cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
200 OK 28 kB URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (65451)
Hash 220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 Nov 2023 04:56:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1305931
expires: Tue, 29 Oct 2024 04:56:55 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RMLAw9D3%2Fuye8n%2F3%2FQHcynLysoItxyc%2FJRPSkeGLMpLZJzJ3m4U9TGDjzH1qMrsa3qfGJUdOH%2FQeVJzyEZEvb7Tu%2BqSFAYGG7fWr73B7Uw2JoJn2dUzJ%2FJlOK49%2BBjBKb6m10eNW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 823378d52f1b56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
200 OK 591 B URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (1266)
Hash 4412bf8023109ee9eb1f1f226d391329
c273960aa874a87dd022b5e597887142f1b8e34f
d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6
GET /ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 Nov 2023 04:56:55 GMT
content-type: application/javascript; charset=utf-8
content-length: 591
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec1-514"
last-modified: Mon, 04 May 2020 16:11:45 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1041453
expires: Tue, 29 Oct 2024 04:56:55 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Cud3ZPuY7xMREE9%2BeZTCG%2FTpyI2tYRpnxgArwcs6XnTxyZZ76Pkn6zJKu1NtAKPQd11NRE0lKB2OkjvqCMI%2BGAByFk7NSNpLnbY1DzKqtEOmUas02z7H3xE63ig5LdwrpHZxlx8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 823378d52f1e56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
i.doodcdn.co/img/no_video_3.svg
200 OK 2.8 kB URL GET HTTP/2 i.doodcdn.co/img/no_video_3.svg
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (2789)
Hash 077bfdaa49ae4877a42611b739ec4752
a2f9e1222b7af9abc05122411ab8902efcc08ead
70d6a17097a8c27edfaad6740e11359d9363f3f04bff1b93483e29c25609fa6c
GET /img/no_video_3.svg HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Nov 2023 04:56:55 GMT
content-type: image/svg+xml
content-length: 2812
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
etag: "61d3187c-afc"
expires: Fri, 08 Dec 2023 09:08:58 GMT
cache-control: public, max-age=2592000, no-transform
access-control-allow-origin: *
cf-cache-status: HIT
age: 71210
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rN7G0BfknJ5Es2vZMpkokrs980MGPGSkS7s5N98UmbTXlZEJipzyJNN9tdh6O29gjw0pCgGRURAoAFUdcM7WmSc35jVom2WS6BCjf7ru1Bom73Sc7WJo5atltnpOYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 823378d56c165684-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ds2play.com/sw.js
200 OK 40 kB IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerGoogle Trust Services LLC
Subjectds2play.com
Fingerprint0A:7A:CF:94:04:1E:5B:57:DE:1C:3F:A9:F0:84:10:0E:4F:46:7D:84
ValidityMon, 02 Oct 2023 11:28:28 GMT - Sun, 31 Dec 2023 11:28:27 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 5a640158e056b33f4b8d128d6391abfe
771038c5e54ac3ea809bf5243aa17214ada6faeb
38a182529482fb6c78544580680b0fcd567260a220e36f8b208f65043289469e
GET /sw.js HTTP/1.1
Host: ds2play.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/d/rjc2fd8wnhne
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 Nov 2023 04:56:55 GMT
content-type: application/javascript
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
cache-control: public, max-age=2592000
expires: Sun, 27 Oct 2024 03:53:24 GMT
vary: Accept-Encoding,User-Agent
access-control-allow-origin: *
cf-cache-status: HIT
age: 1040611
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UktPRZpL4nEM1jpWmuc7wR%2FIbAe4BlFVsNYbVRsudNRwiqlJYNODjf07z%2FZREBQHTBccPcwnq8wSEkRJyZN%2BfolIZXarSh9VyCni7Ee7M6SP2sUXFAQewyXBHSZ%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 823378d52df356be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
ocsp.buypass.com/
1.7 kB IP
ASN #20940 Akamai International B.V.
Hash 77984995ae32b6f955a8ff4b952d462c
4889dec7ab8dc7127e6ad82848592eeb18105c41
203a40744d6e26d6d7eb2b49d9ebe36f0ad997ce97170bd610d3d6e0f34a8178
POST / HTTP/1.1
Host: ocsp.buypass.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 78
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Access-Control-Allow-Origin: https://www.buypass.no
Access-Control-Allow-Headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Buypass-Session-Id,X-Buypass-Locale
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET,POST
MDC-correlationId: 1c7cef48-0fa3-477b-991a-b226fd8dd476
Content-Length: 1704
Date: Thu, 09 Nov 2023 04:56:56 GMT
Connection: keep-alive
i.doodcdn.co/theme_2/fonts/avertastd-regular-webfont.woff2
200 OK 24 kB URL GET HTTP/3 i.doodcdn.co/theme_2/fonts/avertastd-regular-webfont.woff2
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 23812, version 1.524\012- data
Hash eb586e5a1b86dbf1c866e3ed80f9d18e
280ee78d19c017ab9335f769595e5157d3c4a343
714e70103deac0d67f52a6285c5fabee6088ce4d710ce7e74353503837038baf
GET /theme_2/fonts/avertastd-regular-webfont.woff2 HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://i.doodcdn.co/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 Nov 2023 04:56:56 GMT
content-type: font/woff2
content-length: 23812
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
cache-control: max-age=2592000
expires: Fri, 08 Dec 2023 09:09:05 GMT
vary: User-Agent,Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 70635
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xC7yamFNw8FHnyHsrwIUuIZQPz6s1Wz%2Bju62Q3NY%2BBKtE7XXyHWdl1w89oMtc4WGGhxZFBdVPmFmPNHPOJ4lko9kj0YFdP0UpwZfL6zPW2xsTY%2B1pr0M11TcEctHqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 823378d89b28568a-OSL
alt-svc: h3=":443"; ma=86400
i.doodcdn.co/theme_2/css/fontawesome/webfonts/fa-duotone-900.woff2
200 OK 184 kB URL GET HTTP/3 i.doodcdn.co/theme_2/css/fontawesome/webfonts/fa-duotone-900.woff2
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 184476, version 330.-16253\012- data
Size 184 kB (184476 bytes)
Hash 2a6dec1227f9970376f578270a642d06
150a6a7ffdec6e2e2ff4c712d7cee8bd9b930284
e228b909313044a18dec1a674cfd4935071c36eb3eb6a0cd38a45afac6ae3996
GET /theme_2/css/fontawesome/webfonts/fa-duotone-900.woff2 HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://i.doodcdn.co/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 Nov 2023 04:56:56 GMT
content-type: font/woff2
content-length: 184476
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
cache-control: max-age=2592000
expires: Fri, 08 Dec 2023 02:07:08 GMT
vary: User-Agent,Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 70635
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ici9IR5PNlqwNyzMRZBgeTvCsz09lPCuJT7Dd%2Fw6dvjvfG%2FkcbuPHI8sNHcJtFwRBQVz2FTK2jjvkh7EzAst9HAmIKb%2B7X%2BNxU6xe5h7XQUtxqLw%2Fem2rqTq3FXxqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 823378d89b29568a-OSL
alt-svc: h3=":443"; ma=86400
i.doodcdn.co/theme_2/fonts/avertastd-bold-webfont.woff2
200 OK 24 kB URL GET HTTP/3 i.doodcdn.co/theme_2/fonts/avertastd-bold-webfont.woff2
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 23604, version 1.0\012- data
Hash e9133fd11f14c09a2e4556c395a0ef7d
00fad09605f3342df5c9aeba130156fe19ade8b0
06244cc9cd0c998581b1bf93f5222deee7d2d0b09299190e163961afa973ba91
GET /theme_2/fonts/avertastd-bold-webfont.woff2 HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://i.doodcdn.co/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 Nov 2023 04:56:56 GMT
content-type: font/woff2
content-length: 23604
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
cache-control: max-age=2592000
expires: Fri, 08 Dec 2023 05:09:14 GMT
vary: User-Agent,Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 70635
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=busejV1aLQtLBWa%2FKZtbGWAqTbw4anNM96s733UKGfU95Fyw%2BpyuSk7%2FjbptK0wZCRq4MUL4rqY1zqJn4KjAOrRp9zRCiuwVPsd81rUpM1PKsV0cFK915h3METUOHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 823378d89b2a568a-OSL
alt-svc: h3=":443"; ma=86400
alas4kanmfa6a4mubte.com/get/1841679?zoneid=1841679&jp=_clb8l958o94jtdztbg82y4&nojs=0&abvar=0&febuild=1.0.175&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=7711203184389632&eclog=0&sp=1&im=1&freq=0
200 OK 30 kB URL GET HTTP/2 alas4kanmfa6a4mubte.com/get/1841679?zoneid=1841679&jp=_clb8l958o94jtdztbg82y4&nojs=0&abvar=0&febuild=1.0.175&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=7711203184389632&eclog=0&sp=1&im=1&freq=0
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerBuypass AS-983163327
Subject
Fingerprint3C:C9:DB:58:84:6B:51:6F:88:43:25:C5:E8:40:4C:61:4B:C5:F7:1C
ValiditySat, 28 Oct 2023 08:15:18 GMT - Wed, 24 Apr 2024 21:59:00 GMT
File type gzip compressed data, from Unix\012- data
Hash b61be3a7f8392d80152cccfd57867312
374ea6c3ec3d579ff8b2b95ee871506e65c4b119
22281561225649ee0cc99b84197e408582f9d3a02adf32ef1fb0ca70ae165d7a
GET /get/1841679?zoneid=1841679&jp=_clb8l958o94jtdztbg82y4&nojs=0&abvar=0&febuild=1.0.175&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=7711203184389632&eclog=0&sp=1&im=1&freq=0 HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 04:56:56 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: CHCK=1; Path=/; Expires=Thu, 12 Dec 2024 04:56:56 GMT; Secure; SameSite=None
UID=2311082356d2cb7d0159744ac381700f0f17; Path=/; Expires=Thu, 12 Dec 2024 04:56:56 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
alas4kanmfa6a4mubte.com/get/1841674?zoneid=1841674&jp=_cljjiblcs9k4dn0nz3s7y4&nojs=0&abvar=0&febuild=1.0.175&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=5459403370674176&eclog=0&sp=1&im=1&freq=0
200 OK 3.1 kB URL GET HTTP/2 alas4kanmfa6a4mubte.com/get/1841674?zoneid=1841674&jp=_cljjiblcs9k4dn0nz3s7y4&nojs=0&abvar=0&febuild=1.0.175&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=5459403370674176&eclog=0&sp=1&im=1&freq=0
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerBuypass AS-983163327
Subject
Fingerprint3C:C9:DB:58:84:6B:51:6F:88:43:25:C5:E8:40:4C:61:4B:C5:F7:1C
ValiditySat, 28 Oct 2023 08:15:18 GMT - Wed, 24 Apr 2024 21:59:00 GMT
File type gzip compressed data, from Unix\012- data
Hash 80a27414b3ad32654eadb15b2f47ab4c
d0d5c3d72238eaaef7f2636fbf549c61b4c20411
30e559727eba3543bd2030c3cf0776d0e09bc3f4dc89aacf99bd1f498f27fce1
GET /get/1841674?zoneid=1841674&jp=_cljjiblcs9k4dn0nz3s7y4&nojs=0&abvar=0&febuild=1.0.175&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=5459403370674176&eclog=0&sp=1&im=1&freq=0 HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 04:56:56 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: CHCK=1; Path=/; Expires=Thu, 12 Dec 2024 04:56:56 GMT; Secure; SameSite=None
UID=2311082356de8f4449aa55498abf258f4144; Path=/; Expires=Thu, 12 Dec 2024 04:56:56 GMT; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ds2play.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js
200 OK 3.3 kB URL GET HTTP/3 ds2play.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerGoogle Trust Services LLC
Subjectds2play.com
Fingerprint0A:7A:CF:94:04:1E:5B:57:DE:1C:3F:A9:F0:84:10:0E:4F:46:7D:84
ValidityMon, 02 Oct 2023 11:28:28 GMT - Sun, 31 Dec 2023 11:28:27 GMT
File type ASCII text, with very long lines (7280), with no line terminators
Hash 98cdd5df72fcc54b8cb61db8c0d3e84a
6d93983bbb83d0f507f65809930a6a70cd76f56a
b47290c04c0010d95deff41319c3f10c5d1daad85c08d8448e4e19785868054d
GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js HTTP/1.1
Host: ds2play.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: lang=1; dref_url=none
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 Nov 2023 04:56:56 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
x-content-type-options: nosniff
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=za2%2BBUIIXn84gBY4OImkAVkmtHghyTFuEueSwCEvgTSOoGa%2FC774dD4ICVlX08FYStkwiUhfxBypzxVV2Byw3yfcgGL%2FDV7sS%2BP4GwxO5TsneEyzVqpjk%2FuZDOpo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 823378d92f2156be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
i.doodcdn.co/js/embed2.js
200 OK 339 kB URL GET HTTP/3 i.doodcdn.co/js/embed2.js
IP
Requested by https://ds2play.com/e/rjc2fd8wnhne
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Size 339 kB (339271 bytes)
Hash cac27d72c22014f70500e507a7a82231
edcac36287bfc654b2ee6c0fe0727cdc725a9fe5
01c49e02b98bc8a4275650b65787cdd100c362abc7e54e8b9e99396b6117c2c6
GET /js/embed2.js HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 Nov 2023 04:56:56 GMT
content-type: application/javascript
content-length: 339271
access-control-allow-origin: *
cache-control: public, max-age=2592000, no-transform
cf-bgj: minify
cf-polished: origSize=339527
etag: "61d3187c-52e47"
expires: Thu, 07 Dec 2023 11:15:17 GMT
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
cf-cache-status: HIT
age: 71219
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eH8fONy9X7kBPNiuE9Im6R82ZqZtYbS%2BN7taP3ir6PeJbi8XzlOIIfkUWCbVEl8bM4ShCifur%2BVarFAOEJT7SJ2xDvKR%2BhaYbq4KzUJnx3BH7YYxojhqJqXEvOkzEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 823378d96a1156aa-OSL
alt-svc: h3=":443"; ma=86400
img.doodcdn.co/splash/shu9ub6f2qnnbamh.jpg
200 OK 42 kB URL GET HTTP/3 img.doodcdn.co/splash/shu9ub6f2qnnbamh.jpg
IP
Requested by https://ds2play.com/e/rjc2fd8wnhne
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 403x715, components 3\012- data
Hash e9e6f631afe3fc2552912527dabe7b1e
df3d6de3673a48b6b507ac5515c1556649298bc6
0b36089e6ba2ec650ac1b217daad3de4d21234483b7a47ba2ca60943e78e8117
GET /splash/shu9ub6f2qnnbamh.jpg HTTP/1.1
Host: img.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 Nov 2023 04:56:56 GMT
content-type: image/jpeg
content-length: 41496
access-control-allow-origin: *
cache-control: max-age=1209600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=42461
etag: "654b2efa-a5dd"
expires: Wed, 22 Nov 2023 16:42:35 GMT
last-modified: Wed, 08 Nov 2023 06:47:22 GMT
cf-cache-status: HIT
age: 33940
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FjuaylmrupJCYbcxLT95OmUHWpp3Dti162GL6UVGjmXlytHExN8vcueEgEEUfvY80Uln8bSXeg%2Bubw0vVLZA2Nqo70ZDZ7ZrrR7v1qYn6om6IgLkne6C0G9iQa%2F4fV4S"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 823378d97a1856aa-OSL
alt-svc: h3=":443"; ma=86400
ocsp.buypass.com/
1.7 kB IP
ASN #20940 Akamai International B.V.
Hash f6c25b4a18bec2e02721b4173223a75a
f35e40f716a7bda095ffffac618162daa239c87c
e8df89433cee8d91758d2024c97e24ad0df86926ff61199f8f443082fc905d8b
POST / HTTP/1.1
Host: ocsp.buypass.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 78
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Access-Control-Allow-Origin: https://www.buypass.no
Access-Control-Allow-Headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Buypass-Session-Id,X-Buypass-Locale
Access-Control-Allow-Credentials: false
Access-Control-Allow-Methods: GET,POST
MDC-correlationId: 73fcb611-9f9d-403d-8d85-7bd20f592ced
Content-Length: 1704
Date: Thu, 09 Nov 2023 04:56:56 GMT
Connection: keep-alive
ds2play.com/favicon.ico
200 OK 15 kB IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerGoogle Trust Services LLC
Subjectds2play.com
Fingerprint0A:7A:CF:94:04:1E:5B:57:DE:1C:3F:A9:F0:84:10:0E:4F:46:7D:84
ValidityMon, 02 Oct 2023 11:28:28 GMT - Sun, 31 Dec 2023 11:28:27 GMT
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash 30d3656f43c817e38c3e7d70b2bfbdad
1aa43b43755e7cba5e145d0978517f7bedad7da6
a558a4796f60f07743027eec96b538b2e7758cca8c544ed796ff745837478555
GET /favicon.ico HTTP/1.1
Host: ds2play.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/d/rjc2fd8wnhne
Cookie: lang=1; dref_url=none
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 Nov 2023 04:56:56 GMT
content-type: image/x-icon
content-length: 15406
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
etag: "61d3187c-3c2e"
expires: Sun, 26 Nov 2023 01:58:19 GMT
cache-control: public, max-age=2592000, no-transform
access-control-allow-origin: *
cf-cache-status: HIT
age: 1133917
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xu9pHq2y0VhI6cOHPe6MBF6yE%2BXH2S9DU1oZv6ZOx2JYT6NzA%2FK7qFnrY%2FBidv2VpLpWpmMDnXOX6tVUaX98m2otvwaS73gB8rQJ4FN%2FetKVsVaTAca%2B%2Fy8wMDUa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 823378daaf8e56be-OSL
alt-svc: h3=":443"; ma=86400
d3eub2e21dc6h0.cloudfront.net/?ebued=1004073
200 OK 70 kB URL GET HTTP/2 d3eub2e21dc6h0.cloudfront.net/?ebued=1004073
IP
Requested by https://ds2play.com/e/rjc2fd8wnhne
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (15948)
Hash 759f9a561342b551dd11f4db31775589
5bc7b5cb6f5ffe24929b9ee2226c1d991ebad459
96b814ad7522e94d0ea4a036662a6de7cca061c9930d6cad9ef90035ed376aa0
GET /?ebued=1004073 HTTP/1.1
Host: d3eub2e21dc6h0.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 69575
date: Thu, 09 Nov 2023 04:56:56 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: PmX0ZH1zTE7l0lZF7Es68_zncAxMZn3hStvw2ZcBmcFTA3JsmzqC9Q==
X-Firefox-Spdy: h2
fvcwqkkqmuv.com/aas/r45d/vki/1941940/b25e6007.js
200 OK 35 kB URL GET HTTP/2 fvcwqkkqmuv.com/aas/r45d/vki/1941940/b25e6007.js
IP
Requested by https://ds2play.com/e/rjc2fd8wnhne
Certificate IssuerBuypass AS-983163327
Subject
FingerprintF4:CF:5F:33:5D:62:A5:49:C0:ED:F4:A2:07:7B:6A:FC:5A:C8:EE:2D
ValiditySat, 28 Oct 2023 11:35:09 GMT - Wed, 24 Apr 2024 21:59:00 GMT
File type gzip compressed data, max speed, from Unix\012- data
Hash 37fe0adc1a321a5d42e5639b3f13ae03
2e0996fa29fc8adf3569a1ac90c626c6daf00277
25f5a95e2e6822503222bf0968e93a081daab30ae8de702898b02b0b24a15b0c
GET /aas/r45d/vki/1941940/b25e6007.js HTTP/1.1
Host: fvcwqkkqmuv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 04:56:56 GMT
content-type: application/javascript
last-modified: Wed, 08 Nov 2023 10:24:08 GMT
vary: Accept-Encoding
etag: W/"654b61c8-15ec1"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.tsyndicate.com/sdk/v1/p.js
200 OK 4.5 kB URL GET HTTP/2 cdn.tsyndicate.com/sdk/v1/p.js
IP
Requested by https://ds2play.com/e/rjc2fd8wnhne
Certificate IssuerSectigo Limited
Subjectcdn.tsyndicate.com
FingerprintB6:87:8F:D6:E3:48:CF:61:4E:55:B9:6B:66:FC:B2:13:7F:A0:0D:BA
ValidityWed, 14 Jun 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (9503)
Hash 6d87c24f44c88210f6bb07862a74ab82
25793c9b128a92b8393aa9f3f0f21717ae14e4e1
311cba72a3181f33f1b4e39a56e15c5344b97bd82987f64cabd1ed1f2bd340e1
GET /sdk/v1/p.js HTTP/1.1
Host: cdn.tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 Nov 2023 04:56:57 GMT
content-type: application/javascript
content-length: 4524
server: nginx
last-modified: Mon, 30 Oct 2023 10:14:53 GMT
x-robots-tag: noindex, nofollow
vary: Accept-Encoding
etag: W/"653f821d-256b"
content-encoding: gzip
age: 844342
accept-ranges: bytes
X-Firefox-Spdy: h2
forfeitsubscribe.com/6f/0a/93/6f0a93cda652e64b72651fd9588be3d4.js
200 OK 13 kB URL GET HTTP/1.1 forfeitsubscribe.com/6f/0a/93/6f0a93cda652e64b72651fd9588be3d4.js
IP
Requested by https://ds2play.com/e/rjc2fd8wnhne
Certificate IssuerLet's Encrypt
Subjectforfeitsubscribe.com
Fingerprint65:BE:57:54:30:D3:E8:59:82:44:11:D4:47:0E:B6:94:40:3E:D2:1D
ValidityFri, 29 Sep 2023 06:32:51 GMT - Thu, 28 Dec 2023 06:32:50 GMT
File type ASCII text, with very long lines (35668), with no line terminators
Hash deaf3793d88d70980f292ef645cfa50f
0366ba259fded17bf726691f2988e5ab1fbb0aca
6f9e8a0baed8e5ca22640c24515b92445a1954353672675613406d0d8dc9eb29
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /6f/0a/93/6f0a93cda652e64b72651fd9588be3d4.js HTTP/1.1
Host: forfeitsubscribe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 09 Nov 2023 04:56:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b37efba8e8248aadac7b0cfe7f54b001
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.bncloudfl.com/bn/e40/a84/f5d/e40a84f5d2e235c36c82b0b78729a91882165219.gif
200 OK 17 kB URL GET HTTP/2 cdn.bncloudfl.com/bn/e40/a84/f5d/e40a84f5d2e235c36c82b0b78729a91882165219.gif
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA0:6F:CE:1E:5C:62:F4:89:8E:4E:0C:40:FE:AE:79:4C:83:7B:90:C8
ValidityFri, 31 Mar 2023 00:00:00 GMT - Sat, 30 Mar 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 0f3e4ebd331dc64badc43edeaaa908f4
9cee9ce61966f9025b75b3abd438ac978fac038e
15350e42f88d89e9e26b849600b9c72a3dd639c15ef38df8f286fb2b4f285720
GET /bn/e40/a84/f5d/e40a84f5d2e235c36c82b0b78729a91882165219.gif HTTP/1.1
Host: cdn.bncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 Nov 2023 04:56:57 GMT
content-type: image/webp
content-length: 16776
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
cache-control: max-age=432000
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=gif, origSize=18214
content-disposition: inline; filename="e40a84f5d2e235c36c82b0b78729a91882165219.webp"
etag: 7cb1ca7961c3972c7d69a4b4418d81e4
expires: Fri, 10 Nov 2023 05:55:23 GMT
last-modified: Mon, 13 Jun 2022 18:42:08 GMT
vary: Accept
x-openstack-request-id: txca1357d72b0442cfbb01e-0062d14ded
x-proxy-cache: HIT
x-timestamp: 1655145727.47780
x-trans-id: txca1357d72b0442cfbb01e-0062d14ded
cf-cache-status: HIT
age: 82894
accept-ranges: bytes
access-control-allow-origin: *
server: cloudflare
cf-ray: 823378dcea21712e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.pncloudfl.com/pn/454/390/9e8/4543909e8c06a6448fabf4c2f2f0fe401f47eeaf.webp
200 OK 38 kB URL GET HTTP/2 cdn.pncloudfl.com/pn/454/390/9e8/4543909e8c06a6448fabf4c2f2f0fe401f47eeaf.webp
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC6:42:10:11:EB:FA:38:01:62:34:DA:19:86:B6:89:D4:EF:B3:37:A8
ValidityFri, 31 Mar 2023 00:00:00 GMT - Sat, 30 Mar 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash a37053ccf03f31c8ff4411fcbee6f2c2
4543909e8c06a6448fabf4c2f2f0fe401f47eeaf
93e2a33ba923ac0cf3f63319adf85ee684036b1ce5b5ae768bdeafa9dd6b2536
GET /pn/454/390/9e8/4543909e8c06a6448fabf4c2f2f0fe401f47eeaf.webp HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 Nov 2023 04:56:57 GMT
content-type: application/octet-stream
content-length: 38328
etag: a37053ccf03f31c8ff4411fcbee6f2c2
last-modified: Fri, 28 Apr 2023 13:32:57 GMT
x-timestamp: 1682688776.79005
x-trans-id: tx1b550b7b438c4dc58b8d6-00645b68a0
x-openstack-request-id: tx1b550b7b438c4dc58b8d6-00645b68a0
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
expires: Fri, 10 Nov 2023 03:17:23 GMT
x-proxy-cache: HIT
cf-cache-status: HIT
age: 92374
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
server: cloudflare
cf-ray: 823378dcf98256cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.pncloudfl.com/pn/d93/c4d/1bd/d93c4d1bda0881b19d859863527f8941eb799901.webp
200 OK 42 kB URL GET HTTP/2 cdn.pncloudfl.com/pn/d93/c4d/1bd/d93c4d1bda0881b19d859863527f8941eb799901.webp
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC6:42:10:11:EB:FA:38:01:62:34:DA:19:86:B6:89:D4:EF:B3:37:A8
ValidityFri, 31 Mar 2023 00:00:00 GMT - Sat, 30 Mar 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash 56c21bea85cde9e996ee36fc1bc5f5ec
d93c4d1bda0881b19d859863527f8941eb799901
a816d64f07105c33b4877cd7a03c9bf525df53ae2a317e79db1362c9d9439aca
GET /pn/d93/c4d/1bd/d93c4d1bda0881b19d859863527f8941eb799901.webp HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 Nov 2023 04:56:57 GMT
content-type: application/octet-stream
content-length: 42140
etag: 56c21bea85cde9e996ee36fc1bc5f5ec
last-modified: Fri, 28 Apr 2023 13:32:59 GMT
x-timestamp: 1682688778.99001
x-trans-id: tx23d7a3ec145c494db69b2-00645b7128
x-openstack-request-id: tx23d7a3ec145c494db69b2-00645b7128
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
expires: Sat, 11 Nov 2023 02:06:59 GMT
x-proxy-cache: HIT
cf-cache-status: HIT
age: 10198
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
server: cloudflare
cf-ray: 823378dce97c56cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
pringed.space/OFBKMkJDcjlFHU0iJhB4Gjg%2BRjJLamUdJktiOl4jQX4pXS8XIz0cKEtyZhAxVTZoCHMUcjlfNBpqaAZsCHJmEDZZNxVbJhpqaAtwDmh4AmAUcjlHIGc5LgBgAnIsByYJaXkFIBVieVYgFWQrVHEVaSwDchVhflZyDml6BSMOMngQPw
200 OK 71 kB URL GET HTTP/2 pringed.space/OFBKMkJDcjlFHU0iJhB4Gjg%2BRjJLamUdJktiOl4jQX4pXS8XIz0cKEtyZhAxVTZoCHMUcjlfNBpqaAZsCHJmEDZZNxVbJhpqaAtwDmh4AmAUcjlHIGc5LgBgAnIsByYJaXkFIBVieVYgFWQrVHEVaSwDchVhflZyDml6BSMOMngQPw
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerLet's Encrypt
Subjectpringed.space
Fingerprint61:60:26:09:B2:D1:EE:84:94:9E:1B:AE:F7:7B:3B:8D:BF:AF:5B:D5
ValiditySun, 29 Oct 2023 11:43:32 GMT - Sat, 27 Jan 2024 11:43:31 GMT
File type gzip compressed data, from Unix\012- data
Hash 28e478e102049432a03123143928f9ca
b8345f8614e813e1f5842e5ba2eb3790c1690778
346cf8687c118fc00115782864b40beb7afe73c1337a5ab333101bfc180e8890
GET /OFBKMkJDcjlFHU0iJhB4Gjg%2BRjJLamUdJktiOl4jQX4pXS8XIz0cKEtyZhAxVTZoCHMUcjlfNBpqaAZsCHJmEDZZNxVbJhpqaAtwDmh4AmAUcjlHIGc5LgBgAnIsByYJaXkFIBVieVYgFWQrVHEVaSwDchVhflZyDml6BSMOMngQPw HTTP/1.1
Host: pringed.space
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
set-cookie: 5200faf0b8cefc0aec582adfa21ebeb8=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
etag: W/"de71-ZlGGB7VUxOM9mK9niEL+FuqKzBg"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
alas4kanmfa6a4mubte.com/chicken.gif?z=1841679&pb=55ac71f9eb7cc24c269e7e3728696b751699513016&psp=LKPrerM_ZC0XlPu4P_ENTPlD0c707k4wI4EVuvHmGBwrmvbxw2hJTjP-EuD2Mb8e35jbpRxtiHKxeLKWYaR-DrmBYXw7d-XZLpnd3hJOqAdYZ4fQcNcl15emg730N6PLHFCHNMWLgnUzCKmy10Ci5_kcVwUBCRqU9RLmWGphcn21_-S6J0Hb4kjGIMtS61jLpi3Te_6V2lDmsM0LzJb7Z-4QrZWZB8e_I93ZlSKZptoXU2owThLPRVAH4dJGTJQyCwTBbgRD379xm5OEav5_JN6eGBiR137j3NtpR8IxKmBOe7ZuOnAHXVVfRLeSoPz-3ttuJU3JDaqAAb4CZq_svdTxFa_pZ32OqlOTXHq8kZXSocvbfCulguthjibf2KRs6-Jn73IqATGQMT4MbuSyu9fYRqVVzTNvTP037odBVO_pr9_FqYkduAkhqusSiv0T53rn9fQYozUKnRlSEbQjf6VRyhm3WN1v4hTo81OgFA36qvSJFs5beRLgZjmoDUd6afLVw8UQNTXcm5r0vH6H0hZelNS5oJxR6GmQ-6FcfPPAiAfJTpjaNiucm5p0Y3AGrRpRjwA2fgRoHgUlYRRvBYSgaeh0ThWg50s0jEo2JHo7ZJlA6Q5kZcjqB1aU25ebYtKb05y8S4kAdUQboGgfdfncPv7eXKyjxwkE-X9DdqybNCeX0WW7-5P2Jh42bxNveHxB7wvqVWXHrsIJkUk36v4tNMYu4W9gOja3WAtMnetsgRD_vDBlURaS1MTf8mBiGyUKXJZ-a3-LKZuq9Rp-hORCttHtvF-BLyUYVcT5bb6oMXiw2_4A9iLhIHCBJiiyPqGwmDcqyqsJnm6MvRJAg1cgxcmHGYZ4pwsmqaTBSjcXz9O4bPYPDVUrMyyRnCVit4n9gNJh_-0r6nmCY5uAvBjRILqcs0aU8IiW9ya4JD4RslgceZZDsLrduR3iD31mlDBt_xCh7MVISCYUhvPoGpUi9bSjolikOGSdres7pR2J8hoxtRtMJxnYf-GfMAzPPpY1AfzwuEsJ&im=1&freq=0&nojs=0&abvar=0&febuild=1.0.175&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=7711203184389632&eclog=0&sp=1&im=1&pload=283
200 OK 43 B URL GET HTTP/2 alas4kanmfa6a4mubte.com/chicken.gif?z=1841679&pb=55ac71f9eb7cc24c269e7e3728696b751699513016&psp=LKPrerM_ZC0XlPu4P_ENTPlD0c707k4wI4EVuvHmGBwrmvbxw2hJTjP-EuD2Mb8e35jbpRxtiHKxeLKWYaR-DrmBYXw7d-XZLpnd3hJOqAdYZ4fQcNcl15emg730N6PLHFCHNMWLgnUzCKmy10Ci5_kcVwUBCRqU9RLmWGphcn21_-S6J0Hb4kjGIMtS61jLpi3Te_6V2lDmsM0LzJb7Z-4QrZWZB8e_I93ZlSKZptoXU2owThLPRVAH4dJGTJQyCwTBbgRD379xm5OEav5_JN6eGBiR137j3NtpR8IxKmBOe7ZuOnAHXVVfRLeSoPz-3ttuJU3JDaqAAb4CZq_svdTxFa_pZ32OqlOTXHq8kZXSocvbfCulguthjibf2KRs6-Jn73IqATGQMT4MbuSyu9fYRqVVzTNvTP037odBVO_pr9_FqYkduAkhqusSiv0T53rn9fQYozUKnRlSEbQjf6VRyhm3WN1v4hTo81OgFA36qvSJFs5beRLgZjmoDUd6afLVw8UQNTXcm5r0vH6H0hZelNS5oJxR6GmQ-6FcfPPAiAfJTpjaNiucm5p0Y3AGrRpRjwA2fgRoHgUlYRRvBYSgaeh0ThWg50s0jEo2JHo7ZJlA6Q5kZcjqB1aU25ebYtKb05y8S4kAdUQboGgfdfncPv7eXKyjxwkE-X9DdqybNCeX0WW7-5P2Jh42bxNveHxB7wvqVWXHrsIJkUk36v4tNMYu4W9gOja3WAtMnetsgRD_vDBlURaS1MTf8mBiGyUKXJZ-a3-LKZuq9Rp-hORCttHtvF-BLyUYVcT5bb6oMXiw2_4A9iLhIHCBJiiyPqGwmDcqyqsJnm6MvRJAg1cgxcmHGYZ4pwsmqaTBSjcXz9O4bPYPDVUrMyyRnCVit4n9gNJh_-0r6nmCY5uAvBjRILqcs0aU8IiW9ya4JD4RslgceZZDsLrduR3iD31mlDBt_xCh7MVISCYUhvPoGpUi9bSjolikOGSdres7pR2J8hoxtRtMJxnYf-GfMAzPPpY1AfzwuEsJ&im=1&freq=0&nojs=0&abvar=0&febuild=1.0.175&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=7711203184389632&eclog=0&sp=1&im=1&pload=283
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerBuypass AS-983163327
Subject
Fingerprint3C:C9:DB:58:84:6B:51:6F:88:43:25:C5:E8:40:4C:61:4B:C5:F7:1C
ValiditySat, 28 Oct 2023 08:15:18 GMT - Wed, 24 Apr 2024 21:59:00 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
GET /chicken.gif?z=1841679&pb=55ac71f9eb7cc24c269e7e3728696b751699513016&psp=LKPrerM_ZC0XlPu4P_ENTPlD0c707k4wI4EVuvHmGBwrmvbxw2hJTjP-EuD2Mb8e35jbpRxtiHKxeLKWYaR-DrmBYXw7d-XZLpnd3hJOqAdYZ4fQcNcl15emg730N6PLHFCHNMWLgnUzCKmy10Ci5_kcVwUBCRqU9RLmWGphcn21_-S6J0Hb4kjGIMtS61jLpi3Te_6V2lDmsM0LzJb7Z-4QrZWZB8e_I93ZlSKZptoXU2owThLPRVAH4dJGTJQyCwTBbgRD379xm5OEav5_JN6eGBiR137j3NtpR8IxKmBOe7ZuOnAHXVVfRLeSoPz-3ttuJU3JDaqAAb4CZq_svdTxFa_pZ32OqlOTXHq8kZXSocvbfCulguthjibf2KRs6-Jn73IqATGQMT4MbuSyu9fYRqVVzTNvTP037odBVO_pr9_FqYkduAkhqusSiv0T53rn9fQYozUKnRlSEbQjf6VRyhm3WN1v4hTo81OgFA36qvSJFs5beRLgZjmoDUd6afLVw8UQNTXcm5r0vH6H0hZelNS5oJxR6GmQ-6FcfPPAiAfJTpjaNiucm5p0Y3AGrRpRjwA2fgRoHgUlYRRvBYSgaeh0ThWg50s0jEo2JHo7ZJlA6Q5kZcjqB1aU25ebYtKb05y8S4kAdUQboGgfdfncPv7eXKyjxwkE-X9DdqybNCeX0WW7-5P2Jh42bxNveHxB7wvqVWXHrsIJkUk36v4tNMYu4W9gOja3WAtMnetsgRD_vDBlURaS1MTf8mBiGyUKXJZ-a3-LKZuq9Rp-hORCttHtvF-BLyUYVcT5bb6oMXiw2_4A9iLhIHCBJiiyPqGwmDcqyqsJnm6MvRJAg1cgxcmHGYZ4pwsmqaTBSjcXz9O4bPYPDVUrMyyRnCVit4n9gNJh_-0r6nmCY5uAvBjRILqcs0aU8IiW9ya4JD4RslgceZZDsLrduR3iD31mlDBt_xCh7MVISCYUhvPoGpUi9bSjolikOGSdres7pR2J8hoxtRtMJxnYf-GfMAzPPpY1AfzwuEsJ&im=1&freq=0&nojs=0&abvar=0&febuild=1.0.175&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=7711203184389632&eclog=0&sp=1&im=1&pload=283 HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: CHCK=1; UID=2311082356d2cb7d0159744ac381700f0f17
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 04:56:57 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
alas4kanmfa6a4mubte.com/chicken.gif?z=1841674&pb=55ac71f9eb7cc24c269e7e3728696b751699513016&psp=pY3StLYZZTTC7sIrlaQD3--_qkKZX5TFcptGdjqzBTQnQMjj9BjyDvv9N7XENDEufeBJXWLGFDXW-fJ6d5LghWYsaFEEIOVPI3bU3J7to2jk8kakpUUmg8-UdDTy3IjCQpnu09KXwwGNlf94g64mIUOdU3CC6_oUHD9DKBdU7uakeqyN_IshyWPKbLt4iYhBPwviraWHmbOG06dL2R4JpuWRQhVQXTVRS3gyKwPvEVNHRVpWpDqaP0qSRmKPamIeF7gkFP_m-sprwJoCs1Md-b5I3x98KkpLlCCrkS26y63o6VeSZ8fiP9Wb1r-O68_aimXfU4ckjlR4CuD0UB2tZWzjWuPnCgT0ABwFDa4C1vUPTJtV_D1cZ0J35_4yHop_bVEtCJu18lb2iQVbk5fNgVBd4_0taCcj6qxvJ-z4z1PF_8BWb-zJD1HrpodxgEp4kOrvYgG50Zg1jPNw1aeo7fkOXQpXukEQFOTawKNTonPqdn1SMPDHT55OGsvcBJJOPf7sBz_RNV0EX8cEPsXahFrnMrJdOnRMlxBTYVcleVFAS_pmImURPKsjt9Te5PjJgvhMOZM5JWzbxdtxmSwVrBOqcDKycSA9RzQXfkkcehi0nKQnGOTpK48SAt2O5DRC7AkqDj8tqaxrMCWxx0p7GWmuo6p5F2nW0FmvUAs_rRL1231-UrJE23KrCAe1GkjQYxbouqvvZH2MgdGdmDdvTpNCdCE46XQLvTCuRwm7em1KdbMOUcY-PfB_rmfBLYwwk29kAoUXu_cqTed5eK_dDgUqeC_CCR3VCoUEiMeymhekyMpGoFlQFrYc9bNKSxFEf_O_mWvj4tNu3VfI3_ZiIPdp4dgXuUp0VUB46J5jNLcHIb11LyNKSVDWvGBpanMLrMvmsRO_sZjErdxBTbV8jX8C2MdzHFB72Ki3HIfZ_EF1bKCj0nDtoUIoDXDb0wqTbzH0n2UAm0nayjHd3kAw7hIufSS9WOS4zuImHqsuildCK_qd0g2HrHTl2xwmyQk_KkLoVg31Jfb3&im=1&freq=0&nojs=0&abvar=0&febuild=1.0.175&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=5459403370674176&eclog=0&sp=1&im=1&pload=344
200 OK 43 B URL GET HTTP/2 alas4kanmfa6a4mubte.com/chicken.gif?z=1841674&pb=55ac71f9eb7cc24c269e7e3728696b751699513016&psp=pY3StLYZZTTC7sIrlaQD3--_qkKZX5TFcptGdjqzBTQnQMjj9BjyDvv9N7XENDEufeBJXWLGFDXW-fJ6d5LghWYsaFEEIOVPI3bU3J7to2jk8kakpUUmg8-UdDTy3IjCQpnu09KXwwGNlf94g64mIUOdU3CC6_oUHD9DKBdU7uakeqyN_IshyWPKbLt4iYhBPwviraWHmbOG06dL2R4JpuWRQhVQXTVRS3gyKwPvEVNHRVpWpDqaP0qSRmKPamIeF7gkFP_m-sprwJoCs1Md-b5I3x98KkpLlCCrkS26y63o6VeSZ8fiP9Wb1r-O68_aimXfU4ckjlR4CuD0UB2tZWzjWuPnCgT0ABwFDa4C1vUPTJtV_D1cZ0J35_4yHop_bVEtCJu18lb2iQVbk5fNgVBd4_0taCcj6qxvJ-z4z1PF_8BWb-zJD1HrpodxgEp4kOrvYgG50Zg1jPNw1aeo7fkOXQpXukEQFOTawKNTonPqdn1SMPDHT55OGsvcBJJOPf7sBz_RNV0EX8cEPsXahFrnMrJdOnRMlxBTYVcleVFAS_pmImURPKsjt9Te5PjJgvhMOZM5JWzbxdtxmSwVrBOqcDKycSA9RzQXfkkcehi0nKQnGOTpK48SAt2O5DRC7AkqDj8tqaxrMCWxx0p7GWmuo6p5F2nW0FmvUAs_rRL1231-UrJE23KrCAe1GkjQYxbouqvvZH2MgdGdmDdvTpNCdCE46XQLvTCuRwm7em1KdbMOUcY-PfB_rmfBLYwwk29kAoUXu_cqTed5eK_dDgUqeC_CCR3VCoUEiMeymhekyMpGoFlQFrYc9bNKSxFEf_O_mWvj4tNu3VfI3_ZiIPdp4dgXuUp0VUB46J5jNLcHIb11LyNKSVDWvGBpanMLrMvmsRO_sZjErdxBTbV8jX8C2MdzHFB72Ki3HIfZ_EF1bKCj0nDtoUIoDXDb0wqTbzH0n2UAm0nayjHd3kAw7hIufSS9WOS4zuImHqsuildCK_qd0g2HrHTl2xwmyQk_KkLoVg31Jfb3&im=1&freq=0&nojs=0&abvar=0&febuild=1.0.175&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=5459403370674176&eclog=0&sp=1&im=1&pload=344
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerBuypass AS-983163327
Subject
Fingerprint3C:C9:DB:58:84:6B:51:6F:88:43:25:C5:E8:40:4C:61:4B:C5:F7:1C
ValiditySat, 28 Oct 2023 08:15:18 GMT - Wed, 24 Apr 2024 21:59:00 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
GET /chicken.gif?z=1841674&pb=55ac71f9eb7cc24c269e7e3728696b751699513016&psp=pY3StLYZZTTC7sIrlaQD3--_qkKZX5TFcptGdjqzBTQnQMjj9BjyDvv9N7XENDEufeBJXWLGFDXW-fJ6d5LghWYsaFEEIOVPI3bU3J7to2jk8kakpUUmg8-UdDTy3IjCQpnu09KXwwGNlf94g64mIUOdU3CC6_oUHD9DKBdU7uakeqyN_IshyWPKbLt4iYhBPwviraWHmbOG06dL2R4JpuWRQhVQXTVRS3gyKwPvEVNHRVpWpDqaP0qSRmKPamIeF7gkFP_m-sprwJoCs1Md-b5I3x98KkpLlCCrkS26y63o6VeSZ8fiP9Wb1r-O68_aimXfU4ckjlR4CuD0UB2tZWzjWuPnCgT0ABwFDa4C1vUPTJtV_D1cZ0J35_4yHop_bVEtCJu18lb2iQVbk5fNgVBd4_0taCcj6qxvJ-z4z1PF_8BWb-zJD1HrpodxgEp4kOrvYgG50Zg1jPNw1aeo7fkOXQpXukEQFOTawKNTonPqdn1SMPDHT55OGsvcBJJOPf7sBz_RNV0EX8cEPsXahFrnMrJdOnRMlxBTYVcleVFAS_pmImURPKsjt9Te5PjJgvhMOZM5JWzbxdtxmSwVrBOqcDKycSA9RzQXfkkcehi0nKQnGOTpK48SAt2O5DRC7AkqDj8tqaxrMCWxx0p7GWmuo6p5F2nW0FmvUAs_rRL1231-UrJE23KrCAe1GkjQYxbouqvvZH2MgdGdmDdvTpNCdCE46XQLvTCuRwm7em1KdbMOUcY-PfB_rmfBLYwwk29kAoUXu_cqTed5eK_dDgUqeC_CCR3VCoUEiMeymhekyMpGoFlQFrYc9bNKSxFEf_O_mWvj4tNu3VfI3_ZiIPdp4dgXuUp0VUB46J5jNLcHIb11LyNKSVDWvGBpanMLrMvmsRO_sZjErdxBTbV8jX8C2MdzHFB72Ki3HIfZ_EF1bKCj0nDtoUIoDXDb0wqTbzH0n2UAm0nayjHd3kAw7hIufSS9WOS4zuImHqsuildCK_qd0g2HrHTl2xwmyQk_KkLoVg31Jfb3&im=1&freq=0&nojs=0&abvar=0&febuild=1.0.175&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=5459403370674176&eclog=0&sp=1&im=1&pload=344 HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: CHCK=1; UID=2311082356d2cb7d0159744ac381700f0f17
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 04:56:57 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
alas4kanmfa6a4mubte.com/lv/esnk/1841679/code.js
200 OK 38 kB URL GET HTTP/2 alas4kanmfa6a4mubte.com/lv/esnk/1841679/code.js
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerBuypass AS-983163327
Subject
Fingerprint3C:C9:DB:58:84:6B:51:6F:88:43:25:C5:E8:40:4C:61:4B:C5:F7:1C
ValiditySat, 28 Oct 2023 08:15:18 GMT - Wed, 24 Apr 2024 21:59:00 GMT
File type gzip compressed data, max speed, from Unix\012- data
Hash a069c5f7b47f4c52fd0073a122432d93
89e69ae4f8054c60fa3ba0e3b3d381f6387f4ba5
0fee231d5811463d11df4c7697dccad080d92b82ba3a727444b0eddf05a337f7
GET /lv/esnk/1841679/code.js HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 04:56:56 GMT
content-type: application/javascript
last-modified: Wed, 08 Nov 2023 10:24:08 GMT
vary: Accept-Encoding
etag: W/"654b61c8-1a34f"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
alas4kanmfa6a4mubte.com/chicken.gif?z=1841674&pb=55ac71f9eb7cc24c269e7e3728696b751699513016&psp=JQhmf0pRfRrcZ13VItVuLE5lI2bTUFQPMppTeXBrgoR7tNqouB6EeNi7dM5M4HrPPVM1br1wKS1ZqoMTe5EV09ATynVSCPEqJwn3iJOdkm2hjLUqDgeNRfvulzNkRnspH9UUFJPDOcKzKX_cdRepnFCFqmzirZG4PjyoxS538rmSCbRGXl9QiwOuiN6odtiBnIfjp8M6oV4roXiPJnQKwZYhe5ShiAwkC2cvwZYwI4vvPmQyihpR6cEL20DirQYFd3xyVJqHgth1lXwFvFhYa0W8ebjHHUqg4JPr_RdfJiZxOVQMYpquBuYvxWzmW4BdRdCXoF9S4Wvw_zBNLZfxTZmfwASqcl58L1qHyEDU0cffkcSEunIbUODGxXpIlK7U7JhDpCpZAzRXdmt1kZ-b0FtQijLUqUhYl4ZYeAh-YV_b2iwT49Q42YEQxqQY1FvllbyQ85KYA1cq2N6guY272rcUiZq4q8uFz6GypOcNklTnk2hQZCaZJIsKDPEjCz5i3kmAKko6tW2zXSTnxA8lkvFsA7rIMe9JKrOOjoUiyn_RNlcPLoD7aSjXcW-nlczBprGOxNeUzFeET5e7gW92Eyba4urXClWVivAHsykJL0Eu4otvGftrOJeYIf3nPIK9sTCTuyS-5420XyiBJIY3Kw5cQ7OKs2D0eDcBCuv02YC7MCIsKJs1mXzKYDUQug4RrTd83iscuSISgKRj5cXPysfg8Vi08gWZas8nctOJwN3qtqQuEfpVqP7agnOknYWk9e98fH5tZXQ5vIfKr4a9NZrvpI0m8tlooIH1n7_n4oNq4lo7uXa34gcXXrgUMQWgt9zw-Clp-KL5gbrePkXzJ7D948uR5wsNj64gFGavKCzkXtKimH8t__BQXlxINKUmlVJ51jGvmMVQ-7sXY4_UtRi7QQnMFSqGiiMSu4H3QRPLHZPzgS0GwKz9afnXEgZQoJpoj3Z_cjdzDIFPDzx1BivtphHXNXtDboz0dnfeSiXrXn6oF9XNi8nSECq6p3B5uKDzPl51TfB_JE4M0LVtcwDSMTUof9GrrY6hRawP_0t93Vuxs0bIFK3Frhci5jNwDfNSjl1X0RjPObSfeksFb5JkVJJzrvypp4dfikL1bCywKtkHnSIZzQuF4xWE86crlmroReGZF3ER517EOYL-qS2S3sOAhyj2cvENSNSmS6wu44wwjASen5TKfWH9Dp_g8yBoVWLaWtzBSLO7yA==&im=1&freq=0&nojs=0&abvar=0&febuild=1.0.175&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=5459403370674176&eclog=0&sp=1&im=1&pload=402
200 OK 43 B URL GET HTTP/2 alas4kanmfa6a4mubte.com/chicken.gif?z=1841674&pb=55ac71f9eb7cc24c269e7e3728696b751699513016&psp=JQhmf0pRfRrcZ13VItVuLE5lI2bTUFQPMppTeXBrgoR7tNqouB6EeNi7dM5M4HrPPVM1br1wKS1ZqoMTe5EV09ATynVSCPEqJwn3iJOdkm2hjLUqDgeNRfvulzNkRnspH9UUFJPDOcKzKX_cdRepnFCFqmzirZG4PjyoxS538rmSCbRGXl9QiwOuiN6odtiBnIfjp8M6oV4roXiPJnQKwZYhe5ShiAwkC2cvwZYwI4vvPmQyihpR6cEL20DirQYFd3xyVJqHgth1lXwFvFhYa0W8ebjHHUqg4JPr_RdfJiZxOVQMYpquBuYvxWzmW4BdRdCXoF9S4Wvw_zBNLZfxTZmfwASqcl58L1qHyEDU0cffkcSEunIbUODGxXpIlK7U7JhDpCpZAzRXdmt1kZ-b0FtQijLUqUhYl4ZYeAh-YV_b2iwT49Q42YEQxqQY1FvllbyQ85KYA1cq2N6guY272rcUiZq4q8uFz6GypOcNklTnk2hQZCaZJIsKDPEjCz5i3kmAKko6tW2zXSTnxA8lkvFsA7rIMe9JKrOOjoUiyn_RNlcPLoD7aSjXcW-nlczBprGOxNeUzFeET5e7gW92Eyba4urXClWVivAHsykJL0Eu4otvGftrOJeYIf3nPIK9sTCTuyS-5420XyiBJIY3Kw5cQ7OKs2D0eDcBCuv02YC7MCIsKJs1mXzKYDUQug4RrTd83iscuSISgKRj5cXPysfg8Vi08gWZas8nctOJwN3qtqQuEfpVqP7agnOknYWk9e98fH5tZXQ5vIfKr4a9NZrvpI0m8tlooIH1n7_n4oNq4lo7uXa34gcXXrgUMQWgt9zw-Clp-KL5gbrePkXzJ7D948uR5wsNj64gFGavKCzkXtKimH8t__BQXlxINKUmlVJ51jGvmMVQ-7sXY4_UtRi7QQnMFSqGiiMSu4H3QRPLHZPzgS0GwKz9afnXEgZQoJpoj3Z_cjdzDIFPDzx1BivtphHXNXtDboz0dnfeSiXrXn6oF9XNi8nSECq6p3B5uKDzPl51TfB_JE4M0LVtcwDSMTUof9GrrY6hRawP_0t93Vuxs0bIFK3Frhci5jNwDfNSjl1X0RjPObSfeksFb5JkVJJzrvypp4dfikL1bCywKtkHnSIZzQuF4xWE86crlmroReGZF3ER517EOYL-qS2S3sOAhyj2cvENSNSmS6wu44wwjASen5TKfWH9Dp_g8yBoVWLaWtzBSLO7yA==&im=1&freq=0&nojs=0&abvar=0&febuild=1.0.175&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=5459403370674176&eclog=0&sp=1&im=1&pload=402
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerBuypass AS-983163327
Subject
Fingerprint3C:C9:DB:58:84:6B:51:6F:88:43:25:C5:E8:40:4C:61:4B:C5:F7:1C
ValiditySat, 28 Oct 2023 08:15:18 GMT - Wed, 24 Apr 2024 21:59:00 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
GET /chicken.gif?z=1841674&pb=55ac71f9eb7cc24c269e7e3728696b751699513016&psp=JQhmf0pRfRrcZ13VItVuLE5lI2bTUFQPMppTeXBrgoR7tNqouB6EeNi7dM5M4HrPPVM1br1wKS1ZqoMTe5EV09ATynVSCPEqJwn3iJOdkm2hjLUqDgeNRfvulzNkRnspH9UUFJPDOcKzKX_cdRepnFCFqmzirZG4PjyoxS538rmSCbRGXl9QiwOuiN6odtiBnIfjp8M6oV4roXiPJnQKwZYhe5ShiAwkC2cvwZYwI4vvPmQyihpR6cEL20DirQYFd3xyVJqHgth1lXwFvFhYa0W8ebjHHUqg4JPr_RdfJiZxOVQMYpquBuYvxWzmW4BdRdCXoF9S4Wvw_zBNLZfxTZmfwASqcl58L1qHyEDU0cffkcSEunIbUODGxXpIlK7U7JhDpCpZAzRXdmt1kZ-b0FtQijLUqUhYl4ZYeAh-YV_b2iwT49Q42YEQxqQY1FvllbyQ85KYA1cq2N6guY272rcUiZq4q8uFz6GypOcNklTnk2hQZCaZJIsKDPEjCz5i3kmAKko6tW2zXSTnxA8lkvFsA7rIMe9JKrOOjoUiyn_RNlcPLoD7aSjXcW-nlczBprGOxNeUzFeET5e7gW92Eyba4urXClWVivAHsykJL0Eu4otvGftrOJeYIf3nPIK9sTCTuyS-5420XyiBJIY3Kw5cQ7OKs2D0eDcBCuv02YC7MCIsKJs1mXzKYDUQug4RrTd83iscuSISgKRj5cXPysfg8Vi08gWZas8nctOJwN3qtqQuEfpVqP7agnOknYWk9e98fH5tZXQ5vIfKr4a9NZrvpI0m8tlooIH1n7_n4oNq4lo7uXa34gcXXrgUMQWgt9zw-Clp-KL5gbrePkXzJ7D948uR5wsNj64gFGavKCzkXtKimH8t__BQXlxINKUmlVJ51jGvmMVQ-7sXY4_UtRi7QQnMFSqGiiMSu4H3QRPLHZPzgS0GwKz9afnXEgZQoJpoj3Z_cjdzDIFPDzx1BivtphHXNXtDboz0dnfeSiXrXn6oF9XNi8nSECq6p3B5uKDzPl51TfB_JE4M0LVtcwDSMTUof9GrrY6hRawP_0t93Vuxs0bIFK3Frhci5jNwDfNSjl1X0RjPObSfeksFb5JkVJJzrvypp4dfikL1bCywKtkHnSIZzQuF4xWE86crlmroReGZF3ER517EOYL-qS2S3sOAhyj2cvENSNSmS6wu44wwjASen5TKfWH9Dp_g8yBoVWLaWtzBSLO7yA==&im=1&freq=0&nojs=0&abvar=0&febuild=1.0.175&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=5459403370674176&eclog=0&sp=1&im=1&pload=402 HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: CHCK=1; UID=2311082356d2cb7d0159744ac381700f0f17
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 04:56:57 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ds2play.com/e/rjc2fd8wnhne
200 OK 133 kB URL GET HTTP/3 ds2play.com/e/rjc2fd8wnhne
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerGoogle Trust Services LLC
Subjectds2play.com
Fingerprint0A:7A:CF:94:04:1E:5B:57:DE:1C:3F:A9:F0:84:10:0E:4F:46:7D:84
ValidityMon, 02 Oct 2023 11:28:28 GMT - Sun, 31 Dec 2023 11:28:27 GMT
Size 133 kB (132692 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /e/rjc2fd8wnhne HTTP/1.1
Host: ds2play.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/d/rjc2fd8wnhne
Cookie: lang=1; dref_url=none
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 Nov 2023 04:56:56 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Wed, 08 Nov 2023 04:56:56 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RZ6%2BRMqBMuFvtku5AGrtxvdwhEzDGKCB%2BfNMO4Y20BL4YAR%2B3AYtQo0Jv3DNJgYrwZ98q3lHO6qW%2FkmYWiQOUiRLsFHB8XUKcGEmutg1S2b2W5AylI0nv57xWP1V"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 823378d77eaf56be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
ds2play.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
302 Found 7.3 kB URL GET HTTP/3 ds2play.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerGoogle Trust Services LLC
Subjectds2play.com
Fingerprint0A:7A:CF:94:04:1E:5B:57:DE:1C:3F:A9:F0:84:10:0E:4F:46:7D:84
ValidityMon, 02 Oct 2023 11:28:28 GMT - Sun, 31 Dec 2023 11:28:27 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: ds2play.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: lang=1; dref_url=none
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
date: Thu, 09 Nov 2023 04:56:56 GMT
cache-control: max-age=300, public
vary: accept-encoding
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/9914b343/main.js
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AWxM2ObnlvaWmYtBqMhMQnqX%2FuTQJGBIhNn4rE0MbNCAqkZdndBcqGZTzKwAu8dUJXu2M0dYrZWnRVt3h16LaA8O5IpHujERi8G6X3zKytdpMbMS9Frd%2FmsC52Dg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 823378d88ef556be-OSL
alt-svc: h3=":443"; ma=86400
i.doodcdn.co/ads/ad.js
200 OK 18 B IP
Requested by https://ds2play.com/e/rjc2fd8wnhne
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 071c641b229d2bfadd243b8fa2a9c88d
4048ed3ad506f9bb9052c23283912d0cfea8bcc6
3716878d3ceb2042b22c092b31c6f43cc862f8464e92ddde416a49624b32716e
GET /ads/ad.js HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 Nov 2023 04:56:56 GMT
content-type: application/javascript
content-length: 18
access-control-allow-origin: *
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=20
expires: Thu, 07 Nov 2024 09:08:59 GMT
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
vary: User-Agent,Accept-Encoding
cf-cache-status: HIT
age: 71220
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pniP2%2BpNZnmiennvHDjGsojs5XiQWtL3%2BPanm8B6BayNKrVZBoI1bbz%2FUqueWwl74YfrAq0rYA9hpAwqTxUxGpCJmp2zF%2BnkI%2FP4HWlb0vZ60CRGdzMBl10VriCR4A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 823378d95a0f56aa-OSL
alt-svc: h3=":443"; ma=86400
i.doodcdn.co/css/embed.css
200 OK 80 kB URL GET HTTP/3 i.doodcdn.co/css/embed.css
IP
Requested by https://ds2play.com/e/rjc2fd8wnhne
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /css/embed.css HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 Nov 2023 04:56:56 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2592000, no-transform
cf-bgj: minify
cf-polished: origSize=79890
etag: W/"61d3187c-13812"
expires: Fri, 08 Dec 2023 09:08:58 GMT
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 71220
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mqqNW5IVVXRy%2F%2BsI48rdNM8E0bU%2BpYNvlFhIaw%2F2OBpSkBBhZt3wh86njC%2Bu1MHc5i4sWFdnZHNe6OEveKNfZ6%2B94w2AM1NUlGF3ml3WBUD0HF0%2FU6UJd%2BzejdFMFg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 823378d96a1056aa-OSL
alt-svc: h3=":443"; ma=86400
betotodilea.com/400/4857535
200 OK 89 kB URL GET HTTP/2 betotodilea.com/400/4857535
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerLet's Encrypt
Subjectbetotodilea.com
FingerprintE6:43:29:5D:43:E3:1B:7A:9C:10:C4:40:DF:C9:6B:91:73:22:AE:E8
ValidityMon, 11 Sep 2023 03:28:47 GMT - Sun, 10 Dec 2023 03:28:46 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 7ccf7ebad768f41e8d5cbf14c5bd6220
9fb97225a0890dddd1add6ec8385215578d290cb
c6aa590e8ef7efeb3e19b7de53b6709c5d04695eb80cb2176effb5854f7bf640
GET /400/4857535 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 04:56:56 GMT
content-type: application/javascript
x-trace-id: ebf493e0b38cd6bca36a6069c26dbb15
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=7e1e3bae36834de0a8772526288f47d8; expires=Fri, 08 Nov 2024 04:56:56 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ds2play.com/cdn-cgi/challenge-platform/h/g/jsd/r/823378d17f42b4f9
200 OK 0 B URL POST HTTP/3 ds2play.com/cdn-cgi/challenge-platform/h/g/jsd/r/823378d17f42b4f9
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerGoogle Trust Services LLC
Subjectds2play.com
Fingerprint0A:7A:CF:94:04:1E:5B:57:DE:1C:3F:A9:F0:84:10:0E:4F:46:7D:84
ValidityMon, 02 Oct 2023 11:28:28 GMT - Sun, 31 Dec 2023 11:28:27 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdn-cgi/challenge-platform/h/g/jsd/r/823378d17f42b4f9 HTTP/1.1
Host: ds2play.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12190
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/d/rjc2fd8wnhne
Cookie: lang=1; dref_url=none
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 Nov 2023 04:56:56 GMT
content-type: text/plain; charset=UTF-8
set-cookie: cf_clearance=uY5DDNvuRZ_ku36JRNShFjWLkswfzKud4scal5t6kBE-1699505816-0-1-69b0ef05.6b0d8b6b.438cce4a-0.2.1699505816; path=/; expires=Fri, 08-Nov-24 04:56:56 GMT; domain=.ds2play.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bvw5%2FsGNWqfLcqAtC%2B4jnWG2R%2BmKbQ7s1OetaetyCP1LAoJc0pTISNUtf1W00Gqpj3PUqnskCBeBwtTNlZDEWQW52LFSUm57W8B0I1poHmbGv0whYSHd4mSXZOlZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 823378dbefe356be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap
200 OK 18 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintFA:D7:68:E4:12:7D:FE:22:87:DE:95:F1:1E:49:5A:49:FA:12:1E:B9
ValidityMon, 16 Oct 2023 08:10:01 GMT - Mon, 08 Jan 2024 08:10:00 GMT
Hash 46da166e2af52022abead95ca5438c88
c05b711a3131289f7aa6e10e17d24517d6e6e7f4
f7c8ae9c7b18adee8a22a5368e7356c09303f88ad6bf59ca66d7bb206236c938
GET /css?family=Nunito:200,300,300i,400,600,600i,700,700i,800,900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 09 Nov 2023 04:56:56 GMT
date: Thu, 09 Nov 2023 04:56:56 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
alas4kanmfa6a4mubte.com/lv/esnk/1841674/code.js
200 OK 107 kB URL GET HTTP/2 alas4kanmfa6a4mubte.com/lv/esnk/1841674/code.js
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerBuypass AS-983163327
Subject
Fingerprint3C:C9:DB:58:84:6B:51:6F:88:43:25:C5:E8:40:4C:61:4B:C5:F7:1C
ValiditySat, 28 Oct 2023 08:15:18 GMT - Wed, 24 Apr 2024 21:59:00 GMT
File type ASCII text, with very long lines (65107)
Size 107 kB (107278 bytes)
Hash 05827fa014ce6d8ca7b37e74086ab8df
4004e7c8f4e999ed71047f59429f483fcdbec13a
257528ca4b5c454af9d1008151b05b2b82b6d7b48c21217af549de9ed73d5bdf
GET /lv/esnk/1841674/code.js HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 04:56:56 GMT
content-type: application/javascript
last-modified: Wed, 08 Nov 2023 10:24:08 GMT
vary: Accept-Encoding
etag: W/"654b61c8-1a34f"
x-js-ab2: current
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2
alas4kanmfa6a4mubte.com/chicken.gif?z=1841679&pb=55ac71f9eb7cc24c269e7e3728696b751699513016&psp=T3SnrAET6kUkp6wuZATwJCf7pRQKZzd-M5es8CEvFVtqf9hnPz5ONtqCrQdsH9NtwOrW0jGTmYbWl0Vz7-gySkurmjqf832hdT85RZe1W0TFnsTCh_NsX1H8QU_W3yKPmaTEKTwapH1gvORsxsfyi4izUVI9QAj0ujgoFFnY1OK1RYZGmMUsUCDHgMAoW2Pl_liYye-VvSjDonOChO4aOBR7WqdYhyV2tn3VQCaa1uj5M_Jm4JrZGhlB487xzuCvcA_DdbSJNZIlBjin6PuYtjo_U3zetuvx_ZIpAccKjAIZU7rQbqH84HQu0VJ8DDN0YG71x1Np45mwgOLL4jvSfI7dz499qYI8ipAAgXTdQRu7O-iRo6GuAeFiRxGDAesH213OvFbNpeiL5pyIUN_SZZrfJNGjc4NVKON0WVybbr58QgWvi5Zk8-sj08-2Xp_Gau32toDOs1tHMtXiKdm-ZT6sd1GX4i5E2xfRGsHnZNfp8UGFFVXQA9Ehr4sv86mbVqTp5QvAtMzwipBdjtusBX1JTj-9NB4lMBrV3OBbyKD6EA_gi-tzdKu64WaaNyRa0CKjAGxLn8TbgTqUlfkOxSNzLqhMj5TVflbW22bOnPykUJaurat6PdiFhnLExL_l3tY7e9x84c7LC8RRZDzcdokjoxJgdObNRuNAXJaV8gUrCtiesn9cltXat2PdqruvCj0ve5gpxyr-Q2EYmGTavYhwrsJc8nZtiY8DPEhurUqeM_z9NlRnUMDq1B7SDsyLOFYUlIIfxx6GDFu9ysm___jsk-qqEIeZl-dSYUGzdvQ-9XOw4EBeyl_LFCqvGJxbUTCiwGNEiW5KN5aH4W68OWJzkNAeYr-ZbokQkBjjWNphov61dsn9Oue1hquZgU3dqL-WQICjFS-XnR4fu_64e2ej15ZQIpU0nli4syExwHLLwyHdZywTjFGmToqjWGoTpB4dLQRurf6yxPPCKeF0jJ855lqyPAZsZ45wOkz9q_X4WB7OLFZHEGbUKqroHFPoIlVunO8sOMgR-_qNyVRCT1jboOtdfOoYeqeBCa8KD-Q8ZTQClhuKSQBzc3QV8x1HlhD-6UXeub37h4yUUANjaPK-k0YUN5bw04FXLpoz31AGSzqNSoc57u1w9tayT8BnhiHQCLZ7f40FVeG1b6eQu3jwHqOSeZnOBTkfYD11R2BwMwzp7JlbXnWfWF9mNir01ngQc6jk_e-2WwJB-w==&im=1&freq=0&nojs=0&abvar=0&febuild=1.0.175&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=7711203184389632&eclog=0&sp=1&im=1&pload=348
200 OK 43 B URL GET HTTP/2 alas4kanmfa6a4mubte.com/chicken.gif?z=1841679&pb=55ac71f9eb7cc24c269e7e3728696b751699513016&psp=T3SnrAET6kUkp6wuZATwJCf7pRQKZzd-M5es8CEvFVtqf9hnPz5ONtqCrQdsH9NtwOrW0jGTmYbWl0Vz7-gySkurmjqf832hdT85RZe1W0TFnsTCh_NsX1H8QU_W3yKPmaTEKTwapH1gvORsxsfyi4izUVI9QAj0ujgoFFnY1OK1RYZGmMUsUCDHgMAoW2Pl_liYye-VvSjDonOChO4aOBR7WqdYhyV2tn3VQCaa1uj5M_Jm4JrZGhlB487xzuCvcA_DdbSJNZIlBjin6PuYtjo_U3zetuvx_ZIpAccKjAIZU7rQbqH84HQu0VJ8DDN0YG71x1Np45mwgOLL4jvSfI7dz499qYI8ipAAgXTdQRu7O-iRo6GuAeFiRxGDAesH213OvFbNpeiL5pyIUN_SZZrfJNGjc4NVKON0WVybbr58QgWvi5Zk8-sj08-2Xp_Gau32toDOs1tHMtXiKdm-ZT6sd1GX4i5E2xfRGsHnZNfp8UGFFVXQA9Ehr4sv86mbVqTp5QvAtMzwipBdjtusBX1JTj-9NB4lMBrV3OBbyKD6EA_gi-tzdKu64WaaNyRa0CKjAGxLn8TbgTqUlfkOxSNzLqhMj5TVflbW22bOnPykUJaurat6PdiFhnLExL_l3tY7e9x84c7LC8RRZDzcdokjoxJgdObNRuNAXJaV8gUrCtiesn9cltXat2PdqruvCj0ve5gpxyr-Q2EYmGTavYhwrsJc8nZtiY8DPEhurUqeM_z9NlRnUMDq1B7SDsyLOFYUlIIfxx6GDFu9ysm___jsk-qqEIeZl-dSYUGzdvQ-9XOw4EBeyl_LFCqvGJxbUTCiwGNEiW5KN5aH4W68OWJzkNAeYr-ZbokQkBjjWNphov61dsn9Oue1hquZgU3dqL-WQICjFS-XnR4fu_64e2ej15ZQIpU0nli4syExwHLLwyHdZywTjFGmToqjWGoTpB4dLQRurf6yxPPCKeF0jJ855lqyPAZsZ45wOkz9q_X4WB7OLFZHEGbUKqroHFPoIlVunO8sOMgR-_qNyVRCT1jboOtdfOoYeqeBCa8KD-Q8ZTQClhuKSQBzc3QV8x1HlhD-6UXeub37h4yUUANjaPK-k0YUN5bw04FXLpoz31AGSzqNSoc57u1w9tayT8BnhiHQCLZ7f40FVeG1b6eQu3jwHqOSeZnOBTkfYD11R2BwMwzp7JlbXnWfWF9mNir01ngQc6jk_e-2WwJB-w==&im=1&freq=0&nojs=0&abvar=0&febuild=1.0.175&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=7711203184389632&eclog=0&sp=1&im=1&pload=348
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerBuypass AS-983163327
Subject
Fingerprint3C:C9:DB:58:84:6B:51:6F:88:43:25:C5:E8:40:4C:61:4B:C5:F7:1C
ValiditySat, 28 Oct 2023 08:15:18 GMT - Wed, 24 Apr 2024 21:59:00 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84
GET /chicken.gif?z=1841679&pb=55ac71f9eb7cc24c269e7e3728696b751699513016&psp=T3SnrAET6kUkp6wuZATwJCf7pRQKZzd-M5es8CEvFVtqf9hnPz5ONtqCrQdsH9NtwOrW0jGTmYbWl0Vz7-gySkurmjqf832hdT85RZe1W0TFnsTCh_NsX1H8QU_W3yKPmaTEKTwapH1gvORsxsfyi4izUVI9QAj0ujgoFFnY1OK1RYZGmMUsUCDHgMAoW2Pl_liYye-VvSjDonOChO4aOBR7WqdYhyV2tn3VQCaa1uj5M_Jm4JrZGhlB487xzuCvcA_DdbSJNZIlBjin6PuYtjo_U3zetuvx_ZIpAccKjAIZU7rQbqH84HQu0VJ8DDN0YG71x1Np45mwgOLL4jvSfI7dz499qYI8ipAAgXTdQRu7O-iRo6GuAeFiRxGDAesH213OvFbNpeiL5pyIUN_SZZrfJNGjc4NVKON0WVybbr58QgWvi5Zk8-sj08-2Xp_Gau32toDOs1tHMtXiKdm-ZT6sd1GX4i5E2xfRGsHnZNfp8UGFFVXQA9Ehr4sv86mbVqTp5QvAtMzwipBdjtusBX1JTj-9NB4lMBrV3OBbyKD6EA_gi-tzdKu64WaaNyRa0CKjAGxLn8TbgTqUlfkOxSNzLqhMj5TVflbW22bOnPykUJaurat6PdiFhnLExL_l3tY7e9x84c7LC8RRZDzcdokjoxJgdObNRuNAXJaV8gUrCtiesn9cltXat2PdqruvCj0ve5gpxyr-Q2EYmGTavYhwrsJc8nZtiY8DPEhurUqeM_z9NlRnUMDq1B7SDsyLOFYUlIIfxx6GDFu9ysm___jsk-qqEIeZl-dSYUGzdvQ-9XOw4EBeyl_LFCqvGJxbUTCiwGNEiW5KN5aH4W68OWJzkNAeYr-ZbokQkBjjWNphov61dsn9Oue1hquZgU3dqL-WQICjFS-XnR4fu_64e2ej15ZQIpU0nli4syExwHLLwyHdZywTjFGmToqjWGoTpB4dLQRurf6yxPPCKeF0jJ855lqyPAZsZ45wOkz9q_X4WB7OLFZHEGbUKqroHFPoIlVunO8sOMgR-_qNyVRCT1jboOtdfOoYeqeBCa8KD-Q8ZTQClhuKSQBzc3QV8x1HlhD-6UXeub37h4yUUANjaPK-k0YUN5bw04FXLpoz31AGSzqNSoc57u1w9tayT8BnhiHQCLZ7f40FVeG1b6eQu3jwHqOSeZnOBTkfYD11R2BwMwzp7JlbXnWfWF9mNir01ngQc6jk_e-2WwJB-w==&im=1&freq=0&nojs=0&abvar=0&febuild=1.0.175&t=0&wcks=1&wgl=0&cnvs=1&os=0&ss=1&ls=1&bb=0&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-US&pf=Linux%20x86_64&cd=24&ix=0&x=1280&y=1024&md=0&afid=7711203184389632&eclog=0&sp=1&im=1&pload=348 HTTP/1.1
Host: alas4kanmfa6a4mubte.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: CHCK=1; UID=2311082356d2cb7d0159744ac381700f0f17
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 04:56:57 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.impression
timing-allow-origin: *
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2
ds2play.com/d/rjc2fd8wnhne
200 OK 6.0 kB URL User Request GET HTTP/2 ds2play.com/d/rjc2fd8wnhne
IP
Certificate IssuerGoogle Trust Services LLC
Subjectds2play.com
Fingerprint0A:7A:CF:94:04:1E:5B:57:DE:1C:3F:A9:F0:84:10:0E:4F:46:7D:84
ValidityMon, 02 Oct 2023 11:28:28 GMT - Sun, 31 Dec 2023 11:28:27 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6253), with no line terminators
Hash b6aed7b573f8c87216756497e7a4a32b
b3040d1612fc2113568d26a34bb8a6aeeadad1a8
c2fd5071ddb948bdb3d9d2d06af336da284371f1c51cd52bb9108b4821bcdb69
GET /d/rjc2fd8wnhne HTTP/1.1
Host: ds2play.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 Nov 2023 04:56:55 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Wed, 08 Nov 2023 04:56:55 GMT
set-cookie: lang=1; domain=.ds2play.com; path=/; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UvyfRuE0tuahRIuNBxZREDagptKRvtqvgvbFskOjISFxSFXO4xr2jepq%2FcphFfKawdAAPlWBiR6ySVCv2zCzjEP4Xdk%2BiYcApDFMUuJ7fZprOwy0wn%2B2gAGpY%2FzO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 823378d17f42b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
i.doodcdn.co/theme_2/css/style.css?v=0.1
200 OK 209 kB URL GET HTTP/2 i.doodcdn.co/theme_2/css/style.css?v=0.1
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT
File type ASCII text, with very long lines (65465)
Size 209 kB (208903 bytes)
Hash 6ff549c82309fe93cb6f38f8fcf60e49
c5621629b2a258c7fb572ab9d03517c7d60896fd
668326f298c9701a6422f5b7f229966fd87ae68940381a9c0c898197667a8c4c
GET /theme_2/css/style.css?v=0.1 HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 Nov 2023 04:56:55 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=249272
expires: Thu, 07 Nov 2024 09:09:00 GMT
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: HIT
age: 70664
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hRID78i8T25sBDbIAllRyTabWoz3WywQ1EYIGk%2F4yAmcSOkvqDWqj63U%2BwaBdBKrv0jDEutg0FXiKdnvZGKQB5H71oGTwbvPkyhK8sj8wUsSQIDjk5a7jPKtcJwTSg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 823378d58c205684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.pncloudfl.com/pn/3de/75e/da9/3de75eda9ed337e13622611cdda3d5bf615b311f.webp
200 OK 48 kB URL GET HTTP/2 cdn.pncloudfl.com/pn/3de/75e/da9/3de75eda9ed337e13622611cdda3d5bf615b311f.webp
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC6:42:10:11:EB:FA:38:01:62:34:DA:19:86:B6:89:D4:EF:B3:37:A8
ValidityFri, 31 Mar 2023 00:00:00 GMT - Sat, 30 Mar 2024 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image\012- data
Hash faa49393df3208c063f655607da54633
3de75eda9ed337e13622611cdda3d5bf615b311f
5b8090f769afc76f83e8635a46499a1e467be6c44aee86f5f53b7ca51baa53de
GET /pn/3de/75e/da9/3de75eda9ed337e13622611cdda3d5bf615b311f.webp HTTP/1.1
Host: cdn.pncloudfl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 Nov 2023 04:56:57 GMT
content-type: application/octet-stream
content-length: 47678
etag: faa49393df3208c063f655607da54633
last-modified: Fri, 28 Apr 2023 13:33:07 GMT
x-timestamp: 1682688786.30976
x-trans-id: tx7f90b5385a504c408bc8f-00645b6d60
x-openstack-request-id: tx7f90b5385a504c408bc8f-00645b6d60
access-control-allow-methods: HEAD,GET,POST,PUT,PATCH,DELETE,OPTIONS
access-control-allow-headers: Content-Type,X-Requested-With,X-Auth-Token,X-Openstack-Request-Id,X-Container-Meta-type,X-Container-Meta-Temp-URL-Key,Authorization
access-control-expose-headers: X-Container-Meta-Temp-Url-Key,X-Container-Bytes-Used,Last-Modified,X-Timestamp
cache-control: max-age=172800
expires: Sat, 11 Nov 2023 04:49:38 GMT
x-proxy-cache: HIT
cf-cache-status: HIT
age: 439
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
server: cloudflare
cf-ray: 823378dcf98356cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
i.doodcdn.co/theme_2/css/bootstrap.min.css
200 OK 160 kB URL GET HTTP/2 i.doodcdn.co/theme_2/css/bootstrap.min.css
IP
Requested by https://ds2play.com/d/rjc2fd8wnhne
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT
File type ASCII text, with very long lines (65324)
Size 160 kB (159515 bytes)
Hash 7cc40c199d128af6b01e74a28c5900b0
d305110fb79113a961394b433d851a3410342b8c
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6
GET /theme_2/css/bootstrap.min.css HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 Nov 2023 04:56:55 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
cache-control: public, max-age=2592000
expires: Thu, 07 Nov 2024 09:08:58 GMT
vary: Accept-Encoding,User-Agent
access-control-allow-origin: *
cf-cache-status: HIT
age: 71099
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fr3ioZtdo5EWqMYjO4nr3RWhvVWJ70%2FxCX0cceJOF39vB2ltIeCb5zPbfbP9D8Zyz0nRgu76DBkGcuRonN3xSdCrQpYEyO%2FKqPM94FvH5PGlynGtSL8I7854O7hYqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 823378d56c145684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
200 OK 90 kB URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
Requested by https://ds2play.com/e/rjc2fd8wnhne
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (65451)
Hash dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 Nov 2023 04:56:56 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1293543
expires: Tue, 29 Oct 2024 04:56:56 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=92zCEfy0zApJ5PnR5PL84pk4H5LZx9q8Eqrurbjquxp%2Fvu8Gel5NEHpmvS6t%2FrNFN%2F7FdqLpudKU5t95w8l9dH9%2BitfLwYL6FJKiypFhjQhGz2VPwFcBmwMbHW0yVVFQkk%2BU4BuL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 823378d94fdb56c6-OSL
alt-svc: h3=":443"; ma=86400
104.26.9.170
212.117.190.201
139.45.196.61
104.17.25.14
23.33.119.65