Report - do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy

Report Overview

Visited public
2025-04-27 18:58:01
Tags
URL
do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Finishing URL
do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
IP / ASN
172.67.69.111
#13335 CLOUDFLARENET
Title
Video not found | DoodStream

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
tomlldahehun.org	unknown	2025-04-03	2025-04-17	2025-04-24	820 B	1.2 kB	54.240.174.89
d1f05vr3sjsuy7.cloudfront.net	unknown	2008-04-25	2020-12-01	2025-04-16	425 B	321 kB	3.164.60.156
c.adsco.re	16577	2017-02-14	2017-11-29	2025-04-21	506 B	80 kB	104.17.167.186
td8lfvmrsb51.s4.adsco.re	unknown	2017-02-14	2025-04-27	2025-04-27	450 B	463 B	185.200.116.60
adsco.re	8541	2017-02-14	2017-04-03	2025-04-24	438 B	1.8 kB	162.252.214.5
mixscoggan.shop	unknown	unknown	2025-04-23	2025-04-23	2.8 kB	2.8 kB	212.117.186.12
td8lfvmrsb51.l4.adsco.re	unknown	2017-02-14	2025-04-27	2025-04-27	450 B	463 B	185.200.118.62
td8lfvmrsb51.n4.adsco.re	unknown	2017-02-14	2025-04-27	2025-04-27	450 B	463 B	38.132.109.126
segarkojiri.top	unknown	2025-04-22	2025-04-23	2025-04-23	1.1 kB	1.1 kB	94.242.236.135
ateyfathertold.org	unknown	2025-04-03	2025-04-27	2025-04-27	1.0 kB	4.1 kB	18.239.18.3
undefined	142677	unknown	2020-01-28	2025-04-24	2.0 kB	0 B	0.0.0.0
accounts.google.com	81	1997-09-15	2012-05-23	2025-04-23	3.7 kB	13 kB	74.125.131.84
www.blockadsnot.com	75043	2020-04-18	2020-04-18	2025-04-17	438 B	38 kB	95.173.205.15
6.adsco.re	17812	2017-02-14	2018-01-15	2025-04-23	837 B	987 B	104.17.166.186
4.adsco.re	19179	2017-02-14	2021-01-04	2025-04-21	837 B	0 B	0.0.0.0
ukankingwithea.com	unknown	2024-01-01	2024-09-05	2025-04-24	1.3 kB	1.9 kB	104.21.112.1
blockadsnot.com	32896	2020-04-18	2020-04-28	2025-04-17	1.7 kB	249 B	208.95.112.254
dindeedtheriver.com	unknown	2025-04-03	2025-04-27	2025-04-27	1.7 kB	660 B	104.21.64.1
do7go.com	unknown	2025-03-20	2025-03-23	2025-04-22	993 B	20 kB	104.26.8.147
i.doodcdn.io	unknown	2025-03-05	2025-03-05	2025-04-26	2.3 kB	464 kB	104.26.14.102
faqirsgoliard.top	unknown	2025-02-27	2025-03-03	2025-04-23	837 B	64 kB	23.109.170.48
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-04-23	439 B	89 kB	104.17.25.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-04-27 18:57:29	medium	23.109.170.48	Client IP	ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.top)
2025-04-27 18:57:29	low	23.109.170.48	Client IP	ET INFO Observed ZeroSSL SSL/TLS Certificate
2025-04-27 18:57:29	medium	23.109.170.48	Client IP	ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.top)
2025-04-27 18:57:29	low	23.109.170.48	Client IP	ET INFO Observed ZeroSSL SSL/TLS Certificate
2025-04-27 18:57:29	medium	94.242.236.135	Client IP	ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.top)
2025-04-27 18:57:29	low	94.242.236.135	Client IP	ET INFO Observed ZeroSSL SSL/TLS Certificate
2025-04-27 18:57:29	medium	94.242.236.135	Client IP	ET INFO Observed ZeroSSL Certificate for Suspicious TLD (.top)
2025-04-27 18:57:29	low	94.242.236.135	Client IP	ET INFO Observed ZeroSSL SSL/TLS Certificate
2025-04-27 18:57:31	low	Client IP	185.200.118.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-04-27 18:57:31	low	Client IP	38.132.109.186	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-04-27 18:57:31	low	Client IP	185.200.116.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-04-27 18:57:31	low	Client IP	185.200.118.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-04-27 18:57:31	low	Client IP	38.132.109.186	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-04-27 18:57:31	low	Client IP	185.200.116.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-04-27 18:57:32	low	Client IP	185.200.118.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-04-27 18:57:32	low	Client IP	38.132.109.186	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-04-27 18:57:32	low	Client IP	185.200.116.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-04-27 18:57:32	low	Client IP	185.200.118.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-04-27 18:57:32	low	Client IP	38.132.109.186	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-04-27 18:57:32	low	Client IP	185.200.116.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-04-27	medium	mixscoggan.shop	Sinkholed
2025-04-27	medium	undefined	Sinkholed
2025-04-27	medium	faqirsgoliard.top	Sinkholed
2025-04-27	medium	faqirsgoliard.top	Sinkholed
2025-04-27	medium	undefined	Sinkholed
2025-04-27	medium	mixscoggan.shop	Sinkholed
2025-04-27	medium	segarkojiri.top	Sinkholed
2025-04-27	medium	segarkojiri.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (22)

	URL	From	Size	First Seen	Last Seen
	do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy	Eval	8 B	2023-03-07	2025-06-15
Pretty URL do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy IP 104.26.8.147 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-06-15 10:22 Times Seen17384 Hash 61fa153f2827c887a48a351ae3c6cfd3 5fbd02245cf700ea94d638c8d76924ecca52d330 4c44d7c28ec0f6ca3e2624c6af1d3be324576d01ef6f6c2dc0af7e61664b8c2c Loading...

	do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy	ScriptElement	294 B	2024-01-26	2025-06-15
Pretty URL do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy IP 104.26.8.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-26 23:16 Last Seen2025-06-15 10:22 Times Seen819 Hash 9fda1724412fd3c8db9942aa6e8e3deb 539eed6112906a989e297d5d51c98af3dff08f2f 3ddb9787e2d99f63e1c8169da967fa7b50e0baebb523aae738ff38899d2eaf7c Loading...

	do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy	ScriptElement	294 B	2024-01-26	2025-06-15
Pretty URL do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy IP 104.26.8.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-26 23:16 Last Seen2025-06-15 10:22 Times Seen819 Hash 9fda1724412fd3c8db9942aa6e8e3deb 539eed6112906a989e297d5d51c98af3dff08f2f 3ddb9787e2d99f63e1c8169da967fa7b50e0baebb523aae738ff38899d2eaf7c Loading...

	do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy	Eval	8 B	2023-03-07	2025-06-15
Pretty URL do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy IP 104.26.8.147 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-06-15 10:22 Times Seen17384 Hash 61fa153f2827c887a48a351ae3c6cfd3 5fbd02245cf700ea94d638c8d76924ecca52d330 4c44d7c28ec0f6ca3e2624c6af1d3be324576d01ef6f6c2dc0af7e61664b8c2c Loading...

	do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy	Eval	8 B	2023-03-07	2025-06-15
Pretty URL do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy IP 104.26.8.147 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-06-15 10:22 Times Seen17384 Hash 61fa153f2827c887a48a351ae3c6cfd3 5fbd02245cf700ea94d638c8d76924ecca52d330 4c44d7c28ec0f6ca3e2624c6af1d3be324576d01ef6f6c2dc0af7e61664b8c2c Loading...

	do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy	ScriptElement	988 B	2025-03-05	2025-06-07
Pretty URL do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy IP 104.26.8.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-05 04:45 Last Seen2025-06-07 14:31 Times Seen18 Hash f93c7a03fdb481d9cadb77098b3b9d64 170405fd59ddb8d475afd66cf537476d5922b1b1 25d773cb936d943a8f081abc3eaeee6a0be766aa244fd019aa2c680c874fbb43 Loading...

	ateyfathertold.org/ZmYxTUUHBFIgegdbU2swFAoMaHcgQwMLIVcAAXgzFFVCJzYTHwZjJgoJRCkjFAlfOWsIA0VodyBUYyETPjBkGCkpDFo3IAwvCQB3Dl5VIHQIP3kDIiw1ZDoMVRVJAgIvD3oVNlYpWCUiNh9gew4cPF4IPC8lfzdxPCRldD0iHFYgATU3XAwdKx5hCQMXPGYANCgiWjQgISdGAhE8UlV+CFQrYilyPz50JQs1DRR/BwcMCX4JDBVGAREzV34ODxwrcikqKQxeaHcgKksmcighc30AVCwGKRIoCGt+dR8qSz4/KQx4fCYhMF0GPywRaxoTVgJfOSsFLmgIJiFLZyEID14GFBIgAVUfIR88AhhgVCRofwsRAlYfMjwxZH4ILiRaCw00V2gVKQoEdgMrPBx4Kg8yUgUuDQUna38hDQJpFy48VGMqISEzSR0BBQx8NyISP3kcETwLazUkITBJBA0OVRcnNgkIQXABESFAJgs2HAYXKhUuUz4T	ScriptElement	3.0 kB	2025-04-27	2025-04-27
Pretty URL ateyfathertold.org/ZmYxTUUHBFIgegdbU2swFAoMaHcgQwMLIVcAAXgzFFVCJzYTHwZjJgoJRCkjFAlfOWsIA0VodyBUYyETPjBkGCkpDFo3IAwvCQB3Dl5VIHQIP3kDIiw1ZDoMVRVJAgIvD3oVNlYpWCUiNh9gew4cPF4IPC8lfzdxPCRldD0iHFYgATU3XAwdKx5hCQMXPGYANCgiWjQgISdGAhE8UlV+CFQrYilyPz50JQs1DRR/BwcMCX4JDBVGAREzV34ODxwrcikqKQxeaHcgKksmcighc30AVCwGKRIoCGt+dR8qSz4/KQx4fCYhMF0GPywRaxoTVgJfOSsFLmgIJiFLZyEID14GFBIgAVUfIR88AhhgVCRofwsRAlYfMjwxZH4ILiRaCw00V2gVKQoEdgMrPBx4Kg8yUgUuDQUna38hDQJpFy48VGMqISEzSR0BBQx8NyISP3kcETwLazUkITBJBA0OVRcnNgkIQXABESFAJgs2HAYXKhUuUz4T IP 18.239.18.3 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-27 18:58 Last Seen2025-04-27 18:58 Times Seen1 Hash 261c8db0fe8ac87ebfa3f531f25a0f89 a02d8f4caaefb272cdb1cf6d6e374f8f06c71e0a 58e0109a5190a0eb5a15ffe2f81552fd6aefd0ea9f983df3076b4305897c58f0 Loading...

	d1f05vr3sjsuy7.cloudfront.net/2RlVXVUUlOjkzejI8M2h8dm1nYHNgJSUwI3sxOGIiKXs0OihgPyQ6KzZoEyICNz4ZBT9xDzgmDSQmAXMxPDFqZWMqNDkyeGAwOTZ4d3M2MSd7YXEhNSk+aj83LjswLTU1OCJzMCdoOjo/Lzk7NGB0E2J7dWNnZ30yLzszOjI1cGVlKzJwZWV0dntncHYEcG-VlMi87YWFgdRdyZ3U+Y2NwdgRwZWU3MHBkFHR1YXllbGNnZzIgJT44cHcAZ2dkdXZkZ2RgdGUxPDcjMzgtYHQTZmZxaGVxIHh3	ScriptElement	880 B	2025-04-27	2025-04-27
Pretty URL d1f05vr3sjsuy7.cloudfront.net/2RlVXVUUlOjkzejI8M2h8dm1nYHNgJSUwI3sxOGIiKXs0OihgPyQ6KzZoEyICNz4ZBT9xDzgmDSQmAXMxPDFqZWMqNDkyeGAwOTZ4d3M2MSd7YXEhNSk+aj83LjswLTU1OCJzMCdoOjo/Lzk7NGB0E2J7dWNnZ30yLzszOjI1cGVlKzJwZWV0dntncHYEcG-VlMi87YWFgdRdyZ3U+Y2NwdgRwZWU3MHBkFHR1YXllbGNnZzIgJT44cHcAZ2dkdXZkZ2RgdGUxPDcjMzgtYHQTZmZxaGVxIHh3 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-27 18:58 Last Seen2025-04-27 18:58 Times Seen1 Hash b0679b7dd96b65633cf0352acc05422e 125b752fdf871595e24d2a737ecdd23437d8553a f671db5cf3379e37485afa05ae27f68f7e31c7a089589f38ec0decc80c382b03 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js	ScriptElement	88 kB	2023-03-07	2025-06-15
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-15 10:31 Times Seen69955 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	www.blockadsnot.com/baja.min.css	ScriptElement	37 kB	2025-04-27	2025-04-30
Pretty URL www.blockadsnot.com/baja.min.css IP 95.173.205.15 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-27 18:58 Last Seen2025-04-30 08:37 Times Seen3 Hash 3b0076ccea3f823654727b9c067039bd e71f4a696f8ab21898375791ffbf73aa90aa9e49 eb14c015e99d31828d3ebb08c83b78826104bc0a0ad9476ccf32e5cab0b3844b Loading...

	faqirsgoliard.top/gHzOaAdOhbZ/71405	ScriptElement	6 B	2023-03-07	2025-06-15
Pretty URL faqirsgoliard.top/gHzOaAdOhbZ/71405 IP 23.109.170.48 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-06-15 08:47 Times Seen8593 Hash 4fc71bf68a1d477bd1523733e34d1e90 15119105cffbe108b6cf290146ab02c9aa8517ba 74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce Loading...

	do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy	Eval	34 B	2023-03-07	2025-06-15
Pretty URL do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy IP 104.26.8.147 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-06-15 10:35 Times Seen13502 Hash 442f7e0ac53b0beeffb200677ff2ffa2 7fb17f685c8a652386c7341e39138ea6f4a0e928 3db042ba8dbf234b0ba7ed8b47e5c8cb58b267af983635a41652258f1e282c0c Loading...

	do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy	Eval	8 B	2023-03-07	2025-06-15
Pretty URL do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy IP 104.26.8.147 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-06-15 10:22 Times Seen17384 Hash 61fa153f2827c887a48a351ae3c6cfd3 5fbd02245cf700ea94d638c8d76924ecca52d330 4c44d7c28ec0f6ca3e2624c6af1d3be324576d01ef6f6c2dc0af7e61664b8c2c Loading...

	blockadsnot.com/dpiiuqmkzhvkzulghe?iVZtaAcw=BQOCAAAAAAAACZUAAka9MwmalI4UX88tQ_EgzdCTpF25w8XfWRT9ffZ4NcEE_BsefjC6cq9frKCyscD4el_vNR53tiwV2z_SXEMUgawRxPiy_SlaAFAgtz4jnYCkc2BC6UbDENaRAqZG5NkEPHcTKV76oQ96HoJqyNbrNYc8J9h9x-dFDcwKW0NhP0lKxlvQ7vNG_JxtkF_T-10Fs8ZpLqLIDUtWTRKhKztzeDpNzHx9P1Iop-357J7yZ5-6ce2NpQ4Wv6lpnDn6nSXyka1_AV7-pzQNplEj5l13JkWt5hWKbqmAYrrKHfweIcrIjl2jJDRMuz7M_EHb9AuJLNjkCGKJt5t8W6CLJ5Jb5UYSEsRw1mGmPJXiclxCwGnx4EKxgSiP0lMf7G-nYcqrb-pLttaa-JWsG4knb0yyaEFm2i3PqBwp5y2pBppCAOSAtqm15VJHmtFAV-TXV5HCHgPHx1mnfm9qcSdRoRtNE_XCU3DsWEnQ0WWMZZpplfbDQd522NVX38R61FJHdHhR05L4XtiHem5wph6_vgZ67nkElS78c3yjX7wVml4isi0kv_GF5NbfSmcsyjj3ghn-8Q1KGah-RxqSbmB1BbE1pbokh9q8qsb9dtsbyRkyxy1IHpQz4ncELTQjWF4WKF4xRnbdnbUlEjbMaaJKKCyE5KXeO2EtHO0HyfkIPZzCGTcsgqnOxMMvINyBU0zNrHeuc1AwdzqNQLLuFNRJMTbfGZjb0QNcuNkKgLtkuKRf_xMdRmnzUNF84DM9GG_FexNWvLib3NKr2qVxM9NZqsgR89iD22PGDDb8If15T4ZxaISyZl_SMFL0dShrSSvrDYYUovFUZh8_SWE_q7895l-DWdoqVtZfixKRQaQmhZjygl7ZWiwrcxEShm54nSAtBj9eUgyI_bkHviKCSR6tgB7NP5WRatDSqT-MMlEF19n9OoQZLxmA2BEc57WuSrvU1GiLYHEqG_FLVWERzNPV0rCvjyCyKiB7pHRLzL2woyPgIF2IoeutHs5p8ot-v7Bzp8FVzJf3S_-9WkXhL-awWYrtEYu8ZB6HGOi1YK919L1iieebk1WCwNt7Xagl57XTbpf9BaUUvq0dPy4pnvnEw6KPhSWHFp0Rr9v768l1-rnybs41v1QixgxpZYqcCZvxwsoDIxHkwFj4gOaE3zhOGd0Fjaby25wJRVs6etIQqj5RRrqu&KBwflIhd=4&xzvcarwF=4091021&NsOabBlD=&KaMqwxfL=0,0&SEKUNWaJ=&UcTDaeOX=&s=1280,1024,1,1280,1024,0	ScriptElement	44 B	2023-03-07	2025-06-15
Pretty URL blockadsnot.com/dpiiuqmkzhvkzulghe?iVZtaAcw=BQOCAAAAAAAACZUAAka9MwmalI4UX88tQ_EgzdCTpF25w8XfWRT9ffZ4NcEE_BsefjC6cq9frKCyscD4el_vNR53tiwV2z_SXEMUgawRxPiy_SlaAFAgtz4jnYCkc2BC6UbDENaRAqZG5NkEPHcTKV76oQ96HoJqyNbrNYc8J9h9x-dFDcwKW0NhP0lKxlvQ7vNG_JxtkF_T-10Fs8ZpLqLIDUtWTRKhKztzeDpNzHx9P1Iop-357J7yZ5-6ce2NpQ4Wv6lpnDn6nSXyka1_AV7-pzQNplEj5l13JkWt5hWKbqmAYrrKHfweIcrIjl2jJDRMuz7M_EHb9AuJLNjkCGKJt5t8W6CLJ5Jb5UYSEsRw1mGmPJXiclxCwGnx4EKxgSiP0lMf7G-nYcqrb-pLttaa-JWsG4knb0yyaEFm2i3PqBwp5y2pBppCAOSAtqm15VJHmtFAV-TXV5HCHgPHx1mnfm9qcSdRoRtNE_XCU3DsWEnQ0WWMZZpplfbDQd522NVX38R61FJHdHhR05L4XtiHem5wph6_vgZ67nkElS78c3yjX7wVml4isi0kv_GF5NbfSmcsyjj3ghn-8Q1KGah-RxqSbmB1BbE1pbokh9q8qsb9dtsbyRkyxy1IHpQz4ncELTQjWF4WKF4xRnbdnbUlEjbMaaJKKCyE5KXeO2EtHO0HyfkIPZzCGTcsgqnOxMMvINyBU0zNrHeuc1AwdzqNQLLuFNRJMTbfGZjb0QNcuNkKgLtkuKRf_xMdRmnzUNF84DM9GG_FexNWvLib3NKr2qVxM9NZqsgR89iD22PGDDb8If15T4ZxaISyZl_SMFL0dShrSSvrDYYUovFUZh8_SWE_q7895l-DWdoqVtZfixKRQaQmhZjygl7ZWiwrcxEShm54nSAtBj9eUgyI_bkHviKCSR6tgB7NP5WRatDSqT-MMlEF19n9OoQZLxmA2BEc57WuSrvU1GiLYHEqG_FLVWERzNPV0rCvjyCyKiB7pHRLzL2woyPgIF2IoeutHs5p8ot-v7Bzp8FVzJf3S_-9WkXhL-awWYrtEYu8ZB6HGOi1YK919L1iieebk1WCwNt7Xagl57XTbpf9BaUUvq0dPy4pnvnEw6KPhSWHFp0Rr9v768l1-rnybs41v1QixgxpZYqcCZvxwsoDIxHkwFj4gOaE3zhOGd0Fjaby25wJRVs6etIQqj5RRrqu&KBwflIhd=4&xzvcarwF=4091021&NsOabBlD=&KaMqwxfL=0,0&SEKUNWaJ=&UcTDaeOX=&s=1280,1024,1,1280,1024,0 IP 208.95.112.254 ASN #53334 TUT-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17 Last Seen2025-06-15 10:26 Times Seen9839 Hash d5f0a25e4d3522d56d48ce7bc3e518fb 86794caff58f7fee6e684c2ba7195f970a8d6f4c 9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5 Loading...

	about:blank	JavascriptURL	5 B	2023-03-07	2025-06-15
Pretty URL about:blank IP 0.0.0.0 ASN #0 Introduced by javascriptURL Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-15 10:26 Times Seen27536 Hash 68934a3e9455fa72420237eb05902327 7cb6efb98ba5972a9b5090dc2e517fe14d12cb04 fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa Loading...

	c.adsco.re/#0.006184898892497959	ScriptElement	486 B	2023-03-07	2025-06-15
Pretty URL c.adsco.re/#0.006184898892497959 IP 104.17.167.186 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2025-06-15 10:35 Times Seen1041 Hash 77c8287be10ff4b66a8490ca4d999917 7fccb364c5e22958503bcd8b92cdb648d5c4c96e c2d43195d015b5856873b3b0c6e717ee21599ca3f03f820b7c325f27b9b6a31d Loading...

	faqirsgoliard.top/r67c0fc81985e5/70849	ScriptElement	62 kB	2025-04-27	2025-04-27
Pretty URL faqirsgoliard.top/r67c0fc81985e5/70849 IP 23.109.170.48 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-27 18:58 Last Seen2025-04-27 18:58 Times Seen1 Hash 0207a1c47ba656c962f9827e9aa0d646 9e6037679f4891099ddd4f432a727bd241eeb855 76fb32ad18ea15d4974e9bfa7ccefa9eb82a383ad33b012caa9b031b8b388f29 Loading...

	do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy	Eval	8 B	2023-03-07	2025-06-15
Pretty URL do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy IP 104.26.8.147 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-06-15 10:22 Times Seen17384 Hash 61fa153f2827c887a48a351ae3c6cfd3 5fbd02245cf700ea94d638c8d76924ecca52d330 4c44d7c28ec0f6ca3e2624c6af1d3be324576d01ef6f6c2dc0af7e61664b8c2c Loading...

	do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy	ScriptElement	294 B	2024-01-26	2025-06-15
Pretty URL do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy IP 104.26.8.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-26 23:16 Last Seen2025-06-15 10:22 Times Seen819 Hash 9fda1724412fd3c8db9942aa6e8e3deb 539eed6112906a989e297d5d51c98af3dff08f2f 3ddb9787e2d99f63e1c8169da967fa7b50e0baebb523aae738ff38899d2eaf7c Loading...

	do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy	ScriptElement	294 B	2024-01-26	2025-06-15
Pretty URL do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy IP 104.26.8.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-26 23:16 Last Seen2025-06-15 10:22 Times Seen819 Hash 9fda1724412fd3c8db9942aa6e8e3deb 539eed6112906a989e297d5d51c98af3dff08f2f 3ddb9787e2d99f63e1c8169da967fa7b50e0baebb523aae738ff38899d2eaf7c Loading...

	d1f05vr3sjsuy7.cloudfront.net/?srvfd=908056	ScriptElement	320 kB	2025-04-27	2025-04-27
Pretty URL d1f05vr3sjsuy7.cloudfront.net/?srvfd=908056 IP 3.164.60.156 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-27 18:58 Last Seen2025-04-27 18:58 Times Seen1 Hash 648f7fae09d8e8b907248f897ffdd46f 2f113a63b8014c4bee06b8b80f71f65ce741417f 30a629af10c187d7a92b92e8a8970e38575063fa8183941bdc1b28326bfbd078 Loading...

	do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy	ScriptElement	294 B	2024-01-26	2025-06-15
Pretty URL do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy IP 104.26.8.147 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-26 23:16 Last Seen2025-06-15 10:22 Times Seen819 Hash 9fda1724412fd3c8db9942aa6e8e3deb 539eed6112906a989e297d5d51c98af3dff08f2f 3ddb9787e2d99f63e1c8169da967fa7b50e0baebb523aae738ff38899d2eaf7c Loading...

HTTP Transactions (42)

URL IP Response Size

ateyfathertold.org/ZmYxTUUHBFIgegdbU2swFAoMaHcgQwMLIVcAAXgzFFVCJzYTHwZjJgoJRCkjFAlfOWsIA0VodyBUYyETPjBkGCkpDFo3IAwvCQB3Dl5VIHQIP3kDIiw1ZDoMVRVJAgIvD3oVNlYpWCUiNh9gew4cPF4IPC8lfzdxPCRldD0iHFYgATU3XAwdKx5hCQMXPGYANCgiWjQgISdGAhE8UlV+CFQrYilyPz50JQs1DRR/BwcMCX4JDBVGAREzV34ODxwrcikqKQxeaHcgKksmcighc30AVCwGKRIoCGt+dR8qSz4/KQx4fCYhMF0GPywRaxoTVgJfOSsFLmgIJiFLZyEID14GFBIgAVUfIR88AhhgVCRofwsRAlYfMjwxZH4ILiRaCw00V2gVKQoEdgMrPBx4Kg8yUgUuDQUna38hDQJpFy48VGMqISEzSR0BBQx8NyISP3kcETwLazUkITBJBA0OVRcnNgkIQXABESFAJgs2HAYXKhUuUz4T

18.239.18.3

200 OK

3.1 kB

URL GET
ateyfathertold.org/ZmYxTUUHBFIgegdbU2swFAoMaHcgQwMLIVcAAXgzFFVCJzYTHwZjJgoJRCkjFAlfOWsIA0VodyBUYyETPjBkGCkpDFo3IAwvCQB3Dl5VIHQIP3kDIiw1ZDoMVRVJAgIvD3oVNlYpWCUiNh9gew4cPF4IPC8lfzdxPCRldD0iHFYgATU3XAwdKx5hCQMXPGYANCgiWjQgISdGAhE8UlV+CFQrYilyPz50JQs1DRR/BwcMCX4JDBVGAREzV34ODxwrcikqKQxeaHcgKksmcighc30AVCwGKRIoCGt+dR8qSz4/KQx4fCYhMF0GPywRaxoTVgJfOSsFLmgIJiFLZyEID14GFBIgAVUfIR88AhhgVCRofwsRAlYfMjwxZH4ILiRaCw00V2gVKQoEdgMrPBx4Kg8yUgUuDQUna38hDQJpFy48VGMqISEzSR0BBQx8NyISP3kcETwLazUkITBJBA0OVRcnNgkIQXABESFAJgs2HAYXKhUuUz4T
IP
18.239.18.3:443
ASN
#16509 AMAZON-02

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerAmazon
Subjectateyfathertold.org
FingerprintDF:B7:7D:9B:C0:F8:BE:7C:A5:59:9D:5B:2E:AF:9D:6D:9D:78:5E:26
ValiditySun, 06 Apr 2025 00:00:00 GMT - Tue, 05 May 2026 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (3071), with no line terminators
Size
3.1 kB (3071 bytes)
Hash
f3c894e255e169c13661947739ea293e
7b43aec479970cf90ce5bfc513f625e9a61aeaa6
c80d8ca159a008dadce01d837832db24fe6c59eae4d4a57b838bb76b82b5c7d1

HTTP Headers

GET /ZmYxTUUHBFIgegdbU2swFAoMaHcgQwMLIVcAAXgzFFVCJzYTHwZjJgoJRCkjFAlfOWsIA0VodyBUYyETPjBkGCkpDFo3IAwvCQB3Dl5VIHQIP3kDIiw1ZDoMVRVJAgIvD3oVNlYpWCUiNh9gew4cPF4IPC8lfzdxPCRldD0iHFYgATU3XAwdKx5hCQMXPGYANCgiWjQgISdGAhE8UlV+CFQrYilyPz50JQs1DRR/BwcMCX4JDBVGAREzV34ODxwrcikqKQxeaHcgKksmcighc30AVCwGKRIoCGt+dR8qSz4/KQx4fCYhMF0GPywRaxoTVgJfOSsFLmgIJiFLZyEID14GFBIgAVUfIR88AhhgVCRofwsRAlYfMjwxZH4ILiRaCw00V2gVKQoEdgMrPBx4Kg8yUgUuDQUna38hDQJpFy48VGMqISEzSR0BBQx8NyISP3kcETwLazUkITBJBA0OVRcnNgkIQXABESFAJgs2HAYXKhUuUz4T HTTP/1.1
Host: ateyfathertold.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-length: 1220
date: Sun, 27 Apr 2025 18:57:29 GMT
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
set-cookie: AWSALB=vufLqi1e+T3OsIESU9d9zXo2QwkFEUsNmHbpcs1m4re/whK/Dhe6RZ44X5ZRyt0dMNUpJJ/N9mw3OEDRljSFeWHzsQIM4+NovD2i9H9RJHvK93YraBUbhh4DjhEz; Expires=Sun, 04 May 2025 18:57:29 GMT; Path=/
AWSALBCORS=vufLqi1e+T3OsIESU9d9zXo2QwkFEUsNmHbpcs1m4re/whK/Dhe6RZ44X5ZRyt0dMNUpJJ/N9mw3OEDRljSFeWHzsQIM4+NovD2i9H9RJHvK93YraBUbhh4DjhEz; Expires=Sun, 04 May 2025 18:57:29 GMT; Path=/; SameSite=None
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 c26e94322027d14813c3c25e1b340274.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P6
x-amz-cf-id: 6xt2Wz0Oi8QSRsqtS8d9pGm6Hh3khvNNij14dozheME9AGlYWQJfgw==
X-Firefox-Spdy: h2

www.blockadsnot.com/baja.min.css

95.173.205.15

200 OK

37 kB

URL GET
www.blockadsnot.com/baja.min.css
IP
95.173.205.15:443
ASN
#60068 Datacamp Limited

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerLet's Encrypt
Subject1158060716.rsc.cdn77.org
FingerprintD6:68:88:78:D5:18:B9:BC:6F:69:01:F9:29:EE:74:87:59:09:27:C6
ValidityWed, 16 Apr 2025 02:52:47 GMT - Tue, 15 Jul 2025 02:52:46 GMT

File type
JavaScript source, ASCII text, with very long lines (1568)
Size
37 kB (37174 bytes)
Hash
3b0076ccea3f823654727b9c067039bd
e71f4a696f8ab21898375791ffbf73aa90aa9e49
eb14c015e99d31828d3ebb08c83b78826104bc0a0ad9476ccf32e5cab0b3844b

HTTP Headers

GET /baja.min.css HTTP/1.1
Host: www.blockadsnot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:29 GMT
content-type: application/x-javascript
popads-node: wb9
expires: Fri, 02 May 2025 00:00:15 GMT
access-control-allow-origin: https://do7go.com
link: <https://blockadsnot.com/>;rel=preconnect
cache-control: public, max-age=604800
x-77-nzt: EwwBX63NDQH3Y60DAAwBuUwKEwH3IgAAAAwBnJIhHwG3BQAAAA
x-77-nzt-ray: 2a494a155caa32c63e7e0e68741aa429
x-77-cache: HIT
x-77-age: 240995
vary: Accept-Encoding, Origin
content-encoding: gzip
server: CDN77-Turbo
x-77-pop: osloNO
X-Firefox-Spdy: h2

mixscoggan.shop/gd/70849?md=eyJhIjo4MTU4LCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly9kbzdnby5jb20vZS9odHRwcy9kb29kc3RyZWFtLmNvbS9kLzhyc29xbjZyc2lpeSIsImgiOjEwMzIsImwiOiJlbi1VUyIsInQiOjAsInoiOjYxOTksImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoibHd4OHY3dTNzMHF0ZG5yIiwibyI6dHJ1ZSwibSI6MTc0NTc4MDI0OTc0NiwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyVmlkZW8lMjBub3QlMjBmb3VuZCUyMCU3QyUyMERvb2RTdHJlYW0lMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTIydGVzdCUzQTMlMjIlMkMlMjJub3QlM0EyJTIyJTJDJTIyZm91bmQlM0EyJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&fc=h7q5T8idLKWMMrmW6iTG0g&pr=1YB8DBYXc1mTRxnxJxgO3A

212.117.186.12

200 OK

0 B

URL OPTIONS
mixscoggan.shop/gd/70849?md=eyJhIjo4MTU4LCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly9kbzdnby5jb20vZS9odHRwcy9kb29kc3RyZWFtLmNvbS9kLzhyc29xbjZyc2lpeSIsImgiOjEwMzIsImwiOiJlbi1VUyIsInQiOjAsInoiOjYxOTksImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoibHd4OHY3dTNzMHF0ZG5yIiwibyI6dHJ1ZSwibSI6MTc0NTc4MDI0OTc0NiwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyVmlkZW8lMjBub3QlMjBmb3VuZCUyMCU3QyUyMERvb2RTdHJlYW0lMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTIydGVzdCUzQTMlMjIlMkMlMjJub3QlM0EyJTIyJTJDJTIyZm91bmQlM0EyJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&fc=h7q5T8idLKWMMrmW6iTG0g&pr=1YB8DBYXc1mTRxnxJxgO3A
IP
212.117.186.12:443
ASN
#7979 SERVERS-COM

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerLet's Encrypt
Subjectmixscoggan.shop
Fingerprint1D:16:41:59:06:67:D9:CC:1E:B5:29:75:87:D3:57:A3:8E:81:A3:ED
ValidityTue, 22 Apr 2025 04:09:34 GMT - Mon, 21 Jul 2025 04:09:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /gd/70849?md=eyJhIjo4MTU4LCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly9kbzdnby5jb20vZS9odHRwcy9kb29kc3RyZWFtLmNvbS9kLzhyc29xbjZyc2lpeSIsImgiOjEwMzIsImwiOiJlbi1VUyIsInQiOjAsInoiOjYxOTksImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoibHd4OHY3dTNzMHF0ZG5yIiwibyI6dHJ1ZSwibSI6MTc0NTc4MDI0OTc0NiwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyVmlkZW8lMjBub3QlMjBmb3VuZCUyMCU3QyUyMERvb2RTdHJlYW0lMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTIydGVzdCUzQTMlMjIlMkMlMjJub3QlM0EyJTIyJTJDJTIyZm91bmQlM0EyJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&fc=h7q5T8idLKWMMrmW6iTG0g&pr=1YB8DBYXc1mTRxnxJxgO3A HTTP/1.1
Host: mixscoggan.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://do7go.com/
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Apr 2025 18:57:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://do7go.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

6.adsco.re/

104.17.166.186

200 OK

45 B

URL GET
6.adsco.re/
IP
104.17.166.186:443
ASN
#13335 CLOUDFLARENET

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerSectigo Limited
Subject*.adsco.re
Fingerprint3B:64:1C:DA:8C:64:22:01:36:0F:54:7A:99:6E:AD:26:C2:EF:59:8B
ValidityMon, 23 Sep 2024 00:00:00 GMT - Mon, 29 Sep 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
45 B (45 bytes)
Hash
5b41cb22f84f645a103acc7bfbf084ff
bac3967b26d5ec4a0d09a580714e8219796816bd
709f0a0dfab9f9e074f4a4a348dcb09150838284d21e75cfb9e5ceaeeb2054bc

HTTP Headers

GET / HTTP/1.1
Host: 6.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:31 GMT
content-type: text/plain;charset=UTF-8
content-length: 45
access-control-allow-origin: https://do7go.com
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 93708bccdad5568e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

td8lfvmrsb51.l4.adsco.re/

185.200.118.62

200 OK

0 B

URL POST
td8lfvmrsb51.l4.adsco.re/
IP
185.200.118.62:443
ASN
#9009 M247 Europe SRL

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerLet's Encrypt
Subject*.l4.adsco.re
Fingerprint76:AD:98:EA:A8:8F:6F:6D:58:92:36:07:6D:91:B6:67:41:97:C1:4E
ValiditySat, 19 Apr 2025 09:14:33 GMT - Fri, 18 Jul 2025 09:14:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST / HTTP/1.1
Host: td8lfvmrsb51.l4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:32 GMT
content-type: text/html
content-length: 0
last-modified: Fri, 02 Jun 2023 14:03:32 GMT
etag: "6479f6b4-0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2

i.doodcdn.io/theme_2/fonts/avertastd-regular-webfont.woff2

104.26.14.102

200 OK

24 kB

URL GET
i.doodcdn.io/theme_2/fonts/avertastd-regular-webfont.woff2
IP
104.26.14.102:443
ASN
#13335 CLOUDFLARENET

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerGoogle Trust Services
Subjectdoodcdn.io
Fingerprint55:EE:8C:FC:C3:6E:6C:90:2B:D0:6B:34:0E:02:CA:FA:E1:1A:08:16
ValidityWed, 05 Mar 2025 17:45:54 GMT - Tue, 03 Jun 2025 18:44:30 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23812, version 1.524
Size
24 kB (23812 bytes)
Hash
eb586e5a1b86dbf1c866e3ed80f9d18e
280ee78d19c017ab9335f769595e5157d3c4a343
714e70103deac0d67f52a6285c5fabee6088ce4d710ce7e74353503837038baf

HTTP Headers

GET /theme_2/fonts/avertastd-regular-webfont.woff2 HTTP/1.1
Host: i.doodcdn.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Referer: https://i.doodcdn.io/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 27 Apr 2025 18:57:29 GMT
content-type: font/woff2
content-length: 23812
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
cache-control: max-age=2592000
expires: Tue, 27 May 2025 02:25:19 GMT
vary: User-Agent,Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 46211
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K1jPwrcMVWsI1POnUKP%2BQeZaGXWND223ExqqbKVMHsstzHcYDTjdrXVDap5HGW%2BVZtZiTocyjjvOnyZGBXmBm%2BrvXAHGTWIpcrLvqNmCv94ZkEmgql3mEtHIOEJOjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 93708bbebe84e4e6-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20688&min_rtt=18732&rtt_var=8421&sent=22&recv=7&lost=0&retrans=0&sent_bytes=16085&recv_bytes=1515&delivery_rate=34271&cwnd=12000&unsent_bytes=0&cid=3e14016d87eaa802&ts=53&x=1", cfExtPri, cfHdrFlush;dur=16

undefined/MHFwV3BRExM6T1FMEnEFQh1NckJ2VEIRFAEXQGIGQkIDPQNFCEd5E1weBTMWQh4eI15eFARyQnYgJwE6XD81OEZgIAQEFGNBRxYhXAsSOipoMDg7VQI3OT8UYj03BkJzFj0jPl4GNwAJVFRCET9yKxIdM1wHOh86FUM2GhhfPSYFRUQQGWZCezUYZzVlRQUNN3o1JxQDAz8mMCN8CxMvJ3EnAxg0aTkzD0UVQzYdB2E7Oi0pXzU2MB1/ORQPE15IQw4bcTYVOTVcNTY4BX4YJQA1aBkABzJ1IxUQHFonIidGVjY1OTVoGQAdIUgQFhBBAyceDQZRQzkzMV5ESA4jHRIiMjdbFjUvNgU2NxkncTYiJxUAMDcyGgRCMjtIXBc3FhpyHwA4KVwkNjIdWEImICFDPDMWMWUYJT8UARUJMkJAHCMgIkM9N24lFhsDOB5ATDERRVs5HjYkBEk4FRJR

0.0.0.0

0 B

URL GET
undefined/MHFwV3BRExM6T1FMEnEFQh1NckJ2VEIRFAEXQGIGQkIDPQNFCEd5E1weBTMWQh4eI15eFARyQnYgJwE6XD81OEZgIAQEFGNBRxYhXAsSOipoMDg7VQI3OT8UYj03BkJzFj0jPl4GNwAJVFRCET9yKxIdM1wHOh86FUM2GhhfPSYFRUQQGWZCezUYZzVlRQUNN3o1JxQDAz8mMCN8CxMvJ3EnAxg0aTkzD0UVQzYdB2E7Oi0pXzU2MB1/ORQPE15IQw4bcTYVOTVcNTY4BX4YJQA1aBkABzJ1IxUQHFonIidGVjY1OTVoGQAdIUgQFhBBAyceDQZRQzkzMV5ESA4jHRIiMjdbFjUvNgU2NxkncTYiJxUAMDcyGgRCMjtIXBc3FhpyHwA4KVwkNjIdWEImICFDPDMWMWUYJT8UARUJMkJAHCMgIkM9N24lFhsDOB5ATDERRVs5HjYkBEk4FRJR
IP
0.0.0.0:0
ASN
#0

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /MHFwV3BRExM6T1FMEnEFQh1NckJ2VEIRFAEXQGIGQkIDPQNFCEd5E1weBTMWQh4eI15eFARyQnYgJwE6XD81OEZgIAQEFGNBRxYhXAsSOipoMDg7VQI3OT8UYj03BkJzFj0jPl4GNwAJVFRCET9yKxIdM1wHOh86FUM2GhhfPSYFRUQQGWZCezUYZzVlRQUNN3o1JxQDAz8mMCN8CxMvJ3EnAxg0aTkzD0UVQzYdB2E7Oi0pXzU2MB1/ORQPE15IQw4bcTYVOTVcNTY4BX4YJQA1aBkABzJ1IxUQHFonIidGVjY1OTVoGQAdIUgQFhBBAyceDQZRQzkzMV5ESA4jHRIiMjdbFjUvNgU2NxkncTYiJxUAMDcyGgRCMjtIXBc3FhpyHwA4KVwkNjIdWEImICFDPDMWMWUYJT8UARUJMkJAHCMgIkM9N24lFhsDOB5ATDERRVs5HjYkBEk4FRJR HTTP/1.1
Host: undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

74.125.131.84

302 Found

0 B

URL GET
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerGoogle Trust Services
Subjectaccounts.google.com
Fingerprint52:D3:F7:7E:94:6F:70:55:50:A6:EA:38:4B:15:DF:91:54:96:59:82
ValidityMon, 31 Mar 2025 08:56:30 GMT - Mon, 23 Jun 2025 08:56:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:RIe42_j_EX7Sb10Zp80fhZNonvlfXA:8LZYXlzIeHDEhOn8; Expires=Tue, 27-Apr-2027 18:57:30 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 27 Apr 2025 18:57:30 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKV5MiSRA__thTzlJodsHYXSVceuBn__VTUPSrL7XLrCt6VXG2vxKf2Uw-jzYmNd4bkZUBqsxARGw
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: unsafe-none
content-security-policy: script-src 'nonce-HV6QIzI92-pfrkGLj2UE0A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

faqirsgoliard.top/r67c0fc81985e5/70849

23.109.170.48

200 OK

62 kB

URL GET
faqirsgoliard.top/r67c0fc81985e5/70849
IP
23.109.170.48:443
ASN
#7979 SERVERS-COM

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerZeroSSL
Subjectfaqirsgoliard.top
FingerprintB0:1A:95:1C:A4:EC:21:32:46:5F:3B:18:FB:97:AB:03:1C:C0:54:05
ValidityThu, 27 Feb 2025 00:00:00 GMT - Wed, 28 May 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (61456), with no line terminators
Size
62 kB (61456 bytes)
Hash
0207a1c47ba656c962f9827e9aa0d646
9e6037679f4891099ddd4f432a727bd241eeb855
76fb32ad18ea15d4974e9bfa7ccefa9eb82a383ad33b012caa9b031b8b388f29

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /r67c0fc81985e5/70849 HTTP/1.1
Host: faqirsgoliard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Apr 2025 18:57:29 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://do7go.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; expires=Mon, 28-Apr-2025 18:57:29 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Mon, 28-Apr-2025 18:57:29 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

i.doodcdn.io/theme_2/css/bootstrap.min.css

104.26.14.102

200 OK

160 kB

URL GET
i.doodcdn.io/theme_2/css/bootstrap.min.css
IP
104.26.14.102:443
ASN
#13335 CLOUDFLARENET

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerGoogle Trust Services
Subjectdoodcdn.io
Fingerprint55:EE:8C:FC:C3:6E:6C:90:2B:D0:6B:34:0E:02:CA:FA:E1:1A:08:16
ValidityWed, 05 Mar 2025 17:45:54 GMT - Tue, 03 Jun 2025 18:44:30 GMT

File type
ASCII text, with very long lines (65324)
Size
160 kB (159515 bytes)
Hash
7cc40c199d128af6b01e74a28c5900b0
d305110fb79113a961394b433d851a3410342b8c
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6

HTTP Headers

GET /theme_2/css/bootstrap.min.css HTTP/1.1
Host: i.doodcdn.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:29 GMT
content-type: text/css
content-length: 23688
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
cache-control: public, max-age=2592000
expires: Sun, 26 Apr 2026 10:47:41 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 81281
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V4vKpAlf7M%2Bsf79DQ9ggNSWNXkjcwIjgDClZk8JIUL2BXVz%2Bvr2lMhzXz8zkQQCW2jC77e%2BSeptLgjiu9w%2F9o04G2ZQM%2Bqd6lQcu9e%2BQ3dFw4ARjzrGL89ELhfP%2FOA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 93708bbd9bbce4d3-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16694&min_rtt=15492&rtt_var=4532&sent=43&recv=11&lost=0&retrans=0&sent_bytes=48978&recv_bytes=1365&delivery_rate=280258&cwnd=252&unsent_bytes=0&cid=021428768d8acaad&ts=58&x=0"
X-Firefox-Spdy: h2

i.doodcdn.io/theme_2/fonts/avertastd-black-webfont.woff2

104.26.14.102

200 OK

23 kB

URL GET
i.doodcdn.io/theme_2/fonts/avertastd-black-webfont.woff2
IP
104.26.14.102:443
ASN
#13335 CLOUDFLARENET

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerGoogle Trust Services
Subjectdoodcdn.io
Fingerprint55:EE:8C:FC:C3:6E:6C:90:2B:D0:6B:34:0E:02:CA:FA:E1:1A:08:16
ValidityWed, 05 Mar 2025 17:45:54 GMT - Tue, 03 Jun 2025 18:44:30 GMT

File type
Web Open Font Format (Version 2), TrueType, length 22820, version 1.0
Size
23 kB (22820 bytes)
Hash
1e976387cb594982692bdbdffde86f91
9546836a7d80c17d85cdd37a9553852f00af031b
4dc982a61a00481f4c9545f9f2da64098428b4aec96838de3c194fa82373ce1d

HTTP Headers

GET /theme_2/fonts/avertastd-black-webfont.woff2 HTTP/1.1
Host: i.doodcdn.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Referer: https://i.doodcdn.io/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 27 Apr 2025 18:57:29 GMT
content-type: font/woff2
content-length: 22820
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
cache-control: max-age=2592000
expires: Mon, 26 May 2025 15:13:00 GMT
vary: User-Agent,Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 22425
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2tiwMmYHCz48HJyJ0z7aL9ApFQRaowhZCYgclpw1oJoZvHHg5NdiOIcZg%2FgSSbwY%2FeBd46XdqmzzyUbCDIEOau0GbOQ43AxTUBlUHfaKsnfrsWLNEyQZFq3k3zYzhA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 93708bbebe7ee4e6-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20968&min_rtt=20968&rtt_var=10484&sent=11&recv=6&lost=0&retrans=0&sent_bytes=4085&recv_bytes=1470&delivery_rate=150952&cwnd=12000&unsent_bytes=0&cid=3e14016d87eaa802&ts=50&x=1", cfExtPri, cfHdrFlush;dur=0

accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKV5MiSRA__thTzlJodsHYXSVceuBn__VTUPSrL7XLrCt6VXG2vxKf2Uw-jzYmNd4bkZUBqsxARGw

74.125.131.84

302 Found

0 B

URL GET
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKV5MiSRA__thTzlJodsHYXSVceuBn__VTUPSrL7XLrCt6VXG2vxKf2Uw-jzYmNd4bkZUBqsxARGw
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint67:52:2F:AB:93:DE:39:DA:94:50:11:AE:8B:37:CB:88:8F:DC:56:7D
ValidityMon, 31 Mar 2025 08:54:37 GMT - Mon, 23 Jun 2025 08:54:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKV5MiSRA__thTzlJodsHYXSVceuBn__VTUPSrL7XLrCt6VXG2vxKf2Uw-jzYmNd4bkZUBqsxARGw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://do7go.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:TPi5RUX16f471TsxLqQpgFSka4xMDw:csUzg6yBLGKvCzK-;Path=/;Expires=Tue, 27-Apr-2027 18:57:34 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 27 Apr 2025 18:57:34 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKV5Mj6RXJoJL4XljvwR5mxzpM6vpbvhMLw3DydRUWLpHsOnaCXQdiTHefH9T4lbniqOuO-LNICCw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-197298584%3A1745780254891405
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-O1Y42gPKP3qRfbjgxzQS3g' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 418
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKV5Mj9R1MANKHWrjKK9B_dFEYO12NYXq34CQVcf12KS8ELn0Fp5JZ9OHnvuz6S5ZokzYYRxLjLlg

74.125.131.84

302 Found

0 B

URL GET
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKV5Mj9R1MANKHWrjKK9B_dFEYO12NYXq34CQVcf12KS8ELn0Fp5JZ9OHnvuz6S5ZokzYYRxLjLlg
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint67:52:2F:AB:93:DE:39:DA:94:50:11:AE:8B:37:CB:88:8F:DC:56:7D
ValidityMon, 31 Mar 2025 08:54:37 GMT - Mon, 23 Jun 2025 08:54:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKV5Mj9R1MANKHWrjKK9B_dFEYO12NYXq34CQVcf12KS8ELn0Fp5JZ9OHnvuz6S5ZokzYYRxLjLlg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://do7go.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:PlT6WQRAzvtw75totMtfIJORbkVdXw:SSYRHJQU1kVTVvat;Path=/;Expires=Tue, 27-Apr-2027 18:57:31 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 27 Apr 2025 18:57:31 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKV5MhjHpENpzdAtmfXi6dTXHO0Llmsr3ReaISv9sx0m_7W0Fm0NI0qFqtZNAUuiais9SEVshEh&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1140263498%3A1745780251260366
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-l3s07KdHb2yZ5KzN_JM5_Q' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 414
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

td8lfvmrsb51.n4.adsco.re/

38.132.109.126

200 OK

0 B

URL POST
td8lfvmrsb51.n4.adsco.re/
IP
38.132.109.126:443
ASN
#9009 M247 Europe SRL

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerLet's Encrypt
Subject*.n4.adsco.re
FingerprintEB:C6:B8:97:D3:9D:38:6F:22:4B:ED:17:B4:B6:9C:E0:30:A8:06:1E
ValiditySat, 19 Apr 2025 09:14:20 GMT - Fri, 18 Jul 2025 09:14:19 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST / HTTP/1.1
Host: td8lfvmrsb51.n4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:32 GMT
content-type: text/html
content-length: 0
last-modified: Fri, 16 Jun 2023 08:37:42 GMT
etag: "648c1f56-0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2

tomlldahehun.org/multi?cs=UGExYkJlVAdVe2ZYAVF0Z1MDWnc&abt=0&red=1&sm=76&k=&v=1.0.60.4&sts=0&prn=0&emb=0&tid=901258&rxy=1280_1024&u=1866075796599521&agec=1745780250&fs=1&ref=https%3A%2F%2Fdo7go.com%2Fe%2Fhttps%2Fdoodstream.com%2Fd%2F8rsoqn6rsiiy&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A134.0)%20gecko%2F20100101%20firefox%2F134.0&tzd=0&uloc=&if=0&_NJX8=1745780251934&crc=1

54.240.174.89

200 OK

15 B

URL GET
tomlldahehun.org/multi?cs=UGExYkJlVAdVe2ZYAVF0Z1MDWnc&abt=0&red=1&sm=76&k=&v=1.0.60.4&sts=0&prn=0&emb=0&tid=901258&rxy=1280_1024&u=1866075796599521&agec=1745780250&fs=1&ref=https%3A%2F%2Fdo7go.com%2Fe%2Fhttps%2Fdoodstream.com%2Fd%2F8rsoqn6rsiiy&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A134.0)%20gecko%2F20100101%20firefox%2F134.0&tzd=0&uloc=&if=0&_NJX8=1745780251934&crc=1
IP
54.240.174.89:443
ASN
#16509 AMAZON-02

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerAmazon
Subjecttomlldahehun.org
Fingerprint6B:F0:7B:63:2B:19:E1:74:83:15:1A:BF:1B:B4:E6:71:68:14:57:3D
ValiditySun, 06 Apr 2025 00:00:00 GMT - Tue, 05 May 2026 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
15 B (15 bytes)
Hash
d39207bea620cffa8e65d3b12e8f1547
220ebce5a61ee5d771133e1cd20c469443ccfd76
f058a19c34ccdfbb47e68ba58b254ffa5d774fdaeeaa0b1fb9f19d3c055c0a21

HTTP Headers

GET /multi?cs=UGExYkJlVAdVe2ZYAVF0Z1MDWnc&abt=0&red=1&sm=76&k=&v=1.0.60.4&sts=0&prn=0&emb=0&tid=901258&rxy=1280_1024&u=1866075796599521&agec=1745780250&fs=1&ref=https%3A%2F%2Fdo7go.com%2Fe%2Fhttps%2Fdoodstream.com%2Fd%2F8rsoqn6rsiiy&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A134.0)%20gecko%2F20100101%20firefox%2F134.0&tzd=0&uloc=&if=0&_NJX8=1745780251934&crc=1 HTTP/1.1
Host: tomlldahehun.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/plain
content-length: 41
date: Sun, 27 Apr 2025 18:57:32 GMT
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
set-cookie: AWSALB=cf4gEf3KLzz0TU/q2Fkb8hvXmqdYEvKX4+eAwf25Xf4R9oLgmo5ZfHeLk4i2+dH4H8jJlv0Zkq02PS/CxA8RUViQVXqOgcVAMJfOesbjs1IZeZH+5WZJNQLjePgw; Expires=Sun, 04 May 2025 18:57:32 GMT; Path=/
AWSALBCORS=cf4gEf3KLzz0TU/q2Fkb8hvXmqdYEvKX4+eAwf25Xf4R9oLgmo5ZfHeLk4i2+dH4H8jJlv0Zkq02PS/CxA8RUViQVXqOgcVAMJfOesbjs1IZeZH+5WZJNQLjePgw; Expires=Sun, 04 May 2025 18:57:32 GMT; Path=/; SameSite=None
csu=b21d5de8-2aab-47c5-87b2-387e459c726b
csu=1866075796599521
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://do7go.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: BJtPMketm5HTQvcFPVmlyY7VQiUM9HGvIKrgX6cbpwvoAOpgb5jA2Q==
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

104.17.25.14

200 OK

88 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
88 kB (88145 bytes)
Hash
220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

HTTP Headers

GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:29 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 93708bbcea39712a-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 272081
expires: Fri, 17 Apr 2026 18:57:29 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bOiMiOp%2BO%2BkH1Lst7PW0klQUQ8vzIIVy9T%2B0MkR2wxX%2Ba8ARTksdwmIlrvVYMcBO%2B%2FGjcA%2Bb5%2Fw3vVf%2FR%2FnpxuYqLIhOjCvrMKS2KIo4dJ7uXQAl4XvtWOH7TLyFHKkh4Mp1VLcP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ukankingwithea.com/

104.21.112.1

200 OK

26 B

URL GET
ukankingwithea.com/
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerGoogle Trust Services
Subjectukankingwithea.com
Fingerprint02:7E:37:44:90:B9:05:B4:82:CD:5A:71:84:A1:C8:84:66:33:BC:78
ValiditySat, 01 Mar 2025 13:28:14 GMT - Fri, 30 May 2025 14:26:54 GMT

File type
ASCII text, with no line terminators
Size
26 B (26 bytes)
Hash
9a2de31ed2c59c43bf6896e2f76bb73a
12ad4c454f10f9c83202817d9c20db8b26d3945c
076a934b2fc1ff22e743938abbcda6655b9e0475443453c92f60452aa5d1f828

HTTP Headers

GET / HTTP/1.1
Host: ukankingwithea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://do7go.com/
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:30 GMT
content-type: text/plain
server: cloudflare
access-control-allow-origin: https://do7go.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
content-encoding: br
set-cookie: csu=627140339902384@1@1745780250; SameSite=None; Secure; Max-Age=31104000
cf-ray: 93708bc4986edef8-AMS
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ukankingwithea.com/asd100.bin

104.21.112.1

404 Not Found

561 B

URL GET
ukankingwithea.com/asd100.bin
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerGoogle Trust Services
Subjectukankingwithea.com
Fingerprint02:7E:37:44:90:B9:05:B4:82:CD:5A:71:84:A1:C8:84:66:33:BC:78
ValiditySat, 01 Mar 2025 13:28:14 GMT - Fri, 30 May 2025 14:26:54 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
561 B (561 bytes)
Hash
9f3fb0948a012f975250df83e4adec47
09fda5065170e45e4847b550cc5a232aecc76bb8
d3dae34448fafbf40e6fef9a015397d39003ce732cbb59cd37e027bed55a7bed

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: ukankingwithea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://do7go.com/
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sun, 27 Apr 2025 18:57:30 GMT
content-type: text/html
server: cloudflare
cache-control: max-age=14400
cf-cache-status: HIT
age: 90
content-encoding: br
cf-ray: 93708bc4a8a7def8-AMS
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ukankingwithea.com/

104.21.112.1

200 OK

27 B

URL GET
ukankingwithea.com/
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerGoogle Trust Services
Subjectukankingwithea.com
Fingerprint02:7E:37:44:90:B9:05:B4:82:CD:5A:71:84:A1:C8:84:66:33:BC:78
ValiditySat, 01 Mar 2025 13:28:14 GMT - Fri, 30 May 2025 14:26:54 GMT

File type
ASCII text, with no line terminators
Size
27 B (27 bytes)
Hash
fe6d08a0d9334ce4a45f84d1cdd45a86
cd17fcefd53fb4ecc3c1686377f3ae7db13002ba
be4b4428a28f046162407eb8a954f8c38cfc18b16f31481b41f768fd49bc6357

HTTP Headers

GET / HTTP/1.1
Host: ukankingwithea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://do7go.com/
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:30 GMT
content-type: text/plain
server: cloudflare
access-control-allow-origin: https://do7go.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
content-encoding: br
set-cookie: csu=1866075796599521@1@1745780250; SameSite=None; Secure; Max-Age=31104000
cf-ray: 93708bc4a89adef8-AMS
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

blockadsnot.com/dpiiuqmkzhvkzulghe?iVZtaAcw=BQOCAAAAAAAACZUAAka9MwmalI4UX88tQ_EgzdCTpF25w8XfWRT9ffZ4NcEE_BsefjC6cq9frKCyscD4el_vNR53tiwV2z_SXEMUgawRxPiy_SlaAFAgtz4jnYCkc2BC6UbDENaRAqZG5NkEPHcTKV76oQ96HoJqyNbrNYc8J9h9x-dFDcwKW0NhP0lKxlvQ7vNG_JxtkF_T-10Fs8ZpLqLIDUtWTRKhKztzeDpNzHx9P1Iop-357J7yZ5-6ce2NpQ4Wv6lpnDn6nSXyka1_AV7-pzQNplEj5l13JkWt5hWKbqmAYrrKHfweIcrIjl2jJDRMuz7M_EHb9AuJLNjkCGKJt5t8W6CLJ5Jb5UYSEsRw1mGmPJXiclxCwGnx4EKxgSiP0lMf7G-nYcqrb-pLttaa-JWsG4knb0yyaEFm2i3PqBwp5y2pBppCAOSAtqm15VJHmtFAV-TXV5HCHgPHx1mnfm9qcSdRoRtNE_XCU3DsWEnQ0WWMZZpplfbDQd522NVX38R61FJHdHhR05L4XtiHem5wph6_vgZ67nkElS78c3yjX7wVml4isi0kv_GF5NbfSmcsyjj3ghn-8Q1KGah-RxqSbmB1BbE1pbokh9q8qsb9dtsbyRkyxy1IHpQz4ncELTQjWF4WKF4xRnbdnbUlEjbMaaJKKCyE5KXeO2EtHO0HyfkIPZzCGTcsgqnOxMMvINyBU0zNrHeuc1AwdzqNQLLuFNRJMTbfGZjb0QNcuNkKgLtkuKRf_xMdRmnzUNF84DM9GG_FexNWvLib3NKr2qVxM9NZqsgR89iD22PGDDb8If15T4ZxaISyZl_SMFL0dShrSSvrDYYUovFUZh8_SWE_q7895l-DWdoqVtZfixKRQaQmhZjygl7ZWiwrcxEShm54nSAtBj9eUgyI_bkHviKCSR6tgB7NP5WRatDSqT-MMlEF19n9OoQZLxmA2BEc57WuSrvU1GiLYHEqG_FLVWERzNPV0rCvjyCyKiB7pHRLzL2woyPgIF2IoeutHs5p8ot-v7Bzp8FVzJf3S_-9WkXhL-awWYrtEYu8ZB6HGOi1YK919L1iieebk1WCwNt7Xagl57XTbpf9BaUUvq0dPy4pnvnEw6KPhSWHFp0Rr9v768l1-rnybs41v1QixgxpZYqcCZvxwsoDIxHkwFj4gOaE3zhOGd0Fjaby25wJRVs6etIQqj5RRrqu&KBwflIhd=4&xzvcarwF=4091021&NsOabBlD=&KaMqwxfL=0,0&SEKUNWaJ=&UcTDaeOX=&s=1280,1024,1,1280,1024,0

208.95.112.254

200 OK

44 B

URL GET
blockadsnot.com/dpiiuqmkzhvkzulghe?iVZtaAcw=BQOCAAAAAAAACZUAAka9MwmalI4UX88tQ_EgzdCTpF25w8XfWRT9ffZ4NcEE_BsefjC6cq9frKCyscD4el_vNR53tiwV2z_SXEMUgawRxPiy_SlaAFAgtz4jnYCkc2BC6UbDENaRAqZG5NkEPHcTKV76oQ96HoJqyNbrNYc8J9h9x-dFDcwKW0NhP0lKxlvQ7vNG_JxtkF_T-10Fs8ZpLqLIDUtWTRKhKztzeDpNzHx9P1Iop-357J7yZ5-6ce2NpQ4Wv6lpnDn6nSXyka1_AV7-pzQNplEj5l13JkWt5hWKbqmAYrrKHfweIcrIjl2jJDRMuz7M_EHb9AuJLNjkCGKJt5t8W6CLJ5Jb5UYSEsRw1mGmPJXiclxCwGnx4EKxgSiP0lMf7G-nYcqrb-pLttaa-JWsG4knb0yyaEFm2i3PqBwp5y2pBppCAOSAtqm15VJHmtFAV-TXV5HCHgPHx1mnfm9qcSdRoRtNE_XCU3DsWEnQ0WWMZZpplfbDQd522NVX38R61FJHdHhR05L4XtiHem5wph6_vgZ67nkElS78c3yjX7wVml4isi0kv_GF5NbfSmcsyjj3ghn-8Q1KGah-RxqSbmB1BbE1pbokh9q8qsb9dtsbyRkyxy1IHpQz4ncELTQjWF4WKF4xRnbdnbUlEjbMaaJKKCyE5KXeO2EtHO0HyfkIPZzCGTcsgqnOxMMvINyBU0zNrHeuc1AwdzqNQLLuFNRJMTbfGZjb0QNcuNkKgLtkuKRf_xMdRmnzUNF84DM9GG_FexNWvLib3NKr2qVxM9NZqsgR89iD22PGDDb8If15T4ZxaISyZl_SMFL0dShrSSvrDYYUovFUZh8_SWE_q7895l-DWdoqVtZfixKRQaQmhZjygl7ZWiwrcxEShm54nSAtBj9eUgyI_bkHviKCSR6tgB7NP5WRatDSqT-MMlEF19n9OoQZLxmA2BEc57WuSrvU1GiLYHEqG_FLVWERzNPV0rCvjyCyKiB7pHRLzL2woyPgIF2IoeutHs5p8ot-v7Bzp8FVzJf3S_-9WkXhL-awWYrtEYu8ZB6HGOi1YK919L1iieebk1WCwNt7Xagl57XTbpf9BaUUvq0dPy4pnvnEw6KPhSWHFp0Rr9v768l1-rnybs41v1QixgxpZYqcCZvxwsoDIxHkwFj4gOaE3zhOGd0Fjaby25wJRVs6etIQqj5RRrqu&KBwflIhd=4&xzvcarwF=4091021&NsOabBlD=&KaMqwxfL=0,0&SEKUNWaJ=&UcTDaeOX=&s=1280,1024,1,1280,1024,0
IP
208.95.112.254:443
ASN
#53334 TUT-AS

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerSectigo Limited
Subjectblockadsnot.com
Fingerprint1E:C1:DD:D3:65:DB:48:42:4B:E9:38:9C:2B:C9:89:AD:03:15:09:01
ValidityFri, 04 Apr 2025 00:00:00 GMT - Tue, 05 May 2026 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
44 B (44 bytes)
Hash
d5f0a25e4d3522d56d48ce7bc3e518fb
86794caff58f7fee6e684c2ba7195f970a8d6f4c
9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5

HTTP Headers

GET /dpiiuqmkzhvkzulghe?iVZtaAcw=BQOCAAAAAAAACZUAAka9MwmalI4UX88tQ_EgzdCTpF25w8XfWRT9ffZ4NcEE_BsefjC6cq9frKCyscD4el_vNR53tiwV2z_SXEMUgawRxPiy_SlaAFAgtz4jnYCkc2BC6UbDENaRAqZG5NkEPHcTKV76oQ96HoJqyNbrNYc8J9h9x-dFDcwKW0NhP0lKxlvQ7vNG_JxtkF_T-10Fs8ZpLqLIDUtWTRKhKztzeDpNzHx9P1Iop-357J7yZ5-6ce2NpQ4Wv6lpnDn6nSXyka1_AV7-pzQNplEj5l13JkWt5hWKbqmAYrrKHfweIcrIjl2jJDRMuz7M_EHb9AuJLNjkCGKJt5t8W6CLJ5Jb5UYSEsRw1mGmPJXiclxCwGnx4EKxgSiP0lMf7G-nYcqrb-pLttaa-JWsG4knb0yyaEFm2i3PqBwp5y2pBppCAOSAtqm15VJHmtFAV-TXV5HCHgPHx1mnfm9qcSdRoRtNE_XCU3DsWEnQ0WWMZZpplfbDQd522NVX38R61FJHdHhR05L4XtiHem5wph6_vgZ67nkElS78c3yjX7wVml4isi0kv_GF5NbfSmcsyjj3ghn-8Q1KGah-RxqSbmB1BbE1pbokh9q8qsb9dtsbyRkyxy1IHpQz4ncELTQjWF4WKF4xRnbdnbUlEjbMaaJKKCyE5KXeO2EtHO0HyfkIPZzCGTcsgqnOxMMvINyBU0zNrHeuc1AwdzqNQLLuFNRJMTbfGZjb0QNcuNkKgLtkuKRf_xMdRmnzUNF84DM9GG_FexNWvLib3NKr2qVxM9NZqsgR89iD22PGDDb8If15T4ZxaISyZl_SMFL0dShrSSvrDYYUovFUZh8_SWE_q7895l-DWdoqVtZfixKRQaQmhZjygl7ZWiwrcxEShm54nSAtBj9eUgyI_bkHviKCSR6tgB7NP5WRatDSqT-MMlEF19n9OoQZLxmA2BEc57WuSrvU1GiLYHEqG_FLVWERzNPV0rCvjyCyKiB7pHRLzL2woyPgIF2IoeutHs5p8ot-v7Bzp8FVzJf3S_-9WkXhL-awWYrtEYu8ZB6HGOi1YK919L1iieebk1WCwNt7Xagl57XTbpf9BaUUvq0dPy4pnvnEw6KPhSWHFp0Rr9v768l1-rnybs41v1QixgxpZYqcCZvxwsoDIxHkwFj4gOaE3zhOGd0Fjaby25wJRVs6etIQqj5RRrqu&KBwflIhd=4&xzvcarwF=4091021&NsOabBlD=&KaMqwxfL=0,0&SEKUNWaJ=&UcTDaeOX=&s=1280,1024,1,1280,1024,0 HTTP/1.1
Host: blockadsnot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
popads-node: wb3
access-control-allow-origin: *
popads-ec: OVL
content-type: text/javascript;charset=UTF-8
content-length: 44
date: Sun, 27 Apr 2025 18:57:33 GMT
X-Firefox-Spdy: h2

faqirsgoliard.top/gHzOaAdOhbZ/71405

23.109.170.48

200 OK

6 B

URL GET
faqirsgoliard.top/gHzOaAdOhbZ/71405
IP
23.109.170.48:443
ASN
#7979 SERVERS-COM

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerZeroSSL
Subjectfaqirsgoliard.top
FingerprintB0:1A:95:1C:A4:EC:21:32:46:5F:3B:18:FB:97:AB:03:1C:C0:54:05
ValidityThu, 27 Feb 2025 00:00:00 GMT - Wed, 28 May 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
6 B (6 bytes)
Hash
4fc71bf68a1d477bd1523733e34d1e90
15119105cffbe108b6cf290146ab02c9aa8517ba
74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /gHzOaAdOhbZ/71405 HTTP/1.1
Host: faqirsgoliard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Apr 2025 18:57:29 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://do7go.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; expires=Mon, 28-Apr-2025 18:57:29 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Mon, 28-Apr-2025 18:57:29 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

undefined/MnlJcXBTGyocT1NEK1cFQBV0VEJ0XHs3FAMfeUQGQEo6GwNHAH5fE14WPBUWQBYnBV5cHD1UQnQOBik+di4lKxF6OnlJEWdJKDtCVg8KJDpKG3tFFnMDDFRCdDQIICh+PnkJJl5JLj8kQR8OJTEDNgwdP3E7GDYmSBZ/EDIDTQY1OVc8CEAxaCp9AihnTDMXNEIgASIiXBoPBhR7Pi0fOEowJz43QTcfJRNDNh87P3kqLlRCcC8xIEd5EB8kMl8sPz8HYxwFMjEXSw8nIgoQL0MiF0sPIx0DCCoGBHYYMEFVAD8fCRNBNRokE2MhBEE5WgELEkJGFA9BPl8YGyATYyFkPARiSC03FAFAJRRBaAEoGERiK3srAHQ7MTMTSx4uOTVzOihDJXwhET8KUQ49NTp2QXgkGEoUKDMxfih6OwFoHiE1E1xAIjIiZwgCNT5UMQ0FVQA/EzlJcRoORERxLxxDKgAabxsDXRc5TDt8KSc4CQAyCDoBdj99Qg

0.0.0.0

0 B

URL GET
undefined/MnlJcXBTGyocT1NEK1cFQBV0VEJ0XHs3FAMfeUQGQEo6GwNHAH5fE14WPBUWQBYnBV5cHD1UQnQOBik+di4lKxF6OnlJEWdJKDtCVg8KJDpKG3tFFnMDDFRCdDQIICh+PnkJJl5JLj8kQR8OJTEDNgwdP3E7GDYmSBZ/EDIDTQY1OVc8CEAxaCp9AihnTDMXNEIgASIiXBoPBhR7Pi0fOEowJz43QTcfJRNDNh87P3kqLlRCcC8xIEd5EB8kMl8sPz8HYxwFMjEXSw8nIgoQL0MiF0sPIx0DCCoGBHYYMEFVAD8fCRNBNRokE2MhBEE5WgELEkJGFA9BPl8YGyATYyFkPARiSC03FAFAJRRBaAEoGERiK3srAHQ7MTMTSx4uOTVzOihDJXwhET8KUQ49NTp2QXgkGEoUKDMxfih6OwFoHiE1E1xAIjIiZwgCNT5UMQ0FVQA/EzlJcRoORERxLxxDKgAabxsDXRc5TDt8KSc4CQAyCDoBdj99Qg
IP
0.0.0.0:0
ASN
#0

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /MnlJcXBTGyocT1NEK1cFQBV0VEJ0XHs3FAMfeUQGQEo6GwNHAH5fE14WPBUWQBYnBV5cHD1UQnQOBik+di4lKxF6OnlJEWdJKDtCVg8KJDpKG3tFFnMDDFRCdDQIICh+PnkJJl5JLj8kQR8OJTEDNgwdP3E7GDYmSBZ/EDIDTQY1OVc8CEAxaCp9AihnTDMXNEIgASIiXBoPBhR7Pi0fOEowJz43QTcfJRNDNh87P3kqLlRCcC8xIEd5EB8kMl8sPz8HYxwFMjEXSw8nIgoQL0MiF0sPIx0DCCoGBHYYMEFVAD8fCRNBNRokE2MhBEE5WgELEkJGFA9BPl8YGyATYyFkPARiSC03FAFAJRRBaAEoGERiK3srAHQ7MTMTSx4uOTVzOihDJXwhET8KUQ49NTp2QXgkGEoUKDMxfih6OwFoHiE1E1xAIjIiZwgCNT5UMQ0FVQA/EzlJcRoORERxLxxDKgAabxsDXRc5TDt8KSc4CQAyCDoBdj99Qg HTTP/1.1
Host: undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail

74.125.131.84

302 Found

0 B

URL GET
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerGoogle Trust Services
Subjectaccounts.google.com
Fingerprint52:D3:F7:7E:94:6F:70:55:50:A6:EA:38:4B:15:DF:91:54:96:59:82
ValidityMon, 31 Mar 2025 08:56:30 GMT - Mon, 23 Jun 2025 08:56:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:El8XiiFFMqBVd_ygcJD8YCcuoa5GSA:J1Z-mLl7PHHEy9GX; Expires=Tue, 27-Apr-2027 18:57:30 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 27 Apr 2025 18:57:30 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKV5Mj9R1MANKHWrjKK9B_dFEYO12NYXq34CQVcf12KS8ELn0Fp5JZ9OHnvuz6S5ZokzYYRxLjLlg
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-BPmiUvLCJO0TtIVepelRaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

6.adsco.re:2087/

104.17.166.186

200 OK

45 B

URL GET
6.adsco.re:2087/
IP
104.17.166.186:2087
ASN
#13335 CLOUDFLARENET

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerSectigo Limited
Subject*.adsco.re
Fingerprint3B:64:1C:DA:8C:64:22:01:36:0F:54:7A:99:6E:AD:26:C2:EF:59:8B
ValidityMon, 23 Sep 2024 00:00:00 GMT - Mon, 29 Sep 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
45 B (45 bytes)
Hash
5b41cb22f84f645a103acc7bfbf084ff
bac3967b26d5ec4a0d09a580714e8219796816bd
709f0a0dfab9f9e074f4a4a348dcb09150838284d21e75cfb9e5ceaeeb2054bc

HTTP Headers

GET / HTTP/1.1
Host: 6.adsco.re:2087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:31 GMT
content-type: text/plain;charset=UTF-8
content-length: 45
access-control-allow-origin: https://do7go.com
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 93708bccecffb4fa-OSL
alt-svc: h3=":2087"; ma=86400
X-Firefox-Spdy: h2

i.doodcdn.io/img/no_video_3.svg

104.26.14.102

200 OK

2.8 kB

URL GET
i.doodcdn.io/img/no_video_3.svg
IP
104.26.14.102:443
ASN
#13335 CLOUDFLARENET

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerGoogle Trust Services
Subjectdoodcdn.io
Fingerprint55:EE:8C:FC:C3:6E:6C:90:2B:D0:6B:34:0E:02:CA:FA:E1:1A:08:16
ValidityWed, 05 Mar 2025 17:45:54 GMT - Tue, 03 Jun 2025 18:44:30 GMT

File type
SVG Scalable Vector Graphics image
Size
2.8 kB (2812 bytes)
Hash
077bfdaa49ae4877a42611b739ec4752
a2f9e1222b7af9abc05122411ab8902efcc08ead
70d6a17097a8c27edfaad6740e11359d9363f3f04bff1b93483e29c25609fa6c

HTTP Headers

GET /img/no_video_3.svg HTTP/1.1
Host: i.doodcdn.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:29 GMT
content-type: image/svg+xml
content-length: 2812
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
etag: "61d3187c-afc"
expires: Mon, 26 May 2025 04:06:47 GMT
cache-control: public, max-age=2592000, no-transform
access-control-allow-origin: *
cf-cache-status: HIT
age: 56532
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VLGBc2qeMyJeej6Z0J7F4pVBR%2F2qEd0gK24XcuH3sNnbZdum7Tfb7QjaYe2TlC%2BB1d1e8%2FPc4iJWCf0hEhDioNfPBLVH1HJuWSt%2Fkx4tU8GKYLaBWkM87mkWAhsayg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 93708bbd8bb1e4d3-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16694&min_rtt=15492&rtt_var=4532&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3271&recv_bytes=1365&delivery_rate=280258&cwnd=252&unsent_bytes=0&cid=021428768d8acaad&ts=56&x=0"
X-Firefox-Spdy: h2

dindeedtheriver.com/aE45dDdHcVoHCjx+CCNSBD4PEXAqAGBHW1gUUhhEDQYAH2YFdh8AXgxzAEQGWnsBUkcBKgRGDk49TRVDHT0ERREBIF8bCk44BEUZWGAPRBlcaExJBk46SRVQVX8fBEMcIgRFAFx7DkwHWnoAQQJe

104.21.64.1

204 No Content

0 B

URL GET
dindeedtheriver.com/aE45dDdHcVoHCjx+CCNSBD4PEXAqAGBHW1gUUhhEDQYAH2YFdh8AXgxzAEQGWnsBUkcBKgRGDk49TRVDHT0ERREBIF8bCk44BEUZWGAPRBlcaExJBk46SRVQVX8fBEMcIgRFAFx7DkwHWnoAQQJe
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerGoogle Trust Services
Subjectdindeedtheriver.com
Fingerprint1A:82:F8:CF:A4:CF:0C:8B:6A:92:CA:07:15:53:38:0C:73:26:15:82
ValidityThu, 03 Apr 2025 11:42:28 GMT - Wed, 02 Jul 2025 12:40:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /aE45dDdHcVoHCjx+CCNSBD4PEXAqAGBHW1gUUhhEDQYAH2YFdh8AXgxzAEQGWnsBUkcBKgRGDk49TRVDHT0ERREBIF8bCk44BEUZWGAPRBlcaExJBk46SRVQVX8fBEMcIgRFAFx7DkwHWnoAQQJe HTTP/1.1
Host: dindeedtheriver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Sun, 27 Apr 2025 18:57:29 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 93708bc09886dfd3-AMS
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

212.117.186.12

200 OK

669 B

URL POST
mixscoggan.shop/gd/70849?md=eyJhIjo4MTU4LCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly9kbzdnby5jb20vZS9odHRwcy9kb29kc3RyZWFtLmNvbS9kLzhyc29xbjZyc2lpeSIsImgiOjEwMzIsImwiOiJlbi1VUyIsInQiOjAsInoiOjYxOTksImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoibHd4OHY3dTNzMHF0ZG5yIiwibyI6dHJ1ZSwibSI6MTc0NTc4MDI0OTc0NiwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyVmlkZW8lMjBub3QlMjBmb3VuZCUyMCU3QyUyMERvb2RTdHJlYW0lMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTIydGVzdCUzQTMlMjIlMkMlMjJub3QlM0EyJTIyJTJDJTIyZm91bmQlM0EyJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&fc=h7q5T8idLKWMMrmW6iTG0g&pr=1YB8DBYXc1mTRxnxJxgO3A
IP
212.117.186.12:443
ASN
#7979 SERVERS-COM

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerLet's Encrypt
Subjectmixscoggan.shop
Fingerprint1D:16:41:59:06:67:D9:CC:1E:B5:29:75:87:D3:57:A3:8E:81:A3:ED
ValidityTue, 22 Apr 2025 04:09:34 GMT - Mon, 21 Jul 2025 04:09:33 GMT

File type
JSON text data
Size
669 B (669 bytes)
Hash
b9eb371a1487329ce37098067c24a4dd
3f034fc643a015fffe99c5c804a546aba538d51b
ec2a8c50c1e1247de9d233123e84feae2e93b3cbd54bee12c071da59c92525d1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /gd/70849?md=eyJhIjo4MTU4LCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly9kbzdnby5jb20vZS9odHRwcy9kb29kc3RyZWFtLmNvbS9kLzhyc29xbjZyc2lpeSIsImgiOjEwMzIsImwiOiJlbi1VUyIsInQiOjAsInoiOjYxOTksImsiOjAsInUiOiIiLCJmIjpmYWxzZSwid2giOiJub3QgaW4gaWZyYW1lIiwiaWgiOiIxMjgweDEwMjQiLCJlIjoibHd4OHY3dTNzMHF0ZG5yIiwibyI6dHJ1ZSwibSI6MTc0NTc4MDI0OTc0NiwidyI6IiU3QiUyMnRpdGxlJTIyJTNBJTIyVmlkZW8lMjBub3QlMjBmb3VuZCUyMCU3QyUyMERvb2RTdHJlYW0lMjIlMkMlMjJrZXl3b3JkcyUyMiUzQSU1QiU1RCUyQyUyMnRvcHdvcmRzJTIyJTNBJTVCJTIydGVzdCUzQTMlMjIlMkMlMjJub3QlM0EyJTIyJTJDJTIyZm91bmQlM0EyJTIyJTVEJTdEIiwidHMiOjAsInByIjoxLCJoYyI6NDgsImJsIjotMSwiYmMiOjMsInZ2IjoiTWVzYSIsInZyIjoibGx2bXBpcGUiLCJhYyI6MCwiY3QiOiJ1bmtub3duIiwiY2V0IjoidW5rbm93biIsImNkbG0iOi0xLCJjZGwiOi0xLCJjcnR0IjotMSwidG1zIjoxMjAsImNlIjp0cnVlLCJjZCI6MjQsIm9yIjoibGFuZHNjYXBlLXByaW1hcnkiLCJmcyI6bnVsbCwiZnNvIjpudWxsfQ&fc=h7q5T8idLKWMMrmW6iTG0g&pr=1YB8DBYXc1mTRxnxJxgO3A HTTP/1.1
Host: mixscoggan.shop
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://do7go.com/
Content-Type: application/json
Content-Length: 82
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Apr 2025 18:57:30 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://do7go.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; expires=Mon, 28-Apr-2025 18:57:30 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Mon, 28-Apr-2025 18:57:30 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKV5MhjHpENpzdAtmfXi6dTXHO0Llmsr3ReaISv9sx0m_7W0Fm0NI0qFqtZNAUuiais9SEVshEh&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1140263498%3A1745780251260366

74.125.131.84

403 Forbidden

0 B

URL GET
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKV5MhjHpENpzdAtmfXi6dTXHO0Llmsr3ReaISv9sx0m_7W0Fm0NI0qFqtZNAUuiais9SEVshEh&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1140263498%3A1745780251260366
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint67:52:2F:AB:93:DE:39:DA:94:50:11:AE:8B:37:CB:88:8F:DC:56:7D
ValidityMon, 31 Mar 2025 08:54:37 GMT - Mon, 23 Jun 2025 08:54:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKV5MhjHpENpzdAtmfXi6dTXHO0Llmsr3ReaISv9sx0m_7W0Fm0NI0qFqtZNAUuiais9SEVshEh&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1140263498%3A1745780251260366 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://do7go.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 27 Apr 2025 18:57:31 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-WATA0SIfgPtX_YJ58BiAKw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.google.com/tools/feedback/help_api.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/feedback/js/ghelp/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.E_-11t052Go.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

4.adsco.re/

0.0.0.0

0 B

URL GET
4.adsco.re/
IP
0.0.0.0:0
ASN
#0

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: 4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

4.adsco.re:2087/

0.0.0.0

0 B

URL GET
4.adsco.re:2087/
IP
0.0.0.0:0
ASN
#0

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: 4.adsco.re:2087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

d1f05vr3sjsuy7.cloudfront.net/?srvfd=908056

3.164.60.156

200 OK

320 kB

URL GET
d1f05vr3sjsuy7.cloudfront.net/?srvfd=908056
IP
3.164.60.156:443
ASN
#16509 AMAZON-02

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerAmazon
Subject*.cloudfront.net
Fingerprint28:D3:87:79:3C:E8:8B:3C:D9:10:45:E5:F7:64:7A:6D:44:4E:5A:62
ValidityTue, 30 Jul 2024 00:00:00 GMT - Thu, 03 Jul 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (38488)
Size
320 kB (320388 bytes)
Hash
648f7fae09d8e8b907248f897ffdd46f
2f113a63b8014c4bee06b8b80f71f65ce741417f
30a629af10c187d7a92b92e8a8970e38575063fa8183941bdc1b28326bfbd078

HTTP Headers

GET /?srvfd=908056 HTTP/1.1
Host: d1f05vr3sjsuy7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 106759
date: Sun, 27 Apr 2025 18:57:29 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 c06aa2ede3260638d08a4102b786cdfc.cloudfront.net (CloudFront)
x-amz-cf-pop: HEL51-P4
x-amz-cf-id: E7UqTgP5WfBjB8_tChkrtQXhJ0ZeT3eLctE-2AECnC5QpD6h7GGP3A==
X-Firefox-Spdy: h2

do7go.com/favicon.ico

104.26.8.147

200 OK

15 kB

URL GET
do7go.com/favicon.ico
IP
104.26.8.147:443
ASN
#13335 CLOUDFLARENET

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerGoogle Trust Services
Subjectdo7go.com
Fingerprint62:14:72:A9:A1:C9:E5:FE:80:F8:A6:E1:89:21:66:B4:38:8B:DF:5B
ValidityThu, 20 Mar 2025 08:57:50 GMT - Wed, 18 Jun 2025 09:56:23 GMT

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15406 bytes)
Hash
30d3656f43c817e38c3e7d70b2bfbdad
1aa43b43755e7cba5e145d0978517f7bedad7da6
a558a4796f60f07743027eec96b538b2e7758cca8c544ed796ff745837478555

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: do7go.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Cookie: lang=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 27 Apr 2025 18:57:30 GMT
content-type: image/x-icon
content-length: 15406
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
etag: "61d3187c-3c2e"
expires: Fri, 16 May 2025 13:23:15 GMT
cache-control: public, max-age=2592000, no-transform
access-control-allow-origin: *
cf-cache-status: HIT
age: 970380
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RM%2FzywYNHuyf%2FAUKNi4C5Z%2BrVB1Ivfc3%2B02%2FGrkVuob%2B0fbMkRkP0fEiGf8SSgsEnOg16CcNLyQrtEK32WFSQ4vZNh9yWpH0dlLAxtVcb6f2G9qupL%2Blc%2Br7ng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 93708bc41963e4cf-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=18083&min_rtt=16332&rtt_var=7375&sent=11&recv=6&lost=0&retrans=0&sent_bytes=4086&recv_bytes=1130&delivery_rate=39308&cwnd=12000&unsent_bytes=0&cid=fae121dad78e7dfb&ts=1470&x=1", cfExtPri, cfHdrFlush;dur=0

dindeedtheriver.com/b1JtQnlAbQ4xRCJgGRg2KQclFUsqGTQ1PwwzGnMULQQVMzoCC0s2EAtvVHJBX2dbZAkGNlBzXxwmDDYMHG9cZBABNAJ/XxlvXGxKW3xedFdbdBh/SEkmHSMeUmNLMg0bPlBzTltnWnpJXWZUd01f

104.21.64.1

204 No Content

0 B

URL GET
dindeedtheriver.com/b1JtQnlAbQ4xRCJgGRg2KQclFUsqGTQ1PwwzGnMULQQVMzoCC0s2EAtvVHJBX2dbZAkGNlBzXxwmDDYMHG9cZBABNAJ/XxlvXGxKW3xedFdbdBh/SEkmHSMeUmNLMg0bPlBzTltnWnpJXWZUd01f
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerGoogle Trust Services
Subjectdindeedtheriver.com
Fingerprint1A:82:F8:CF:A4:CF:0C:8B:6A:92:CA:07:15:53:38:0C:73:26:15:82
ValidityThu, 03 Apr 2025 11:42:28 GMT - Wed, 02 Jul 2025 12:40:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b1JtQnlAbQ4xRCJgGRg2KQclFUsqGTQ1PwwzGnMULQQVMzoCC0s2EAtvVHJBX2dbZAkGNlBzXxwmDDYMHG9cZBABNAJ/XxlvXGxKW3xedFdbdBh/SEkmHSMeUmNLMg0bPlBzTltnWnpJXWZUd01f HTTP/1.1
Host: dindeedtheriver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Sun, 27 Apr 2025 18:57:29 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 93708bc06812dfd3-AMS
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

c.adsco.re/#0.006184898892497959

104.17.167.186

200 OK

79 kB

URL GET
c.adsco.re/#0.006184898892497959
IP
104.17.167.186:443
ASN
#13335 CLOUDFLARENET

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerSectigo Limited
Subject*.adsco.re
Fingerprint3B:64:1C:DA:8C:64:22:01:36:0F:54:7A:99:6E:AD:26:C2:EF:59:8B
ValidityMon, 23 Sep 2024 00:00:00 GMT - Mon, 29 Sep 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (689)
Size
79 kB (79103 bytes)
Hash
f0e71ebb1e2c90b307c171052ca517d0
1a1950b1868c0bfb8629f6f81b81439160727a79
adbce95b9ac0da66ea3a1d707494d9c74876e1c9186c446b4b5a22d15adc1ee5

HTTP Headers

GET / HTTP/1.1
Host: c.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 27 Apr 2025 18:57:31 GMT
content-type: text/html
cache-control: public, max-age=2678400
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
permissions-policy: ch-ua=(self "https://adsco.re"),ch-ua-mobile=(self "https://adsco.re"),ch-ua-full-version=(self "https://adsco.re"),ch-ua-platform=(self "https://adsco.re"),ch-ua-platform-version=(self "https://adsco.re"),ch-ua-arch=(self "https://adsco.re"),ch-ua-model=(self "https://adsco.re"),ch-device-memory=(self "https://adsco.re"),ch-downlink=(self "https://adsco.re"),ch-ect=(self "https://adsco.re"),ch-rtt=(self "https://adsco.re"),ch-width=(self "https://adsco.re"),ch-viewport-width=(self "https://adsco.re"),ch-dpr=(self "https://adsco.re")
link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=preconnect
expires: Wed, 28 May 2025 18:57:31 GMT
etag: W/"8Oceux4skLMHwXEFLKUX0A=="
content-encoding: gzip
cf-cache-status: HIT
age: 1441809
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 93708bcca93456c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy

104.26.8.147

200 OK

2.7 kB

URL User Request GET
do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
IP
104.26.8.147:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectdo7go.com
Fingerprint62:14:72:A9:A1:C9:E5:FE:80:F8:A6:E1:89:21:66:B4:38:8B:DF:5B
ValidityThu, 20 Mar 2025 08:57:50 GMT - Wed, 18 Jun 2025 09:56:23 GMT

File type
HTML document, ASCII text, with very long lines (958)
Size
2.7 kB (2679 bytes)
Hash
efc972f3599ddf1c00ad1f894e893b72
04f5a70c8d0dcb18220bfd57ca1dd16fa47bc436
5693f7ebc7be9b37e6e7398b70012aa3737c9ebb7edf738d36fa668fd4bcddfb

HTTP Headers

GET /e/https/doodstream.com/d/8rsoqn6rsiiy HTTP/1.1
Host: do7go.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:28 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sat, 26 Apr 2025 18:57:28 GMT
set-cookie: lang=1; domain=.do7go.com; path=/; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hHg9mLwFpsUS%2B0n7Jk8TfTPhopPcIuh7SNcI5tQIcSJxLAxSzvta7%2BeewkEAZhmw4Xadxe2Vc9E0wwsEGqI5TRUDRkWh2xnkIr0m%2FGi%2FfMIru7QZMpTTVw8Ghg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 93708bba4cd2a896-RIX
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=23554&min_rtt=17689&rtt_var=13785&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3195&recv_bytes=1147&delivery_rate=245437&cwnd=254&unsent_bytes=0&cid=d9721f144f835735&ts=126&x=0"
X-Firefox-Spdy: h2

dindeedtheriver.com/N2RlTVoYWwY+Z3ggCRoJWQ8nCTd1QVcLCUAXJC9pRyohHDJBAlUIfEMNAXBjAFBXeWkRFAwpZwZcQz4uVhAQPmcGQgwjPFhZQztnBkpVY2gZUUM4ZwZCET07UFlUaypDEAlwawBQUHpiB1ZRdG8BUw

104.21.64.1

204 No Content

0 B

URL GET
dindeedtheriver.com/N2RlTVoYWwY+Z3ggCRoJWQ8nCTd1QVcLCUAXJC9pRyohHDJBAlUIfEMNAXBjAFBXeWkRFAwpZwZcQz4uVhAQPmcGQgwjPFhZQztnBkpVY2gZUUM4ZwZCET07UFlUaypDEAlwawBQUHpiB1ZRdG8BUw
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerGoogle Trust Services
Subjectdindeedtheriver.com
Fingerprint1A:82:F8:CF:A4:CF:0C:8B:6A:92:CA:07:15:53:38:0C:73:26:15:82
ValidityThu, 03 Apr 2025 11:42:28 GMT - Wed, 02 Jul 2025 12:40:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /N2RlTVoYWwY+Z3ggCRoJWQ8nCTd1QVcLCUAXJC9pRyohHDJBAlUIfEMNAXBjAFBXeWkRFAwpZwZcQz4uVhAQPmcGQgwjPFhZQztnBkpVY2gZUUM4ZwZCET07UFlUaypDEAlwawBQUHpiB1ZRdG8BUw HTTP/1.1
Host: dindeedtheriver.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Sun, 27 Apr 2025 18:57:29 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 93708bc0783cdfd3-AMS
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

segarkojiri.top/cuid/?f=https%3A%2F%2Fdo7go.com

94.242.236.135

200 OK

0 B

URL OPTIONS
segarkojiri.top/cuid/?f=https%3A%2F%2Fdo7go.com
IP
94.242.236.135:443
ASN
#7979 SERVERS-COM

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerZeroSSL
Subjectsegarkojiri.top
FingerprintB1:D1:99:D4:6E:8F:E8:95:E2:D6:F3:32:5C:83:EB:8C:7C:23:2A:D7
ValidityTue, 22 Apr 2025 00:00:00 GMT - Mon, 21 Jul 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /cuid/?f=https%3A%2F%2Fdo7go.com HTTP/1.1
Host: segarkojiri.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://do7go.com/
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Apr 2025 18:57:29 GMT
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://do7go.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

segarkojiri.top/cuid/?f=https%3A%2F%2Fdo7go.com

94.242.236.135

200 OK

32 B

URL POST
segarkojiri.top/cuid/?f=https%3A%2F%2Fdo7go.com
IP
94.242.236.135:443
ASN
#7979 SERVERS-COM

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerZeroSSL
Subjectsegarkojiri.top
FingerprintB1:D1:99:D4:6E:8F:E8:95:E2:D6:F3:32:5C:83:EB:8C:7C:23:2A:D7
ValidityTue, 22 Apr 2025 00:00:00 GMT - Mon, 21 Jul 2025 23:59:59 GMT

File type
JSON text data
Size
32 B (32 bytes)
Hash
f9d7afcfa1ce187978c4f93e2de6b9a7
aa22e95b21f3aff99acd66844e90bdd2e7c2e448
22e80225c32233f7ca0d0cbddd3d97985503aa8f446cf98e61123998cb1fb95d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cuid/?f=https%3A%2F%2Fdo7go.com HTTP/1.1
Host: segarkojiri.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://do7go.com/
Content-Type: application/json
Content-Length: 10
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Apr 2025 18:57:30 GMT
Content-Type: application/json
Content-Length: 32
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://do7go.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: a97fa794a0f9=675114ab542420c386d10e; expires=Sun, 08 Sep 2052 11:24:11 GMT; domain=segarkojiri.top; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

td8lfvmrsb51.s4.adsco.re/

185.200.116.60

200 OK

0 B

URL POST
td8lfvmrsb51.s4.adsco.re/
IP
185.200.116.60:443
ASN
#9009 M247 Europe SRL

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerLet's Encrypt
Subject*.s4.adsco.re
FingerprintAE:BB:65:20:B5:2F:2A:DA:30:73:84:C4:DC:5F:66:67:7C:1F:84:BB
ValiditySat, 19 Apr 2025 09:14:19 GMT - Fri, 18 Jul 2025 09:14:18 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST / HTTP/1.1
Host: td8lfvmrsb51.s4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:32 GMT
content-type: text/html
content-length: 0
last-modified: Tue, 03 Oct 2023 13:29:59 GMT
etag: "651c1757-0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2

adsco.re/p

162.252.214.5

200 OK

1.2 kB

URL POST
adsco.re/p
IP
162.252.214.5:443
ASN
#53334 TUT-AS

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerSectigo Limited
Subject*.adsco.re
Fingerprint3B:64:1C:DA:8C:64:22:01:36:0F:54:7A:99:6E:AD:26:C2:EF:59:8B
ValidityMon, 23 Sep 2024 00:00:00 GMT - Mon, 29 Sep 2025 23:59:59 GMT

File type
ASCII text, with very long lines (1212), with no line terminators
Size
1.2 kB (1212 bytes)
Hash
e92b0776e0cb90b239aa3d355017f858
46a397d61efa3aec078f7276bf0531ab14590bed
483640db7c8d635785fd9a722ead31b36707724ea32a3d58f24e488d6c77fcdf

HTTP Headers

POST /p HTTP/1.1
Host: adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 2224
Origin: https://do7go.com
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 27 Apr 2025 18:57:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
AS-P-1: OK nyc123
AS-P-2: OK
AS-P-3: OK
Access-Control-Max-Age: 2592000
Cache-Control: no-transform
Accept-CH: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
Access-Control-Allow-Origin: https://do7go.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKV5Mj6RXJoJL4XljvwR5mxzpM6vpbvhMLw3DydRUWLpHsOnaCXQdiTHefH9T4lbniqOuO-LNICCw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-197298584%3A1745780254891405

74.125.131.84

403 Forbidden

0 B

URL GET
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKV5Mj6RXJoJL4XljvwR5mxzpM6vpbvhMLw3DydRUWLpHsOnaCXQdiTHefH9T4lbniqOuO-LNICCw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-197298584%3A1745780254891405
IP
74.125.131.84:443
ASN
#15169 GOOGLE

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerGoogle Trust Services
Subject*.google.com
Fingerprint67:52:2F:AB:93:DE:39:DA:94:50:11:AE:8B:37:CB:88:8F:DC:56:7D
ValidityMon, 31 Mar 2025 08:54:37 GMT - Mon, 23 Jun 2025 08:54:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKV5Mj6RXJoJL4XljvwR5mxzpM6vpbvhMLw3DydRUWLpHsOnaCXQdiTHefH9T4lbniqOuO-LNICCw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-197298584%3A1745780254891405 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://do7go.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 27 Apr 2025 18:57:35 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'nonce-1Fgjlb6wo0tCN0wgeBUfnQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
content-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.google.com/tools/feedback/help_api.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/feedback/js/ghelp/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.E_-11t052Go.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

i.doodcdn.io/theme_2/css/style.css

104.26.14.102

200 OK

249 kB

URL GET
i.doodcdn.io/theme_2/css/style.css
IP
104.26.14.102:443
ASN
#13335 CLOUDFLARENET

Requested by
https://do7go.com/e/https/doodstream.com/d/8rsoqn6rsiiy
Certificate
IssuerGoogle Trust Services
Subjectdoodcdn.io
Fingerprint55:EE:8C:FC:C3:6E:6C:90:2B:D0:6B:34:0E:02:CA:FA:E1:1A:08:16
ValidityWed, 05 Mar 2025 17:45:54 GMT - Tue, 03 Jun 2025 18:44:30 GMT

File type
ASCII text
Size
249 kB (249272 bytes)
Hash
59b293159a38ec92d8bd5fa4d09f8d59
7167b460de2cb4d2534163de707b0aa0e84b73cf
3f81f845eb11d647c4bd80b76d7af054203e52eab24bc359ddd5cb4f33efddd4

HTTP Headers

GET /theme_2/css/style.css HTTP/1.1
Host: i.doodcdn.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://do7go.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 27 Apr 2025 18:57:29 GMT
content-type: text/css
content-length: 40748
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
cache-control: public, max-age=2592000
expires: Sun, 26 Apr 2026 03:36:35 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 69238
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZlJ6BZL8ZZtU5F6YLSTCKpzIgwdQdb8%2BRC9Bo%2FNTl4QHTa2bOohnz9qf2%2FY84rfH4yCmY0F9gJMMg8%2BfVTz%2FfkC%2ByruGXqIu%2FL8UnNPJIsC1dCOpG%2FNY7GFOZ5fxqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 93708bbd8bace4d3-RIX
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16694&min_rtt=15492&rtt_var=4532&sent=12&recv=11&lost=0&retrans=0&sent_bytes=6921&recv_bytes=1365&delivery_rate=280258&cwnd=252&unsent_bytes=0&cid=021428768d8acaad&ts=57&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (22)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML