Report - lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2

Report Overview

Visited public
2024-08-09 20:05:15
Tags
URL
lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2
Finishing URL
api.airfind.com/link/v1?id=6642452d8c144769955fcf34&clientId=51273&brand=NO_desktop&unique_req=7859885618558574
IP / ASN
172.67.135.229
#13335 CLOUDFLARENET
Title
api.airfind.com/link/v1?id=6642452d8c144769955fcf34&clientId=51273&brand=NO_desktop&unique_req=7859885618558574

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Sent	Received	IP
cdn.airfind.com	89315	466 B	18 kB	185.76.9.25
unpkg.com	11693	1.7 kB	782 kB	104.17.249.203
r10.o.lencr.org	unknown	2.3 kB	6.2 kB	23.36.76.226
o.pki.goog	unknown	3.3 kB	7.0 kB	142.250.74.67
fonts.googleapis.com	8877	909 B	10 kB	142.250.74.74
d1wzdj81h1hubn.cloudfront.net	unknown	1.3 kB	991 kB	54.230.241.198
gamgladthereis.info	unknown	1.8 kB	1.8 kB	54.240.174.67
lootdest.org	unknown	1.5 kB	375 kB	172.67.135.229
r11.o.lencr.org	unknown	327 B	887 B	23.36.77.32
fonts.gstatic.com	unknown	2.1 kB	75 kB	216.58.207.227
d3nz96k4xfpkvu.cloudfront.net	unknown	453 B	902 B	143.204.42.99
eiwouldlikuk.com	unknown	503 B	896 B	104.21.76.222
2.entlysearchin.info	unknown	1.6 kB	1.2 kB	172.67.190.50
cdn.jsdelivr.net	439	434 B	7.7 kB	104.18.186.31
pagead2.googlesyndication.com	101	451 B	53 kB	142.250.74.162
curyrentattrib.info	unknown	437 B	707 B	143.204.55.41
api.airfind.com	16215	588 B	1.6 kB	198.199.108.22

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2024-08-09	medium	lootdest.org/5.js	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	lootdest.org/5.js	ScriptElement	351 kB	2024-08-06	2024-08-31
Pretty URL lootdest.org/5.js IP 172.67.135.229 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-06 05:49 Last Seen2024-08-31 08:33 Times Seen11 Hash 4cef5d60fa7e4ba718499dfbabfac4ed 832642c74f4e97467ce6ac17254a9b241d729aac c1450090dcb4f005d1f7f807642508e9ebec0b6e48c28aa15a8a59eca6801bbd Loading...

	unknown	Function	79 B	2023-04-11	2025-05-20
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:38 Last Seen2025-05-20 03:54 Times Seen113051 Hash aa049e2749b8531cb8f233c2f64fc2b2 b611a5a62c1813ae5b4763378b3a4a565556530a e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2 Loading...

	unknown	Function	37 B	2023-04-11	2025-05-20
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31 Last Seen2025-05-20 04:16 Times Seen265519 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

	lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2	ScriptElement	16 kB	2024-08-19	2024-08-19
Pretty URL lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2 IP 172.67.135.229 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 14:01 Last Seen2024-08-19 14:01 Times Seen1 Hash 19c509723e6ef8a1f342c7cf21ea88a6 b26682fa12215ca2c8df95e3b4056b79c02d4ff5 388133438fc9033b43b170973f0193eed70e4017077a88e6cb8a408962df0edc Loading...

	unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js	ScriptElement	380 kB	2024-03-06	2025-05-17
Pretty URL unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js IP 104.17.249.203 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-06 12:34 Last Seen2025-05-17 16:34 Times Seen503 Hash eb0e70a3ac4ff8c241de551483e6d66e 14be33e51ee381fc877863c58845111ed175b1cc 68b594d79a955d4237d365555d137be2842068c263d444f583556ee1f9a8cbc1 Loading...

	cdn.jsdelivr.net/npm/babel-regenerator-runtime@6.5.0/runtime.js	ScriptElement	22 kB	2023-03-07	2025-05-13
Pretty URL cdn.jsdelivr.net/npm/babel-regenerator-runtime@6.5.0/runtime.js IP 104.18.186.31 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:26 Last Seen2025-05-13 22:40 Times Seen124 Hash 4f6d0ac2c43a81b1890d6442a2a72494 5cec1237fc2cd482064efb78c55096560ffd4419 b9258540f48bff83be38e2952dfa01f6bb5c6ccbc13baccf3e26995299f59d07 Loading...

	unpkg.com/detect-gpu@latest/dist/detect-gpu.umd.js	ScriptElement	9.7 kB	2024-08-05	2024-08-19
Pretty URL unpkg.com/detect-gpu@latest/dist/detect-gpu.umd.js IP 104.17.249.203 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-05 20:09 Last Seen2024-08-19 14:28 Times Seen7 Hash baa285604a8e131b93d6eeec39a28170 7a8d9d41320a586673da0a0ade9afb2a65d86d85 d947cf2547284991c8a38216a7fa8ac0edb4e7e1b1d11f4c084c8bc1b86489fa Loading...

	lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2	ScriptElement	1.6 kB	2023-12-02	2024-10-04
Pretty URL lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2 IP 172.67.135.229 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-02 02:50 Last Seen2024-10-04 11:11 Times Seen68 Hash 08fa1194f9c5b3ce130efb59a66b8a3e ab69a923f3bba026b4c9292845456ccee152305d 4e944c5fa6b16c1c68e64fd0e04bf0e899dbf77772af63c1388131fed266f2b6 Loading...

HTTP Transactions (47)

URL IP Response Size

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
882613f845901733a5cf44444eaf24c0
e44e954f2102a5700060c41150dcb37c9d6ba2de
1dde5010695d8b0880ff77100af0c78afc7c692d4cf6caf1fd4487009d37b8cb

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1DDE5010695D8B0880FF77100AF0C78AFC7C692D4CF6CAF1FD4487009D37B8CB"
Last-Modified: Fri, 09 Aug 2024 00:39:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9437
Expires: Fri, 09 Aug 2024 22:42:05 GMT
Date: Fri, 09 Aug 2024 20:04:48 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
19cd88f88651f2e9f42740350df4b4d1
c6c7026e15281db4f24b3bc4ee2cfc2ecc26362c
b41a248824843236c8691934a5dfd24daa01f05cdc8cff81afdb9588dee24946

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B41A248824843236C8691934A5DFD24DAA01F05CDC8CFF81AFDB9588DEE24946"
Last-Modified: Thu, 08 Aug 2024 18:28:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6445
Expires: Fri, 09 Aug 2024 21:52:13 GMT
Date: Fri, 09 Aug 2024 20:04:48 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
b278ebaf27c527785e85180da86b54f9
ee87bf3d735648b0734efe705977f9b86155fcbd
f53b9b17675ce2f387b3fcff02c39ecc355e1fd81756731257c59ea22115c519

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F53B9B17675CE2F387B3FCFF02C39ECC355E1FD81756731257C59EA22115C519"
Last-Modified: Thu, 08 Aug 2024 18:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8508
Expires: Fri, 09 Aug 2024 22:26:36 GMT
Date: Fri, 09 Aug 2024 20:04:48 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
5f8acb1f8a25eb19fc33302dc7bf3c26
93ad5ef9e7119c1064e966ea3ab2cade2438d5aa
277c320d7ff9556a6375e996308ba8d893601e14430af41b82904952d477f836

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "277C320D7FF9556A6375E996308BA8D893601E14430AF41B82904952D477F836"
Last-Modified: Thu, 08 Aug 2024 18:26:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9061
Expires: Fri, 09 Aug 2024 22:35:49 GMT
Date: Fri, 09 Aug 2024 20:04:48 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
44652d7b300e8ec25ca7037a03650499
505725e3d4543418c836a3562e8f2cfba5c9b223
15aee3a7f25039ad0b7ef6961eff2511baa766ea9195ed666a048c1ad7a49b32

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "15AEE3A7F25039AD0B7EF6961EFF2511BAA766EA9195ED666A048C1AD7A49B32"
Last-Modified: Thu, 08 Aug 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2654
Expires: Fri, 09 Aug 2024 20:49:03 GMT
Date: Fri, 09 Aug 2024 20:04:49 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
e1cd74cbd513bcac7faf7147dd0e9db3
5c83e98e78beec3020f4942369d9c2365a7de76f
dd403ef6d8531526826d75c9ceda54beea36b5c8b8a281297331818ac6336b23

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "DD403EF6D8531526826D75C9CEDA54BEEA36B5C8B8A281297331818AC6336B23"
Last-Modified: Thu, 08 Aug 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9010
Expires: Fri, 09 Aug 2024 22:34:59 GMT
Date: Fri, 09 Aug 2024 20:04:49 GMT
Connection: keep-alive

cdn.jsdelivr.net/npm/babel-regenerator-runtime@6.5.0/runtime.js

104.18.186.31

200 OK

6.6 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/babel-regenerator-runtime@6.5.0/runtime.js
IP
104.18.186.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2
Certificate
IssuerSectigo Limited
Subject*.jsdelivr.net
Fingerprint74:7A:63:DF:06:27:1E:52:8C:E8:0D:AD:1F:89:98:B5:EB:2D:49:EE
ValiditySat, 04 May 2024 00:00:00 GMT - Sun, 04 May 2025 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
6.6 kB (6589 bytes)
Hash
4f6d0ac2c43a81b1890d6442a2a72494
5cec1237fc2cd482064efb78c55096560ffd4419
b9258540f48bff83be38e2952dfa01f6bb5c6ccbc13baccf3e26995299f59d07

HTTP Headers

GET /npm/babel-regenerator-runtime@6.5.0/runtime.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lootdest.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 09 Aug 2024 20:04:49 GMT
content-type: application/javascript; charset=utf-8
content-length: 6589
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 6.5.0
x-jsd-version-type: version
etag: W/"53cd-XOwSN/ws1IIGTvt4xVCWVg/9RBk"
content-encoding: br
x-served-by: cache-fra-eddf8230078-FRA, cache-lga21936-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 4956007
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VHGjNC5s0VZPk6S6ii7SzirR9MhgqEUv%2FRee%2FVSMfa9vL5uasiFTjdqgJmJ9eum7YzmuccP5r3bhiy9kezLbL02OZtVsUCw6INtOHNtBoE8jxJJ8%2BfB7eHIs1Ei6mTIuf7M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8b0a5b801e845691-OSL
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.67

472 B

URL
o.pki.goog/wr2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a03e5022373b95d46179b25ac9b7f460
ef63b1a206d921b9d9fcf0b71e05a576b28f1027
cd80a67f46435f0000d801da9138919e7ca11daf5ea3e8e64d1873259a8c2cd5

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Aug 2024 20:04:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

o.pki.goog/wr2

142.250.74.67

472 B

URL
o.pki.goog/wr2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a03e5022373b95d46179b25ac9b7f460
ef63b1a206d921b9d9fcf0b71e05a576b28f1027
cd80a67f46435f0000d801da9138919e7ca11daf5ea3e8e64d1873259a8c2cd5

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Aug 2024 20:04:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

o.pki.goog/wr2

142.250.74.67

472 B

URL
o.pki.goog/wr2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4131fc8195eed2b4d0987ea57846c8a5
604148607f19dbabb9e235d47c09587270f99178
bdaa2ba2ec2eadd4ddf82be7849eb2c0abeec7f319a63829df09df441a1c6897

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Aug 2024 20:04:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/play/v19/6ae84K2oVqwItm4TCpAy2g.woff2

216.58.207.227

200 OK

18 kB

URL GET HTTP/2
fonts.gstatic.com/s/play/v19/6ae84K2oVqwItm4TCpAy2g.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintF2:15:54:4E:F3:58:7F:5A:14:9D:F2:45:37:0E:B1:A6:48:C6:2B:14
ValidityTue, 30 Jul 2024 12:49:30 GMT - Tue, 22 Oct 2024 12:49:29 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18100, version 1.0
Size
18 kB (18100 bytes)
Hash
2af0645d8798834a774f014332120c5d
c1f9a794c35d75cd3196ec52e457467d33b2405b
42d25e75823f99564c199e3dc486ff8562ce77625ea50ee07385df687296f69f

HTTP Headers

GET /s/play/v19/6ae84K2oVqwItm4TCpAy2g.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lootdest.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18100
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 03 Aug 2024 03:02:19 GMT
expires: Sun, 03 Aug 2025 03:02:19 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 19:54:08 GMT
content-type: font/woff2
age: 579750
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.67

472 B

URL
o.pki.goog/wr2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c01d8b350350f14af51661a8d6af3d2c
353a84b777a919ffb56646203ea5db97637c0c48
dcdf2755004087a52c61449ff055486243843b39551c9587a2ecd8f85fd0cef4

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Aug 2024 20:04:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/play/v19/6aez4K2oVqwIvtU2Hw.woff2

216.58.207.227

200 OK

18 kB

URL GET HTTP/2
fonts.gstatic.com/s/play/v19/6aez4K2oVqwIvtU2Hw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintF2:15:54:4E:F3:58:7F:5A:14:9D:F2:45:37:0E:B1:A6:48:C6:2B:14
ValidityTue, 30 Jul 2024 12:49:30 GMT - Tue, 22 Oct 2024 12:49:29 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18088, version 1.0
Size
18 kB (18088 bytes)
Hash
f4aa2d622725f1af4e132e2bbaeb47ae
20594962b8a024c0cec8d3b3fe8614bea75d5388
d0964aee1973c5818130723f3bf5b8e0b51bf775a5074949c91d815d91f2924f

HTTP Headers

GET /s/play/v19/6aez4K2oVqwIvtU2Hw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lootdest.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18088
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 03 Aug 2024 02:58:02 GMT
expires: Sun, 03 Aug 2025 02:58:02 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Aug 2023 20:26:25 GMT
content-type: font/woff2
age: 580007
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.67

472 B

URL
o.pki.goog/wr2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4131fc8195eed2b4d0987ea57846c8a5
604148607f19dbabb9e235d47c09587270f99178
bdaa2ba2ec2eadd4ddf82be7849eb2c0abeec7f319a63829df09df441a1c6897

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Aug 2024 20:04:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

d3nz96k4xfpkvu.cloudfront.net/?tid=1060694&params_only=1

143.204.42.99

200 OK

386 B

URL GET HTTP/2
d3nz96k4xfpkvu.cloudfront.net/?tid=1060694&params_only=1
IP
143.204.42.99:443
ASN
#16509 AMAZON-02

Requested by
https://lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
ASCII text, with very long lines (632), with no line terminators
Size
386 B (386 bytes)
Hash
7fab9dba9f69f2e5f674d663d87964b8
45f8414870ba3e83f1f8548f19420569c6529283
493f16d8c458c37dd9f0a477def305e732c766a9886cf4a57dedd51f0b259ca7

HTTP Headers

GET /?tid=1060694&params_only=1 HTTP/1.1
Host: d3nz96k4xfpkvu.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lootdest.org/
Origin: https://lootdest.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 386
date: Fri, 09 Aug 2024 20:04:49 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://lootdest.org
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 246KKeEKrEv16_aSL1iiTZzrF-bgrF_sBuNhbpzT0x_bxpEweFCmwQ==
X-Firefox-Spdy: h2

fonts.gstatic.com/s/exo2/v21/7cH1v4okm5zmbvwkAx_sfcEuiD8jWfWsOdC_.woff2

216.58.207.227

200 OK

17 kB

URL GET HTTP/2
fonts.gstatic.com/s/exo2/v21/7cH1v4okm5zmbvwkAx_sfcEuiD8jWfWsOdC_.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintF2:15:54:4E:F3:58:7F:5A:14:9D:F2:45:37:0E:B1:A6:48:C6:2B:14
ValidityTue, 30 Jul 2024 12:49:30 GMT - Tue, 22 Oct 2024 12:49:29 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16800, version 1.0
Size
17 kB (16800 bytes)
Hash
7ac1786d1915a2ef800a7f591fdea40d
ec867ae4501dbd510a890a407e5f7460d9ab699b
1b2fea867d4b6f808c3cd40100acd253c89880d256e9bdb45637eb2346ab41de

HTTP Headers

GET /s/exo2/v21/7cH1v4okm5zmbvwkAx_sfcEuiD8jWfWsOdC_.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lootdest.org
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16800
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 Aug 2024 08:06:31 GMT
expires: Sat, 09 Aug 2025 08:06:31 GMT
cache-control: public, max-age=31536000
age: 43099
last-modified: Wed, 13 Sep 2023 22:31:27 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Exo+2:wght@700&display=swap

142.250.74.74

200 OK

4.9 kB

URL GET HTTP/3
fonts.googleapis.com/css2?family=Exo+2:wght@700&display=swap
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintC4:3F:12:39:D2:EC:4C:2C:1C:0A:A6:18:8E:2A:97:2C:D8:C2:7E:AF
ValidityTue, 30 Jul 2024 12:49:45 GMT - Tue, 22 Oct 2024 12:49:44 GMT

File type
gzip compressed data, max compression
Size
4.9 kB (4937 bytes)
Hash
9586cd7bbfc42bf11489b3e4176bf464
9542eeb58c00821104b8bdb8d7057fae21552d6f
fd555d76097b80547dcd7c4d9186e26fa757b856034ff894c264143699c3d344

HTTP Headers

GET /css2?family=Exo+2:wght@700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lootdest.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Aug 2024 20:04:50 GMT
date: Fri, 09 Aug 2024 20:04:50 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

eiwouldlikuk.com/tc

104.21.76.222

200 OK

0 B

URL POST HTTP/2
eiwouldlikuk.com/tc
IP
104.21.76.222:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2
Certificate
IssuerGoogle Trust Services
Subjecteiwouldlikuk.com
Fingerprint79:A6:9E:E1:4B:66:B3:3D:1C:89:B6:E9:3C:07:2E:21:F0:3D:37:37
ValidityThu, 01 Aug 2024 11:17:04 GMT - Wed, 30 Oct 2024 11:17:03 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /tc HTTP/1.1
Host: eiwouldlikuk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://lootdest.org/
Origin: https://lootdest.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Fri, 09 Aug 2024 20:04:50 GMT
set-cookie: ci=467759956333605; Max-Age=86400; Secure; SameSite=None
access-control-allow-origin: https://lootdest.org
access-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST, GET, OPTIONS, HEAD
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4bRYy946hETp90VlwCUW%2BqYgCPwetUcGGAF%2F5EQw4NXEnZ5o5lUnYWJc5ov306d1gzQp8QUa0UnmGW1VTgsO36xJ30s9qxPt%2B4ZlLpisvVHlZeie8XxTWlP0aHVmVr1L5fbB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8b0a5b85ac0bb4f3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.67

471 B

URL
o.pki.goog/wr2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
cb922be14e1d6c8229af2311795133e5
3c1db958d07bac89ddd9cda8694be268a8fba630
bef5223dc4cfbd7a9c114141ab4afb49629abaf7414748fe602d07da4f32ffe0

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Aug 2024 20:04:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

142.250.74.162

200 OK

52 kB

URL GET HTTP/2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP
142.250.74.162:443
ASN
#15169 GOOGLE

Requested by
https://lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2
Certificate
IssuerGoogle Trust Services
Subject*.g.doubleclick.net
Fingerprint14:B7:B4:3E:55:7D:CF:A1:6B:D0:82:C8:2E:75:D6:BE:F9:4D:15:50
ValidityTue, 30 Jul 2024 12:32:43 GMT - Tue, 22 Oct 2024 12:32:42 GMT

File type
JavaScript source, ASCII text, with very long lines (3967)
Size
52 kB (52405 bytes)
Hash
1083ac8b33830877706bf42339292800
66753d2962d7edf06a160deafcb84e896d0a1e31
ddd50ddabe4a372ba065f7d65222e6aa979bacb455c8400d166f2c02868ce46c

HTTP Headers

GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lootdest.org/
Origin: https://lootdest.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Fri, 09 Aug 2024 20:04:50 GMT
expires: Fri, 09 Aug 2024 20:04:50 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 8197503595117009719
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 52405
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.67

471 B

URL
o.pki.goog/wr2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
cb922be14e1d6c8229af2311795133e5
3c1db958d07bac89ddd9cda8694be268a8fba630
bef5223dc4cfbd7a9c114141ab4afb49629abaf7414748fe602d07da4f32ffe0

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Aug 2024 20:04:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

d1wzdj81h1hubn.cloudfront.net/23f3efb5d15b1736.png

54.230.241.198

200 OK

25 kB

URL GET HTTP/2
d1wzdj81h1hubn.cloudfront.net/23f3efb5d15b1736.png
IP
54.230.241.198:443
ASN
#16509 AMAZON-02

Requested by
https://lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
PNG image data, 1000 x 1000, 8-bit/color RGBA, non-interlaced
Size
25 kB (24759 bytes)
Hash
eb71225529f68815b34f2d0cd7cb5675
614145c1fdf98d384735be4f74030df3cfbdddbf
3a70b8c6c0994b894ade6d0984ac5e50f4464cdc7cf5353336f7f9c9180d674d

HTTP Headers

GET /23f3efb5d15b1736.png HTTP/1.1
Host: d1wzdj81h1hubn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lootdest.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 24759
last-modified: Wed, 03 Jul 2024 17:36:18 GMT
x-amz-server-side-encryption: AES256
x-amz-meta-timestamp: 2024-07-03T12:10:59.352066
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Aug 2024 12:46:31 GMT
etag: "eb71225529f68815b34f2d0cd7cb5675"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: RJH9huny8oSizOQRNxJ4qTNW8f_u-iS9inHS7XlSP-QeQTC_hper1g==
age: 26300
X-Firefox-Spdy: h2

d1wzdj81h1hubn.cloudfront.net/icons/apps.png

54.230.241.198

200 OK

3.1 kB

URL GET HTTP/2
d1wzdj81h1hubn.cloudfront.net/icons/apps.png
IP
54.230.241.198:443
ASN
#16509 AMAZON-02

Requested by
https://lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
Size
3.1 kB (3115 bytes)
Hash
fe92fe3dee69ba5c6dc9ab4b1785c556
444c3bcb27bde9c050a4bd51bf35d511951a3077
2c07bad8f7225591d84faba9c558c4bff26e5acdac36f91f47a73796be04dbd0

HTTP Headers

GET /icons/apps.png HTTP/1.1
Host: d1wzdj81h1hubn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lootdest.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 3115
last-modified: Tue, 07 Feb 2023 09:32:37 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Aug 2024 05:51:20 GMT
etag: "fe92fe3dee69ba5c6dc9ab4b1785c556"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -FWgFpJ3P5wniniJCfXEdwFULzGGvgk3CxgPA1SrHjBR819cmRgIpg==
age: 52164
X-Firefox-Spdy: h2

d1wzdj81h1hubn.cloudfront.net/7b3b7323bc920649.png

54.230.241.198

200 OK

961 kB

URL GET HTTP/2
d1wzdj81h1hubn.cloudfront.net/7b3b7323bc920649.png
IP
54.230.241.198:443
ASN
#16509 AMAZON-02

Requested by
https://lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
PNG image data, 1118 x 618, 8-bit/color RGBA, non-interlaced
Size
961 kB (961077 bytes)
Hash
2f439a8462499e4337920823f2b176a7
d37da578ab26a3a06b71e12154466fbbddf0ce98
8b056f5f22659f1512265c9e7e4c936bfa1f72f10fed57e0c74254baf5126218

HTTP Headers

GET /7b3b7323bc920649.png HTTP/1.1
Host: d1wzdj81h1hubn.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lootdest.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
content-length: 961077
last-modified: Tue, 16 Jul 2024 07:16:34 GMT
x-amz-server-side-encryption: AES256
x-amz-meta-timestamp: 2024-07-16T04:03:27.180602
accept-ranges: bytes
server: AmazonS3
date: Fri, 09 Aug 2024 12:46:31 GMT
etag: "2f439a8462499e4337920823f2b176a7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uQIf1zvqELGFUIxQkYz0fDvIZHKZ-segTLFgbL9EUfWeWxma4XTU4Q==
age: 26300
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
4cbc9626c73be7d5dcbbe058e55aad0b
528901752567f5c63aaf2b16986a78317b103bcd
9860b5df8ec5968b5115bd6d6a842912b43bc5418cb2baa4a4c1303800f3e571

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "9860B5DF8EC5968B5115BD6D6A842912B43BC5418CB2BAA4A4C1303800F3E571"
Last-Modified: Thu, 08 Aug 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10628
Expires: Fri, 09 Aug 2024 23:01:59 GMT
Date: Fri, 09 Aug 2024 20:04:51 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
4cbc9626c73be7d5dcbbe058e55aad0b
528901752567f5c63aaf2b16986a78317b103bcd
9860b5df8ec5968b5115bd6d6a842912b43bc5418cb2baa4a4c1303800f3e571

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "9860B5DF8EC5968B5115BD6D6A842912B43BC5418CB2BAA4A4C1303800F3E571"
Last-Modified: Thu, 08 Aug 2024 18:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10628
Expires: Fri, 09 Aug 2024 23:01:59 GMT
Date: Fri, 09 Aug 2024 20:04:51 GMT
Connection: keep-alive

2.entlysearchin.info/c?uid=7859885618558574&cat=19&key=54839833488331514

172.67.190.50

0 B

URL
2.entlysearchin.info/c?uid=7859885618558574&cat=19&key=54839833488331514
IP
172.67.190.50:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c?uid=7859885618558574&cat=19&key=54839833488331514 HTTP/1.1
Host: 2.entlysearchin.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://lootdest.org
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 89iNEJwhRiKGocH23Nj6hQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Fri, 09 Aug 2024 20:04:58 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 7zuSV+fWDj8wpPMOsYMs2T0BvUk=
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OPWpK%2FdNRXCSPSRu5PwOqpU2KKyMiVpICCU5ZXQoZggZyltLzKC10e9HxO3yHdVIaW8lIAHI9lr0ZyPf3vvh8puji4HMYrsJBfw6NTXVbRSGGnz0W3lXqqRFu748L2QvowBJ0JfUwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8b0a5bbaea8c7131-OSL
alt-svc: h3=":443"; ma=86400

curyrentattrib.info/ptr?i=1bec863a44f66e

143.204.55.41

200 OK

0 B

URL GET HTTP/2
curyrentattrib.info/ptr?i=1bec863a44f66e
IP
143.204.55.41:443
ASN
#16509 AMAZON-02

Requested by
https://lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2
Certificate
IssuerAmazon
Subjectcuryrentattrib.info
FingerprintCD:7F:1F:97:6C:05:9F:A3:DA:B0:E9:72:78:64:9D:85:1E:CD:EE:80
ValiditySun, 28 Apr 2024 00:00:00 GMT - Tue, 27 May 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ptr?i=1bec863a44f66e HTTP/1.1
Host: curyrentattrib.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lootdest.org/
Origin: https://lootdest.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/plain
content-length: 0
date: Fri, 09 Aug 2024 20:04:59 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://lootdest.org
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: kY2xHie0O9XPlCNGek7XXJxlyBnIE7AOJJoRevYEizhYIDQGsCuOiQ==
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.67

472 B

URL
o.pki.goog/wr2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a03e5022373b95d46179b25ac9b7f460
ef63b1a206d921b9d9fcf0b71e05a576b28f1027
cd80a67f46435f0000d801da9138919e7ca11daf5ea3e8e64d1873259a8c2cd5

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Aug 2024 20:05:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

o.pki.goog/wr2

142.250.74.67

472 B

URL
o.pki.goog/wr2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a03e5022373b95d46179b25ac9b7f460
ef63b1a206d921b9d9fcf0b71e05a576b28f1027
cd80a67f46435f0000d801da9138919e7ca11daf5ea3e8e64d1873259a8c2cd5

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Aug 2024 20:05:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn.airfind.com/ext/50002/1715619117966-grwLogo-search.png

185.76.9.25

17 kB

URL
cdn.airfind.com/ext/50002/1715619117966-grwLogo-search.png
IP
185.76.9.25:0
ASN
#60068 Datacamp Limited

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
Size
17 kB (17395 bytes)
Hash
e9485a378d7b4d35e8cc7b89401ebead
8b915b3db5b79190caa1d9739b1ed8ccbf6fcd9e
556388127d28bb96ef25afee4be633b963f54c597d9232b638266912a3d49e3c

HTTP Headers

GET /ext/50002/1715619117966-grwLogo-search.png HTTP/1.1
Host: cdn.airfind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://api.airfind.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Aug 2024 20:05:00 GMT
content-type: image/png
content-length: 17395
last-modified: Mon, 13 May 2024 16:51:57 GMT
etag: "43f3-61858b418bf9c"
cache-control: max-age=2592000
expires: Wed, 12 Jun 2024 16:54:01 GMT
x-77-nzt: EwwBuUwJFAH3ARkAAAwBuUwKDAH3Tp0TAAwBJRPCNAH3zYcCAA
x-77-nzt-ray: af5856307b65f7646c76b6669230a116
x-accel-expires: @1725819259
x-accel-date: 1723227499
x-77-cache: HIT
x-77-age: 6401
server: CDN77-Turbo
x-accel-date-max: 1717070532
x-cache: HIT
x-age: 6401
x-77-pop: stockholmSE
accept-ranges: bytes
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.67

472 B

URL
o.pki.goog/wr2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c01d8b350350f14af51661a8d6af3d2c
353a84b777a919ffb56646203ea5db97637c0c48
dcdf2755004087a52c61449ff055486243843b39551c9587a2ecd8f85fd0cef4

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Aug 2024 20:05:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

216.58.207.227

18 kB

URL
fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintF2:15:54:4E:F3:58:7F:5A:14:9D:F2:45:37:0E:B1:A6:48:C6:2B:14
ValidityTue, 30 Jul 2024 12:49:30 GMT - Tue, 22 Oct 2024 12:49:29 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18436, version 1.0
Size
18 kB (18436 bytes)
Hash
6d5bbe47bbb0003b62d890c94825b7a8
30f546f4ee2e6285462360355942c5898ff0bf1c
1b150c409df2cca1e55ffc6e55b649980f9a282bb6b25da6186d5ed55741141b

HTTP Headers

GET /s/roboto/v32/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://api.airfind.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18436
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Aug 2024 20:57:31 GMT
expires: Fri, 08 Aug 2025 20:57:31 GMT
cache-control: public, max-age=31536000
age: 83249
last-modified: Thu, 01 Aug 2024 20:41:28 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

api.airfind.com/favicon.ico

198.199.108.22

1.4 kB

URL
api.airfind.com/favicon.ico
IP
198.199.108.22:0
ASN
#14061 DIGITALOCEAN-ASN

File type
MS Windows icon resource - 1 icon, 16x16
Size
1.4 kB (1406 bytes)
Hash
33e3ea7fc9c08d2e72730482906a676c
2b468a3be2a1c12c6ed345782d8d8485e7c1ad1e
d7f11245506e1d71b069ff30b14099413f2a1d6cfe736b340ab777afbde482e0

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: api.airfind.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://api.airfind.com/link/v1?id=6642452d8c144769955fcf34&clientId=51273&brand=NO_desktop&unique_req=7859885618558574
Cookie: visitorId=a970950f-e666-418e-bd0c-f24fe0914de8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Aug 2024 20:05:00 GMT
content-type: image/x-icon
content-length: 1406
x-powered-by: Express
cache-control: public, max-age=31536000
etag: "57e-M+Pqf8nAjS5ycwSCkGpnbA"
X-Firefox-Spdy: h2

gamgladthereis.info/?tid=1043967

54.240.174.67

0 B

URL
gamgladthereis.info/?tid=1043967
IP
54.240.174.67:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?tid=1043967 HTTP/1.1
Host: gamgladthereis.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://api.airfind.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Fri, 09 Aug 2024 20:05:02 GMT
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=9df843ef-bb1c-475b-8c8f-554d7bcb6e7a
x-cache: Miss from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: a3NJdcWjAFfbQ4ojx8xTYAyko5QvgmkpUxRFahU7wEgny_mU_4YsxQ==
X-Firefox-Spdy: h2

gamgladthereis.info/?tid=1043967

54.240.174.67

0 B

URL
gamgladthereis.info/?tid=1043967
IP
54.240.174.67:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?tid=1043967 HTTP/1.1
Host: gamgladthereis.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://api.airfind.com/
Cookie: csu=9df843ef-bb1c-475b-8c8f-554d7bcb6e7a
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Fri, 09 Aug 2024 20:05:10 GMT
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
x-cache: Miss from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: xVBVi7nvDQqPEn16GYG3XMF_fGdNiPOHp0wDTS0WfUMngq3YC95eWA==
X-Firefox-Spdy: h2

gamgladthereis.info/?tid=1043967

54.240.174.67

0 B

URL
gamgladthereis.info/?tid=1043967
IP
54.240.174.67:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?tid=1043967 HTTP/1.1
Host: gamgladthereis.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://api.airfind.com/
Cookie: csu=9df843ef-bb1c-475b-8c8f-554d7bcb6e7a
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Fri, 09 Aug 2024 20:05:13 GMT
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
x-cache: Miss from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uPTNNfeg6NdYC909bzJw59ef2Z4vXhaq2asmWSOeovcZAedduBVV1w==
X-Firefox-Spdy: h2

lootdest.org/favicon.ico

172.67.135.229

404 Not Found

561 B

URL GET HTTP/3
lootdest.org/favicon.ico
IP
172.67.135.229:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2
Certificate
IssuerGoogle Trust Services
Subjectlootdest.org
FingerprintBD:55:CD:F9:39:85:79:82:02:A5:C3:D4:C6:5B:F0:D5:9F:BC:BC:BA
ValidityTue, 09 Jul 2024 18:39:55 GMT - Mon, 07 Oct 2024 18:39:54 GMT

File type
HTML document, ASCII text, with very long lines (587), with no line terminators
Size
561 B (561 bytes)
Hash
ef8067f570d910ccebdf42ffc755bf66
da4084be4933ddc66d1727f38bc514ae15de91fc
1b386e7e1b13d52f377ab22266d9973bc86452bd70e58db468d7369b46a8ed46

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: lootdest.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 09 Aug 2024 20:04:49 GMT
content-type: text/html
cache-control: max-age=14400
cf-cache-status: HIT
age: 147
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QaRllkK4Um6LcUp9HZbiqsj6hSKUKZgQqc%2BXeZ0Trik00rZRzSOxbPozAlUikKBOXgUVpm0oBtDAEWzUAeLXrFlOXvsEAd1vnqjVZavZV6ymU4ArVTtHYQmeGAXoseY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b0a5b831bd1b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

unpkg.com/@lottiefiles/lottie-player@2.0.4/dist/lottie-player.js

104.17.249.203

200 OK

380 kB

URL GET HTTP/2
unpkg.com/@lottiefiles/lottie-player@2.0.4/dist/lottie-player.js
IP
104.17.249.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2
Certificate
IssuerGoogle Trust Services
Subjectunpkg.com
Fingerprint78:2B:78:78:28:26:0C:48:36:B0:F1:BE:16:37:48:76:93:BB:A7:42
ValiditySun, 28 Jul 2024 05:23:27 GMT - Sat, 26 Oct 2024 05:23:26 GMT

File type

Size
380 kB (380213 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /@lottiefiles/lottie-player@2.0.4/dist/lottie-player.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lootdest.org/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 09 Aug 2024 20:04:50 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: "5cd35-FL4z5R7jgfyHeGPFiEURHtF1scw"
via: 1.1 fly.io
fly-request-id: 01J087K44MJXPKNJ4R1BZYTXNF-arn
cf-cache-status: HIT
age: 4970561
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8b0a5b893fa2712a-OSL
X-Firefox-Spdy: h2

lootdest.org/5.js

172.67.135.229

200 OK

351 kB

URL GET HTTP/3
lootdest.org/5.js
IP
172.67.135.229:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2
Certificate
IssuerGoogle Trust Services
Subjectlootdest.org
FingerprintBD:55:CD:F9:39:85:79:82:02:A5:C3:D4:C6:5B:F0:D5:9F:BC:BC:BA
ValidityTue, 09 Jul 2024 18:39:55 GMT - Mon, 07 Oct 2024 18:39:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
351 kB (350930 bytes)
Hash
4cef5d60fa7e4ba718499dfbabfac4ed
832642c74f4e97467ce6ac17254a9b241d729aac
c1450090dcb4f005d1f7f807642508e9ebec0b6e48c28aa15a8a59eca6801bbd

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

HTTP Headers

GET /5.js HTTP/1.1
Host: lootdest.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 09 Aug 2024 20:04:49 GMT
content-type: application/javascript
last-modified: Fri, 09 Aug 2024 07:00:00 GMT
etag: W/"66b5be70-55ad2"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4539
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P%2F%2FVFGcw8o4q8AbAnFBymuBm6zLvag3Ka1wrIA6etaasNTv%2FVeTdWS0wLq5fzMSZnFygl38FRG6enm1zAkeeLzNx9%2Bw3pMaGBW9jpWHxdJ4NGoGwBZc8cNC9OY0vmsw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8b0a5b8008cdb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js

104.17.249.203

302 Found

380 kB

URL GET HTTP/2
unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js
IP
104.17.249.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2
Certificate
IssuerGoogle Trust Services
Subjectunpkg.com
Fingerprint78:2B:78:78:28:26:0C:48:36:B0:F1:BE:16:37:48:76:93:BB:A7:42
ValiditySun, 28 Jul 2024 05:23:27 GMT - Sat, 26 Oct 2024 05:23:26 GMT

File type

Size
380 kB (380213 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /@lottiefiles/lottie-player@latest/dist/lottie-player.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lootdest.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 09 Aug 2024 20:04:50 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /@lottiefiles/lottie-player@2.0.4/dist/lottie-player.js
vary: Accept, Accept-Encoding
content-encoding: br
via: 1.1 fly.io
fly-request-id: 01J4WBW5TYNMD5XY64SRZXKBS6-arn
cf-cache-status: HIT
age: 23
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8b0a5b891f7a712a-OSL
X-Firefox-Spdy: h2

lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2

172.67.135.229

200 OK

22 kB

URL User Request GET HTTP/2
lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2
IP
172.67.135.229:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectlootdest.org
FingerprintBD:55:CD:F9:39:85:79:82:02:A5:C3:D4:C6:5B:F0:D5:9F:BC:BC:BA
ValidityTue, 09 Jul 2024 18:39:55 GMT - Mon, 07 Oct 2024 18:39:54 GMT

File type
HTML document, ASCII text, with very long lines (3884)
Size
22 kB (21837 bytes)
Hash
9d6c0a26a5719c106f00c854143a093d
1f2bfe1381fb5ee7bfe0aad997c48fd8903ed610
110fc54d3b889ee23264cceb98efc0f35dce428914ee4717e02171689d85d371

HTTP Headers

GET /s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2 HTTP/1.1
Host: lootdest.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 09 Aug 2024 20:04:48 GMT
content-type: text/html
access-control-allow-headers: Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods: POST, GET, OPTIONS, HEAD
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EuckoAAlCR8L%2BYbAz4NZVhu%2FczzsSD93eyOkYveTg%2BF4o5FDTRfIf2S1271yI1jNaGDYvjqJUQupgTep%2B0uSnoesGTQm9XwBmFzUSiGWaLkBntOPB%2B9gMESPew7LjtI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8b0a5b7beab3568f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Play:wght@400;700&display=swap

142.250.74.74

200 OK

4.1 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Play:wght@400;700&display=swap
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintC4:3F:12:39:D2:EC:4C:2C:1C:0A:A6:18:8E:2A:97:2C:D8:C2:7E:AF
ValidityTue, 30 Jul 2024 12:49:45 GMT - Tue, 22 Oct 2024 12:49:44 GMT

File type
ASCII text, with very long lines (4186), with no line terminators
Size
4.1 kB (4078 bytes)
Hash
d42fbcf073afbe0f7eb3c8fa2004f4c3
f1fea5ff7564f180996bb2fbb2fd9188a472e8e6
d7be6d69d1df9362e25151316cf2925fad0fdc17594650aeaa63d67c11c33570

HTTP Headers

GET /css2?family=Play:wght@400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lootdest.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Aug 2024 20:04:49 GMT
date: Fri, 09 Aug 2024 20:04:49 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

2.entlysearchin.info/st?uid=7859885618558574&cat=19

0.0.0.0

0 B

URL POST
2.entlysearchin.info/st?uid=7859885618558574&cat=19
IP
0.0.0.0:0
ASN
#0

Requested by
https://lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /st?uid=7859885618558574&cat=19 HTTP/1.1
Host: 2.entlysearchin.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lootdest.org
DNT: 1
Connection: keep-alive
Referer: https://lootdest.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

2.entlysearchin.info/c?uid=7859885618558574&cat=19&key=54839833488331514

172.67.190.50

101 Switching Protocols

0 B

URL GET HTTP/1.1
2.entlysearchin.info/c?uid=7859885618558574&cat=19&key=54839833488331514
IP
172.67.190.50:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2
Certificate
IssuerGoogle Trust Services
Subjectentlysearchin.info
FingerprintD8:9A:3A:28:98:69:FB:65:A5:E2:BC:74:04:E2:84:0B:1D:28:14:30
ValidityTue, 25 Jun 2024 12:23:12 GMT - Mon, 23 Sep 2024 12:23:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c?uid=7859885618558574&cat=19&key=54839833488331514 HTTP/1.1
Host: 2.entlysearchin.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://lootdest.org
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 89iNEJwhRiKGocH23Nj6hQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Fri, 09 Aug 2024 20:04:58 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 7zuSV+fWDj8wpPMOsYMs2T0BvUk=
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OPWpK%2FdNRXCSPSRu5PwOqpU2KKyMiVpICCU5ZXQoZggZyltLzKC10e9HxO3yHdVIaW8lIAHI9lr0ZyPf3vvh8puji4HMYrsJBfw6NTXVbRSGGnz0W3lXqqRFu748L2QvowBJ0JfUwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8b0a5bbaea8c7131-OSL
alt-svc: h3=":443"; ma=86400

unpkg.com/detect-gpu@latest/dist/detect-gpu.umd.js

104.17.249.203

302 Found

9.7 kB

URL GET HTTP/2
unpkg.com/detect-gpu@latest/dist/detect-gpu.umd.js
IP
104.17.249.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2
Certificate
IssuerGoogle Trust Services
Subjectunpkg.com
Fingerprint78:2B:78:78:28:26:0C:48:36:B0:F1:BE:16:37:48:76:93:BB:A7:42
ValiditySun, 28 Jul 2024 05:23:27 GMT - Sat, 26 Oct 2024 05:23:26 GMT

File type

Size
9.7 kB (9667 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /detect-gpu@latest/dist/detect-gpu.umd.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lootdest.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 09 Aug 2024 20:04:49 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /detect-gpu@5.0.42/dist/detect-gpu.umd.js
vary: Accept, Accept-Encoding
content-encoding: br
via: 1.1 fly.io
fly-request-id: 01J4WBRAS70BGTXTKVQQ0XSPPT-arn
cf-cache-status: HIT
age: 148
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8b0a5b802ada712a-OSL
X-Firefox-Spdy: h2

unpkg.com/detect-gpu@5.0.42/dist/detect-gpu.umd.js

104.17.249.203

200 OK

9.7 kB

URL GET HTTP/2
unpkg.com/detect-gpu@5.0.42/dist/detect-gpu.umd.js
IP
104.17.249.203:443
ASN
#13335 CLOUDFLARENET

Requested by
https://lootdest.org/s?41e6ebbd&data=g6ssgedma%2BtLur0XLOCZKXISwzM00fZUALAxKzx5p8Gt0ifY50HCkMANUQ/E8ny2
Certificate
IssuerGoogle Trust Services
Subjectunpkg.com
Fingerprint78:2B:78:78:28:26:0C:48:36:B0:F1:BE:16:37:48:76:93:BB:A7:42
ValiditySun, 28 Jul 2024 05:23:27 GMT - Sat, 26 Oct 2024 05:23:26 GMT

File type
JavaScript source, ASCII text, with very long lines (10011), with no line terminators
Size
9.7 kB (9667 bytes)
Hash
88facc940d4399ee2f87c1fb5627c9b7
bd3b3f9ff0ebb00827fea171a5ffc64f473c0e19
59e72da7314b9482ff8a93ae52c57650af1e238f461a962f7e2127f61627b456

HTTP Headers

GET /detect-gpu@5.0.42/dist/detect-gpu.umd.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lootdest.org/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 09 Aug 2024 20:04:49 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: "25c3-eo2dQTIKWGZz2goK3pr7KmXYbYU"
via: 1.1 fly.io
fly-request-id: 01J4DMP5FDXHJVG6NSW9WQPVZQ-arn
cf-cache-status: HIT
age: 494098
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 8b0a5b808b39712a-OSL
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (47)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP