacwWApPJoxPA6bKWaNPMOhbmOqVIeWVA-K_qJf46YwJz8LkF954-RmZhF8iJWBblFMTNGi2pQcS6nRjBRE5mkw9qbAVyYzX61Vi6RLjXXtne6N_dm3zzRs2ZTTV9N6h8_I6U8mOmgskatLKP40gfi71UKqWJxcmGaw3PxzpfRhK2rh00jW918lhu61D1dg0y4qCnxvMWhqB4WBvRfdg-8pNEPBjvY7440bnqqb6wOF43hdlM9DsND0CFUu9PKk5fxeECSLY7ghXq37P_XXHR38uwdeJttGRWKF7KnPdvg0Ca4xB_sdeN8CZvYomx_xZozAe9FFOPBCZrGlYg3TcNMm3KoMwMw939aNe5GQU_5kwO1a7yz2Iu-Tc_dVCvTFibCFICNgxwTymvbYe_JOUjDmJkvM3RcukVZL_tgegSqdAP9OIIqgo3NNpzGVUoE999DLvNThPi1Z5yok=&abvar=0&os=0

62.122.171.6

200 OK

43 B

URL HTTP/2
alas4kanmfa6a4mubte.com/chicken.gif?z=1841678&pb=bcf495226de0926febd97fc46b7d799a1669681318&psp=YTIUYySpunNUEDpkbw1cppwefrRdpu5g3PKD5jnxwIqLeo9jTA9XqbTB8M5B2o8JMN6RbdzphcdEYb_RJ53n3X3vno0QrAH9w57DFZTTaN6wQmEIfYHbbUCYF4yD62lus5kAsXibO4jotJRZkmppWZrQ9TdwgeoXcq0_l44Rz4dTbh7g25ZJMcMo8sIJMacwWApPJoxPA6bKWaNPMOhbmOqVIeWVA-K_qJf46YwJz8LkF954-RmZhF8iJWBblFMTNGi2pQcS6nRjBRE5mkw9qbAVyYzX61Vi6RLjXXtne6N_dm3zzRs2ZTTV9N6h8_I6U8mOmgskatLKP40gfi71UKqWJxcmGaw3PxzpfRhK2rh00jW918lhu61D1dg0y4qCnxvMWhqB4WBvRfdg-8pNEPBjvY7440bnqqb6wOF43hdlM9DsND0CFUu9PKk5fxeECSLY7ghXq37P_XXHR38uwdeJttGRWKF7KnPdvg0Ca4xB_sdeN8CZvYomx_xZozAe9FFOPBCZrGlYg3TcNMm3KoMwMw939aNe5GQU_5kwO1a7yz2Iu-Tc_dVCvTFibCFICNgxwTymvbYe_JOUjDmJkvM3RcukVZL_tgegSqdAP9OIIqgo3NNpzGVUoE999DLvNThPi1Z5yok=&abvar=0&os=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

HTTP Headers

GET /chicken.gif?z=1841678&pb=bcf495226de0926febd97fc46b7d799a1669681318&psp=YTIUYySpunNUEDpkbw1cppwefrRdpu5g3PKD5jnxwIqLeo9jTA9XqbTB8M5B2o8JMN6RbdzphcdEYb_RJ53n3X3vno0QrAH9w57DFZTTaN6wQmEIfYHbbUCYF4yD62lus5kAsXibO4jotJRZkmppWZrQ9TdwgeoXcq0_l44Rz4dTbh7g25ZJMcMo8sIJMacwWApPJoxPA6bKWaNPMOhbmOqVIeWVA-K_qJf46YwJz8LkF954-RmZhF8iJWBblFMTNGi2pQcS6nRjBRE5mkw9qbAVyYzX61Vi6RLjXXtne6N_dm3zzRs2ZTTV9N6h8_I6U8mOmgskatLKP40gfi71UKqWJxcmGaw3PxzpfRhK2rh00jW918lhu61D1dg0y4qCnxvMWhqB4WBvRfdg-8pNEPBjvY7440bnqqb6wOF43hdlM9DsND0CFUu9PKk5fxeECSLY7ghXq37P_XXHR38uwdeJttGRWKF7KnPdvg0Ca4xB_sdeN8CZvYomx_xZozAe9FFOPBCZrGlYg3TcNMm3KoMwMw939aNe5GQU_5kwO1a7yz2Iu-Tc_dVCvTFibCFICNgxwTymvbYe_JOUjDmJkvM3RcukVZL_tgegSqdAP9OIIqgo3NNpzGVUoE999DLvNThPi1Z5yok=&abvar=0&os=0 HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=221128172141c7144cadcb4008855f5353a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 22:21:58 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: ppucnt=0; Path=/; Expires=Tue, 29 Nov 2022 22:21:58 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

alas4kanmfa6a4mubte.com/chicken.gif?z=1841675&pb=bcf495226de0926febd97fc46b7d799a1669681318&psp=CQzN-bB_D66vjoVErRIr5xiZQNoTsJJMmJUSbc6bE7H2_LH-YSXjMg8dApO75KuBLOTqnirtCbJXCvCh6XkXYC3az_Oswf1yHYdw2YR2ebR1DI8I9IX0kLYLidb39Zxy6KFhkvnp_hy_GtlaUoyFZ0MQC2XHk87-oAtJvof934mv6wPUGvdKkSiiVzOp3KN2DDQ0MR_DUL1G-prC1eOwvCyJKOZ-c6GDJozngpuhiCcQ2eP9R6QP4HOlV-PJBdfRGgBUSGWQkB96m8AzkL7PNd-QuX_pZ7C4GKwNGDkU9dkoES513hcURbdBfNLPc9eXexBWnKP-_Wa1hr_jrG43cpcqWVnMTifpIF-bXn_iNBggjDLoFk9MWYWT_QpvTPy96-hw4YgSquDdcG--lA_gFjhvkFajZntDYVh3GcWfbG8jHg5t0UaShdhYlendVgLgF5NOfVSf5xGRwdZnIPM2Am-n4xg-0KncC9qYlz7e6vtczxMWS9URu9SA3bEl7ltevD7dV4xiTF9cG-EjTxZ4qo04th9sJOq0DMzjaUz1KuRyVpJm7SOnJCW6wE2MrMzSHVIc5imnJw7yMZPSbQyKtz6qzG3TzQcuQe8GLayR-qO191k1RFlQSVJ5GBQlMIT4hXZ2TY2-hQg=&abvar=0&os=0

62.122.171.6

200 OK

43 B

URL HTTP/2
alas4kanmfa6a4mubte.com/chicken.gif?z=1841675&pb=bcf495226de0926febd97fc46b7d799a1669681318&psp=CQzN-bB_D66vjoVErRIr5xiZQNoTsJJMmJUSbc6bE7H2_LH-YSXjMg8dApO75KuBLOTqnirtCbJXCvCh6XkXYC3az_Oswf1yHYdw2YR2ebR1DI8I9IX0kLYLidb39Zxy6KFhkvnp_hy_GtlaUoyFZ0MQC2XHk87-oAtJvof934mv6wPUGvdKkSiiVzOp3KN2DDQ0MR_DUL1G-prC1eOwvCyJKOZ-c6GDJozngpuhiCcQ2eP9R6QP4HOlV-PJBdfRGgBUSGWQkB96m8AzkL7PNd-QuX_pZ7C4GKwNGDkU9dkoES513hcURbdBfNLPc9eXexBWnKP-_Wa1hr_jrG43cpcqWVnMTifpIF-bXn_iNBggjDLoFk9MWYWT_QpvTPy96-hw4YgSquDdcG--lA_gFjhvkFajZntDYVh3GcWfbG8jHg5t0UaShdhYlendVgLgF5NOfVSf5xGRwdZnIPM2Am-n4xg-0KncC9qYlz7e6vtczxMWS9URu9SA3bEl7ltevD7dV4xiTF9cG-EjTxZ4qo04th9sJOq0DMzjaUz1KuRyVpJm7SOnJCW6wE2MrMzSHVIc5imnJw7yMZPSbQyKtz6qzG3TzQcuQe8GLayR-qO191k1RFlQSVJ5GBQlMIT4hXZ2TY2-hQg=&abvar=0&os=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

HTTP Headers

GET /chicken.gif?z=1841675&pb=bcf495226de0926febd97fc46b7d799a1669681318&psp=CQzN-bB_D66vjoVErRIr5xiZQNoTsJJMmJUSbc6bE7H2_LH-YSXjMg8dApO75KuBLOTqnirtCbJXCvCh6XkXYC3az_Oswf1yHYdw2YR2ebR1DI8I9IX0kLYLidb39Zxy6KFhkvnp_hy_GtlaUoyFZ0MQC2XHk87-oAtJvof934mv6wPUGvdKkSiiVzOp3KN2DDQ0MR_DUL1G-prC1eOwvCyJKOZ-c6GDJozngpuhiCcQ2eP9R6QP4HOlV-PJBdfRGgBUSGWQkB96m8AzkL7PNd-QuX_pZ7C4GKwNGDkU9dkoES513hcURbdBfNLPc9eXexBWnKP-_Wa1hr_jrG43cpcqWVnMTifpIF-bXn_iNBggjDLoFk9MWYWT_QpvTPy96-hw4YgSquDdcG--lA_gFjhvkFajZntDYVh3GcWfbG8jHg5t0UaShdhYlendVgLgF5NOfVSf5xGRwdZnIPM2Am-n4xg-0KncC9qYlz7e6vtczxMWS9URu9SA3bEl7ltevD7dV4xiTF9cG-EjTxZ4qo04th9sJOq0DMzjaUz1KuRyVpJm7SOnJCW6wE2MrMzSHVIc5imnJw7yMZPSbQyKtz6qzG3TzQcuQe8GLayR-qO191k1RFlQSVJ5GBQlMIT4hXZ2TY2-hQg=&abvar=0&os=0 HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: UID=221128172141c7144cadcb4008855f5353a4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 22:21:58 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
set-cookie: ppucnt=0; Path=/; Expires=Tue, 29 Nov 2022 22:21:58 GMT; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
03ad9fc0b00b5df3165dc2fb1e3b0a3e
f8243335a8bc24d989bddd346048a055e1d0bdeb
366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:21:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tzegilo.com/stattag.js

172.67.194.45

200 OK

5.5 kB

URL HTTP/2
tzegilo.com/stattag.js
IP
172.67.194.45:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (12966), with no line terminators
Size
5.5 kB (5510 bytes)
Hash
867dc9804690130b7553d082e44280d7
719c3da1169854c807edc629d3466b4b4abc5eb2
5c3cc6dd5d81c10b1c7a3ddd5a31295f900857c1e192885dd4ffa9a8528dbcf2

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.la/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:21:58 GMT
content-type: application/javascript
last-modified: Wed, 23 Nov 2022 15:07:42 GMT
etag: W/"637e373e-32a6"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 344
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pqudWO0S3fy7ZsMqmWU58%2FQpelmUsKWSJ1yradWN5toSaMkw7Qz0BHDIc7ip8IvVhPML5VMH6rg3KXCZReHQ2x81WCkhwyvRIMNuYcp7wxzDnLC%2BYM9yI5q2zwNe9g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77167fe8dcaeb50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.google.com/recaptcha/api.js?render=explicit

142.250.74.164

200 OK

554 B

URL HTTP/2
www.google.com/recaptcha/api.js?render=explicit
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (852), with no line terminators
Size
554 B (554 bytes)
Hash
0a628b8a14a877262721824930709597
31bbb380c04a4229a099a1fb6dea09cf717bcb5f
6c63432c24b1f8eed67f792c68214710fd6444ede5c28f56202e966770d20121

HTTP Headers

GET /recaptcha/api.js?render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.la/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
expires: Mon, 28 Nov 2022 22:21:58 GMT
date: Mon, 28 Nov 2022 22:21:58 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 554
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

betotodilea.com/400/4857535

139.45.197.237

200 OK

32 kB

URL HTTP/2
betotodilea.com/400/4857535
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
data
Size
32 kB (32415 bytes)
Hash
17592ffef4d9e3a4ecb0565441394f85
a3b45f6d66c359d63354cd3444d3788bae631a2f
481ea92e992d89f14e82634706d53ceb4451170e57356afb8511039059c25f79

HTTP Headers

GET /400/4857535 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.la/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 22:21:58 GMT
content-type: application/javascript
x-trace-id: a3cc4f54314aea43a14746ea0639e150
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=03e21f1d0f89456b98bb69679b0146bb; expires=Tue, 28 Nov 2023 22:21:58 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:21:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js

142.250.74.163

200 OK

163 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (730)
Size
163 kB (162976 bytes)
Hash
79d18cf4265108d7cecca1bf4ada6109
e51d0285a545381d4c39e9e0292a650ffeeecbb9
59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6

HTTP Headers

GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.la
Connection: keep-alive
Referer: https://dood.la/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Nov 2022 21:26:04 GMT
expires: Sun, 26 Nov 2023 21:26:04 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 176154
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 22:21:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

poleonaryprac.com/utx?tid=926820&top=dood.la&cb=nA0GI6VcXGBP

54.230.111.98

204 No Content

0 B

URL HTTP/2
poleonaryprac.com/utx?tid=926820&top=dood.la&cb=nA0GI6VcXGBP
IP
54.230.111.98:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?tid=926820&top=dood.la&cb=nA0GI6VcXGBP HTTP/1.1
Host: poleonaryprac.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.la
Connection: keep-alive
Referer: https://dood.la/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Mon, 28 Nov 2022 22:21:58 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://dood.la
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 28 Nov 2022 22:22:58 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: lFPZB-HW3citD08BMSduoFR8N-3lzydnlBre5ncJ4S2Ma4gXex3Dpw==
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
72e278c32e6d5f06a97a7c36dfe35514
f5d9c5bb4a10ea9bfb7f829dcff2a3fc7298397e
fe9de8dbde2a414f1a4ff1b02b923be949c46ddfabc7e4324955e3de70c4916b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 22:21:58 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 00:52:21 GMT
Expires: Mon, 05 Dec 2022 00:52:20 GMT
Etag: "f5d9c5bb4a10ea9bfb7f829dcff2a3fc7298397e"
Cache-Control: max-age=526821,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77167fe9ff0bb506-OSL

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f

139.45.195.254

200 OK

1.9 kB

URL HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
139.45.195.254:0
ASN
#9002 RETN Limited

File type
data
Size
1.9 kB (1892 bytes)
Hash
bd66e1d7d27b656a1a5dbc103e8658bd
f4516cbe05db23972752ff662074d2fdff426753
a6eaf25ca343e28c5fc06e36d662547b506524d9726c788614dfd555b9548e05

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 901
Origin: https://dood.la
Connection: keep-alive
Referer: https://dood.la/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Mon, 28 Nov 2022 22:22:01 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://dood.la
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

r3.o.lencr.org/

23.36.76.226

200 OK

39 kB

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
39 kB (39151 bytes)
Hash
1cf71416898d96f18079811b9c568528
daa8fa4aba329b5dfcd1b107ed123a06e535c21a
b40c7e13b400da20cde4e76b7e1f116642c7a2e59942e423efd26b42af70993c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5464F303C18C955811622DD7407E8B331315D45B2D993BB6B89373571B74B1D4"
Last-Modified: Sat, 26 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14288
Expires: Tue, 29 Nov 2022 02:20:07 GMT
Date: Mon, 28 Nov 2022 22:21:59 GMT
Connection: keep-alive

everefor.buzz/

54.162.51.18

200 OK

0 B

URL HTTP/2
everefor.buzz/
IP
54.162.51.18:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST / HTTP/1.1
Host: everefor.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 384
Origin: https://dood.la
Connection: keep-alive
Referer: https://dood.la/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2

everefor.buzz/

54.162.51.18

200 OK

0 B

URL HTTP/2
everefor.buzz/
IP
54.162.51.18:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST / HTTP/1.1
Host: everefor.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dood.la/
Content-Type: text/plain;charset=UTF-8
Origin: https://dood.la
Content-Length: 344
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2

everefor.buzz/

54.162.51.18

200 OK

0 B

URL HTTP/2
everefor.buzz/
IP
54.162.51.18:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST / HTTP/1.1
Host: everefor.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dood.la/
Content-Type: text/plain;charset=UTF-8
Origin: https://dood.la
Content-Length: 350
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10620
Expires: Tue, 29 Nov 2022 01:18:59 GMT
Date: Mon, 28 Nov 2022 22:21:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10619
Expires: Tue, 29 Nov 2022 01:18:59 GMT
Date: Mon, 28 Nov 2022 22:22:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10619
Expires: Tue, 29 Nov 2022 01:18:59 GMT
Date: Mon, 28 Nov 2022 22:22:00 GMT
Connection: keep-alive

pringed.space/eUk3YUICa0QWHQw7W0N4WyFDFTIKcxhOJhYmU08uGGZEFmwTOhVNYAokUUN4SGUVEi8Paw1Ddld5FU1gDShQPisdaw1De0t%2FD1NyW2UVEjcbFl4FcFtzFQd3HXgOUnUbZAVSJhtkAwAkSmQOB3NJZAZVJkl%2FDlF1GH9VU2AE

54.162.51.18

200 OK

23 kB

URL HTTP/2
pringed.space/eUk3YUICa0QWHQw7W0N4WyFDFTIKcxhOJhYmU08uGGZEFmwTOhVNYAokUUN4SGUVEi8Paw1Ddld5FU1gDShQPisdaw1De0t%2FD1NyW2UVEjcbFl4FcFtzFQd3HXgOUnUbZAVSJhtkAwAkSmQOB3NJZAZVJkl%2FDlF1GH9VU2AE
IP
54.162.51.18:0
ASN
#14618 AMAZON-AES

File type
data
Size
23 kB (23395 bytes)
Hash
788752b3d2ff8412f28f447a8fd61c17
a3d572378a56a22c46b0c734de0ed20aa53c7b22
9e77cc8d8a3e56381cfda2d9b60d674995c738ae6457b07c20b4d8fa3ad04346

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /eUk3YUICa0QWHQw7W0N4WyFDFTIKcxhOJhYmU08uGGZEFmwTOhVNYAokUUN4SGUVEi8Paw1Ddld5FU1gDShQPisdaw1De0t%2FD1NyW2UVEjcbFl4FcFtzFQd3HXgOUnUbZAVSJhtkAwAkSmQOB3NJZAZVJkl%2FDlF1GH9VU2AE HTTP/1.1
Host: pringed.space
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.la/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
set-cookie: c0d5b4db1b41d68b48b3c70da3d358ee=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
etag: W/"e0ea-JzNgDqedm9miNmXzEkLP2Eygoms"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10619
Expires: Tue, 29 Nov 2022 01:18:59 GMT
Date: Mon, 28 Nov 2022 22:22:00 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9082acd6-44fd-454b-b215-451cf6d822a1.jpeg

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9082acd6-44fd-454b-b215-451cf6d822a1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8106 bytes)
Hash
5ab97acd46d3380fa12711c96b3c2d35
b703ea2cc2fcd68e60135ff77d5a5f1b93fac128
aeeaa56714fbd157e788cd24da03d43ede527959e2563e6d7d99489753dee85f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9082acd6-44fd-454b-b215-451cf6d822a1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8106
x-amzn-requestid: 73d1b662-99a8-4ad7-95f9-c0b1ebf7c45a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNnQEhQoAMFbLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852961-64954bc92997c9302e291381;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: sYK4SFsG-No3Bd-CyGIKSWh4sUokwaHa20tc8zvbqUpxkplJOiASIA==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:42:03 GMT
age: 2397
etag: "b703ea2cc2fcd68e60135ff77d5a5f1b93fac128"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1ee10f9-36dd-4ca4-986e-a80758149640.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8460 bytes)
Hash
516776052e5e906ea9f42d25bae5cc85
be4c4d01fc67218e26a3e9d27a2f708e639c9d4b
28e70e38cfad65ad8a7a68ab1dc78747c7013a87b854fc35b163cc5765cd0570

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1ee10f9-36dd-4ca4-986e-a80758149640.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8460
x-amzn-requestid: 51416479-3854-4f1a-9d86-35e104c57f6a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNnkHuZIAMF-_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852963-180b323d4a45fa2f29f9b1fc;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3MKambAjrBl64HI6hBuOtNJi3Tj6gxtwH_lOfk0WNX15UnCrAJbNig==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:48:54 GMT
age: 1986
etag: "be4c4d01fc67218e26a3e9d27a2f708e639c9d4b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

alas4kanmfa6a4mubte.com/lv/esnk/1841678/code.js

62.122.171.6

200 OK

54 kB

URL HTTP/2
alas4kanmfa6a4mubte.com/lv/esnk/1841678/code.js
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
data
Size
54 kB (53839 bytes)
Hash
92a299df12ca8ec57cddfef0d6b42678
53a4abf87219ba17fe3b72b24bf1e16844daa4c0
fdde61e7364f7720d5c7034aa9bcd1226dee14434c593013210683db2ba42937

HTTP Headers

GET /lv/esnk/1841678/code.js HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.la/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 22:21:58 GMT
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 12:20:41 GMT
vary: Accept-Encoding
etag: W/"63738419-1aaa0"
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1172c72b-d329-4446-80cb-92b8cf104425.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.9 kB (3944 bytes)
Hash
9cd333c474420e235831d96ed881167e
5008d7344dd85ae61a598c17e7baf427def3e25d
2178a96e120661e43d8e8ed0df1fcf500caf4c58db9e1bedaf0706af0a80b286

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1172c72b-d329-4446-80cb-92b8cf104425.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3944
x-amzn-requestid: 8a6732c1-72da-4a73-ba51-8533c6a01a9c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNmfFgeIAMFjLw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6385295c-0c807d93277bfb7f6b13c2ee;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:20 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: XC26NJ0PkNhOsuvMPTd5TlY-oDOGfGoNxzzMANQRlyBWt1XZW_gUfA==
via: 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:42:03 GMT
age: 2397
etag: "5008d7344dd85ae61a598c17e7baf427def3e25d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

everefor.buzz/YjU5ek45FwBIeFoHCVhiQBcVWChXUQhDfVVXFEh9BlcUTi8EBhRDKFMFFEt6BgUPQ35VVA8YfEAZG0h7VgVdT3cDGAlILAcYDUx5BxhYH3xUGAFOLVIADEgsBwIBHGxOF0oNbE4XXAwrEFBfFTxMV0wANEAZG0t%2BTAAbVigDWUofYgRUVQkrTlNYFj0HaA

54.162.51.18

200 OK

21 kB

URL HTTP/2
everefor.buzz/YjU5ek45FwBIeFoHCVhiQBcVWChXUQhDfVVXFEh9BlcUTi8EBhRDKFMFFEt6BgUPQ35VVA8YfEAZG0h7VgVdT3cDGAlILAcYDUx5BxhYH3xUGAFOLVIADEgsBwIBHGxOF0oNbE4XXAwrEFBfFTxMV0wANEAZG0t%2BTAAbVigDWUofYgRUVQkrTlNYFj0HaA
IP
54.162.51.18:0
ASN
#14618 AMAZON-AES

File type
data
Size
21 kB (20746 bytes)
Hash
0a99137ac04dd4ba593082c0f6b24d54
f0b3f8aa6652e48acb71ffb502a7b94c4e444be0
edd4d2e916b1f3aa10f934eb710c04eb8c77826f669382b263b62fe55b7e0e94

HTTP Headers

GET /YjU5ek45FwBIeFoHCVhiQBcVWChXUQhDfVVXFEh9BlcUTi8EBhRDKFMFFEt6BgUPQ35VVA8YfEAZG0h7VgVdT3cDGAlILAcYDUx5BxhYH3xUGAFOLVIADEgsBwIBHGxOF0oNbE4XXAwrEFBfFTxMV0wANEAZG0t%2BTAAbVigDWUofYgRUVQkrTlNYFj0HaA HTTP/1.1
Host: everefor.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.la/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
set-cookie: 058653dd9b3c630472fe6fc52e0979b3=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
cache-control: public, max-age=86400
etag: W/"8442-7EatUIE9KGok3wqN2IUj+lHxUJw"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7faa45dd-b9de-4dae-a2d6-ee678d7d3906.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (9015 bytes)
Hash
ae2e2986caa15a90b615147f229b51ec
c6dfd277cdbd057472e6df6ad1a200f50684d442
ec3799922c38ee6394601744ff4b2c405ee44c4718a2b90c104134657f8b480b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7faa45dd-b9de-4dae-a2d6-ee678d7d3906.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9015
x-amzn-requestid: eb4599b5-e88a-47cd-8d1b-5839c4f7593e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cVNnbGLToAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63852962-67476fac77c8d1ee36f89ecc;Sampled=0
x-amzn-remapped-date: Mon, 28 Nov 2022 21:34:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 09Pb9RMyAoRWXYfw5mxwtpl6fnHwlxDJryR4c-F3rurGKUgo-HYUOg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 28 Nov 2022 21:42:03 GMT
age: 2397
etag: "c6dfd277cdbd057472e6df6ad1a200f50684d442"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43dca8ebcf06bd09eb16b5516072ec48
84fe572e189c13383dc0a805a90c07de69c48ee6
be524e069364f1231ff9f6f8a5ca6ae8aa4353ba95fa7913c30c13ed008ab8fd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE524E069364F1231FF9F6F8A5CA6AE8AA4353BA95FA7913C30C13ED008AB8FD"
Last-Modified: Sat, 26 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4719
Expires: Mon, 28 Nov 2022 23:40:42 GMT
Date: Mon, 28 Nov 2022 22:22:03 GMT
Connection: keep-alive

my.rtmark.net/gid.js

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
dba6572e5fd27fc240ed1d424cba3549
a970556aa6dfa700a8b4f50068ae17851cd1f2de
2c57a3dc950eae4c43db4ea2a3241f29df97391ad7004680b33624986f608580

HTTP Headers

GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.la
Connection: keep-alive
Referer: https://dood.la/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 22:22:03 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://dood.la
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=a69fda4f40c64369a3f3a35d4b0ccea6; expires=Tue, 28 Nov 2023 22:22:03 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

betotodilea.com/500/4857535?excludes=&oaid=a69fda4f40c64369a3f3a35d4b0ccea6&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fdood.la%2Fd%2Fkpujguixkyxm&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/500/4857535?excludes=&oaid=a69fda4f40c64369a3f3a35d4b0ccea6&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fdood.la%2Fd%2Fkpujguixkyxm&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /500/4857535?excludes=&oaid=a69fda4f40c64369a3f3a35d4b0ccea6&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fdood.la%2Fd%2Fkpujguixkyxm&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://dood.la/
Origin: https://dood.la
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 22:22:03 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://dood.la
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

139.45.197.237

200 OK

15 kB

URL HTTP/2
betotodilea.com/500/4857535?excludes=&oaid=a69fda4f40c64369a3f3a35d4b0ccea6&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fdood.la%2Fd%2Fkpujguixkyxm&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
data
Size
15 kB (15365 bytes)
Hash
358407a9253af6147e2bfa9640370c04
877c32c46aee1c78673b7e5770d566a4734965d2
6cbe5c69337cbea54cf15aa1630dfc76e4544a497b372effe6c421c52306b739

HTTP Headers

GET /500/4857535?excludes=&oaid=a69fda4f40c64369a3f3a35d4b0ccea6&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=4&pl=https%3A%2F%2Fdood.la%2Fd%2Fkpujguixkyxm&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://dood.la
Connection: keep-alive
Referer: https://dood.la/
Cookie: OAID=03e21f1d0f89456b98bb69679b0146bb
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 22:22:03 GMT
content-type: application/javascript
x-trace-id: a740a50e87351f587bb29f7c8d848205
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: https://dood.la
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=a69fda4f40c64369a3f3a35d4b0ccea6; expires=Tue, 28 Nov 2023 22:22:03 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

dood.la/d/kpujguixkyxm

104.26.1.94

200 OK

0 B

URL HTTP/2
dood.la/d/kpujguixkyxm
IP
104.26.1.94:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /d/kpujguixkyxm HTTP/1.1
Host: dood.la
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:21:57 GMT
content-type: text/html; charset=UTF-8
expires: Sun, 27 Nov 2022 22:21:57 GMT
set-cookie: lang=1; domain=.dood.la; path=/; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tQFk76F7OQSlOWwIUPQZGQRQFQn3mZEUijEYH9NcjyoGTv%2FOV8ZuhAdSQy8c9IFh0wcnCf7%2BW%2BIuW8U90vsWQsxxinyQpFSUsormvjxBzyFo6ALD8SKiSR0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77167fe2f9fb0b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

i.doodcdn.co/theme_2/css/bootstrap.min.css

172.67.70.190

200 OK

0 B

URL HTTP/2
i.doodcdn.co/theme_2/css/bootstrap.min.css
IP
172.67.70.190:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /theme_2/css/bootstrap.min.css HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.la/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 28 Nov 2022 22:21:58 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
vary: Accept-Encoding,User-Agent
cache-control: public, max-age=2592000
expires: Tue, 28 Nov 2023 04:42:51 GMT
access-control-allow-origin: *
cf-cache-status: HIT
age: 45060
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1ehxQKT5oRpTEyCpbJXeRaFoZvX%2FBz3tZ6W0e%2FX0D%2BHXWPkD2oeTKb%2F%2BcdAIZGK9wG2B4jepQptLdTLnSEXqWmQBqNQhLoX%2BXbiTQMddM1xV1yPQl0VAjrmRl1qlsg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77167fe5c98f0b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.la/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 28 Nov 2022 22:21:58 GMT
date: Mon, 28 Nov 2022 22:21:58 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

alas4kanmfa6a4mubte.com/get/1841678?zoneid=1841678&jp=_clbn5jje4f2mp1ohn5tq69&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=5457448320467978

62.122.171.6

200 OK

0 B

URL HTTP/2
alas4kanmfa6a4mubte.com/get/1841678?zoneid=1841678&jp=_clbn5jje4f2mp1ohn5tq69&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=5457448320467978
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /get/1841678?zoneid=1841678&jp=_clbn5jje4f2mp1ohn5tq69&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=5457448320467978 HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.la/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 22:21:58 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=221128172152df755f79c24cdd8d478645d4; Path=/; Expires=Tue, 28 Nov 2023 22:21:58 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

alas4kanmfa6a4mubte.com/lv/esnk/1841675/code.js

62.122.171.6

200 OK

0 B

URL HTTP/2
alas4kanmfa6a4mubte.com/lv/esnk/1841675/code.js
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /lv/esnk/1841675/code.js HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.la/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 22:21:58 GMT
content-type: application/javascript
last-modified: Tue, 15 Nov 2022 12:20:41 GMT
vary: Accept-Encoding
etag: W/"63738419-1aaa0"
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

alas4kanmfa6a4mubte.com/get/1841675?zoneid=1841675&jp=_clsgg8a8z2nty24dno4i80&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8553673064251945

62.122.171.6

200 OK

0 B

URL HTTP/2
alas4kanmfa6a4mubte.com/get/1841675?zoneid=1841675&jp=_clsgg8a8z2nty24dno4i80&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8553673064251945
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /get/1841675?zoneid=1841675&jp=_clsgg8a8z2nty24dno4i80&nojs=0&ix=0&abvar=0&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=undefined&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&freq=0&cid=8553673064251945 HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.la/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 22:21:58 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=221128172141c7144cadcb4008855f5353a4; Path=/; Expires=Tue, 28 Nov 2023 22:21:58 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations