Report - ds2play.com/d/

Report Overview

Visited public
2023-12-04 23:12:10
Tags
Submit Tags
URL
ds2play.com/d/
Finishing URL
ds2play.com/d/
IP / ASN
104.26.8.170
#13335 CLOUDFLARENET
Title
Video not found | DoodStream

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
d1f05vr3sjsuy7.cloudfront.net	unknown	2008-04-25	2020-12-01 21:06:31	2023-12-02 22:53:46	2.5 kB	100 kB	54.230.241.212
papmeatidigbo.com	unknown	2023-10-22	2023-10-22 13:37:00	2023-11-20 00:22:51	417 B	1.5 kB	172.255.6.58
forfeitsubscribe.com	unknown	2023-05-31	2023-05-31 21:31:25	2023-12-02 05:07:12	894 B	32 kB	192.243.59.12
proftrafficcounter.com	unknown	2023-11-16	2023-11-21 09:55:14	2023-12-04 18:39:56	870 B	836 B	18.184.210.76
orgotitedu.info	unknown	2023-10-04	2023-10-12 13:53:54	2023-12-01 10:49:42	1.5 kB	2.6 kB	108.157.229.6
friendshipmale.com	unknown	2022-10-21	2022-10-21 14:15:25	2023-12-04 19:07:45	818 B	173 kB	172.64.172.31
cdn.barscreative1.com	25648	2021-09-08	2021-09-16 13:14:42	2023-12-04 11:41:21	494 B	2.2 kB	45.133.44.4
i.doodcdn.co	unknown	2022-04-23	2022-05-04 16:24:43	2023-12-02 22:53:46	2.4 kB	251 kB	172.67.70.190
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-04 06:26:24	528 B	17 kB	216.58.207.227
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-04 06:42:16	430 B	7.5 kB	142.250.74.42
banquetunarmedgrater.com	unknown	2022-08-04	2022-08-04 17:12:50	2023-12-04 19:07:45	423 B	835 B	104.21.86.121
worstideatum.com	unknown	2023-07-20	2023-07-20 12:56:13	2023-11-30 01:08:14	416 B	1.4 kB	23.109.248.166
ds2play.com	unknown	2023-08-04	2023-08-04 14:22:19	2023-12-03 05:32:02	2.6 kB	60 kB	172.67.70.18
ipmathematical.org	unknown	2023-11-07	2023-11-29 08:06:05	2023-12-04 02:45:15	2.2 kB	2.4 kB	172.67.146.16
pogothere.xyz	unknown	2022-08-22	2022-09-04 21:11:25	2023-12-04 14:42:38	1.3 kB	214 kB	172.64.110.13
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12 17:15:41	2023-12-04 08:10:55	452 B	68 kB	45.133.44.10
unseenreport.com	unknown	2022-03-30	2022-03-30 16:33:17	2023-12-04 10:42:27	1.5 kB	846 B	192.243.59.20
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-12-04 05:09:04	439 B	29 kB	104.17.25.14
interbasevideopregnant.com	unknown	2023-11-28	2023-11-28 12:53:40	2023-12-03 18:55:42	4.6 kB	7.0 kB	173.233.137.52
getbestpolojpob.org	unknown	2023-11-07	2023-12-04 02:45:13	2023-12-04 14:46:02	3.2 kB	6.7 kB	65.9.55.109
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15 17:46:22	2023-12-04 23:03:56	3.2 kB	194 kB	172.64.109.10
accounts.google.com	81	1997-09-15	2016-03-20 13:44:49	2023-12-04 09:41:10	3.7 kB	27 kB	173.194.73.84

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-04	medium	forfeitsubscribe.com	Sinkholed
2023-12-04	medium	forfeitsubscribe.com	Sinkholed
2023-12-04	medium	interbasevideopregnant.com	Sinkholed
2023-12-04	medium	interbasevideopregnant.com	Sinkholed
2023-12-04	medium	unseenreport.com	Sinkholed
2023-12-04	medium	unseenreport.com	Sinkholed
2023-12-04	medium	interbasevideopregnant.com	Sinkholed
2023-12-04	medium	interbasevideopregnant.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (13)

	URL	From	Size	First Seen	Last Seen
	cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js	ScriptElement	88 kB	2023-03-07	2025-07-13
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-13 06:17 Times Seen74245 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	forfeitsubscribe.com/2c/03/60/2c0360ed33b0b4736859081c701f9a91.js	ScriptElement	38 kB	2023-12-05	2023-12-05
Pretty URL forfeitsubscribe.com/2c/03/60/2c0360ed33b0b4736859081c701f9a91.js IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 00:12 Last Seen2023-12-05 00:12 Times Seen1 Hash 0d622cf25483792c99cd3ada6a20caaa f9c350879a5ddd9a74889e762f652ed17f98652f 96ff57070d4a6a48d7fcd102f3295907c2c43206c39fc4b5716ca37371d84564 Loading...

	ds2play.com/d/	ScriptElement	1.1 kB	2024-08-20	2024-08-20
Pretty URL ds2play.com/d/ IP 172.67.70.18 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:45 Last Seen2024-08-20 16:45 Times Seen1 Hash 4b6f7c36fbe699bc9f241e14f4f2dcde b10e684b725ba534f3e28356fd08cf880e7b05ed bb14f9b9530252ffe0dcd7eabd49ecf1dffcde7134aa1f4a17c322614d4acc9d Loading...

	worstideatum.com/reA3n475k3U/70849	ScriptElement	0 B	0001-01-01	2025-07-13
Pretty URL worstideatum.com/reA3n475k3U/70849 IP 23.109.248.166 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-07-13 07:17 Times Seen5412672 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	d1f05vr3sjsuy7.cloudfront.net/?srvfd=908056	ScriptElement	299 kB	2023-12-04	2023-12-05
Pretty URL d1f05vr3sjsuy7.cloudfront.net/?srvfd=908056 IP 54.230.241.212 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 23:30 Last Seen2023-12-05 00:12 Times Seen2 Hash b8af0553db4dd50a13664cebb8eab024 4a005b43d6d87221e59e225bc2c358a1fd5b7926 a47bf3ab4ce3d806e22350827b185ada9aa2179967788a8c1af6a415b8b7313f Loading...

	unknown	ScriptElement	1.2 kB	2023-12-03	2024-10-06
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 14:49 Last Seen2024-10-06 09:21 Times Seen4 Hash 9da5b36215c86c55e6311e6a3e28eb3d 13004fa36d6534c5142c1c91a3e27fa62855b931 45d80a4be9a4d981e6e8d602f37c886a75bdcf12d0d00b5828b95bee742335b3 Loading...

	friendshipmale.com/sfp.js	ScriptElement	86 kB	2023-11-23	2024-08-20
Pretty URL friendshipmale.com/sfp.js IP 172.64.172.31 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 18:35 Last Seen2024-08-20 18:08 Times Seen6307 Hash 924e967bca1d599992556a8d139b1c5a 222b09dbf164ddc03d39100fd0524a22018d28b2 ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95 Loading...

	cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/js/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-07-13
Pretty URL cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/js/jquery.min.js IP 172.64.109.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04 Last Seen2025-07-13 05:52 Times Seen2782 Hash 561acb3e541133bbdd2c0c19f8ee35a1 ffd1353cf3f77d25f801c84d8208613eb0d3d548 9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc Loading...

	forfeitsubscribe.com/06/e2/ee/06e2eefbde702208a7324b7b8f526df8.js	ScriptElement	41 kB	2023-12-05	2023-12-05
Pretty URL forfeitsubscribe.com/06/e2/ee/06e2eefbde702208a7324b7b8f526df8.js IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 00:12 Last Seen2023-12-05 00:12 Times Seen1 Hash 045a8eef68bbaa8e82c555e6f4c63529 70f313d262cb1ecc74c27dbe4409a80cf67be47a 32061f0d64bd2de1c15075738a7a002470bcf7f605a55a4aaaa57e5dded5ca83 Loading...

	papmeatidigbo.com/gHzOaAdOhbZ/71405	ScriptElement	6 B	2023-03-07	2025-07-13
Pretty URL papmeatidigbo.com/gHzOaAdOhbZ/71405 IP 172.255.6.58 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-07-13 07:11 Times Seen8969 Hash 4fc71bf68a1d477bd1523733e34d1e90 15119105cffbe108b6cf290146ab02c9aa8517ba 74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce Loading...

	unknown	ScriptElement	247 B	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 16:45 Last Seen2024-08-20 16:45 Times Seen1 Hash 57e0b7161cf9c33c10d7bce6cb0a237f 94102710ba794d473b0edff27773ab947338d0fd 13c05aa0578e777a8d5f06372eae8b958151f0ffbd6e6965b25ef8d3cc1bd0c9 Loading...

	ds2play.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	ScriptElement	7.4 kB	2023-12-05	2023-12-05
Pretty URL ds2play.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 172.67.70.18 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 00:12 Last Seen2023-12-05 00:12 Times Seen1 Hash 6483b908cb544686cf08488574021ece 76cfdfa1e129bf6a5ac64c8e72e8a7bfc3d8e41b 3f2a1e2bb234af1dc5f6c40a840ccef01ad8d6338eed58d8ea6d0ab1e699c738 Loading...

		Size	First Seen	Last Seen
	#1 Write - a5e14d5858dc14d2d7a33657e833db1b	4.4 kB	2024-08-20 16:45	2024-08-20 16:45
Pretty Observations First Seen2024-08-20 16:45 Last Seen2024-08-20 16:45 Times Seen1 Hash a5e14d5858dc14d2d7a33657e833db1b 0a72f04558de81df1bdc50c90ba1c78651ef53f1 1d83c189931376966fef08127f8b487591a039d48bd8a2c96f2221b0b1f2b501 Loading...

HTTP Transactions (60)

URL IP Response Size

GET cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

104.17.25.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65451)
Size
28 kB (27748 bytes)
Hash
220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

HTTP Headers

GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:51 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 660372
expires: Sat, 23 Nov 2024 23:11:51 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O7KqgIw7FIMO7nxzpyKyB9Iop%2FpHp%2B83qD63VUSVt%2BX%2B0qeVHmZqGGJFQAegra6x6yNBqzJoRuH3dDiOHUScj%2BN4ZKlL5qEHw23OFEM42CJCsh4h4Lg%2FIAu2%2FV0sxQ%2FgA6LrMZ0B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8307bb1bcbbfb518-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET i.doodcdn.co/img/no_video_3.svg

172.67.70.190

200 OK

2.8 kB

URL GET HTTP/2
i.doodcdn.co/img/no_video_3.svg
IP
172.67.70.190:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (2789)
Size
2.8 kB (2812 bytes)
Hash
077bfdaa49ae4877a42611b739ec4752
a2f9e1222b7af9abc05122411ab8902efcc08ead
70d6a17097a8c27edfaad6740e11359d9363f3f04bff1b93483e29c25609fa6c

HTTP Headers

GET /img/no_video_3.svg HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:51 GMT
content-type: image/svg+xml
content-length: 2812
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
etag: "61d3187c-afc"
expires: Wed, 03 Jan 2024 00:18:47 GMT
cache-control: public, max-age=2592000, no-transform
access-control-allow-origin: *
cf-cache-status: HIT
age: 63334
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K2KRizfuP%2FzLMLSsb8dpEbjN7m6ADNu17lt5f9ImyVALjtySgg7ContngCtgxOfVbbO88xCXXBj5J8tYaqKGMVsSbD3Hs6ADby82e2xfXlGU55%2B7fYEvFYLC%2BNDILw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb1ccd08b4ee-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET d1f05vr3sjsuy7.cloudfront.net/?srvfd=908056

54.230.241.212

200 OK

97 kB

URL GET HTTP/2
d1f05vr3sjsuy7.cloudfront.net/?srvfd=908056
IP
54.230.241.212:443
ASN
#16509 AMAZON-02

Requested by
https://ds2play.com/d/
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (15945)
Size
97 kB (97249 bytes)
Hash
b8af0553db4dd50a13664cebb8eab024
4a005b43d6d87221e59e225bc2c358a1fd5b7926
a47bf3ab4ce3d806e22350827b185ada9aa2179967788a8c1af6a415b8b7313f

HTTP Headers

GET /?srvfd=908056 HTTP/1.1
Host: d1f05vr3sjsuy7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 97249
date: Mon, 04 Dec 2023 22:30:27 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0oJYrTvBUUDKrXXgLjZzGaGjAete7G1Ghxg-w7H0SbBAT2BWZj0SPg==
age: 2484
X-Firefox-Spdy: h2

GET papmeatidigbo.com/gHzOaAdOhbZ/71405

172.255.6.58

200 OK

26 B

URL GET HTTP/1.1
papmeatidigbo.com/gHzOaAdOhbZ/71405
IP
172.255.6.58:443
ASN
#7979 SERVERS-COM

Requested by
https://ds2play.com/d/
Certificate
IssuerLet's Encrypt
Subjectpapmeatidigbo.com
Fingerprint9F:26:AD:B7:6D:9C:CB:94:FC:07:D1:33:2D:1D:BA:1B:27:E9:4F:D1
ValiditySun, 22 Oct 2023 10:35:36 GMT - Sat, 20 Jan 2024 10:35:35 GMT

File type
ASCII text, with no line terminators
Size
26 B (26 bytes)
Hash
4fc71bf68a1d477bd1523733e34d1e90
15119105cffbe108b6cf290146ab02c9aa8517ba
74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce

HTTP Headers

GET /gHzOaAdOhbZ/71405 HTTP/1.1
Host: papmeatidigbo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 04 Dec 2023 23:11:51 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ds2play.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWXVBJ%2BEAHqFVQXz0Za%2FgIyntH6wL7aZU0NtLTPRtMvlNJgiCqLpFuGYp4k9R414NvJGs5fKhfmRNUz8JRkPfvvTtc8MFa3Gll86LfiKf4LDMwvnOrwmOIxlyWnbSKipwt6u%2F5mzsZhKkvRNGFUjnXUwF8t7ZbSFXxUiMmAn5STsa7NcuxId1iDmr96zNnkOGyC5VXF4jf9NG7cvyiIizsswC3Fwm4Qfr5k6rLEQ6OqEI4SsOUngarftGrmg5e3sB7KS6f%2F97HG%2BcIVO0aklIrX8n9wNBjE5s; expires=Tue, 05-Dec-2023 23:11:51 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Tue, 05-Dec-2023 23:11:51 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

GET worstideatum.com/reA3n475k3U/70849

23.109.248.166

200 OK

20 B

URL GET HTTP/1.1
worstideatum.com/reA3n475k3U/70849
IP
23.109.248.166:443
ASN
#7979 SERVERS-COM

Requested by
https://ds2play.com/d/
Certificate
IssuerLet's Encrypt
Subjectworstideatum.com
Fingerprint56:54:A5:6C:79:64:02:44:9A:17:E2:08:6E:8F:36:A8:14:F4:83:BE
ValidityWed, 27 Sep 2023 23:17:51 GMT - Tue, 26 Dec 2023 23:17:50 GMT

File type
gzip compressed data, from Unix\012- data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /reA3n475k3U/70849 HTTP/1.1
Host: worstideatum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 04 Dec 2023 23:11:51 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ds2play.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWXVBJ%2BEAHqFVQXz0Za%2FgIyntH6wL7aZU0NtLTPRtMvlNJgiCqLpFuGYp4k9R414NvJGs5fKhfmRNUz8JRkPfvvTtc8MFa3Gll86LfiKf4LDMwvnOrwmOIxlyWnbSKipwt6u%2F5mzsZhKkvRNGFUjnXUwF8t7ZbSFXxUiMmAn5STsa7NcuxId1iDmr96zNnkOGyC5VXF4jf9NG7cvyiIizsswC3Fwm4Qfr5k6rLEQ6OqEI4SsOUngarftGrmg5e3sB7KS6f%2F97HG%2BcIVO0aklIrX8n9wNBjE5s; expires=Tue, 05-Dec-2023 23:11:51 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Tue, 05-Dec-2023 23:11:51 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

GET i.doodcdn.co/theme_2/fonts/avertastd-black-webfont.woff2

172.67.70.190

200 OK

23 kB

URL GET HTTP/3
i.doodcdn.co/theme_2/fonts/avertastd-black-webfont.woff2
IP
172.67.70.190:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 22820, version 1.0\012- data
Size
23 kB (22820 bytes)
Hash
1e976387cb594982692bdbdffde86f91
9546836a7d80c17d85cdd37a9553852f00af031b
4dc982a61a00481f4c9545f9f2da64098428b4aec96838de3c194fa82373ce1d

HTTP Headers

GET /theme_2/fonts/avertastd-black-webfont.woff2 HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://i.doodcdn.co/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 23:11:52 GMT
content-type: font/woff2
content-length: 22820
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
cache-control: max-age=2592000
expires: Tue, 02 Jan 2024 05:26:48 GMT
vary: User-Agent,Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 64819
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m%2F0vIiLx%2BZcfcGL6HFM1PNWLOk0MZiB%2FoSMiHIBtCJ93bCkl72TWervqI9Q9i4XL9noXtug2o%2B0BCncxpVrX3K51HuryCoC5x9a1TagUAGj3nz62%2B1QXdMdsW67tfw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307bb1efe23569d-OSL
alt-svc: h3=":443"; ma=86400

GET ds2play.com/d/

172.67.70.18

200 OK

25 kB

URL User Request GET HTTP/2
ds2play.com/d/
IP
172.67.70.18:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectds2play.com
Fingerprint01:70:30:C0:4B:E8:2F:96:93:F4:0F:7C:31:5C:D0:AE:09:D6:0F:AC
ValidityThu, 30 Nov 2023 11:08:38 GMT - Wed, 28 Feb 2024 11:08:37 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2772), with no line terminators
Size
25 kB (24939 bytes)
Hash
5516902f310305064c7b2aaa099d9d61
ea7a5f53cfb40187ce4ba91d85da1f524e3c55ab
848e9bd7f22ebde1ff08dd059692ecdbf9b23c5ca2d43d946369b841be75cc20

HTTP Headers

GET /d/ HTTP/1.1
Host: ds2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 03 Dec 2023 23:11:51 GMT
set-cookie: lang=1; domain=.ds2play.com; path=/; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QyzqWU04zNSmUltar%2FrLZcO1u21AZnidfUK7Mt%2FVZ%2BOvkpU2sQujwHhYzOJN7DvrNS1YJRBVAQskceMLE%2FJg6BgzWnOl%2B2ehYujb5T3mpTn9L2rPj6oDdmLqaQ6x"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307bb181971b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET i.doodcdn.co/theme_2/css/style.css

172.67.70.190

200 OK

38 kB

URL GET HTTP/2
i.doodcdn.co/theme_2/css/style.css
IP
172.67.70.190:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65465)
Size
38 kB (38144 bytes)
Hash
6ff549c82309fe93cb6f38f8fcf60e49
c5621629b2a258c7fb572ab9d03517c7d60896fd
668326f298c9701a6422f5b7f229966fd87ae68940381a9c0c898197667a8c4c

HTTP Headers

GET /theme_2/css/style.css HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:51 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=249272
expires: Mon, 02 Dec 2024 05:00:39 GMT
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: HIT
age: 58813
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tKhWEarT%2B8Dh4Hy1%2BNT7KE09rtvi%2BcYvyusC%2FbE1Z58qMO9w3wtOQpBCpZYMOa6x%2FAsD39IvCXtQTk9md%2FVLbj0FLlC22%2Bkn3PlamW%2FWEADU6tHFxvyX8Kxm%2Fwl8zQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307bb1cdd10b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET forfeitsubscribe.com/06/e2/ee/06e2eefbde702208a7324b7b8f526df8.js

192.243.59.12

200 OK

17 kB

URL GET HTTP/1.1
forfeitsubscribe.com/06/e2/ee/06e2eefbde702208a7324b7b8f526df8.js
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ds2play.com/d/
Certificate
IssuerLet's Encrypt
Subjectforfeitsubscribe.com
Fingerprint82:B2:D8:34:F6:E3:2B:C7:7B:42:8E:0F:C8:FB:E1:E9:FC:49:04:1B
ValidityTue, 28 Nov 2023 06:52:30 GMT - Mon, 26 Feb 2024 06:52:29 GMT

File type
ASCII text, with very long lines (40884), with no line terminators
Size
17 kB (16613 bytes)
Hash
045a8eef68bbaa8e82c555e6f4c63529
70f313d262cb1ecc74c27dbe4409a80cf67be47a
32061f0d64bd2de1c15075738a7a002470bcf7f605a55a4aaaa57e5dded5ca83

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /06/e2/ee/06e2eefbde702208a7324b7b8f526df8.js HTTP/1.1
Host: forfeitsubscribe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 04 Dec 2023 23:11:52 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 406baac00510415ad36ba18630af5133
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET forfeitsubscribe.com/2c/03/60/2c0360ed33b0b4736859081c701f9a91.js

192.243.59.12

200 OK

14 kB

URL GET HTTP/1.1
forfeitsubscribe.com/2c/03/60/2c0360ed33b0b4736859081c701f9a91.js
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ds2play.com/d/
Certificate
IssuerLet's Encrypt
Subjectforfeitsubscribe.com
Fingerprint82:B2:D8:34:F6:E3:2B:C7:7B:42:8E:0F:C8:FB:E1:E9:FC:49:04:1B
ValidityTue, 28 Nov 2023 06:52:30 GMT - Mon, 26 Feb 2024 06:52:29 GMT

File type
ASCII text, with very long lines (37803), with no line terminators
Size
14 kB (13575 bytes)
Hash
0d622cf25483792c99cd3ada6a20caaa
f9c350879a5ddd9a74889e762f652ed17f98652f
96ff57070d4a6a48d7fcd102f3295907c2c43206c39fc4b5716ca37371d84564

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2c/03/60/2c0360ed33b0b4736859081c701f9a91.js HTTP/1.1
Host: forfeitsubscribe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 04 Dec 2023 23:11:52 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f702db40ee6c5d2cbb48710a22a3d7e2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET proftrafficcounter.com/stats

18.184.210.76

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.184.210.76:443
ASN
#16509 AMAZON-02

Requested by
https://ds2play.com/d/
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
35908cde64936e0a51641e3f15e02b60
a25c2455efe1ba98c39b909b456606442afc11f1
e3093e030774485642820b939a4d9e548a72095cb705180951026b7b491122fd

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:52 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://ds2play.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=0577b262-217f-4cd6-8ac2-9c22fa90980c:2:1; expires=Thu, 01 Dec 2033 23:11:52 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

GET proftrafficcounter.com/stats

18.184.210.76

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.184.210.76:443
ASN
#16509 AMAZON-02

Requested by
https://ds2play.com/d/
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
285008692cba47b9f2867c898e22b44c
fd1dc4d2151d2451c6b38ed1ea0a974417772e2e
405e8ee8be5a04faafbf56e4098fafbcdf7640f02196f48a7908b7b11ce360e8

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:52 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://ds2play.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=5ff712f9-bcc7-4efb-90d9-8ee068ff9fa4:2:1; expires=Thu, 01 Dec 2033 23:11:52 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

GET ipmathematical.org/Q3VWSkRsSjU5eSEhNTAncRkPDiMFOQEMLwQ3AwQmGyQDDBUFNHA+LSdIb3p8c0BgbDQqEWt7YjABNz4xMEhnbC0tEzl3YjVIZ2R3d1tlfmpzUyN3dWUBJisjfkRwOjA3GWt7c3NEYXl1dkRueXF2

172.67.146.16

204 No Content

0 B

URL GET HTTP/2
ipmathematical.org/Q3VWSkRsSjU5eSEhNTAncRkPDiMFOQEMLwQ3AwQmGyQDDBUFNHA+LSdIb3p8c0BgbDQqEWt7YjABNz4xMEhnbC0tEzl3YjVIZ2R3d1tlfmpzUyN3dWUBJisjfkRwOjA3GWt7c3NEYXl1dkRueXF2
IP
172.67.146.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerGoogle Trust Services LLC
Subjectipmathematical.org
FingerprintD2:34:74:D1:16:55:F8:EF:87:87:38:64:00:6A:AA:9B:4C:F4:F1:CF
ValidityWed, 29 Nov 2023 06:02:08 GMT - Tue, 27 Feb 2024 06:02:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /Q3VWSkRsSjU5eSEhNTAncRkPDiMFOQEMLwQ3AwQmGyQDDBUFNHA+LSdIb3p8c0BgbDQqEWt7YjABNz4xMEhnbC0tEzl3YjVIZ2R3d1tlfmpzUyN3dWUBJisjfkRwOjA3GWt7c3NEYXl1dkRueXF2 HTTP/1.1
Host: ipmathematical.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Mon, 04 Dec 2023 23:11:52 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aM0%2B1VoXCK46a8wY8w1ex3cwNpgWqOrWwMii%2FRjOrgl3KieC4adzNtW%2B4ftW4JNDSfCa2TUFLytIyCTXOdsl0L9jwDNfcF8MnanlJva7d3CyuoRyi1JSk0kSwLHEArm%2FsvEiRHQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307bb22be7eb524-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET orgotitedu.info/ZmQ3YVMHBlQMbAdZVUcmFAgKRGEgQQUnN1cCB1QlFFdECyATHQBPMAoLQgU1FAtZFX0IAUNEYSA1VlMdVwVdLBoiJkQsFyRcfCQFBS9gUCcgPEA3HSU1bicLNBBSKRA8IHsYPDwpchIWKx5xAgsjVG8lJFIrYFEGPCcGUR4+CHoxCzcMUjMWHjdzFhUvPF80NSMcWCMXASF7JCQsI3UwBiEhW1QdIAxlOQsBNW0pEjwCdAoJLih2OxUzVXU4ElYpYikSNDx1IwIhMEAnMSI1cTESMBBkMwY3IGMNElUwQCcxICZAJBEwXXAzOgEzYDceKDx2BRwzIBoFAycyRDMSVlx2Kj8sIm8ZYgQ3WyMKJxNAJhUBIlQ1PyMeYCAdBzEHNzEnVUcmAVcUYSA7IzVzJyQyNlwCICcIQzYEVwthKT9TIRELIAkKR1w6KhRzKD88HFgxF1AL

108.157.229.6

200 OK

1.2 kB

URL GET HTTP/2
orgotitedu.info/ZmQ3YVMHBlQMbAdZVUcmFAgKRGEgQQUnN1cCB1QlFFdECyATHQBPMAoLQgU1FAtZFX0IAUNEYSA1VlMdVwVdLBoiJkQsFyRcfCQFBS9gUCcgPEA3HSU1bicLNBBSKRA8IHsYPDwpchIWKx5xAgsjVG8lJFIrYFEGPCcGUR4+CHoxCzcMUjMWHjdzFhUvPF80NSMcWCMXASF7JCQsI3UwBiEhW1QdIAxlOQsBNW0pEjwCdAoJLih2OxUzVXU4ElYpYikSNDx1IwIhMEAnMSI1cTESMBBkMwY3IGMNElUwQCcxICZAJBEwXXAzOgEzYDceKDx2BRwzIBoFAycyRDMSVlx2Kj8sIm8ZYgQ3WyMKJxNAJhUBIlQ1PyMeYCAdBzEHNzEnVUcmAVcUYSA7IzVzJyQyNlwCICcIQzYEVwthKT9TIRELIAkKR1w6KhRzKD88HFgxF1AL
IP
108.157.229.6:443
ASN
#0

Requested by
https://ds2play.com/d/
Certificate
IssuerAmazon
Subjectorgotitedu.info
Fingerprint79:CC:FF:0E:F4:F4:8A:D7:72:F6:75:7A:06:B2:F5:7A:84:55:95:F5
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sun, 10 Nov 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3044), with no line terminators
Size
1.2 kB (1193 bytes)
Hash
0030f993926557f0eaad83d1f2f8f3cd
58d3b53e472e75118f08982ea876ba0ed560bb54
63cdc3d47120091adfd61a450eed474ff2d7c42c95654153f9fe6c4b81cf0e32

HTTP Headers

GET /ZmQ3YVMHBlQMbAdZVUcmFAgKRGEgQQUnN1cCB1QlFFdECyATHQBPMAoLQgU1FAtZFX0IAUNEYSA1VlMdVwVdLBoiJkQsFyRcfCQFBS9gUCcgPEA3HSU1bicLNBBSKRA8IHsYPDwpchIWKx5xAgsjVG8lJFIrYFEGPCcGUR4+CHoxCzcMUjMWHjdzFhUvPF80NSMcWCMXASF7JCQsI3UwBiEhW1QdIAxlOQsBNW0pEjwCdAoJLih2OxUzVXU4ElYpYikSNDx1IwIhMEAnMSI1cTESMBBkMwY3IGMNElUwQCcxICZAJBEwXXAzOgEzYDceKDx2BRwzIBoFAycyRDMSVlx2Kj8sIm8ZYgQ3WyMKJxNAJhUBIlQ1PyMeYCAdBzEHNzEnVUcmAVcUYSA7IzVzJyQyNlwCICcIQzYEVwthKT9TIRELIAkKR1w6KhRzKD88HFgxF1AL HTTP/1.1
Host: orgotitedu.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-length: 1193
date: Mon, 04 Dec 2023 23:11:52 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 41ce182e8f343263845579fafd1af6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: RVRAVG6uIPIg4FbuaVkxFAGBijMIPjWdxVjCUUVliHC4Kt0V1QBsHQ==
X-Firefox-Spdy: h2

GET ipmathematical.org/VGdNVld7WC4lajYLJi4CP1YrDxYWACs6YjslIBhvDDAIHDY6DGsiPjBadGZmZlJ1cCc9A3BkbnIUOTcjIRRwZ3E9CSs5anIRcGd5ZEl7ZnlnQThrZnITPTcwaVZrJiMgC3BnYGRWemVmYVZ1ZW5k

172.67.146.16

204 No Content

0 B

URL GET HTTP/2
ipmathematical.org/VGdNVld7WC4lajYLJi4CP1YrDxYWACs6YjslIBhvDDAIHDY6DGsiPjBadGZmZlJ1cCc9A3BkbnIUOTcjIRRwZ3E9CSs5anIRcGd5ZEl7ZnlnQThrZnITPTcwaVZrJiMgC3BnYGRWemVmYVZ1ZW5k
IP
172.67.146.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerGoogle Trust Services LLC
Subjectipmathematical.org
FingerprintD2:34:74:D1:16:55:F8:EF:87:87:38:64:00:6A:AA:9B:4C:F4:F1:CF
ValidityWed, 29 Nov 2023 06:02:08 GMT - Tue, 27 Feb 2024 06:02:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /VGdNVld7WC4lajYLJi4CP1YrDxYWACs6YjslIBhvDDAIHDY6DGsiPjBadGZmZlJ1cCc9A3BkbnIUOTcjIRRwZ3E9CSs5anIRcGd5ZEl7ZnlnQThrZnITPTcwaVZrJiMgC3BnYGRWemVmYVZ1ZW5k HTTP/1.1
Host: ipmathematical.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Mon, 04 Dec 2023 23:11:52 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U05di8L%2BTkS2JJTsrtQEG0Jq4Zf9tm3iihmatKCUajaUtAkhqOdqXDXm6RaszD%2B%2FXcZji3F8LD0KSjuHV%2F7ukHQQazczSH7odhrN9AjWhiUtsvyBx39qv%2Bdm%2BQrZP3maIJIfKVw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307bb22be80b524-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET getbestpolojpob.org/M0N1NnZSIRZbSVJ+FxADQS9IE0R1ZkdwEgIlRQMAQXAGXAVGOkIYFV8sAFIQQSwbQlhdJgETRHUaJAY/RBJEWRF/FUFaLGcgB2A+BikWBTtwJxh8GngGOEU4dw1QBDBiKRFEPWIrEnQiQBczWiN8CBhjRGAqEVgVAREWfxxiKBNOL14NNnRTAQU0YSMECQx3OFdwAgU7X3sabA9YMiNfBUUPJmQyfDkRWjgCBVAENH06AgIhYHtHfxtQADdhT0cgHWAOUi4GByFgc1AENH8HI3IsXisPejNhLhR+OEkCMgcHaS0zTyxeKw94IFg3F34SXQICcFMBBRZuPHonIgMbUBtYfBtSCzhBJF4ZBXcYfgIRWCRJIg1gDlIqJFgjSiREbBhxcRZhBkogEnQPUi0/WDddDk19HHEVP2IjBBkCfzBScDsFPl0NTXgYCwFTXAVcLQULBEdyH3wmdSIlYhN+Mw

65.9.55.109

200 OK

1.2 kB

URL GET HTTP/2
getbestpolojpob.org/M0N1NnZSIRZbSVJ+FxADQS9IE0R1ZkdwEgIlRQMAQXAGXAVGOkIYFV8sAFIQQSwbQlhdJgETRHUaJAY/RBJEWRF/FUFaLGcgB2A+BikWBTtwJxh8GngGOEU4dw1QBDBiKRFEPWIrEnQiQBczWiN8CBhjRGAqEVgVAREWfxxiKBNOL14NNnRTAQU0YSMECQx3OFdwAgU7X3sabA9YMiNfBUUPJmQyfDkRWjgCBVAENH06AgIhYHtHfxtQADdhT0cgHWAOUi4GByFgc1AENH8HI3IsXisPejNhLhR+OEkCMgcHaS0zTyxeKw94IFg3F34SXQICcFMBBRZuPHonIgMbUBtYfBtSCzhBJF4ZBXcYfgIRWCRJIg1gDlIqJFgjSiREbBhxcRZhBkogEnQPUi0/WDddDk19HHEVP2IjBBkCfzBScDsFPl0NTXgYCwFTXAVcLQULBEdyH3wmdSIlYhN+Mw
IP
65.9.55.109:443
ASN
#16509 AMAZON-02

Requested by
https://ds2play.com/d/
Certificate
IssuerAmazon
Subjectgetbestpolojpob.org
FingerprintBD:F6:95:89:F9:7E:C8:03:91:9C:73:E7:C5:4C:5B:31:83:EF:77:ED
ValidityWed, 29 Nov 2023 00:00:00 GMT - Fri, 27 Dec 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3044), with no line terminators
Size
1.2 kB (1193 bytes)
Hash
db0222cb0ef4b0bdb5467a62ea651c20
3297629d6fb5eb3fa8808cbe536127a1dd668af3
94eccedda997c96bcb2fba81937bcba540a2c52abb76ffac2e92a59c7e04a8db

HTTP Headers

GET /M0N1NnZSIRZbSVJ+FxADQS9IE0R1ZkdwEgIlRQMAQXAGXAVGOkIYFV8sAFIQQSwbQlhdJgETRHUaJAY/RBJEWRF/FUFaLGcgB2A+BikWBTtwJxh8GngGOEU4dw1QBDBiKRFEPWIrEnQiQBczWiN8CBhjRGAqEVgVAREWfxxiKBNOL14NNnRTAQU0YSMECQx3OFdwAgU7X3sabA9YMiNfBUUPJmQyfDkRWjgCBVAENH06AgIhYHtHfxtQADdhT0cgHWAOUi4GByFgc1AENH8HI3IsXisPejNhLhR+OEkCMgcHaS0zTyxeKw94IFg3F34SXQICcFMBBRZuPHonIgMbUBtYfBtSCzhBJF4ZBXcYfgIRWCRJIg1gDlIqJFgjSiREbBhxcRZhBkogEnQPUi0/WDddDk19HHEVP2IjBBkCfzBScDsFPl0NTXgYCwFTXAVcLQULBEdyH3wmdSIlYhN+Mw HTTP/1.1
Host: getbestpolojpob.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-length: 1193
date: Mon, 04 Dec 2023 23:11:52 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 0dbf67e262a6295e9e8f6570f9aae7e0.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: nLNIL-J6BTd9S0wmuBKcdXuUwxADbdm5BbZMhg3zHggOlGSGYQq8Vw==
X-Firefox-Spdy: h2

GET ipmathematical.org/WDY1eGd3CVYLWg5+XTwzDV5SKy8WAVM/MRFSW0lCanRsSF4hUFsPQSxfUUVebwIHTFR+RlwcWmkOEwsTOUJAC1ppEFwWATcLEw5aaRgFVlV2AhMNWmkQQQgGPwsEXhcsQllFVm8GBE9UaQMEQFRvBg

172.67.146.16

204 No Content

0 B

URL GET HTTP/2
ipmathematical.org/WDY1eGd3CVYLWg5+XTwzDV5SKy8WAVM/MRFSW0lCanRsSF4hUFsPQSxfUUVebwIHTFR+RlwcWmkOEwsTOUJAC1ppEFwWATcLEw5aaRgFVlV2AhMNWmkQQQgGPwsEXhcsQllFVm8GBE9UaQMEQFRvBg
IP
172.67.146.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerGoogle Trust Services LLC
Subjectipmathematical.org
FingerprintD2:34:74:D1:16:55:F8:EF:87:87:38:64:00:6A:AA:9B:4C:F4:F1:CF
ValidityWed, 29 Nov 2023 06:02:08 GMT - Tue, 27 Feb 2024 06:02:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /WDY1eGd3CVYLWg5+XTwzDV5SKy8WAVM/MRFSW0lCanRsSF4hUFsPQSxfUUVebwIHTFR+RlwcWmkOEwsTOUJAC1ppEFwWATcLEw5aaRgFVlV2AhMNWmkQQQgGPwsEXhcsQllFVm8GBE9UaQMEQFRvBg HTTP/1.1
Host: ipmathematical.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Mon, 04 Dec 2023 23:11:52 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qyF1TraEJdh0A8Sjp5u0KtdQ%2B5oHjwrf74mZXgxujV0gDCezQj4kyty7WTFjAyXv81Igzmsnb7xkAyR4EO9sBCiTxIQ364SESg3xIeNT9MLRJ1WDHZfhqLqqWWdXSBWhYcEkkjo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307bb22de8cb524-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET getbestpolojpob.org/UzVvQmIyVwwvXTIIDWQXIVlSZ1AVEF0EBmJTX3cUIQYcKBEmTFhsAT9aGiYEIVoBNkw9UBtnUBVGCylTOlA3LTQaUhgkMAJ8BAAJAXE+Gg4CYTouMxlNKhUkEm8YDyFrTC41EWFhPC1WGAQudToSfFwACQF+OgEnF3MXcy4yQgwaJQZBVxAgNFApCiAEbRh6OjB0VxUjEQ0HBgo7Uz0DFgtjXzI2NQQlECYBDQUACgp7LRUKAmY9EyEycy0IMWNvBRcOK38hBQoCZj5yBBoEPQw6Y2A/EFInfissFgRtKilSMnMtCCESdwAXNjt5PSwKHmY5DDY1BEILBxtNOi8mBU0mDypqZjwHEhRTKQgrCwU9eyARdCYHGyB7LhRbFnZeDCgHBAd7MBJNJxAVdV8cLQwjCD0UKiZzO3YyHVNdAA

65.9.55.109

200 OK

1.2 kB

URL GET HTTP/2
getbestpolojpob.org/UzVvQmIyVwwvXTIIDWQXIVlSZ1AVEF0EBmJTX3cUIQYcKBEmTFhsAT9aGiYEIVoBNkw9UBtnUBVGCylTOlA3LTQaUhgkMAJ8BAAJAXE+Gg4CYTouMxlNKhUkEm8YDyFrTC41EWFhPC1WGAQudToSfFwACQF+OgEnF3MXcy4yQgwaJQZBVxAgNFApCiAEbRh6OjB0VxUjEQ0HBgo7Uz0DFgtjXzI2NQQlECYBDQUACgp7LRUKAmY9EyEycy0IMWNvBRcOK38hBQoCZj5yBBoEPQw6Y2A/EFInfissFgRtKilSMnMtCCESdwAXNjt5PSwKHmY5DDY1BEILBxtNOi8mBU0mDypqZjwHEhRTKQgrCwU9eyARdCYHGyB7LhRbFnZeDCgHBAd7MBJNJxAVdV8cLQwjCD0UKiZzO3YyHVNdAA
IP
65.9.55.109:443
ASN
#16509 AMAZON-02

Requested by
https://ds2play.com/d/
Certificate
IssuerAmazon
Subjectgetbestpolojpob.org
FingerprintBD:F6:95:89:F9:7E:C8:03:91:9C:73:E7:C5:4C:5B:31:83:EF:77:ED
ValidityWed, 29 Nov 2023 00:00:00 GMT - Fri, 27 Dec 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3021), with no line terminators
Size
1.2 kB (1173 bytes)
Hash
78c957e59d4ccae713dddc6b2c21d2f1
b5337fc9b67b7b642b9f45ddb5f82150534a52fe
92256da014c6b1b52236cdd6011e8629ffd7ef9d8a1fd690fdfd16e72fb8e68d

HTTP Headers

GET /UzVvQmIyVwwvXTIIDWQXIVlSZ1AVEF0EBmJTX3cUIQYcKBEmTFhsAT9aGiYEIVoBNkw9UBtnUBVGCylTOlA3LTQaUhgkMAJ8BAAJAXE+Gg4CYTouMxlNKhUkEm8YDyFrTC41EWFhPC1WGAQudToSfFwACQF+OgEnF3MXcy4yQgwaJQZBVxAgNFApCiAEbRh6OjB0VxUjEQ0HBgo7Uz0DFgtjXzI2NQQlECYBDQUACgp7LRUKAmY9EyEycy0IMWNvBRcOK38hBQoCZj5yBBoEPQw6Y2A/EFInfissFgRtKilSMnMtCCESdwAXNjt5PSwKHmY5DDY1BEILBxtNOi8mBU0mDypqZjwHEhRTKQgrCwU9eyARdCYHGyB7LhRbFnZeDCgHBAd7MBJNJxAVdV8cLQwjCD0UKiZzO3YyHVNdAA HTTP/1.1
Host: getbestpolojpob.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-length: 1173
date: Mon, 04 Dec 2023 23:11:52 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 0dbf67e262a6295e9e8f6570f9aae7e0.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: rDcPOWjIyhlV8NrVgfOTaEy23cFguVP1r7Bqgp1zHh73UVU_uVetbg==
X-Firefox-Spdy: h2

GET ds2play.com/favicon.ico

172.67.70.18

200 OK

15 kB

URL GET HTTP/3
ds2play.com/favicon.ico
IP
172.67.70.18:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerGoogle Trust Services LLC
Subjectds2play.com
Fingerprint01:70:30:C0:4B:E8:2F:96:93:F4:0F:7C:31:5C:D0:AE:09:D6:0F:AC
ValidityThu, 30 Nov 2023 11:08:38 GMT - Wed, 28 Feb 2024 11:08:37 GMT

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
15 kB (15406 bytes)
Hash
30d3656f43c817e38c3e7d70b2bfbdad
1aa43b43755e7cba5e145d0978517f7bedad7da6
a558a4796f60f07743027eec96b538b2e7758cca8c544ed796ff745837478555

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ds2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/d/
Cookie: lang=1; ppu_show_on_06e2eefbde702208a7324b7b8f526df8=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 23:11:53 GMT
content-type: image/x-icon
content-length: 15406
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
etag: "61d3187c-3c2e"
expires: Mon, 25 Dec 2023 03:32:55 GMT
cache-control: public, max-age=2592000, no-transform
access-control-allow-origin: *
cf-cache-status: HIT
age: 848338
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vmB8u7%2FgFmFokIwx7rgtdd9RFF1WB14zGMYgxgQqDWBaSac2CHnix1iLuYfyy79HDyirqmMr8jnRhtEoiYGlHm6xT7M1U5EOpIJsIrL%2B4OzQC4gSHeKFcO25xW3J"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb259cadb505-OSL
alt-svc: h3=":443"; ma=86400

GET accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail

173.194.73.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
173.194.73.84:443
ASN
#15169 GOOGLE

Requested by
https://ds2play.com/d/
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint1E:A9:E1:96:78:1D:08:FC:96:C8:C2:34:4F:02:D3:3D:FA:9A:D2:6B
ValidityMon, 23 Oct 2023 11:25:04 GMT - Mon, 15 Jan 2024 11:25:03 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:8l7deD8syF4WMZfKCK-F6Gl3LeMkEA:eeap61IlSnn5RWH8; Expires=Wed, 03-Dec-2025 23:11:53 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 04 Dec 2023 23:11:53 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp2BDzrVTG6GklebODYOrOYKJkjGgzTeOvthb6b004LRPWH-uAQs0UL-BWuqCsr9nY6dTBHo
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-L1FhNos90a2XmQK4aWkYhQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: unsafe-none
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

173.194.73.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
173.194.73.84:443
ASN
#15169 GOOGLE

Requested by
https://ds2play.com/d/
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint1E:A9:E1:96:78:1D:08:FC:96:C8:C2:34:4F:02:D3:3D:FA:9A:D2:6B
ValidityMon, 23 Oct 2023 11:25:04 GMT - Mon, 15 Jan 2024 11:25:03 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:z_1xMrAEgnnRyf0g5vd-dtmR4VzbEQ:9C8FazL5KNDa66vu; Expires=Wed, 03-Dec-2025 23:11:53 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 04 Dec 2023 23:11:53 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp1j0pVI0y-ATHV1XcLF_CnJtKFJqJzUiZd2tY79Ju1tA-jMNRnlqyC59RJLBvi9VK-uUH1nyg
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: unsafe-none
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-Oq0YjlmiAZbI8A9pr0EPew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET getbestpolojpob.org/utx?cb=fXjOdIHFKbzH&top=ds2play.com&tid=901258

65.9.55.109

204 No Content

0 B

URL GET HTTP/2
getbestpolojpob.org/utx?cb=fXjOdIHFKbzH&top=ds2play.com&tid=901258
IP
65.9.55.109:443
ASN
#16509 AMAZON-02

Requested by
https://ds2play.com/d/
Certificate
IssuerAmazon
Subjectgetbestpolojpob.org
FingerprintBD:F6:95:89:F9:7E:C8:03:91:9C:73:E7:C5:4C:5B:31:83:EF:77:ED
ValidityWed, 29 Nov 2023 00:00:00 GMT - Fri, 27 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=fXjOdIHFKbzH&top=ds2play.com&tid=901258 HTTP/1.1
Host: getbestpolojpob.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Mon, 04 Dec 2023 23:11:53 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://ds2play.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 04 Dec 2023 23:12:53 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 0dbf67e262a6295e9e8f6570f9aae7e0.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: cu4lGmb0dgRwBfqTcZFuUSG5CwnlUv_ElmQvF7gwbPuRNI7GRMxM3A==
X-Firefox-Spdy: h2

GET orgotitedu.info/utx?cb=pn80KA1iIVNH&top=ds2play.com&tid=908056

108.157.229.6

204 No Content

0 B

URL GET HTTP/2
orgotitedu.info/utx?cb=pn80KA1iIVNH&top=ds2play.com&tid=908056
IP
108.157.229.6:443
ASN
#0

Requested by
https://ds2play.com/d/
Certificate
IssuerAmazon
Subjectorgotitedu.info
Fingerprint79:CC:FF:0E:F4:F4:8A:D7:72:F6:75:7A:06:B2:F5:7A:84:55:95:F5
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sun, 10 Nov 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=pn80KA1iIVNH&top=ds2play.com&tid=908056 HTTP/1.1
Host: orgotitedu.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Mon, 04 Dec 2023 23:11:53 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://ds2play.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 04 Dec 2023 23:12:53 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 41ce182e8f343263845579fafd1af6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: zotQnAwLjiSa963_c2dbtp7XNcwQ2C0FnWDRKShhjfkp8ABGNv9lCw==
X-Firefox-Spdy: h2

GET accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp2BDzrVTG6GklebODYOrOYKJkjGgzTeOvthb6b004LRPWH-uAQs0UL-BWuqCsr9nY6dTBHo

173.194.73.84

302 Found

403 B

URL GET HTTP/2
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp2BDzrVTG6GklebODYOrOYKJkjGgzTeOvthb6b004LRPWH-uAQs0UL-BWuqCsr9nY6dTBHo
IP
173.194.73.84:443
ASN
#15169 GOOGLE

Requested by
https://ds2play.com/d/
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint1E:A9:E1:96:78:1D:08:FC:96:C8:C2:34:4F:02:D3:3D:FA:9A:D2:6B
ValidityMon, 23 Oct 2023 11:25:04 GMT - Mon, 15 Jan 2024 11:25:03 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (395)
Size
403 B (403 bytes)
Hash
acc5b468c0533a6a161cb8c803688193
38be3964b1251d9b8fc2496e85656935ff62fac5
fb3e7738ec4ae20808bfbbcd42edde1dd3407491ad013d87aaf651da3998e67e

HTTP Headers

GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp2BDzrVTG6GklebODYOrOYKJkjGgzTeOvthb6b004LRPWH-uAQs0UL-BWuqCsr9nY6dTBHo HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:mLHlR63qH-vVMMsehzv0mpWFq08RuA:m2oedlVYSp2gKZjo;Path=/;Expires=Wed, 03-Dec-2025 23:11:53 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 04 Dec 2023 23:11:53 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1KnTJmGjoiXOULI8wG_j3lWOV9tQdcXlcdFri9v4cuiEjtHHyyY6QXbYIxuJONRuKyI04J0g&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-519995528%3A1701731513368123&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-F02I-h0J5jdJpcsZ5YsiUA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 403
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp1j0pVI0y-ATHV1XcLF_CnJtKFJqJzUiZd2tY79Ju1tA-jMNRnlqyC59RJLBvi9VK-uUH1nyg

173.194.73.84

302 Found

403 B

URL GET HTTP/2
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp1j0pVI0y-ATHV1XcLF_CnJtKFJqJzUiZd2tY79Ju1tA-jMNRnlqyC59RJLBvi9VK-uUH1nyg
IP
173.194.73.84:443
ASN
#15169 GOOGLE

Requested by
https://ds2play.com/d/
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint1E:A9:E1:96:78:1D:08:FC:96:C8:C2:34:4F:02:D3:3D:FA:9A:D2:6B
ValidityMon, 23 Oct 2023 11:25:04 GMT - Mon, 15 Jan 2024 11:25:03 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (399)
Size
403 B (403 bytes)
Hash
ed25905c687e267d3ce905ffa0136ae5
eb1ae36ac167dcfc0c933d6b2c8b195eb9ace2d0
2a8fff5d1560b3a44d23c0094c41cbe9b52081f7de4b011987ba495fddde4643

HTTP Headers

GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp1j0pVI0y-ATHV1XcLF_CnJtKFJqJzUiZd2tY79Ju1tA-jMNRnlqyC59RJLBvi9VK-uUH1nyg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:wLMn0MeygVRFPqLtdgs1m-ip3e2THQ:lasndi8HBwNvQxLX;Path=/;Expires=Wed, 03-Dec-2025 23:11:53 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 04 Dec 2023 23:11:53 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2OzE0s-rpmd2Ev3AvPYklThnxjrdH0hxBqWV2WwNRpOhC50mPfXqhadbi0DOqEK4gW5AOynw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-838037988%3A1701731513374880&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-iSrHIoC2JI8Olzkr-Db7jg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 403
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

d1f05vr3sjsuy7.cloudfront.net/sdk1ieXoVIgwfRQIkBkRDQXlQTUlQJxEWFAZwMC8yAws2TSo4K1A7XAI3BkRKUCEDFx1LawcXGUt8RBgeFHBWXw8XcA8WAB8hDhhfRAtXV0pTf1JRDR8jBhYNBWhQSRQCaFBJS0ZjUlxJNGhQSQ0fI1RNX0UPR0tKDntWXEk0aFBJCABoUThLRnhMSVNTf1-IeHxUmDVxIMH9SSEpGfFJIX0R9BBAIEysNAV9EC1NJT1h9RAxHRw

54.230.241.212

258 B

URL
d1f05vr3sjsuy7.cloudfront.net/sdk1ieXoVIgwfRQIkBkRDQXlQTUlQJxEWFAZwMC8yAws2TSo4K1A7XAI3BkRKUCEDFx1LawcXGUt8RBgeFHBWXw8XcA8WAB8hDhhfRAtXV0pTf1JRDR8jBhYNBWhQSRQCaFBJS0ZjUlxJNGhQSQ0fI1RNX0UPR0tKDntWXEk0aFBJCABoUThLRnhMSVNTf1-IeHxUmDVxIMH9SSEpGfFJIX0R9BBAIEysNAV9EC1NJT1h9RAxHRw
IP
54.230.241.212:0
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
258 B (258 bytes)
Hash
3f2d5f2b7ee0764499871f028b45c4df
e80a81851fbc08e113d7b7ebaa2303a434865f0b
65e63479d27306cc910158306538fdc7e491e1c1c5979e358185814eaab490a7

HTTP Headers

GET /sdk1ieXoVIgwfRQIkBkRDQXlQTUlQJxEWFAZwMC8yAws2TSo4K1A7XAI3BkRKUCEDFx1LawcXGUt8RBgeFHBWXw8XcA8WAB8hDhhfRAtXV0pTf1JRDR8jBhYNBWhQSRQCaFBJS0ZjUlxJNGhQSQ0fI1RNX0UPR0tKDntWXEk0aFBJCABoUThLRnhMSVNTf1-IeHxUmDVxIMH9SSEpGfFJIX0R9BBAIEysNAV9EC1NJT1h9RAxHRw HTTP/1.1
Host: d1f05vr3sjsuy7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://getbestpolojpob.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 258
date: Mon, 04 Dec 2023 23:11:53 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: iRztv4izQUqNPdjLv15UU9lniV-xVCIX2yAqT6q1AM-WEscFo9TVKQ==
X-Firefox-Spdy: h2

d1f05vr3sjsuy7.cloudfront.net/YQ0IwQ1ogLV4lZTcrVH5jc3MCdmJlKEMsNDN/QjdrKQhgBTsTFlUOKmU2Sidnc2RcIjQkfxYmNCB/AWU7JyANd3w3Ml8oZykqVisvLSRDOzdlN1F+Nyw4WS82ImcCBW9tchVxams1WS0+LDVDZmhzLERmaHNzAG1qZnFyZmhzNVktbHdnAwF/cXJIdW5mcX-JmaHMwRmZpAnMAdnRzaxVxaiQnUyg1ZnB2cWpycgByanJnAnM8KjBVJTU7ZwIFa3N3HnN8Nn8B

54.230.241.212

447 B

URL
d1f05vr3sjsuy7.cloudfront.net/YQ0IwQ1ogLV4lZTcrVH5jc3MCdmJlKEMsNDN/QjdrKQhgBTsTFlUOKmU2Sidnc2RcIjQkfxYmNCB/AWU7JyANd3w3Ml8oZykqVisvLSRDOzdlN1F+Nyw4WS82ImcCBW9tchVxams1WS0+LDVDZmhzLERmaHNzAG1qZnFyZmhzNVktbHdnAwF/cXJIdW5mcX-JmaHMwRmZpAnMAdnRzaxVxaiQnUyg1ZnB2cWpycgByanJnAnM8KjBVJTU7ZwIFa3N3HnN8Nn8B
IP
54.230.241.212:0
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
ASCII text, with very long lines (597), with no line terminators
Size
447 B (447 bytes)
Hash
d82d51f366c8a556bde9e7ecb7cd3236
6b48e87b293e37845579916f7e8caca6b132d03e
252edebbc89415690904be2f12c5ed8a944dba073bfffba65e76ead5a4f7737c

HTTP Headers

GET /YQ0IwQ1ogLV4lZTcrVH5jc3MCdmJlKEMsNDN/QjdrKQhgBTsTFlUOKmU2Sidnc2RcIjQkfxYmNCB/AWU7JyANd3w3Ml8oZykqVisvLSRDOzdlN1F+Nyw4WS82ImcCBW9tchVxams1WS0+LDVDZmhzLERmaHNzAG1qZnFyZmhzNVktbHdnAwF/cXJIdW5mcX-JmaHMwRmZpAnMAdnRzaxVxaiQnUyg1ZnB2cWpycgByanJnAnM8KjBVJTU7ZwIFa3N3HnN8Nn8B HTTP/1.1
Host: d1f05vr3sjsuy7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://getbestpolojpob.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 447
date: Mon, 04 Dec 2023 23:11:53 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: R4GtBhylhLedM0TeIA4ctLmaedkkuB5BQn3btyRAuQIX2tqaaWh5mg==
X-Firefox-Spdy: h2

d1f05vr3sjsuy7.cloudfront.net/Qa2N1ajMIDBsMDB8KEVcKW1tFXwVNCQYFXRteHCZDLyoZMEsEMzFcXE0XDw4OW0UZC10MXlMPXQheRExSDwFIXhUfExoBDgELEwJGBQUGEl5NFhRXXgQZHAZfCkZHLAZFU1BYA0MUHARXBBQGTwFbDQFPAVtSRUQDTlA3TwFbFBwEBV9GRigWWVMNXAdOUD-dPAVsRA08AKlJFXx1bSlBYAwwGFgFcTlEzWANaU0VbA1pGR1pVAhEQDFwTRkcsAltWW1oVHl5E

54.230.241.212

612 B

URL
d1f05vr3sjsuy7.cloudfront.net/Qa2N1ajMIDBsMDB8KEVcKW1tFXwVNCQYFXRteHCZDLyoZMEsEMzFcXE0XDw4OW0UZC10MXlMPXQheRExSDwFIXhUfExoBDgELEwJGBQUGEl5NFhRXXgQZHAZfCkZHLAZFU1BYA0MUHARXBBQGTwFbDQFPAVtSRUQDTlA3TwFbFBwEBV9GRigWWVMNXAdOUD-dPAVsRA08AKlJFXx1bSlBYAwwGFgFcTlEzWANaU0VbA1pGR1pVAhEQDFwTRkcsAltWW1oVHl5E
IP
54.230.241.212:0
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
ASCII text, with very long lines (853), with no line terminators
Size
612 B (612 bytes)
Hash
db10688df6effbb1419ecb0f81eca60e
d7f2c8d98fa7fb216545a1ac4daf9cc87fe64371
a7af8ba59ebde3f4a694f122f6d4d8cc8397e130a6807488c19bdbf38f369629

HTTP Headers

GET /Qa2N1ajMIDBsMDB8KEVcKW1tFXwVNCQYFXRteHCZDLyoZMEsEMzFcXE0XDw4OW0UZC10MXlMPXQheRExSDwFIXhUfExoBDgELEwJGBQUGEl5NFhRXXgQZHAZfCkZHLAZFU1BYA0MUHARXBBQGTwFbDQFPAVtSRUQDTlA3TwFbFBwEBV9GRigWWVMNXAdOUD-dPAVsRA08AKlJFXx1bSlBYAwwGFgFcTlEzWANaU0VbA1pGR1pVAhEQDFwTRkcsAltWW1oVHl5E HTTP/1.1
Host: d1f05vr3sjsuy7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://orgotitedu.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 612
date: Mon, 04 Dec 2023 23:11:53 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UyBiSRjH5MJkpqB3J204Mqv307cv-0e1hfpMIy4hvPxBRvN8_tx5VA==
X-Firefox-Spdy: h2

GET pogothere.xyz/

172.64.110.13

200 OK

29 B

URL GET HTTP/2
pogothere.xyz/
IP
172.64.110.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
29 B (29 bytes)
Hash
fac1a677a3561ff1d97f63ca4cd2edfe
2f4331a04399913d6f4231ac4233f75d550e569c
938284e2da32d1e89466dea9a8ca5054b3756a46b77d1e612274bb98aff76e65

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:53 GMT
content-type: text/plain
set-cookie: csu=1962401213087510@1@1701731513; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://ds2play.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kIJ2ijaD%2BvWQELrbDDldGYhSw2J2Fwsdsf%2BU7FK0qafkpwX51RQun8d%2FYqO1xNu3KSEYWTba8c81oWRjOnnEagUkOhg9DxeWNg5GsXrSIoe7Hb1pYLJ%2FRCcmBxRSfkuM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307bb26a98c52e2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET interbasevideopregnant.com/sbar.json?key=2c0360ed33b0b4736859081c701f9a91

173.233.137.52

200 OK

4.1 kB

URL GET HTTP/1.1
interbasevideopregnant.com/sbar.json?key=2c0360ed33b0b4736859081c701f9a91
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://ds2play.com/d/
Certificate
IssuerLet's Encrypt
Subjectinterbasevideopregnant.com
Fingerprint05:CE:54:0F:E3:69:0F:FA:81:8B:E1:49:7E:A8:C7:B9:AD:FA:67:8F
ValidityTue, 28 Nov 2023 10:51:51 GMT - Mon, 26 Feb 2024 10:51:50 GMT

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (5716), with no line terminators
Size
4.1 kB (4056 bytes)
Hash
dad878a3822383806b23c1d86fb37970
ac3c4e1ff18d2dee7cb033797dfdebfc26ef1681
a5f9f5ec164b32ff5a7968f53a256c0a14e6fd080f82558ab8f99cca8c4d3734

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=2c0360ed33b0b4736859081c701f9a91 HTTP/1.1
Host: interbasevideopregnant.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 23:11:54 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://ds2play.com
Access-Control-Allow-Origin: https://ds2play.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=19079684; expires=Tue, 05 Dec 2023 23:11:54 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 05 Dec 2023 23:11:54 GMT; secure; SameSite=None
uncs=1; expires=Tue, 05 Dec 2023 23:11:54 GMT; secure; SameSite=None
pdhtkv29=true; expires=Tue, 05 Dec 2023 23:11:54 GMT; secure; SameSite=None
uncs29=1; expires=Tue, 05 Dec 2023 23:11:54 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 75ff9e8f7c2b1c19e1c48d18c7f5cafa
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET interbasevideopregnant.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3s3v9BNh1YsHYVAWVpBJ9fzJzLjIsnGNBGMSd1dy8VJdVT0pU13VVnVPT3IKLsieZMSLeup8k2xQF3WvgiATLyEgOB4kB3P3LOxZZjIw%2BqDqva%2B%2Bd%2Fi%2B9%2BqTg%2FyChMjZ%2Bea7dk9pzRabVVq5saWMsIWvrN%2BvhLRKb1a2lFlq3Kz0J5frvR7SZpW%2BWnlb8h27WKMhpSENKyvKydj2F6csVPq4E1Y7tNqoVcNmA333X%2BzzAJ4FEL0L8hyUGP9v%2B%2FQJFB%2FBJD%2FckX4ns%2BlrbyW5Zpl16Inj982OsYVBMi9jFyA2x7NuWD8m5IsrsOZ45gC2dzhxgEiNSfBHiMgcz2Qi6h1dKo00pEEk%2Fo%2BiN4LUIyg2ArcPoMRvBOAC6xswyaN16wq2e8myCTsmC0%2F%2FhirGZOHPF2CS75a16lfuWZ1nyhqPflxC9UdQ3RHS%2FATZXgBVnIBnH0OJX8ni0zWY5HDDawslyql7pUZQ8QhaDsB8gHxyVIA8DpCnARJxXmHNTkxpK47ier3d4JzX65w320uiKeqNdkyR84m8AbJ0AK4H4G4fqdvHjhrA5T%2FDb5fwIoDPxiR4bx89UaKQBIUnKBhBoQiKjKDolUdC%2B5ovHwnt8yic5dos18uhzboH7MhmXWkImBscpBfk2mQ2wSsvL2BHnldqnNaXqBT1ekSjRqu%2B1G52aDvkLRrGHdYJ4VUJ5a9M7e6pMbn%2B0S2kakyeOb2GiJ3A6xNwdR0sfwmsGLZqFGx72GhT7JnvQ2Gt8JmTLKlym0DYEmm2gGw3ONAX5MXpmlarb0Dys1unX07iK3BXInUlPlS%2FEHT1w%2BFdW5DDu7bw5MlGmqlE7bHJCu9lLJNXv3lH7hbWidU7fvD1bT4hJuXj%2B9Jna8wIZbqefLushJBuxTouyU%2BrfktGm7nfXs6dydO1zTdXVpPUSe%2BVNSMwNSbk07%2FA1Zg8%2B%2Fzn0%2B954%2Bg2lBvB5SWS%2FIzMAsqOwNN9%2BHSu31sCp%2Bc9URqgyMuhq0XzR60ItJxjFpXw%2F8LRvD7wD9F1AVj2ACYp0XMleroE0wP4%2FOowS93Zrd%2Fr00Ckg2GkXXAYaac%2FuxyuV%2BcV2YxpLGlNRnEniluMik7c6ESsE8pW1GQhMj%2BW5oMf%2FwEAAP%2F%2FAQAA%2F%2F8hVsK5dgQAAA%3D%3D

173.233.137.52

200 OK

7 B

URL GET HTTP/1.1
interbasevideopregnant.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3s3v9BNh1YsHYVAWVpBJ9fzJzLjIsnGNBGMSd1dy8VJdVT0pU13VVnVPT3IKLsieZMSLeup8k2xQF3WvgiATLyEgOB4kB3P3LOxZZjIw%2BqDqva%2B%2Bd%2Fi%2B9%2BqTg%2FyChMjZ%2Bea7dk9pzRabVVq5saWMsIWvrN%2BvhLRKb1a2lFlq3Kz0J5frvR7SZpW%2BWnlb8h27WKMhpSENKyvKydj2F6csVPq4E1Y7tNqoVcNmA333X%2BzzAJ4FEL0L8hyUGP9v%2B%2FQJFB%2FBJD%2FckX4ns%2BlrbyW5Zpl16Inj982OsYVBMi9jFyA2x7NuWD8m5IsrsOZ45gC2dzhxgEiNSfBHiMgcz2Qi6h1dKo00pEEk%2Fo%2BiN4LUIyg2ArcPoMRvBOAC6xswyaN16wq2e8myCTsmC0%2F%2FhirGZOHPF2CS75a16lfuWZ1nyhqPflxC9UdQ3RHS%2FATZXgBVnIBnH0OJX8ni0zWY5HDDawslyql7pUZQ8QhaDsB8gHxyVIA8DpCnARJxXmHNTkxpK47ier3d4JzX65w320uiKeqNdkyR84m8AbJ0AK4H4G4fqdvHjhrA5T%2FDb5fwIoDPxiR4bx89UaKQBIUnKBhBoQiKjKDolUdC%2B5ovHwnt8yic5dos18uhzboH7MhmXWkImBscpBfk2mQ2wSsvL2BHnldqnNaXqBT1ekSjRqu%2B1G52aDvkLRrGHdYJ4VUJ5a9M7e6pMbn%2B0S2kakyeOb2GiJ3A6xNwdR0sfwmsGLZqFGx72GhT7JnvQ2Gt8JmTLKlym0DYEmm2gGw3ONAX5MXpmlarb0Dys1unX07iK3BXInUlPlS%2FEHT1w%2BFdW5DDu7bw5MlGmqlE7bHJCu9lLJNXv3lH7hbWidU7fvD1bT4hJuXj%2B9Jna8wIZbqefLushJBuxTouyU%2BrfktGm7nfXs6dydO1zTdXVpPUSe%2BVNSMwNSbk07%2FA1Zg8%2B%2Fzn0%2B954%2Bg2lBvB5SWS%2FIzMAsqOwNN9%2BHSu31sCp%2Bc9URqgyMuhq0XzR60ItJxjFpXw%2F8LRvD7wD9F1AVj2ACYp0XMleroE0wP4%2FOowS93Zrd%2Fr00Ckg2GkXXAYaac%2FuxyuV%2BcV2YxpLGlNRnEniluMik7c6ESsE8pW1GQhMj%2BW5oMf%2FwEAAP%2F%2FAQAA%2F%2F8hVsK5dgQAAA%3D%3D
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://ds2play.com/d/
Certificate
IssuerLet's Encrypt
Subjectinterbasevideopregnant.com
Fingerprint05:CE:54:0F:E3:69:0F:FA:81:8B:E1:49:7E:A8:C7:B9:AD:FA:67:8F
ValidityTue, 28 Nov 2023 10:51:51 GMT - Mon, 26 Feb 2024 10:51:50 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3s3v9BNh1YsHYVAWVpBJ9fzJzLjIsnGNBGMSd1dy8VJdVT0pU13VVnVPT3IKLsieZMSLeup8k2xQF3WvgiATLyEgOB4kB3P3LOxZZjIw%2BqDqva%2B%2Bd%2Fi%2B9%2BqTg%2FyChMjZ%2Bea7dk9pzRabVVq5saWMsIWvrN%2BvhLRKb1a2lFlq3Kz0J5frvR7SZpW%2BWnlb8h27WKMhpSENKyvKydj2F6csVPq4E1Y7tNqoVcNmA333X%2BzzAJ4FEL0L8hyUGP9v%2B%2FQJFB%2FBJD%2FckX4ns%2BlrbyW5Zpl16Inj982OsYVBMi9jFyA2x7NuWD8m5IsrsOZ45gC2dzhxgEiNSfBHiMgcz2Qi6h1dKo00pEEk%2Fo%2BiN4LUIyg2ArcPoMRvBOAC6xswyaN16wq2e8myCTsmC0%2F%2FhirGZOHPF2CS75a16lfuWZ1nyhqPflxC9UdQ3RHS%2FATZXgBVnIBnH0OJX8ni0zWY5HDDawslyql7pUZQ8QhaDsB8gHxyVIA8DpCnARJxXmHNTkxpK47ier3d4JzX65w320uiKeqNdkyR84m8AbJ0AK4H4G4fqdvHjhrA5T%2FDb5fwIoDPxiR4bx89UaKQBIUnKBhBoQiKjKDolUdC%2B5ovHwnt8yic5dos18uhzboH7MhmXWkImBscpBfk2mQ2wSsvL2BHnldqnNaXqBT1ekSjRqu%2B1G52aDvkLRrGHdYJ4VUJ5a9M7e6pMbn%2B0S2kakyeOb2GiJ3A6xNwdR0sfwmsGLZqFGx72GhT7JnvQ2Gt8JmTLKlym0DYEmm2gGw3ONAX5MXpmlarb0Dys1unX07iK3BXInUlPlS%2FEHT1w%2BFdW5DDu7bw5MlGmqlE7bHJCu9lLJNXv3lH7hbWidU7fvD1bT4hJuXj%2B9Jna8wIZbqefLushJBuxTouyU%2BrfktGm7nfXs6dydO1zTdXVpPUSe%2BVNSMwNSbk07%2FA1Zg8%2B%2Fzn0%2B954%2Bg2lBvB5SWS%2FIzMAsqOwNN9%2BHSu31sCp%2Bc9URqgyMuhq0XzR60ItJxjFpXw%2F8LRvD7wD9F1AVj2ACYp0XMleroE0wP4%2FOowS93Zrd%2Fr00Ckg2GkXXAYaac%2FuxyuV%2BcV2YxpLGlNRnEniluMik7c6ESsE8pW1GQhMj%2BW5oMf%2FwEAAP%2F%2FAQAA%2F%2F8hVsK5dgQAAA%3D%3D HTTP/1.1
Host: interbasevideopregnant.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Cookie: u_pl=19079684; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 23:11:54 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d61f2caca6fe4b09cb2cc4e5fb9d7caa
Strict-Transport-Security: max-age=0; includeSubdomains

GET pogothere.xyz/asd100.bin

172.64.110.13

200 OK

103 kB

URL GET HTTP/2
pogothere.xyz/asd100.bin
IP
172.64.110.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
data
Size
103 kB (102938 bytes)
Hash
62e6da19507b6f5089020a7b01474946
ad3ec1bf9d978908689b6183c656fc6e8ba16329
f37c99010648b4ec06827a49c144d79a81eefdff414ae0e7a50119d2e33bb487

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:53 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://ds2play.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4676
last-modified: Mon, 04 Dec 2023 21:53:57 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f8xTzFXXXcSYfcsWkOhyFo1XWKwQnQbPVTMNYQMY%2BxaiKm77kNttacbjdqVR7Hs7ftgX2w%2F2U9BiCUhePVUGnl5Y7TFXJFZXBD4vmVr8zvXiE0oDZg4zKA%2FHCyXPy6Mo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb26a98752e2-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET getbestpolojpob.org/multi?cs=N2tuWWIGUl9rUQdaWWhTBFNWYVY&abt=0&red=1&sm=76&k=&v=1.0.60.3&sts=0&prn=0&emb=0&tid=901258&rxy=1280_1024&u=1962401213087510&agec=1701731513&fs=1&mbkb=105.15247108307045&ref=https%3A%2F%2Fds2play.com%2Fd%2F&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_frlR=1701731520002&crc=1

65.9.55.109

200 OK

1.5 kB

URL GET HTTP/2
getbestpolojpob.org/multi?cs=N2tuWWIGUl9rUQdaWWhTBFNWYVY&abt=0&red=1&sm=76&k=&v=1.0.60.3&sts=0&prn=0&emb=0&tid=901258&rxy=1280_1024&u=1962401213087510&agec=1701731513&fs=1&mbkb=105.15247108307045&ref=https%3A%2F%2Fds2play.com%2Fd%2F&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_frlR=1701731520002&crc=1
IP
65.9.55.109:443
ASN
#16509 AMAZON-02

Requested by
https://ds2play.com/d/
Certificate
IssuerAmazon
Subjectgetbestpolojpob.org
FingerprintBD:F6:95:89:F9:7E:C8:03:91:9C:73:E7:C5:4C:5B:31:83:EF:77:ED
ValidityWed, 29 Nov 2023 00:00:00 GMT - Fri, 27 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3259), with no line terminators
Size
1.5 kB (1533 bytes)
Hash
e80593b216833a7e9bf6ba1ea9f2b845
fc7a003c4062636d6bc58d51ac379f2ed527f7ab
b3684c273b71dec3fe0148c2ca4f8f9c86656685d366050e294251a2dd191077

HTTP Headers

GET /multi?cs=N2tuWWIGUl9rUQdaWWhTBFNWYVY&abt=0&red=1&sm=76&k=&v=1.0.60.3&sts=0&prn=0&emb=0&tid=901258&rxy=1280_1024&u=1962401213087510&agec=1701731513&fs=1&mbkb=105.15247108307045&ref=https%3A%2F%2Fds2play.com%2Fd%2F&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_frlR=1701731520002&crc=1 HTTP/1.1
Host: getbestpolojpob.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/plain
content-length: 1533
date: Mon, 04 Dec 2023 23:11:54 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://ds2play.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=21e8c47f-115c-46bb-b61e-2459e4dc51c1
csu=1962401213087510
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 0dbf67e262a6295e9e8f6570f9aae7e0.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: Xc5kaaAVC70NDAsvOoLVjBVRLiw12uNu0Yfni3aELSY8uaVGiOabog==
X-Firefox-Spdy: h2

GET pogothere.xyz/asd100.bin

172.64.110.13

200 OK

109 kB

URL GET HTTP/2
pogothere.xyz/asd100.bin
IP
172.64.110.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
data
Size
109 kB (108960 bytes)
Hash
2393330d6f343512474ca2d566943ee7
56b3760b0550d56474c494a0b373f2061d6e61f2
e79c50c571d016ca2cd27e83ea72896d8652a71b42e1ac43c7d580a1864ee566

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:53 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://ds2play.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4676
last-modified: Mon, 04 Dec 2023 21:53:57 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gDo8j7wy32hMqUZe96GIJzLFwHru9s6rGTMA2lELdHjs9byyoa5dLQm7%2Fwr9wZLPxj8uxBkAigE7hhKtoEHj5a5o1N64PFuE2gcUHSDwTNnKRS8CrgrpuZh6ijnIUHhx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb26a98652e2-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

POST ds2play.com/cdn-cgi/challenge-platform/h/b/jsd/r/8307bb181971b518

172.67.70.18

200 OK

1.1 kB

URL POST HTTP/3
ds2play.com/cdn-cgi/challenge-platform/h/b/jsd/r/8307bb181971b518
IP
172.67.70.18:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerGoogle Trust Services LLC
Subjectds2play.com
Fingerprint01:70:30:C0:4B:E8:2F:96:93:F4:0F:7C:31:5C:D0:AE:09:D6:0F:AC
ValidityThu, 30 Nov 2023 11:08:38 GMT - Wed, 28 Feb 2024 11:08:37 GMT

File type
data
Size
1.1 kB (1139 bytes)
Hash
bfbabd2f1a9bd2041049e160d3f93715
be67abe2dd0ae427c13b2923bd70ecaa141e9b28
cb3210950fbaec704ed967f35a2e168e4a397b95ff22c8b76bf067e226e3489a

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/8307bb181971b518 HTTP/1.1
Host: ds2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12167
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/d/
Cookie: lang=1; ppu_show_on_06e2eefbde702208a7324b7b8f526df8=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 23:11:53 GMT
content-type: text/plain; charset=UTF-8
set-cookie: cf_clearance=EqD9AGsO0SLy13sYSayeFtewJJKWHwVxPji3GpFNV7A-1701731513-0-1-730ca2d2.73a07051.5b213570-0.2.1701731513; path=/; expires=Tue, 03-Dec-24 23:11:53 GMT; domain=.ds2play.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vR54PGYqRmTakCJaAFprfs3qim8wVAY2J2IHhfjHXRzP%2FIOZt%2BrAwhvQw%2FthKyKWkUjoTpXD6EIFsNFFiaFUHom0OMKZ%2BPO8fgNrzJAEnOVt%2FW5RXBOvIxXGr1cd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307bb260cefb505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/img/arrow.png

172.64.109.10

200 OK

2.3 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/img/arrow.png
IP
172.64.109.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
PNG image data, 52 x 81, 8-bit/color RGBA, non-interlaced\012- data
Size
2.3 kB (2332 bytes)
Hash
41109abf05740798aa2e66a3e938c8de
706e93332bf4819e9f4059765340cf97981bd1fe
2fbf669490df5b04badb9886ca664dbd9a0d66e0ecdc951b822feb6089fac0ea

HTTP Headers

GET /sb/ssp/notifications/text_bubble/2/img/arrow.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:54 GMT
content-type: image/png
content-length: 2332
last-modified: Tue, 12 Jul 2022 10:56:23 GMT
etag: "62cd5357-91c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 497986
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NW4w8NpPqWpJfUHJ2%2Bpp3EV8sb8eltWHoq4j1lOWGTF39ALJ16F09I2INXalWrXCLYsIhjcYAQKn1a2FDf%2BceCqkIQr3PcoOEc0qKUZCQKX%2B7wz50WtALFCcTXO41g8%2BsKCKnvBbwVej"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb308e7548ce-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cdn.cloudimagesb.com/si/fa/41/e4/fa41e4558b816ed7e0ab0552953b2d07/1690854338.png

45.133.44.10

200 OK

67 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/fa/41/e4/fa41e4558b816ed7e0ab0552953b2d07/1690854338.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ds2play.com/d/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
67 kB (67165 bytes)
Hash
674efc7161b89ce659afd5b0643930e1
ace5e7c836afc552f82908e8c646c74c66351a6a
7f44e25525d576448d70619c900546bf13f2439c2006808a058bc68c71c35406

HTTP Headers

GET /si/fa/41/e4/fa41e4558b816ed7e0ab0552953b2d07/1690854338.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:55 GMT
content-type: image/png
content-length: 67165
server: nginx/1.21.6
last-modified: Tue, 01 Aug 2023 01:45:47 GMT
etag: "64c863cb-1065d"
expires: Wed, 06 Dec 2023 23:11:55 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET unseenreport.com/pxf.gif?uuid=5ff712f9-bcc7-4efb-90d9-8ee068ff9fa4&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=06e2eefbde702208a7324b7b8f526df8&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23

192.243.59.20

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=5ff712f9-bcc7-4efb-90d9-8ee068ff9fa4&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=06e2eefbde702208a7324b7b8f526df8&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ds2play.com/d/
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint79:45:7F:58:D5:82:45:0A:7D:1E:FF:7A:98:05:26:E9:D6:FE:91:14
ValidityWed, 22 Nov 2023 07:56:28 GMT - Tue, 20 Feb 2024 07:56:27 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=5ff712f9-bcc7-4efb-90d9-8ee068ff9fa4&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=06e2eefbde702208a7324b7b8f526df8&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 04 Dec 2023 23:11:55 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 096a221259c4de5e46a525d8c870b190
Strict-Transport-Security: max-age=0; includeSubdomains

GET unseenreport.com/pxf.gif?uuid=5ff712f9-bcc7-4efb-90d9-8ee068ff9fa4&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=2c0360ed33b0b4736859081c701f9a91&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23

192.243.59.20

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=5ff712f9-bcc7-4efb-90d9-8ee068ff9fa4&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=2c0360ed33b0b4736859081c701f9a91&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ds2play.com/d/
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint79:45:7F:58:D5:82:45:0A:7D:1E:FF:7A:98:05:26:E9:D6:FE:91:14
ValidityWed, 22 Nov 2023 07:56:28 GMT - Tue, 20 Feb 2024 07:56:27 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=5ff712f9-bcc7-4efb-90d9-8ee068ff9fa4&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=2c0360ed33b0b4736859081c701f9a91&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 04 Dec 2023 23:11:55 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 73ed9a5e1e943a356accbb401e0e4108
Strict-Transport-Security: max-age=0; includeSubdomains

GET accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1KnTJmGjoiXOULI8wG_j3lWOV9tQdcXlcdFri9v4cuiEjtHHyyY6QXbYIxuJONRuKyI04J0g&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-519995528%3A1701731513368123&theme=glif

173.194.73.84

403 Forbidden

17 kB

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1KnTJmGjoiXOULI8wG_j3lWOV9tQdcXlcdFri9v4cuiEjtHHyyY6QXbYIxuJONRuKyI04J0g&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-519995528%3A1701731513368123&theme=glif
IP
173.194.73.84:443
ASN
#15169 GOOGLE

Requested by
https://ds2play.com/d/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type
gzip compressed data, max compression\012- data
Size
17 kB (16551 bytes)
Hash
43d865efeae81cab7fa00545c82f29c8
99b714fcb09ba7c09935f119aab9422adbff7283
89987b83f1a4967f9b6d0cd502839415c269d7bf6a0f64c266ebcb0f4ae1dd52

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1KnTJmGjoiXOULI8wG_j3lWOV9tQdcXlcdFri9v4cuiEjtHHyyY6QXbYIxuJONRuKyI04J0g&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-519995528%3A1701731513368123&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 04 Dec 2023 23:11:53 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-7HwndyfOfVQHNU-eI3R1ew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET interbasevideopregnant.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRReu3s1%2F%2BkVY9eJBGJSFFWRSPT2TmXGRZeMaCcYk7q7k4qW6qmZSprqqreqenuQUXJA9yYgX9dT5JtmgLupeBUEmXkJAcDxIDubuWdizzGRg9EHVe1997%2FB979UnB%2FkFCZGz88137Z7Smi02qrRyY0sZYQtfWb9fCWmV3qxsKbNUv1npTy7Xez2kjSp9tfK25Dt2sUZDSkMaVlaUkx3bX5yyUOnjdlht02q9Vg0bdfTdf7HPA3gWQPQuyHNQYvy%2F7dMnUHwEk%2FxwR%2FqdzKavvZXkmmXWoSeO3zc7xhYGybzsuAAdczzrhvVjQr64AmuOZw5ge4cTB4jVmAR%2FhIjN8Uwm4t7RpdJYQxrE4v8oeiNIPYJiI3D7AEr8RgAusL4Bkzxat65gu5csm7BjsvD0b6hiTBb%2BfAEm%2BW5Zq37lntV5pqzx6HdKqP4IqjtCmp8g2wugihPw7GMo8StZfLoGkxxueG2hRDl1r9QIqjOClgMwHyCfHBUg7wTI0wCJOK%2BwRrtDabMTd6KoVeecRxHnjdaSaIio3upQ5Hwib4AsHYDrAbjbR%2Br2saMGcPnP8NslvAjgszEJ3ttHT5QoJEHhCQpGUCiCIiMoeuWR0L7my0dC%2BzwOZ7k2y1E5tFn3gB3ZrCsNAXODg%2FSCXJvMJnjl5QXsyPNKjdNoiUoRRTGN681oqdVo01bImzTstFk7hFcllL8ytbunxuT6R7eQqjF55vQaYnYCr0%2FA1XWw%2FCWwYtisUbDtYb1FsWe%2BD4W1wmdOsqTKbQJhS6TZArLd4EBfkBena1qtvgHJz26dfjmJr8BdidSV%2BFD9QtDVD4d3bUEO79rCkycbaaYStccmK7yXsUxe%2FeYduVtYJ1bv%2BMHXt%2FmEmJSP70ufrTEjlOl68u2yEkK6Feu4JD%2Bt%2Bi0Zb%2BZ%2Bezl3Jk%2FXNt9cWU1SJ71X1ozA1JiQT%2F8CV2Py7POfT7%2FnjaPbUG4El5dI8jMyCyg7Ak%2F34dO5fm8JnJ73xGmAIi%2BHrhbPH7Ui0HKOWVzC%2FwvH8%2FrAP0TXBWDZA5ikRM%2BV6OkSTA%2Fg86vDLHVnt36PpoFYB8NYu%2BAw1k5%2Fdjlcr84rjbAuW3GryYWIJRdhsxa1IkprQtSbbRm2kfmxNB%2F8%2BA8AAAD%2F%2FwEAAP%2F%2FNV5MX3YEAAA%3D

173.233.137.52

200 OK

7 B

URL GET HTTP/1.1
interbasevideopregnant.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRReu3s1%2F%2BkVY9eJBGJSFFWRSPT2TmXGRZeMaCcYk7q7k4qW6qmZSprqqreqenuQUXJA9yYgX9dT5JtmgLupeBUEmXkJAcDxIDubuWdizzGRg9EHVe1997%2FB979UnB%2FkFCZGz88137Z7Smi02qrRyY0sZYQtfWb9fCWmV3qxsKbNUv1npTy7Xez2kjSp9tfK25Dt2sUZDSkMaVlaUkx3bX5yyUOnjdlht02q9Vg0bdfTdf7HPA3gWQPQuyHNQYvy%2F7dMnUHwEk%2FxwR%2FqdzKavvZXkmmXWoSeO3zc7xhYGybzsuAAdczzrhvVjQr64AmuOZw5ge4cTB4jVmAR%2FhIjN8Uwm4t7RpdJYQxrE4v8oeiNIPYJiI3D7AEr8RgAusL4Bkzxat65gu5csm7BjsvD0b6hiTBb%2BfAEm%2BW5Zq37lntV5pqzx6HdKqP4IqjtCmp8g2wugihPw7GMo8StZfLoGkxxueG2hRDl1r9QIqjOClgMwHyCfHBUg7wTI0wCJOK%2BwRrtDabMTd6KoVeecRxHnjdaSaIio3upQ5Hwib4AsHYDrAbjbR%2Br2saMGcPnP8NslvAjgszEJ3ttHT5QoJEHhCQpGUCiCIiMoeuWR0L7my0dC%2BzwOZ7k2y1E5tFn3gB3ZrCsNAXODg%2FSCXJvMJnjl5QXsyPNKjdNoiUoRRTGN681oqdVo01bImzTstFk7hFcllL8ytbunxuT6R7eQqjF55vQaYnYCr0%2FA1XWw%2FCWwYtisUbDtYb1FsWe%2BD4W1wmdOsqTKbQJhS6TZArLd4EBfkBena1qtvgHJz26dfjmJr8BdidSV%2BFD9QtDVD4d3bUEO79rCkycbaaYStccmK7yXsUxe%2FeYduVtYJ1bv%2BMHXt%2FmEmJSP70ufrTEjlOl68u2yEkK6Feu4JD%2Bt%2Bi0Zb%2BZ%2Bezl3Jk%2FXNt9cWU1SJ71X1ozA1JiQT%2F8CV2Py7POfT7%2FnjaPbUG4El5dI8jMyCyg7Ak%2F34dO5fm8JnJ73xGmAIi%2BHrhbPH7Ui0HKOWVzC%2FwvH8%2FrAP0TXBWDZA5ikRM%2BV6OkSTA%2Fg86vDLHVnt36PpoFYB8NYu%2BAw1k5%2Fdjlcr84rjbAuW3GryYWIJRdhsxa1IkprQtSbbRm2kfmxNB%2F8%2BA8AAAD%2F%2FwEAAP%2F%2FNV5MX3YEAAA%3D
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://ds2play.com/d/
Certificate
IssuerLet's Encrypt
Subjectinterbasevideopregnant.com
Fingerprint05:CE:54:0F:E3:69:0F:FA:81:8B:E1:49:7E:A8:C7:B9:AD:FA:67:8F
ValidityTue, 28 Nov 2023 10:51:51 GMT - Mon, 26 Feb 2024 10:51:50 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRReu3s1%2F%2BkVY9eJBGJSFFWRSPT2TmXGRZeMaCcYk7q7k4qW6qmZSprqqreqenuQUXJA9yYgX9dT5JtmgLupeBUEmXkJAcDxIDubuWdizzGRg9EHVe1997%2FB979UnB%2FkFCZGz88137Z7Smi02qrRyY0sZYQtfWb9fCWmV3qxsKbNUv1npTy7Xez2kjSp9tfK25Dt2sUZDSkMaVlaUkx3bX5yyUOnjdlht02q9Vg0bdfTdf7HPA3gWQPQuyHNQYvy%2F7dMnUHwEk%2FxwR%2FqdzKavvZXkmmXWoSeO3zc7xhYGybzsuAAdczzrhvVjQr64AmuOZw5ge4cTB4jVmAR%2FhIjN8Uwm4t7RpdJYQxrE4v8oeiNIPYJiI3D7AEr8RgAusL4Bkzxat65gu5csm7BjsvD0b6hiTBb%2BfAEm%2BW5Zq37lntV5pqzx6HdKqP4IqjtCmp8g2wugihPw7GMo8StZfLoGkxxueG2hRDl1r9QIqjOClgMwHyCfHBUg7wTI0wCJOK%2BwRrtDabMTd6KoVeecRxHnjdaSaIio3upQ5Hwib4AsHYDrAbjbR%2Br2saMGcPnP8NslvAjgszEJ3ttHT5QoJEHhCQpGUCiCIiMoeuWR0L7my0dC%2BzwOZ7k2y1E5tFn3gB3ZrCsNAXODg%2FSCXJvMJnjl5QXsyPNKjdNoiUoRRTGN681oqdVo01bImzTstFk7hFcllL8ytbunxuT6R7eQqjF55vQaYnYCr0%2FA1XWw%2FCWwYtisUbDtYb1FsWe%2BD4W1wmdOsqTKbQJhS6TZArLd4EBfkBena1qtvgHJz26dfjmJr8BdidSV%2BFD9QtDVD4d3bUEO79rCkycbaaYStccmK7yXsUxe%2FeYduVtYJ1bv%2BMHXt%2FmEmJSP70ufrTEjlOl68u2yEkK6Feu4JD%2Bt%2Bi0Zb%2BZ%2Bezl3Jk%2FXNt9cWU1SJ71X1ozA1JiQT%2F8CV2Py7POfT7%2FnjaPbUG4El5dI8jMyCyg7Ak%2F34dO5fm8JnJ73xGmAIi%2BHrhbPH7Ui0HKOWVzC%2FwvH8%2FrAP0TXBWDZA5ikRM%2BV6OkSTA%2Fg86vDLHVnt36PpoFYB8NYu%2BAw1k5%2Fdjlcr84rjbAuW3GryYWIJRdhsxa1IkprQtSbbRm2kfmxNB%2F8%2BA8AAAD%2F%2FwEAAP%2F%2FNV5MX3YEAAA%3D HTTP/1.1
Host: interbasevideopregnant.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Cookie: u_pl=19079684; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 23:11:55 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d22542685d2a2e8fbea2a3d8b1a4b353
Strict-Transport-Security: max-age=0; includeSubdomains

GET interbasevideopregnant.com/pixel/sbs?c=1

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
interbasevideopregnant.com/pixel/sbs?c=1
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ds2play.com/d/
Certificate
IssuerLet's Encrypt
Subjectinterbasevideopregnant.com
Fingerprint05:CE:54:0F:E3:69:0F:FA:81:8B:E1:49:7E:A8:C7:B9:AD:FA:67:8F
ValidityTue, 28 Nov 2023 10:51:51 GMT - Mon, 26 Feb 2024 10:51:50 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: interbasevideopregnant.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Cookie: u_pl=19079684; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 23:11:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/css/style.css

172.64.109.10

200 OK

9.2 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/css/style.css
IP
172.64.109.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text, with very long lines (9771), with no line terminators
Size
9.2 kB (9193 bytes)
Hash
3bf44c419c27c2507bc1b009469c4482
b645016017cbba34b71497b76eb2a89ea7d54839
dca224015fb9353a013d68f8d9c8d5e028940fd9f0750e17b4dc66fb620dd64a

HTTP Headers

GET /sb/ssp/notifications/text_bubble/2/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:54 GMT
content-type: text/css
last-modified: Tue, 12 Jul 2022 11:09:04 GMT
etag: W/"62cd5650-23e9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 496645
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=07oSmbfuVe2e%2Fy%2FPe6eSrIaMPmytD5JhpjOcnJ%2Bj4MTwAPzJlYtz%2FgsN5lW000FIYqHAA3lDzuEFw57wL2eLrZeyvDkCNlTxQNbKzoXEhIHziLBJ3i7Bf5gmG1s0zS2T3ls2igTimQsL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb305e6b4089-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET ipmathematical.org/popunder.gif

172.67.146.16

200 OK

35 B

URL GET HTTP/3
ipmathematical.org/popunder.gif
IP
172.67.146.16:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerGoogle Trust Services LLC
Subjectipmathematical.org
FingerprintD2:34:74:D1:16:55:F8:EF:87:87:38:64:00:6A:AA:9B:4C:F4:F1:CF
ValidityWed, 29 Nov 2023 06:02:08 GMT - Tue, 27 Feb 2024 06:02:07 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /popunder.gif HTTP/1.1
Host: ipmathematical.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 23:11:53 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 77229
last-modified: Mon, 04 Dec 2023 01:44:44 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SF9YahOtoZw7H60cBxTkuoMOFGbcozuY5BAEjir0En0FU9Z7DxwvqjSkx%2B51LbSQLrMvqALBpgo6hG2MrSXvRZEgBe9uwnR%2BHvfSV2XmM%2FYzB%2FkflVFd8AAZjAbytxJ2GtjPEpI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb29fc01b527-OSL
alt-svc: h3=":443"; ma=86400

GET i.doodcdn.co/theme_2/css/bootstrap.min.css

172.67.70.190

200 OK

160 kB

URL GET HTTP/2
i.doodcdn.co/theme_2/css/bootstrap.min.css
IP
172.67.70.190:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65324)
Size
160 kB (159515 bytes)
Hash
7cc40c199d128af6b01e74a28c5900b0
d305110fb79113a961394b433d851a3410342b8c
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6

HTTP Headers

GET /theme_2/css/bootstrap.min.css HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:51 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
cache-control: public, max-age=2592000
expires: Tue, 03 Dec 2024 05:27:25 GMT
vary: Accept-Encoding,User-Agent
access-control-allow-origin: *
cf-cache-status: HIT
age: 63070
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1NRrHCVHFvq%2F0XOX80Iq2OYoYGhLsOkIX2DV45wd6I7rfjRrDhmQ6XcxP9OVQ88QvUjXukSmCwsPxr%2Bj4KixuaqU%2FSCDw884XLR%2FEd5tZq1tcIa7IcWLhoCP8RMgag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307bb1ccd06b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET i.doodcdn.co/theme_2/fonts/avertastd-regular-webfont.woff2

172.67.70.190

200 OK

24 kB

URL GET HTTP/3
i.doodcdn.co/theme_2/fonts/avertastd-regular-webfont.woff2
IP
172.67.70.190:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23812, version 1.524\012- data
Size
24 kB (23812 bytes)
Hash
eb586e5a1b86dbf1c866e3ed80f9d18e
280ee78d19c017ab9335f769595e5157d3c4a343
714e70103deac0d67f52a6285c5fabee6088ce4d710ce7e74353503837038baf

HTTP Headers

GET /theme_2/fonts/avertastd-regular-webfont.woff2 HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://i.doodcdn.co/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 23:11:52 GMT
content-type: font/woff2
content-length: 23812
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
cache-control: max-age=2592000
expires: Tue, 02 Jan 2024 07:03:57 GMT
vary: User-Agent,Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 73129
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2O%2BHnuU97LCcDJSVlUKT%2BouZyz03GIQHvx70Knp6P8ZOrlFFMhYL%2BUIfzMZOWqGc9%2FfgfaCEd0wXwIPVxHaFm90ydaNxeHF4d%2FDfYkQbwJK18ucAaL4SVfCrToTOYw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307bb1efe25569d-OSL
alt-svc: h3=":443"; ma=86400

GET friendshipmale.com/sfp.js

172.64.172.31

200 OK

86 kB

URL GET HTTP/2
friendshipmale.com/sfp.js
IP
172.64.172.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type

Size
86 kB (85468 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:52 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 70683ea8abaea478ad7388b5f93cf96e
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Mon, 04 Dec 2023 23:11:52 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6%2FVxpNZBwEztMtVT6m30qsefTDkYzrgVaRDyrhHZdw0leg%2BimEC%2BdpOPuZHeGEBXkofc37C5mKRf2p7mojV9tFZ0tQHaLwozN7w7HcKrbyNN9tY6D51ivBy0G7LqCsk7Ty1q0hU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb22ca54414c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cdn.barscreative1.com/sb/au/29/79/b6/2979b6cd81afad6251e222515b2d8311/1663145782.html

45.133.44.4

200 OK

1.8 kB

URL GET HTTP/2
cdn.barscreative1.com/sb/au/29/79/b6/2979b6cd81afad6251e222515b2d8311/1663145782.html
IP
45.133.44.4:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ds2play.com/d/
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
Fingerprint55:06:B7:F1:EF:E9:55:FB:7C:8C:4F:5D:DB:05:C9:15:19:90:9B:2F
ValiditySat, 11 Nov 2023 03:00:51 GMT - Fri, 09 Feb 2024 03:00:50 GMT

File type
HTML document, ASCII text, with very long lines (1887), with no line terminators
Size
1.8 kB (1775 bytes)
Hash
ad060cdf961dc780713500620212dfd2
00dff11f954cb93349d081333ba22779b5380de1
5975e0efdf299d5ab9695c6be88a67b29bd4e044aadc6af993f5102a3eb894f4

HTTP Headers

GET /sb/au/29/79/b6/2979b6cd81afad6251e222515b2d8311/1663145782.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:54 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Wed, 14 Sep 2022 08:56:26 GMT
etag: W/"6321973a-6ef"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Tue, 05 Dec 2023 00:11:54 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

GET cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/js/script.js

172.64.109.10

200 OK

892 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/js/script.js
IP
172.64.109.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text, with very long lines (959), with no line terminators
Size
892 B (892 bytes)
Hash
9d441b1ef0d4f07226844f2a75309fe0
588ed7e74f0c215a09e72131be39b930479dccf9
5df48723b4f69d2ecdd0de387d4233bf720e3c0cac669645d8a5ca6cb31e9bf8

HTTP Headers

GET /sb/ssp/notifications/text_bubble/2/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:55 GMT
content-type: application/javascript
last-modified: Tue, 12 Jul 2022 10:56:18 GMT
etag: W/"62cd5352-37c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 315715
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vSV%2BupsJ%2BtR5bikdIy4LUndx8zrQ2xANqTzaPU9iOXYwWFUOV7dk5pk6Wbmho3iaLVunWteWIQNGDX%2BIWUzRVOlD4I8lYW%2FaeDvJTXf7ne2o6keqIowqzVxjHfO4l3PHPgO2SMjsikGH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb321fd44089-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/img/close.png

172.64.109.10

200 OK

6.0 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/img/close.png
IP
172.64.109.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Size
6.0 kB (5982 bytes)
Hash
c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd

HTTP Headers

GET /sb/ssp/notifications/text_bubble/2/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:54 GMT
content-type: image/png
content-length: 5982
last-modified: Tue, 12 Jul 2022 10:56:24 GMT
etag: "62cd5358-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 419613
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6juiT%2FSPoj20joxp7qHd4vmMsx%2B7I5RHGG%2FzIIImwedHIC96Eqe8GEUo06WVOeBvlybFdaS%2BnpDeFkeyCnVm0YoUWXj1pZEegOtB370z%2BsNHUXzng9TAStloTEvn7dL7RHZfbjVvIB39"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb308e7648ce-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET banquetunarmedgrater.com/advertisers.js

104.21.86.121

200 OK

0 B

URL GET HTTP/2
banquetunarmedgrater.com/advertisers.js
IP
104.21.86.121:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerGoogle Trust Services LLC
Subjectbanquetunarmedgrater.com
Fingerprint92:8E:AD:72:AC:AD:3B:21:99:CD:21:A0:9F:BD:F2:AF:0D:98:D8:57
ValidityThu, 09 Nov 2023 11:40:15 GMT - Wed, 07 Feb 2024 11:40:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:54 GMT
content-type: application/javascript
content-length: 0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=172800
x-request-id: cef19a76a142c1c45a1574e45278167a
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Mon, 04 Dec 2023 23:11:53 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VB83k0x4YcAn98PVlObefyIPWIwU533eRxdfUMnWMxjQ3vZUsTuwRkkEc7Dkonkonptv1u35ziQQAx2RnF4q1T8VpkTSMNS8EFBbeWTePOUpS4eVg6RR4MZwY86h5AvZ61LgVeSlYWBI9LQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb29f8d7b4fa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2OzE0s-rpmd2Ev3AvPYklThnxjrdH0hxBqWV2WwNRpOhC50mPfXqhadbi0DOqEK4gW5AOynw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-838037988%3A1701731513374880&theme=glif

173.194.73.84

403 Forbidden

0 B

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2OzE0s-rpmd2Ev3AvPYklThnxjrdH0hxBqWV2WwNRpOhC50mPfXqhadbi0DOqEK4gW5AOynw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-838037988%3A1701731513374880&theme=glif
IP
173.194.73.84:443
ASN
#15169 GOOGLE

Requested by
https://ds2play.com/d/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2OzE0s-rpmd2Ev3AvPYklThnxjrdH0hxBqWV2WwNRpOhC50mPfXqhadbi0DOqEK4gW5AOynw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-838037988%3A1701731513374880&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 04 Dec 2023 23:11:53 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-3TnqmmIAcW6TE1M6o7_Ptw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/css/animate.css

172.64.109.10

200 OK

79 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/css/animate.css
IP
172.64.109.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text
Size
79 kB (79249 bytes)
Hash
e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a

HTTP Headers

GET /sb/ssp/notifications/text_bubble/2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:54 GMT
content-type: text/css
last-modified: Tue, 12 Jul 2022 10:56:21 GMT
etag: W/"62cd5355-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 407058
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=86wVonqtWxVoxJ2OhqVcOT%2BhTvcD0p67W7VOFy%2Fk5TxJ%2F3Evfp4gn5luTjmIto6lOXGKuQO8l98STiXgCQQ4g0WMcaem6ts4sNl%2FLTTRffRM66uZ4nkQhXfSiQ1MwOQHlgio%2Bm6tu%2BNy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb306e6f4089-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://ds2play.com/d/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:57:34 GMT
expires: Fri, 29 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 411261
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET ds2play.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js

172.67.70.18

200 OK

7.4 kB

URL GET HTTP/3
ds2play.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
IP
172.67.70.18:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerGoogle Trust Services LLC
Subjectds2play.com
Fingerprint01:70:30:C0:4B:E8:2F:96:93:F4:0F:7C:31:5C:D0:AE:09:D6:0F:AC
ValidityThu, 30 Nov 2023 11:08:38 GMT - Wed, 28 Feb 2024 11:08:37 GMT

File type
ASCII text, with very long lines (7422), with no line terminators
Size
7.4 kB (7422 bytes)
Hash
6483b908cb544686cf08488574021ece
76cfdfa1e129bf6a5ac64c8e72e8a7bfc3d8e41b
3f2a1e2bb234af1dc5f6c40a840ccef01ad8d6338eed58d8ea6d0ab1e699c738

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js HTTP/1.1
Host: ds2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: lang=1; ppu_show_on_06e2eefbde702208a7324b7b8f526df8=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 23:11:52 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding
cache-control: max-age=14400, public
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qHfC8DkJZFdsL0EGA1CuZEv5OTcKEdO6tmKqbCQ7e131tt7RkEX8KGXyjtf5mfQtOY4ZyENhnDP5jmPcxqWWG480nuGjLrgpepOiOdb15L3evwx%2FN7QHo5gnmJZQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307bb22db29b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/img/number.png

172.64.109.10

200 OK

1.1 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/img/number.png
IP
172.64.109.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
PNG image data, 43 x 43, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 kB (1138 bytes)
Hash
9e4414e85c588bf7db195e49c02ab2bb
09254e79b255f1b2dfe45adbbe44583a4b433782
0b977ec6e7cf5d35df03cd3a8041f5f523f5d4059ac67c152c0a7b613e20b762

HTTP Headers

GET /sb/ssp/notifications/text_bubble/2/img/number.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:54 GMT
content-type: image/png
content-length: 1138
last-modified: Tue, 12 Jul 2022 10:56:23 GMT
etag: "62cd5357-472"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2049006
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iB0BDGCg%2BaDQD4xD40%2FixzHlRZ5JUM3B3dw%2B6DDLnthqT0KG4PNAI0FJqW1baAut7kwhIkdi3x7iNlARlzW7vaSV%2F0xsQNBablRJhUBODJe5jhILMw4sh4tCKLm3RsgDhBkFVKJgQRgJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb309e7848ce-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.42

200 OK

6.8 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://ds2play.com/d/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (7013), with no line terminators
Size
6.8 kB (6824 bytes)
Hash
49475c425d6c00477bb339179326c49b
bd97deeb753f44f43a21feafa92d98239fa511bd
598841a98ad357d2896d2f093ea3e4e1d44e24b3351268ffd45e61ff8c1d0e09

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 04 Dec 2023 23:11:54 GMT
date: Mon, 04 Dec 2023 23:11:54 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/js/jquery.min.js

172.64.109.10

200 OK

90 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/js/jquery.min.js
IP
172.64.109.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text, with very long lines (65451)
Size
90 kB (89492 bytes)
Hash
561acb3e541133bbdd2c0c19f8ee35a1
ffd1353cf3f77d25f801c84d8208613eb0d3d548
9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc

HTTP Headers

GET /sb/ssp/notifications/text_bubble/2/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:54 GMT
content-type: application/javascript
last-modified: Tue, 12 Jul 2022 10:56:19 GMT
etag: W/"62cd5353-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 418801
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OKf83rwu22DS1zgr4up8dYUfRATuLIdVmJMo7nvaPCc%2BsVQunNCmmTFkBg4HOpjYjgtpTLV8aTDGlIvb8pXKA1%2BDqYF4lGKw2X1%2BziO1doTU0e%2FtW0i1TWuavNje6WB%2B1WeqtaohzeZw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb308e7348ce-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET ds2play.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

172.67.70.18

302 Found

7.4 kB

URL GET HTTP/3
ds2play.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
172.67.70.18:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerGoogle Trust Services LLC
Subjectds2play.com
Fingerprint01:70:30:C0:4B:E8:2F:96:93:F4:0F:7C:31:5C:D0:AE:09:D6:0F:AC
ValidityThu, 30 Nov 2023 11:08:38 GMT - Wed, 28 Feb 2024 11:08:37 GMT

File type

Size
7.4 kB (7422 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: ds2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: lang=1; ppu_show_on_06e2eefbde702208a7324b7b8f526df8=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Mon, 04 Dec 2023 23:11:52 GMT
cache-control: max-age=300, public
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
vary: accept-encoding
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kB6uB4t94sk%2BUQvXKJY5wZBHfIb4XN9FMdBaCLGYSLQoUayvOsiyg426rza014YIwbqWs5TLESt6g4hiB%2BV3hWjLTDts3ITOTZgLXCSruBXF9OU6kKUK5sjEHKRh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307bb22bb18b505-OSL
alt-svc: h3=":443"; ma=86400

GET friendshipmale.com/sfp.js

172.64.172.31

200 OK

86 kB

URL GET HTTP/2
friendshipmale.com/sfp.js
IP
172.64.172.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/d/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type

Size
86 kB (85468 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:52 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: f4285d808fe749ffeee911b5b2588470
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Mon, 04 Dec 2023 23:11:52 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gx8XeDh5XFnCYhs76QrxTS3LzEcwyJ8R%2FIQumv9%2BK2GG3JSOEWnmuOqN8AoU7HduF6%2F%2FsHHbO6DHpYWcwXHtSlXEbL%2FUTotX%2Ba8vQDIPBvP70lYCAj5TXsNACMNQ3QWXRqbUVoQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb22ba38414c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash