Report - ds2play.com/e/9yt5jzmpc8q1

Report Overview

Visited public
2023-11-04 04:19:09
Tags
URL
ds2play.com/e/9yt5jzmpc8q1
Finishing URL
ds2play.com/e/9yt5jzmpc8q1
IP / ASN
172.67.70.18
#13335 CLOUDFLARENET
Title
Gf Big Tits Jiggle When You Fuck - DoodStream

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
i.doodcdn.co	unknown	2022-04-23	2022-05-04 16:24:43	2023-11-03 08:19:01	2.6 kB	452 kB	104.26.6.74
img.doodcdn.co	unknown	2022-04-23	2022-05-04 16:24:45	2023-11-03 12:38:26	902 B	63 kB	104.26.6.74
ds2play.com	unknown	2023-08-04	2023-08-04 14:22:19	2023-11-03 20:10:23	1.5 kB	18 kB	104.26.8.170
professionalswebcheck.com	unknown	2022-04-01	2022-04-02 00:47:29	2023-11-03 19:26:43	428 B	418 B	18.159.217.114
orgotitedu.info	unknown	2023-10-04	2023-10-12 13:53:54	2023-11-03 06:28:22	1.4 kB	2.6 kB	54.230.111.38
accounts.google.com	81	1997-09-15	2016-03-20 13:44:49	2023-11-04 04:11:27	3.7 kB	11 kB	142.250.74.109
i.doodcdn.com	56705	2020-01-30	2020-04-06 17:51:16	2023-11-03 08:19:02	432 B	1.3 kB	104.21.34.210
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-11-03 19:32:35	872 B	31 kB	104.17.25.14
whofiguredso.org	unknown	2023-09-30	2023-10-22 10:34:09	2023-11-04 00:08:52	1.1 kB	1.1 kB	172.67.131.129
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21 01:06:24	2023-11-04 03:29:31	340 B	942 B	54.230.218.11
waisheph.com	74994	2020-11-23	2020-12-10 01:25:39	2023-11-03 17:52:30	828 B	31 kB	139.45.197.245
yg586kzo.video-delivery.net	unknown	2023-08-07	2023-08-13 16:22:17	2023-09-27 04:29:32	403 B	16 kB	51.255.94.52
friendshipmale.com	unknown	2022-10-21	2022-10-21 14:15:25	2023-11-04 00:08:52	399 B	86 kB	172.64.99.2
pogothere.xyz	unknown	2022-08-22	2022-09-04 21:11:25	2023-11-04 00:08:52	836 B	104 kB	172.64.200.15
d3eub2e21dc6h0.cloudfront.net	unknown	2008-04-25	2023-10-02 21:01:08	2023-11-03 05:26:15	1.7 kB	72 kB	54.230.241.107
worstideatum.com	unknown	2023-07-20	2023-07-20 12:56:13	2023-11-03 06:28:21	406 B	1.4 kB	23.109.87.154
forfeitsubscribe.com	unknown	2023-05-31	2023-05-31 21:31:25	2023-11-03 06:28:21	437 B	13 kB	192.243.61.225
ytimewornan.org	unknown	2023-09-30	2023-10-22 10:41:09	2023-11-04 01:38:36	915 B	1.8 kB	143.204.55.129

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-03	medium	forfeitsubscribe.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (21)

	URL	From	Size	First Seen	Last Seen
	orgotitedu.info/ZEduOHUFJQ1VSgV6DB4AFitTHUciYlx+EVciG1pHAXVfXBZSL14WFggoG1wTFigATFsKIhodRyIQC20vPRM5SxQvEzdKIyV3GGg9JiY9YC8XIThAOD0DJx1HJgUsW0c+FC9fPld/JXMMCy0kaRI9Ez8ITTQPLFotHShbcQIcAjd8RQ4EK2pGAi4ZaDJXMx1ZDVwNJWw7EwI/dQY0FD9xMh5zSwo3LQJedT9WEgl6NCkxIHswLx8maRABAjhyLFY3V2kCInQPbx09CFx2BAIWDWk+J3dfbB4QdSdwIwANAHoGBQEJDyxWN1d/JF0tD08NBRQ2AUcCEiRbESNqCUkxDCgadkcMHT4LJwshKEw/AHUGACEPM1xoHDUdJns0Vwk7DTklAAIAIggjXF4fDBA9eVMONAFWBVkqJWpMNiEvYhY0Eg	ScriptElement	3.0 kB	2024-08-20	2024-08-20
Pretty URL orgotitedu.info/ZEduOHUFJQ1VSgV6DB4AFitTHUciYlx+EVciG1pHAXVfXBZSL14WFggoG1wTFigATFsKIhodRyIQC20vPRM5SxQvEzdKIyV3GGg9JiY9YC8XIThAOD0DJx1HJgUsW0c+FC9fPld/JXMMCy0kaRI9Ez8ITTQPLFotHShbcQIcAjd8RQ4EK2pGAi4ZaDJXMx1ZDVwNJWw7EwI/dQY0FD9xMh5zSwo3LQJedT9WEgl6NCkxIHswLx8maRABAjhyLFY3V2kCInQPbx09CFx2BAIWDWk+J3dfbB4QdSdwIwANAHoGBQEJDyxWN1d/JF0tD08NBRQ2AUcCEiRbESNqCUkxDCgadkcMHT4LJwshKEw/AHUGACEPM1xoHDUdJns0Vwk7DTklAAIAIggjXF4fDBA9eVMONAFWBVkqJWpMNiEvYhY0Eg IP 54.230.111.38 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 20:59 Last Seen2024-08-20 20:59 Times Seen1 Hash 65d4c4806551588f5091bf0250da30f1 2b542f904f9585713b36300b4e7b3151fb954375 8366c389f4b4b01ea5403d1daf3e7789d3a1ff88314702e8d4a15fcb7b5fbf62 Loading...

	d3eub2e21dc6h0.cloudfront.net/4dFhSR0sXNzwhdAAxNnp6RGhmd3xDfjg0JBoobwwOJWACKTIDM2MDchI7E2E/Djxvd20YOTwgdlI9PCR2RX4zIylJbHQyKkk1PT0iGDQzYnkybXx3bkZoej96RX1hBW5GaD4uJQEgd3V7DGBkGH1AfWEFbkZoIDFuRxljd3JaaHtieUQ/NyQgG31gAXlEaW-J3ekRpd3V7EjEgIi0bIHd1DUVpY2l7Ui1vdg	ScriptElement	299 B	2023-11-04	2023-11-04
Pretty URL d3eub2e21dc6h0.cloudfront.net/4dFhSR0sXNzwhdAAxNnp6RGhmd3xDfjg0JBoobwwOJWACKTIDM2MDchI7E2E/Djxvd20YOTwgdlI9PCR2RX4zIylJbHQyKkk1PT0iGDQzYnkybXx3bkZoej96RX1hBW5GaD4uJQEgd3V7DGBkGH1AfWEFbkZoIDFuRxljd3JaaHtieUQ/NyQgG31gAXlEaW-J3ekRpd3V7EjEgIi0bIHd1DUVpY2l7Ui1vdg IP 54.230.241.107 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-04 05:19 Last Seen2023-11-04 05:19 Times Seen1 Hash 8be480e01dd2461c91134145f06f9efb e915c1e7751b1f8bd4deb060dc88ca50b4200ffe 3211f91f97aa77e47f8872629e03a5d40aa3f2dea7fd81837b671490a4e2e68e Loading...

	d3eub2e21dc6h0.cloudfront.net/WeUZYTWsaKTYrVA0vPHBaSXZsfVxMYDI+BBc2ZSAgK38KKyojJQgYTQ08PHBbXyo5IwxEYD0jCER3fiwPG3tsax8JKTNwEQMsPSQIGz4+IE0MJ2UgBAMvNCEKXHQeeEVJY2p9QwF3aWhYO2NqfQcQKC01Tkt2IHVdJnBsaFg7Y2p9GQ9jawxaSX92fUJcdG-gqDhotN2hZP3RofFtJd2h8Tkt2PiQZHCA3NU5LAGl8Wld2fjhWSA	ScriptElement	819 B	2023-11-04	2023-11-04
Pretty URL d3eub2e21dc6h0.cloudfront.net/WeUZYTWsaKTYrVA0vPHBaSXZsfVxMYDI+BBc2ZSAgK38KKyojJQgYTQ08PHBbXyo5IwxEYD0jCER3fiwPG3tsax8JKTNwEQMsPSQIGz4+IE0MJ2UgBAMvNCEKXHQeeEVJY2p9QwF3aWhYO2NqfQcQKC01Tkt2IHVdJnBsaFg7Y2p9GQ9jawxaSX92fUJcdG-gqDhotN2hZP3RofFtJd2h8Tkt2PiQZHCA3NU5LAGl8Wld2fjhWSA IP 54.230.241.107 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-04 05:19 Last Seen2023-11-04 05:19 Times Seen1 Hash e7a029ccb6f07793998816682ffeddba 332c7736b83becba56d0bcca8af07a8dc00106d5 9f0353cd7eff02f975efa950b0ee2e17a60c9c665240f8126af32ae7e5017ea1 Loading...

	i.doodcdn.co/ads/ad.js	ScriptElement	18 B	2023-03-07	2024-11-23
Pretty URL i.doodcdn.co/ads/ad.js IP 104.26.6.74 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:38 Last Seen2024-11-23 09:20 Times Seen1039 Hash 071c641b229d2bfadd243b8fa2a9c88d 4048ed3ad506f9bb9052c23283912d0cfea8bcc6 3716878d3ceb2042b22c092b31c6f43cc862f8464e92ddde416a49624b32716e Loading...

	ds2play.com/e/9yt5jzmpc8q1	ScriptElement	8.9 kB	2024-08-20	2024-08-20
Pretty URL ds2play.com/e/9yt5jzmpc8q1 IP 104.26.8.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 20:59 Last Seen2024-08-20 20:59 Times Seen1 Hash 68a0433aebae97ac90978c42525c73ad 7627f70927e1fb58d3a702189f9de6c70b4649ef abd1e57d3800bd1058ae83bd120c5e692688e7bf6deef44ba018eaab88c9d836 Loading...

	ds2play.com/e/9yt5jzmpc8q1	ScriptElement	89 B	2023-03-07	2025-05-02
Pretty URL ds2play.com/e/9yt5jzmpc8q1 IP 104.26.8.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:38 Last Seen2025-05-02 04:40 Times Seen314 Hash 8abe9eec1ba57b567ee2e31a4885617a 45ce82d218b59eb6ee37cb901c0176a411ee495b a65a6eae59fdb9f2da6741be68f499882bbd7f49e303d21c9b4b6aa29f6c3c72 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js	ScriptElement	1.3 kB	2023-03-07	2025-05-02
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2025-05-02 04:40 Times Seen6316 Hash 4412bf8023109ee9eb1f1f226d391329 c273960aa874a87dd022b5e597887142f1b8e34f d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6 Loading...

	d3eub2e21dc6h0.cloudfront.net/?ebued=1004075	ScriptElement	210 kB	2023-11-04	2023-11-04
Pretty URL d3eub2e21dc6h0.cloudfront.net/?ebued=1004075 IP 54.230.241.107 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-04 05:19 Last Seen2023-11-04 05:19 Times Seen1 Hash a65b65b11b513bb33498c2d71cacd8ce 52469f39315fb5a05fd8316a353313669964902b 9f6e87266644b11a53f20e8a6a17cf3671d73c1885c7c2279e1506df455018d7 Loading...

	ds2play.com/e/9yt5jzmpc8q1	ScriptElement	3.3 kB	2024-08-20	2024-08-20
Pretty URL ds2play.com/e/9yt5jzmpc8q1 IP 104.26.8.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 20:59 Last Seen2024-08-20 20:59 Times Seen1 Hash e30eea68e42576ac9f983885e9ec8ee3 8260cc1825846dd94ce59fe58355126f7686270b 34380ee264076b3a174f8e61ec009bd991d87588c432597efeef039f6df9a059 Loading...

	forfeitsubscribe.com/2c/03/60/2c0360ed33b0b4736859081c701f9a91.js	ScriptElement	36 kB	2023-10-29	2023-11-04
Pretty URL forfeitsubscribe.com/2c/03/60/2c0360ed33b0b4736859081c701f9a91.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-29 09:22 Last Seen2023-11-04 05:19 Times Seen2 Hash d8d44b83cfaa64b35328df66e8d208f4 1f40fc8722e8f1246e4fd27fb6576f4012edb053 2307310aab565f7fafcfdb77c57afc84dfe362584326a99715e7479d3e40c8e0 Loading...

	ds2play.com/e/9yt5jzmpc8q1	ScriptElement	474 B	2024-08-20	2024-08-20
Pretty URL ds2play.com/e/9yt5jzmpc8q1 IP 104.26.8.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 20:59 Last Seen2024-08-20 20:59 Times Seen1 Hash 2e29dc6c571be3e0785ff43e60a3c565 56a19a325411b7c47623a80f005c8e47411944a0 f883b32a1b2900d2350eed2d6084137385b58ac83369a0d1bbf2ce37e2561814 Loading...

	ds2play.com/e/9yt5jzmpc8q1	ScriptElement	59 kB	2023-11-04	2024-08-20
Pretty URL ds2play.com/e/9yt5jzmpc8q1 IP 104.26.8.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-04 02:41 Last Seen2024-08-20 21:00 Times Seen8 Hash 44f64277861c8bfcf854fa863dc937b0 18391743688a513a96952fc105e66192ee8e7a16 ffc3f683113ae39055156e45cf87b6e5ec084739bc437c50ccea62e3a6801e80 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-05-02
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-02 04:40 Times Seen107357 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	ds2play.com/e/9yt5jzmpc8q1	ScriptElement	445 B	2023-11-04	2024-08-20
Pretty URL ds2play.com/e/9yt5jzmpc8q1 IP 104.26.8.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-04 02:41 Last Seen2024-08-20 21:00 Times Seen8 Hash b81b855bfa786cda338f25676f6157ed dec1d526414bad7d09ad8fcd26d6d41fb503eb7f 56fe8b04afefa2057557600ef1f4f60f60ecffb7cd6549a90e972251f328245e Loading...

	ds2play.com/e/9yt5jzmpc8q1	ScriptElement	91 kB	2024-08-20	2024-08-20
Pretty URL ds2play.com/e/9yt5jzmpc8q1 IP 104.26.8.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 20:59 Last Seen2024-08-20 20:59 Times Seen1 Hash 59fd5367e9c31e4b49f16d92ddbcc101 12fb2a519b5bce4fc51b72b2bc17bde3e536fc0d be57097214a30b8b0ff764603d16529ca5d6d6b3ef71137c401eeeb015f1e804 Loading...

	ds2play.com/e/9yt5jzmpc8q1	ScriptElement	7.4 kB	2024-08-20	2024-08-20
Pretty URL ds2play.com/e/9yt5jzmpc8q1 IP 104.26.8.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 20:59 Last Seen2024-08-20 20:59 Times Seen1 Hash ffd72a27c030aaf527588ad9f55a9500 b12e51c4abf60359fdbbd1517a06316ad55fd27b b795c753e32053324fc03432c60de796817fa725f4a70fcadbfdfa649fb1b4aa Loading...

	i.doodcdn.co/js/embed2.js	ScriptElement	339 kB	2023-03-07	2024-08-21
Pretty URL i.doodcdn.co/js/embed2.js IP 104.26.6.74 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:55 Last Seen2024-08-21 09:44 Times Seen347 Hash cac27d72c22014f70500e507a7a82231 edcac36287bfc654b2ee6c0fe0727cdc725a9fe5 01c49e02b98bc8a4275650b65787cdd100c362abc7e54e8b9e99396b6117c2c6 Loading...

	ds2play.com/e/9yt5jzmpc8q1	ScriptElement	1.1 kB	2023-03-07	2025-05-02
Pretty URL ds2play.com/e/9yt5jzmpc8q1 IP 104.26.8.170 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:38 Last Seen2025-05-02 04:40 Times Seen513 Hash 03bde3f47a1de6d6bbb4080164998f5a 8e400821b54fc1fcc03b0275c76501e774fb0296 715a69ad0dde031798fbaa69e1250c2d714c8793c5ec33650056e453c5a70b49 Loading...

	ytimewornan.org/Z0w3b0wGLlQCcwZxVUk5FSAKSn4haQUpKFQpQg1+An4GCy9RJAdBLwsjQgsqFSNZG2IJKUNKfiF4UykkNB4HHBQpNkAHKCYNTyEiF3plKCQKKAQXCAEmUF8GJSNYDTsQA304DSQHYyYIKn56Ky8PBQAqfiJpBSkIDTRBC35XFXg7OwAoWyZ1Nw9lXR4/eE0mNQsGVScdHgdcBH03GAcGCyMdTTYiDDVVNzRULlw1IwImDlkeP31fLRtSC1YreBIGZiorA39hWAggDlwoBFYNUTgJIS5cNSMuCHEaHh8gXQt/LS1WJzgOKWI+aVUKeRYdAAsEXismFFsqLTBhfVwpDB5HC38xe3IFCQAFXl8uLgRTXggyGkc2fgt7YgZ9EShQSSYUI1kfcSwJZlccCTVABH0jdVEMDQ	ScriptElement	3.0 kB	2024-08-20	2024-08-20
Pretty URL ytimewornan.org/Z0w3b0wGLlQCcwZxVUk5FSAKSn4haQUpKFQpQg1+An4GCy9RJAdBLwsjQgsqFSNZG2IJKUNKfiF4UykkNB4HHBQpNkAHKCYNTyEiF3plKCQKKAQXCAEmUF8GJSNYDTsQA304DSQHYyYIKn56Ky8PBQAqfiJpBSkIDTRBC35XFXg7OwAoWyZ1Nw9lXR4/eE0mNQsGVScdHgdcBH03GAcGCyMdTTYiDDVVNzRULlw1IwImDlkeP31fLRtSC1YreBIGZiorA39hWAggDlwoBFYNUTgJIS5cNSMuCHEaHh8gXQt/LS1WJzgOKWI+aVUKeRYdAAsEXismFFsqLTBhfVwpDB5HC38xe3IFCQAFXl8uLgRTXggyGkc2fgt7YgZ9EShQSSYUI1kfcSwJZlccCTVABH0jdVEMDQ IP 143.204.55.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 20:59 Last Seen2024-08-20 20:59 Times Seen1 Hash e78b9e5a249a3673a1c2b6445e2aa173 cc92d2734e2661244ccef3cd4e9f9ac481cde75e f92afb1cb1159c37e38cd440b8c33c5e571bae5e1f8fb1cdee19b73eb865a429 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 23721a5c425771d023f5de98e50d2191	168 B	2023-10-19 00:09	2024-08-21 04:10
Pretty Observations First Seen2023-10-19 00:09 Last Seen2024-08-21 04:10 Times Seen79 Hash 23721a5c425771d023f5de98e50d2191 5ecfa9d10a1dbc6c0c6a6cadd8c7501c3af3c459 adda9ddad88430d5686a8793ef8c3774fde634c16d0841d87a2a61ad76dd9d8f Loading...

	#2 Eval - 135cb58f050a3182e16b3f759833a3de	123 B	2023-10-19 00:09	2024-08-21 04:10
Pretty Observations First Seen2023-10-19 00:09 Last Seen2024-08-21 04:10 Times Seen132 Hash 135cb58f050a3182e16b3f759833a3de 05d877cffd12700e94048715cd364f6c52684b78 d7c0bc8ee7c99a550ba5056de0c459033cd25a3a486d31ce0b3a92c5d4d4e55e Loading...

HTTP Transactions (38)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

104.17.25.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65451)
Size
28 kB (27958 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 Nov 2023 04:18:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 859257
expires: Thu, 24 Oct 2024 04:18:50 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vPs2a8Hw1HvJxDwxVEyKwrxj1OHRXnAy77a4vP2%2BDmDspH3%2Bqe9K%2FpeeVuW4y9keB4JNrsBnpx64Zx7SjItJ458Kh%2FICg9nMZi5kJln4VMtISzonKScJh7PRLKmVpMtrL6RvTtIu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 820a0e2ba81ab511-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js

104.17.25.14

200 OK

591 B

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1266)
Size
591 B (591 bytes)
Hash
4412bf8023109ee9eb1f1f226d391329
c273960aa874a87dd022b5e597887142f1b8e34f
d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6

HTTP Headers

GET /ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 Nov 2023 04:18:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 591
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec1-514"
last-modified: Mon, 04 May 2020 16:11:45 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 607168
expires: Thu, 24 Oct 2024 04:18:50 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1ImJMTawrTulQ%2FYh2XaQSjuhKXXnNSkmhT%2Bp1Aoqa2pOLYmVCgSmWEzPjEWIY2fRMs5l9ShGO5%2Bx7%2BzXPByt6%2BfA4sZ7%2BrKr51w04eR36Fhvo8BVj0ORvv8kuUz0ZcJLW%2BIBO%2FiV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 820a0e2bc824b511-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

i.doodcdn.co/img/no_video_3.svg

104.26.6.74

200 OK

2.8 kB

URL GET HTTP/2
i.doodcdn.co/img/no_video_3.svg
IP
104.26.6.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (2789)
Size
2.8 kB (2812 bytes)
Hash
077bfdaa49ae4877a42611b739ec4752
a2f9e1222b7af9abc05122411ab8902efcc08ead
70d6a17097a8c27edfaad6740e11359d9363f3f04bff1b93483e29c25609fa6c

HTTP Headers

GET /img/no_video_3.svg HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Nov 2023 04:18:50 GMT
content-type: image/svg+xml
content-length: 2812
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
etag: "61d3187c-afc"
expires: Sun, 03 Dec 2023 09:08:53 GMT
cache-control: public, max-age=2592000, no-transform
access-control-allow-origin: *
cf-cache-status: HIT
age: 68967
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JAYjyXgYXr543xnQLzOalPgTP0c4o0zRwSN4fiyGgiLjABJjJbtPJur%2B2lsJM1UA%2BJKSBqs%2F2Nd4HfQjVebXkVfM2jNqa%2FyQb4XZSsVjA5De882zRg8V5RVVM66sCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 820a0e2bcbf3b4fa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

i.doodcdn.co/ads/ad.js

104.26.6.74

200 OK

18 B

URL GET HTTP/2
i.doodcdn.co/ads/ad.js
IP
104.26.6.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
18 B (18 bytes)
Hash
071c641b229d2bfadd243b8fa2a9c88d
4048ed3ad506f9bb9052c23283912d0cfea8bcc6
3716878d3ceb2042b22c092b31c6f43cc862f8464e92ddde416a49624b32716e

HTTP Headers

GET /ads/ad.js HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 Nov 2023 04:18:50 GMT
content-type: application/javascript
content-length: 18
access-control-allow-origin: *
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=20
expires: Sat, 02 Nov 2024 09:08:53 GMT
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
vary: User-Agent,Accept-Encoding
cf-cache-status: HIT
age: 68967
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T%2BADtBo7F1HRO9lUfHsA6HA8lOTiejpT3TQeuMeBckWgEwAqj1Hb1gFIfuAxTGardduhE9eZl51wuMIPivOykO7pUbFBDcQ2%2FtlmT475wEsbVLMoc0WZHnp6uJV9Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 820a0e2bdbf6b4fa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

i.doodcdn.co/js/embed2.js

104.26.6.74

200 OK

339 kB

URL GET HTTP/2
i.doodcdn.co/js/embed2.js
IP
104.26.6.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Size
339 kB (339271 bytes)
Hash
cac27d72c22014f70500e507a7a82231
edcac36287bfc654b2ee6c0fe0727cdc725a9fe5
01c49e02b98bc8a4275650b65787cdd100c362abc7e54e8b9e99396b6117c2c6

HTTP Headers

GET /js/embed2.js HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 Nov 2023 04:18:50 GMT
content-type: application/javascript
content-length: 339271
access-control-allow-origin: *
cache-control: public, max-age=2592000, no-transform
cf-bgj: minify
cf-polished: origSize=339527
etag: "61d3187c-52e47"
expires: Sat, 02 Dec 2023 11:15:10 GMT
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
cf-cache-status: HIT
age: 68977
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2CF7sb44KPrKUGAzYGlxBhoIaE8FNjx9EstTcNQdolvMjXtULuzZ4Gz05fIxm8NRubVnOcTCYxirSlvyFXgnPHuOY%2FGBIPAH%2Bdc6WxSvv9PFoXj%2FpvZOwveu%2FK2tJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 820a0e2bcbf2b4fa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

img.doodcdn.co/splash/xqxqb214egn0782h.jpg

104.26.6.74

200 OK

31 kB

URL GET HTTP/3
img.doodcdn.co/splash/xqxqb214egn0782h.jpg
IP
104.26.6.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 427x715, components 3\012- data
Size
31 kB (30550 bytes)
Hash
da0e339a33415b7b0cbb552e6401b11e
2f23a5fe4ef0dafdbf26162ec94ff44a5eeabfa8
1687c4a411fafdb34b437e6de0c0b95ebf3f6eeea63d8401e5cd6fec5ce0d0ff

HTTP Headers

GET /splash/xqxqb214egn0782h.jpg HTTP/1.1
Host: img.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Nov 2023 04:18:50 GMT
content-type: image/jpeg
content-length: 30550
access-control-allow-origin: *
cache-control: max-age=1209600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=30995
etag: "64f1faf5-7913"
expires: Fri, 17 Nov 2023 18:05:25 GMT
last-modified: Fri, 01 Sep 2023 14:53:41 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=txP68mgHPMghwqZ9f4BqGjWXdaN02oCRdT7WSIDobT%2FzV4f76oRO4zr0rme%2BJSVWnxjSRLmbc1StMEpZUKdNi1926Ho9IzdZTWNR%2BOS2Cc%2BKRon0ZJS8UVvTB1%2FwkEgo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 820a0e2bdbf5b4fa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

d3eub2e21dc6h0.cloudfront.net/?ebued=1004075

54.230.241.107

200 OK

70 kB

URL GET HTTP/2
d3eub2e21dc6h0.cloudfront.net/?ebued=1004075
IP
54.230.241.107:443
ASN
#16509 AMAZON-02

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (15948)
Size
70 kB (69550 bytes)
Hash
a65b65b11b513bb33498c2d71cacd8ce
52469f39315fb5a05fd8316a353313669964902b
9f6e87266644b11a53f20e8a6a17cf3671d73c1885c7c2279e1506df455018d7

HTTP Headers

GET /?ebued=1004075 HTTP/1.1
Host: d3eub2e21dc6h0.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 69550
date: Sat, 04 Nov 2023 04:18:51 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8IBNBPRb3YYwBkkYjIMYlsNMfwYILIYm6Po24PiKl2dp0flLdtO6pQ==
X-Firefox-Spdy: h2

worstideatum.com/reA3n475k3U/70849

23.109.87.154

200 OK

20 B

URL GET HTTP/1.1
worstideatum.com/reA3n475k3U/70849
IP
23.109.87.154:443
ASN
#7979 SERVERS-COM

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerLet's Encrypt
Subjectworstideatum.com
Fingerprint56:54:A5:6C:79:64:02:44:9A:17:E2:08:6E:8F:36:A8:14:F4:83:BE
ValidityWed, 27 Sep 2023 23:17:51 GMT - Tue, 26 Dec 2023 23:17:50 GMT

File type
gzip compressed data, from Unix\012- data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /reA3n475k3U/70849 HTTP/1.1
Host: worstideatum.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Nov 2023 04:18:51 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ds2play.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jU1Sg0AQhSH8RQ1oV3EAj8AQMcnSTVbegZphGhwD06lmQuLtHa3S3fteffVeEASr8hHCJY0husgGnl8aXe97Ve31tsZq34vda9UoIbp6u1PycIA7M7dOqhFdDOt5kuxat8SwGdAim67tSGMOT976a06WrjaGRLG0Oodk8saYQ6aYrjNyGUFs5YSQHQ1jTzdvyE9iiIQQPhvrc1jBiuYyKu4heTf2cis2aVAUaQAP51G6nnhqjfaYDCw1QvgG6046HIi%2FINM4nxydAWjU7b%2F%2Fe5qMP2uQalxM55HcB%2FI3ouZOdQ%3D%3D; expires=Sun, 05-Nov-2023 04:18:51 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Sun, 05-Nov-2023 04:18:51 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

forfeitsubscribe.com/2c/03/60/2c0360ed33b0b4736859081c701f9a91.js

192.243.61.225

200 OK

13 kB

URL GET HTTP/1.1
forfeitsubscribe.com/2c/03/60/2c0360ed33b0b4736859081c701f9a91.js
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerLet's Encrypt
Subjectforfeitsubscribe.com
Fingerprint65:BE:57:54:30:D3:E8:59:82:44:11:D4:47:0E:B6:94:40:3E:D2:1D
ValidityFri, 29 Sep 2023 06:32:51 GMT - Thu, 28 Dec 2023 06:32:50 GMT

File type
ASCII text, with very long lines (35627), with no line terminators
Size
13 kB (12557 bytes)
Hash
d8d44b83cfaa64b35328df66e8d208f4
1f40fc8722e8f1246e4fd27fb6576f4012edb053
2307310aab565f7fafcfdb77c57afc84dfe362584326a99715e7479d3e40c8e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /2c/03/60/2c0360ed33b0b4736859081c701f9a91.js HTTP/1.1
Host: forfeitsubscribe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 Nov 2023 04:18:51 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 21e2a6ed824e725175abc7eba59fb123
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

i.doodcdn.co/fonts/avertastd-regular-webfont.woff2

104.26.7.74

200 OK

24 kB

URL GET HTTP/3
i.doodcdn.co/fonts/avertastd-regular-webfont.woff2
IP
104.26.7.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 23812, version 1.524\012- data
Size
24 kB (23812 bytes)
Hash
eb586e5a1b86dbf1c866e3ed80f9d18e
280ee78d19c017ab9335f769595e5157d3c4a343
714e70103deac0d67f52a6285c5fabee6088ce4d710ce7e74353503837038baf

HTTP Headers

GET /fonts/avertastd-regular-webfont.woff2 HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://i.doodcdn.co/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 Nov 2023 04:18:51 GMT
content-type: font/woff2
content-length: 23812
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
cache-control: max-age=2592000
expires: Sun, 03 Dec 2023 09:08:54 GMT
vary: User-Agent,Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 68871
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PnCRVj1VYzpaPv9EdTUvLaAWdmeCa6pSZN5bjx0WIOH9pRlMWFBdoCgcbO0Z%2FjBHjBWXMIycBUereBR6TRP3wYz%2Bo2iMzTl8LvnqHUK%2FFPXFa%2Fpg10cEKK%2Bs0TOC4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 820a0e30de0c5693-OSL
alt-svc: h3=":443"; ma=86400

img.doodcdn.co/splash/xqxqb214egn0782h.jpg

104.26.7.74

200 OK

31 kB

URL GET HTTP/3
img.doodcdn.co/splash/xqxqb214egn0782h.jpg
IP
104.26.7.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 427x715, components 3\012- data
Size
31 kB (30550 bytes)
Hash
da0e339a33415b7b0cbb552e6401b11e
2f23a5fe4ef0dafdbf26162ec94ff44a5eeabfa8
1687c4a411fafdb34b437e6de0c0b95ebf3f6eeea63d8401e5cd6fec5ce0d0ff

HTTP Headers

GET /splash/xqxqb214egn0782h.jpg HTTP/1.1
Host: img.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 Nov 2023 04:18:51 GMT
content-type: image/jpeg
content-length: 30550
access-control-allow-origin: *
cache-control: max-age=1209600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=30995
etag: "64f1faf5-7913"
expires: Fri, 17 Nov 2023 21:53:10 GMT
last-modified: Fri, 01 Sep 2023 14:53:41 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qKGpbTnMgx5ZkjoCqGbrk5QYIvF7rmOJvd%2BhGXV51rUuLdbJ%2BMSapHRH83D9WLCJVXVwVJyzb7ec2NvCL4YZ7s8nndyawP9eGUornY1VSuYSJKPMPoQbZTOWr5%2FpnRvZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 820a0e30de0b5693-OSL
alt-svc: h3=":443"; ma=86400

ds2play.com/e/9yt5jzmpc8q1

104.26.8.170

200 OK

0 B

URL HEAD HTTP/3
ds2play.com/e/9yt5jzmpc8q1
IP
104.26.8.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerGoogle Trust Services LLC
Subjectds2play.com
Fingerprint0A:7A:CF:94:04:1E:5B:57:DE:1C:3F:A9:F0:84:10:0E:4F:46:7D:84
ValidityMon, 02 Oct 2023 11:28:28 GMT - Sun, 31 Dec 2023 11:28:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /e/9yt5jzmpc8q1 HTTP/1.1
Host: ds2play.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/e/9yt5jzmpc8q1
Cookie: file_id=126512394; aff=29951; ref_url=; lang=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 Nov 2023 04:18:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Fri, 03 Nov 2023 04:18:51 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KQFVKL33zbwbK5Ro0kWH5OtAVQPWg63CjH7aV%2B6Igg%2FpXjZ1i%2FTIUUavzJAsPczzhtWfIN8DT2L1Sy6uEEIATvy5tIieE%2BGiFy02faq1zfmyctkS1eDmTUSQmkAv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 820a0e312aef568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

whofiguredso.org/S09ON1RkcC1EaR5/LQYZDj8kVAUOCyhaDm59CHUzBWp8dQ4lGg12OgJpOl4wdn5+B2B7eHsRJCIrcwZyODsvQyE4cn8RPSUpIQpyPXJ/GWd/YX0DentpOwplbTs+VjN2fmhHID8jcwZicnZ+AGV+fH8AZHI

172.67.131.129

204 No Content

0 B

URL GET HTTP/2
whofiguredso.org/S09ON1RkcC1EaR5/LQYZDj8kVAUOCyhaDm59CHUzBWp8dQ4lGg12OgJpOl4wdn5+B2B7eHsRJCIrcwZyODsvQyE4cn8RPSUpIQpyPXJ/GWd/YX0DentpOwplbTs+VjN2fmhHID8jcwZicnZ+AGV+fH8AZHI
IP
172.67.131.129:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerGoogle Trust Services LLC
Subjectwhofiguredso.org
Fingerprint3C:B1:CC:E5:DB:B7:60:1A:3D:53:07:53:D6:8D:53:A1:F9:C8:C3:C3
ValiditySun, 22 Oct 2023 07:30:57 GMT - Sat, 20 Jan 2024 07:30:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /S09ON1RkcC1EaR5/LQYZDj8kVAUOCyhaDm59CHUzBWp8dQ4lGg12OgJpOl4wdn5+B2B7eHsRJCIrcwZyODsvQyE4cn8RPSUpIQpyPXJ/GWd/YX0DentpOwplbTs+VjN2fmhHID8jcwZicnZ+AGV+fH8AZHI HTTP/1.1
Host: whofiguredso.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Sat, 04 Nov 2023 04:18:51 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b%2FYgiDMMzSURoFljg9EnJ6%2B%2FqbPQJTBmI2j7cx3IhvSE1gntgw7OjON%2Bg7Q75D6YKdRlodjXyGHwNzHJs7yrtEGfGa4cyF6KQh%2BzwO02x%2BAPhpcO1L1Aqyeq%2FFH5tRij7Z1e"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 820a0e318e240afe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ds2play.com/pass_md5/126512394-91-90-1699071530-c86e524c5861178abf15eeb605c14eb5/y6dpv6j554urve682ubz6iur

104.26.8.170

200 OK

92 B

URL GET HTTP/3
ds2play.com/pass_md5/126512394-91-90-1699071530-c86e524c5861178abf15eeb605c14eb5/y6dpv6j554urve682ubz6iur
IP
104.26.8.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerGoogle Trust Services LLC
Subjectds2play.com
Fingerprint0A:7A:CF:94:04:1E:5B:57:DE:1C:3F:A9:F0:84:10:0E:4F:46:7D:84
ValidityMon, 02 Oct 2023 11:28:28 GMT - Sun, 31 Dec 2023 11:28:27 GMT

File type
ASCII text, with no line terminators
Size
92 B (92 bytes)
Hash
c0134793ded9237ed052d790a71a1d59
ef05c0d90b928745d3e8af08db2ee9161252827d
af2c3cdbcbc29d2adb11119c98a8cfe68107bb144265a7741c5e206c6344d9c7

HTTP Headers

GET /pass_md5/126512394-91-90-1699071530-c86e524c5861178abf15eeb605c14eb5/y6dpv6j554urve682ubz6iur HTTP/1.1
Host: ds2play.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/e/9yt5jzmpc8q1
Cookie: lang=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 Nov 2023 04:18:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PfcPut%2BErW5iAJBFjktn6svTAfWG0NzVvKzxZl3YN3VhpKE9%2B%2F2Aszxb8sEzXNkDiFXgVEJ2PKO9B8FFbhRB1nYPLL2BY3mkcyPFoHIEN3faMnfWTUsuN4qlIb5t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 820a0e30aad4568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ytimewornan.org/Z0w3b0wGLlQCcwZxVUk5FSAKSn4haQUpKFQpQg1+An4GCy9RJAdBLwsjQgsqFSNZG2IJKUNKfiF4UykkNB4HHBQpNkAHKCYNTyEiF3plKCQKKAQXCAEmUF8GJSNYDTsQA304DSQHYyYIKn56Ky8PBQAqfiJpBSkIDTRBC35XFXg7OwAoWyZ1Nw9lXR4/eE0mNQsGVScdHgdcBH03GAcGCyMdTTYiDDVVNzRULlw1IwImDlkeP31fLRtSC1YreBIGZiorA39hWAggDlwoBFYNUTgJIS5cNSMuCHEaHh8gXQt/LS1WJzgOKWI+aVUKeRYdAAsEXismFFsqLTBhfVwpDB5HC38xe3IFCQAFXl8uLgRTXggyGkc2fgt7YgZ9EShQSSYUI1kfcSwJZlccCTVABH0jdVEMDQ

143.204.55.129

200 OK

1.2 kB

URL GET HTTP/2
ytimewornan.org/Z0w3b0wGLlQCcwZxVUk5FSAKSn4haQUpKFQpQg1+An4GCy9RJAdBLwsjQgsqFSNZG2IJKUNKfiF4UykkNB4HHBQpNkAHKCYNTyEiF3plKCQKKAQXCAEmUF8GJSNYDTsQA304DSQHYyYIKn56Ky8PBQAqfiJpBSkIDTRBC35XFXg7OwAoWyZ1Nw9lXR4/eE0mNQsGVScdHgdcBH03GAcGCyMdTTYiDDVVNzRULlw1IwImDlkeP31fLRtSC1YreBIGZiorA39hWAggDlwoBFYNUTgJIS5cNSMuCHEaHh8gXQt/LS1WJzgOKWI+aVUKeRYdAAsEXismFFsqLTBhfVwpDB5HC38xe3IFCQAFXl8uLgRTXggyGkc2fgt7YgZ9EShQSSYUI1kfcSwJZlccCTVABH0jdVEMDQ
IP
143.204.55.129:443
ASN
#16509 AMAZON-02

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerAmazon
Subjectytimewornan.org
FingerprintEB:F2:6A:75:DA:CC:6F:C5:80:66:2A:21:7F:72:C5:C4:E7:14:63:57
ValiditySun, 22 Oct 2023 00:00:00 GMT - Tue, 19 Nov 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3008), with no line terminators
Size
1.2 kB (1163 bytes)
Hash
a17c25a9464b3af541126d0202651b96
cb1edef8973496caef47e61860c963e17dea7ef6
ad8a36a861269a0ef9333fd45481d50c4ac690733883f88a193025f065dcc45b

HTTP Headers

GET /Z0w3b0wGLlQCcwZxVUk5FSAKSn4haQUpKFQpQg1+An4GCy9RJAdBLwsjQgsqFSNZG2IJKUNKfiF4UykkNB4HHBQpNkAHKCYNTyEiF3plKCQKKAQXCAEmUF8GJSNYDTsQA304DSQHYyYIKn56Ky8PBQAqfiJpBSkIDTRBC35XFXg7OwAoWyZ1Nw9lXR4/eE0mNQsGVScdHgdcBH03GAcGCyMdTTYiDDVVNzRULlw1IwImDlkeP31fLRtSC1YreBIGZiorA39hWAggDlwoBFYNUTgJIS5cNSMuCHEaHh8gXQt/LS1WJzgOKWI+aVUKeRYdAAsEXismFFsqLTBhfVwpDB5HC38xe3IFCQAFXl8uLgRTXggyGkc2fgt7YgZ9EShQSSYUI1kfcSwJZlccCTVABH0jdVEMDQ HTTP/1.1
Host: ytimewornan.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-length: 1163
date: Sat, 04 Nov 2023 04:18:51 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: J0eJJrYJ6rNcfPMqlsKNsv7HwkvqdF15dD4fBlWd1nIZChEd8quxog==
X-Firefox-Spdy: h2

orgotitedu.info/ZEduOHUFJQ1VSgV6DB4AFitTHUciYlx+EVciG1pHAXVfXBZSL14WFggoG1wTFigATFsKIhodRyIQC20vPRM5SxQvEzdKIyV3GGg9JiY9YC8XIThAOD0DJx1HJgUsW0c+FC9fPld/JXMMCy0kaRI9Ez8ITTQPLFotHShbcQIcAjd8RQ4EK2pGAi4ZaDJXMx1ZDVwNJWw7EwI/dQY0FD9xMh5zSwo3LQJedT9WEgl6NCkxIHswLx8maRABAjhyLFY3V2kCInQPbx09CFx2BAIWDWk+J3dfbB4QdSdwIwANAHoGBQEJDyxWN1d/JF0tD08NBRQ2AUcCEiRbESNqCUkxDCgadkcMHT4LJwshKEw/AHUGACEPM1xoHDUdJns0Vwk7DTklAAIAIggjXF4fDBA9eVMONAFWBVkqJWpMNiEvYhY0Eg

54.230.111.38

200 OK

1.2 kB

URL GET HTTP/2
orgotitedu.info/ZEduOHUFJQ1VSgV6DB4AFitTHUciYlx+EVciG1pHAXVfXBZSL14WFggoG1wTFigATFsKIhodRyIQC20vPRM5SxQvEzdKIyV3GGg9JiY9YC8XIThAOD0DJx1HJgUsW0c+FC9fPld/JXMMCy0kaRI9Ez8ITTQPLFotHShbcQIcAjd8RQ4EK2pGAi4ZaDJXMx1ZDVwNJWw7EwI/dQY0FD9xMh5zSwo3LQJedT9WEgl6NCkxIHswLx8maRABAjhyLFY3V2kCInQPbx09CFx2BAIWDWk+J3dfbB4QdSdwIwANAHoGBQEJDyxWN1d/JF0tD08NBRQ2AUcCEiRbESNqCUkxDCgadkcMHT4LJwshKEw/AHUGACEPM1xoHDUdJns0Vwk7DTklAAIAIggjXF4fDBA9eVMONAFWBVkqJWpMNiEvYhY0Eg
IP
54.230.111.38:443
ASN
#16509 AMAZON-02

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerAmazon
Subjectorgotitedu.info
Fingerprint79:CC:FF:0E:F4:F4:8A:D7:72:F6:75:7A:06:B2:F5:7A:84:55:95:F5
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sun, 10 Nov 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3020), with no line terminators
Size
1.2 kB (1172 bytes)
Hash
080000515c6e2cf4062bcf118fc37969
9198bca1ac67f70129a711a6742cccb23097559c
e7235f3fa905f41cc09b18a357df85a0d223e71fd27e54715f288d69918c1a63

HTTP Headers

GET /ZEduOHUFJQ1VSgV6DB4AFitTHUciYlx+EVciG1pHAXVfXBZSL14WFggoG1wTFigATFsKIhodRyIQC20vPRM5SxQvEzdKIyV3GGg9JiY9YC8XIThAOD0DJx1HJgUsW0c+FC9fPld/JXMMCy0kaRI9Ez8ITTQPLFotHShbcQIcAjd8RQ4EK2pGAi4ZaDJXMx1ZDVwNJWw7EwI/dQY0FD9xMh5zSwo3LQJedT9WEgl6NCkxIHswLx8maRABAjhyLFY3V2kCInQPbx09CFx2BAIWDWk+J3dfbB4QdSdwIwANAHoGBQEJDyxWN1d/JF0tD08NBRQ2AUcCEiRbESNqCUkxDCgadkcMHT4LJwshKEw/AHUGACEPM1xoHDUdJns0Vwk7DTklAAIAIggjXF4fDBA9eVMONAFWBVkqJWpMNiEvYhY0Eg HTTP/1.1
Host: orgotitedu.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-length: 1172
date: Sat, 04 Nov 2023 04:18:51 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: t3VYyOlDpK52Ljm6HlHFxH3rnoCb7XVQI_e0Z3gqkKyGLhvAFpMCtQ==
X-Firefox-Spdy: h2

ocsp.r2m03.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
7dd29b0c74f16683980ff482554d5c47
cfc94d091c96a53abb8ad2d6e4b557a7b9e6ecdb
c01ade975f4017fd792db0a87402d1e80691faec8995198028ef7aa496d831d6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 04 Nov 2023 04:18:52 GMT
Last-Modified: Sat, 04 Nov 2023 02:43:07 GMT
Server: ECAcc (ska/F6ED)
X-Cache: Miss from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: NRJYQDAUGRhgeami4ghDZeQu3a7l8K-f-5NKt03OidaeN_JJ0pMpIw==
Age: 5745

waisheph.com/tag.min.js

139.45.197.245

200 OK

26 kB

URL GET HTTP/2
waisheph.com/tag.min.js
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerLet's Encrypt
Subjectwaisheph.com
FingerprintCA:CE:DE:68:10:9F:10:6F:EF:1A:9C:CC:D3:13:3F:6C:33:AF:A9:65
ValidityTue, 17 Oct 2023 22:12:23 GMT - Mon, 15 Jan 2024 22:12:22 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
26 kB (25508 bytes)
Hash
24d51a5b1838aaa6f007bd529e84e584
d4981c0824b8d0370823c0f99cb0d686ee3f1d22
a3fe73537971535224c6ae71677125a5c999f92b130dcde9b78198456e8857d7

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 Nov 2023 04:18:52 GMT
content-type: text/javascript; charset=utf-8
content-length: 25508
content-encoding: br
x-trace-id: 70918cab5187ba2f41c72627380c2eaa
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Fri, 03 Nov 2023 15:26:23 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

professionalswebcheck.com/stats

18.159.217.114

200 OK

40 B

URL GET HTTP/2
professionalswebcheck.com/stats
IP
18.159.217.114:443
ASN
#16509 AMAZON-02

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerAmazon
Subjectprofessionalswebcheck.com
Fingerprint75:E9:08:FD:96:58:C7:98:43:E8:21:27:A8:E9:B9:A4:55:28:F2:0C
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
0e37468a86e2ce1b31b29c2514c28d3b
06c3caaddc96d02a88a97bc47b6938abe0b0414c
fdbcfde9689fffee109d4b735be47f258c71eab5ee1022057a017b9014ddb344

HTTP Headers

GET /stats HTTP/1.1
Host: professionalswebcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 Nov 2023 04:18:52 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://ds2play.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=ba687816-f939-450c-a506-4eb120d230af:1:1; expires=Tue, 01 Nov 2033 04:18:52 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

d3eub2e21dc6h0.cloudfront.net/4dFhSR0sXNzwhdAAxNnp6RGhmd3xDfjg0JBoobwwOJWACKTIDM2MDchI7E2E/Djxvd20YOTwgdlI9PCR2RX4zIylJbHQyKkk1PT0iGDQzYnkybXx3bkZoej96RX1hBW5GaD4uJQEgd3V7DGBkGH1AfWEFbkZoIDFuRxljd3JaaHtieUQ/NyQgG31gAXlEaW-J3ekRpd3V7EjEgIi0bIHd1DUVpY2l7Ui1vdg

54.230.241.107

200 OK

264 B

URL GET HTTP/2
d3eub2e21dc6h0.cloudfront.net/4dFhSR0sXNzwhdAAxNnp6RGhmd3xDfjg0JBoobwwOJWACKTIDM2MDchI7E2E/Djxvd20YOTwgdlI9PCR2RX4zIylJbHQyKkk1PT0iGDQzYnkybXx3bkZoej96RX1hBW5GaD4uJQEgd3V7DGBkGH1AfWEFbkZoIDFuRxljd3JaaHtieUQ/NyQgG31gAXlEaW-J3ekRpd3V7EjEgIi0bIHd1DUVpY2l7Ui1vdg
IP
54.230.241.107:443
ASN
#16509 AMAZON-02

Requested by
https://ytimewornan.org/Z0w3b0wGLlQCcwZxVUk5FSAKSn4haQUpKFQpQg1+An4GCy9RJAdBLwsjQgsqFSNZG2IJKUNKfiF4UykkNB4HHBQpNkAHKCYNTyEiF3plKCQKKAQXCAEmUF8GJSNYDTsQA304DSQHYyYIKn56Ky8PBQAqfiJpBSkIDTRBC35XFXg7OwAoWyZ1Nw9lXR4/eE0mNQsGVScdHgdcBH03GAcGCyMdTTYiDDVVNzRULlw1IwImDlkeP31fLRtSC1YreBIGZiorA39hWAggDlwoBFYNUTgJIS5cNSMuCHEaHh8gXQt/LS1WJzgOKWI+aVUKeRYdAAsEXismFFsqLTBhfVwpDB5HC38xe3IFCQAFXl8uLgRTXggyGkc2fgt7YgZ9EShQSSYUI1kfcSwJZlccCTVABH0jdVEMDQ
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
264 B (264 bytes)
Hash
8be480e01dd2461c91134145f06f9efb
e915c1e7751b1f8bd4deb060dc88ca50b4200ffe
3211f91f97aa77e47f8872629e03a5d40aa3f2dea7fd81837b671490a4e2e68e

HTTP Headers

GET /4dFhSR0sXNzwhdAAxNnp6RGhmd3xDfjg0JBoobwwOJWACKTIDM2MDchI7E2E/Djxvd20YOTwgdlI9PCR2RX4zIylJbHQyKkk1PT0iGDQzYnkybXx3bkZoej96RX1hBW5GaD4uJQEgd3V7DGBkGH1AfWEFbkZoIDFuRxljd3JaaHtieUQ/NyQgG31gAXlEaW-J3ekRpd3V7EjEgIi0bIHd1DUVpY2l7Ui1vdg HTTP/1.1
Host: d3eub2e21dc6h0.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ytimewornan.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 264
date: Sat, 04 Nov 2023 04:18:52 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: rh2BgO_tkp5AdWZyxHz98DzXtiCDHs2VyS3MU1xQWX_HO9a6eWt9Bg==
X-Firefox-Spdy: h2

yg586kzo.video-delivery.net/favicon.ico?i

51.255.94.52

200 OK

15 kB

URL GET HTTP/1.1
yg586kzo.video-delivery.net/favicon.ico?i
IP
51.255.94.52:443
ASN
#16276 OVH SAS

Requested by
moz-nullprincipal:{fa07b69b-0f36-42eb-b28c-b9d284c74bef}?https://ds2play.com
Certificate
IssuerSectigo Limited
Subject*.video-delivery.net
FingerprintB2:D2:20:85:E7:38:3D:67:F7:C4:52:00:66:6C:CD:FE:DD:6D:7E:74
ValidityMon, 07 Aug 2023 00:00:00 GMT - Wed, 07 Aug 2024 23:59:59 GMT

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
15 kB (15406 bytes)
Hash
30d3656f43c817e38c3e7d70b2bfbdad
1aa43b43755e7cba5e145d0978517f7bedad7da6
a558a4796f60f07743027eec96b538b2e7758cca8c544ed796ff745837478555

HTTP Headers

GET /favicon.ico?i HTTP/1.1
Host: yg586kzo.video-delivery.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Nov 2023 04:18:52 GMT
Content-Type: image/vnd.microsoft.icon
Content-Length: 15406
Connection: keep-alive
Last-Modified: Sat, 29 Feb 2020 09:26:04 GMT
ETag: "3c2e-59fb38b06e300"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *

d3eub2e21dc6h0.cloudfront.net/WeUZYTWsaKTYrVA0vPHBaSXZsfVxMYDI+BBc2ZSAgK38KKyojJQgYTQ08PHBbXyo5IwxEYD0jCER3fiwPG3tsax8JKTNwEQMsPSQIGz4+IE0MJ2UgBAMvNCEKXHQeeEVJY2p9QwF3aWhYO2NqfQcQKC01Tkt2IHVdJnBsaFg7Y2p9GQ9jawxaSX92fUJcdG-gqDhotN2hZP3RofFtJd2h8Tkt2PiQZHCA3NU5LAGl8Wld2fjhWSA

54.230.241.107

200 OK

570 B

URL GET HTTP/2
d3eub2e21dc6h0.cloudfront.net/WeUZYTWsaKTYrVA0vPHBaSXZsfVxMYDI+BBc2ZSAgK38KKyojJQgYTQ08PHBbXyo5IwxEYD0jCER3fiwPG3tsax8JKTNwEQMsPSQIGz4+IE0MJ2UgBAMvNCEKXHQeeEVJY2p9QwF3aWhYO2NqfQcQKC01Tkt2IHVdJnBsaFg7Y2p9GQ9jawxaSX92fUJcdG-gqDhotN2hZP3RofFtJd2h8Tkt2PiQZHCA3NU5LAGl8Wld2fjhWSA
IP
54.230.241.107:443
ASN
#16509 AMAZON-02

Requested by
https://orgotitedu.info/ZEduOHUFJQ1VSgV6DB4AFitTHUciYlx+EVciG1pHAXVfXBZSL14WFggoG1wTFigATFsKIhodRyIQC20vPRM5SxQvEzdKIyV3GGg9JiY9YC8XIThAOD0DJx1HJgUsW0c+FC9fPld/JXMMCy0kaRI9Ez8ITTQPLFotHShbcQIcAjd8RQ4EK2pGAi4ZaDJXMx1ZDVwNJWw7EwI/dQY0FD9xMh5zSwo3LQJedT9WEgl6NCkxIHswLx8maRABAjhyLFY3V2kCInQPbx09CFx2BAIWDWk+J3dfbB4QdSdwIwANAHoGBQEJDyxWN1d/JF0tD08NBRQ2AUcCEiRbESNqCUkxDCgadkcMHT4LJwshKEw/AHUGACEPM1xoHDUdJns0Vwk7DTklAAIAIggjXF4fDBA9eVMONAFWBVkqJWpMNiEvYhY0Eg
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (819), with no line terminators
Size
570 B (570 bytes)
Hash
e7a029ccb6f07793998816682ffeddba
332c7736b83becba56d0bcca8af07a8dc00106d5
9f0353cd7eff02f975efa950b0ee2e17a60c9c665240f8126af32ae7e5017ea1

HTTP Headers

GET /WeUZYTWsaKTYrVA0vPHBaSXZsfVxMYDI+BBc2ZSAgK38KKyojJQgYTQ08PHBbXyo5IwxEYD0jCER3fiwPG3tsax8JKTNwEQMsPSQIGz4+IE0MJ2UgBAMvNCEKXHQeeEVJY2p9QwF3aWhYO2NqfQcQKC01Tkt2IHVdJnBsaFg7Y2p9GQ9jawxaSX92fUJcdG-gqDhotN2hZP3RofFtJd2h8Tkt2PiQZHCA3NU5LAGl8Wld2fjhWSA HTTP/1.1
Host: d3eub2e21dc6h0.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://orgotitedu.info/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 570
date: Sat, 04 Nov 2023 04:18:52 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: iXh4j_DPo8gW_QV7-gGJ5XoSvrabWvvN1NkNBE4F_eoJNVnxnTEymQ==
X-Firefox-Spdy: h2

ds2play.com/favicon.ico

104.26.8.170

200 OK

15 kB

URL GET HTTP/3
ds2play.com/favicon.ico
IP
104.26.8.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerGoogle Trust Services LLC
Subjectds2play.com
Fingerprint0A:7A:CF:94:04:1E:5B:57:DE:1C:3F:A9:F0:84:10:0E:4F:46:7D:84
ValidityMon, 02 Oct 2023 11:28:28 GMT - Sun, 31 Dec 2023 11:28:27 GMT

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
15 kB (15406 bytes)
Hash
30d3656f43c817e38c3e7d70b2bfbdad
1aa43b43755e7cba5e145d0978517f7bedad7da6
a558a4796f60f07743027eec96b538b2e7758cca8c544ed796ff745837478555

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ds2play.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/e/9yt5jzmpc8q1
Cookie: lang=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 Nov 2023 04:18:52 GMT
content-type: image/x-icon
content-length: 15406
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
etag: "61d3187c-3c2e"
expires: Sun, 26 Nov 2023 01:58:19 GMT
cache-control: public, max-age=2592000, no-transform
access-control-allow-origin: *
cf-cache-status: HIT
age: 699633
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2V5Am3iiA7jRiHak8ihbphgI9rrtqlIk9JAsgklAvsfW5GgM%2B9SKL%2FbHjYVkuClgdRegcKgSRU5jiygMz514o%2BIjLlJCU6VKR3HIcSahbudlNUhyZr13ddrd3%2Fa4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 820a0e381cab568b-OSL
alt-svc: h3=":443"; ma=86400

i.doodcdn.co/css/embed.css

104.26.6.74

200 OK

80 kB

URL GET HTTP/2
i.doodcdn.co/css/embed.css
IP
104.26.6.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Size
80 kB (80191 bytes)
Hash
d6e044e876a34695728beb013fc49c0e
53e4a4aad1759400e4378f9113bd0dd4e08c4129
24149114cfbd19d05ae9c97ffcf576905fb0b01db203e0c44eb200fe99ec4609

HTTP Headers

GET /css/embed.css HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 Nov 2023 04:18:50 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=2592000, no-transform
cf-bgj: minify
cf-polished: origSize=79890
etag: W/"61d3187c-13812"
expires: Sun, 03 Dec 2023 09:08:53 GMT
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 68977
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PuMO3sXYyRTW5jIpDrP0k0bEPuCr%2F0ooLL8gDSY%2BJ2RiJnjTuGSAY3e%2BGVgxPfoDSE%2Bq4odQ%2FKLel4hoNs9ywqa85x5oSxivZRGbhyh5YlY22q7r5%2FvutVGu%2B0OHWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 820a0e2bdbf9b4fa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail

142.250.74.109

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
142.250.74.109:443
ASN
#15169 GOOGLE

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint16:5A:F1:76:25:96:2A:7F:80:A7:89:81:CE:D5:F4:5F:3D:29:9C:93
ValidityMon, 16 Oct 2023 08:10:48 GMT - Mon, 08 Jan 2024 08:10:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:T_I4ZD5Vn2bJPpGO-NZ700tLMO9SJw:wuk_W-ToqNaSpoLH; Expires=Mon, 03-Nov-2025 04:18:52 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 Nov 2023 04:18:52 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeywQpcjQsu71oNKNMmNoyjBMHPsQ45KWDvuNYefiNsmx1KrjMFfSYYm4L76fb5Ohtbone7hmhQ
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-qIx1xNkpFpEV2Mzss4ERZg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

142.250.74.109

302 Found

0 B

URL GET HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
142.250.74.109:443
ASN
#15169 GOOGLE

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint16:5A:F1:76:25:96:2A:7F:80:A7:89:81:CE:D5:F4:5F:3D:29:9C:93
ValidityMon, 16 Oct 2023 08:10:48 GMT - Mon, 08 Jan 2024 08:10:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:ngbath2LFoPIv2oVelYVFjxrqIk0eQ:jNZ6GTnq4BNCo7if; Expires=Mon, 03-Nov-2025 04:18:52 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 Nov 2023 04:18:52 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeyz41hgv5IATgKmfMtP0mjo7kJLFXeVEHk40nAdJ1To8DYhIhjSBhvx2C1tE45BqzkQzG4ZgRA
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-WG-dn_OH-6viH8IIRdzR7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeywQpcjQsu71oNKNMmNoyjBMHPsQ45KWDvuNYefiNsmx1KrjMFfSYYm4L76fb5Ohtbone7hmhQ

142.250.74.109

302 Found

405 B

URL GET HTTP/2
accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeywQpcjQsu71oNKNMmNoyjBMHPsQ45KWDvuNYefiNsmx1KrjMFfSYYm4L76fb5Ohtbone7hmhQ
IP
142.250.74.109:443
ASN
#15169 GOOGLE

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint16:5A:F1:76:25:96:2A:7F:80:A7:89:81:CE:D5:F4:5F:3D:29:9C:93
ValidityMon, 16 Oct 2023 08:10:48 GMT - Mon, 08 Jan 2024 08:10:47 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (396)
Size
405 B (405 bytes)
Hash
2b6fd30777e020a8015f483dfe82b08c
aba3bb2edc55926c0601eb015fa7d23d6b7a23df
641d38820f75fa5c2e081d707beb4fdc4ee8448d2dcff4535f3386f63660389a

HTTP Headers

GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeywQpcjQsu71oNKNMmNoyjBMHPsQ45KWDvuNYefiNsmx1KrjMFfSYYm4L76fb5Ohtbone7hmhQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:MuSDJNsHTWty9rfTxzB_fI6-K_ySng:tSeeZWScUfGP6aM6;Path=/;Expires=Mon, 03-Nov-2025 04:18:52 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 Nov 2023 04:18:52 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyyFYn9QzmxArHT4UHueOrPXl3TjcKQaKmaNq4RyFmleFV2cIMfkR8emBgT2_j4oEDpKqHdMXw&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1056257271%3A1699071532953308&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-3YZuuNVdmhyQSI6hlodbBQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 405
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeyz41hgv5IATgKmfMtP0mjo7kJLFXeVEHk40nAdJ1To8DYhIhjSBhvx2C1tE45BqzkQzG4ZgRA

142.250.74.109

302 Found

404 B

URL GET HTTP/2
accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeyz41hgv5IATgKmfMtP0mjo7kJLFXeVEHk40nAdJ1To8DYhIhjSBhvx2C1tE45BqzkQzG4ZgRA
IP
142.250.74.109:443
ASN
#15169 GOOGLE

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint16:5A:F1:76:25:96:2A:7F:80:A7:89:81:CE:D5:F4:5F:3D:29:9C:93
ValidityMon, 16 Oct 2023 08:10:48 GMT - Mon, 08 Jan 2024 08:10:47 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (397)
Size
404 B (404 bytes)
Hash
a3f118cb5777dc45a0bf3a6d04a6ba41
67c32bdeb9e3bc1858151498307fc5db6f4cdb9c
6f07d00648e86af57059c94b7f81e2a5529e2e253b47fe64a98f9ea8e4352355

HTTP Headers

GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeyz41hgv5IATgKmfMtP0mjo7kJLFXeVEHk40nAdJ1To8DYhIhjSBhvx2C1tE45BqzkQzG4ZgRA HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:Sp69K96GVmTW8g-BF9bEJuk6AK2_Tg:fKpgC4w_EoSJAfoD;Path=/;Expires=Mon, 03-Nov-2025 04:18:52 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 Nov 2023 04:18:53 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywrD2YF6imnOUKx2_2TPxwLudW-wGfuRfasU3gwDAEVjYJ3YPL31vul8Sh3a9Y3sKyAfQYV&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-217582216%3A1699071533001801&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-JGvXEyaajsOhzJjk9iyTaQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 404
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

orgotitedu.info/utx?cb=ZS3BHIcxv9xD&top=ds2play.com&tid=1004075

54.230.111.38

204 No Content

0 B

URL GET HTTP/2
orgotitedu.info/utx?cb=ZS3BHIcxv9xD&top=ds2play.com&tid=1004075
IP
54.230.111.38:443
ASN
#16509 AMAZON-02

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerAmazon
Subjectorgotitedu.info
Fingerprint79:CC:FF:0E:F4:F4:8A:D7:72:F6:75:7A:06:B2:F5:7A:84:55:95:F5
ValidityThu, 12 Oct 2023 00:00:00 GMT - Sun, 10 Nov 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=ZS3BHIcxv9xD&top=ds2play.com&tid=1004075 HTTP/1.1
Host: orgotitedu.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Sat, 04 Nov 2023 04:18:52 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://ds2play.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 04 Nov 2023 04:19:52 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 6x2-bkzEjbigGYPvlgjm0XVckOY8_TD8g0VJ4nGrIx0tytFmQjgrOA==
X-Firefox-Spdy: h2

i.doodcdn.co/theme_2/img/loader.svg

104.26.6.74

200 OK

694 B

URL GET HTTP/3
i.doodcdn.co/theme_2/img/loader.svg
IP
104.26.6.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint95:79:36:28:82:A7:27:27:28:6B:8B:F8:02:2B:6E:BE:EC:06:A5:C3
ValiditySun, 12 Feb 2023 00:00:00 GMT - Sun, 11 Feb 2024 23:59:59 GMT

File type
exported SGML document, ASCII text, with very long lines (750), with no line terminators
Size
694 B (694 bytes)
Hash
e0c38124a46835a055de826afbf33d9b
255567da0faa3de6c4bcef1780e9990ba7c9c0ff
e186e235e7552b286f217c94c747abdd5a8df8279c2334a61202817f937ea960

HTTP Headers

GET /theme_2/img/loader.svg HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://i.doodcdn.co/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 Nov 2023 04:18:52 GMT
content-type: image/svg+xml
last-modified: Mon, 03 Jan 2022 15:43:40 GMT
cache-control: max-age=2592000
expires: Sun, 03 Dec 2023 09:08:53 GMT
access-control-allow-origin: *
cf-cache-status: HIT
age: 68967
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BUXj0XeSlvxRf3ZtdCZ8jpcfphchU%2BAC8BYQjTWtt1a6MjvK5WDm%2FYgRPhtm4tYduf%2FJv2f9Th7eR1HJzTbRKUjwe9858kyLfebDHNddJRU7GZBvzu9QWWWoEVBQiw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 820a0e335b4d569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywrD2YF6imnOUKx2_2TPxwLudW-wGfuRfasU3gwDAEVjYJ3YPL31vul8Sh3a9Y3sKyAfQYV&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-217582216%3A1699071533001801&theme=glif

142.250.74.109

403 Forbidden

0 B

URL GET HTTP/3
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywrD2YF6imnOUKx2_2TPxwLudW-wGfuRfasU3gwDAEVjYJ3YPL31vul8Sh3a9Y3sKyAfQYV&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-217582216%3A1699071533001801&theme=glif
IP
142.250.74.109:443
ASN
#15169 GOOGLE

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
FingerprintFD:EE:45:21:A2:3C:95:82:9B:BA:3F:7A:59:3C:F6:C2:7B:C7:84:8F
ValidityMon, 16 Oct 2023 08:02:35 GMT - Mon, 08 Jan 2024 08:02:34 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywrD2YF6imnOUKx2_2TPxwLudW-wGfuRfasU3gwDAEVjYJ3YPL31vul8Sh3a9Y3sKyAfQYV&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-217582216%3A1699071533001801&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 Nov 2023 04:18:53 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: script-src 'nonce-_xowga49vKOGXLqndRhdZw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

waisheph.com/5/5495238/?oo=1&aab=1

139.45.197.245

200 OK

2.9 kB

URL GET HTTP/2
waisheph.com/5/5495238/?oo=1&aab=1
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerLet's Encrypt
Subjectwaisheph.com
FingerprintCA:CE:DE:68:10:9F:10:6F:EF:1A:9C:CC:D3:13:3F:6C:33:AF:A9:65
ValidityTue, 17 Oct 2023 22:12:23 GMT - Mon, 15 Jan 2024 22:12:22 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3157), with no line terminators
Size
2.9 kB (2909 bytes)
Hash
51e947c7061dbd7d4ca78b518a1d3aac
e6b635823a754c6d4e5ae6e7c3cfccd55d1dc891
b3c4e16778a388679d8d93f4f695bf018e04a9a5cf20720cb1262ef73ab52e21

HTTP Headers

GET /5/5495238/?oo=1&aab=1 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 Nov 2023 04:18:51 GMT
content-type: application/json
x-trace-id: 1de158543b5b396dda118882f5d5cb65
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://ds2play.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=a8febf509c664388a085b607f7f655d4; expires=Sun, 03 Nov 2024 04:18:51 GMT; path=/; secure; SameSite=None
oaidts=1699071531; expires=Sun, 03 Nov 2024 04:18:51 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

i.doodcdn.com/theme_2/img/loader.svg

104.21.34.210

301 Moved Permanently

694 B

URL GET HTTP/2
i.doodcdn.com/theme_2/img/loader.svg
IP
104.21.34.210:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerGoogle Trust Services LLC
Subjectdoodcdn.com
FingerprintBE:D9:17:9A:86:E5:C0:F1:D0:D6:67:BA:94:E4:B3:8B:D7:D2:E5:60
ValiditySat, 14 Oct 2023 09:16:15 GMT - Fri, 12 Jan 2024 09:16:14 GMT

File type

Size
694 B (694 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /theme_2/img/loader.svg HTTP/1.1
Host: i.doodcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://i.doodcdn.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 04 Nov 2023 04:18:51 GMT
location: https://i.doodcdn.co/theme_2/img/loader.svg
cache-control: max-age=3600
expires: Sat, 04 Nov 2023 05:18:51 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ph1zzgw5rxY96ZSAQ%2FQo10SSZZjIx5TAADuxhV2cMfpVdUU5LDzNq6t8%2FcHntABvkSnJahNOkjTDtd1ecQVeCDG%2BpfOTyocdBkjHvoC8xZvWbKGkDLpfwCBnsUFiTGtm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 820a0e30eef056cb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

friendshipmale.com/sfp.js

172.64.99.2

200 OK

86 kB

URL GET HTTP/2
friendshipmale.com/sfp.js
IP
172.64.99.2:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type

Size
86 kB (85471 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 Nov 2023 04:18:52 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 857176358c9ecc3d6da3bc778ce921b9
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 04 Nov 2023 04:18:51 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U3cWZYpBphlkpkLluTuo6Wr9w4ccMXLob0zR7VJaHpULIJZfLP02hFWcnWT3YiIsKTDuaLqRlH4qcLDYl%2Fk6lPsqbgk2oKlYEHPf5OQVxU%2BSRAWMzQFZxzl%2B8b77ShwvTcXtHiA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 820a0e32ced92403-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

pogothere.xyz/asd100.bin

172.64.200.15

200 OK

102 kB

URL GET HTTP/2
pogothere.xyz/asd100.bin
IP
172.64.200.15:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
data
Size
102 kB (102400 bytes)
Hash
4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 Nov 2023 04:18:52 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://ds2play.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 1237
last-modified: Sat, 04 Nov 2023 03:58:15 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KfMrKMxTeQYaLLfk9dyT1HXrueK80yKz2Lf57YuwDad%2BhrVeuVkBvVSehGKcnJ85doWNtsVf61vGhGX0%2FNC0XRBlOe1xU9d17bnSon%2B8aVNt6wktkhUPif2iaqdOZN0t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 820a0e38bddc4177-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

pogothere.xyz/

172.64.200.15

200 OK

26 B

URL GET HTTP/2
pogothere.xyz/
IP
172.64.200.15:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
26 B (26 bytes)
Hash
e998828fd6648380ef2830bf49975238
e9b427aeaa14ae5c164abe17e45d392a11df31d2
213dcc2cae47ac42c284017096df1b4a11ab330be6825039f6617807e13c6b4b

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
Origin: https://ds2play.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 Nov 2023 04:18:52 GMT
content-type: text/plain
set-cookie: csu=487885825404870@1@1699071532; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://ds2play.com
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cac%2BAYfg%2FqCEs8Cwzr%2Bx5Fu8KW2SZ7O8l%2FTVCrhzQ3WM6pdoius9GAmRE7zzS5bd77dZSUU%2FWT94jy68T6Ly%2FleT9TugVGF84LopEUAP5gI319scQWQLuRJGgqjxBvfq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 820a0e38bdd94177-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

whofiguredso.org/cFBCRXNfbyE2TiUGLT0SJjwlHBQ+CiN3MRoRBAMCKT16BCQ3YGQxGhRtc3VDRGB1clUAOSZ4Qkh2MTESBCUxeEJWOSwjHE12NHhCXmBsd11Edjd4QlYkMiQUTWFkNQcEPH90RUlpcnJCRWNzckFD

172.67.131.129

204 No Content

0 B

URL GET HTTP/2
whofiguredso.org/cFBCRXNfbyE2TiUGLT0SJjwlHBQ+CiN3MRoRBAMCKT16BCQ3YGQxGhRtc3VDRGB1clUAOSZ4Qkh2MTESBCUxeEJWOSwjHE12NHhCXmBsd11Edjd4QlYkMiQUTWFkNQcEPH90RUlpcnJCRWNzckFD
IP
172.67.131.129:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerGoogle Trust Services LLC
Subjectwhofiguredso.org
Fingerprint3C:B1:CC:E5:DB:B7:60:1A:3D:53:07:53:D6:8D:53:A1:F9:C8:C3:C3
ValiditySun, 22 Oct 2023 07:30:57 GMT - Sat, 20 Jan 2024 07:30:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cFBCRXNfbyE2TiUGLT0SJjwlHBQ+CiN3MRoRBAMCKT16BCQ3YGQxGhRtc3VDRGB1clUAOSZ4Qkh2MTESBCUxeEJWOSwjHE12NHhCXmBsd11Edjd4QlYkMiQUTWFkNQcEPH90RUlpcnJCRWNzckFD HTTP/1.1
Host: whofiguredso.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ds2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Sat, 04 Nov 2023 04:18:51 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iyuNu3tRzEojT4W4OHqwbJqieynsXoDKxgCG8QUZxuep%2BPg2qh6O6xG%2BEMSowaseSqwLmPZEtAOGooXft79ng5DQl5PjqiEKR1wV9FapuoronzIacRyaJ2BSDFluPIji2qLr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 820a0e31ae2b0afe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyyFYn9QzmxArHT4UHueOrPXl3TjcKQaKmaNq4RyFmleFV2cIMfkR8emBgT2_j4oEDpKqHdMXw&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1056257271%3A1699071532953308&theme=glif

142.250.74.109

403 Forbidden

0 B

URL GET HTTP/2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyyFYn9QzmxArHT4UHueOrPXl3TjcKQaKmaNq4RyFmleFV2cIMfkR8emBgT2_j4oEDpKqHdMXw&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1056257271%3A1699071532953308&theme=glif
IP
142.250.74.109:443
ASN
#15169 GOOGLE

Requested by
https://ds2play.com/e/9yt5jzmpc8q1
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint16:5A:F1:76:25:96:2A:7F:80:A7:89:81:CE:D5:F4:5F:3D:29:9C:93
ValidityMon, 16 Oct 2023 08:10:48 GMT - Mon, 08 Jan 2024 08:10:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyyFYn9QzmxArHT4UHueOrPXl3TjcKQaKmaNq4RyFmleFV2cIMfkR8emBgT2_j4oEDpKqHdMXw&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1056257271%3A1699071532953308&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ds2play.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sat, 04 Nov 2023 04:18:53 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-QWh-zgdSwRUZHuC5jBIEfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by