Report - ds2play.com/f/rep3be40o9

Report Overview

Visited public
2023-12-03 13:49:24
Tags
URL
ds2play.com/f/rep3be40o9
Finishing URL
ds2play.com/f/rep3be40o9
IP / ASN
104.26.9.170
#13335 CLOUDFLARENET
Title
Video not found | DoodStream

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
worstideatum.com	unknown	2023-07-20	2023-07-20 12:56:13	2023-11-30 01:08:14	416 B	1.4 kB	23.109.170.57
d1f05vr3sjsuy7.cloudfront.net	unknown	2008-04-25	2020-12-01 21:06:31	2023-11-27 13:31:43	1.8 kB	100 kB	54.230.241.212
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-03 06:08:10	430 B	7.5 kB	142.250.74.106
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12 17:15:41	2023-12-03 05:12:09	454 B	90 kB	45.133.44.10
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-12-03 05:09:13	439 B	29 kB	104.17.24.14
papmeatidigbo.com	unknown	2023-10-22	2023-10-22 13:37:00	2023-11-20 00:22:51	417 B	1.5 kB	23.109.150.154
orgotitedu.info	unknown	2023-10-04	2023-10-12 13:53:54	2023-12-01 10:49:42	1.5 kB	2.6 kB	52.85.242.35
lingrethertantin.com	unknown	2023-11-07	2023-12-01 15:42:27	2023-12-02 19:45:55	3.2 kB	6.7 kB	18.173.5.50
cdn.barscreative1.com	25648	2021-09-08	2021-09-16 13:14:42	2023-12-03 05:12:51	494 B	2.2 kB	45.133.44.3
i.doodcdn.co	unknown	2022-04-23	2022-05-04 16:24:43	2023-12-02 22:53:46	2.4 kB	422 kB	104.26.7.74
forfeitsubscribe.com	unknown	2023-05-31	2023-05-31 21:31:25	2023-12-02 05:07:12	894 B	32 kB	173.233.137.44
proftrafficcounter.com	unknown	2023-11-16	2023-11-21 09:55:14	2023-12-03 05:12:08	870 B	836 B	18.157.203.0
banquetunarmedgrater.com	unknown	2022-08-04	2022-08-04 17:12:50	2023-12-03 05:12:09	421 B	839 B	172.67.219.12
vintageperk.com	unknown	unknown	No data	No data	4.8 kB	7.3 kB	192.243.59.20
unseenreport.com	unknown	2022-03-30	2022-03-30 16:33:17	2023-12-03 05:12:51	1.5 kB	847 B	192.243.59.12
pogothere.xyz	unknown	2022-08-22	2022-09-04 21:11:25	2023-12-02 21:42:02	1.7 kB	301 kB	188.114.96.1
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15 17:46:22	2023-12-02 12:14:56	3.3 kB	77 kB	172.64.108.10
ldrenandthe.org	unknown	2023-11-07	2023-11-29 08:03:40	2023-12-02 13:22:00	2.2 kB	2.3 kB	104.21.20.207
accounts.google.com	81	1997-09-15	2016-03-20 13:44:49	2023-12-03 08:32:19	3.7 kB	11 kB	142.250.150.84
ds2play.com	unknown	2023-08-04	2023-08-04 14:22:19	2023-12-03 05:32:02	2.8 kB	29 kB	172.67.70.18
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-03 05:48:43	528 B	17 kB	216.58.207.227
friendshipmale.com	unknown	2022-10-21	2022-10-21 14:15:25	2023-12-02 19:44:00	818 B	173 kB	104.21.234.33

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-03	medium	vintageperk.com	Sinkholed
2023-12-03	medium	unseenreport.com	Sinkholed
2023-12-03	medium	vintageperk.com	Sinkholed
2023-12-03	medium	vintageperk.com	Sinkholed
2023-12-03	medium	unseenreport.com	Sinkholed
2023-12-03	medium	vintageperk.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (13)

	URL	From	Size	First Seen	Last Seen
	cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/js/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-04-30
Pretty URL cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/js/jquery.min.js IP 172.64.108.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:04 Last Seen2025-04-30 20:35 Times Seen2281 Hash 561acb3e541133bbdd2c0c19f8ee35a1 ffd1353cf3f77d25f801c84d8208613eb0d3d548 9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc Loading...

	forfeitsubscribe.com/06/e2/ee/06e2eefbde702208a7324b7b8f526df8.js	ScriptElement	41 kB	2023-12-03	2023-12-03
Pretty URL forfeitsubscribe.com/06/e2/ee/06e2eefbde702208a7324b7b8f526df8.js IP 173.233.137.44 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 14:49 Last Seen2023-12-03 14:49 Times Seen1 Hash 952a6059a6b4aac217f59f7c40a00542 3e7ac622f3d75ef74b70fba56a90242490686792 79ec42bd7c1ee55b533d49fbe2de0f31802561f19341c6c6a26c20b1c74a1ea0 Loading...

	forfeitsubscribe.com/2c/03/60/2c0360ed33b0b4736859081c701f9a91.js	ScriptElement	38 kB	2023-12-03	2023-12-03
Pretty URL forfeitsubscribe.com/2c/03/60/2c0360ed33b0b4736859081c701f9a91.js IP 173.233.137.44 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 14:49 Last Seen2023-12-03 14:49 Times Seen1 Hash aab17911e8a129caa240cf0fbd7c6f24 aec6725256005fbbd9e13ce2a59bdfc90504b448 9db4bdde79be22b9411b47ffcafe1dea584cc5e7ff244eadc270c7cdb298a5ae Loading...

	friendshipmale.com/sfp.js	ScriptElement	86 kB	2023-11-23	2024-08-20
Pretty URL friendshipmale.com/sfp.js IP 104.21.234.33 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 18:35 Last Seen2024-08-20 18:08 Times Seen6307 Hash 924e967bca1d599992556a8d139b1c5a 222b09dbf164ddc03d39100fd0524a22018d28b2 ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95 Loading...

	ds2play.com/f/rep3be40o9	ScriptElement	1.1 kB	2024-08-20	2024-08-20
Pretty URL ds2play.com/f/rep3be40o9 IP 172.67.70.18 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:56 Last Seen2024-08-20 16:56 Times Seen1 Hash d6e0ddaad114b7d9b1d2dd1b92dbcb1e e4d770a7e64a66252174fc3a2138dd2e8cde4eb7 9788a6affe4fc59a6b379d5ef2ba5304971306000c14d7a4d8b42769aab5b465 Loading...

	papmeatidigbo.com/gHzOaAdOhbZ/71405	ScriptElement	6 B	2023-03-07	2025-05-02
Pretty URL papmeatidigbo.com/gHzOaAdOhbZ/71405 IP 23.109.150.154 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-05-02 03:06 Times Seen8055 Hash 4fc71bf68a1d477bd1523733e34d1e90 15119105cffbe108b6cf290146ab02c9aa8517ba 74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce Loading...

	unknown	ScriptElement	1.2 kB	2023-12-03	2024-10-06
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 14:49 Last Seen2024-10-06 09:21 Times Seen4 Hash 9da5b36215c86c55e6311e6a3e28eb3d 13004fa36d6534c5142c1c91a3e27fa62855b931 45d80a4be9a4d981e6e8d602f37c886a75bdcf12d0d00b5828b95bee742335b3 Loading...

	worstideatum.com/reA3n475k3U/70849	ScriptElement	0 B	0001-01-01	2025-05-02
Pretty URL worstideatum.com/reA3n475k3U/70849 IP 23.109.170.57 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-05-02 03:18 Times Seen4593563 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	ScriptElement	247 B	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 16:56 Last Seen2024-08-20 16:56 Times Seen1 Hash 3da0bc7c0540f04c6f49e6b1af4cdd3d 9ab0b7491a24cf601a4b3328ffe4705eb94eb342 09547d66b5103364ed20f8e88276c368b9d09506f437210be64c94f130cdbd7f Loading...

	ds2play.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	ScriptElement	7.4 kB	2023-12-03	2023-12-03
Pretty URL ds2play.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 172.67.70.18 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 14:49 Last Seen2023-12-03 15:10 Times Seen2 Hash 50088d0ff49e76a63d8b6d77b6e14593 3c08b6e6264c5539c54d93f71cc822b436c896fa bd9c83f32fa37f59c349f56a629e49d93da3e790ded7d8af7d8e350437fcbdf7 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js	ScriptElement	88 kB	2023-03-07	2025-05-02
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-02 02:43 Times Seen67482 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	d1f05vr3sjsuy7.cloudfront.net/?srvfd=908056	ScriptElement	299 kB	2023-12-03	2023-12-03
Pretty URL d1f05vr3sjsuy7.cloudfront.net/?srvfd=908056 IP 54.230.241.212 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 14:49 Last Seen2023-12-03 14:49 Times Seen1 Hash 0c620b228535d9a680b03266bdb0537f 5207f0b174787952c613384729cf72b9697de225 507cd60eae262ec05bd4d67f972feb7efd81b7cf823215820af3062a5d950b41 Loading...

		Size	First Seen	Last Seen
	#1 Write - 02ba6838b377d25179d3b48302aa0246	4.4 kB	2024-08-20 16:56	2024-08-20 16:56
Pretty Observations First Seen2024-08-20 16:56 Last Seen2024-08-20 16:56 Times Seen1 Hash 02ba6838b377d25179d3b48302aa0246 bd65d2ed53e48ac4b11835398a07c00d1394ab25 c48fe9f0c3fcf1a42c9fe314a33ae634500656f584de8f9248ad7ac3d6d5eb76 Loading...

HTTP Transactions (60)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js

104.17.24.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65451)
Size
28 kB (27748 bytes)
Hash
220afd743d9e9643852e31a135a9f3ae
88523924351bac0b5d560fe0c5781e2556e7693d
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

HTTP Headers

GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 13:49:05 GMT
content-type: application/javascript; charset=utf-8
content-length: 27748
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15851"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 216286
expires: Fri, 22 Nov 2024 13:49:05 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SINYzRyPyvILcYF3ivPvhRxK%2FEUMIgBVgZ0qZeO%2BEGt%2FRrUeLTWaMhTqO9Vg6xWtnBjYW7TKekkuUI89GqtadoMJ2O3rYAo2nSk8JrsVYkJMVZslB4qTP6p4X9iz4CNDL32M8k6Y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 82fc455ed86e70db-ARN
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

i.doodcdn.co/img/no_video_3.svg

104.26.7.74

200 OK

2.8 kB

URL GET HTTP/2
i.doodcdn.co/img/no_video_3.svg
IP
104.26.7.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (2789)
Size
2.8 kB (2812 bytes)
Hash
077bfdaa49ae4877a42611b739ec4752
a2f9e1222b7af9abc05122411ab8902efcc08ead
70d6a17097a8c27edfaad6740e11359d9363f3f04bff1b93483e29c25609fa6c

HTTP Headers

GET /img/no_video_3.svg HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 13:49:05 GMT
content-type: image/svg+xml
content-length: 2812
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
etag: "61d3187c-afc"
expires: Mon, 01 Jan 2024 00:18:40 GMT
cache-control: public, max-age=2592000, no-transform
access-control-allow-origin: *
cf-cache-status: HIT
age: 42894
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=63zzuqJ7ef34BcRsWss1ja%2F9Ps%2FAMSRdGMFfdMVAzT2trL7sTEaTqu%2BdI9S7mwMYPF8ufXZvXk1vrW0jUwgK0nYbiR7hPXZQ8yGkx%2B5wxueQw4Gh6shvwDr6TEHLdA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc455f8bbb10b1-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

worstideatum.com/reA3n475k3U/70849

23.109.170.57

200 OK

20 B

URL GET HTTP/1.1
worstideatum.com/reA3n475k3U/70849
IP
23.109.170.57:443
ASN
#7979 SERVERS-COM

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerLet's Encrypt
Subjectworstideatum.com
Fingerprint56:54:A5:6C:79:64:02:44:9A:17:E2:08:6E:8F:36:A8:14:F4:83:BE
ValidityWed, 27 Sep 2023 23:17:51 GMT - Tue, 26 Dec 2023 23:17:50 GMT

File type
gzip compressed data, from Unix\012- data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /reA3n475k3U/70849 HTTP/1.1
Host: worstideatum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 Dec 2023 13:49:05 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ds2play.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWXVBJ%2BEAHqFVQXz0Za%2FgIyntH6wL7aZU0NtLTPRtMvlNJgiCqLpFuGYp4k9R414NvJGs5fKhfmRNUz8JRkPfvvTtc8MFa3Gll86LfiKf4LDMwvnOrwmOIxlyWnbSKipwt6u%2F5mzsZhKkvRNGFUjnXUwF8t7ZbSFXxUiMmAn5STsa7NcuxId1iDmr96zNnkOGyC5VXF4jf9NG7cvyiIizsswC3Fwm4Qfr5k6rLEQ6OqEI4SsOUngarftGrmg5e3sB7KS6f%2F97HG%2BcIVO0aklIrX8n9wNBjE5s; expires=Mon, 04-Dec-2023 13:49:05 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Mon, 04-Dec-2023 13:49:05 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

papmeatidigbo.com/gHzOaAdOhbZ/71405

23.109.150.154

200 OK

26 B

URL GET HTTP/1.1
papmeatidigbo.com/gHzOaAdOhbZ/71405
IP
23.109.150.154:443
ASN
#7979 SERVERS-COM

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerLet's Encrypt
Subjectpapmeatidigbo.com
Fingerprint9F:26:AD:B7:6D:9C:CB:94:FC:07:D1:33:2D:1D:BA:1B:27:E9:4F:D1
ValiditySun, 22 Oct 2023 10:35:36 GMT - Sat, 20 Jan 2024 10:35:35 GMT

File type
ASCII text, with no line terminators
Size
26 B (26 bytes)
Hash
4fc71bf68a1d477bd1523733e34d1e90
15119105cffbe108b6cf290146ab02c9aa8517ba
74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce

HTTP Headers

GET /gHzOaAdOhbZ/71405 HTTP/1.1
Host: papmeatidigbo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 03 Dec 2023 13:49:05 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ds2play.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWXVBJ%2BEAHqFVQXz0Za%2FgIyntH6wL7aZU0NtLTPRtMvlNJgiCqLpFuGYp4k9R414NvJGs5fKhfmRNUz8JRkPfvvTtc8MFa3Gll86LfiKf4LDMwvnOrwmOIxlyWnbSKipwt6u%2F5mzsZhKkvRNGFUjnXUwF8t7ZbSFXxUiMmAn5STsa7NcuxId1iDmr96zNnkOGyC5VXF4jf9NG7cvyiIizsswC3Fwm4Qfr5k6rLEQ6OqEI4SsOUngarftGrmg5e3sB7KS6f%2F97HG%2BcIVO0aklIrX8n9wNBjE5s; expires=Mon, 04-Dec-2023 13:49:05 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Mon, 04-Dec-2023 13:49:05 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

d1f05vr3sjsuy7.cloudfront.net/?srvfd=908056

54.230.241.212

200 OK

97 kB

URL GET HTTP/2
d1f05vr3sjsuy7.cloudfront.net/?srvfd=908056
IP
54.230.241.212:443
ASN
#16509 AMAZON-02

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (15945)
Size
97 kB (97248 bytes)
Hash
0c620b228535d9a680b03266bdb0537f
5207f0b174787952c613384729cf72b9697de225
507cd60eae262ec05bd4d67f972feb7efd81b7cf823215820af3062a5d950b41

HTTP Headers

GET /?srvfd=908056 HTTP/1.1
Host: d1f05vr3sjsuy7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 97248
date: Sun, 03 Dec 2023 13:49:06 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -9lNO1M7zv3ZcOjthTTdVLB120Kdp8JBWMSODaZPGLykPYiLRdvWnw==
X-Firefox-Spdy: h2

i.doodcdn.co/theme_2/fonts/avertastd-black-webfont.woff2

104.26.7.74

200 OK

23 kB

URL GET HTTP/3
i.doodcdn.co/theme_2/fonts/avertastd-black-webfont.woff2
IP
104.26.7.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 22820, version 1.0\012- data
Size
23 kB (22820 bytes)
Hash
1e976387cb594982692bdbdffde86f91
9546836a7d80c17d85cdd37a9553852f00af031b
4dc982a61a00481f4c9545f9f2da64098428b4aec96838de3c194fa82373ce1d

HTTP Headers

GET /theme_2/fonts/avertastd-black-webfont.woff2 HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://i.doodcdn.co/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 13:49:06 GMT
content-type: font/woff2
content-length: 22820
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
cache-control: max-age=2592000
expires: Sat, 30 Dec 2023 05:24:06 GMT
vary: User-Agent,Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 39460
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HRZ05eR5tCR2UDVjHdYYnQVx%2BM22S8S6TXXJ58W8VSNTm4qN3hHP8IYu2KFG8dO9OPlLuYhzgj%2FYqJF202TtNEafU67w85KRbJD5y6n0VwX9b1LS6ORHdUu1RjlUxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc4561d9dbbe3d-CPH
alt-svc: h3=":443"; ma=86400

i.doodcdn.co/theme_2/fonts/avertastd-regular-webfont.woff2

104.26.7.74

200 OK

24 kB

URL GET HTTP/3
i.doodcdn.co/theme_2/fonts/avertastd-regular-webfont.woff2
IP
104.26.7.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23812, version 1.524\012- data
Size
24 kB (23812 bytes)
Hash
eb586e5a1b86dbf1c866e3ed80f9d18e
280ee78d19c017ab9335f769595e5157d3c4a343
714e70103deac0d67f52a6285c5fabee6088ce4d710ce7e74353503837038baf

HTTP Headers

GET /theme_2/fonts/avertastd-regular-webfont.woff2 HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://i.doodcdn.co/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 13:49:06 GMT
content-type: font/woff2
content-length: 23812
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
cache-control: max-age=2592000
expires: Mon, 01 Jan 2024 07:01:07 GMT
vary: User-Agent,Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 30786
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XANTt6t6dgSAZxFOm1T1aHYZ0OtAj8Yrz9JdtVueGSpiGztld6Pslg1JM8WqH9CLbhhbVTzXI4f0ubuqYUL4DkTmYBrUIHYidgnF9W%2BpIXaOLOFcQDhYQPYlkJVVrw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc4561d9dfbe3d-CPH
alt-svc: h3=":443"; ma=86400

forfeitsubscribe.com/2c/03/60/2c0360ed33b0b4736859081c701f9a91.js

173.233.137.44

200 OK

14 kB

URL GET HTTP/1.1
forfeitsubscribe.com/2c/03/60/2c0360ed33b0b4736859081c701f9a91.js
IP
173.233.137.44:443
ASN
#7979 SERVERS-COM

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerLet's Encrypt
Subjectforfeitsubscribe.com
Fingerprint82:B2:D8:34:F6:E3:2B:C7:7B:42:8E:0F:C8:FB:E1:E9:FC:49:04:1B
ValidityTue, 28 Nov 2023 06:52:30 GMT - Mon, 26 Feb 2024 06:52:29 GMT

File type
ASCII text, with very long lines (37748), with no line terminators
Size
14 kB (13563 bytes)
Hash
aab17911e8a129caa240cf0fbd7c6f24
aec6725256005fbbd9e13ce2a59bdfc90504b448
9db4bdde79be22b9411b47ffcafe1dea584cc5e7ff244eadc270c7cdb298a5ae

HTTP Headers

GET /2c/03/60/2c0360ed33b0b4736859081c701f9a91.js HTTP/1.1
Host: forfeitsubscribe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 13:49:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 30e450c0631a87d88ca2f256d4f567dd
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

forfeitsubscribe.com/06/e2/ee/06e2eefbde702208a7324b7b8f526df8.js

173.233.137.44

200 OK

17 kB

URL GET HTTP/1.1
forfeitsubscribe.com/06/e2/ee/06e2eefbde702208a7324b7b8f526df8.js
IP
173.233.137.44:443
ASN
#7979 SERVERS-COM

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerLet's Encrypt
Subjectforfeitsubscribe.com
Fingerprint82:B2:D8:34:F6:E3:2B:C7:7B:42:8E:0F:C8:FB:E1:E9:FC:49:04:1B
ValidityTue, 28 Nov 2023 06:52:30 GMT - Mon, 26 Feb 2024 06:52:29 GMT

File type
ASCII text, with very long lines (40863), with no line terminators
Size
17 kB (16608 bytes)
Hash
952a6059a6b4aac217f59f7c40a00542
3e7ac622f3d75ef74b70fba56a90242490686792
79ec42bd7c1ee55b533d49fbe2de0f31802561f19341c6c6a26c20b1c74a1ea0

HTTP Headers

GET /06/e2/ee/06e2eefbde702208a7324b7b8f526df8.js HTTP/1.1
Host: forfeitsubscribe.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 03 Dec 2023 13:49:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 51f06f3ce5ea6663fbacbc48ae135a1f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

proftrafficcounter.com/stats

18.157.203.0

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.157.203.0:443
ASN
#16509 AMAZON-02

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
8a1cb7d43abe4109cb38e3a636d001d5
34f8c89a2d4079cb76a047241f42dffa959dcec8
0bfa44aa997f1fe9e07e3c4e79f90fc3884f87e38efd11fe46db75b7c77aab4b

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 13:49:06 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://ds2play.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=c5e57ea6-df15-4ac1-a142-9bfcc301d32b:1:1; expires=Wed, 30 Nov 2033 13:49:06 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

18.157.203.0

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.157.203.0:443
ASN
#16509 AMAZON-02

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
d65fe7774162b87c708d950bcfd1ebb7
dfa87500053132208f32aef7d7c1e95516a48dcd
0715320974d3df19ab705ee05e8d8ca93e130b78262c731ebcd0fecdd0bfef45

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 13:49:06 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://ds2play.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=5028bdbd-77cd-41de-b964-31c4e600546c:1:1; expires=Wed, 30 Nov 2033 13:49:06 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

lingrethertantin.com/S1piQ3YqOAEuSSpnAGUDOTZfZkQNf1AFEno8UnYAOWkRKQU+I1VtFSc1FycQOTUMN1glPxZmRA05BhQkOBcqICEILSgUJQofLAA3ehUwFSAuGDd6Ig8yWyUxGgw4CQEaLTAXMyo+UgoVGjIKCDN7MjcQGjwNJTQ4GRwKChQJaycBIxkLIwcReh43OzcoAho7Pw0YDiY+IwsyC0cgHCRzPxEPNywvCCI4GTEzMSQQJwIiMwYGKBw3FTAfGBYZMRkfLgRGBQkwcicICCQJPh0cUgIhHgwgG0UBCTByJykNMC8yHh8JBzgdGDUbMyMYMxYwLTkOCT4dGE92MR4xOy8uGhghFEcZHCQWIA0bFS8iAxgSAS4lACQRIB05IwYsDQw3KDUZIi8NPicPMAQeMxAjKTAODCQoExlrLxEjGh9EKQUkNBJ+PX8dUhYADG8L

18.173.5.50

200 OK

1.2 kB

URL GET HTTP/2
lingrethertantin.com/S1piQ3YqOAEuSSpnAGUDOTZfZkQNf1AFEno8UnYAOWkRKQU+I1VtFSc1FycQOTUMN1glPxZmRA05BhQkOBcqICEILSgUJQofLAA3ehUwFSAuGDd6Ig8yWyUxGgw4CQEaLTAXMyo+UgoVGjIKCDN7MjcQGjwNJTQ4GRwKChQJaycBIxkLIwcReh43OzcoAho7Pw0YDiY+IwsyC0cgHCRzPxEPNywvCCI4GTEzMSQQJwIiMwYGKBw3FTAfGBYZMRkfLgRGBQkwcicICCQJPh0cUgIhHgwgG0UBCTByJykNMC8yHh8JBzgdGDUbMyMYMxYwLTkOCT4dGE92MR4xOy8uGhghFEcZHCQWIA0bFS8iAxgSAS4lACQRIB05IwYsDQw3KDUZIi8NPicPMAQeMxAjKTAODCQoExlrLxEjGh9EKQUkNBJ+PX8dUhYADG8L
IP
18.173.5.50:443
ASN
#0

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerAmazon
Subjectlingrethertantin.com
Fingerprint05:43:5F:62:44:4A:F8:16:0D:0E:1F:DC:05:AA:39:FF:6E:4C:56:B8
ValidityMon, 27 Nov 2023 00:00:00 GMT - Wed, 25 Dec 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3035), with no line terminators
Size
1.2 kB (1183 bytes)
Hash
48f2eff150a0bba9066d88465367dc04
f4ddf1edf15c5d3b0e031df03e02465dfd3d3741
a401df8fee871b67a36273407670f278442ab96eda70467e2028f3bffd3cca29

HTTP Headers

GET /S1piQ3YqOAEuSSpnAGUDOTZfZkQNf1AFEno8UnYAOWkRKQU+I1VtFSc1FycQOTUMN1glPxZmRA05BhQkOBcqICEILSgUJQofLAA3ehUwFSAuGDd6Ig8yWyUxGgw4CQEaLTAXMyo+UgoVGjIKCDN7MjcQGjwNJTQ4GRwKChQJaycBIxkLIwcReh43OzcoAho7Pw0YDiY+IwsyC0cgHCRzPxEPNywvCCI4GTEzMSQQJwIiMwYGKBw3FTAfGBYZMRkfLgRGBQkwcicICCQJPh0cUgIhHgwgG0UBCTByJykNMC8yHh8JBzgdGDUbMyMYMxYwLTkOCT4dGE92MR4xOy8uGhghFEcZHCQWIA0bFS8iAxgSAS4lACQRIB05IwYsDQw3KDUZIi8NPicPMAQeMxAjKTAODCQoExlrLxEjGh9EKQUkNBJ+PX8dUhYADG8L HTTP/1.1
Host: lingrethertantin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-length: 1183
date: Sun, 03 Dec 2023 13:49:06 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 ba68a20197ebf6eb14b1a1482b52e0d2.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-P1
x-amz-cf-id: EVzrxEu7RWluWihZNeSA5_SV70Tx15SGOkS1DekV915XHtau6M5Cfw==
X-Firefox-Spdy: h2

ldrenandthe.org/TldaMnNhaDlBTgMAa3AQGxoTaisEHj5FHxg0H3gJDwFrAiEWAnxGGipqYwVHfGNpFAMnM2cDS2gkLlMHOyRnA1UnOTxdTmghZwNdfnloHEdoImcDVTonO1VOf3EqRgciamsFQ39hawNAe2ZtBEo

104.21.20.207

204 No Content

0 B

URL GET HTTP/2
ldrenandthe.org/TldaMnNhaDlBTgMAa3AQGxoTaisEHj5FHxg0H3gJDwFrAiEWAnxGGipqYwVHfGNpFAMnM2cDS2gkLlMHOyRnA1UnOTxdTmghZwNdfnloHEdoImcDVTonO1VOf3EqRgciamsFQ39hawNAe2ZtBEo
IP
104.21.20.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerGoogle Trust Services LLC
Subjectldrenandthe.org
FingerprintB1:E1:DF:C0:4E:E7:2F:9B:70:DF:D1:CA:75:2B:47:98:1B:CC:5F:BB
ValidityWed, 29 Nov 2023 06:03:19 GMT - Tue, 27 Feb 2024 06:03:18 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /TldaMnNhaDlBTgMAa3AQGxoTaisEHj5FHxg0H3gJDwFrAiEWAnxGGipqYwVHfGNpFAMnM2cDS2gkLlMHOyRnA1UnOTxdTmghZwNdfnloHEdoImcDVTonO1VOf3EqRgciamsFQ39hawNAe2ZtBEo HTTP/1.1
Host: ldrenandthe.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Sun, 03 Dec 2023 13:49:06 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8YHKuezhX91njdrcRthgrNy2ITBnNUUyjitWGKRSTdQjC0SYS76QZaqassTkuc6I6trYo55mBeK7VuZ4hUt0SGhMNDuG9Ag6%2FZo%2FtIwbCSMuy35%2BMq%2BH4nzazTlRdLOQY5Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc4563dab1d967-HEL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ldrenandthe.org/TmI3aURhXVQaeRoMUwAVGzAOOCgAVlMxLAY0fzt3KgllPCEGNxEdLSpfDll8flcBTzQnBgpYYj0WVh0xPV8GTy0gBFhUYjhfBkd3ekwEXWp+REJUdWgWRwgjc1MRGTA6DgpYc35TAVh1fVcGXnF7

104.21.20.207

204 No Content

0 B

URL GET HTTP/2
ldrenandthe.org/TmI3aURhXVQaeRoMUwAVGzAOOCgAVlMxLAY0fzt3KgllPCEGNxEdLSpfDll8flcBTzQnBgpYYj0WVh0xPV8GTy0gBFhUYjhfBkd3ekwEXWp+REJUdWgWRwgjc1MRGTA6DgpYc35TAVh1fVcGXnF7
IP
104.21.20.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerGoogle Trust Services LLC
Subjectldrenandthe.org
FingerprintB1:E1:DF:C0:4E:E7:2F:9B:70:DF:D1:CA:75:2B:47:98:1B:CC:5F:BB
ValidityWed, 29 Nov 2023 06:03:19 GMT - Tue, 27 Feb 2024 06:03:18 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /TmI3aURhXVQaeRoMUwAVGzAOOCgAVlMxLAY0fzt3KgllPCEGNxEdLSpfDll8flcBTzQnBgpYYj0WVh0xPV8GTy0gBFhUYjhfBkd3ekwEXWp+REJUdWgWRwgjc1MRGTA6DgpYc35TAVh1fVcGXnF7 HTTP/1.1
Host: ldrenandthe.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Sun, 03 Dec 2023 13:49:06 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dZd86SdStH8sWy%2Fp5hOcrH6mRxYHlpup19dAN4CgiBjNMGekVWsjEiHVChWL2r%2FjfewCUlwN3%2FSdSFUNuL8cIDhhBJAvIFIujOB5qGQlE9DFoarQdojolkE7ZTYq%2Bwv8atk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc4563dab4d967-HEL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

lingrethertantin.com/VTM4Y2E0UVsOXjQOWkUUJ18FRlMTFgolBWRVCFYXJwBLCRIgSg9NAjlcTQcHJ1xWF087VkxGUxNqWiUJL1JvDDEbSwgzNwdUQCVQB2dvURkXa24PKhhUeSQjF0tUIRYQB2gZAhd2egRTM1RbNyU5dVc1MAB/eQlYGmdPWyIaAw06NRQDACY3B1ZrClEGZXkAJRxbVyUjMgIBMjJsVWkOCQJkCRMkGUtXKyUyfk4iJC1qYCc4HWd+CwI0ZnYrNj5fSi40LWpgIFk0cQkbODNmeRE1ZAZXIFBsVms0Ei1nfgsCHlRuLjYGAkgyUC12YCsnAmQJDC0FYRUiIhdmVBIvA0dZOzY9d28lETFVbSU7EXJtEicyC34lKWRxdFIVNlFuUjsBcVQPMDIVUhAOO0MFFwkHYFcRGCdp

18.173.5.50

200 OK

1.2 kB

URL GET HTTP/2
lingrethertantin.com/VTM4Y2E0UVsOXjQOWkUUJ18FRlMTFgolBWRVCFYXJwBLCRIgSg9NAjlcTQcHJ1xWF087VkxGUxNqWiUJL1JvDDEbSwgzNwdUQCVQB2dvURkXa24PKhhUeSQjF0tUIRYQB2gZAhd2egRTM1RbNyU5dVc1MAB/eQlYGmdPWyIaAw06NRQDACY3B1ZrClEGZXkAJRxbVyUjMgIBMjJsVWkOCQJkCRMkGUtXKyUyfk4iJC1qYCc4HWd+CwI0ZnYrNj5fSi40LWpgIFk0cQkbODNmeRE1ZAZXIFBsVms0Ei1nfgsCHlRuLjYGAkgyUC12YCsnAmQJDC0FYRUiIhdmVBIvA0dZOzY9d28lETFVbSU7EXJtEicyC34lKWRxdFIVNlFuUjsBcVQPMDIVUhAOO0MFFwkHYFcRGCdp
IP
18.173.5.50:443
ASN
#0

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerAmazon
Subjectlingrethertantin.com
Fingerprint05:43:5F:62:44:4A:F8:16:0D:0E:1F:DC:05:AA:39:FF:6E:4C:56:B8
ValidityMon, 27 Nov 2023 00:00:00 GMT - Wed, 25 Dec 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3014), with no line terminators
Size
1.2 kB (1167 bytes)
Hash
1571953567127e67f6f608054370da57
0c0e4b62dd715f51b05d61311e86844959e1b4a3
6e133ddb0329ff58e4af93987b44dc453943da753814eeaa9568e2561fbcbe0e

HTTP Headers

GET /VTM4Y2E0UVsOXjQOWkUUJ18FRlMTFgolBWRVCFYXJwBLCRIgSg9NAjlcTQcHJ1xWF087VkxGUxNqWiUJL1JvDDEbSwgzNwdUQCVQB2dvURkXa24PKhhUeSQjF0tUIRYQB2gZAhd2egRTM1RbNyU5dVc1MAB/eQlYGmdPWyIaAw06NRQDACY3B1ZrClEGZXkAJRxbVyUjMgIBMjJsVWkOCQJkCRMkGUtXKyUyfk4iJC1qYCc4HWd+CwI0ZnYrNj5fSi40LWpgIFk0cQkbODNmeRE1ZAZXIFBsVms0Ei1nfgsCHlRuLjYGAkgyUC12YCsnAmQJDC0FYRUiIhdmVBIvA0dZOzY9d28lETFVbSU7EXJtEicyC34lKWRxdFIVNlFuUjsBcVQPMDIVUhAOO0MFFwkHYFcRGCdp HTTP/1.1
Host: lingrethertantin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-length: 1167
date: Sun, 03 Dec 2023 13:49:06 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 ba68a20197ebf6eb14b1a1482b52e0d2.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-P1
x-amz-cf-id: nWgVZSrclfm3d_Cj_jlAFRUJV74BQI58RrKvrKh8u-CQZm_7t1pdgw==
X-Firefox-Spdy: h2

orgotitedu.info/ZmJ5N3kHABpaRgdfGxEMFA5EEksgR0txHVcESQIPFFEKXQoTG04ZGgoNDFMfFA0XQ1cIBw0SSyATGgcNVQcsQCgsIBJRGhEBEHJJNFMoBDcuNjFHLy8zKGAwASxLdjtWIz9dFgotAG0yLBs8fT8gN1wFPyIwSE8oVFIbcDovNx1bPAUrEXVLNA5BQz8fDjJjLgkqNk8eNQEoelxUID5lOBIlPVAcJRtMYSkOODx+KxEaMV8sAScUAj82URVTHFcoNVE/FVoxXxoJKj1APD4qTHMzNywaURIoVCsGHV40F1BIPipMcykkViFSEgIXK3MNFjMhRCkyURFgHCJPL1QfDS9Mdi8eR0txNAgSMWM+LCYgWzMqBDtmDCAgMF0vCAkBZEoeIRwHHS8EPH0MNDcSRj4MCSp/ACsuG1wsQ1A/USwoR0t1LjMOCHUXPCVfXQoJDAkKDgIuHEYrJAhAWy8WOg

52.85.242.35

200 OK

1.2 kB

URL GET HTTP/2
orgotitedu.info/ZmJ5N3kHABpaRgdfGxEMFA5EEksgR0txHVcESQIPFFEKXQoTG04ZGgoNDFMfFA0XQ1cIBw0SSyATGgcNVQcsQCgsIBJRGhEBEHJJNFMoBDcuNjFHLy8zKGAwASxLdjtWIz9dFgotAG0yLBs8fT8gN1wFPyIwSE8oVFIbcDovNx1bPAUrEXVLNA5BQz8fDjJjLgkqNk8eNQEoelxUID5lOBIlPVAcJRtMYSkOODx+KxEaMV8sAScUAj82URVTHFcoNVE/FVoxXxoJKj1APD4qTHMzNywaURIoVCsGHV40F1BIPipMcykkViFSEgIXK3MNFjMhRCkyURFgHCJPL1QfDS9Mdi8eR0txNAgSMWM+LCYgWzMqBDtmDCAgMF0vCAkBZEoeIRwHHS8EPH0MNDcSRj4MCSp/ACsuG1wsQ1A/USwoR0t1LjMOCHUXPCVfXQoJDAkKDgIuHEYrJAhAWy8WOg
IP
52.85.242.35:443
ASN
#16509 AMAZON-02

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerAmazon
Subjectorgotitedu.info
Fingerprint79:CC:FF:0E:F4:F4:8A:D7:72:F6:75:7A:06:B2:F5:7A:84:55:95:F5
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sun, 10 Nov 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3044), with no line terminators
Size
1.2 kB (1194 bytes)
Hash
c8e2c5cb536edc983fd666f55ab271c1
647658f64bb8e5f654f97997ffa8efdfc6080102
546a3c46ef771dcbd20e68faf13dc29b5ea6717f326b03331da94f047eed4f9b

HTTP Headers

GET /ZmJ5N3kHABpaRgdfGxEMFA5EEksgR0txHVcESQIPFFEKXQoTG04ZGgoNDFMfFA0XQ1cIBw0SSyATGgcNVQcsQCgsIBJRGhEBEHJJNFMoBDcuNjFHLy8zKGAwASxLdjtWIz9dFgotAG0yLBs8fT8gN1wFPyIwSE8oVFIbcDovNx1bPAUrEXVLNA5BQz8fDjJjLgkqNk8eNQEoelxUID5lOBIlPVAcJRtMYSkOODx+KxEaMV8sAScUAj82URVTHFcoNVE/FVoxXxoJKj1APD4qTHMzNywaURIoVCsGHV40F1BIPipMcykkViFSEgIXK3MNFjMhRCkyURFgHCJPL1QfDS9Mdi8eR0txNAgSMWM+LCYgWzMqBDtmDCAgMF0vCAkBZEoeIRwHHS8EPH0MNDcSRj4MCSp/ACsuG1wsQ1A/USwoR0t1LjMOCHUXPCVfXQoJDAkKDgIuHEYrJAhAWy8WOg HTTP/1.1
Host: orgotitedu.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-length: 1194
date: Sun, 03 Dec 2023 13:49:06 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 efc12fd327e76ab48012cf50cecfdff8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: _jNQKPINBuIGDh3mvY42BoJ7NXw7ZDm-XN8CE0Oddpa8tPm1tC9KZQ==
X-Firefox-Spdy: h2

ldrenandthe.org/STNSV3lmDDEkRBtZAB0rJV9iFTE5FmAVGyd2FjIxLUExBiM+Vz9vXz1aNmpAeQJgYkFvQzszRHsKdCQNKEcnJER4FTs5HyYOdCFEeB1ieU95HWFxDHQCdCMJKFRvZl85RyY7RHgEYmZPeAJhYkh+C2M

104.21.20.207

204 No Content

0 B

URL GET HTTP/2
ldrenandthe.org/STNSV3lmDDEkRBtZAB0rJV9iFTE5FmAVGyd2FjIxLUExBiM+Vz9vXz1aNmpAeQJgYkFvQzszRHsKdCQNKEcnJER4FTs5HyYOdCFEeB1ieU95HWFxDHQCdCMJKFRvZl85RyY7RHgEYmZPeAJhYkh+C2M
IP
104.21.20.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerGoogle Trust Services LLC
Subjectldrenandthe.org
FingerprintB1:E1:DF:C0:4E:E7:2F:9B:70:DF:D1:CA:75:2B:47:98:1B:CC:5F:BB
ValidityWed, 29 Nov 2023 06:03:19 GMT - Tue, 27 Feb 2024 06:03:18 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /STNSV3lmDDEkRBtZAB0rJV9iFTE5FmAVGyd2FjIxLUExBiM+Vz9vXz1aNmpAeQJgYkFvQzszRHsKdCQNKEcnJER4FTs5HyYOdCFEeB1ieU95HWFxDHQCdCMJKFRvZl85RyY7RHgEYmZPeAJhYkh+C2M HTTP/1.1
Host: ldrenandthe.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Sun, 03 Dec 2023 13:49:06 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AilZAAq2JcKjpB37n5Nbqdim12JUd3hdUxwOoZhsBBHpBSIsfALA7Vdi5Uq%2FS05gSS8mHBpgPqay54hAJt8EJ9eHIaFNszdeuQ0gt9jV0lRL9GT7gx64xT5ORClYgMQGFmw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc45640b29d967-HEL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail

142.250.150.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
142.250.150.84:443
ASN
#15169 GOOGLE

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint1E:A9:E1:96:78:1D:08:FC:96:C8:C2:34:4F:02:D3:3D:FA:9A:D2:6B
ValidityMon, 23 Oct 2023 11:25:04 GMT - Mon, 15 Jan 2024 11:25:03 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:KQy2DV1qBOQ9i5dru4hZ6nEg-c5nYA:xJqrhzF--fIqU1IB; Expires=Tue, 02-Dec-2025 13:49:06 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 03 Dec 2023 13:49:06 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp0wCsMaiPaOPeYnZlLZX81s0bDEVpW-DgUSlJaJa1y1_q2YN-a3KR3t12lbCSE1UEc4yl5hTA
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy: unsafe-none
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce--APlMgjdoCLaZQFOe5C2kA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

142.250.150.84

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
142.250.150.84:443
ASN
#15169 GOOGLE

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint1E:A9:E1:96:78:1D:08:FC:96:C8:C2:34:4F:02:D3:3D:FA:9A:D2:6B
ValidityMon, 23 Oct 2023 11:25:04 GMT - Mon, 15 Jan 2024 11:25:03 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:Js6TxpMc7F5JR1Trisfoq68kB0ZPOw:MN7DU08FqCh0HRt6; Expires=Tue, 02-Dec-2025 13:49:06 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 03 Dec 2023 13:49:06 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp12BmY8DQh4SldPamwVHudi8dZ6RzweeQEaFpBooIrzzOHm7ioz7SIktT7TjHOPHczgjoZQWg
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-5oSseE97OJhvwvxDienb3A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

d1f05vr3sjsuy7.cloudfront.net/cdWRsMHcWCwJWSAENCA1ORVVeBU9TDh9fGQVZJwQwRTEad0IcQhhKE0hUSlwWGwNRFhIbB1EBURQADg1DUxAcXxxIFBleHhQPH1kFF0IZUUoYCxZZGxkFSQIxQEpcFUVFTBtZGRELG0NSR1QCRFJHVF0AWUVBX3JSR1QbWRlDUEkDNVBWXEhBQUFfclJHVB-5GUkYlXQBCW1RFFUVFAwlTHBpBXnZFRVVcAEZFVUkCRxMNHlURGhxJAjFEVFkeR1MRUQE

54.230.241.212

441 B

URL
d1f05vr3sjsuy7.cloudfront.net/cdWRsMHcWCwJWSAENCA1ORVVeBU9TDh9fGQVZJwQwRTEad0IcQhhKE0hUSlwWGwNRFhIbB1EBURQADg1DUxAcXxxIFBleHhQPH1kFF0IZUUoYCxZZGxkFSQIxQEpcFUVFTBtZGRELG0NSR1QCRFJHVF0AWUVBX3JSR1QbWRlDUEkDNVBWXEhBQUFfclJHVB-5GUkYlXQBCW1RFFUVFAwlTHBpBXnZFRVVcAEZFVUkCRxMNHlURGhxJAjFEVFkeR1MRUQE
IP
54.230.241.212:0
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
ASCII text, with very long lines (589), with no line terminators
Size
441 B (441 bytes)
Hash
3e689796417bd9ce1d9eda7df6ce529d
f8ec848ef463d2cb4b631c9e00a4e02f243a1108
fa8a4082ec6c566d62fb9021fdd40ab6f8083a925e48ae21ce06c49fda66a221

HTTP Headers

GET /cdWRsMHcWCwJWSAENCA1ORVVeBU9TDh9fGQVZJwQwRTEad0IcQhhKE0hUSlwWGwNRFhIbB1EBURQADg1DUxAcXxxIFBleHhQPH1kFF0IZUUoYCxZZGxkFSQIxQEpcFUVFTBtZGRELG0NSR1QCRFJHVF0AWUVBX3JSR1QbWRlDUEkDNVBWXEhBQUFfclJHVB-5GUkYlXQBCW1RFFUVFAwlTHBpBXnZFRVVcAEZFVUkCRxMNHlURGhxJAjFEVFkeR1MRUQE HTTP/1.1
Host: d1f05vr3sjsuy7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lingrethertantin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 441
date: Sun, 03 Dec 2023 13:49:07 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Jer4eMBD9j-9POT8hxKsRuvxzp73-uY2iL2ZWN21nNZ6Wq9tlDQYog==
X-Firefox-Spdy: h2

ds2play.com/favicon.ico

172.67.70.18

200 OK

15 kB

URL GET HTTP/3
ds2play.com/favicon.ico
IP
172.67.70.18:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerGoogle Trust Services LLC
Subjectds2play.com
Fingerprint01:70:30:C0:4B:E8:2F:96:93:F4:0F:7C:31:5C:D0:AE:09:D6:0F:AC
ValidityThu, 30 Nov 2023 11:08:38 GMT - Wed, 28 Feb 2024 11:08:37 GMT

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
15 kB (15406 bytes)
Hash
30d3656f43c817e38c3e7d70b2bfbdad
1aa43b43755e7cba5e145d0978517f7bedad7da6
a558a4796f60f07743027eec96b538b2e7758cca8c544ed796ff745837478555

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ds2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/f/rep3be40o9
Cookie: lang=1; ppu_show_on_06e2eefbde702208a7324b7b8f526df8=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5028bdbd-77cd-41de-b964-31c4e600546c%3A1%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 13:49:06 GMT
content-type: image/x-icon
content-length: 15406
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
etag: "61d3187c-3c2e"
expires: Sat, 23 Dec 2023 07:09:29 GMT
cache-control: public, max-age=2592000, no-transform
access-control-allow-origin: *
cf-cache-status: HIT
age: 887977
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4zbtHTEkPuRusMdukv1Wb6SOfvAfj%2FR3%2FNPT3HmHCLq1aE7CpfPzJae0euC0ViE%2BK%2BkJjfZgU4KXE0BdFI%2BzTPXwOx4sF4Lx%2BxWq3ey9IAMPgq5OUtvK%2F8F8B1N%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc45666816abc2-CPH
alt-svc: h3=":443"; ma=86400

ds2play.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

172.67.70.18

302 Found

263 B

URL GET HTTP/3
ds2play.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
172.67.70.18:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerGoogle Trust Services LLC
Subjectds2play.com
Fingerprint01:70:30:C0:4B:E8:2F:96:93:F4:0F:7C:31:5C:D0:AE:09:D6:0F:AC
ValidityThu, 30 Nov 2023 11:08:38 GMT - Wed, 28 Feb 2024 11:08:37 GMT

File type
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)\012- data
Size
263 B (263 bytes)
Hash
a7a0a29ffb9d48e6019983bd025850b9
4e1341369ac28fc1ca4be9c85c4e951cd1c11639
f5cfc1b2a40dfe812f921f6a6c4c2e847dcedfbda2240471d5cdfbf775be2b03

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: ds2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: lang=1; ppu_show_on_06e2eefbde702208a7324b7b8f526df8=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Sun, 03 Dec 2023 13:49:06 GMT
access-control-allow-origin: *
cache-control: max-age=300, public
vary: accept-encoding
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2eo%2BE65RdKD%2BOZ7ppaQG%2BJq8czvcqGiPUzoPsE28RXLfbZQ%2FqB5CIHfmj%2BpVcz%2BXtyjZLwU8%2FoxZue6B%2BxekiggCViW8Diy4CkVbM89zUKRJvYVDCzXoPY4eZ8HC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc4563b93aabc2-CPH
alt-svc: h3=":443"; ma=86400

d1f05vr3sjsuy7.cloudfront.net/qc0t3eUwQJBkfcwciE0R1Q3NHTHpVIQQWIgN2AB0AFjolOyZKJyEJFFU/DR1xQ20bGCIUdlEcIhB2Rl8tFylKTWoHOxgScQM+GRAtGDgeCy5VPhZEIRwxHhUgEm5FP3lde1JLfFs8HhcoHDwEXH5DJQNcfkN6R1d8Vng1XH5DPB4XekduRDtpQXsPT3hWeD-VcfkM5AVx/MnpHTGJDYlJLfBQuFBIjVnkxS3xCe0dIfEJuRUkqGjkSHyMLbkU/fUN+WUlqBnZG

54.230.241.212

619 B

URL
d1f05vr3sjsuy7.cloudfront.net/qc0t3eUwQJBkfcwciE0R1Q3NHTHpVIQQWIgN2AB0AFjolOyZKJyEJFFU/DR1xQ20bGCIUdlEcIhB2Rl8tFylKTWoHOxgScQM+GRAtGDgeCy5VPhZEIRwxHhUgEm5FP3lde1JLfFs8HhcoHDwEXH5DJQNcfkN6R1d8Vng1XH5DPB4XekduRDtpQXsPT3hWeD-VcfkM5AVx/MnpHTGJDYlJLfBQuFBIjVnkxS3xCe0dIfEJuRUkqGjkSHyMLbkU/fUN+WUlqBnZG
IP
54.230.241.212:0
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintFA:21:45:DC:4D:94:03:A3:09:77:51:78:4A:21:F2:C5:6D:94:BE:52
ValidityTue, 10 Oct 2023 00:00:00 GMT - Thu, 19 Sep 2024 23:59:59 GMT

File type
ASCII text, with very long lines (853), with no line terminators
Size
619 B (619 bytes)
Hash
e0cf790eb2493194ebce76b73789461e
5402c1c75e5da7157a122186eb1c50527f426ac3
8e3deab69066021df182e317cebf56c3744fde4a3f35d60f93e4e728055b1723

HTTP Headers

GET /qc0t3eUwQJBkfcwciE0R1Q3NHTHpVIQQWIgN2AB0AFjolOyZKJyEJFFU/DR1xQ20bGCIUdlEcIhB2Rl8tFylKTWoHOxgScQM+GRAtGDgeCy5VPhZEIRwxHhUgEm5FP3lde1JLfFs8HhcoHDwEXH5DJQNcfkN6R1d8Vng1XH5DPB4XekduRDtpQXsPT3hWeD-VcfkM5AVx/MnpHTGJDYlJLfBQuFBIjVnkxS3xCe0dIfEJuRUkqGjkSHyMLbkU/fUN+WUlqBnZG HTTP/1.1
Host: d1f05vr3sjsuy7.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://orgotitedu.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 619
date: Sun, 03 Dec 2023 13:49:07 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uVcmzEqgFwTpze1tt3dGidcBvRHe2QzKIxc7_IRFAI61srdj9U65QQ==
X-Firefox-Spdy: h2

orgotitedu.info/utx?cb=YFM9tLwilxvE&top=ds2play.com&tid=908056

52.85.242.35

204 No Content

0 B

URL GET HTTP/2
orgotitedu.info/utx?cb=YFM9tLwilxvE&top=ds2play.com&tid=908056
IP
52.85.242.35:443
ASN
#16509 AMAZON-02

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerAmazon
Subjectorgotitedu.info
Fingerprint79:CC:FF:0E:F4:F4:8A:D7:72:F6:75:7A:06:B2:F5:7A:84:55:95:F5
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sun, 10 Nov 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=YFM9tLwilxvE&top=ds2play.com&tid=908056 HTTP/1.1
Host: orgotitedu.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Sun, 03 Dec 2023 13:49:06 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://ds2play.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 03 Dec 2023 13:50:06 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 efc12fd327e76ab48012cf50cecfdff8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: CfSdD3UzEIXkKJGbEKLGAHLKxd-p6tG_ndX1_nbBfeOj8FwTdWEpCg==
X-Firefox-Spdy: h2

lingrethertantin.com/utx?cb=c7kLcIfMoQI1&top=ds2play.com&tid=901258

18.173.5.50

204 No Content

0 B

URL GET HTTP/2
lingrethertantin.com/utx?cb=c7kLcIfMoQI1&top=ds2play.com&tid=901258
IP
18.173.5.50:443
ASN
#0

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerAmazon
Subjectlingrethertantin.com
Fingerprint05:43:5F:62:44:4A:F8:16:0D:0E:1F:DC:05:AA:39:FF:6E:4C:56:B8
ValidityMon, 27 Nov 2023 00:00:00 GMT - Wed, 25 Dec 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=c7kLcIfMoQI1&top=ds2play.com&tid=901258 HTTP/1.1
Host: lingrethertantin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Sun, 03 Dec 2023 13:49:07 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://ds2play.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 03 Dec 2023 13:50:07 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 ba68a20197ebf6eb14b1a1482b52e0d2.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-P1
x-amz-cf-id: i5nBRRZdWeAek8875mVk_nJ8VgoOc8LOR-mkw5zJ-V47JUZEgK-7lg==
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp0wCsMaiPaOPeYnZlLZX81s0bDEVpW-DgUSlJaJa1y1_q2YN-a3KR3t12lbCSE1UEc4yl5hTA

142.250.150.84

302 Found

396 B

URL GET HTTP/3
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp0wCsMaiPaOPeYnZlLZX81s0bDEVpW-DgUSlJaJa1y1_q2YN-a3KR3t12lbCSE1UEc4yl5hTA
IP
142.250.150.84:443
ASN
#15169 GOOGLE

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (393)
Size
396 B (396 bytes)
Hash
bd26cf2748ae8378afb2cc5ce65def4b
b1994849afa67bd2c5a9648aa01beb33a8bc8455
5b4531f21de2501ad379b45efcace3d3ff4ad831080d117d821aa1e42b7427d7

HTTP Headers

GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=ASKXGp0wCsMaiPaOPeYnZlLZX81s0bDEVpW-DgUSlJaJa1y1_q2YN-a3KR3t12lbCSE1UEc4yl5hTA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:tx0eVj5hjMIasEtPCNXR_JtaR4OvnQ:NraGoTfnAfgH0nQJ;Path=/;Expires=Tue, 02-Dec-2025 13:49:07 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 03 Dec 2023 13:49:07 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp0hxoRCgnnpNxzCi5SICa99ixazcO6poT3ev78DjDg06uat8oXCiHKLG5vDHJFZIYznxIWG&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1460166528%3A1701611347250792&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-naSjIRqj2PNj7jdVe3OaYQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 396
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp12BmY8DQh4SldPamwVHudi8dZ6RzweeQEaFpBooIrzzOHm7ioz7SIktT7TjHOPHczgjoZQWg

142.250.150.84

302 Found

407 B

URL GET HTTP/3
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp12BmY8DQh4SldPamwVHudi8dZ6RzweeQEaFpBooIrzzOHm7ioz7SIktT7TjHOPHczgjoZQWg
IP
142.250.150.84:443
ASN
#15169 GOOGLE

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (398)
Size
407 B (407 bytes)
Hash
e28edd153f38828bf5ac8ab431eee9ed
ed44bd853252c3486aceda9ebe49fd3eba903221
6a4453e5ebd6f03cf07764854c59b123f216a701d5a7047f7ef910032c4e472a

HTTP Headers

GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp12BmY8DQh4SldPamwVHudi8dZ6RzweeQEaFpBooIrzzOHm7ioz7SIktT7TjHOPHczgjoZQWg HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:ASH-B1dUFvoNnA1YXIEq8cP0i-_JPA:nJ9OFQ-Znjq6iHJU;Path=/;Expires=Tue, 02-Dec-2025 13:49:07 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 03 Dec 2023 13:49:07 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2WbdXHp9imeo_EJgCBdRnYRIUPQ0CC9-o-3z051D3KYlrqLhfYaIRGIdVb1U07a4CiiFdC&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1039986654%3A1701611347254148&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-l_k5JJriMmlhv8ZccrasUw' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 407
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

banquetunarmedgrater.com/advertisers.js

172.67.219.12

200 OK

0 B

URL GET HTTP/2
banquetunarmedgrater.com/advertisers.js
IP
172.67.219.12:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerGoogle Trust Services LLC
Subjectbanquetunarmedgrater.com
Fingerprint92:8E:AD:72:AC:AD:3B:21:99:CD:21:A0:9F:BD:F2:AF:0D:98:D8:57
ValidityThu, 09 Nov 2023 11:40:15 GMT - Wed, 07 Feb 2024 11:40:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 13:49:07 GMT
content-type: application/javascript
content-length: 0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=172800
x-request-id: 61d7525b59766185fca98d7fdab7fc7a
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 03 Dec 2023 13:49:07 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FbFqIJyeniczdJoM1KycpcHhgRFRXTM7MjKtPvHBT3nbEvTbeZjbCKD2OCcwpUEZre%2F2QH4nMGOjmIP4HH6uepnsjoiNJXVd7Kdwc7jdk%2BY5SA6KwIWMubCKbyNb2ZWgCsF26ZhiRveFZ5M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc45679fd1bfe4-WAW
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

lingrethertantin.com/multi?cs=WnJzTEdoQkB0cG1FQn11bUBKfHE&abt=0&red=1&sm=76&k=&v=1.0.60.3&sts=0&prn=0&emb=0&tid=901258&rxy=1280_1024&u=604835667382744&agec=1701611347&fs=1&mbkb=148.8095238095238&ref=https%3A%2F%2Fds2play.com%2Ff%2Frep3be40o9&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_U8A1=1701611352924&crc=1

18.173.5.50

200 OK

1.5 kB

URL GET HTTP/2
lingrethertantin.com/multi?cs=WnJzTEdoQkB0cG1FQn11bUBKfHE&abt=0&red=1&sm=76&k=&v=1.0.60.3&sts=0&prn=0&emb=0&tid=901258&rxy=1280_1024&u=604835667382744&agec=1701611347&fs=1&mbkb=148.8095238095238&ref=https%3A%2F%2Fds2play.com%2Ff%2Frep3be40o9&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_U8A1=1701611352924&crc=1
IP
18.173.5.50:443
ASN
#0

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerAmazon
Subjectlingrethertantin.com
Fingerprint05:43:5F:62:44:4A:F8:16:0D:0E:1F:DC:05:AA:39:FF:6E:4C:56:B8
ValidityMon, 27 Nov 2023 00:00:00 GMT - Wed, 25 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3247), with no line terminators
Size
1.5 kB (1492 bytes)
Hash
bd5d7ca55efa8e4a2bb8b35112b54aca
3ceccb46e354bf46f6d533685a8aa1d2435b0836
af6eef175e31a94b11b22bfdc4d2609996144aa1e88858e06815ec4765ba8f3e

HTTP Headers

GET /multi?cs=WnJzTEdoQkB0cG1FQn11bUBKfHE&abt=0&red=1&sm=76&k=&v=1.0.60.3&sts=0&prn=0&emb=0&tid=901258&rxy=1280_1024&u=604835667382744&agec=1701611347&fs=1&mbkb=148.8095238095238&ref=https%3A%2F%2Fds2play.com%2Ff%2Frep3be40o9&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_U8A1=1701611352924&crc=1 HTTP/1.1
Host: lingrethertantin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/plain
content-length: 1492
date: Sun, 03 Dec 2023 13:49:07 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://ds2play.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=b64d2309-2782-42ac-b8d4-ec6f294ceef8
csu=604835667382744
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 ba68a20197ebf6eb14b1a1482b52e0d2.cloudfront.net (CloudFront)
x-amz-cf-pop: CPH50-P1
x-amz-cf-id: eevG-nN1-hm1j6PfKs0gsF-0DCQn4LXludsgqFmi7D9AZGBmtCrSdQ==
X-Firefox-Spdy: h2

vintageperk.com/sbar.json?key=2c0360ed33b0b4736859081c701f9a91&uuid=5028bdbd-77cd-41de-b964-31c4e600546c%3A1%3A1

192.243.59.20

200 OK

4.2 kB

URL GET HTTP/1.1
vintageperk.com/sbar.json?key=2c0360ed33b0b4736859081c701f9a91&uuid=5028bdbd-77cd-41de-b964-31c4e600546c%3A1%3A1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerLet's Encrypt
Subjectvintageperk.com
FingerprintB5:A1:A6:63:12:26:F5:61:29:1F:59:C4:11:C1:FE:AC:D3:A9:0F:75
ValidityTue, 28 Nov 2023 10:47:12 GMT - Mon, 26 Feb 2024 10:47:11 GMT

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (5834), with no line terminators
Size
4.2 kB (4236 bytes)
Hash
16cee863b06ff75d2d8dd423ad1808d5
57a388df8fae852d00433ce341ec609974858426
0daebff8055d4e4fd8b961421e7e2d2ed57069bb0c5d3c2844e296646633c684

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=2c0360ed33b0b4736859081c701f9a91&uuid=5028bdbd-77cd-41de-b964-31c4e600546c%3A1%3A1 HTTP/1.1
Host: vintageperk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 13:49:08 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://ds2play.com
Access-Control-Allow-Origin: https://ds2play.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=19079684; expires=Mon, 04 Dec 2023 13:49:07 GMT; secure; SameSite=None
uid_id2=5028bdbd-77cd-41de-b964-31c4e600546c:1:1; expires=Sun, 10 Dec 2023 13:49:07 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 04 Dec 2023 13:49:08 GMT; secure; SameSite=None
uncs=1; expires=Mon, 04 Dec 2023 13:49:08 GMT; secure; SameSite=None
pdhtkv29=true; expires=Mon, 04 Dec 2023 13:49:08 GMT; secure; SameSite=None
uncs29=1; expires=Mon, 04 Dec 2023 13:49:08 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bee4cfa3e5ac9794340b7ea5ffc4c5ed
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

unseenreport.com/pxf.gif?uuid=5028bdbd-77cd-41de-b964-31c4e600546c&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=06e2eefbde702208a7324b7b8f526df8&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13

192.243.59.12

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=5028bdbd-77cd-41de-b964-31c4e600546c&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=06e2eefbde702208a7324b7b8f526df8&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint79:45:7F:58:D5:82:45:0A:7D:1E:FF:7A:98:05:26:E9:D6:FE:91:14
ValidityWed, 22 Nov 2023 07:56:28 GMT - Tue, 20 Feb 2024 07:56:27 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=5028bdbd-77cd-41de-b964-31c4e600546c&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=06e2eefbde702208a7324b7b8f526df8&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 13:49:08 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 41e20f1bcf35fa349007b82077ea8d93
Strict-Transport-Security: max-age=0; includeSubdomains

ds2play.com/cdn-cgi/challenge-platform/h/b/jsd/r/82fc455b7d392d5f

172.67.70.18

200 OK

2 B

URL POST HTTP/3
ds2play.com/cdn-cgi/challenge-platform/h/b/jsd/r/82fc455b7d392d5f
IP
172.67.70.18:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerGoogle Trust Services LLC
Subjectds2play.com
Fingerprint01:70:30:C0:4B:E8:2F:96:93:F4:0F:7C:31:5C:D0:AE:09:D6:0F:AC
ValidityThu, 30 Nov 2023 11:08:38 GMT - Wed, 28 Feb 2024 11:08:37 GMT

File type
data
Size
2 B (2 bytes)
Hash
309fc7d3bc53bb63ac42e359260ac740
2064f80f811db79a33c4e51c10221454e30c74ae
ac11339ffa8f270c4f781e0a3922bb1c80d9dee6e4b6911ca34538ed9ae03caa

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/82fc455b7d392d5f HTTP/1.1
Host: ds2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12183
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/f/rep3be40o9
Cookie: lang=1; ppu_show_on_06e2eefbde702208a7324b7b8f526df8=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=5028bdbd-77cd-41de-b964-31c4e600546c%3A1%3A1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 03 Dec 2023 13:49:06 GMT
content-type: text/plain; charset=UTF-8
set-cookie: cf_clearance=Hb8au1BdVk9nLKc0Rem3F2jrMJ65Kj5YbMq7NNhWxNA-1701611346-0-1-730ca2d2.73a07051.5b213570-0.2.1701611346; path=/; expires=Mon, 02-Dec-24 13:49:06 GMT; domain=.ds2play.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tC%2FR5okO3ttIj8r7PzpaUDz5KPQbrnlvIHFt4hoAQLF4DgeeRJaqcHH%2FSWupzZ%2FGFlLxNZHhYK%2Bxug24X1u0JPgDmedn09dli%2BP5dvS8VU%2BbFCS7Xz5wi2HcmpdK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc45664fc2abc2-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

vintageperk.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSuTtaTIkS9eBAGNRDBna2e7vmVgMEYI4sxCUkk5%2FrVs%2BVWd7VV3dOTPQUDmpOMeFFPvd%2FsZlGDmj9AkFkvISA4HmQP7t2zkLPMZGD0QdV7r753%2BL7v1ae75TEJUbKjax%2FYHW0M22g3aePMLZ1JW%2FnGlZuNkDbpucYtnXXic43R%2FHLDsyFtN%2BkbjfeU2LYbLRpSGtKwcUk7ldjRxgKFzh%2F0w2afNuNWM2zHGLn%2F974M4FkAOTwmL0DL2TNbjx5Ciymy9KeLym8XNn%2Fz3bQ0rLAOQ3nwYbad2SpDuioTFyDJDpbTsH5GyFcnYLODpQLY4d5cAbiekeDPEDw7WNIEH%2B4%2FZcoNVAYun0U1nEKZKTSbQti70PJ3AgiJK1eRpfevWFex209RNkdnZO3JP9DVjKz99RKy9IcLRo8aN6wpC20zj1FSQ4%2Bm0IMp8vIQxU4AXR1CFJ9Ay9%2FIxpPLyNK9q95YaHn0epu2elxyud7tCrkeh1Kt834nXo9CEasOpe24IxYWaT2FTqYwagzmA5TzowOUSYAyD5DKowZr9xNKuwlPoqgXCyGiSIh2ryPbMop7CUUp5hrGKPIxhBlDuDvI3R1s6zFc%2BQv8Vg0vA%2FiCYChrVIqg8gQVI6g0QVUQVMN6Xxrf8vV9aXzJw2VuLXNUT2wx2GX7thiojIC58W5%2BTE7NzQtee3UN2%2Bqo0RI06lAlo4hTHnejTq%2Fdp71QdGmY9Fk%2FhNc1tD%2BxkLqjZ%2BT0x%2BeR6xl57tEpcHYIbw4h9Gmw8hWwatJtUbCtSdyj2Ml%2BDKW10hdOsbQpbAppa%2BTFGorbwa45Ji8v9rjZPAslHp9%2F9PU8voFwNXJX4yP9K8HA3JtctxXZu24rTx5ezQud6h023%2FGNghXq5Hfvq9uVdXLzoh9%2F%2B7aYA%2FPywU3li8sskzobePL9BS2lcpesE4r8vOlvKX6t9FsXSpeV%2BeVr71zaTHOnvNc2m4LpGSGf%2Fw2hZ%2BT5F79c%2FN8z%2B29BuylcWSMtH5NlQNspRH4HPl%2Fx95bAmdUMzwNUZT1xLb56NJrAqFXPeA3%2Fn56v6l1%2FDwMXgBV3kaU1hq7G0NRgZgxfnpwUuXt8%2Fo9oEeAmmHDjgj1unPniqbleHzVUO6GJoi3Fkz5PuozKfhL3OeuHqsvbLEThZ8p8dvNfAAAA%2F%2F8BAAD%2F%2Fy3qbM2XBAAA

192.243.59.20

200 OK

7 B

URL GET HTTP/1.1
vintageperk.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSuTtaTIkS9eBAGNRDBna2e7vmVgMEYI4sxCUkk5%2FrVs%2BVWd7VV3dOTPQUDmpOMeFFPvd%2FsZlGDmj9AkFkvISA4HmQP7t2zkLPMZGD0QdV7r753%2BL7v1ae75TEJUbKjax%2FYHW0M22g3aePMLZ1JW%2FnGlZuNkDbpucYtnXXic43R%2FHLDsyFtN%2BkbjfeU2LYbLRpSGtKwcUk7ldjRxgKFzh%2F0w2afNuNWM2zHGLn%2F974M4FkAOTwmL0DL2TNbjx5Ciymy9KeLym8XNn%2Fz3bQ0rLAOQ3nwYbad2SpDuioTFyDJDpbTsH5GyFcnYLODpQLY4d5cAbiekeDPEDw7WNIEH%2B4%2FZcoNVAYun0U1nEKZKTSbQti70PJ3AgiJK1eRpfevWFex209RNkdnZO3JP9DVjKz99RKy9IcLRo8aN6wpC20zj1FSQ4%2Bm0IMp8vIQxU4AXR1CFJ9Ay9%2FIxpPLyNK9q95YaHn0epu2elxyud7tCrkeh1Kt834nXo9CEasOpe24IxYWaT2FTqYwagzmA5TzowOUSYAyD5DKowZr9xNKuwlPoqgXCyGiSIh2ryPbMop7CUUp5hrGKPIxhBlDuDvI3R1s6zFc%2BQv8Vg0vA%2FiCYChrVIqg8gQVI6g0QVUQVMN6Xxrf8vV9aXzJw2VuLXNUT2wx2GX7thiojIC58W5%2BTE7NzQtee3UN2%2Bqo0RI06lAlo4hTHnejTq%2Fdp71QdGmY9Fk%2FhNc1tD%2BxkLqjZ%2BT0x%2BeR6xl57tEpcHYIbw4h9Gmw8hWwatJtUbCtSdyj2Ml%2BDKW10hdOsbQpbAppa%2BTFGorbwa45Ji8v9rjZPAslHp9%2F9PU8voFwNXJX4yP9K8HA3JtctxXZu24rTx5ezQud6h023%2FGNghXq5Hfvq9uVdXLzoh9%2F%2B7aYA%2FPywU3li8sskzobePL9BS2lcpesE4r8vOlvKX6t9FsXSpeV%2BeVr71zaTHOnvNc2m4LpGSGf%2Fw2hZ%2BT5F79c%2FN8z%2B29BuylcWSMtH5NlQNspRH4HPl%2Fx95bAmdUMzwNUZT1xLb56NJrAqFXPeA3%2Fn56v6l1%2FDwMXgBV3kaU1hq7G0NRgZgxfnpwUuXt8%2Fo9oEeAmmHDjgj1unPniqbleHzVUO6GJoi3Fkz5PuozKfhL3OeuHqsvbLEThZ8p8dvNfAAAA%2F%2F8BAAD%2F%2Fy3qbM2XBAAA
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerLet's Encrypt
Subjectvintageperk.com
FingerprintB5:A1:A6:63:12:26:F5:61:29:1F:59:C4:11:C1:FE:AC:D3:A9:0F:75
ValidityTue, 28 Nov 2023 10:47:12 GMT - Mon, 26 Feb 2024 10:47:11 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scRRSuTtaTIkS9eBAGNRDBna2e7vmVgMEYI4sxCUkk5%2FrVs%2BVWd7VV3dOTPQUDmpOMeFFPvd%2FsZlGDmj9AkFkvISA4HmQP7t2zkLPMZGD0QdV7r753%2BL7v1ae75TEJUbKjax%2FYHW0M22g3aePMLZ1JW%2FnGlZuNkDbpucYtnXXic43R%2FHLDsyFtN%2BkbjfeU2LYbLRpSGtKwcUk7ldjRxgKFzh%2F0w2afNuNWM2zHGLn%2F974M4FkAOTwmL0DL2TNbjx5Ciymy9KeLym8XNn%2Fz3bQ0rLAOQ3nwYbad2SpDuioTFyDJDpbTsH5GyFcnYLODpQLY4d5cAbiekeDPEDw7WNIEH%2B4%2FZcoNVAYun0U1nEKZKTSbQti70PJ3AgiJK1eRpfevWFex209RNkdnZO3JP9DVjKz99RKy9IcLRo8aN6wpC20zj1FSQ4%2Bm0IMp8vIQxU4AXR1CFJ9Ay9%2FIxpPLyNK9q95YaHn0epu2elxyud7tCrkeh1Kt834nXo9CEasOpe24IxYWaT2FTqYwagzmA5TzowOUSYAyD5DKowZr9xNKuwlPoqgXCyGiSIh2ryPbMop7CUUp5hrGKPIxhBlDuDvI3R1s6zFc%2BQv8Vg0vA%2FiCYChrVIqg8gQVI6g0QVUQVMN6Xxrf8vV9aXzJw2VuLXNUT2wx2GX7thiojIC58W5%2BTE7NzQtee3UN2%2Bqo0RI06lAlo4hTHnejTq%2Fdp71QdGmY9Fk%2FhNc1tD%2BxkLqjZ%2BT0x%2BeR6xl57tEpcHYIbw4h9Gmw8hWwatJtUbCtSdyj2Ml%2BDKW10hdOsbQpbAppa%2BTFGorbwa45Ji8v9rjZPAslHp9%2F9PU8voFwNXJX4yP9K8HA3JtctxXZu24rTx5ezQud6h023%2FGNghXq5Hfvq9uVdXLzoh9%2F%2B7aYA%2FPywU3li8sskzobePL9BS2lcpesE4r8vOlvKX6t9FsXSpeV%2BeVr71zaTHOnvNc2m4LpGSGf%2Fw2hZ%2BT5F79c%2FN8z%2B29BuylcWSMtH5NlQNspRH4HPl%2Fx95bAmdUMzwNUZT1xLb56NJrAqFXPeA3%2Fn56v6l1%2FDwMXgBV3kaU1hq7G0NRgZgxfnpwUuXt8%2Fo9oEeAmmHDjgj1unPniqbleHzVUO6GJoi3Fkz5PuozKfhL3OeuHqsvbLEThZ8p8dvNfAAAA%2F%2F8BAAD%2F%2Fy3qbM2XBAAA HTTP/1.1
Host: vintageperk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Cookie: u_pl=19079684; uid_id2=5028bdbd-77cd-41de-b964-31c4e600546c:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 13:49:08 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1345dff36e0b02b78ce10f844258c12c
Strict-Transport-Security: max-age=0; includeSubdomains

pogothere.xyz/

188.114.96.1

200 OK

2.4 kB

URL GET HTTP/2
pogothere.xyz/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
2.4 kB (2360 bytes)
Hash
f03884f105d17a354996cccea921d272
028210f007b7a9d6ca27b5020363df3735914aca
52dbd989a8256f37c01439c82922c1acb1cefd4b81781066498f80410780aef1

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 13:49:07 GMT
content-type: text/plain
set-cookie: csu=674196358188660@1@1701611347; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://ds2play.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m34x0lOSZPUcrzIxpHD8jbk7C5CrKQ9dO%2FF4vUI55Gf6HgrgVOrnEc27km2pr0TxgREs3WeKEwBXa%2BxVyK8Y0WtR6izxhgi1tJ7vFkJak8rINPlUoFFokwI22fvKJusS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc4566cbfc4e16-HEL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/img/close.png

172.64.108.10

200 OK

6.0 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/img/close.png
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Size
6.0 kB (5982 bytes)
Hash
c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd

HTTP Headers

GET /sb/ssp/notifications/text_bubble/2/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 13:49:08 GMT
content-type: image/png
content-length: 5982
last-modified: Tue, 12 Jul 2022 10:56:24 GMT
etag: "62cd5358-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 472009
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f54AsdcHNPZkcOtha4iwB7FcwneA4j4xZx5P6iXilvLstqKema7BAhmDV93IZvSyWIrcu1oOdN9I9VYyKPqojS%2Fk31P8691zXIGbblOz7eQkNyoIf8MYdSp7u52LkiJSdQ8dd1Sa9JG%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc457119a66553-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/img/number.png

172.64.108.10

200 OK

1.1 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/img/number.png
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
PNG image data, 43 x 43, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 kB (1138 bytes)
Hash
9e4414e85c588bf7db195e49c02ab2bb
09254e79b255f1b2dfe45adbbe44583a4b433782
0b977ec6e7cf5d35df03cd3a8041f5f523f5d4059ac67c152c0a7b613e20b762

HTTP Headers

GET /sb/ssp/notifications/text_bubble/2/img/number.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 13:49:08 GMT
content-type: image/png
content-length: 1138
last-modified: Tue, 12 Jul 2022 10:56:23 GMT
etag: "62cd5357-472"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 378098
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vGyfZ4lvuGrjcp3KF1cW48IfdkO%2F2%2FXGyMbNVqm38vHl3bXkmuceVGvQFhfzRdc33nGH9frAgwIw1VUqJhD4Jht09S9V0uMigpIvEceO90rIlr87LH%2F%2BNNps2rsan9PvcHYgWBbP%2FYc5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc457119b76553-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

pogothere.xyz/

188.114.96.1

200 OK

90 kB

URL GET HTTP/2
pogothere.xyz/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
90 kB (90246 bytes)
Hash
e03fa3634ac75459495d289dbb9a555a
a5a0840f3728b514412fbde719a8e52b81aa47e1
d7e8070b61106bf733a60fe8d8abfc6b19ba686bda7cbc3322bd2aacc47b03d4

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 13:49:07 GMT
content-type: text/plain
set-cookie: csu=604835667382744@1@1701611347; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://ds2play.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pl5I0BrvTdjIA83iecGDzYgRD8pzQBX9CMi0WU2h%2F3nW2CoPue6vgsDYe26JjzTNGq%2Fj05N%2FHbrFLzs2I95AcBiMZNEL4jXqC7BH1tREgCwmRoNQsdjl7rVWZ0iCSYl%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc4566cc004e16-HEL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/css/animate.css

172.64.108.10

200 OK

21 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/css/animate.css
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text
Size
21 kB (20591 bytes)
Hash
e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a

HTTP Headers

GET /sb/ssp/notifications/text_bubble/2/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 13:49:08 GMT
content-type: text/css
last-modified: Tue, 12 Jul 2022 10:56:21 GMT
etag: W/"62cd5355-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2173161
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lvCwgmVf6aiToUMCmYmUEJvCjV8j12RPcUDhccUiONlZ0oEy69prFcbJagIhr76gF3259zTL6Opk6YutzgiGJBg8GA4zZmNS6lHjwXpFtzH7sSYWRcLE3TcKqWGvCkC8dLg1XsS7ijsI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc4570e9506553-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/js/jquery.min.js

172.64.108.10

200 OK

32 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/js/jquery.min.js
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text, with very long lines (65451)
Size
32 kB (31963 bytes)
Hash
561acb3e541133bbdd2c0c19f8ee35a1
ffd1353cf3f77d25f801c84d8208613eb0d3d548
9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc

HTTP Headers

GET /sb/ssp/notifications/text_bubble/2/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 13:49:08 GMT
content-type: application/javascript
last-modified: Tue, 12 Jul 2022 10:56:19 GMT
etag: W/"62cd5353-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1369041
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1HLKAfwliruyqTq8fYohYFqLxKl5qXq0SzHbsuJg0WGfcHTINXRbsAz%2Bjj1xM7RJj0xdaTEyv7hNWiTTNA7YAICtzKLOnnrb1IjxQZxCmQiZzZ8%2BBttcn46jZgAfgtm4V81oBSnB96cT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc457129c36553-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/js/script.js

172.64.108.10

200 OK

406 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/js/script.js
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text
Size
406 B (406 bytes)
Hash
e2c7b2a31e8a1ccad968ed959de64874
8b00393278f13b21bd4b0829fc1ff38977d741b7
6c81818aac3567735599ff5881cafa77c979946a501feed76330582c3f83ce2d

HTTP Headers

GET /sb/ssp/notifications/text_bubble/2/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 03 Dec 2023 13:49:08 GMT
content-type: application/javascript
last-modified: Tue, 12 Jul 2022 10:56:18 GMT
etag: W/"62cd5352-37c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 370137
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O3sh3HMHOInbOdw92e7U02Ko%2BH6eIAwfgObJaSU%2BzclMeZSlJOD%2BJEHDpli4ceoceBvRFbJJGbrmwL0gaSmqQ5AYirOEZniwyyr%2FQi5V%2BE3L%2FfIgQA2Wgg1AQqUVlIBWEDhRNRxhBaMq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc45723b806553-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp0hxoRCgnnpNxzCi5SICa99ixazcO6poT3ev78DjDg06uat8oXCiHKLG5vDHJFZIYznxIWG&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1460166528%3A1701611347250792&theme=glif

142.250.150.84

403 Forbidden

0 B

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp0hxoRCgnnpNxzCi5SICa99ixazcO6poT3ev78DjDg06uat8oXCiHKLG5vDHJFZIYznxIWG&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1460166528%3A1701611347250792&theme=glif
IP
142.250.150.84:443
ASN
#15169 GOOGLE

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp0hxoRCgnnpNxzCi5SICa99ixazcO6poT3ev78DjDg06uat8oXCiHKLG5vDHJFZIYznxIWG&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1460166528%3A1701611347250792&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 03 Dec 2023 13:49:07 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-8EJHN_Xb4UFqEUTnvgmjtA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ldrenandthe.org/popunder.gif

104.21.20.207

200 OK

35 B

URL GET HTTP/3
ldrenandthe.org/popunder.gif
IP
104.21.20.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerGoogle Trust Services LLC
Subjectldrenandthe.org
FingerprintB1:E1:DF:C0:4E:E7:2F:9B:70:DF:D1:CA:75:2B:47:98:1B:CC:5F:BB
ValidityWed, 29 Nov 2023 06:03:19 GMT - Tue, 27 Feb 2024 06:03:18 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /popunder.gif HTTP/1.1
Host: ldrenandthe.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 13:49:07 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 169429
last-modified: Fri, 01 Dec 2023 14:45:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rP2brrsTOkisfeq7fOtwpIZ2iUfAfavnS97jIkkpMflc97wKLwTlJ19tbAKCXNUch20%2BGA9y8YNtDcdD8kdLizNdklAxpWRZ%2FQ79isXUUdj5aXAolESRbjoBe7zEYOplYUk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc456a3cbad926-HEL
alt-svc: h3=":443"; ma=86400

vintageperk.com/pixel/sbs?c=1

192.243.59.13

200 OK

0 B

URL GET HTTP/1.1
vintageperk.com/pixel/sbs?c=1
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerLet's Encrypt
Subjectvintageperk.com
FingerprintB5:A1:A6:63:12:26:F5:61:29:1F:59:C4:11:C1:FE:AC:D3:A9:0F:75
ValidityTue, 28 Nov 2023 10:47:12 GMT - Mon, 26 Feb 2024 10:47:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: vintageperk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Cookie: u_pl=19079684; uid_id2=5028bdbd-77cd-41de-b964-31c4e600546c:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 13:49:09 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2WbdXHp9imeo_EJgCBdRnYRIUPQ0CC9-o-3z051D3KYlrqLhfYaIRGIdVb1U07a4CiiFdC&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1039986654%3A1701611347254148&theme=glif

142.250.150.84

403 Forbidden

0 B

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2WbdXHp9imeo_EJgCBdRnYRIUPQ0CC9-o-3z051D3KYlrqLhfYaIRGIdVb1U07a4CiiFdC&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1039986654%3A1701611347254148&theme=glif
IP
142.250.150.84:443
ASN
#15169 GOOGLE

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp2WbdXHp9imeo_EJgCBdRnYRIUPQ0CC9-o-3z051D3KYlrqLhfYaIRGIdVb1U07a4CiiFdC&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1039986654%3A1701611347254148&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 03 Dec 2023 13:49:07 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-5RbSJCH8xonWchVoSGL2LA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/css/style.css

172.64.108.10

200 OK

9.2 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/css/style.css
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text, with very long lines (9771), with no line terminators
Size
9.2 kB (9193 bytes)
Hash
3bf44c419c27c2507bc1b009469c4482
b645016017cbba34b71497b76eb2a89ea7d54839
dca224015fb9353a013d68f8d9c8d5e028940fd9f0750e17b4dc66fb620dd64a

HTTP Headers

GET /sb/ssp/notifications/text_bubble/2/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 13:49:08 GMT
content-type: text/css
last-modified: Tue, 12 Jul 2022 11:09:04 GMT
etag: W/"62cd5650-23e9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1668836
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kY6aCEo878%2FvnkEmSEVRYpK8o%2FvkvY%2BZSvm8wlrXZ8WSLMDICJQ51hUCx2CJR841GMNyYWFEkJxvlD7ybIUmsfrvZVEDFhWc2eYeiVBZXRdycgE90Ve%2FXY93UInfEPGMnL5SHSBw1zf2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc4570e9186553-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ds2play.com/f/rep3be40o9

172.67.70.18

200 OK

2.9 kB

URL User Request GET HTTP/2
ds2play.com/f/rep3be40o9
IP
172.67.70.18:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectds2play.com
Fingerprint01:70:30:C0:4B:E8:2F:96:93:F4:0F:7C:31:5C:D0:AE:09:D6:0F:AC
ValidityThu, 30 Nov 2023 11:08:38 GMT - Wed, 28 Feb 2024 11:08:37 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3035), with no line terminators
Size
2.9 kB (2943 bytes)
Hash
2c747672f49bab50f10fe53e21388996
bf1f46ddcf16d602f286e9951b1b5e9e0ff1bd0f
2d6de64a006e49a3e730a9ac2280130224696c9b34cdf3d61d6f77038a595c74

HTTP Headers

GET /f/rep3be40o9 HTTP/1.1
Host: ds2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 13:49:05 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sat, 02 Dec 2023 13:49:05 GMT
set-cookie: lang=1; domain=.ds2play.com; path=/; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XeLtsYjM8yUW7rOd2OU%2BlRmN7Kg%2FYOcbw2FG08PVHXraKOUOSMVxFGZKero68AKL55T59SVY3TvyS6x74S8T%2F5sPUL2i8l7liyv%2BRcQu7eU4piAjSnDZi0vRgYb9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc455b7d392d5f-ARN
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:57:34 GMT
expires: Fri, 29 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 291095
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

friendshipmale.com/sfp.js

104.21.234.33

200 OK

86 kB

URL GET HTTP/2
friendshipmale.com/sfp.js
IP
104.21.234.33:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type

Size
86 kB (85468 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 13:49:06 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 7dc4ec5c2e8e4e6c9eef6d43365fb3ff
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 03 Dec 2023 13:49:06 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nWwp4%2B3EvZwciYaGBKIA7U%2F8WDPpkFUSp5vhu00a6%2BGtqu2SYW93%2F2olTTmmiF%2F2xnQEsMo6l5HyIRHOumIjTO8hOeWAYxdkxisMaKmLKpulLGnOeWAtaf4P2fx91GaT6mSQ2RU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc4563fc6e34b0-WAW
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=5028bdbd-77cd-41de-b964-31c4e600546c&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=2c0360ed33b0b4736859081c701f9a91&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13

192.243.59.12

200 OK

0 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=5028bdbd-77cd-41de-b964-31c4e600546c&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=2c0360ed33b0b4736859081c701f9a91&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint79:45:7F:58:D5:82:45:0A:7D:1E:FF:7A:98:05:26:E9:D6:FE:91:14
ValidityWed, 22 Nov 2023 07:56:28 GMT - Tue, 20 Feb 2024 07:56:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=5028bdbd-77cd-41de-b964-31c4e600546c&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=2c0360ed33b0b4736859081c701f9a91&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=13 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 13:49:08 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f8a2ada246a8caca20cc5febc407d986
Strict-Transport-Security: max-age=0; includeSubdomains

i.doodcdn.co/theme_2/css/bootstrap.min.css

104.26.7.74

200 OK

160 kB

URL GET HTTP/2
i.doodcdn.co/theme_2/css/bootstrap.min.css
IP
104.26.7.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65324)
Size
160 kB (159515 bytes)
Hash
7cc40c199d128af6b01e74a28c5900b0
d305110fb79113a961394b433d851a3410342b8c
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6

HTTP Headers

GET /theme_2/css/bootstrap.min.css HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 13:49:05 GMT
content-type: text/css
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
cache-control: public, max-age=2592000
expires: Sun, 01 Dec 2024 05:27:01 GMT
vary: Accept-Encoding,User-Agent
access-control-allow-origin: *
cf-cache-status: HIT
age: 31056
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RvmSJmz9QiNPM9a2JBW1GG2F4b2u9Z8e4gXAx52C6Xds9xZiNJcI0KRlz5%2Fx4mnP5A%2BsTRFHiCV3MSASriOmN0qzTVN1aQC3CLMl0uoxDfDKM2%2FWxhI%2BuW%2BXmTWUsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc455f8bcc10b1-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

i.doodcdn.co/theme_2/css/style.css

104.26.7.74

200 OK

209 kB

URL GET HTTP/2
i.doodcdn.co/theme_2/css/style.css
IP
104.26.7.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65465)
Size
209 kB (208903 bytes)
Hash
6ff549c82309fe93cb6f38f8fcf60e49
c5621629b2a258c7fb572ab9d03517c7d60896fd
668326f298c9701a6422f5b7f229966fd87ae68940381a9c0c898197667a8c4c

HTTP Headers

GET /theme_2/css/style.css HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 13:49:05 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=249272
expires: Mon, 02 Dec 2024 01:48:16 GMT
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: HIT
age: 31547
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BEemp5H%2FRwZWaX12bwfWJUMtjOOlqpB%2F2rDIlmTEFoTFlKIUtaQ579qlfGv0f8Zm1hzCPL8EDcGpi8DZVHsVpCswCjqwtKhF%2FpfZEVL2%2FVGkrM9Cc3%2BmiOxVVKwN5w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc455f8bb910b1-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ds2play.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js

172.67.70.18

200 OK

7.4 kB

URL GET HTTP/3
ds2play.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js
IP
172.67.70.18:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerGoogle Trust Services LLC
Subjectds2play.com
Fingerprint01:70:30:C0:4B:E8:2F:96:93:F4:0F:7C:31:5C:D0:AE:09:D6:0F:AC
ValidityThu, 30 Nov 2023 11:08:38 GMT - Wed, 28 Feb 2024 11:08:37 GMT

File type
ASCII text, with very long lines (7380), with no line terminators
Size
7.4 kB (7380 bytes)
Hash
50088d0ff49e76a63d8b6d77b6e14593
3c08b6e6264c5539c54d93f71cc822b436c896fa
bd9c83f32fa37f59c349f56a629e49d93da3e790ded7d8af7d8e350437fcbdf7

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/56d3063b/main.js HTTP/1.1
Host: ds2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: lang=1; ppu_show_on_06e2eefbde702208a7324b7b8f526df8=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 03 Dec 2023 13:49:06 GMT
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
vary: accept-encoding
cache-control: max-age=14400, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z2wE%2BeIvkN1DBWwEQXvhGxBUaALU92TQ3KczQ3HIHcjUITOfohTfWq%2BftStET3bP%2FLVBUxTU5Z%2BEqNeZWxogQvrITjY%2BPLgf9KoN%2F7FjQ2WcCCRUO3TKWYoOU0SB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82fc45644ab9abc2-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

vintageperk.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3o0nRVj14kEY1IUVzKR6uufXLri4rpFgTMJuJOfqqppJmequtqp7epJTcEH3JCNe1FPnm2SDuqj7Bwgy8RICguNBcjB3z8KeZSYDow%2Bq3nv1vcP3fa8%2BPcgviI%2BcnW98YPaU1mypXqWVG1sqEaZwlbXNik%2Br9FZlSyWN8FalP7ls76ZP61X6RuU9yXfMUo36lPrUrywrKzumvzRFodLHbb%2FaptWwVvXrIfr2%2F73LPTjmQfQuyAtQYvzM9ukTKD5CEv90V7qdzKRvvhvnmmXGoieOP0x2ElMkiOdlx3roJMezaRg3JuSrKzDJ8UwBTO9wogCRGhPvTx9Rcjyjiah3dMk00pAJIvEsit4IUo%2Bg2AjcPIASvxOAC6ytI4kfrRlbsN1LlE3QMVl4%2Bg9UMSYLf72EJP7hjlb9yn2j80yZxKHfKaH6I6juCGl%2BgmzPgypOwLNPoMRvZOnpKpL4cN1pAyXOX6%2FTWisSkVhsNrlYDH0hF6N2I1wMfB7KBqX1sMGnFik1guqMoOUAzHnIJ0d5yDse8tRDLM4rrN7uUNrsRJ0gaIWc8yDgvN5qiLoIwlaHIucTDQNk6QBcD8DtPlK7jx01gM1%2Fgdsu4YQHlxH0RIlCEhSOoGAEhSIoMoKiVx4J7WqufCS0yyN%2FlmuzHJRDk3UP2JHJujIhYHZwkF6QaxPzvNdeXcCOPK%2FUOA0aVIogiGgUNoNGq96mLZ83qd9ps7YPp0ood2UqdU%2BNyfWPbyNVY%2FLc6TVE7AROn4Cr62D5K2DFsFmjYNvDsEWxl%2FzoC2OEy6xkcZWbGMKUSLMFZLvegb4gL0%2F3uFK9CcnPbp9%2BPYlvwG2J1Jb4SP1K0NUPh%2FdMQQ7vmcKRJ%2BtppmK1xyY7vp%2BxTF797n25WxgrVu66wbdv8wkwKR9vSpetskSopOvI93eUENIuG8sl%2BXnFbcloI3fbd3Kb5OnqxjvLK3FqpXPKJCMwNSbk87%2FB1Zg8%2F%2BKX0%2F974%2BgtKDuCzUvE%2BRmZBZQZgaf7cOmcvzMEVs9notRDkZdDW4vmj1oRaDnvWVTC%2FaeP5vWBe4iu9cCyB0jiEj1boqdLMD2Ay68Os9Se3f4jmAYi7Q0jbb3DSFv9xaW5Tp1X6n4oW1GryYWIJBd%2Bsxa0AkprQoTNtvTbyNxY6s82%2FwUAAP%2F%2FAQAA%2F%2F854uIrlwQAAA%3D%3D

192.243.59.20

200 OK

0 B

URL GET HTTP/1.1
vintageperk.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3o0nRVj14kEY1IUVzKR6uufXLri4rpFgTMJuJOfqqppJmequtqp7epJTcEH3JCNe1FPnm2SDuqj7Bwgy8RICguNBcjB3z8KeZSYDow%2Bq3nv1vcP3fa8%2BPcgviI%2BcnW98YPaU1mypXqWVG1sqEaZwlbXNik%2Br9FZlSyWN8FalP7ls76ZP61X6RuU9yXfMUo36lPrUrywrKzumvzRFodLHbb%2FaptWwVvXrIfr2%2F73LPTjmQfQuyAtQYvzM9ukTKD5CEv90V7qdzKRvvhvnmmXGoieOP0x2ElMkiOdlx3roJMezaRg3JuSrKzDJ8UwBTO9wogCRGhPvTx9Rcjyjiah3dMk00pAJIvEsit4IUo%2Bg2AjcPIASvxOAC6ytI4kfrRlbsN1LlE3QMVl4%2Bg9UMSYLf72EJP7hjlb9yn2j80yZxKHfKaH6I6juCGl%2BgmzPgypOwLNPoMRvZOnpKpL4cN1pAyXOX6%2FTWisSkVhsNrlYDH0hF6N2I1wMfB7KBqX1sMGnFik1guqMoOUAzHnIJ0d5yDse8tRDLM4rrN7uUNrsRJ0gaIWc8yDgvN5qiLoIwlaHIucTDQNk6QBcD8DtPlK7jx01gM1%2Fgdsu4YQHlxH0RIlCEhSOoGAEhSIoMoKiVx4J7WqufCS0yyN%2FlmuzHJRDk3UP2JHJujIhYHZwkF6QaxPzvNdeXcCOPK%2FUOA0aVIogiGgUNoNGq96mLZ83qd9ps7YPp0ood2UqdU%2BNyfWPbyNVY%2FLc6TVE7AROn4Cr62D5K2DFsFmjYNvDsEWxl%2FzoC2OEy6xkcZWbGMKUSLMFZLvegb4gL0%2F3uFK9CcnPbp9%2BPYlvwG2J1Jb4SP1K0NUPh%2FdMQQ7vmcKRJ%2BtppmK1xyY7vp%2BxTF797n25WxgrVu66wbdv8wkwKR9vSpetskSopOvI93eUENIuG8sl%2BXnFbcloI3fbd3Kb5OnqxjvLK3FqpXPKJCMwNSbk87%2FB1Zg8%2F%2BKX0%2F974%2BgtKDuCzUvE%2BRmZBZQZgaf7cOmcvzMEVs9notRDkZdDW4vmj1oRaDnvWVTC%2FaeP5vWBe4iu9cCyB0jiEj1boqdLMD2Ay68Os9Se3f4jmAYi7Q0jbb3DSFv9xaW5Tp1X6n4oW1GryYWIJBd%2Bsxa0AkprQoTNtvTbyNxY6s82%2FwUAAP%2F%2FAQAA%2F%2F854uIrlwQAAA%3D%3D
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerLet's Encrypt
Subjectvintageperk.com
FingerprintB5:A1:A6:63:12:26:F5:61:29:1F:59:C4:11:C1:FE:AC:D3:A9:0F:75
ValidityTue, 28 Nov 2023 10:47:12 GMT - Mon, 26 Feb 2024 10:47:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSu3o0nRVj14kEY1IUVzKR6uufXLri4rpFgTMJuJOfqqppJmequtqp7epJTcEH3JCNe1FPnm2SDuqj7Bwgy8RICguNBcjB3z8KeZSYDow%2Bq3nv1vcP3fa8%2BPcgviI%2BcnW98YPaU1mypXqWVG1sqEaZwlbXNik%2Br9FZlSyWN8FalP7ls76ZP61X6RuU9yXfMUo36lPrUrywrKzumvzRFodLHbb%2FaptWwVvXrIfr2%2F73LPTjmQfQuyAtQYvzM9ukTKD5CEv90V7qdzKRvvhvnmmXGoieOP0x2ElMkiOdlx3roJMezaRg3JuSrKzDJ8UwBTO9wogCRGhPvTx9Rcjyjiah3dMk00pAJIvEsit4IUo%2Bg2AjcPIASvxOAC6ytI4kfrRlbsN1LlE3QMVl4%2Bg9UMSYLf72EJP7hjlb9yn2j80yZxKHfKaH6I6juCGl%2BgmzPgypOwLNPoMRvZOnpKpL4cN1pAyXOX6%2FTWisSkVhsNrlYDH0hF6N2I1wMfB7KBqX1sMGnFik1guqMoOUAzHnIJ0d5yDse8tRDLM4rrN7uUNrsRJ0gaIWc8yDgvN5qiLoIwlaHIucTDQNk6QBcD8DtPlK7jx01gM1%2Fgdsu4YQHlxH0RIlCEhSOoGAEhSIoMoKiVx4J7WqufCS0yyN%2FlmuzHJRDk3UP2JHJujIhYHZwkF6QaxPzvNdeXcCOPK%2FUOA0aVIogiGgUNoNGq96mLZ83qd9ps7YPp0ood2UqdU%2BNyfWPbyNVY%2FLc6TVE7AROn4Cr62D5K2DFsFmjYNvDsEWxl%2FzoC2OEy6xkcZWbGMKUSLMFZLvegb4gL0%2F3uFK9CcnPbp9%2BPYlvwG2J1Jb4SP1K0NUPh%2FdMQQ7vmcKRJ%2BtppmK1xyY7vp%2BxTF797n25WxgrVu66wbdv8wkwKR9vSpetskSopOvI93eUENIuG8sl%2BXnFbcloI3fbd3Kb5OnqxjvLK3FqpXPKJCMwNSbk87%2FB1Zg8%2F%2BKX0%2F974%2BgtKDuCzUvE%2BRmZBZQZgaf7cOmcvzMEVs9notRDkZdDW4vmj1oRaDnvWVTC%2FaeP5vWBe4iu9cCyB0jiEj1boqdLMD2Ay68Os9Se3f4jmAYi7Q0jbb3DSFv9xaW5Tp1X6n4oW1GryYWIJBd%2Bsxa0AkprQoTNtvTbyNxY6s82%2FwUAAP%2F%2FAQAA%2F%2F854uIrlwQAAA%3D%3D HTTP/1.1
Host: vintageperk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Cookie: u_pl=19079684; uid_id2=5028bdbd-77cd-41de-b964-31c4e600546c:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 03 Dec 2023 13:49:09 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ff6565d79ad4946585133e4a3cb242ce
Strict-Transport-Security: max-age=0; includeSubdomains

pogothere.xyz/asd100.bin

188.114.96.1

200 OK

102 kB

URL GET HTTP/2
pogothere.xyz/asd100.bin
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
data
Size
102 kB (102400 bytes)
Hash
4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 13:49:07 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://ds2play.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4235
last-modified: Sun, 03 Dec 2023 12:38:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7KyuuRN1BnFurW7%2BC%2BV0gfjNPcdYHFEbHDDx7Dda%2FdzEugd8iC5twRtOduhdDO1deVTffk7Hm1vsn8Qs1ja3xoDXRpM69VaK42%2FST0qPVM3zDswAMWozMe28CTJc91LO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc4566cbf94e16-HEL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

6.8 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (7013), with no line terminators
Size
6.8 kB (6824 bytes)
Hash
49475c425d6c00477bb339179326c49b
bd97deeb753f44f43a21feafa92d98239fa511bd
598841a98ad357d2896d2f093ea3e4e1d44e24b3351268ffd45e61ff8c1d0e09

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 03 Dec 2023 13:49:08 GMT
date: Sun, 03 Dec 2023 13:49:08 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/si/4e/b1/f1/4eb1f1de42ba3375f4b2997b1a0c5a67/1693985457.png

45.133.44.10

200 OK

90 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/4e/b1/f1/4eb1f1de42ba3375f4b2997b1a0c5a67/1693985457.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
90 kB (90219 bytes)
Hash
244738db49895149a5f33cac7c149c14
1522953f8cdeff71c2db69c961c1eea7d81a5b71
0ad9265695a93c9e08be0b194486020d0fcaeb38bcefb27acd5a84c66af95356

HTTP Headers

GET /si/4e/b1/f1/4eb1f1de42ba3375f4b2997b1a0c5a67/1693985457.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 13:49:08 GMT
content-type: image/png
content-length: 90219
server: nginx/1.21.6
last-modified: Wed, 06 Sep 2023 07:31:07 GMT
etag: "64f82abb-1606b"
expires: Tue, 05 Dec 2023 13:49:08 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

pogothere.xyz/asd100.bin

188.114.96.1

200 OK

102 kB

URL GET HTTP/2
pogothere.xyz/asd100.bin
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
data
Size
102 kB (102400 bytes)
Hash
4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 13:49:07 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://ds2play.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 4235
last-modified: Sun, 03 Dec 2023 12:38:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VEGPogaWZzrCtAygGCdaWxyrl8QvrKuNpuaasP%2BAnrtQuAY5PA7Z%2BIuKPC10ckdFQKOIYe%2Bl3Ofh5DbsYVG8KJSKGe9y%2FLDAjwRG40d%2BMe25YyY5wTKkzW6ikRzljpRQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc4566dc094e16-HEL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.barscreative1.com/sb/au/29/79/b6/2979b6cd81afad6251e222515b2d8311/1663145782.html

45.133.44.3

200 OK

1.8 kB

URL GET HTTP/2
cdn.barscreative1.com/sb/au/29/79/b6/2979b6cd81afad6251e222515b2d8311/1663145782.html
IP
45.133.44.3:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
Fingerprint55:06:B7:F1:EF:E9:55:FB:7C:8C:4F:5D:DB:05:C9:15:19:90:9B:2F
ValiditySat, 11 Nov 2023 03:00:51 GMT - Fri, 09 Feb 2024 03:00:50 GMT

File type
HTML document, ASCII text, with very long lines (1887), with no line terminators
Size
1.8 kB (1775 bytes)
Hash
ad060cdf961dc780713500620212dfd2
00dff11f954cb93349d081333ba22779b5380de1
5975e0efdf299d5ab9695c6be88a67b29bd4e044aadc6af993f5102a3eb894f4

HTTP Headers

GET /sb/au/29/79/b6/2979b6cd81afad6251e222515b2d8311/1663145782.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 13:49:08 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Wed, 14 Sep 2022 08:56:26 GMT
etag: W/"6321973a-6ef"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Sun, 03 Dec 2023 14:49:08 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/img/arrow.png

172.64.108.10

200 OK

2.3 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/notifications/text_bubble/2/img/arrow.png
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
PNG image data, 52 x 81, 8-bit/color RGBA, non-interlaced\012- data
Size
2.3 kB (2332 bytes)
Hash
41109abf05740798aa2e66a3e938c8de
706e93332bf4819e9f4059765340cf97981bd1fe
2fbf669490df5b04badb9886ca664dbd9a0d66e0ecdc951b822feb6089fac0ea

HTTP Headers

GET /sb/ssp/notifications/text_bubble/2/img/arrow.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 13:49:08 GMT
content-type: image/png
content-length: 2332
last-modified: Tue, 12 Jul 2022 10:56:23 GMT
etag: "62cd5357-91c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2103459
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UtfdE6xL3b1cto3Vw0d4j8GboyHNAHgppqToFbk%2FluMxKganeFjHa3bTvRY1wu%2BGYklHWK9zabm%2Fu0MbYrHSqKWmiapFiXzoUvBEdwnmLaPjj71RQJGABY3kbyd%2F6RC1WnKw0925HRP5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc457119ab6553-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

friendshipmale.com/sfp.js

104.21.234.33

200 OK

86 kB

URL GET HTTP/2
friendshipmale.com/sfp.js
IP
104.21.234.33:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/f/rep3be40o9
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type

Size
86 kB (85468 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 03 Dec 2023 13:49:06 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 96ef2f6a98a026fabd31755965294c58
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 03 Dec 2023 13:49:06 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NV5rQfa6S95MDngP0qqEuDO%2FqIe1MXpm28jGPSFm3AlLcwSf2L%2BMTlVYxwoLpveteWysYQHeiJjdHRYmE2ddKafZSWQAhrRUYx2xTqux7lfOc2Cs0gxg1Cp77k93JA%2Bdt%2Bk%2F1Hs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82fc4563fc7734b0-WAW
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN