cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
104.17.25.14200 OK 28 kB URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP 104.17.25.14:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (65451)
Hash 220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:51 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 660372
expires: Sat, 23 Nov 2024 23:11:51 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O7KqgIw7FIMO7nxzpyKyB9Iop%2FpHp%2B83qD63VUSVt%2BX%2B0qeVHmZqGGJFQAegra6x6yNBqzJoRuH3dDiOHUScj%2BN4ZKlL5qEHw23OFEM42CJCsh4h4Lg%2FIAu2%2FV0sxQ%2FgA6LrMZ0B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8307bb1bcbbfb518-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
i.doodcdn.co/img/no_video_3.svg
172.67.70.190200 OK 2.8 kB URL GET HTTP/2 i.doodcdn.co/img/no_video_3.svg
IP 172.67.70.190:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (2789)
Hash 077bfdaa49ae4877a42611b739ec4752
a2f9e1222b7af9abc05122411ab8902efcc08ead
70d6a17097a8c27edfaad6740e11359d9363f3f04bff1b93483e29c25609fa6c
GET /img/no_video_3.svg HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:51 GMT
content-type: image/svg+xml
content-length: 2812
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
etag: "61d3187c-afc"
expires: Wed, 03 Jan 2024 00:18:47 GMT
cache-control: public, max-age=2592000, no-transform
access-control-allow-origin: *
cf-cache-status: HIT
age: 63334
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K2KRizfuP%2FzLMLSsb8dpEbjN7m6ADNu17lt5f9ImyVALjtySgg7ContngCtgxOfVbbO88xCXXBj5J8tYaqKGMVsSbD3Hs6ADby82e2xfXlGU55%2B7fYEvFYLC%2BNDILw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb1ccd08b4ee-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
d1f05vr3sjsuy7.cloudfront.net/?srvfd=908056
54.230.241.212200 OK 97 kB URL GET HTTP/2 d1f05vr3sjsuy7.cloudfront.net/?srvfd=908056
IP 54.230.241.212:443
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (15945)
Hash b8af0553db4dd50a13664cebb8eab024
4a005b43d6d87221e59e225bc2c358a1fd5b7926
a47bf3ab4ce3d806e22350827b185ada9aa2179967788a8c1af6a415b8b7313f
GET /?srvfd=908056 HTTP/1.1
Host: d1f05vr3sjsuy7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 97249
date: Mon, 04 Dec 2023 22:30:27 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0oJYrTvBUUDKrXXgLjZzGaGjAete7G1Ghxg-w7H0SbBAT2BWZj0SPg==
age: 2484
X-Firefox-Spdy: h2
papmeatidigbo.com/gHzOaAdOhbZ/71405
172.255.6.58200 OK 26 B URL GET HTTP/1.1 papmeatidigbo.com/gHzOaAdOhbZ/71405
IP 172.255.6.58:443
Certificate IssuerLet's Encrypt
Subjectpapmeatidigbo.com
Fingerprint9F:26:AD:B7:6D:9C:CB:94:FC:07:D1:33:2D:1D:BA:1B:27:E9:4F:D1
ValiditySun, 22 Oct 2023 10:35:36 GMT - Sat, 20 Jan 2024 10:35:35 GMT
File type ASCII text, with no line terminators
Hash 4fc71bf68a1d477bd1523733e34d1e90
15119105cffbe108b6cf290146ab02c9aa8517ba
74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce
GET /gHzOaAdOhbZ/71405 HTTP/1.1
Host: papmeatidigbo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 04 Dec 2023 23:11:51 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ds2play.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWXVBJ%2BEAHqFVQXz0Za%2FgIyntH6wL7aZU0NtLTPRtMvlNJgiCqLpFuGYp4k9R414NvJGs5fKhfmRNUz8JRkPfvvTtc8MFa3Gll86LfiKf4LDMwvnOrwmOIxlyWnbSKipwt6u%2F5mzsZhKkvRNGFUjnXUwF8t7ZbSFXxUiMmAn5STsa7NcuxId1iDmr96zNnkOGyC5VXF4jf9NG7cvyiIizsswC3Fwm4Qfr5k6rLEQ6OqEI4SsOUngarftGrmg5e3sB7KS6f%2F97HG%2BcIVO0aklIrX8n9wNBjE5s; expires=Tue, 05-Dec-2023 23:11:51 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Tue, 05-Dec-2023 23:11:51 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
worstideatum.com/reA3n475k3U/70849
23.109.248.166200 OK 20 B URL GET HTTP/1.1 worstideatum.com/reA3n475k3U/70849
IP 23.109.248.166:443
Certificate IssuerLet's Encrypt
Subjectworstideatum.com
Fingerprint56:54:A5:6C:79:64:02:44:9A:17:E2:08:6E:8F:36:A8:14:F4:83:BE
ValidityWed, 27 Sep 2023 23:17:51 GMT - Tue, 26 Dec 2023 23:17:50 GMT
File type gzip compressed data, from Unix\012- data
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /reA3n475k3U/70849 HTTP/1.1
Host: worstideatum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 04 Dec 2023 23:11:51 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ds2play.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWXVBJ%2BEAHqFVQXz0Za%2FgIyntH6wL7aZU0NtLTPRtMvlNJgiCqLpFuGYp4k9R414NvJGs5fKhfmRNUz8JRkPfvvTtc8MFa3Gll86LfiKf4LDMwvnOrwmOIxlyWnbSKipwt6u%2F5mzsZhKkvRNGFUjnXUwF8t7ZbSFXxUiMmAn5STsa7NcuxId1iDmr96zNnkOGyC5VXF4jf9NG7cvyiIizsswC3Fwm4Qfr5k6rLEQ6OqEI4SsOUngarftGrmg5e3sB7KS6f%2F97HG%2BcIVO0aklIrX8n9wNBjE5s; expires=Tue, 05-Dec-2023 23:11:51 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Tue, 05-Dec-2023 23:11:51 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
i.doodcdn.co/theme_2/fonts/avertastd-black-webfont.woff2
172.67.70.190200 OK 23 kB URL GET HTTP/3 i.doodcdn.co/theme_2/fonts/avertastd-black-webfont.woff2
IP 172.67.70.190:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 22820, version 1.0\012- data
Hash 1e976387cb594982692bdbdffde86f91
9546836a7d80c17d85cdd37a9553852f00af031b
4dc982a61a00481f4c9545f9f2da64098428b4aec96838de3c194fa82373ce1d
GET /theme_2/fonts/avertastd-black-webfont.woff2 HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://i.doodcdn.co/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 04 Dec 2023 23:11:52 GMT
content-type: font/woff2
content-length: 22820
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
cache-control: max-age=2592000
expires: Tue, 02 Jan 2024 05:26:48 GMT
vary: User-Agent,Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 64819
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m%2F0vIiLx%2BZcfcGL6HFM1PNWLOk0MZiB%2FoSMiHIBtCJ93bCkl72TWervqI9Q9i4XL9noXtug2o%2B0BCncxpVrX3K51HuryCoC5x9a1TagUAGj3nz62%2B1QXdMdsW67tfw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307bb1efe23569d-OSL
alt-svc: h3=":443"; ma=86400
172.67.70.18200 OK 25 kB URL User Request GET HTTP/2 IP 172.67.70.18:443
Certificate IssuerGoogle Trust Services LLC
Subjectds2play.com
Fingerprint01:70:30:C0:4B:E8:2F:96:93:F4:0F:7C:31:5C:D0:AE:09:D6:0F:AC
ValidityThu, 30 Nov 2023 11:08:38 GMT - Wed, 28 Feb 2024 11:08:37 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2772), with no line terminators
Hash 5516902f310305064c7b2aaa099d9d61
ea7a5f53cfb40187ce4ba91d85da1f524e3c55ab
848e9bd7f22ebde1ff08dd059692ecdbf9b23c5ca2d43d946369b841be75cc20
GET /d/ HTTP/1.1
Host: ds2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 03 Dec 2023 23:11:51 GMT
set-cookie: lang=1; domain=.ds2play.com; path=/; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QyzqWU04zNSmUltar%2FrLZcO1u21AZnidfUK7Mt%2FVZ%2BOvkpU2sQujwHhYzOJN7DvrNS1YJRBVAQskceMLE%2FJg6BgzWnOl%2B2ehYujb5T3mpTn9L2rPj6oDdmLqaQ6x"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307bb181971b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
i.doodcdn.co/theme_2/css/style.css
172.67.70.190200 OK 38 kB URL GET HTTP/2 i.doodcdn.co/theme_2/css/style.css
IP 172.67.70.190:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT
File type ASCII text, with very long lines (65465)
Hash 6ff549c82309fe93cb6f38f8fcf60e49
c5621629b2a258c7fb572ab9d03517c7d60896fd
668326f298c9701a6422f5b7f229966fd87ae68940381a9c0c898197667a8c4c
GET /theme_2/css/style.css HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:51 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=249272
expires: Mon, 02 Dec 2024 05:00:39 GMT
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: HIT
age: 58813
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tKhWEarT%2B8Dh4Hy1%2BNT7KE09rtvi%2BcYvyusC%2FbE1Z58qMO9w3wtOQpBCpZYMOa6x%2FAsD39IvCXtQTk9md%2FVLbj0FLlC22%2Bkn3PlamW%2FWEADU6tHFxvyX8Kxm%2Fwl8zQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307bb1cdd10b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
forfeitsubscribe.com/06/e2/ee/06e2eefbde702208a7324b7b8f526df8.js
192.243.59.12200 OK 17 kB URL GET HTTP/1.1 forfeitsubscribe.com/06/e2/ee/06e2eefbde702208a7324b7b8f526df8.js
IP 192.243.59.12:443
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectforfeitsubscribe.com
Fingerprint82:B2:D8:34:F6:E3:2B:C7:7B:42:8E:0F:C8:FB:E1:E9:FC:49:04:1B
ValidityTue, 28 Nov 2023 06:52:30 GMT - Mon, 26 Feb 2024 06:52:29 GMT
File type ASCII text, with very long lines (40884), with no line terminators
Hash 045a8eef68bbaa8e82c555e6f4c63529
70f313d262cb1ecc74c27dbe4409a80cf67be47a
32061f0d64bd2de1c15075738a7a002470bcf7f605a55a4aaaa57e5dded5ca83
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /06/e2/ee/06e2eefbde702208a7324b7b8f526df8.js HTTP/1.1
Host: forfeitsubscribe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 04 Dec 2023 23:11:52 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 406baac00510415ad36ba18630af5133
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
forfeitsubscribe.com/2c/03/60/2c0360ed33b0b4736859081c701f9a91.js
192.243.59.12200 OK 14 kB URL GET HTTP/1.1 forfeitsubscribe.com/2c/03/60/2c0360ed33b0b4736859081c701f9a91.js
IP 192.243.59.12:443
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectforfeitsubscribe.com
Fingerprint82:B2:D8:34:F6:E3:2B:C7:7B:42:8E:0F:C8:FB:E1:E9:FC:49:04:1B
ValidityTue, 28 Nov 2023 06:52:30 GMT - Mon, 26 Feb 2024 06:52:29 GMT
File type ASCII text, with very long lines (37803), with no line terminators
Hash 0d622cf25483792c99cd3ada6a20caaa
f9c350879a5ddd9a74889e762f652ed17f98652f
96ff57070d4a6a48d7fcd102f3295907c2c43206c39fc4b5716ca37371d84564
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /2c/03/60/2c0360ed33b0b4736859081c701f9a91.js HTTP/1.1
Host: forfeitsubscribe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 04 Dec 2023 23:11:52 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f702db40ee6c5d2cbb48710a22a3d7e2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
proftrafficcounter.com/stats
18.184.210.76200 OK 40 B URL GET HTTP/2 proftrafficcounter.com/stats
IP 18.184.210.76:443
Certificate IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 35908cde64936e0a51641e3f15e02b60
a25c2455efe1ba98c39b909b456606442afc11f1
e3093e030774485642820b939a4d9e548a72095cb705180951026b7b491122fd
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:52 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://ds2play.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=0577b262-217f-4cd6-8ac2-9c22fa90980c:2:1; expires=Thu, 01 Dec 2033 23:11:52 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
proftrafficcounter.com/stats
18.184.210.76200 OK 40 B URL GET HTTP/2 proftrafficcounter.com/stats
IP 18.184.210.76:443
Certificate IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 285008692cba47b9f2867c898e22b44c
fd1dc4d2151d2451c6b38ed1ea0a974417772e2e
405e8ee8be5a04faafbf56e4098fafbcdf7640f02196f48a7908b7b11ce360e8
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:52 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://ds2play.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=5ff712f9-bcc7-4efb-90d9-8ee068ff9fa4:2:1; expires=Thu, 01 Dec 2033 23:11:52 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
ipmathematical.org/Q3VWSkRsSjU5eSEhNTAncRkPDiMFOQEMLwQ3AwQmGyQDDBUFNHA+LSdIb3p8c0BgbDQqEWt7YjABNz4xMEhnbC0tEzl3YjVIZ2R3d1tlfmpzUyN3dWUBJisjfkRwOjA3GWt7c3NEYXl1dkRueXF2
172.67.146.16204 No Content 0 B URL GET HTTP/2 ipmathematical.org/Q3VWSkRsSjU5eSEhNTAncRkPDiMFOQEMLwQ3AwQmGyQDDBUFNHA+LSdIb3p8c0BgbDQqEWt7YjABNz4xMEhnbC0tEzl3YjVIZ2R3d1tlfmpzUyN3dWUBJisjfkRwOjA3GWt7c3NEYXl1dkRueXF2
IP 172.67.146.16:443
Certificate IssuerGoogle Trust Services LLC
Subjectipmathematical.org
FingerprintD2:34:74:D1:16:55:F8:EF:87:87:38:64:00:6A:AA:9B:4C:F4:F1:CF
ValidityWed, 29 Nov 2023 06:02:08 GMT - Tue, 27 Feb 2024 06:02:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Q3VWSkRsSjU5eSEhNTAncRkPDiMFOQEMLwQ3AwQmGyQDDBUFNHA+LSdIb3p8c0BgbDQqEWt7YjABNz4xMEhnbC0tEzl3YjVIZ2R3d1tlfmpzUyN3dWUBJisjfkRwOjA3GWt7c3NEYXl1dkRueXF2 HTTP/1.1
Host: ipmathematical.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Mon, 04 Dec 2023 23:11:52 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aM0%2B1VoXCK46a8wY8w1ex3cwNpgWqOrWwMii%2FRjOrgl3KieC4adzNtW%2B4ftW4JNDSfCa2TUFLytIyCTXOdsl0L9jwDNfcF8MnanlJva7d3CyuoRyi1JSk0kSwLHEArm%2FsvEiRHQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307bb22be7eb524-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
orgotitedu.info/ZmQ3YVMHBlQMbAdZVUcmFAgKRGEgQQUnN1cCB1QlFFdECyATHQBPMAoLQgU1FAtZFX0IAUNEYSA1VlMdVwVdLBoiJkQsFyRcfCQFBS9gUCcgPEA3HSU1bicLNBBSKRA8IHsYPDwpchIWKx5xAgsjVG8lJFIrYFEGPCcGUR4+CHoxCzcMUjMWHjdzFhUvPF80NSMcWCMXASF7JCQsI3UwBiEhW1QdIAxlOQsBNW0pEjwCdAoJLih2OxUzVXU4ElYpYikSNDx1IwIhMEAnMSI1cTESMBBkMwY3IGMNElUwQCcxICZAJBEwXXAzOgEzYDceKDx2BRwzIBoFAycyRDMSVlx2Kj8sIm8ZYgQ3WyMKJxNAJhUBIlQ1PyMeYCAdBzEHNzEnVUcmAVcUYSA7IzVzJyQyNlwCICcIQzYEVwthKT9TIRELIAkKR1w6KhRzKD88HFgxF1AL
108.157.229.6200 OK 1.2 kB URL GET HTTP/2 orgotitedu.info/ZmQ3YVMHBlQMbAdZVUcmFAgKRGEgQQUnN1cCB1QlFFdECyATHQBPMAoLQgU1FAtZFX0IAUNEYSA1VlMdVwVdLBoiJkQsFyRcfCQFBS9gUCcgPEA3HSU1bicLNBBSKRA8IHsYPDwpchIWKx5xAgsjVG8lJFIrYFEGPCcGUR4+CHoxCzcMUjMWHjdzFhUvPF80NSMcWCMXASF7JCQsI3UwBiEhW1QdIAxlOQsBNW0pEjwCdAoJLih2OxUzVXU4ElYpYikSNDx1IwIhMEAnMSI1cTESMBBkMwY3IGMNElUwQCcxICZAJBEwXXAzOgEzYDceKDx2BRwzIBoFAycyRDMSVlx2Kj8sIm8ZYgQ3WyMKJxNAJhUBIlQ1PyMeYCAdBzEHNzEnVUcmAVcUYSA7IzVzJyQyNlwCICcIQzYEVwthKT9TIRELIAkKR1w6KhRzKD88HFgxF1AL
IP 108.157.229.6:443
Certificate IssuerAmazon
Subjectorgotitedu.info
Fingerprint79:CC:FF:0E:F4:F4:8A:D7:72:F6:75:7A:06:B2:F5:7A:84:55:95:F5
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sun, 10 Nov 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3044), with no line terminators
Hash 0030f993926557f0eaad83d1f2f8f3cd
58d3b53e472e75118f08982ea876ba0ed560bb54
63cdc3d47120091adfd61a450eed474ff2d7c42c95654153f9fe6c4b81cf0e32
GET /ZmQ3YVMHBlQMbAdZVUcmFAgKRGEgQQUnN1cCB1QlFFdECyATHQBPMAoLQgU1FAtZFX0IAUNEYSA1VlMdVwVdLBoiJkQsFyRcfCQFBS9gUCcgPEA3HSU1bicLNBBSKRA8IHsYPDwpchIWKx5xAgsjVG8lJFIrYFEGPCcGUR4+CHoxCzcMUjMWHjdzFhUvPF80NSMcWCMXASF7JCQsI3UwBiEhW1QdIAxlOQsBNW0pEjwCdAoJLih2OxUzVXU4ElYpYikSNDx1IwIhMEAnMSI1cTESMBBkMwY3IGMNElUwQCcxICZAJBEwXXAzOgEzYDceKDx2BRwzIBoFAycyRDMSVlx2Kj8sIm8ZYgQ3WyMKJxNAJhUBIlQ1PyMeYCAdBzEHNzEnVUcmAVcUYSA7IzVzJyQyNlwCICcIQzYEVwthKT9TIRELIAkKR1w6KhRzKD88HFgxF1AL HTTP/1.1
Host: orgotitedu.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1193
date: Mon, 04 Dec 2023 23:11:52 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 41ce182e8f343263845579fafd1af6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: RVRAVG6uIPIg4FbuaVkxFAGBijMIPjWdxVjCUUVliHC4Kt0V1QBsHQ==
X-Firefox-Spdy: h2
ipmathematical.org/VGdNVld7WC4lajYLJi4CP1YrDxYWACs6YjslIBhvDDAIHDY6DGsiPjBadGZmZlJ1cCc9A3BkbnIUOTcjIRRwZ3E9CSs5anIRcGd5ZEl7ZnlnQThrZnITPTcwaVZrJiMgC3BnYGRWemVmYVZ1ZW5k
172.67.146.16204 No Content 0 B URL GET HTTP/2 ipmathematical.org/VGdNVld7WC4lajYLJi4CP1YrDxYWACs6YjslIBhvDDAIHDY6DGsiPjBadGZmZlJ1cCc9A3BkbnIUOTcjIRRwZ3E9CSs5anIRcGd5ZEl7ZnlnQThrZnITPTcwaVZrJiMgC3BnYGRWemVmYVZ1ZW5k
IP 172.67.146.16:443
Certificate IssuerGoogle Trust Services LLC
Subjectipmathematical.org
FingerprintD2:34:74:D1:16:55:F8:EF:87:87:38:64:00:6A:AA:9B:4C:F4:F1:CF
ValidityWed, 29 Nov 2023 06:02:08 GMT - Tue, 27 Feb 2024 06:02:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /VGdNVld7WC4lajYLJi4CP1YrDxYWACs6YjslIBhvDDAIHDY6DGsiPjBadGZmZlJ1cCc9A3BkbnIUOTcjIRRwZ3E9CSs5anIRcGd5ZEl7ZnlnQThrZnITPTcwaVZrJiMgC3BnYGRWemVmYVZ1ZW5k HTTP/1.1
Host: ipmathematical.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Mon, 04 Dec 2023 23:11:52 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U05di8L%2BTkS2JJTsrtQEG0Jq4Zf9tm3iihmatKCUajaUtAkhqOdqXDXm6RaszD%2B%2FXcZji3F8LD0KSjuHV%2F7ukHQQazczSH7odhrN9AjWhiUtsvyBx39qv%2Bdm%2BQrZP3maIJIfKVw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307bb22be80b524-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
getbestpolojpob.org/M0N1NnZSIRZbSVJ+FxADQS9IE0R1ZkdwEgIlRQMAQXAGXAVGOkIYFV8sAFIQQSwbQlhdJgETRHUaJAY/RBJEWRF/FUFaLGcgB2A+BikWBTtwJxh8GngGOEU4dw1QBDBiKRFEPWIrEnQiQBczWiN8CBhjRGAqEVgVAREWfxxiKBNOL14NNnRTAQU0YSMECQx3OFdwAgU7X3sabA9YMiNfBUUPJmQyfDkRWjgCBVAENH06AgIhYHtHfxtQADdhT0cgHWAOUi4GByFgc1AENH8HI3IsXisPejNhLhR+OEkCMgcHaS0zTyxeKw94IFg3F34SXQICcFMBBRZuPHonIgMbUBtYfBtSCzhBJF4ZBXcYfgIRWCRJIg1gDlIqJFgjSiREbBhxcRZhBkogEnQPUi0/WDddDk19HHEVP2IjBBkCfzBScDsFPl0NTXgYCwFTXAVcLQULBEdyH3wmdSIlYhN+Mw
65.9.55.109200 OK 1.2 kB URL GET HTTP/2 getbestpolojpob.org/M0N1NnZSIRZbSVJ+FxADQS9IE0R1ZkdwEgIlRQMAQXAGXAVGOkIYFV8sAFIQQSwbQlhdJgETRHUaJAY/RBJEWRF/FUFaLGcgB2A+BikWBTtwJxh8GngGOEU4dw1QBDBiKRFEPWIrEnQiQBczWiN8CBhjRGAqEVgVAREWfxxiKBNOL14NNnRTAQU0YSMECQx3OFdwAgU7X3sabA9YMiNfBUUPJmQyfDkRWjgCBVAENH06AgIhYHtHfxtQADdhT0cgHWAOUi4GByFgc1AENH8HI3IsXisPejNhLhR+OEkCMgcHaS0zTyxeKw94IFg3F34SXQICcFMBBRZuPHonIgMbUBtYfBtSCzhBJF4ZBXcYfgIRWCRJIg1gDlIqJFgjSiREbBhxcRZhBkogEnQPUi0/WDddDk19HHEVP2IjBBkCfzBScDsFPl0NTXgYCwFTXAVcLQULBEdyH3wmdSIlYhN+Mw
IP 65.9.55.109:443
Certificate IssuerAmazon
Subjectgetbestpolojpob.org
FingerprintBD:F6:95:89:F9:7E:C8:03:91:9C:73:E7:C5:4C:5B:31:83:EF:77:ED
ValidityWed, 29 Nov 2023 00:00:00 GMT - Fri, 27 Dec 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3044), with no line terminators
Hash db0222cb0ef4b0bdb5467a62ea651c20
3297629d6fb5eb3fa8808cbe536127a1dd668af3
94eccedda997c96bcb2fba81937bcba540a2c52abb76ffac2e92a59c7e04a8db
GET /M0N1NnZSIRZbSVJ+FxADQS9IE0R1ZkdwEgIlRQMAQXAGXAVGOkIYFV8sAFIQQSwbQlhdJgETRHUaJAY/RBJEWRF/FUFaLGcgB2A+BikWBTtwJxh8GngGOEU4dw1QBDBiKRFEPWIrEnQiQBczWiN8CBhjRGAqEVgVAREWfxxiKBNOL14NNnRTAQU0YSMECQx3OFdwAgU7X3sabA9YMiNfBUUPJmQyfDkRWjgCBVAENH06AgIhYHtHfxtQADdhT0cgHWAOUi4GByFgc1AENH8HI3IsXisPejNhLhR+OEkCMgcHaS0zTyxeKw94IFg3F34SXQICcFMBBRZuPHonIgMbUBtYfBtSCzhBJF4ZBXcYfgIRWCRJIg1gDlIqJFgjSiREbBhxcRZhBkogEnQPUi0/WDddDk19HHEVP2IjBBkCfzBScDsFPl0NTXgYCwFTXAVcLQULBEdyH3wmdSIlYhN+Mw HTTP/1.1
Host: getbestpolojpob.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1193
date: Mon, 04 Dec 2023 23:11:52 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 0dbf67e262a6295e9e8f6570f9aae7e0.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: nLNIL-J6BTd9S0wmuBKcdXuUwxADbdm5BbZMhg3zHggOlGSGYQq8Vw==
X-Firefox-Spdy: h2
ipmathematical.org/WDY1eGd3CVYLWg5+XTwzDV5SKy8WAVM/MRFSW0lCanRsSF4hUFsPQSxfUUVebwIHTFR+RlwcWmkOEwsTOUJAC1ppEFwWATcLEw5aaRgFVlV2AhMNWmkQQQgGPwsEXhcsQllFVm8GBE9UaQMEQFRvBg
172.67.146.16204 No Content 0 B URL GET HTTP/2 ipmathematical.org/WDY1eGd3CVYLWg5+XTwzDV5SKy8WAVM/MRFSW0lCanRsSF4hUFsPQSxfUUVebwIHTFR+RlwcWmkOEwsTOUJAC1ppEFwWATcLEw5aaRgFVlV2AhMNWmkQQQgGPwsEXhcsQllFVm8GBE9UaQMEQFRvBg
IP 172.67.146.16:443
Certificate IssuerGoogle Trust Services LLC
Subjectipmathematical.org
FingerprintD2:34:74:D1:16:55:F8:EF:87:87:38:64:00:6A:AA:9B:4C:F4:F1:CF
ValidityWed, 29 Nov 2023 06:02:08 GMT - Tue, 27 Feb 2024 06:02:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WDY1eGd3CVYLWg5+XTwzDV5SKy8WAVM/MRFSW0lCanRsSF4hUFsPQSxfUUVebwIHTFR+RlwcWmkOEwsTOUJAC1ppEFwWATcLEw5aaRgFVlV2AhMNWmkQQQgGPwsEXhcsQllFVm8GBE9UaQMEQFRvBg HTTP/1.1
Host: ipmathematical.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Mon, 04 Dec 2023 23:11:52 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qyF1TraEJdh0A8Sjp5u0KtdQ%2B5oHjwrf74mZXgxujV0gDCezQj4kyty7WTFjAyXv81Igzmsnb7xkAyR4EO9sBCiTxIQ364SESg3xIeNT9MLRJ1WDHZfhqLqqWWdXSBWhYcEkkjo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307bb22de8cb524-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
getbestpolojpob.org/UzVvQmIyVwwvXTIIDWQXIVlSZ1AVEF0EBmJTX3cUIQYcKBEmTFhsAT9aGiYEIVoBNkw9UBtnUBVGCylTOlA3LTQaUhgkMAJ8BAAJAXE+Gg4CYTouMxlNKhUkEm8YDyFrTC41EWFhPC1WGAQudToSfFwACQF+OgEnF3MXcy4yQgwaJQZBVxAgNFApCiAEbRh6OjB0VxUjEQ0HBgo7Uz0DFgtjXzI2NQQlECYBDQUACgp7LRUKAmY9EyEycy0IMWNvBRcOK38hBQoCZj5yBBoEPQw6Y2A/EFInfissFgRtKilSMnMtCCESdwAXNjt5PSwKHmY5DDY1BEILBxtNOi8mBU0mDypqZjwHEhRTKQgrCwU9eyARdCYHGyB7LhRbFnZeDCgHBAd7MBJNJxAVdV8cLQwjCD0UKiZzO3YyHVNdAA
65.9.55.109200 OK 1.2 kB URL GET HTTP/2 getbestpolojpob.org/UzVvQmIyVwwvXTIIDWQXIVlSZ1AVEF0EBmJTX3cUIQYcKBEmTFhsAT9aGiYEIVoBNkw9UBtnUBVGCylTOlA3LTQaUhgkMAJ8BAAJAXE+Gg4CYTouMxlNKhUkEm8YDyFrTC41EWFhPC1WGAQudToSfFwACQF+OgEnF3MXcy4yQgwaJQZBVxAgNFApCiAEbRh6OjB0VxUjEQ0HBgo7Uz0DFgtjXzI2NQQlECYBDQUACgp7LRUKAmY9EyEycy0IMWNvBRcOK38hBQoCZj5yBBoEPQw6Y2A/EFInfissFgRtKilSMnMtCCESdwAXNjt5PSwKHmY5DDY1BEILBxtNOi8mBU0mDypqZjwHEhRTKQgrCwU9eyARdCYHGyB7LhRbFnZeDCgHBAd7MBJNJxAVdV8cLQwjCD0UKiZzO3YyHVNdAA
IP 65.9.55.109:443
Certificate IssuerAmazon
Subjectgetbestpolojpob.org
FingerprintBD:F6:95:89:F9:7E:C8:03:91:9C:73:E7:C5:4C:5B:31:83:EF:77:ED
ValidityWed, 29 Nov 2023 00:00:00 GMT - Fri, 27 Dec 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3021), with no line terminators
Hash 78c957e59d4ccae713dddc6b2c21d2f1
b5337fc9b67b7b642b9f45ddb5f82150534a52fe
92256da014c6b1b52236cdd6011e8629ffd7ef9d8a1fd690fdfd16e72fb8e68d
GET /UzVvQmIyVwwvXTIIDWQXIVlSZ1AVEF0EBmJTX3cUIQYcKBEmTFhsAT9aGiYEIVoBNkw9UBtnUBVGCylTOlA3LTQaUhgkMAJ8BAAJAXE+Gg4CYTouMxlNKhUkEm8YDyFrTC41EWFhPC1WGAQudToSfFwACQF+OgEnF3MXcy4yQgwaJQZBVxAgNFApCiAEbRh6OjB0VxUjEQ0HBgo7Uz0DFgtjXzI2NQQlECYBDQUACgp7LRUKAmY9EyEycy0IMWNvBRcOK38hBQoCZj5yBBoEPQw6Y2A/EFInfissFgRtKilSMnMtCCESdwAXNjt5PSwKHmY5DDY1BEILBxtNOi8mBU0mDypqZjwHEhRTKQgrCwU9eyARdCYHGyB7LhRbFnZeDCgHBAd7MBJNJxAVdV8cLQwjCD0UKiZzO3YyHVNdAA HTTP/1.1
Host: getbestpolojpob.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1173
date: Mon, 04 Dec 2023 23:11:52 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 0dbf67e262a6295e9e8f6570f9aae7e0.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: rDcPOWjIyhlV8NrVgfOTaEy23cFguVP1r7Bqgp1zHh73UVU_uVetbg==
X-Firefox-Spdy: h2
ds2play.com/favicon.ico
172.67.70.18200 OK 15 kB IP 172.67.70.18:443
Certificate IssuerGoogle Trust Services LLC
Subjectds2play.com
Fingerprint01:70:30:C0:4B:E8:2F:96:93:F4:0F:7C:31:5C:D0:AE:09:D6:0F:AC
ValidityThu, 30 Nov 2023 11:08:38 GMT - Wed, 28 Feb 2024 11:08:37 GMT
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash 30d3656f43c817e38c3e7d70b2bfbdad
1aa43b43755e7cba5e145d0978517f7bedad7da6
a558a4796f60f07743027eec96b538b2e7758cca8c544ed796ff745837478555
GET /favicon.ico HTTP/1.1
Host: ds2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/d/
Cookie: lang=1; ppu_show_on_06e2eefbde702208a7324b7b8f526df8=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 04 Dec 2023 23:11:53 GMT
content-type: image/x-icon
content-length: 15406
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
etag: "61d3187c-3c2e"
expires: Mon, 25 Dec 2023 03:32:55 GMT
cache-control: public, max-age=2592000, no-transform
access-control-allow-origin: *
cf-cache-status: HIT
age: 848338
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vmB8u7%2FgFmFokIwx7rgtdd9RFF1WB14zGMYgxgQqDWBaSac2CHnix1iLuYfyy79HDyirqmMr8jnRhtEoiYGlHm6xT7M1U5EOpIJsIrL%2B4OzQC4gSHeKFcO25xW3J"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb259cadb505-OSL
alt-svc: h3=":443"; ma=86400
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
173.194.73.84302 Found 0 B URL GET HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 173.194.73.84:443
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint1E:A9:E1:96:78:1D:08:FC:96:C8:C2:34:4F:02:D3:3D:FA:9A:D2:6B
ValidityMon, 23 Oct 2023 11:25:04 GMT - Mon, 15 Jan 2024 11:25:03 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:8l7deD8syF4WMZfKCK-F6Gl3LeMkEA:eeap61IlSnn5RWH8; Expires=Wed, 03-Dec-2025 23:11:53 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 04 Dec 2023 23:11:53 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp2BDzrVTG6GklebODYOrOYKJkjGgzTeOvthb6b004LRPWH-uAQs0UL-BWuqCsr9nY6dTBHo
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-L1FhNos90a2XmQK4aWkYhQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: unsafe-none
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
173.194.73.84302 Found 0 B URL GET HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 173.194.73.84:443
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint1E:A9:E1:96:78:1D:08:FC:96:C8:C2:34:4F:02:D3:3D:FA:9A:D2:6B
ValidityMon, 23 Oct 2023 11:25:04 GMT - Mon, 15 Jan 2024 11:25:03 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:z_1xMrAEgnnRyf0g5vd-dtmR4VzbEQ:9C8FazL5KNDa66vu; Expires=Wed, 03-Dec-2025 23:11:53 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 04 Dec 2023 23:11:53 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp1j0pVI0y-ATHV1XcLF_CnJtKFJqJzUiZd2tY79Ju1tA-jMNRnlqyC59RJLBvi9VK-uUH1nyg
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: unsafe-none
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-Oq0YjlmiAZbI8A9pr0EPew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
getbestpolojpob.org/utx?cb=fXjOdIHFKbzH&top=ds2play.com&tid=901258
65.9.55.109204 No Content 0 B URL GET HTTP/2 getbestpolojpob.org/utx?cb=fXjOdIHFKbzH&top=ds2play.com&tid=901258
IP 65.9.55.109:443
Certificate IssuerAmazon
Subjectgetbestpolojpob.org
FingerprintBD:F6:95:89:F9:7E:C8:03:91:9C:73:E7:C5:4C:5B:31:83:EF:77:ED
ValidityWed, 29 Nov 2023 00:00:00 GMT - Fri, 27 Dec 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=fXjOdIHFKbzH&top=ds2play.com&tid=901258 HTTP/1.1
Host: getbestpolojpob.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Mon, 04 Dec 2023 23:11:53 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://ds2play.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 04 Dec 2023 23:12:53 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 0dbf67e262a6295e9e8f6570f9aae7e0.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: cu4lGmb0dgRwBfqTcZFuUSG5CwnlUv_ElmQvF7gwbPuRNI7GRMxM3A==
X-Firefox-Spdy: h2
orgotitedu.info/utx?cb=pn80KA1iIVNH&top=ds2play.com&tid=908056
108.157.229.6204 No Content 0 B URL GET HTTP/2 orgotitedu.info/utx?cb=pn80KA1iIVNH&top=ds2play.com&tid=908056
IP 108.157.229.6:443
Certificate IssuerAmazon
Subjectorgotitedu.info
Fingerprint79:CC:FF:0E:F4:F4:8A:D7:72:F6:75:7A:06:B2:F5:7A:84:55:95:F5
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sun, 10 Nov 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=pn80KA1iIVNH&top=ds2play.com&tid=908056 HTTP/1.1
Host: orgotitedu.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Mon, 04 Dec 2023 23:11:53 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://ds2play.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Mon, 04 Dec 2023 23:12:53 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 41ce182e8f343263845579fafd1af6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: zotQnAwLjiSa963_c2dbtp7XNcwQ2C0FnWDRKShhjfkp8ABGNv9lCw==
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp2BDzrVTG6GklebODYOrOYKJkjGgzTeOvthb6b004LRPWH-uAQs0UL-BWuqCsr9nY6dTBHo
173.194.73.84302 Found 403 B URL GET HTTP/2 accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp2BDzrVTG6GklebODYOrOYKJkjGgzTeOvthb6b004LRPWH-uAQs0UL-BWuqCsr9nY6dTBHo
IP 173.194.73.84:443
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint1E:A9:E1:96:78:1D:08:FC:96:C8:C2:34:4F:02:D3:3D:FA:9A:D2:6B
ValidityMon, 23 Oct 2023 11:25:04 GMT - Mon, 15 Jan 2024 11:25:03 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (395)
Hash acc5b468c0533a6a161cb8c803688193
38be3964b1251d9b8fc2496e85656935ff62fac5
fb3e7738ec4ae20808bfbbcd42edde1dd3407491ad013d87aaf651da3998e67e
GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp2BDzrVTG6GklebODYOrOYKJkjGgzTeOvthb6b004LRPWH-uAQs0UL-BWuqCsr9nY6dTBHo HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:mLHlR63qH-vVMMsehzv0mpWFq08RuA:m2oedlVYSp2gKZjo;Path=/;Expires=Wed, 03-Dec-2025 23:11:53 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 04 Dec 2023 23:11:53 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1KnTJmGjoiXOULI8wG_j3lWOV9tQdcXlcdFri9v4cuiEjtHHyyY6QXbYIxuJONRuKyI04J0g&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-519995528%3A1701731513368123&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-F02I-h0J5jdJpcsZ5YsiUA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 403
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp1j0pVI0y-ATHV1XcLF_CnJtKFJqJzUiZd2tY79Ju1tA-jMNRnlqyC59RJLBvi9VK-uUH1nyg
173.194.73.84302 Found 403 B URL GET HTTP/2 accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp1j0pVI0y-ATHV1XcLF_CnJtKFJqJzUiZd2tY79Ju1tA-jMNRnlqyC59RJLBvi9VK-uUH1nyg
IP 173.194.73.84:443
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint1E:A9:E1:96:78:1D:08:FC:96:C8:C2:34:4F:02:D3:3D:FA:9A:D2:6B
ValidityMon, 23 Oct 2023 11:25:04 GMT - Mon, 15 Jan 2024 11:25:03 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (399)
Hash ed25905c687e267d3ce905ffa0136ae5
eb1ae36ac167dcfc0c933d6b2c8b195eb9ace2d0
2a8fff5d1560b3a44d23c0094c41cbe9b52081f7de4b011987ba495fddde4643
GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp1j0pVI0y-ATHV1XcLF_CnJtKFJqJzUiZd2tY79Ju1tA-jMNRnlqyC59RJLBvi9VK-uUH1nyg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:wLMn0MeygVRFPqLtdgs1m-ip3e2THQ:lasndi8HBwNvQxLX;Path=/;Expires=Wed, 03-Dec-2025 23:11:53 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 04 Dec 2023 23:11:53 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2OzE0s-rpmd2Ev3AvPYklThnxjrdH0hxBqWV2WwNRpOhC50mPfXqhadbi0DOqEK4gW5AOynw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-838037988%3A1701731513374880&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-iSrHIoC2JI8Olzkr-Db7jg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 403
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
d1f05vr3sjsuy7.cloudfront.net/sdk1ieXoVIgwfRQIkBkRDQXlQTUlQJxEWFAZwMC8yAws2TSo4K1A7XAI3BkRKUCEDFx1LawcXGUt8RBgeFHBWXw8XcA8WAB8hDhhfRAtXV0pTf1JRDR8jBhYNBWhQSRQCaFBJS0ZjUlxJNGhQSQ0fI1RNX0UPR0tKDntWXEk0aFBJCABoUThLRnhMSVNTf1-IeHxUmDVxIMH9SSEpGfFJIX0R9BBAIEysNAV9EC1NJT1h9RAxHRw
54.230.241.212 258 B URL d1f05vr3sjsuy7.cloudfront.net/sdk1ieXoVIgwfRQIkBkRDQXlQTUlQJxEWFAZwMC8yAws2TSo4K1A7XAI3BkRKUCEDFx1LawcXGUt8RBgeFHBWXw8XcA8WAB8hDhhfRAtXV0pTf1JRDR8jBhYNBWhQSRQCaFBJS0ZjUlxJNGhQSQ0fI1RNX0UPR0tKDntWXEk0aFBJCABoUThLRnhMSVNTf1-IeHxUmDVxIMH9SSEpGfFJIX0R9BBAIEysNAV9EC1NJT1h9RAxHRw
IP 54.230.241.212:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 3f2d5f2b7ee0764499871f028b45c4df
e80a81851fbc08e113d7b7ebaa2303a434865f0b
65e63479d27306cc910158306538fdc7e491e1c1c5979e358185814eaab490a7
GET /sdk1ieXoVIgwfRQIkBkRDQXlQTUlQJxEWFAZwMC8yAws2TSo4K1A7XAI3BkRKUCEDFx1LawcXGUt8RBgeFHBWXw8XcA8WAB8hDhhfRAtXV0pTf1JRDR8jBhYNBWhQSRQCaFBJS0ZjUlxJNGhQSQ0fI1RNX0UPR0tKDntWXEk0aFBJCABoUThLRnhMSVNTf1-IeHxUmDVxIMH9SSEpGfFJIX0R9BBAIEysNAV9EC1NJT1h9RAxHRw HTTP/1.1
Host: d1f05vr3sjsuy7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://getbestpolojpob.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 258
date: Mon, 04 Dec 2023 23:11:53 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: iRztv4izQUqNPdjLv15UU9lniV-xVCIX2yAqT6q1AM-WEscFo9TVKQ==
X-Firefox-Spdy: h2
d1f05vr3sjsuy7.cloudfront.net/YQ0IwQ1ogLV4lZTcrVH5jc3MCdmJlKEMsNDN/QjdrKQhgBTsTFlUOKmU2Sidnc2RcIjQkfxYmNCB/AWU7JyANd3w3Ml8oZykqVisvLSRDOzdlN1F+Nyw4WS82ImcCBW9tchVxams1WS0+LDVDZmhzLERmaHNzAG1qZnFyZmhzNVktbHdnAwF/cXJIdW5mcX-JmaHMwRmZpAnMAdnRzaxVxaiQnUyg1ZnB2cWpycgByanJnAnM8KjBVJTU7ZwIFa3N3HnN8Nn8B
54.230.241.212 447 B URL d1f05vr3sjsuy7.cloudfront.net/YQ0IwQ1ogLV4lZTcrVH5jc3MCdmJlKEMsNDN/QjdrKQhgBTsTFlUOKmU2Sidnc2RcIjQkfxYmNCB/AWU7JyANd3w3Ml8oZykqVisvLSRDOzdlN1F+Nyw4WS82ImcCBW9tchVxams1WS0+LDVDZmhzLERmaHNzAG1qZnFyZmhzNVktbHdnAwF/cXJIdW5mcX-JmaHMwRmZpAnMAdnRzaxVxaiQnUyg1ZnB2cWpycgByanJnAnM8KjBVJTU7ZwIFa3N3HnN8Nn8B
IP 54.230.241.212:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File type ASCII text, with very long lines (597), with no line terminators
Hash d82d51f366c8a556bde9e7ecb7cd3236
6b48e87b293e37845579916f7e8caca6b132d03e
252edebbc89415690904be2f12c5ed8a944dba073bfffba65e76ead5a4f7737c
GET /YQ0IwQ1ogLV4lZTcrVH5jc3MCdmJlKEMsNDN/QjdrKQhgBTsTFlUOKmU2Sidnc2RcIjQkfxYmNCB/AWU7JyANd3w3Ml8oZykqVisvLSRDOzdlN1F+Nyw4WS82ImcCBW9tchVxams1WS0+LDVDZmhzLERmaHNzAG1qZnFyZmhzNVktbHdnAwF/cXJIdW5mcX-JmaHMwRmZpAnMAdnRzaxVxaiQnUyg1ZnB2cWpycgByanJnAnM8KjBVJTU7ZwIFa3N3HnN8Nn8B HTTP/1.1
Host: d1f05vr3sjsuy7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://getbestpolojpob.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 447
date: Mon, 04 Dec 2023 23:11:53 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: R4GtBhylhLedM0TeIA4ctLmaedkkuB5BQn3btyRAuQIX2tqaaWh5mg==
X-Firefox-Spdy: h2
d1f05vr3sjsuy7.cloudfront.net/Qa2N1ajMIDBsMDB8KEVcKW1tFXwVNCQYFXRteHCZDLyoZMEsEMzFcXE0XDw4OW0UZC10MXlMPXQheRExSDwFIXhUfExoBDgELEwJGBQUGEl5NFhRXXgQZHAZfCkZHLAZFU1BYA0MUHARXBBQGTwFbDQFPAVtSRUQDTlA3TwFbFBwEBV9GRigWWVMNXAdOUD-dPAVsRA08AKlJFXx1bSlBYAwwGFgFcTlEzWANaU0VbA1pGR1pVAhEQDFwTRkcsAltWW1oVHl5E
54.230.241.212 612 B URL d1f05vr3sjsuy7.cloudfront.net/Qa2N1ajMIDBsMDB8KEVcKW1tFXwVNCQYFXRteHCZDLyoZMEsEMzFcXE0XDw4OW0UZC10MXlMPXQheRExSDwFIXhUfExoBDgELEwJGBQUGEl5NFhRXXgQZHAZfCkZHLAZFU1BYA0MUHARXBBQGTwFbDQFPAVtSRUQDTlA3TwFbFBwEBV9GRigWWVMNXAdOUD-dPAVsRA08AKlJFXx1bSlBYAwwGFgFcTlEzWANaU0VbA1pGR1pVAhEQDFwTRkcsAltWW1oVHl5E
IP 54.230.241.212:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT
File type ASCII text, with very long lines (853), with no line terminators
Hash db10688df6effbb1419ecb0f81eca60e
d7f2c8d98fa7fb216545a1ac4daf9cc87fe64371
a7af8ba59ebde3f4a694f122f6d4d8cc8397e130a6807488c19bdbf38f369629
GET /Qa2N1ajMIDBsMDB8KEVcKW1tFXwVNCQYFXRteHCZDLyoZMEsEMzFcXE0XDw4OW0UZC10MXlMPXQheRExSDwFIXhUfExoBDgELEwJGBQUGEl5NFhRXXgQZHAZfCkZHLAZFU1BYA0MUHARXBBQGTwFbDQFPAVtSRUQDTlA3TwFbFBwEBV9GRigWWVMNXAdOUD-dPAVsRA08AKlJFXx1bSlBYAwwGFgFcTlEzWANaU0VbA1pGR1pVAhEQDFwTRkcsAltWW1oVHl5E HTTP/1.1
Host: d1f05vr3sjsuy7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://orgotitedu.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 612
date: Mon, 04 Dec 2023 23:11:53 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UyBiSRjH5MJkpqB3J204Mqv307cv-0e1hfpMIy4hvPxBRvN8_tx5VA==
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.110.13200 OK 29 B IP 172.64.110.13:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash fac1a677a3561ff1d97f63ca4cd2edfe
2f4331a04399913d6f4231ac4233f75d550e569c
938284e2da32d1e89466dea9a8ca5054b3756a46b77d1e612274bb98aff76e65
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:53 GMT
content-type: text/plain
set-cookie: csu=1962401213087510@1@1701731513; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://ds2play.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kIJ2ijaD%2BvWQELrbDDldGYhSw2J2Fwsdsf%2BU7FK0qafkpwX51RQun8d%2FYqO1xNu3KSEYWTba8c81oWRjOnnEagUkOhg9DxeWNg5GsXrSIoe7Hb1pYLJ%2FRCcmBxRSfkuM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307bb26a98c52e2-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
interbasevideopregnant.com/sbar.json?key=2c0360ed33b0b4736859081c701f9a91
173.233.137.52200 OK 4.1 kB URL GET HTTP/1.1 interbasevideopregnant.com/sbar.json?key=2c0360ed33b0b4736859081c701f9a91
IP 173.233.137.52:443
Certificate IssuerLet's Encrypt
Subjectinterbasevideopregnant.com
Fingerprint05:CE:54:0F:E3:69:0F:FA:81:8B:E1:49:7E:A8:C7:B9:AD:FA:67:8F
ValidityTue, 28 Nov 2023 10:51:51 GMT - Mon, 26 Feb 2024 10:51:50 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (5716), with no line terminators
Hash dad878a3822383806b23c1d86fb37970
ac3c4e1ff18d2dee7cb033797dfdebfc26ef1681
a5f9f5ec164b32ff5a7968f53a256c0a14e6fd080f82558ab8f99cca8c4d3734
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /sbar.json?key=2c0360ed33b0b4736859081c701f9a91 HTTP/1.1
Host: interbasevideopregnant.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 23:11:54 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://ds2play.com
Access-Control-Allow-Origin: https://ds2play.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=19079684; expires=Tue, 05 Dec 2023 23:11:54 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 05 Dec 2023 23:11:54 GMT; secure; SameSite=None
uncs=1; expires=Tue, 05 Dec 2023 23:11:54 GMT; secure; SameSite=None
pdhtkv29=true; expires=Tue, 05 Dec 2023 23:11:54 GMT; secure; SameSite=None
uncs29=1; expires=Tue, 05 Dec 2023 23:11:54 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 75ff9e8f7c2b1c19e1c48d18c7f5cafa
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
interbasevideopregnant.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3s3v9BNh1YsHYVAWVpBJ9fzJzLjIsnGNBGMSd1dy8VJdVT0pU13VVnVPT3IKLsieZMSLeup8k2xQF3WvgiATLyEgOB4kB3P3LOxZZjIw%2BqDqva%2B%2Bd%2Fi%2B9%2BqTg%2FyChMjZ%2Bea7dk9pzRabVVq5saWMsIWvrN%2BvhLRKb1a2lFlq3Kz0J5frvR7SZpW%2BWnlb8h27WKMhpSENKyvKydj2F6csVPq4E1Y7tNqoVcNmA333X%2BzzAJ4FEL0L8hyUGP9v%2B%2FQJFB%2FBJD%2FckX4ns%2BlrbyW5Zpl16Inj982OsYVBMi9jFyA2x7NuWD8m5IsrsOZ45gC2dzhxgEiNSfBHiMgcz2Qi6h1dKo00pEEk%2Fo%2BiN4LUIyg2ArcPoMRvBOAC6xswyaN16wq2e8myCTsmC0%2F%2FhirGZOHPF2CS75a16lfuWZ1nyhqPflxC9UdQ3RHS%2FATZXgBVnIBnH0OJX8ni0zWY5HDDawslyql7pUZQ8QhaDsB8gHxyVIA8DpCnARJxXmHNTkxpK47ier3d4JzX65w320uiKeqNdkyR84m8AbJ0AK4H4G4fqdvHjhrA5T%2FDb5fwIoDPxiR4bx89UaKQBIUnKBhBoQiKjKDolUdC%2B5ovHwnt8yic5dos18uhzboH7MhmXWkImBscpBfk2mQ2wSsvL2BHnldqnNaXqBT1ekSjRqu%2B1G52aDvkLRrGHdYJ4VUJ5a9M7e6pMbn%2B0S2kakyeOb2GiJ3A6xNwdR0sfwmsGLZqFGx72GhT7JnvQ2Gt8JmTLKlym0DYEmm2gGw3ONAX5MXpmlarb0Dys1unX07iK3BXInUlPlS%2FEHT1w%2BFdW5DDu7bw5MlGmqlE7bHJCu9lLJNXv3lH7hbWidU7fvD1bT4hJuXj%2B9Jna8wIZbqefLushJBuxTouyU%2BrfktGm7nfXs6dydO1zTdXVpPUSe%2BVNSMwNSbk07%2FA1Zg8%2B%2Fzn0%2B954%2Bg2lBvB5SWS%2FIzMAsqOwNN9%2BHSu31sCp%2Bc9URqgyMuhq0XzR60ItJxjFpXw%2F8LRvD7wD9F1AVj2ACYp0XMleroE0wP4%2FOowS93Zrd%2Fr00Ckg2GkXXAYaac%2FuxyuV%2BcV2YxpLGlNRnEniluMik7c6ESsE8pW1GQhMj%2BW5oMf%2FwEAAP%2F%2FAQAA%2F%2F8hVsK5dgQAAA%3D%3D
173.233.137.52200 OK 7 B URL GET HTTP/1.1 interbasevideopregnant.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3s3v9BNh1YsHYVAWVpBJ9fzJzLjIsnGNBGMSd1dy8VJdVT0pU13VVnVPT3IKLsieZMSLeup8k2xQF3WvgiATLyEgOB4kB3P3LOxZZjIw%2BqDqva%2B%2Bd%2Fi%2B9%2BqTg%2FyChMjZ%2Bea7dk9pzRabVVq5saWMsIWvrN%2BvhLRKb1a2lFlq3Kz0J5frvR7SZpW%2BWnlb8h27WKMhpSENKyvKydj2F6csVPq4E1Y7tNqoVcNmA333X%2BzzAJ4FEL0L8hyUGP9v%2B%2FQJFB%2FBJD%2FckX4ns%2BlrbyW5Zpl16Inj982OsYVBMi9jFyA2x7NuWD8m5IsrsOZ45gC2dzhxgEiNSfBHiMgcz2Qi6h1dKo00pEEk%2Fo%2BiN4LUIyg2ArcPoMRvBOAC6xswyaN16wq2e8myCTsmC0%2F%2FhirGZOHPF2CS75a16lfuWZ1nyhqPflxC9UdQ3RHS%2FATZXgBVnIBnH0OJX8ni0zWY5HDDawslyql7pUZQ8QhaDsB8gHxyVIA8DpCnARJxXmHNTkxpK47ier3d4JzX65w320uiKeqNdkyR84m8AbJ0AK4H4G4fqdvHjhrA5T%2FDb5fwIoDPxiR4bx89UaKQBIUnKBhBoQiKjKDolUdC%2B5ovHwnt8yic5dos18uhzboH7MhmXWkImBscpBfk2mQ2wSsvL2BHnldqnNaXqBT1ekSjRqu%2B1G52aDvkLRrGHdYJ4VUJ5a9M7e6pMbn%2B0S2kakyeOb2GiJ3A6xNwdR0sfwmsGLZqFGx72GhT7JnvQ2Gt8JmTLKlym0DYEmm2gGw3ONAX5MXpmlarb0Dys1unX07iK3BXInUlPlS%2FEHT1w%2BFdW5DDu7bw5MlGmqlE7bHJCu9lLJNXv3lH7hbWidU7fvD1bT4hJuXj%2B9Jna8wIZbqefLushJBuxTouyU%2BrfktGm7nfXs6dydO1zTdXVpPUSe%2BVNSMwNSbk07%2FA1Zg8%2B%2Fzn0%2B954%2Bg2lBvB5SWS%2FIzMAsqOwNN9%2BHSu31sCp%2Bc9URqgyMuhq0XzR60ItJxjFpXw%2F8LRvD7wD9F1AVj2ACYp0XMleroE0wP4%2FOowS93Zrd%2Fr00Ckg2GkXXAYaac%2FuxyuV%2BcV2YxpLGlNRnEniluMik7c6ESsE8pW1GQhMj%2BW5oMf%2FwEAAP%2F%2FAQAA%2F%2F8hVsK5dgQAAA%3D%3D
IP 173.233.137.52:443
Certificate IssuerLet's Encrypt
Subjectinterbasevideopregnant.com
Fingerprint05:CE:54:0F:E3:69:0F:FA:81:8B:E1:49:7E:A8:C7:B9:AD:FA:67:8F
ValidityTue, 28 Nov 2023 10:51:51 GMT - Mon, 26 Feb 2024 10:51:50 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3s3v9BNh1YsHYVAWVpBJ9fzJzLjIsnGNBGMSd1dy8VJdVT0pU13VVnVPT3IKLsieZMSLeup8k2xQF3WvgiATLyEgOB4kB3P3LOxZZjIw%2BqDqva%2B%2Bd%2Fi%2B9%2BqTg%2FyChMjZ%2Bea7dk9pzRabVVq5saWMsIWvrN%2BvhLRKb1a2lFlq3Kz0J5frvR7SZpW%2BWnlb8h27WKMhpSENKyvKydj2F6csVPq4E1Y7tNqoVcNmA333X%2BzzAJ4FEL0L8hyUGP9v%2B%2FQJFB%2FBJD%2FckX4ns%2BlrbyW5Zpl16Inj982OsYVBMi9jFyA2x7NuWD8m5IsrsOZ45gC2dzhxgEiNSfBHiMgcz2Qi6h1dKo00pEEk%2Fo%2BiN4LUIyg2ArcPoMRvBOAC6xswyaN16wq2e8myCTsmC0%2F%2FhirGZOHPF2CS75a16lfuWZ1nyhqPflxC9UdQ3RHS%2FATZXgBVnIBnH0OJX8ni0zWY5HDDawslyql7pUZQ8QhaDsB8gHxyVIA8DpCnARJxXmHNTkxpK47ier3d4JzX65w320uiKeqNdkyR84m8AbJ0AK4H4G4fqdvHjhrA5T%2FDb5fwIoDPxiR4bx89UaKQBIUnKBhBoQiKjKDolUdC%2B5ovHwnt8yic5dos18uhzboH7MhmXWkImBscpBfk2mQ2wSsvL2BHnldqnNaXqBT1ekSjRqu%2B1G52aDvkLRrGHdYJ4VUJ5a9M7e6pMbn%2B0S2kakyeOb2GiJ3A6xNwdR0sfwmsGLZqFGx72GhT7JnvQ2Gt8JmTLKlym0DYEmm2gGw3ONAX5MXpmlarb0Dys1unX07iK3BXInUlPlS%2FEHT1w%2BFdW5DDu7bw5MlGmqlE7bHJCu9lLJNXv3lH7hbWidU7fvD1bT4hJuXj%2B9Jna8wIZbqefLushJBuxTouyU%2BrfktGm7nfXs6dydO1zTdXVpPUSe%2BVNSMwNSbk07%2FA1Zg8%2B%2Fzn0%2B954%2Bg2lBvB5SWS%2FIzMAsqOwNN9%2BHSu31sCp%2Bc9URqgyMuhq0XzR60ItJxjFpXw%2F8LRvD7wD9F1AVj2ACYp0XMleroE0wP4%2FOowS93Zrd%2Fr00Ckg2GkXXAYaac%2FuxyuV%2BcV2YxpLGlNRnEniluMik7c6ESsE8pW1GQhMj%2BW5oMf%2FwEAAP%2F%2FAQAA%2F%2F8hVsK5dgQAAA%3D%3D HTTP/1.1
Host: interbasevideopregnant.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Cookie: u_pl=19079684; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 23:11:54 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d61f2caca6fe4b09cb2cc4e5fb9d7caa
Strict-Transport-Security: max-age=0; includeSubdomains
pogothere.xyz/asd100.bin
172.64.110.13200 OK 103 kB IP 172.64.110.13:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
Size 103 kB (102938 bytes)
Hash 62e6da19507b6f5089020a7b01474946
ad3ec1bf9d978908689b6183c656fc6e8ba16329
f37c99010648b4ec06827a49c144d79a81eefdff414ae0e7a50119d2e33bb487
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:53 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://ds2play.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4676
last-modified: Mon, 04 Dec 2023 21:53:57 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f8xTzFXXXcSYfcsWkOhyFo1XWKwQnQbPVTMNYQMY%2BxaiKm77kNttacbjdqVR7Hs7ftgX2w%2F2U9BiCUhePVUGnl5Y7TFXJFZXBD4vmVr8zvXiE0oDZg4zKA%2FHCyXPy6Mo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb26a98752e2-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
getbestpolojpob.org/multi?cs=N2tuWWIGUl9rUQdaWWhTBFNWYVY&abt=0&red=1&sm=76&k=&v=1.0.60.3&sts=0&prn=0&emb=0&tid=901258&rxy=1280_1024&u=1962401213087510&agec=1701731513&fs=1&mbkb=105.15247108307045&ref=https%3A%2F%2Fds2play.com%2Fd%2F&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_frlR=1701731520002&crc=1
65.9.55.109200 OK 1.5 kB URL GET HTTP/2 getbestpolojpob.org/multi?cs=N2tuWWIGUl9rUQdaWWhTBFNWYVY&abt=0&red=1&sm=76&k=&v=1.0.60.3&sts=0&prn=0&emb=0&tid=901258&rxy=1280_1024&u=1962401213087510&agec=1701731513&fs=1&mbkb=105.15247108307045&ref=https%3A%2F%2Fds2play.com%2Fd%2F&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_frlR=1701731520002&crc=1
IP 65.9.55.109:443
Certificate IssuerAmazon
Subjectgetbestpolojpob.org
FingerprintBD:F6:95:89:F9:7E:C8:03:91:9C:73:E7:C5:4C:5B:31:83:EF:77:ED
ValidityWed, 29 Nov 2023 00:00:00 GMT - Fri, 27 Dec 2024 23:59:59 GMT
File type ASCII text, with very long lines (3259), with no line terminators
Hash e80593b216833a7e9bf6ba1ea9f2b845
fc7a003c4062636d6bc58d51ac379f2ed527f7ab
b3684c273b71dec3fe0148c2ca4f8f9c86656685d366050e294251a2dd191077
GET /multi?cs=N2tuWWIGUl9rUQdaWWhTBFNWYVY&abt=0&red=1&sm=76&k=&v=1.0.60.3&sts=0&prn=0&emb=0&tid=901258&rxy=1280_1024&u=1962401213087510&agec=1701731513&fs=1&mbkb=105.15247108307045&ref=https%3A%2F%2Fds2play.com%2Fd%2F&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_frlR=1701731520002&crc=1 HTTP/1.1
Host: getbestpolojpob.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1533
date: Mon, 04 Dec 2023 23:11:54 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://ds2play.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=21e8c47f-115c-46bb-b61e-2459e4dc51c1
csu=1962401213087510
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 0dbf67e262a6295e9e8f6570f9aae7e0.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: Xc5kaaAVC70NDAsvOoLVjBVRLiw12uNu0Yfni3aELSY8uaVGiOabog==
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.110.13200 OK 109 kB IP 172.64.110.13:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
Size 109 kB (108960 bytes)
Hash 2393330d6f343512474ca2d566943ee7
56b3760b0550d56474c494a0b373f2061d6e61f2
e79c50c571d016ca2cd27e83ea72896d8652a71b42e1ac43c7d580a1864ee566
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:53 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://ds2play.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4676
last-modified: Mon, 04 Dec 2023 21:53:57 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gDo8j7wy32hMqUZe96GIJzLFwHru9s6rGTMA2lELdHjs9byyoa5dLQm7%2Fwr9wZLPxj8uxBkAigE7hhKtoEHj5a5o1N64PFuE2gcUHSDwTNnKRS8CrgrpuZh6ijnIUHhx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb26a98652e2-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ds2play.com/cdn-cgi/challenge-platform/h/b/jsd/r/8307bb181971b518
172.67.70.18200 OK 1.1 kB URL POST HTTP/3 ds2play.com/cdn-cgi/challenge-platform/h/b/jsd/r/8307bb181971b518
IP 172.67.70.18:443
Certificate IssuerGoogle Trust Services LLC
Subjectds2play.com
Fingerprint01:70:30:C0:4B:E8:2F:96:93:F4:0F:7C:31:5C:D0:AE:09:D6:0F:AC
ValidityThu, 30 Nov 2023 11:08:38 GMT - Wed, 28 Feb 2024 11:08:37 GMT
Hash bfbabd2f1a9bd2041049e160d3f93715
be67abe2dd0ae427c13b2923bd70ecaa141e9b28
cb3210950fbaec704ed967f35a2e168e4a397b95ff22c8b76bf067e226e3489a
POST /cdn-cgi/challenge-platform/h/b/jsd/r/8307bb181971b518 HTTP/1.1
Host: ds2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12167
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/d/
Cookie: lang=1; ppu_show_on_06e2eefbde702208a7324b7b8f526df8=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 04 Dec 2023 23:11:53 GMT
content-type: text/plain; charset=UTF-8
set-cookie: cf_clearance=EqD9AGsO0SLy13sYSayeFtewJJKWHwVxPji3GpFNV7A-1701731513-0-1-730ca2d2.73a07051.5b213570-0.2.1701731513; path=/; expires=Tue, 03-Dec-24 23:11:53 GMT; domain=.ds2play.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vR54PGYqRmTakCJaAFprfs3qim8wVAY2J2IHhfjHXRzP%2FIOZt%2BrAwhvQw%2FthKyKWkUjoTpXD6EIFsNFFiaFUHom0OMKZ%2BPO8fgNrzJAEnOVt%2FW5RXBOvIxXGr1cd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307bb260cefb505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/img/arrow.png
172.64.109.10200 OK 2.3 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/img/arrow.png
IP 172.64.109.10:443
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type PNG image data, 52 x 81, 8-bit/color RGBA, non-interlaced\012- data
Hash 41109abf05740798aa2e66a3e938c8de
706e93332bf4819e9f4059765340cf97981bd1fe
2fbf669490df5b04badb9886ca664dbd9a0d66e0ecdc951b822feb6089fac0ea
GET /sb/ssp/notifications/text_bubble/2/img/arrow.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:54 GMT
content-type: image/png
content-length: 2332
last-modified: Tue, 12 Jul 2022 10:56:23 GMT
etag: "62cd5357-91c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 497986
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NW4w8NpPqWpJfUHJ2%2Bpp3EV8sb8eltWHoq4j1lOWGTF39ALJ16F09I2INXalWrXCLYsIhjcYAQKn1a2FDf%2BceCqkIQr3PcoOEc0qKUZCQKX%2B7wz50WtALFCcTXO41g8%2BsKCKnvBbwVej"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb308e7548ce-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/fa/41/e4/fa41e4558b816ed7e0ab0552953b2d07/1690854338.png
45.133.44.10200 OK 67 kB URL GET HTTP/2 cdn.cloudimagesb.com/si/fa/41/e4/fa41e4558b816ed7e0ab0552953b2d07/1690854338.png
IP 45.133.44.10:443
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 674efc7161b89ce659afd5b0643930e1
ace5e7c836afc552f82908e8c646c74c66351a6a
7f44e25525d576448d70619c900546bf13f2439c2006808a058bc68c71c35406
GET /si/fa/41/e4/fa41e4558b816ed7e0ab0552953b2d07/1690854338.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:55 GMT
content-type: image/png
content-length: 67165
server: nginx/1.21.6
last-modified: Tue, 01 Aug 2023 01:45:47 GMT
etag: "64c863cb-1065d"
expires: Wed, 06 Dec 2023 23:11:55 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=5ff712f9-bcc7-4efb-90d9-8ee068ff9fa4&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=06e2eefbde702208a7324b7b8f526df8&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23
192.243.59.20200 OK 1 B URL GET HTTP/1.1 unseenreport.com/pxf.gif?uuid=5ff712f9-bcc7-4efb-90d9-8ee068ff9fa4&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=06e2eefbde702208a7324b7b8f526df8&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23
IP 192.243.59.20:443
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint79:45:7F:58:D5:82:45:0A:7D:1E:FF:7A:98:05:26:E9:D6:FE:91:14
ValidityWed, 22 Nov 2023 07:56:28 GMT - Tue, 20 Feb 2024 07:56:27 GMT
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pxf.gif?uuid=5ff712f9-bcc7-4efb-90d9-8ee068ff9fa4&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=06e2eefbde702208a7324b7b8f526df8&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 04 Dec 2023 23:11:55 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 096a221259c4de5e46a525d8c870b190
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=5ff712f9-bcc7-4efb-90d9-8ee068ff9fa4&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=2c0360ed33b0b4736859081c701f9a91&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23
192.243.59.20200 OK 1 B URL GET HTTP/1.1 unseenreport.com/pxf.gif?uuid=5ff712f9-bcc7-4efb-90d9-8ee068ff9fa4&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=2c0360ed33b0b4736859081c701f9a91&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23
IP 192.243.59.20:443
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint79:45:7F:58:D5:82:45:0A:7D:1E:FF:7A:98:05:26:E9:D6:FE:91:14
ValidityWed, 22 Nov 2023 07:56:28 GMT - Tue, 20 Feb 2024 07:56:27 GMT
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pxf.gif?uuid=5ff712f9-bcc7-4efb-90d9-8ee068ff9fa4&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=2c0360ed33b0b4736859081c701f9a91&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=23 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 04 Dec 2023 23:11:55 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 73ed9a5e1e943a356accbb401e0e4108
Strict-Transport-Security: max-age=0; includeSubdomains
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1KnTJmGjoiXOULI8wG_j3lWOV9tQdcXlcdFri9v4cuiEjtHHyyY6QXbYIxuJONRuKyI04J0g&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-519995528%3A1701731513368123&theme=glif
173.194.73.84403 Forbidden 17 kB URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1KnTJmGjoiXOULI8wG_j3lWOV9tQdcXlcdFri9v4cuiEjtHHyyY6QXbYIxuJONRuKyI04J0g&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-519995528%3A1701731513368123&theme=glif
IP 173.194.73.84:443
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
File type gzip compressed data, max compression\012- data
Hash 43d865efeae81cab7fa00545c82f29c8
99b714fcb09ba7c09935f119aab9422adbff7283
89987b83f1a4967f9b6d0cd502839415c269d7bf6a0f64c266ebcb0f4ae1dd52
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp1KnTJmGjoiXOULI8wG_j3lWOV9tQdcXlcdFri9v4cuiEjtHHyyY6QXbYIxuJONRuKyI04J0g&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-519995528%3A1701731513368123&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 04 Dec 2023 23:11:53 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-7HwndyfOfVQHNU-eI3R1ew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
interbasevideopregnant.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRReu3s1%2F%2BkVY9eJBGJSFFWRSPT2TmXGRZeMaCcYk7q7k4qW6qmZSprqqreqenuQUXJA9yYgX9dT5JtmgLupeBUEmXkJAcDxIDubuWdizzGRg9EHVe1997%2FB979UnB%2FkFCZGz88137Z7Smi02qrRyY0sZYQtfWb9fCWmV3qxsKbNUv1npTy7Xez2kjSp9tfK25Dt2sUZDSkMaVlaUkx3bX5yyUOnjdlht02q9Vg0bdfTdf7HPA3gWQPQuyHNQYvy%2F7dMnUHwEk%2FxwR%2FqdzKavvZXkmmXWoSeO3zc7xhYGybzsuAAdczzrhvVjQr64AmuOZw5ge4cTB4jVmAR%2FhIjN8Uwm4t7RpdJYQxrE4v8oeiNIPYJiI3D7AEr8RgAusL4Bkzxat65gu5csm7BjsvD0b6hiTBb%2BfAEm%2BW5Zq37lntV5pqzx6HdKqP4IqjtCmp8g2wugihPw7GMo8StZfLoGkxxueG2hRDl1r9QIqjOClgMwHyCfHBUg7wTI0wCJOK%2BwRrtDabMTd6KoVeecRxHnjdaSaIio3upQ5Hwib4AsHYDrAbjbR%2Br2saMGcPnP8NslvAjgszEJ3ttHT5QoJEHhCQpGUCiCIiMoeuWR0L7my0dC%2BzwOZ7k2y1E5tFn3gB3ZrCsNAXODg%2FSCXJvMJnjl5QXsyPNKjdNoiUoRRTGN681oqdVo01bImzTstFk7hFcllL8ytbunxuT6R7eQqjF55vQaYnYCr0%2FA1XWw%2FCWwYtisUbDtYb1FsWe%2BD4W1wmdOsqTKbQJhS6TZArLd4EBfkBena1qtvgHJz26dfjmJr8BdidSV%2BFD9QtDVD4d3bUEO79rCkycbaaYStccmK7yXsUxe%2FeYduVtYJ1bv%2BMHXt%2FmEmJSP70ufrTEjlOl68u2yEkK6Feu4JD%2Bt%2Bi0Zb%2BZ%2Bezl3Jk%2FXNt9cWU1SJ71X1ozA1JiQT%2F8CV2Py7POfT7%2FnjaPbUG4El5dI8jMyCyg7Ak%2F34dO5fm8JnJ73xGmAIi%2BHrhbPH7Ui0HKOWVzC%2FwvH8%2FrAP0TXBWDZA5ikRM%2BV6OkSTA%2Fg86vDLHVnt36PpoFYB8NYu%2BAw1k5%2Fdjlcr84rjbAuW3GryYWIJRdhsxa1IkprQtSbbRm2kfmxNB%2F8%2BA8AAAD%2F%2FwEAAP%2F%2FNV5MX3YEAAA%3D
173.233.137.52200 OK 7 B URL GET HTTP/1.1 interbasevideopregnant.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRReu3s1%2F%2BkVY9eJBGJSFFWRSPT2TmXGRZeMaCcYk7q7k4qW6qmZSprqqreqenuQUXJA9yYgX9dT5JtmgLupeBUEmXkJAcDxIDubuWdizzGRg9EHVe1997%2FB979UnB%2FkFCZGz88137Z7Smi02qrRyY0sZYQtfWb9fCWmV3qxsKbNUv1npTy7Xez2kjSp9tfK25Dt2sUZDSkMaVlaUkx3bX5yyUOnjdlht02q9Vg0bdfTdf7HPA3gWQPQuyHNQYvy%2F7dMnUHwEk%2FxwR%2FqdzKavvZXkmmXWoSeO3zc7xhYGybzsuAAdczzrhvVjQr64AmuOZw5ge4cTB4jVmAR%2FhIjN8Uwm4t7RpdJYQxrE4v8oeiNIPYJiI3D7AEr8RgAusL4Bkzxat65gu5csm7BjsvD0b6hiTBb%2BfAEm%2BW5Zq37lntV5pqzx6HdKqP4IqjtCmp8g2wugihPw7GMo8StZfLoGkxxueG2hRDl1r9QIqjOClgMwHyCfHBUg7wTI0wCJOK%2BwRrtDabMTd6KoVeecRxHnjdaSaIio3upQ5Hwib4AsHYDrAbjbR%2Br2saMGcPnP8NslvAjgszEJ3ttHT5QoJEHhCQpGUCiCIiMoeuWR0L7my0dC%2BzwOZ7k2y1E5tFn3gB3ZrCsNAXODg%2FSCXJvMJnjl5QXsyPNKjdNoiUoRRTGN681oqdVo01bImzTstFk7hFcllL8ytbunxuT6R7eQqjF55vQaYnYCr0%2FA1XWw%2FCWwYtisUbDtYb1FsWe%2BD4W1wmdOsqTKbQJhS6TZArLd4EBfkBena1qtvgHJz26dfjmJr8BdidSV%2BFD9QtDVD4d3bUEO79rCkycbaaYStccmK7yXsUxe%2FeYduVtYJ1bv%2BMHXt%2FmEmJSP70ufrTEjlOl68u2yEkK6Feu4JD%2Bt%2Bi0Zb%2BZ%2Bezl3Jk%2FXNt9cWU1SJ71X1ozA1JiQT%2F8CV2Py7POfT7%2FnjaPbUG4El5dI8jMyCyg7Ak%2F34dO5fm8JnJ73xGmAIi%2BHrhbPH7Ui0HKOWVzC%2FwvH8%2FrAP0TXBWDZA5ikRM%2BV6OkSTA%2Fg86vDLHVnt36PpoFYB8NYu%2BAw1k5%2Fdjlcr84rjbAuW3GryYWIJRdhsxa1IkprQtSbbRm2kfmxNB%2F8%2BA8AAAD%2F%2FwEAAP%2F%2FNV5MX3YEAAA%3D
IP 173.233.137.52:443
Certificate IssuerLet's Encrypt
Subjectinterbasevideopregnant.com
Fingerprint05:CE:54:0F:E3:69:0F:FA:81:8B:E1:49:7E:A8:C7:B9:AD:FA:67:8F
ValidityTue, 28 Nov 2023 10:51:51 GMT - Mon, 26 Feb 2024 10:51:50 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRReu3s1%2F%2BkVY9eJBGJSFFWRSPT2TmXGRZeMaCcYk7q7k4qW6qmZSprqqreqenuQUXJA9yYgX9dT5JtmgLupeBUEmXkJAcDxIDubuWdizzGRg9EHVe1997%2FB979UnB%2FkFCZGz88137Z7Smi02qrRyY0sZYQtfWb9fCWmV3qxsKbNUv1npTy7Xez2kjSp9tfK25Dt2sUZDSkMaVlaUkx3bX5yyUOnjdlht02q9Vg0bdfTdf7HPA3gWQPQuyHNQYvy%2F7dMnUHwEk%2FxwR%2FqdzKavvZXkmmXWoSeO3zc7xhYGybzsuAAdczzrhvVjQr64AmuOZw5ge4cTB4jVmAR%2FhIjN8Uwm4t7RpdJYQxrE4v8oeiNIPYJiI3D7AEr8RgAusL4Bkzxat65gu5csm7BjsvD0b6hiTBb%2BfAEm%2BW5Zq37lntV5pqzx6HdKqP4IqjtCmp8g2wugihPw7GMo8StZfLoGkxxueG2hRDl1r9QIqjOClgMwHyCfHBUg7wTI0wCJOK%2BwRrtDabMTd6KoVeecRxHnjdaSaIio3upQ5Hwib4AsHYDrAbjbR%2Br2saMGcPnP8NslvAjgszEJ3ttHT5QoJEHhCQpGUCiCIiMoeuWR0L7my0dC%2BzwOZ7k2y1E5tFn3gB3ZrCsNAXODg%2FSCXJvMJnjl5QXsyPNKjdNoiUoRRTGN681oqdVo01bImzTstFk7hFcllL8ytbunxuT6R7eQqjF55vQaYnYCr0%2FA1XWw%2FCWwYtisUbDtYb1FsWe%2BD4W1wmdOsqTKbQJhS6TZArLd4EBfkBena1qtvgHJz26dfjmJr8BdidSV%2BFD9QtDVD4d3bUEO79rCkycbaaYStccmK7yXsUxe%2FeYduVtYJ1bv%2BMHXt%2FmEmJSP70ufrTEjlOl68u2yEkK6Feu4JD%2Bt%2Bi0Zb%2BZ%2Bezl3Jk%2FXNt9cWU1SJ71X1ozA1JiQT%2F8CV2Py7POfT7%2FnjaPbUG4El5dI8jMyCyg7Ak%2F34dO5fm8JnJ73xGmAIi%2BHrhbPH7Ui0HKOWVzC%2FwvH8%2FrAP0TXBWDZA5ikRM%2BV6OkSTA%2Fg86vDLHVnt36PpoFYB8NYu%2BAw1k5%2Fdjlcr84rjbAuW3GryYWIJRdhsxa1IkprQtSbbRm2kfmxNB%2F8%2BA8AAAD%2F%2FwEAAP%2F%2FNV5MX3YEAAA%3D HTTP/1.1
Host: interbasevideopregnant.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Cookie: u_pl=19079684; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 23:11:55 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d22542685d2a2e8fbea2a3d8b1a4b353
Strict-Transport-Security: max-age=0; includeSubdomains
interbasevideopregnant.com/pixel/sbs?c=1
192.243.61.227200 OK 0 B URL GET HTTP/1.1 interbasevideopregnant.com/pixel/sbs?c=1
IP 192.243.61.227:443
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectinterbasevideopregnant.com
Fingerprint05:CE:54:0F:E3:69:0F:FA:81:8B:E1:49:7E:A8:C7:B9:AD:FA:67:8F
ValidityTue, 28 Nov 2023 10:51:51 GMT - Mon, 26 Feb 2024 10:51:50 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: interbasevideopregnant.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Cookie: u_pl=19079684; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 23:11:56 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/css/style.css
172.64.109.10200 OK 9.2 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/css/style.css
IP 172.64.109.10:443
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type ASCII text, with very long lines (9771), with no line terminators
Hash 3bf44c419c27c2507bc1b009469c4482
b645016017cbba34b71497b76eb2a89ea7d54839
dca224015fb9353a013d68f8d9c8d5e028940fd9f0750e17b4dc66fb620dd64a
GET /sb/ssp/notifications/text_bubble/2/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:54 GMT
content-type: text/css
last-modified: Tue, 12 Jul 2022 11:09:04 GMT
etag: W/"62cd5650-23e9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 496645
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=07oSmbfuVe2e%2Fy%2FPe6eSrIaMPmytD5JhpjOcnJ%2Bj4MTwAPzJlYtz%2FgsN5lW000FIYqHAA3lDzuEFw57wL2eLrZeyvDkCNlTxQNbKzoXEhIHziLBJ3i7Bf5gmG1s0zS2T3ls2igTimQsL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb305e6b4089-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ipmathematical.org/popunder.gif
172.67.146.16200 OK 35 B URL GET HTTP/3 ipmathematical.org/popunder.gif
IP 172.67.146.16:443
Certificate IssuerGoogle Trust Services LLC
Subjectipmathematical.org
FingerprintD2:34:74:D1:16:55:F8:EF:87:87:38:64:00:6A:AA:9B:4C:F4:F1:CF
ValidityWed, 29 Nov 2023 06:02:08 GMT - Tue, 27 Feb 2024 06:02:07 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /popunder.gif HTTP/1.1
Host: ipmathematical.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 23:11:53 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 77229
last-modified: Mon, 04 Dec 2023 01:44:44 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SF9YahOtoZw7H60cBxTkuoMOFGbcozuY5BAEjir0En0FU9Z7DxwvqjSkx%2B51LbSQLrMvqALBpgo6hG2MrSXvRZEgBe9uwnR%2BHvfSV2XmM%2FYzB%2FkflVFd8AAZjAbytxJ2GtjPEpI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb29fc01b527-OSL
alt-svc: h3=":443"; ma=86400
i.doodcdn.co/theme_2/css/bootstrap.min.css
172.67.70.190200 OK 160 kB URL GET HTTP/2 i.doodcdn.co/theme_2/css/bootstrap.min.css
IP 172.67.70.190:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT
File type ASCII text, with very long lines (65324)
Size 160 kB (159515 bytes)
Hash 7cc40c199d128af6b01e74a28c5900b0
d305110fb79113a961394b433d851a3410342b8c
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6
GET /theme_2/css/bootstrap.min.css HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:51 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
cache-control: public, max-age=2592000
expires: Tue, 03 Dec 2024 05:27:25 GMT
vary: Accept-Encoding,User-Agent
access-control-allow-origin: *
cf-cache-status: HIT
age: 63070
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1NRrHCVHFvq%2F0XOX80Iq2OYoYGhLsOkIX2DV45wd6I7rfjRrDhmQ6XcxP9OVQ88QvUjXukSmCwsPxr%2Bj4KixuaqU%2FSCDw884XLR%2FEd5tZq1tcIa7IcWLhoCP8RMgag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307bb1ccd06b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
i.doodcdn.co/theme_2/fonts/avertastd-regular-webfont.woff2
172.67.70.190200 OK 24 kB URL GET HTTP/3 i.doodcdn.co/theme_2/fonts/avertastd-regular-webfont.woff2
IP 172.67.70.190:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 23812, version 1.524\012- data
Hash eb586e5a1b86dbf1c866e3ed80f9d18e
280ee78d19c017ab9335f769595e5157d3c4a343
714e70103deac0d67f52a6285c5fabee6088ce4d710ce7e74353503837038baf
GET /theme_2/fonts/avertastd-regular-webfont.woff2 HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://i.doodcdn.co/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 23:11:52 GMT
content-type: font/woff2
content-length: 23812
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
cache-control: max-age=2592000
expires: Tue, 02 Jan 2024 07:03:57 GMT
vary: User-Agent,Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 73129
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2O%2BHnuU97LCcDJSVlUKT%2BouZyz03GIQHvx70Knp6P8ZOrlFFMhYL%2BUIfzMZOWqGc9%2FfgfaCEd0wXwIPVxHaFm90ydaNxeHF4d%2FDfYkQbwJK18ucAaL4SVfCrToTOYw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307bb1efe25569d-OSL
alt-svc: h3=":443"; ma=86400
friendshipmale.com/sfp.js
172.64.172.31200 OK 86 kB URL GET HTTP/2 friendshipmale.com/sfp.js
IP 172.64.172.31:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:52 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 70683ea8abaea478ad7388b5f93cf96e
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Mon, 04 Dec 2023 23:11:52 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6%2FVxpNZBwEztMtVT6m30qsefTDkYzrgVaRDyrhHZdw0leg%2BimEC%2BdpOPuZHeGEBXkofc37C5mKRf2p7mojV9tFZ0tQHaLwozN7w7HcKrbyNN9tY6D51ivBy0G7LqCsk7Ty1q0hU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb22ca54414c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/au/29/79/b6/2979b6cd81afad6251e222515b2d8311/1663145782.html
45.133.44.4200 OK 1.8 kB URL GET HTTP/2 cdn.barscreative1.com/sb/au/29/79/b6/2979b6cd81afad6251e222515b2d8311/1663145782.html
IP 45.133.44.4:443
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectcdn.barscreative1.com
Fingerprint55:06:B7:F1:EF:E9:55:FB:7C:8C:4F:5D:DB:05:C9:15:19:90:9B:2F
ValiditySat, 11 Nov 2023 03:00:51 GMT - Fri, 09 Feb 2024 03:00:50 GMT
File type HTML document, ASCII text, with very long lines (1887), with no line terminators
Hash ad060cdf961dc780713500620212dfd2
00dff11f954cb93349d081333ba22779b5380de1
5975e0efdf299d5ab9695c6be88a67b29bd4e044aadc6af993f5102a3eb894f4
GET /sb/au/29/79/b6/2979b6cd81afad6251e222515b2d8311/1663145782.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:54 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Wed, 14 Sep 2022 08:56:26 GMT
etag: W/"6321973a-6ef"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Tue, 05 Dec 2023 00:11:54 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/js/script.js
172.64.109.10200 OK 892 B URL GET HTTP/2 cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/js/script.js
IP 172.64.109.10:443
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type ASCII text, with very long lines (959), with no line terminators
Hash 9d441b1ef0d4f07226844f2a75309fe0
588ed7e74f0c215a09e72131be39b930479dccf9
5df48723b4f69d2ecdd0de387d4233bf720e3c0cac669645d8a5ca6cb31e9bf8
GET /sb/ssp/notifications/text_bubble/2/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:55 GMT
content-type: application/javascript
last-modified: Tue, 12 Jul 2022 10:56:18 GMT
etag: W/"62cd5352-37c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 315715
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vSV%2BupsJ%2BtR5bikdIy4LUndx8zrQ2xANqTzaPU9iOXYwWFUOV7dk5pk6Wbmho3iaLVunWteWIQNGDX%2BIWUzRVOlD4I8lYW%2FaeDvJTXf7ne2o6keqIowqzVxjHfO4l3PHPgO2SMjsikGH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb321fd44089-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/img/close.png
172.64.109.10200 OK 6.0 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/img/close.png
IP 172.64.109.10:443
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Hash c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/ssp/notifications/text_bubble/2/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:54 GMT
content-type: image/png
content-length: 5982
last-modified: Tue, 12 Jul 2022 10:56:24 GMT
etag: "62cd5358-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 419613
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6juiT%2FSPoj20joxp7qHd4vmMsx%2B7I5RHGG%2FzIIImwedHIC96Eqe8GEUo06WVOeBvlybFdaS%2BnpDeFkeyCnVm0YoUWXj1pZEegOtB370z%2BsNHUXzng9TAStloTEvn7dL7RHZfbjVvIB39"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb308e7648ce-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
banquetunarmedgrater.com/advertisers.js
104.21.86.121200 OK 0 B URL GET HTTP/2 banquetunarmedgrater.com/advertisers.js
IP 104.21.86.121:443
Certificate IssuerGoogle Trust Services LLC
Subjectbanquetunarmedgrater.com
Fingerprint92:8E:AD:72:AC:AD:3B:21:99:CD:21:A0:9F:BD:F2:AF:0D:98:D8:57
ValidityThu, 09 Nov 2023 11:40:15 GMT - Wed, 07 Feb 2024 11:40:14 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:54 GMT
content-type: application/javascript
content-length: 0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=172800
x-request-id: cef19a76a142c1c45a1574e45278167a
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Mon, 04 Dec 2023 23:11:53 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VB83k0x4YcAn98PVlObefyIPWIwU533eRxdfUMnWMxjQ3vZUsTuwRkkEc7Dkonkonptv1u35ziQQAx2RnF4q1T8VpkTSMNS8EFBbeWTePOUpS4eVg6RR4MZwY86h5AvZ61LgVeSlYWBI9LQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb29f8d7b4fa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2OzE0s-rpmd2Ev3AvPYklThnxjrdH0hxBqWV2WwNRpOhC50mPfXqhadbi0DOqEK4gW5AOynw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-838037988%3A1701731513374880&theme=glif
173.194.73.84403 Forbidden 0 B URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2OzE0s-rpmd2Ev3AvPYklThnxjrdH0hxBqWV2WwNRpOhC50mPfXqhadbi0DOqEK4gW5AOynw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-838037988%3A1701731513374880&theme=glif
IP 173.194.73.84:443
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2OzE0s-rpmd2Ev3AvPYklThnxjrdH0hxBqWV2WwNRpOhC50mPfXqhadbi0DOqEK4gW5AOynw&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-838037988%3A1701731513374880&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 04 Dec 2023 23:11:53 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-3TnqmmIAcW6TE1M6o7_Ptw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/css/animate.css
172.64.109.10200 OK 79 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/css/animate.css
IP 172.64.109.10:443
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
Hash e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a
GET /sb/ssp/notifications/text_bubble/2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:54 GMT
content-type: text/css
last-modified: Tue, 12 Jul 2022 10:56:21 GMT
etag: W/"62cd5355-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 407058
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=86wVonqtWxVoxJ2OhqVcOT%2BhTvcD0p67W7VOFy%2Fk5TxJ%2F3Evfp4gn5luTjmIto6lOXGKuQO8l98STiXgCQQ4g0WMcaem6ts4sNl%2FLTTRffRM66uZ4nkQhXfSiQ1MwOQHlgio%2Bm6tu%2BNy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb306e6f4089-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:443
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:57:34 GMT
expires: Fri, 29 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 411261
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ds2play.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
172.67.70.18200 OK 7.4 kB URL GET HTTP/3 ds2play.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
IP 172.67.70.18:443
Certificate IssuerGoogle Trust Services LLC
Subjectds2play.com
Fingerprint01:70:30:C0:4B:E8:2F:96:93:F4:0F:7C:31:5C:D0:AE:09:D6:0F:AC
ValidityThu, 30 Nov 2023 11:08:38 GMT - Wed, 28 Feb 2024 11:08:37 GMT
File type ASCII text, with very long lines (7422), with no line terminators
Hash 6483b908cb544686cf08488574021ece
76cfdfa1e129bf6a5ac64c8e72e8a7bfc3d8e41b
3f2a1e2bb234af1dc5f6c40a840ccef01ad8d6338eed58d8ea6d0ab1e699c738
GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js HTTP/1.1
Host: ds2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: lang=1; ppu_show_on_06e2eefbde702208a7324b7b8f526df8=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 04 Dec 2023 23:11:52 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding
cache-control: max-age=14400, public
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qHfC8DkJZFdsL0EGA1CuZEv5OTcKEdO6tmKqbCQ7e131tt7RkEX8KGXyjtf5mfQtOY4ZyENhnDP5jmPcxqWWG480nuGjLrgpepOiOdb15L3evwx%2FN7QHo5gnmJZQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307bb22db29b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/img/number.png
172.64.109.10200 OK 1.1 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/img/number.png
IP 172.64.109.10:443
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type PNG image data, 43 x 43, 8-bit/color RGBA, non-interlaced\012- data
Hash 9e4414e85c588bf7db195e49c02ab2bb
09254e79b255f1b2dfe45adbbe44583a4b433782
0b977ec6e7cf5d35df03cd3a8041f5f523f5d4059ac67c152c0a7b613e20b762
GET /sb/ssp/notifications/text_bubble/2/img/number.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:54 GMT
content-type: image/png
content-length: 1138
last-modified: Tue, 12 Jul 2022 10:56:23 GMT
etag: "62cd5357-472"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2049006
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iB0BDGCg%2BaDQD4xD40%2FixzHlRZ5JUM3B3dw%2B6DDLnthqT0KG4PNAI0FJqW1baAut7kwhIkdi3x7iNlARlzW7vaSV%2F0xsQNBablRJhUBODJe5jhILMw4sh4tCKLm3RsgDhBkFVKJgQRgJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb309e7848ce-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.42200 OK 6.8 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.42:443
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT
File type ASCII text, with very long lines (7013), with no line terminators
Hash 49475c425d6c00477bb339179326c49b
bd97deeb753f44f43a21feafa92d98239fa511bd
598841a98ad357d2896d2f093ea3e4e1d44e24b3351268ffd45e61ff8c1d0e09
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 04 Dec 2023 23:11:54 GMT
date: Mon, 04 Dec 2023 23:11:54 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/js/jquery.min.js
172.64.109.10200 OK 90 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/js/jquery.min.js
IP 172.64.109.10:443
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT
File type ASCII text, with very long lines (65451)
Hash 561acb3e541133bbdd2c0c19f8ee35a1
ffd1353cf3f77d25f801c84d8208613eb0d3d548
9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc
GET /sb/ssp/notifications/text_bubble/2/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:54 GMT
content-type: application/javascript
last-modified: Tue, 12 Jul 2022 10:56:19 GMT
etag: W/"62cd5353-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 418801
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OKf83rwu22DS1zgr4up8dYUfRATuLIdVmJMo7nvaPCc%2BsVQunNCmmTFkBg4HOpjYjgtpTLV8aTDGlIvb8pXKA1%2BDqYF4lGKw2X1%2BziO1doTU0e%2FtW0i1TWuavNje6WB%2B1WeqtaohzeZw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb308e7348ce-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ds2play.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
172.67.70.18302 Found 7.4 kB URL GET HTTP/3 ds2play.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP 172.67.70.18:443
Certificate IssuerGoogle Trust Services LLC
Subjectds2play.com
Fingerprint01:70:30:C0:4B:E8:2F:96:93:F4:0F:7C:31:5C:D0:AE:09:D6:0F:AC
ValidityThu, 30 Nov 2023 11:08:38 GMT - Wed, 28 Feb 2024 11:08:37 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: ds2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: lang=1; ppu_show_on_06e2eefbde702208a7324b7b8f526df8=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
date: Mon, 04 Dec 2023 23:11:52 GMT
cache-control: max-age=300, public
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
vary: accept-encoding
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kB6uB4t94sk%2BUQvXKJY5wZBHfIb4XN9FMdBaCLGYSLQoUayvOsiyg426rza014YIwbqWs5TLESt6g4hiB%2BV3hWjLTDts3ITOTZgLXCSruBXF9OU6kKUK5sjEHKRh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307bb22bb18b505-OSL
alt-svc: h3=":443"; ma=86400
friendshipmale.com/sfp.js
172.64.172.31200 OK 86 kB URL GET HTTP/2 friendshipmale.com/sfp.js
IP 172.64.172.31:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 04 Dec 2023 23:11:52 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: f4285d808fe749ffeee911b5b2588470
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Mon, 04 Dec 2023 23:11:52 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gx8XeDh5XFnCYhs76QrxTS3LzEcwyJ8R%2FIQumv9%2BK2GG3JSOEWnmuOqN8AoU7HduF6%2F%2FsHHbO6DHpYWcwXHtSlXEbL%2FUTotX%2Ba8vQDIPBvP70lYCAj5TXsNACMNQ3QWXRqbUVoQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307bb22ba38414c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2