| ateyfathertold.org/ZmYxTUUHBFIgegdbU2swFAoMaHcgQwMLIVcAAXgzFFVCJzYTHwZjJgoJRCkjFAlfOWsIA0VodyBUYyETPjBkGCkpDFo3IAwvCQB3Dl5VIHQIP3kDIiw1ZDoMVRVJAgIvD3oVNlYpWCUiNh9gew4cPF4IPC8lfzdxPCRldD0iHFYgATU3XAwdKx5hCQMXPGYANCgiWjQgISdGAhE8UlV+CFQrYilyPz50JQs1DRR/BwcMCX4JDBVGAREzV34ODxwrcikqKQxeaHcgKksmcighc30AVCwGKRIoCGt+dR8qSz4/KQx4fCYhMF0GPywRaxoTVgJfOSsFLmgIJiFLZyEID14GFBIgAVUfIR88AhhgVCRofwsRAlYfMjwxZH4ILiRaCw00V2gVKQoEdgMrPBx4Kg8yUgUuDQUna38hDQJpFy48VGMqISEzSR0BBQx8NyISP3kcETwLazUkITBJBA0OVRcnNgkIQXABESFAJgs2HAYXKhUuUz4T | 18.239.18.3 | 200 OK | 3.1 kB |
URL GET ateyfathertold.org/ZmYxTUUHBFIgegdbU2swFAoMaHcgQwMLIVcAAXgzFFVCJzYTHwZjJgoJRCkjFAlfOWsIA0VodyBUYyETPjBkGCkpDFo3IAwvCQB3Dl5VIHQIP3kDIiw1ZDoMVRVJAgIvD3oVNlYpWCUiNh9gew4cPF4IPC8lfzdxPCRldD0iHFYgATU3XAwdKx5hCQMXPGYANCgiWjQgISdGAhE8UlV+CFQrYilyPz50JQs1DRR/BwcMCX4JDBVGAREzV34ODxwrcikqKQxeaHcgKksmcighc30AVCwGKRIoCGt+dR8qSz4/KQx4fCYhMF0GPywRaxoTVgJfOSsFLmgIJiFLZyEID14GFBIgAVUfIR88AhhgVCRofwsRAlYfMjwxZH4ILiRaCw00V2gVKQoEdgMrPBx4Kg8yUgUuDQUna38hDQJpFy48VGMqISEzSR0BBQx8NyISP3kcETwLazUkITBJBA0OVRcnNgkIQXABESFAJgs2HAYXKhUuUz4T IP 18.239.18.3:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerAmazon Subjectateyfathertold.org FingerprintDF:B7:7D:9B:C0:F8:BE:7C:A5:59:9D:5B:2E:AF:9D:6D:9D:78:5E:26 ValiditySun, 06 Apr 2025 00:00:00 GMT - Tue, 05 May 2026 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (3071), with no line terminators Hashf3c894e255e169c13661947739ea293e 7b43aec479970cf90ce5bfc513f625e9a61aeaa6 c80d8ca159a008dadce01d837832db24fe6c59eae4d4a57b838bb76b82b5c7d1
GET /ZmYxTUUHBFIgegdbU2swFAoMaHcgQwMLIVcAAXgzFFVCJzYTHwZjJgoJRCkjFAlfOWsIA0VodyBUYyETPjBkGCkpDFo3IAwvCQB3Dl5VIHQIP3kDIiw1ZDoMVRVJAgIvD3oVNlYpWCUiNh9gew4cPF4IPC8lfzdxPCRldD0iHFYgATU3XAwdKx5hCQMXPGYANCgiWjQgISdGAhE8UlV+CFQrYilyPz50JQs1DRR/BwcMCX4JDBVGAREzV34ODxwrcikqKQxeaHcgKksmcighc30AVCwGKRIoCGt+dR8qSz4/KQx4fCYhMF0GPywRaxoTVgJfOSsFLmgIJiFLZyEID14GFBIgAVUfIR88AhhgVCRofwsRAlYfMjwxZH4ILiRaCw00V2gVKQoEdgMrPBx4Kg8yUgUuDQUna38hDQJpFy48VGMqISEzSR0BBQx8NyISP3kcETwLazUkITBJBA0OVRcnNgkIQXABESFAJgs2HAYXKhUuUz4T HTTP/1.1
Host: ateyfathertold.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1220
date: Sun, 27 Apr 2025 18:57:29 GMT
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
set-cookie: AWSALB=vufLqi1e+T3OsIESU9d9zXo2QwkFEUsNmHbpcs1m4re/whK/Dhe6RZ44X5ZRyt0dMNUpJJ/N9mw3OEDRljSFeWHzsQIM4+NovD2i9H9RJHvK93YraBUbhh4DjhEz; Expires=Sun, 04 May 2025 18:57:29 GMT; Path=/
AWSALBCORS=vufLqi1e+T3OsIESU9d9zXo2QwkFEUsNmHbpcs1m4re/whK/Dhe6RZ44X5ZRyt0dMNUpJJ/N9mw3OEDRljSFeWHzsQIM4+NovD2i9H9RJHvK93YraBUbhh4DjhEz; Expires=Sun, 04 May 2025 18:57:29 GMT; Path=/; SameSite=None
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 c26e94322027d14813c3c25e1b340274.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P6
x-amz-cf-id: 6xt2Wz0Oi8QSRsqtS8d9pGm6Hh3khvNNij14dozheME9AGlYWQJfgw==
X-Firefox-Spdy: h2
|
|
| www.blockadsnot.com/baja.min.css | 95.173.205.15 | 200 OK | 37 kB |
URL GET www.blockadsnot.com/baja.min.css IP 95.173.205.15:443
ASN#60068 Datacamp Limited
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerLet's Encrypt Subject1158060716.rsc.cdn77.org FingerprintD6:68:88:78:D5:18:B9:BC:6F:69:01:F9:29:EE:74:87:59:09:27:C6 ValidityWed, 16 Apr 2025 02:52:47 GMT - Tue, 15 Jul 2025 02:52:46 GMT
File typeJavaScript source, ASCII text, with very long lines (1568) Hash3b0076ccea3f823654727b9c067039bd e71f4a696f8ab21898375791ffbf73aa90aa9e49 eb14c015e99d31828d3ebb08c83b78826104bc0a0ad9476ccf32e5cab0b3844b
GET /baja.min.css HTTP/1.1
Host: www.blockadsnot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:29 GMT
content-type: application/x-javascript
popads-node: wb9
expires: Fri, 02 May 2025 00:00:15 GMT
access-control-allow-origin: https://do7go.com
link: <https://blockadsnot.com/>;rel=preconnect
cache-control: public, max-age=604800
x-77-nzt: EwwBX63NDQH3Y60DAAwBuUwKEwH3IgAAAAwBnJIhHwG3BQAAAA
x-77-nzt-ray: 2a494a155caa32c63e7e0e68741aa429
x-77-cache: HIT
x-77-age: 240995
vary: Accept-Encoding, Origin
content-encoding: gzip
server: CDN77-Turbo
x-77-pop: osloNO
X-Firefox-Spdy: h2
|
|
| mixscoggan.shop/gd/70849?md=eyJhIjo4MTU4LCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly9kbzdnby5jb20vZS9odHRwcy9kb29kc3RyZWFtLmNvbS9kLzhyc29xbjZyc2lpeSIsImgiOjEwMzIsImwiOiJlbi1VUyIsInQiOjAsInoiOjYxOTksImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoibHd4OHY3dTNzMHF0ZG5yIiwibyI6dHJ1ZSwibSI6MTc0NTc4MDI0OTc0NiwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyVmlkZW8lMjBub3QlMjBmb3VuZCUyMCU3QyUyMERvb2RTdHJlYW0lMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTIydGVzdCUzQTMlMjIlMkMlMjJub3QlM0EyJTIyJTJDJTIyZm91bmQlM0EyJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&fc=h7q5T8idLKWMMrmW6iTG0g&pr=1YB8DBYXc1mTRxnxJxgO3A | 212.117.186.12 | 200 OK | 0 B |
URL OPTIONS mixscoggan.shop/gd/70849?md=eyJhIjo4MTU4LCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly9kbzdnby5jb20vZS9odHRwcy9kb29kc3RyZWFtLmNvbS9kLzhyc29xbjZyc2lpeSIsImgiOjEwMzIsImwiOiJlbi1VUyIsInQiOjAsInoiOjYxOTksImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoibHd4OHY3dTNzMHF0ZG5yIiwibyI6dHJ1ZSwibSI6MTc0NTc4MDI0OTc0NiwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyVmlkZW8lMjBub3QlMjBmb3VuZCUyMCU3QyUyMERvb2RTdHJlYW0lMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTIydGVzdCUzQTMlMjIlMkMlMjJub3QlM0EyJTIyJTJDJTIyZm91bmQlM0EyJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&fc=h7q5T8idLKWMMrmW6iTG0g&pr=1YB8DBYXc1mTRxnxJxgO3A IP 212.117.186.12:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerLet's Encrypt Subjectmixscoggan.shop Fingerprint1D:16:41:59:06:67:D9:CC:1E:B5:29:75:87:D3:57:A3:8E:81:A3:ED ValidityTue, 22 Apr 2025 04:09:34 GMT - Mon, 21 Jul 2025 04:09:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /gd/70849?md=eyJhIjo4MTU4LCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly9kbzdnby5jb20vZS9odHRwcy9kb29kc3RyZWFtLmNvbS9kLzhyc29xbjZyc2lpeSIsImgiOjEwMzIsImwiOiJlbi1VUyIsInQiOjAsInoiOjYxOTksImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoibHd4OHY3dTNzMHF0ZG5yIiwibyI6dHJ1ZSwibSI6MTc0NTc4MDI0OTc0NiwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyVmlkZW8lMjBub3QlMjBmb3VuZCUyMCU3QyUyMERvb2RTdHJlYW0lMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTIydGVzdCUzQTMlMjIlMkMlMjJub3QlM0EyJTIyJTJDJTIyZm91bmQlM0EyJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&fc=h7q5T8idLKWMMrmW6iTG0g&pr=1YB8DBYXc1mTRxnxJxgO3A HTTP/1.1
Host: mixscoggan.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://do7go.com/
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Apr 2025 18:57:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://do7go.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| 6.adsco.re/ | 104.17.166.186 | 200 OK | 45 B |
IP 104.17.166.186:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerSectigo Limited Subject*.adsco.re Fingerprint3B:64:1C:DA:8C:64:22:01:36:0F:54:7A:99:6E:AD:26:C2:EF:59:8B ValidityMon, 23 Sep 2024 00:00:00 GMT - Mon, 29 Sep 2025 23:59:59 GMT
File typeASCII text, with no line terminators Hash5b41cb22f84f645a103acc7bfbf084ff bac3967b26d5ec4a0d09a580714e8219796816bd 709f0a0dfab9f9e074f4a4a348dcb09150838284d21e75cfb9e5ceaeeb2054bc
GET / HTTP/1.1
Host: 6.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:31 GMT
content-type: text/plain;charset=UTF-8
content-length: 45
access-control-allow-origin: https://do7go.com
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 93708bccdad5568e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| td8lfvmrsb51.l4.adsco.re/ | 185.200.118.62 | 200 OK | 0 B |
URL POST td8lfvmrsb51.l4.adsco.re/ IP 185.200.118.62:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerLet's Encrypt Subject*.l4.adsco.re Fingerprint76:AD:98:EA:A8:8F:6F:6D:58:92:36:07:6D:91:B6:67:41:97:C1:4E ValiditySat, 19 Apr 2025 09:14:33 GMT - Fri, 18 Jul 2025 09:14:32 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: td8lfvmrsb51.l4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:32 GMT
content-type: text/html
content-length: 0
last-modified: Fri, 02 Jun 2023 14:03:32 GMT
etag: "6479f6b4-0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| i.doodcdn.io/theme_2/fonts/avertastd-regular-webfont.woff2 | 104.26.14.102 | 200 OK | 24 kB |
URL GET i.doodcdn.io/theme_2/fonts/avertastd-regular-webfont.woff2 IP 104.26.14.102:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerGoogle Trust Services Subjectdoodcdn.io Fingerprint55:EE:8C:FC:C3:6E:6C:90:2B:D0:6B:34:0E:02:CA:FA:E1:1A:08:16 ValidityWed, 05 Mar 2025 17:45:54 GMT - Tue, 03 Jun 2025 18:44:30 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 23812, version 1.524 Hasheb586e5a1b86dbf1c866e3ed80f9d18e 280ee78d19c017ab9335f769595e5157d3c4a343 714e70103deac0d67f52a6285c5fabee6088ce4d710ce7e74353503837038baf
GET /theme_2/fonts/avertastd-regular-webfont.woff2 HTTP/1.1
Host: i.doodcdn.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Referer: https://i.doodcdn.io/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 27 Apr 2025 18:57:29 GMT
content-type: font/woff2
content-length: 23812
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
cache-control: max-age=2592000
expires: Tue, 27 May 2025 02:25:19 GMT
vary: User-Agent,Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 46211
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K1jPwrcMVWsI1POnUKP%2BQeZaGXWND223ExqqbKVMHsstzHcYDTjdrXVDap5HGW%2BVZtZiTocyjjvOnyZGBXmBm%2BrvXAHGTWIpcrLvqNmCv94ZkEmgql3mEtHIOEJOjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 93708bbebe84e4e6-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20688&min_rtt=18732&rtt_var=8421&sent=22&recv=7&lost=0&retrans=0&sent_bytes=16085&recv_bytes=1515&delivery_rate=34271&cwnd=12000&unsent_bytes=0&cid=3e14016d87eaa802&ts=53&x=1", cfExtPri, cfHdrFlush;dur=16
|
|
| undefined/MHFwV3BRExM6T1FMEnEFQh1NckJ2VEIRFAEXQGIGQkIDPQNFCEd5E1weBTMWQh4eI15eFARyQnYgJwE6XD81OEZgIAQEFGNBRxYhXAsSOipoMDg7VQI3OT8UYj03BkJzFj0jPl4GNwAJVFRCET9yKxIdM1wHOh86FUM2GhhfPSYFRUQQGWZCezUYZzVlRQUNN3o1JxQDAz8mMCN8CxMvJ3EnAxg0aTkzD0UVQzYdB2E7Oi0pXzU2MB1/ORQPE15IQw4bcTYVOTVcNTY4BX4YJQA1aBkABzJ1IxUQHFonIidGVjY1OTVoGQAdIUgQFhBBAyceDQZRQzkzMV5ESA4jHRIiMjdbFjUvNgU2NxkncTYiJxUAMDcyGgRCMjtIXBc3FhpyHwA4KVwkNjIdWEImICFDPDMWMWUYJT8UARUJMkJAHCMgIkM9N24lFhsDOB5ATDERRVs5HjYkBEk4FRJR | 0.0.0.0 | | 0 B |
URL GET undefined/MHFwV3BRExM6T1FMEnEFQh1NckJ2VEIRFAEXQGIGQkIDPQNFCEd5E1weBTMWQh4eI15eFARyQnYgJwE6XD81OEZgIAQEFGNBRxYhXAsSOipoMDg7VQI3OT8UYj03BkJzFj0jPl4GNwAJVFRCET9yKxIdM1wHOh86FUM2GhhfPSYFRUQQGWZCezUYZzVlRQUNN3o1JxQDAz8mMCN8CxMvJ3EnAxg0aTkzD0UVQzYdB2E7Oi0pXzU2MB1/ORQPE15IQw4bcTYVOTVcNTY4BX4YJQA1aBkABzJ1IxUQHFonIidGVjY1OTVoGQAdIUgQFhBBAyceDQZRQzkzMV5ESA4jHRIiMjdbFjUvNgU2NxkncTYiJxUAMDcyGgRCMjtIXBc3FhpyHwA4KVwkNjIdWEImICFDPDMWMWUYJT8UARUJMkJAHCMgIkM9N24lFhsDOB5ATDERRVs5HjYkBEk4FRJR IP 0.0.0.0:0
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /MHFwV3BRExM6T1FMEnEFQh1NckJ2VEIRFAEXQGIGQkIDPQNFCEd5E1weBTMWQh4eI15eFARyQnYgJwE6XD81OEZgIAQEFGNBRxYhXAsSOipoMDg7VQI3OT8UYj03BkJzFj0jPl4GNwAJVFRCET9yKxIdM1wHOh86FUM2GhhfPSYFRUQQGWZCezUYZzVlRQUNN3o1JxQDAz8mMCN8CxMvJ3EnAxg0aTkzD0UVQzYdB2E7Oi0pXzU2MB1/ORQPE15IQw4bcTYVOTVcNTY4BX4YJQA1aBkABzJ1IxUQHFonIidGVjY1OTVoGQAdIUgQFhBBAyceDQZRQzkzMV5ESA4jHRIiMjdbFjUvNgU2NxkncTYiJxUAMDcyGgRCMjtIXBc3FhpyHwA4KVwkNjIdWEImICFDPDMWMWUYJT8UARUJMkJAHCMgIkM9N24lFhsDOB5ATDERRVs5HjYkBEk4FRJR HTTP/1.1
Host: undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube | 74.125.131.84 | 302 Found | 0 B |
URL GET accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube IP 74.125.131.84:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerGoogle Trust Services Subjectaccounts.google.com Fingerprint52:D3:F7:7E:94:6F:70:55:50:A6:EA:38:4B:15:DF:91:54:96:59:82 ValidityMon, 31 Mar 2025 08:56:30 GMT - Mon, 23 Jun 2025 08:56:29 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:RIe42_j_EX7Sb10Zp80fhZNonvlfXA:8LZYXlzIeHDEhOn8; Expires=Tue, 27-Apr-2027 18:57:30 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 27 Apr 2025 18:57:30 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKV5MiSRA__thTzlJodsHYXSVceuBn__VTUPSrL7XLrCt6VXG2vxKf2Uw-jzYmNd4bkZUBqsxARGw
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: unsafe-none
content-security-policy: script-src 'nonce-HV6QIzI92-pfrkGLj2UE0A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| faqirsgoliard.top/r67c0fc81985e5/70849 | 23.109.170.48 | 200 OK | 62 kB |
URL GET faqirsgoliard.top/r67c0fc81985e5/70849 IP 23.109.170.48:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerZeroSSL Subjectfaqirsgoliard.top FingerprintB0:1A:95:1C:A4:EC:21:32:46:5F:3B:18:FB:97:AB:03:1C:C0:54:05 ValidityThu, 27 Feb 2025 00:00:00 GMT - Wed, 28 May 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (61456), with no line terminators Hash0207a1c47ba656c962f9827e9aa0d646 9e6037679f4891099ddd4f432a727bd241eeb855 76fb32ad18ea15d4974e9bfa7ccefa9eb82a383ad33b012caa9b031b8b388f29
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /r67c0fc81985e5/70849 HTTP/1.1
Host: faqirsgoliard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Apr 2025 18:57:29 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://do7go.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; expires=Mon, 28-Apr-2025 18:57:29 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Mon, 28-Apr-2025 18:57:29 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| i.doodcdn.io/theme_2/css/bootstrap.min.css | 104.26.14.102 | 200 OK | 160 kB |
URL GET i.doodcdn.io/theme_2/css/bootstrap.min.css IP 104.26.14.102:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerGoogle Trust Services Subjectdoodcdn.io Fingerprint55:EE:8C:FC:C3:6E:6C:90:2B:D0:6B:34:0E:02:CA:FA:E1:1A:08:16 ValidityWed, 05 Mar 2025 17:45:54 GMT - Tue, 03 Jun 2025 18:44:30 GMT
File typeASCII text, with very long lines (65324) Size160 kB (159515 bytes) Hash7cc40c199d128af6b01e74a28c5900b0 d305110fb79113a961394b433d851a3410342b8c 2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6
GET /theme_2/css/bootstrap.min.css HTTP/1.1
Host: i.doodcdn.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:29 GMT
content-type: text/css
content-length: 23688
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
cache-control: public, max-age=2592000
expires: Sun, 26 Apr 2026 10:47:41 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 81281
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V4vKpAlf7M%2Bsf79DQ9ggNSWNXkjcwIjgDClZk8JIUL2BXVz%2Bvr2lMhzXz8zkQQCW2jC77e%2BSeptLgjiu9w%2F9o04G2ZQM%2Bqd6lQcu9e%2BQ3dFw4ARjzrGL89ELhfP%2FOA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 93708bbd9bbce4d3-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16694&min_rtt=15492&rtt_var=4532&sent=43&recv=11&lost=0&retrans=0&sent_bytes=48978&recv_bytes=1365&delivery_rate=280258&cwnd=252&unsent_bytes=0&cid=021428768d8acaad&ts=58&x=0"
X-Firefox-Spdy: h2
|
|
| i.doodcdn.io/theme_2/fonts/avertastd-black-webfont.woff2 | 104.26.14.102 | 200 OK | 23 kB |
URL GET i.doodcdn.io/theme_2/fonts/avertastd-black-webfont.woff2 IP 104.26.14.102:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerGoogle Trust Services Subjectdoodcdn.io Fingerprint55:EE:8C:FC:C3:6E:6C:90:2B:D0:6B:34:0E:02:CA:FA:E1:1A:08:16 ValidityWed, 05 Mar 2025 17:45:54 GMT - Tue, 03 Jun 2025 18:44:30 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 22820, version 1.0 Hash1e976387cb594982692bdbdffde86f91 9546836a7d80c17d85cdd37a9553852f00af031b 4dc982a61a00481f4c9545f9f2da64098428b4aec96838de3c194fa82373ce1d
GET /theme_2/fonts/avertastd-black-webfont.woff2 HTTP/1.1
Host: i.doodcdn.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Referer: https://i.doodcdn.io/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 27 Apr 2025 18:57:29 GMT
content-type: font/woff2
content-length: 22820
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
cache-control: max-age=2592000
expires: Mon, 26 May 2025 15:13:00 GMT
vary: User-Agent,Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 22425
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2tiwMmYHCz48HJyJ0z7aL9ApFQRaowhZCYgclpw1oJoZvHHg5NdiOIcZg%2FgSSbwY%2FeBd46XdqmzzyUbCDIEOau0GbOQ43AxTUBlUHfaKsnfrsWLNEyQZFq3k3zYzhA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 93708bbebe7ee4e6-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20968&min_rtt=20968&rtt_var=10484&sent=11&recv=6&lost=0&retrans=0&sent_bytes=4085&recv_bytes=1470&delivery_rate=150952&cwnd=12000&unsent_bytes=0&cid=3e14016d87eaa802&ts=50&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKV5MiSRA__thTzlJodsHYXSVceuBn__VTUPSrL7XLrCt6VXG2vxKf2Uw-jzYmNd4bkZUBqsxARGw | 74.125.131.84 | 302 Found | 0 B |
URL GET accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKV5MiSRA__thTzlJodsHYXSVceuBn__VTUPSrL7XLrCt6VXG2vxKf2Uw-jzYmNd4bkZUBqsxARGw IP 74.125.131.84:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerGoogle Trust Services Subject*.google.com Fingerprint67:52:2F:AB:93:DE:39:DA:94:50:11:AE:8B:37:CB:88:8F:DC:56:7D ValidityMon, 31 Mar 2025 08:54:37 GMT - Mon, 23 Jun 2025 08:54:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKV5MiSRA__thTzlJodsHYXSVceuBn__VTUPSrL7XLrCt6VXG2vxKf2Uw-jzYmNd4bkZUBqsxARGw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://do7go.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:TPi5RUX16f471TsxLqQpgFSka4xMDw:csUzg6yBLGKvCzK-;Path=/;Expires=Tue, 27-Apr-2027 18:57:34 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 27 Apr 2025 18:57:34 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKV5Mj6RXJoJL4XljvwR5mxzpM6vpbvhMLw3DydRUWLpHsOnaCXQdiTHefH9T4lbniqOuO-LNICCw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-197298584%3A1745780254891405
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-O1Y42gPKP3qRfbjgxzQS3g' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 418
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKV5Mj9R1MANKHWrjKK9B_dFEYO12NYXq34CQVcf12KS8ELn0Fp5JZ9OHnvuz6S5ZokzYYRxLjLlg | 74.125.131.84 | 302 Found | 0 B |
URL GET accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKV5Mj9R1MANKHWrjKK9B_dFEYO12NYXq34CQVcf12KS8ELn0Fp5JZ9OHnvuz6S5ZokzYYRxLjLlg IP 74.125.131.84:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerGoogle Trust Services Subject*.google.com Fingerprint67:52:2F:AB:93:DE:39:DA:94:50:11:AE:8B:37:CB:88:8F:DC:56:7D ValidityMon, 31 Mar 2025 08:54:37 GMT - Mon, 23 Jun 2025 08:54:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKV5Mj9R1MANKHWrjKK9B_dFEYO12NYXq34CQVcf12KS8ELn0Fp5JZ9OHnvuz6S5ZokzYYRxLjLlg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://do7go.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:PlT6WQRAzvtw75totMtfIJORbkVdXw:SSYRHJQU1kVTVvat;Path=/;Expires=Tue, 27-Apr-2027 18:57:31 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 27 Apr 2025 18:57:31 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKV5MhjHpENpzdAtmfXi6dTXHO0Llmsr3ReaISv9sx0m_7W0Fm0NI0qFqtZNAUuiais9SEVshEh&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1140263498%3A1745780251260366
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-l3s07KdHb2yZ5KzN_JM5_Q' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 414
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| td8lfvmrsb51.n4.adsco.re/ | 38.132.109.126 | 200 OK | 0 B |
URL POST td8lfvmrsb51.n4.adsco.re/ IP 38.132.109.126:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerLet's Encrypt Subject*.n4.adsco.re FingerprintEB:C6:B8:97:D3:9D:38:6F:22:4B:ED:17:B4:B6:9C:E0:30:A8:06:1E ValiditySat, 19 Apr 2025 09:14:20 GMT - Fri, 18 Jul 2025 09:14:19 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: td8lfvmrsb51.n4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:32 GMT
content-type: text/html
content-length: 0
last-modified: Fri, 16 Jun 2023 08:37:42 GMT
etag: "648c1f56-0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| tomlldahehun.org/multi?cs=UGExYkJlVAdVe2ZYAVF0Z1MDWnc&abt=0&red=1&sm=76&k=&v=1.0.60.4&sts=0&prn=0&emb=0&tid=901258&rxy=1280_1024&u=1866075796599521&agec=1745780250&fs=1&ref=https%3A%2F%2Fdo7go.com%2Fe%2Fhttps%2Fdoodstream.com%2Fd%2F8rsoqn6rsiiy&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A134.0)%20gecko%2F20100101%20firefox%2F134.0&tzd=0&uloc=&if=0&_NJX8=1745780251934&crc=1 | 54.240.174.89 | 200 OK | 15 B |
URL GET tomlldahehun.org/multi?cs=UGExYkJlVAdVe2ZYAVF0Z1MDWnc&abt=0&red=1&sm=76&k=&v=1.0.60.4&sts=0&prn=0&emb=0&tid=901258&rxy=1280_1024&u=1866075796599521&agec=1745780250&fs=1&ref=https%3A%2F%2Fdo7go.com%2Fe%2Fhttps%2Fdoodstream.com%2Fd%2F8rsoqn6rsiiy&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A134.0)%20gecko%2F20100101%20firefox%2F134.0&tzd=0&uloc=&if=0&_NJX8=1745780251934&crc=1 IP 54.240.174.89:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerAmazon Subjecttomlldahehun.org Fingerprint6B:F0:7B:63:2B:19:E1:74:83:15:1A:BF:1B:B4:E6:71:68:14:57:3D ValiditySun, 06 Apr 2025 00:00:00 GMT - Tue, 05 May 2026 23:59:59 GMT
File typeASCII text, with no line terminators Hashd39207bea620cffa8e65d3b12e8f1547 220ebce5a61ee5d771133e1cd20c469443ccfd76 f058a19c34ccdfbb47e68ba58b254ffa5d774fdaeeaa0b1fb9f19d3c055c0a21
GET /multi?cs=UGExYkJlVAdVe2ZYAVF0Z1MDWnc&abt=0&red=1&sm=76&k=&v=1.0.60.4&sts=0&prn=0&emb=0&tid=901258&rxy=1280_1024&u=1866075796599521&agec=1745780250&fs=1&ref=https%3A%2F%2Fdo7go.com%2Fe%2Fhttps%2Fdoodstream.com%2Fd%2F8rsoqn6rsiiy&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A134.0)%20gecko%2F20100101%20firefox%2F134.0&tzd=0&uloc=&if=0&_NJX8=1745780251934&crc=1 HTTP/1.1
Host: tomlldahehun.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/plain
content-length: 41
date: Sun, 27 Apr 2025 18:57:32 GMT
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
set-cookie: AWSALB=cf4gEf3KLzz0TU/q2Fkb8hvXmqdYEvKX4+eAwf25Xf4R9oLgmo5ZfHeLk4i2+dH4H8jJlv0Zkq02PS/CxA8RUViQVXqOgcVAMJfOesbjs1IZeZH+5WZJNQLjePgw; Expires=Sun, 04 May 2025 18:57:32 GMT; Path=/
AWSALBCORS=cf4gEf3KLzz0TU/q2Fkb8hvXmqdYEvKX4+eAwf25Xf4R9oLgmo5ZfHeLk4i2+dH4H8jJlv0Zkq02PS/CxA8RUViQVXqOgcVAMJfOesbjs1IZeZH+5WZJNQLjePgw; Expires=Sun, 04 May 2025 18:57:32 GMT; Path=/; SameSite=None
csu=b21d5de8-2aab-47c5-87b2-387e459c726b
csu=1866075796599521
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://do7go.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: BJtPMketm5HTQvcFPVmlyY7VQiUM9HGvIKrgX6cbpwvoAOpgb5jA2Q==
X-Firefox-Spdy: h2
|
|
| cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js | 104.17.25.14 | 200 OK | 88 kB |
URL GET cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js IP 104.17.25.14:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerGoogle Trust Services Subjectcdnjs.cloudflare.com Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hash220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:29 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 93708bbcea39712a-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 272081
expires: Fri, 17 Apr 2026 18:57:29 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bOiMiOp%2BO%2BkH1Lst7PW0klQUQ8vzIIVy9T%2B0MkR2wxX%2Ba8ARTksdwmIlrvVYMcBO%2B%2FGjcA%2Bb5%2Fw3vVf%2FR%2FnpxuYqLIhOjCvrMKS2KIo4dJ7uXQAl4XvtWOH7TLyFHKkh4Mp1VLcP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ukankingwithea.com/ | 104.21.112.1 | 200 OK | 26 B |
IP 104.21.112.1:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerGoogle Trust Services Subjectukankingwithea.com Fingerprint02:7E:37:44:90:B9:05:B4:82:CD:5A:71:84:A1:C8:84:66:33:BC:78 ValiditySat, 01 Mar 2025 13:28:14 GMT - Fri, 30 May 2025 14:26:54 GMT
File typeASCII text, with no line terminators Hash9a2de31ed2c59c43bf6896e2f76bb73a 12ad4c454f10f9c83202817d9c20db8b26d3945c 076a934b2fc1ff22e743938abbcda6655b9e0475443453c92f60452aa5d1f828
GET / HTTP/1.1
Host: ukankingwithea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://do7go.com/
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:30 GMT
content-type: text/plain
server: cloudflare
access-control-allow-origin: https://do7go.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
content-encoding: br
set-cookie: csu=627140339902384@1@1745780250; SameSite=None; Secure; Max-Age=31104000
cf-ray: 93708bc4986edef8-AMS
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ukankingwithea.com/asd100.bin | 104.21.112.1 | 404 Not Found | 561 B |
URL GET ukankingwithea.com/asd100.bin IP 104.21.112.1:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerGoogle Trust Services Subjectukankingwithea.com Fingerprint02:7E:37:44:90:B9:05:B4:82:CD:5A:71:84:A1:C8:84:66:33:BC:78 ValiditySat, 01 Mar 2025 13:28:14 GMT - Fri, 30 May 2025 14:26:54 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash9f3fb0948a012f975250df83e4adec47 09fda5065170e45e4847b550cc5a232aecc76bb8 d3dae34448fafbf40e6fef9a015397d39003ce732cbb59cd37e027bed55a7bed
GET /asd100.bin HTTP/1.1
Host: ukankingwithea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://do7go.com/
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
date: Sun, 27 Apr 2025 18:57:30 GMT
content-type: text/html
server: cloudflare
cache-control: max-age=14400
cf-cache-status: HIT
age: 90
content-encoding: br
cf-ray: 93708bc4a8a7def8-AMS
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ukankingwithea.com/ | 104.21.112.1 | 200 OK | 27 B |
IP 104.21.112.1:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerGoogle Trust Services Subjectukankingwithea.com Fingerprint02:7E:37:44:90:B9:05:B4:82:CD:5A:71:84:A1:C8:84:66:33:BC:78 ValiditySat, 01 Mar 2025 13:28:14 GMT - Fri, 30 May 2025 14:26:54 GMT
File typeASCII text, with no line terminators Hashfe6d08a0d9334ce4a45f84d1cdd45a86 cd17fcefd53fb4ecc3c1686377f3ae7db13002ba be4b4428a28f046162407eb8a954f8c38cfc18b16f31481b41f768fd49bc6357
GET / HTTP/1.1
Host: ukankingwithea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://do7go.com/
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:30 GMT
content-type: text/plain
server: cloudflare
access-control-allow-origin: https://do7go.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
content-encoding: br
set-cookie: csu=1866075796599521@1@1745780250; SameSite=None; Secure; Max-Age=31104000
cf-ray: 93708bc4a89adef8-AMS
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| blockadsnot.com/dpiiuqmkzhvkzulghe?iVZtaAcw=BQOCAAAAAAAACZUAAka9MwmalI4UX88tQ_EgzdCTpF25w8XfWRT9ffZ4NcEE_BsefjC6cq9frKCyscD4el_vNR53tiwV2z_SXEMUgawRxPiy_SlaAFAgtz4jnYCkc2BC6UbDENaRAqZG5NkEPHcTKV76oQ96HoJqyNbrNYc8J9h9x-dFDcwKW0NhP0lKxlvQ7vNG_JxtkF_T-10Fs8ZpLqLIDUtWTRKhKztzeDpNzHx9P1Iop-357J7yZ5-6ce2NpQ4Wv6lpnDn6nSXyka1_AV7-pzQNplEj5l13JkWt5hWKbqmAYrrKHfweIcrIjl2jJDRMuz7M_EHb9AuJLNjkCGKJt5t8W6CLJ5Jb5UYSEsRw1mGmPJXiclxCwGnx4EKxgSiP0lMf7G-nYcqrb-pLttaa-JWsG4knb0yyaEFm2i3PqBwp5y2pBppCAOSAtqm15VJHmtFAV-TXV5HCHgPHx1mnfm9qcSdRoRtNE_XCU3DsWEnQ0WWMZZpplfbDQd522NVX38R61FJHdHhR05L4XtiHem5wph6_vgZ67nkElS78c3yjX7wVml4isi0kv_GF5NbfSmcsyjj3ghn-8Q1KGah-RxqSbmB1BbE1pbokh9q8qsb9dtsbyRkyxy1IHpQz4ncELTQjWF4WKF4xRnbdnbUlEjbMaaJKKCyE5KXeO2EtHO0HyfkIPZzCGTcsgqnOxMMvINyBU0zNrHeuc1AwdzqNQLLuFNRJMTbfGZjb0QNcuNkKgLtkuKRf_xMdRmnzUNF84DM9GG_FexNWvLib3NKr2qVxM9NZqsgR89iD22PGDDb8If15T4ZxaISyZl_SMFL0dShrSSvrDYYUovFUZh8_SWE_q7895l-DWdoqVtZfixKRQaQmhZjygl7ZWiwrcxEShm54nSAtBj9eUgyI_bkHviKCSR6tgB7NP5WRatDSqT-MMlEF19n9OoQZLxmA2BEc57WuSrvU1GiLYHEqG_FLVWERzNPV0rCvjyCyKiB7pHRLzL2woyPgIF2IoeutHs5p8ot-v7Bzp8FVzJf3S_-9WkXhL-awWYrtEYu8ZB6HGOi1YK919L1iieebk1WCwNt7Xagl57XTbpf9BaUUvq0dPy4pnvnEw6KPhSWHFp0Rr9v768l1-rnybs41v1QixgxpZYqcCZvxwsoDIxHkwFj4gOaE3zhOGd0Fjaby25wJRVs6etIQqj5RRrqu&KBwflIhd=4&xzvcarwF=4091021&NsOabBlD=&KaMqwxfL=0,0&SEKUNWaJ=&UcTDaeOX=&s=1280,1024,1,1280,1024,0 | 208.95.112.254 | 200 OK | 44 B |
URL GET blockadsnot.com/dpiiuqmkzhvkzulghe?iVZtaAcw=BQOCAAAAAAAACZUAAka9MwmalI4UX88tQ_EgzdCTpF25w8XfWRT9ffZ4NcEE_BsefjC6cq9frKCyscD4el_vNR53tiwV2z_SXEMUgawRxPiy_SlaAFAgtz4jnYCkc2BC6UbDENaRAqZG5NkEPHcTKV76oQ96HoJqyNbrNYc8J9h9x-dFDcwKW0NhP0lKxlvQ7vNG_JxtkF_T-10Fs8ZpLqLIDUtWTRKhKztzeDpNzHx9P1Iop-357J7yZ5-6ce2NpQ4Wv6lpnDn6nSXyka1_AV7-pzQNplEj5l13JkWt5hWKbqmAYrrKHfweIcrIjl2jJDRMuz7M_EHb9AuJLNjkCGKJt5t8W6CLJ5Jb5UYSEsRw1mGmPJXiclxCwGnx4EKxgSiP0lMf7G-nYcqrb-pLttaa-JWsG4knb0yyaEFm2i3PqBwp5y2pBppCAOSAtqm15VJHmtFAV-TXV5HCHgPHx1mnfm9qcSdRoRtNE_XCU3DsWEnQ0WWMZZpplfbDQd522NVX38R61FJHdHhR05L4XtiHem5wph6_vgZ67nkElS78c3yjX7wVml4isi0kv_GF5NbfSmcsyjj3ghn-8Q1KGah-RxqSbmB1BbE1pbokh9q8qsb9dtsbyRkyxy1IHpQz4ncELTQjWF4WKF4xRnbdnbUlEjbMaaJKKCyE5KXeO2EtHO0HyfkIPZzCGTcsgqnOxMMvINyBU0zNrHeuc1AwdzqNQLLuFNRJMTbfGZjb0QNcuNkKgLtkuKRf_xMdRmnzUNF84DM9GG_FexNWvLib3NKr2qVxM9NZqsgR89iD22PGDDb8If15T4ZxaISyZl_SMFL0dShrSSvrDYYUovFUZh8_SWE_q7895l-DWdoqVtZfixKRQaQmhZjygl7ZWiwrcxEShm54nSAtBj9eUgyI_bkHviKCSR6tgB7NP5WRatDSqT-MMlEF19n9OoQZLxmA2BEc57WuSrvU1GiLYHEqG_FLVWERzNPV0rCvjyCyKiB7pHRLzL2woyPgIF2IoeutHs5p8ot-v7Bzp8FVzJf3S_-9WkXhL-awWYrtEYu8ZB6HGOi1YK919L1iieebk1WCwNt7Xagl57XTbpf9BaUUvq0dPy4pnvnEw6KPhSWHFp0Rr9v768l1-rnybs41v1QixgxpZYqcCZvxwsoDIxHkwFj4gOaE3zhOGd0Fjaby25wJRVs6etIQqj5RRrqu&KBwflIhd=4&xzvcarwF=4091021&NsOabBlD=&KaMqwxfL=0,0&SEKUNWaJ=&UcTDaeOX=&s=1280,1024,1,1280,1024,0 IP 208.95.112.254:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerSectigo Limited Subjectblockadsnot.com Fingerprint1E:C1:DD:D3:65:DB:48:42:4B:E9:38:9C:2B:C9:89:AD:03:15:09:01 ValidityFri, 04 Apr 2025 00:00:00 GMT - Tue, 05 May 2026 23:59:59 GMT
File typeASCII text, with no line terminators Hashd5f0a25e4d3522d56d48ce7bc3e518fb 86794caff58f7fee6e684c2ba7195f970a8d6f4c 9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5
GET /dpiiuqmkzhvkzulghe?iVZtaAcw=BQOCAAAAAAAACZUAAka9MwmalI4UX88tQ_EgzdCTpF25w8XfWRT9ffZ4NcEE_BsefjC6cq9frKCyscD4el_vNR53tiwV2z_SXEMUgawRxPiy_SlaAFAgtz4jnYCkc2BC6UbDENaRAqZG5NkEPHcTKV76oQ96HoJqyNbrNYc8J9h9x-dFDcwKW0NhP0lKxlvQ7vNG_JxtkF_T-10Fs8ZpLqLIDUtWTRKhKztzeDpNzHx9P1Iop-357J7yZ5-6ce2NpQ4Wv6lpnDn6nSXyka1_AV7-pzQNplEj5l13JkWt5hWKbqmAYrrKHfweIcrIjl2jJDRMuz7M_EHb9AuJLNjkCGKJt5t8W6CLJ5Jb5UYSEsRw1mGmPJXiclxCwGnx4EKxgSiP0lMf7G-nYcqrb-pLttaa-JWsG4knb0yyaEFm2i3PqBwp5y2pBppCAOSAtqm15VJHmtFAV-TXV5HCHgPHx1mnfm9qcSdRoRtNE_XCU3DsWEnQ0WWMZZpplfbDQd522NVX38R61FJHdHhR05L4XtiHem5wph6_vgZ67nkElS78c3yjX7wVml4isi0kv_GF5NbfSmcsyjj3ghn-8Q1KGah-RxqSbmB1BbE1pbokh9q8qsb9dtsbyRkyxy1IHpQz4ncELTQjWF4WKF4xRnbdnbUlEjbMaaJKKCyE5KXeO2EtHO0HyfkIPZzCGTcsgqnOxMMvINyBU0zNrHeuc1AwdzqNQLLuFNRJMTbfGZjb0QNcuNkKgLtkuKRf_xMdRmnzUNF84DM9GG_FexNWvLib3NKr2qVxM9NZqsgR89iD22PGDDb8If15T4ZxaISyZl_SMFL0dShrSSvrDYYUovFUZh8_SWE_q7895l-DWdoqVtZfixKRQaQmhZjygl7ZWiwrcxEShm54nSAtBj9eUgyI_bkHviKCSR6tgB7NP5WRatDSqT-MMlEF19n9OoQZLxmA2BEc57WuSrvU1GiLYHEqG_FLVWERzNPV0rCvjyCyKiB7pHRLzL2woyPgIF2IoeutHs5p8ot-v7Bzp8FVzJf3S_-9WkXhL-awWYrtEYu8ZB6HGOi1YK919L1iieebk1WCwNt7Xagl57XTbpf9BaUUvq0dPy4pnvnEw6KPhSWHFp0Rr9v768l1-rnybs41v1QixgxpZYqcCZvxwsoDIxHkwFj4gOaE3zhOGd0Fjaby25wJRVs6etIQqj5RRrqu&KBwflIhd=4&xzvcarwF=4091021&NsOabBlD=&KaMqwxfL=0,0&SEKUNWaJ=&UcTDaeOX=&s=1280,1024,1,1280,1024,0 HTTP/1.1
Host: blockadsnot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
popads-node: wb3
access-control-allow-origin: *
popads-ec: OVL
content-type: text/javascript;charset=UTF-8
content-length: 44
date: Sun, 27 Apr 2025 18:57:33 GMT
X-Firefox-Spdy: h2
|
|
| faqirsgoliard.top/gHzOaAdOhbZ/71405 | 23.109.170.48 | 200 OK | 6 B |
URL GET faqirsgoliard.top/gHzOaAdOhbZ/71405 IP 23.109.170.48:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerZeroSSL Subjectfaqirsgoliard.top FingerprintB0:1A:95:1C:A4:EC:21:32:46:5F:3B:18:FB:97:AB:03:1C:C0:54:05 ValidityThu, 27 Feb 2025 00:00:00 GMT - Wed, 28 May 2025 23:59:59 GMT
File typeASCII text, with no line terminators Hash4fc71bf68a1d477bd1523733e34d1e90 15119105cffbe108b6cf290146ab02c9aa8517ba 74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /gHzOaAdOhbZ/71405 HTTP/1.1
Host: faqirsgoliard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Apr 2025 18:57:29 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://do7go.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; expires=Mon, 28-Apr-2025 18:57:29 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Mon, 28-Apr-2025 18:57:29 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| undefined/MnlJcXBTGyocT1NEK1cFQBV0VEJ0XHs3FAMfeUQGQEo6GwNHAH5fE14WPBUWQBYnBV5cHD1UQnQOBik+di4lKxF6OnlJEWdJKDtCVg8KJDpKG3tFFnMDDFRCdDQIICh+PnkJJl5JLj8kQR8OJTEDNgwdP3E7GDYmSBZ/EDIDTQY1OVc8CEAxaCp9AihnTDMXNEIgASIiXBoPBhR7Pi0fOEowJz43QTcfJRNDNh87P3kqLlRCcC8xIEd5EB8kMl8sPz8HYxwFMjEXSw8nIgoQL0MiF0sPIx0DCCoGBHYYMEFVAD8fCRNBNRokE2MhBEE5WgELEkJGFA9BPl8YGyATYyFkPARiSC03FAFAJRRBaAEoGERiK3srAHQ7MTMTSx4uOTVzOihDJXwhET8KUQ49NTp2QXgkGEoUKDMxfih6OwFoHiE1E1xAIjIiZwgCNT5UMQ0FVQA/EzlJcRoORERxLxxDKgAabxsDXRc5TDt8KSc4CQAyCDoBdj99Qg | 0.0.0.0 | | 0 B |
URL GET undefined/MnlJcXBTGyocT1NEK1cFQBV0VEJ0XHs3FAMfeUQGQEo6GwNHAH5fE14WPBUWQBYnBV5cHD1UQnQOBik+di4lKxF6OnlJEWdJKDtCVg8KJDpKG3tFFnMDDFRCdDQIICh+PnkJJl5JLj8kQR8OJTEDNgwdP3E7GDYmSBZ/EDIDTQY1OVc8CEAxaCp9AihnTDMXNEIgASIiXBoPBhR7Pi0fOEowJz43QTcfJRNDNh87P3kqLlRCcC8xIEd5EB8kMl8sPz8HYxwFMjEXSw8nIgoQL0MiF0sPIx0DCCoGBHYYMEFVAD8fCRNBNRokE2MhBEE5WgELEkJGFA9BPl8YGyATYyFkPARiSC03FAFAJRRBaAEoGERiK3srAHQ7MTMTSx4uOTVzOihDJXwhET8KUQ49NTp2QXgkGEoUKDMxfih6OwFoHiE1E1xAIjIiZwgCNT5UMQ0FVQA/EzlJcRoORERxLxxDKgAabxsDXRc5TDt8KSc4CQAyCDoBdj99Qg IP 0.0.0.0:0
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /MnlJcXBTGyocT1NEK1cFQBV0VEJ0XHs3FAMfeUQGQEo6GwNHAH5fE14WPBUWQBYnBV5cHD1UQnQOBik+di4lKxF6OnlJEWdJKDtCVg8KJDpKG3tFFnMDDFRCdDQIICh+PnkJJl5JLj8kQR8OJTEDNgwdP3E7GDYmSBZ/EDIDTQY1OVc8CEAxaCp9AihnTDMXNEIgASIiXBoPBhR7Pi0fOEowJz43QTcfJRNDNh87P3kqLlRCcC8xIEd5EB8kMl8sPz8HYxwFMjEXSw8nIgoQL0MiF0sPIx0DCCoGBHYYMEFVAD8fCRNBNRokE2MhBEE5WgELEkJGFA9BPl8YGyATYyFkPARiSC03FAFAJRRBaAEoGERiK3srAHQ7MTMTSx4uOTVzOihDJXwhET8KUQ49NTp2QXgkGEoUKDMxfih6OwFoHiE1E1xAIjIiZwgCNT5UMQ0FVQA/EzlJcRoORERxLxxDKgAabxsDXRc5TDt8KSc4CQAyCDoBdj99Qg HTTP/1.1
Host: undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail | 74.125.131.84 | 302 Found | 0 B |
URL GET accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail IP 74.125.131.84:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerGoogle Trust Services Subjectaccounts.google.com Fingerprint52:D3:F7:7E:94:6F:70:55:50:A6:EA:38:4B:15:DF:91:54:96:59:82 ValidityMon, 31 Mar 2025 08:56:30 GMT - Mon, 23 Jun 2025 08:56:29 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:El8XiiFFMqBVd_ygcJD8YCcuoa5GSA:J1Z-mLl7PHHEy9GX; Expires=Tue, 27-Apr-2027 18:57:30 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 27 Apr 2025 18:57:30 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKV5Mj9R1MANKHWrjKK9B_dFEYO12NYXq34CQVcf12KS8ELn0Fp5JZ9OHnvuz6S5ZokzYYRxLjLlg
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-BPmiUvLCJO0TtIVepelRaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| 6.adsco.re:2087/ | 104.17.166.186 | 200 OK | 45 B |
IP 104.17.166.186:2087
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerSectigo Limited Subject*.adsco.re Fingerprint3B:64:1C:DA:8C:64:22:01:36:0F:54:7A:99:6E:AD:26:C2:EF:59:8B ValidityMon, 23 Sep 2024 00:00:00 GMT - Mon, 29 Sep 2025 23:59:59 GMT
File typeASCII text, with no line terminators Hash5b41cb22f84f645a103acc7bfbf084ff bac3967b26d5ec4a0d09a580714e8219796816bd 709f0a0dfab9f9e074f4a4a348dcb09150838284d21e75cfb9e5ceaeeb2054bc
GET / HTTP/1.1
Host: 6.adsco.re:2087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:31 GMT
content-type: text/plain;charset=UTF-8
content-length: 45
access-control-allow-origin: https://do7go.com
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 93708bccecffb4fa-OSL
alt-svc: h3=":2087"; ma=86400
X-Firefox-Spdy: h2
|
|
| i.doodcdn.io/img/no_video_3.svg | 104.26.14.102 | 200 OK | 2.8 kB |
URL GET i.doodcdn.io/img/no_video_3.svg IP 104.26.14.102:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerGoogle Trust Services Subjectdoodcdn.io Fingerprint55:EE:8C:FC:C3:6E:6C:90:2B:D0:6B:34:0E:02:CA:FA:E1:1A:08:16 ValidityWed, 05 Mar 2025 17:45:54 GMT - Tue, 03 Jun 2025 18:44:30 GMT
File typeSVG Scalable Vector Graphics image Hash077bfdaa49ae4877a42611b739ec4752 a2f9e1222b7af9abc05122411ab8902efcc08ead 70d6a17097a8c27edfaad6740e11359d9363f3f04bff1b93483e29c25609fa6c
GET /img/no_video_3.svg HTTP/1.1
Host: i.doodcdn.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:29 GMT
content-type: image/svg+xml
content-length: 2812
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
etag: "61d3187c-afc"
expires: Mon, 26 May 2025 04:06:47 GMT
cache-control: public, max-age=2592000, no-transform
access-control-allow-origin: *
cf-cache-status: HIT
age: 56532
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VLGBc2qeMyJeej6Z0J7F4pVBR%2F2qEd0gK24XcuH3sNnbZdum7Tfb7QjaYe2TlC%2BB1d1e8%2FPc4iJWCf0hEhDioNfPBLVH1HJuWSt%2Fkx4tU8GKYLaBWkM87mkWAhsayg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 93708bbd8bb1e4d3-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16694&min_rtt=15492&rtt_var=4532&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3271&recv_bytes=1365&delivery_rate=280258&cwnd=252&unsent_bytes=0&cid=021428768d8acaad&ts=56&x=0"
X-Firefox-Spdy: h2
|
|
| dindeedtheriver.com/aE45dDdHcVoHCjx+CCNSBD4PEXAqAGBHW1gUUhhEDQYAH2YFdh8AXgxzAEQGWnsBUkcBKgRGDk49TRVDHT0ERREBIF8bCk44BEUZWGAPRBlcaExJBk46SRVQVX8fBEMcIgRFAFx7DkwHWnoAQQJe | 104.21.64.1 | 204 No Content | 0 B |
URL GET dindeedtheriver.com/aE45dDdHcVoHCjx+CCNSBD4PEXAqAGBHW1gUUhhEDQYAH2YFdh8AXgxzAEQGWnsBUkcBKgRGDk49TRVDHT0ERREBIF8bCk44BEUZWGAPRBlcaExJBk46SRVQVX8fBEMcIgRFAFx7DkwHWnoAQQJe IP 104.21.64.1:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerGoogle Trust Services Subjectdindeedtheriver.com Fingerprint1A:82:F8:CF:A4:CF:0C:8B:6A:92:CA:07:15:53:38:0C:73:26:15:82 ValidityThu, 03 Apr 2025 11:42:28 GMT - Wed, 02 Jul 2025 12:40:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /aE45dDdHcVoHCjx+CCNSBD4PEXAqAGBHW1gUUhhEDQYAH2YFdh8AXgxzAEQGWnsBUkcBKgRGDk49TRVDHT0ERREBIF8bCk44BEUZWGAPRBlcaExJBk46SRVQVX8fBEMcIgRFAFx7DkwHWnoAQQJe HTTP/1.1
Host: dindeedtheriver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Sun, 27 Apr 2025 18:57:29 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 93708bc09886dfd3-AMS
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| mixscoggan.shop/gd/70849?md=eyJhIjo4MTU4LCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly9kbzdnby5jb20vZS9odHRwcy9kb29kc3RyZWFtLmNvbS9kLzhyc29xbjZyc2lpeSIsImgiOjEwMzIsImwiOiJlbi1VUyIsInQiOjAsInoiOjYxOTksImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoibHd4OHY3dTNzMHF0ZG5yIiwibyI6dHJ1ZSwibSI6MTc0NTc4MDI0OTc0NiwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyVmlkZW8lMjBub3QlMjBmb3VuZCUyMCU3QyUyMERvb2RTdHJlYW0lMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTIydGVzdCUzQTMlMjIlMkMlMjJub3QlM0EyJTIyJTJDJTIyZm91bmQlM0EyJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&fc=h7q5T8idLKWMMrmW6iTG0g&pr=1YB8DBYXc1mTRxnxJxgO3A | 212.117.186.12 | 200 OK | 669 B |
URL POST mixscoggan.shop/gd/70849?md=eyJhIjo4MTU4LCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly9kbzdnby5jb20vZS9odHRwcy9kb29kc3RyZWFtLmNvbS9kLzhyc29xbjZyc2lpeSIsImgiOjEwMzIsImwiOiJlbi1VUyIsInQiOjAsInoiOjYxOTksImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoibHd4OHY3dTNzMHF0ZG5yIiwibyI6dHJ1ZSwibSI6MTc0NTc4MDI0OTc0NiwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyVmlkZW8lMjBub3QlMjBmb3VuZCUyMCU3QyUyMERvb2RTdHJlYW0lMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTIydGVzdCUzQTMlMjIlMkMlMjJub3QlM0EyJTIyJTJDJTIyZm91bmQlM0EyJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&fc=h7q5T8idLKWMMrmW6iTG0g&pr=1YB8DBYXc1mTRxnxJxgO3A IP 212.117.186.12:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerLet's Encrypt Subjectmixscoggan.shop Fingerprint1D:16:41:59:06:67:D9:CC:1E:B5:29:75:87:D3:57:A3:8E:81:A3:ED ValidityTue, 22 Apr 2025 04:09:34 GMT - Mon, 21 Jul 2025 04:09:33 GMT
Hashb9eb371a1487329ce37098067c24a4dd 3f034fc643a015fffe99c5c804a546aba538d51b ec2a8c50c1e1247de9d233123e84feae2e93b3cbd54bee12c071da59c92525d1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /gd/70849?md=eyJhIjo4MTU4LCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly9kbzdnby5jb20vZS9odHRwcy9kb29kc3RyZWFtLmNvbS9kLzhyc29xbjZyc2lpeSIsImgiOjEwMzIsImwiOiJlbi1VUyIsInQiOjAsInoiOjYxOTksImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoibHd4OHY3dTNzMHF0ZG5yIiwibyI6dHJ1ZSwibSI6MTc0NTc4MDI0OTc0NiwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyVmlkZW8lMjBub3QlMjBmb3VuZCUyMCU3QyUyMERvb2RTdHJlYW0lMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTIydGVzdCUzQTMlMjIlMkMlMjJub3QlM0EyJTIyJTJDJTIyZm91bmQlM0EyJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&fc=h7q5T8idLKWMMrmW6iTG0g&pr=1YB8DBYXc1mTRxnxJxgO3A HTTP/1.1
Host: mixscoggan.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://do7go.com/
Content-Type: application/json
Content-Length: 82
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Apr 2025 18:57:30 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://do7go.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; expires=Mon, 28-Apr-2025 18:57:30 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Mon, 28-Apr-2025 18:57:30 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKV5MhjHpENpzdAtmfXi6dTXHO0Llmsr3ReaISv9sx0m_7W0Fm0NI0qFqtZNAUuiais9SEVshEh&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1140263498%3A1745780251260366 | 74.125.131.84 | 403 Forbidden | 0 B |
URL GET accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKV5MhjHpENpzdAtmfXi6dTXHO0Llmsr3ReaISv9sx0m_7W0Fm0NI0qFqtZNAUuiais9SEVshEh&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1140263498%3A1745780251260366 IP 74.125.131.84:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerGoogle Trust Services Subject*.google.com Fingerprint67:52:2F:AB:93:DE:39:DA:94:50:11:AE:8B:37:CB:88:8F:DC:56:7D ValidityMon, 31 Mar 2025 08:54:37 GMT - Mon, 23 Jun 2025 08:54:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKV5MhjHpENpzdAtmfXi6dTXHO0Llmsr3ReaISv9sx0m_7W0Fm0NI0qFqtZNAUuiais9SEVshEh&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1140263498%3A1745780251260366 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://do7go.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 27 Apr 2025 18:57:31 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-WATA0SIfgPtX_YJ58BiAKw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.google.com/tools/feedback/help_api.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/feedback/js/ghelp/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.E_-11t052Go.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| 4.adsco.re/ | 0.0.0.0 | | 0 B |
IP 0.0.0.0:0
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| 4.adsco.re:2087/ | 0.0.0.0 | | 0 B |
IP 0.0.0.0:0
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 4.adsco.re:2087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
|
|
| d1f05vr3sjsuy7.cloudfront.net/?srvfd=908056 | 3.164.60.156 | 200 OK | 320 kB |
URL GET d1f05vr3sjsuy7.cloudfront.net/?srvfd=908056 IP 3.164.60.156:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerAmazon Subject*.cloudfront.net Fingerprint28:D3:87:79:3C:E8:8B:3C:D9:10:45:E5:F7:64:7A:6D:44:4E:5A:62 ValidityTue, 30 Jul 2024 00:00:00 GMT - Thu, 03 Jul 2025 23:59:59 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (38488) Size320 kB (320388 bytes) Hash648f7fae09d8e8b907248f897ffdd46f 2f113a63b8014c4bee06b8b80f71f65ce741417f 30a629af10c187d7a92b92e8a8970e38575063fa8183941bdc1b28326bfbd078
GET /?srvfd=908056 HTTP/1.1
Host: d1f05vr3sjsuy7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 106759
date: Sun, 27 Apr 2025 18:57:29 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 c06aa2ede3260638d08a4102b786cdfc.cloudfront.net (CloudFront)
x-amz-cf-pop: HEL51-P4
x-amz-cf-id: E7UqTgP5WfBjB8_tChkrtQXhJ0ZeT3eLctE-2AECnC5QpD6h7GGP3A==
X-Firefox-Spdy: h2
|
|
| do7go.com/favicon.ico | 104.26.8.147 | 200 OK | 15 kB |
IP 104.26.8.147:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerGoogle Trust Services Subjectdo7go.com Fingerprint62:14:72:A9:A1:C9:E5:FE:80:F8:A6:E1:89:21:66:B4:38:8B:DF:5B ValidityThu, 20 Mar 2025 08:57:50 GMT - Wed, 18 Jun 2025 09:56:23 GMT
File typeMS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel Hash30d3656f43c817e38c3e7d70b2bfbdad 1aa43b43755e7cba5e145d0978517f7bedad7da6 a558a4796f60f07743027eec96b538b2e7758cca8c544ed796ff745837478555
GET /favicon.ico HTTP/1.1
Host: do7go.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Cookie: lang=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 27 Apr 2025 18:57:30 GMT
content-type: image/x-icon
content-length: 15406
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
etag: "61d3187c-3c2e"
expires: Fri, 16 May 2025 13:23:15 GMT
cache-control: public, max-age=2592000, no-transform
access-control-allow-origin: *
cf-cache-status: HIT
age: 970380
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RM%2FzywYNHuyf%2FAUKNi4C5Z%2BrVB1Ivfc3%2B02%2FGrkVuob%2B0fbMkRkP0fEiGf8SSgsEnOg16CcNLyQrtEK32WFSQ4vZNh9yWpH0dlLAxtVcb6f2G9qupL%2Blc%2Br7ng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 93708bc41963e4cf-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=18083&min_rtt=16332&rtt_var=7375&sent=11&recv=6&lost=0&retrans=0&sent_bytes=4086&recv_bytes=1130&delivery_rate=39308&cwnd=12000&unsent_bytes=0&cid=fae121dad78e7dfb&ts=1470&x=1", cfExtPri, cfHdrFlush;dur=0
|
|
| dindeedtheriver.com/b1JtQnlAbQ4xRCJgGRg2KQclFUsqGTQ1PwwzGnMULQQVMzoCC0s2EAtvVHJBX2dbZAkGNlBzXxwmDDYMHG9cZBABNAJ/XxlvXGxKW3xedFdbdBh/SEkmHSMeUmNLMg0bPlBzTltnWnpJXWZUd01f | 104.21.64.1 | 204 No Content | 0 B |
URL GET dindeedtheriver.com/b1JtQnlAbQ4xRCJgGRg2KQclFUsqGTQ1PwwzGnMULQQVMzoCC0s2EAtvVHJBX2dbZAkGNlBzXxwmDDYMHG9cZBABNAJ/XxlvXGxKW3xedFdbdBh/SEkmHSMeUmNLMg0bPlBzTltnWnpJXWZUd01f IP 104.21.64.1:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerGoogle Trust Services Subjectdindeedtheriver.com Fingerprint1A:82:F8:CF:A4:CF:0C:8B:6A:92:CA:07:15:53:38:0C:73:26:15:82 ValidityThu, 03 Apr 2025 11:42:28 GMT - Wed, 02 Jul 2025 12:40:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /b1JtQnlAbQ4xRCJgGRg2KQclFUsqGTQ1PwwzGnMULQQVMzoCC0s2EAtvVHJBX2dbZAkGNlBzXxwmDDYMHG9cZBABNAJ/XxlvXGxKW3xedFdbdBh/SEkmHSMeUmNLMg0bPlBzTltnWnpJXWZUd01f HTTP/1.1
Host: dindeedtheriver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Sun, 27 Apr 2025 18:57:29 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 93708bc06812dfd3-AMS
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| c.adsco.re/#0.006184898892497959 | 104.17.167.186 | 200 OK | 79 kB |
URL GET c.adsco.re/#0.006184898892497959 IP 104.17.167.186:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerSectigo Limited Subject*.adsco.re Fingerprint3B:64:1C:DA:8C:64:22:01:36:0F:54:7A:99:6E:AD:26:C2:EF:59:8B ValidityMon, 23 Sep 2024 00:00:00 GMT - Mon, 29 Sep 2025 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (689) Hashf0e71ebb1e2c90b307c171052ca517d0 1a1950b1868c0bfb8629f6f81b81439160727a79 adbce95b9ac0da66ea3a1d707494d9c74876e1c9186c446b4b5a22d15adc1ee5
GET / HTTP/1.1
Host: c.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 27 Apr 2025 18:57:31 GMT
content-type: text/html
cache-control: public, max-age=2678400
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
permissions-policy: ch-ua=(self "https://adsco.re"),ch-ua-mobile=(self "https://adsco.re"),ch-ua-full-version=(self "https://adsco.re"),ch-ua-platform=(self "https://adsco.re"),ch-ua-platform-version=(self "https://adsco.re"),ch-ua-arch=(self "https://adsco.re"),ch-ua-model=(self "https://adsco.re"),ch-device-memory=(self "https://adsco.re"),ch-downlink=(self "https://adsco.re"),ch-ect=(self "https://adsco.re"),ch-rtt=(self "https://adsco.re"),ch-width=(self "https://adsco.re"),ch-viewport-width=(self "https://adsco.re"),ch-dpr=(self "https://adsco.re")
link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=preconnect
expires: Wed, 28 May 2025 18:57:31 GMT
etag: W/"8Oceux4skLMHwXEFLKUX0A=="
content-encoding: gzip
cf-cache-status: HIT
age: 1441809
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 93708bcca93456c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
|
|
| do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy | 104.26.8.147 | 200 OK | 2.7 kB |
URL User Request GET do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy IP 104.26.8.147:443
CertificateIssuerGoogle Trust Services Subjectdo7go.com Fingerprint62:14:72:A9:A1:C9:E5:FE:80:F8:A6:E1:89:21:66:B4:38:8B:DF:5B ValidityThu, 20 Mar 2025 08:57:50 GMT - Wed, 18 Jun 2025 09:56:23 GMT
File typeHTML document, ASCII text, with very long lines (958) Hashefc972f3599ddf1c00ad1f894e893b72 04f5a70c8d0dcb18220bfd57ca1dd16fa47bc436 5693f7ebc7be9b37e6e7398b70012aa3737c9ebb7edf738d36fa668fd4bcddfb
GET /e/https/doodstream.com/d/8rsoqn6rsiiy HTTP/1.1
Host: do7go.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:28 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sat, 26 Apr 2025 18:57:28 GMT
set-cookie: lang=1; domain=.do7go.com; path=/; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hHg9mLwFpsUS%2B0n7Jk8TfTPhopPcIuh7SNcI5tQIcSJxLAxSzvta7%2BeewkEAZhmw4Xadxe2Vc9E0wwsEGqI5TRUDRkWh2xnkIr0m%2FGi%2FfMIru7QZMpTTVw8Ghg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 93708bba4cd2a896-RIX
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=23554&min_rtt=17689&rtt_var=13785&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3195&recv_bytes=1147&delivery_rate=245437&cwnd=254&unsent_bytes=0&cid=d9721f144f835735&ts=126&x=0"
X-Firefox-Spdy: h2
|
|
| dindeedtheriver.com/N2RlTVoYWwY+Z3ggCRoJWQ8nCTd1QVcLCUAXJC9pRyohHDJBAlUIfEMNAXBjAFBXeWkRFAwpZwZcQz4uVhAQPmcGQgwjPFhZQztnBkpVY2gZUUM4ZwZCET07UFlUaypDEAlwawBQUHpiB1ZRdG8BUw | 104.21.64.1 | 204 No Content | 0 B |
URL GET dindeedtheriver.com/N2RlTVoYWwY+Z3ggCRoJWQ8nCTd1QVcLCUAXJC9pRyohHDJBAlUIfEMNAXBjAFBXeWkRFAwpZwZcQz4uVhAQPmcGQgwjPFhZQztnBkpVY2gZUUM4ZwZCET07UFlUaypDEAlwawBQUHpiB1ZRdG8BUw IP 104.21.64.1:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerGoogle Trust Services Subjectdindeedtheriver.com Fingerprint1A:82:F8:CF:A4:CF:0C:8B:6A:92:CA:07:15:53:38:0C:73:26:15:82 ValidityThu, 03 Apr 2025 11:42:28 GMT - Wed, 02 Jul 2025 12:40:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /N2RlTVoYWwY+Z3ggCRoJWQ8nCTd1QVcLCUAXJC9pRyohHDJBAlUIfEMNAXBjAFBXeWkRFAwpZwZcQz4uVhAQPmcGQgwjPFhZQztnBkpVY2gZUUM4ZwZCET07UFlUaypDEAlwawBQUHpiB1ZRdG8BUw HTTP/1.1
Host: dindeedtheriver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Sun, 27 Apr 2025 18:57:29 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 93708bc0783cdfd3-AMS
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| segarkojiri.top/cuid/?f=https%3A%2F%2Fdo7go.com | 94.242.236.135 | 200 OK | 0 B |
URL OPTIONS segarkojiri.top/cuid/?f=https%3A%2F%2Fdo7go.com IP 94.242.236.135:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerZeroSSL Subjectsegarkojiri.top FingerprintB1:D1:99:D4:6E:8F:E8:95:E2:D6:F3:32:5C:83:EB:8C:7C:23:2A:D7 ValidityTue, 22 Apr 2025 00:00:00 GMT - Mon, 21 Jul 2025 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /cuid/?f=https%3A%2F%2Fdo7go.com HTTP/1.1
Host: segarkojiri.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://do7go.com/
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Apr 2025 18:57:29 GMT
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://do7go.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| segarkojiri.top/cuid/?f=https%3A%2F%2Fdo7go.com | 94.242.236.135 | 200 OK | 32 B |
URL POST segarkojiri.top/cuid/?f=https%3A%2F%2Fdo7go.com IP 94.242.236.135:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerZeroSSL Subjectsegarkojiri.top FingerprintB1:D1:99:D4:6E:8F:E8:95:E2:D6:F3:32:5C:83:EB:8C:7C:23:2A:D7 ValidityTue, 22 Apr 2025 00:00:00 GMT - Mon, 21 Jul 2025 23:59:59 GMT
Hashf9d7afcfa1ce187978c4f93e2de6b9a7 aa22e95b21f3aff99acd66844e90bdd2e7c2e448 22e80225c32233f7ca0d0cbddd3d97985503aa8f446cf98e61123998cb1fb95d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cuid/?f=https%3A%2F%2Fdo7go.com HTTP/1.1
Host: segarkojiri.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://do7go.com/
Content-Type: application/json
Content-Length: 10
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Apr 2025 18:57:30 GMT
Content-Type: application/json
Content-Length: 32
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://do7go.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: a97fa794a0f9=675114ab542420c386d10e; expires=Sun, 08 Sep 2052 11:24:11 GMT; domain=segarkojiri.top; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| td8lfvmrsb51.s4.adsco.re/ | 185.200.116.60 | 200 OK | 0 B |
URL POST td8lfvmrsb51.s4.adsco.re/ IP 185.200.116.60:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerLet's Encrypt Subject*.s4.adsco.re FingerprintAE:BB:65:20:B5:2F:2A:DA:30:73:84:C4:DC:5F:66:67:7C:1F:84:BB ValiditySat, 19 Apr 2025 09:14:19 GMT - Fri, 18 Jul 2025 09:14:18 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: td8lfvmrsb51.s4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:32 GMT
content-type: text/html
content-length: 0
last-modified: Tue, 03 Oct 2023 13:29:59 GMT
etag: "651c1757-0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| adsco.re/p | 162.252.214.5 | 200 OK | 1.2 kB |
IP 162.252.214.5:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerSectigo Limited Subject*.adsco.re Fingerprint3B:64:1C:DA:8C:64:22:01:36:0F:54:7A:99:6E:AD:26:C2:EF:59:8B ValidityMon, 23 Sep 2024 00:00:00 GMT - Mon, 29 Sep 2025 23:59:59 GMT
File typeASCII text, with very long lines (1212), with no line terminators Hashe92b0776e0cb90b239aa3d355017f858 46a397d61efa3aec078f7276bf0531ab14590bed 483640db7c8d635785fd9a722ead31b36707724ea32a3d58f24e488d6c77fcdf
POST /p HTTP/1.1
Host: adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 2224
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 27 Apr 2025 18:57:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
AS-P-1: OK nyc123
AS-P-2: OK
AS-P-3: OK
Access-Control-Max-Age: 2592000
Cache-Control: no-transform
Accept-CH: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
Access-Control-Allow-Origin: https://do7go.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
|
|
| accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKV5Mj6RXJoJL4XljvwR5mxzpM6vpbvhMLw3DydRUWLpHsOnaCXQdiTHefH9T4lbniqOuO-LNICCw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-197298584%3A1745780254891405 | 74.125.131.84 | 403 Forbidden | 0 B |
URL GET accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKV5Mj6RXJoJL4XljvwR5mxzpM6vpbvhMLw3DydRUWLpHsOnaCXQdiTHefH9T4lbniqOuO-LNICCw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-197298584%3A1745780254891405 IP 74.125.131.84:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerGoogle Trust Services Subject*.google.com Fingerprint67:52:2F:AB:93:DE:39:DA:94:50:11:AE:8B:37:CB:88:8F:DC:56:7D ValidityMon, 31 Mar 2025 08:54:37 GMT - Mon, 23 Jun 2025 08:54:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKV5Mj6RXJoJL4XljvwR5mxzpM6vpbvhMLw3DydRUWLpHsOnaCXQdiTHefH9T4lbniqOuO-LNICCw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-197298584%3A1745780254891405 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://do7go.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 27 Apr 2025 18:57:35 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-1Fgjlb6wo0tCN0wgeBUfnQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.google.com/tools/feedback/help_api.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/feedback/js/ghelp/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.E_-11t052Go.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| i.doodcdn.io/theme_2/css/style.css | 104.26.14.102 | 200 OK | 249 kB |
URL GET i.doodcdn.io/theme_2/css/style.css IP 104.26.14.102:443
Requested byhttps://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy CertificateIssuerGoogle Trust Services Subjectdoodcdn.io Fingerprint55:EE:8C:FC:C3:6E:6C:90:2B:D0:6B:34:0E:02:CA:FA:E1:1A:08:16 ValidityWed, 05 Mar 2025 17:45:54 GMT - Tue, 03 Jun 2025 18:44:30 GMT
Size249 kB (249272 bytes) Hash59b293159a38ec92d8bd5fa4d09f8d59 7167b460de2cb4d2534163de707b0aa0e84b73cf 3f81f845eb11d647c4bd80b76d7af054203e52eab24bc359ddd5cb4f33efddd4
GET /theme_2/css/style.css HTTP/1.1
Host: i.doodcdn.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:29 GMT
content-type: text/css
content-length: 40748
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
cache-control: public, max-age=2592000
expires: Sun, 26 Apr 2026 03:36:35 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 69238
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZlJ6BZL8ZZtU5F6YLSTCKpzIgwdQdb8%2BRC9Bo%2FNTl4QHTa2bOohnz9qf2%2FY84rfH4yCmY0F9gJMMg8%2BfVTz%2FfkC%2ByruGXqIu%2FL8UnNPJIsC1dCOpG%2FNY7GFOZ5fxqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 93708bbd8bace4d3-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16694&min_rtt=15492&rtt_var=4532&sent=12&recv=11&lost=0&retrans=0&sent_bytes=6921&recv_bytes=1365&delivery_rate=280258&cwnd=252&unsent_bytes=0&cid=021428768d8acaad&ts=57&x=0"
X-Firefox-Spdy: h2
|
|