r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 07b3389fc24c0f8eb82a9d05b546d17e
02716741b8952e548b9a223adbb3f16204eef2b2
25e13458988115ae1f8176cb2328dbfebd612eabebf256b4af64594d5e23d6ca
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25E13458988115AE1F8176CB2328DBFEBD612EABEBF256B4AF64594D5E23D6CA"
Last-Modified: Sat, 15 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15979
Expires: Mon, 17 Oct 2022 00:36:17 GMT
Date: Sun, 16 Oct 2022 20:09:58 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash c9df6b36bf16969ac566c1b798362e4a
e56eff34815153ae019a4bf63eb9746dd9ae2e5b
33c1175144ab2be42c9de383f7893a6e60cd1f21f282eacb413d546331db3fa0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Retry-After, Alert, Content-Type, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 16 Oct 2022 19:50:32 GMT
Expires: Sun, 16 Oct 2022 20:38:15 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: xuhgoCgnXTRGF3dbT1QGrWTbt8ChqVU3N6fY1Z_nnHILT3v5gZbLKA==
Age: 1165
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a57d0f62d9bd29668b94a513fa45d18e
d7cb263502e21f9235b4523a596e2138d22042ec
df7acd4fe34cc9c4945a5d83ef538105a73dfc1a8b485bc7a62488c5406b1294
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF7ACD4FE34CC9C4945A5D83EF538105A73DFC1A8B485BC7A62488C5406B1294"
Last-Modified: Sat, 15 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10066
Expires: Sun, 16 Oct 2022 22:57:44 GMT
Date: Sun, 16 Oct 2022 20:09:58 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: x4LC15RGJFEElXZiObrgKf5QCoZi3RCGigOKJs4+3D4kSF+iyAPgQNif4WH2Ydecud4/NLM8754=
x-amz-request-id: MYJF7S1ZZKBVMJE0
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 16 Oct 2022 19:35:10 GMT
age: 2088
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 16 Oct 2022 20:09:58 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www13.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=26006973&pci=7137021235&t=1665950951&dest=https://www.file-upload.net/download-15000101/Mitsubishi_Lancer_EVO_X_Hycade_Bodykit_Toldi.7z.html
104.21.92.39200 OK 28 kB URL HTTP/1.1 www13.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=26006973&pci=7137021235&t=1665950951&dest=https://www.file-upload.net/download-15000101/Mitsubishi_Lancer_EVO_X_Hycade_Bodykit_Toldi.7z.html
IP 104.21.92.39:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (62619)
Hash 179476c88698da8c0cf9697ff74b1787
bcc0a6e496afee686437f89e184f814a9074e034
e00782fe7dafd79774643bdf200b7ef11aa297c6f3b3c1f2977fa81609d7341c
GET /pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=26006973&pci=7137021235&t=1665950951&dest=https://www.file-upload.net/download-15000101/Mitsubishi_Lancer_EVO_X_Hycade_Bodykit_Toldi.7z.html HTTP/1.1
Host: www13.davisonbarker.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 16 Oct 2022 20:09:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/7.3.27
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
set-cookie: lastUrlPushTmp=www13.davisonbarker.pro
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WMSEVLStXZaddW1BJF%2FpvteteAVqu59a1O8nfUX6sJJZDLCwj4SUD48eQieeXBRIIKcRPVzAfv2pZipTJWJv7mSP8y2uqF9siVMxi4L6PMlck%2B2jQDitAwTx8z%2BVRqV4sqpCkZt2iFRoMA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75b36f68deb81bfe-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash f0413efff3fc4435819eea0892565002
68f2cbf9d99cbc2f3500c911fe2906ea03a6d72f
f5ebdb13ab4ad27844b4ad00d4bb79c9238bd02937bdab5dc83d0802d956895f
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=150459
Date: Sun, 16 Oct 2022 20:09:58 GMT
Etag: "634bf982-1d7"
Expires: Tue, 18 Oct 2022 13:57:37 GMT
Last-Modified: Sun, 16 Oct 2022 12:30:58 GMT
Server: ECS (bsa/EB12)
X-Cache: Miss from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: gugAQH9b8mQCWm-I2rJqVZxh97W3HbxcByY_ESu71vHSpwomEwyrBA==
Age: 5199
dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
54.230.245.26200 OK 50 kB URL HTTP/1.1 dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
IP 54.230.245.26:0
File type Unicode text, UTF-8 text, with very long lines (15952)
Hash 9e6b1b04c02ddcfe7ab85a842fda69da
38a44be5c9995d33ec8fb244dfefb37f652b001d
876bcab017a09b120da7ce7442b1b45dfda159c0421fc638197f85f049e35f44
GET /?gfkcd=824473 HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/
HTTP/1.1 200 OK
Content-Length: 49676
Connection: keep-alive
Date: Sun, 16 Oct 2022 20:09:58 GMT
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 958ZOJwLCv5SzFcNvOTalHZQqQagKzH6c_62f38XsazLKh9E-lJysQ==
simplewebanalysis.com/stats
52.29.95.124200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.29.95.124:0
File type ASCII text, with no line terminators
Hash b62b666786a62d4e213729743a646c83
32fac75ff742f6d760f6738114afb90ba1b20810
dc1a7fed713f0a4624c74bc8ddff5bf0b5fd5c42fffd39460c40aba45434ff09
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www13.davisonbarker.pro
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 16 Oct 2022 20:09:58 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://www13.davisonbarker.pro
access-control-allow-credentials: true
set-cookie: uid_id2=14864c40-22c8-437b-ba46-b8944ecb7515:1:1; expires=Wed, 13 Oct 2032 20:09:58 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
www13.davisonbarker.pro/static/image/logo.png
104.21.92.39200 OK 11 kB URL HTTP/1.1 www13.davisonbarker.pro/static/image/logo.png
IP 104.21.92.39:0
File type PNG image data, 185 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash f819716ccd5a0e06aecdb273cfb4ccbe
f60bad9a95299264085d01c9705b03c768a71da8
196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a
GET /static/image/logo.png HTTP/1.1
Host: www13.davisonbarker.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=26006973&pci=7137021235&t=1665950951&dest=https://www.file-upload.net/download-15000101/Mitsubishi_Lancer_EVO_X_Hycade_Bodykit_Toldi.7z.html
HTTP/1.1 200 OK
Date: Sun, 16 Oct 2022 20:09:58 GMT
Content-Type: image/png
Content-Length: 10726
Connection: keep-alive
cache-control: public, max-age=604800
expires: Sun, 23 Oct 2022 20:09:58 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "29e6-5faa60e6-b22ed065d915c717;;;"
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HpdjiUNG6M%2BHKCtyKmetQbU%2BVSmB0F%2BlxLm473Ftmc6MKistHAYYv7d4WBPNPB6iI5b0VeLTefRAv4fkoiZb1eAN9TvHovF8D%2FxGpn%2F0XYfqepzrfXZofuzEfxwywaK%2FP%2BC9jd%2B37lOLBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75b36f6b8a041bfe-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 16 Oct 2022 20:07:43 GMT
Expires: Sun, 16 Oct 2022 20:43:40 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 2t4sweMlhSkaGO-OLMQkbvGumDMdr2rmLdkwWOhghZ58VWm6mA3VnQ==
Age: 135
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f611de559333fa15533c52ffc7aeda37
ac9f4fe8673c1511766befe0fa35803e34419582
f5e652821af51974a59045c138336c3b667af78d107e1784d6182f0274f0dc20
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F5E652821AF51974A59045C138336C3B667AF78D107E1784D6182F0274F0DC20"
Last-Modified: Sat, 15 Oct 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16108
Expires: Mon, 17 Oct 2022 00:38:26 GMT
Date: Sun, 16 Oct 2022 20:09:58 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f611de559333fa15533c52ffc7aeda37
ac9f4fe8673c1511766befe0fa35803e34419582
f5e652821af51974a59045c138336c3b667af78d107e1784d6182f0274f0dc20
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F5E652821AF51974A59045C138336C3B667AF78D107E1784D6182F0274F0DC20"
Last-Modified: Sat, 15 Oct 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16108
Expires: Mon, 17 Oct 2022 00:38:26 GMT
Date: Sun, 16 Oct 2022 20:09:58 GMT
Connection: keep-alive
eautifuleed.xyz/WFFxWlg5MxI3ZzlsE3wtKj1Mf2oedEMcPDtkGmI+P2QYNTtgIl85NDckFTwqNz8FdDY9JVRoHg0yNm4iDWNJDhkOYUAPGQkZJ2htAAAdNRACFwkNGh0QSRsJGgUpIxI8EBtrbh4mRQ8QagQrHTIsMzcJOw4XNxccPAA8CBkeAwQJCg0QJB1tPQcWYwAVBzsfCx0yGxsaLAUjMGgUFyAyOQgAHg8LHQgIDzBoEyIONxwZMGIPAQIdHAkZH0MCDRoWImgSPQcnayA8PUAbGTQ+SB0/MB0wDRUAAjcyKwIHBQwAABdDAg0ZMiMCAjscJzkePgdIAAsvfDcwGxoEPw0cIBogMz8aCEBvGQA2OzAANAcSGyINFjA9LA4BMz4OABknKw8OZBQcCwICIAt+MiIeNChlPQBoKgsYNTs8KQc7LxNt
108.157.229.11200 OK 1.2 kB URL HTTP/1.1 eautifuleed.xyz/WFFxWlg5MxI3ZzlsE3wtKj1Mf2oedEMcPDtkGmI+P2QYNTtgIl85NDckFTwqNz8FdDY9JVRoHg0yNm4iDWNJDhkOYUAPGQkZJ2htAAAdNRACFwkNGh0QSRsJGgUpIxI8EBtrbh4mRQ8QagQrHTIsMzcJOw4XNxccPAA8CBkeAwQJCg0QJB1tPQcWYwAVBzsfCx0yGxsaLAUjMGgUFyAyOQgAHg8LHQgIDzBoEyIONxwZMGIPAQIdHAkZH0MCDRoWImgSPQcnayA8PUAbGTQ+SB0/MB0wDRUAAjcyKwIHBQwAABdDAg0ZMiMCAjscJzkePgdIAAsvfDcwGxoEPw0cIBogMz8aCEBvGQA2OzAANAcSGyINFjA9LA4BMz4OABknKw8OZBQcCwICIAt+MiIeNChlPQBoKgsYNTs8KQc7LxNt
IP 108.157.229.11:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3023), with no line terminators
Hash 9418080d0a2ccc06ac870ba456ecdd79
6a6a14edf15f154a32ea555c1803331e9964a7bb
3ec5c7bb4155bbdd91a5ee8de50bed11b36bc584bf59ad5ba7b8ee1db66c5436
GET /WFFxWlg5MxI3ZzlsE3wtKj1Mf2oedEMcPDtkGmI+P2QYNTtgIl85NDckFTwqNz8FdDY9JVRoHg0yNm4iDWNJDhkOYUAPGQkZJ2htAAAdNRACFwkNGh0QSRsJGgUpIxI8EBtrbh4mRQ8QagQrHTIsMzcJOw4XNxccPAA8CBkeAwQJCg0QJB1tPQcWYwAVBzsfCx0yGxsaLAUjMGgUFyAyOQgAHg8LHQgIDzBoEyIONxwZMGIPAQIdHAkZH0MCDRoWImgSPQcnayA8PUAbGTQ+SB0/MB0wDRUAAjcyKwIHBQwAABdDAg0ZMiMCAjscJzkePgdIAAsvfDcwGxoEPw0cIBogMz8aCEBvGQA2OzAANAcSGyINFjA9LA4BMz4OABknKw8OZBQcCwICIAt+MiIeNChlPQBoKgsYNTs8KQc7LxNt HTTP/1.1
Host: eautifuleed.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1176
Connection: keep-alive
Date: Sun, 16 Oct 2022 20:09:58 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 3130c9b603e4215bb05d32cd39e3843c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P2
X-Amz-Cf-Id: fWr5xPh1oAp0VMINsi_8uagN_xx28eUiMJZhhpaoIveFWTN96osSXg==
dsoodbye.xyz/M2l2cXUcVhUCSFAuMAEhZyc+JERLXjVBI2k+Lkk9YVgeFxNiOFAFHFdUTkNBB15FVwVaDUtCRxUaAhABRhpLQFNaBxAeSBUfS0FbC0dHQVsDTwNMRBUdBhASDlhQAQFHBUtAQwVcT0REA1lEQkAG
104.21.16.22204 No Content 0 B URL HTTP/2 dsoodbye.xyz/M2l2cXUcVhUCSFAuMAEhZyc+JERLXjVBI2k+Lkk9YVgeFxNiOFAFHFdUTkNBB15FVwVaDUtCRxUaAhABRhpLQFNaBxAeSBUfS0FbC0dHQVsDTwNMRBUdBhASDlhQAQFHBUtAQwVcT0REA1lEQkAG
IP 104.21.16.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /M2l2cXUcVhUCSFAuMAEhZyc+JERLXjVBI2k+Lkk9YVgeFxNiOFAFHFdUTkNBB15FVwVaDUtCRxUaAhABRhpLQFNaBxAeSBUfS0FbC0dHQVsDTwNMRBUdBhASDlhQAQFHBUtAQwVcT0REA1lEQkAG HTTP/1.1
Host: dsoodbye.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 16 Oct 2022 20:09:58 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ieRWRt74LUFW3uxegqk28HIbmrKjooOhajYEr5Ioejjco3x2Ri%2Fj00nypNC1XQuomlSEhY%2FgLCxSr5mUJG7%2F1cDo5YgfXcOF2FlkejM8PFZ2MrwcJkBdkb2xOCxcOw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75b36f6dcf121c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dsoodbye.xyz/Skg5TWdld1o+Wh4yY309ewoNDyIMGlgFCAUafxsMLwkADjF4Kx85Di51AX9Tfn8KaxcjLAR+VWw7TSwTPzsEf1d6fx8kCSwnBH9BPHUJY19keQljV2w9BHxBPjhYKlp7bkk5EyZ1CHtRf3EMfFd6egp7Vw
104.21.16.22204 No Content 0 B URL HTTP/2 dsoodbye.xyz/Skg5TWdld1o+Wh4yY309ewoNDyIMGlgFCAUafxsMLwkADjF4Kx85Di51AX9Tfn8KaxcjLAR+VWw7TSwTPzsEf1d6fx8kCSwnBH9BPHUJY19keQljV2w9BHxBPjhYKlp7bkk5EyZ1CHtRf3EMfFd6egp7Vw
IP 104.21.16.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Skg5TWdld1o+Wh4yY309ewoNDyIMGlgFCAUafxsMLwkADjF4Kx85Di51AX9Tfn8KaxcjLAR+VWw7TSwTPzsEf1d6fx8kCSwnBH9BPHUJY19keQljV2w9BHxBPjhYKlp7bkk5EyZ1CHtRf3EMfFd6egp7Vw HTTP/1.1
Host: dsoodbye.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 16 Oct 2022 20:09:58 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=otAdplcBhhZvo6FgdKmFVBm6DM%2FjdQ6NPIxkPO54NrpTDVbtchUSbg4bLPj4jeT2EeZRDcFf7qOltCXz%2BUe8TXfXq4ISKjtSHUIIgz%2BZNfeA3Z644IPHWznKpTgpl9w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75b36f6dbf0f1c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f611de559333fa15533c52ffc7aeda37
ac9f4fe8673c1511766befe0fa35803e34419582
f5e652821af51974a59045c138336c3b667af78d107e1784d6182f0274f0dc20
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F5E652821AF51974A59045C138336C3B667AF78D107E1784D6182F0274F0DC20"
Last-Modified: Sat, 15 Oct 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16108
Expires: Mon, 17 Oct 2022 00:38:26 GMT
Date: Sun, 16 Oct 2022 20:09:58 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cfc92c8f6ee7599505d969732542ac42
7f4804d49c8ccd76ccffa6b72d41b1df611eb090
406c057a8392b9fa0ab09efa8b3222a58ec5fc17fa73f55a1f093e3d1092b0e4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6569
Cache-Control: max-age=135978
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 20:09:58 GMT
Etag: "634bbb97-1d7"
Expires: Tue, 18 Oct 2022 09:56:16 GMT
Last-Modified: Sun, 16 Oct 2022 08:06:47 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
breedingdaringconcussion.com/aa/24/05/aa240591af5d8573573bb87d25c7ab12.json
192.243.59.20200 OK 409 B URL HTTP/1.1 breedingdaringconcussion.com/aa/24/05/aa240591af5d8573573bb87d25c7ab12.json
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (409), with no line terminators
Hash a47854e61a7a0f004df676c43b1211b6
582cd146844285922d6be63ccc81be57ce6ace1e
4cefe3d8d4f30376cc75677566601cded75ebbdae45f2ddadddbd9b7294ed246
Analyzer Verdict Alert quad9 Sinkholed
GET /aa/24/05/aa240591af5d8573573bb87d25c7ab12.json HTTP/1.1
Host: breedingdaringconcussion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://www13.davisonbarker.pro
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 16 Oct 2022 20:09:58 GMT
Content-Type: application/json
Content-Length: 409
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 485dd9f86fd0e39a2a923f51db1e844e
Strict-Transport-Security: max-age=0; includeSubdomains
dc5k8fg5ioc8s.cloudfront.net/UcG4zU28TAV01UAQHV25XQloHZFxWBEA8AQBTXyJdAj16Fw4UH2UZGjtbFScVFFMDdQMRAFRuSRUAUG5eVg9XMVJESEcjABtTRj0LFQhaPQoUSEYyUh0BSToDHA8WYSlFQAN2XUBGS2JeVV1xdl1AAlo9GghLAWMXSFhsZVtVXXF2XUAcRXZcMVcFfV9ZSw-FjCBUNWDxKQigBY15AXgJjXlVcAzUGAgtVPBdVXHVqWV5eFSZSQQ
54.230.245.26200 OK 334 B URL HTTP/1.1 dc5k8fg5ioc8s.cloudfront.net/UcG4zU28TAV01UAQHV25XQloHZFxWBEA8AQBTXyJdAj16Fw4UH2UZGjtbFScVFFMDdQMRAFRuSRUAUG5eVg9XMVJESEcjABtTRj0LFQhaPQoUSEYyUh0BSToDHA8WYSlFQAN2XUBGS2JeVV1xdl1AAlo9GghLAWMXSFhsZVtVXXF2XUAcRXZcMVcFfV9ZSw-FjCBUNWDxKQigBY15AXgJjXlVcAzUGAgtVPBdVXHVqWV5eFSZSQQ
IP 54.230.245.26:0
File type ASCII text, with very long lines (423), with no line terminators
Hash 3f849ee48b5aa9b0a44dead4fbaeb785
628f504291da0c0c7ee4a7d129a8d3a154e3b5f1
06e3056312fad624f1e59a35cc451e368f192bd4f018eaf94cdb463d60d5084b
GET /UcG4zU28TAV01UAQHV25XQloHZFxWBEA8AQBTXyJdAj16Fw4UH2UZGjtbFScVFFMDdQMRAFRuSRUAUG5eVg9XMVJESEcjABtTRj0LFQhaPQoUSEYyUh0BSToDHA8WYSlFQAN2XUBGS2JeVV1xdl1AAlo9GghLAWMXSFhsZVtVXXF2XUAcRXZcMVcFfV9ZSw-FjCBUNWDxKQigBY15AXgJjXlVcAzUGAgtVPBdVXHVqWV5eFSZSQQ HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eautifuleed.xyz/
HTTP/1.1 200 OK
Content-Length: 334
Connection: keep-alive
Date: Sun, 16 Oct 2022 20:09:58 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: D9ieM_2YSqNrC_zmk48Y-QGNuf1XjdDP8CQruW1DWHNgnFLTBDxGyw==
push.services.mozilla.com/
34.214.236.46101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.214.236.46:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: sz8AiPimV3bnqK84eHyf1g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: zbZM4WK5tQ2kPA93wHYYSfBdzyo=
banquetunarmedgrater.com/advertisers.js
173.233.137.36200 OK 0 B URL HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 20:09:59 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b9b0a60cb3394c9b34f0d71b70a0b5e9
Strict-Transport-Security: max-age=0; includeSubdomains
dsoodbye.xyz/popunder.gif
104.21.16.22200 OK 58 B URL HTTP/1.1 dsoodbye.xyz/popunder.gif
IP 104.21.16.22:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 79c15b369d32d2f0f17c116f541b6df3
3039289d4d1f5bc7385a81621deb2614423b769b
e3a3c6b90f511e80a77636fdd4c6047336d4ed5b2c86adf74318a08142649e08
GET /popunder.gif HTTP/1.1
Host: dsoodbye.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/
HTTP/1.1 200 OK
Date: Sun, 16 Oct 2022 20:09:59 GMT
Content-Type: image/gif
Content-Length: 58
Connection: keep-alive
access-control-allow-origin: *
Pragma: public
cache-control: public, max-age=604800, immutable
content-encoding: gzip
CF-Cache-Status: HIT
Age: 178270
Last-Modified: Fri, 14 Oct 2022 18:38:49 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ep3WeWVahvMqRze8a89J3nIk0%2FOb%2Fl8E3TFp2CSYA8rCyfZ%2FN3oZrpZj1V4c9x5rvc%2Bb%2FWZWli%2FjsA2LpYOzNEUyBP26QB%2BMIlSH2utzgtlVwaAFQ7y6J4Nuzr%2FImvc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75b36f718e13b4f1-OSL
alt-svc: h2=":443"; ma=60
addresseepaper.com/sfp.js
104.21.235.2200 OK 28 kB URL HTTP/1.1 addresseepaper.com/sfp.js
IP 104.21.235.2:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/
HTTP/1.1 200 OK
Date: Sun, 16 Oct 2022 20:09:59 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 83cbeadd43908848f75f86aaf6112509
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sun, 16 Oct 2022 20:09:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sdtZbYcnU7nUphJxgGpGQEB%2FTK0Q9rkyOGw7oCyAJTlN06rPT%2BSqkDMgViPEm6e39%2FTD3zvrdfkaWVLRWC5A5szojMF78dfa%2BhDjlAesrNjE81usjaHG%2BAcOjWmT3t27nNIrV3o%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75b36f6fcb5c8865-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
reasonablelandmark.com/bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js
192.243.59.12200 OK 13 kB URL HTTP/1.1 reasonablelandmark.com/bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37120), with no line terminators
Hash 77324a5bbc939dfbd67656e89622e047
82a53450f3944ee599a5ffa0fb594c4079871a32
9d1342430df61d54da506943fa173ef55d2a8cb76c9db287ca358941a0f561f9
Analyzer Verdict Alert quad9 Sinkholed
GET /bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js HTTP/1.1
Host: reasonablelandmark.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 16 Oct 2022 20:09:59 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0047881188134260775ef7d503fa8192
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d2e85ca944ca4959c3a7fefed9e62409
adb02a689b93e29bc250ccd89a798b4c905f8677
7ebde8e537b6cb68b9a900ffc7beb1d2dd9be7c3fb8efec00e4f66c852399562
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7EBDE8E537B6CB68B9A900FFC7BEB1D2DD9BE7C3FB8EFEC00E4F66C852399562"
Last-Modified: Sat, 15 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4592
Expires: Sun, 16 Oct 2022 21:26:31 GMT
Date: Sun, 16 Oct 2022 20:09:59 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d2e85ca944ca4959c3a7fefed9e62409
adb02a689b93e29bc250ccd89a798b4c905f8677
7ebde8e537b6cb68b9a900ffc7beb1d2dd9be7c3fb8efec00e4f66c852399562
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7EBDE8E537B6CB68B9A900FFC7BEB1D2DD9BE7C3FB8EFEC00E4F66C852399562"
Last-Modified: Sat, 15 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4592
Expires: Sun, 16 Oct 2022 21:26:31 GMT
Date: Sun, 16 Oct 2022 20:09:59 GMT
Connection: keep-alive
dismantlepenantiterrorist.com/pxf.gif?uuid=14864c40-22c8-437b-ba46-b8944ecb7515&eb=f7f733e10dbfb66931f79b4d6cd2ec08&te=3a754cebd09bb2f7570f96954fbfd43e&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.29&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
192.243.61.227200 OK 1 B URL HTTP/1.1 dismantlepenantiterrorist.com/pxf.gif?uuid=14864c40-22c8-437b-ba46-b8944ecb7515&eb=f7f733e10dbfb66931f79b4d6cd2ec08&te=3a754cebd09bb2f7570f96954fbfd43e&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.29&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=14864c40-22c8-437b-ba46-b8944ecb7515&eb=f7f733e10dbfb66931f79b4d6cd2ec08&te=3a754cebd09bb2f7570f96954fbfd43e&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.29&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20 HTTP/1.1
Host: dismantlepenantiterrorist.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 20:09:59 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 037943099154cc77c594420a158e8376
Strict-Transport-Security: max-age=0; includeSubdomains
eautifuleed.xyz/utx?cb=5V2RcKFPANGY&top=www13.davisonbarker.pro&tid=824473
108.157.229.11204 No Content 0 B URL HTTP/2 eautifuleed.xyz/utx?cb=5V2RcKFPANGY&top=www13.davisonbarker.pro&tid=824473
IP 108.157.229.11:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=5V2RcKFPANGY&top=www13.davisonbarker.pro&tid=824473 HTTP/1.1
Host: eautifuleed.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www13.davisonbarker.pro
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 16 Oct 2022 20:09:59 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www13.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 16 Oct 2022 20:10:59 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 fedd444eadd43dacc7e53f24b46bddf8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: KuVl0xa5t-G82Fn_38y9q1GgJ9kmeZC9Ef8OA-vO0CX0vgTOIA5TWg==
X-Firefox-Spdy: h2
creepingbrings.com/sfp.js
104.21.234.232200 OK 28 kB URL HTTP/1.1 creepingbrings.com/sfp.js
IP 104.21.234.232:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
GET /sfp.js HTTP/1.1
Host: creepingbrings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/
HTTP/1.1 200 OK
Date: Sun, 16 Oct 2022 20:09:59 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: cc0a8a4aa2a9c2a3691a3177f37981ae
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sun, 16 Oct 2022 20:09:59 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ga4Cl%2BirbSEX6X%2FxMznMN94Ga80t2gVB8I6M74uouZVpVNfJI6a7ib2MFbPATcI2DMsF8w9tEabgiemQ1mMwqcs3QWQr5jerzvUl%2BM5prLjJAttN2a9romGaLAX17PmVbHsPSNY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75b36f73aea87767-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d2e85ca944ca4959c3a7fefed9e62409
adb02a689b93e29bc250ccd89a798b4c905f8677
7ebde8e537b6cb68b9a900ffc7beb1d2dd9be7c3fb8efec00e4f66c852399562
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7EBDE8E537B6CB68B9A900FFC7BEB1D2DD9BE7C3FB8EFEC00E4F66C852399562"
Last-Modified: Sat, 15 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4592
Expires: Sun, 16 Oct 2022 21:26:31 GMT
Date: Sun, 16 Oct 2022 20:09:59 GMT
Connection: keep-alive
eautifuleed.xyz/floater?cs=c1VXYjVEZ2JUDUZtZ1ABRGxhUgI&abt=0&red=1&sm=83&k=&v=0.8.10.0&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=http%3A%2F%2Fwww13.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D26006973%26pci%3D7137021235%26t%3D1665950951%26dest%3Dhttps%3A%2F%2Fwww.file-upload.net%2Fdownload-15000101%2FMitsubishi_Lancer_EVO_X_Hycade_Bodykit_Toldi.7z.html&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td5_oi1_&_aw9r=1665951003074&crc=1
108.157.229.11200 OK 1.1 kB URL HTTP/2 eautifuleed.xyz/floater?cs=c1VXYjVEZ2JUDUZtZ1ABRGxhUgI&abt=0&red=1&sm=83&k=&v=0.8.10.0&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=http%3A%2F%2Fwww13.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D26006973%26pci%3D7137021235%26t%3D1665950951%26dest%3Dhttps%3A%2F%2Fwww.file-upload.net%2Fdownload-15000101%2FMitsubishi_Lancer_EVO_X_Hycade_Bodykit_Toldi.7z.html&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td5_oi1_&_aw9r=1665951003074&crc=1
IP 108.157.229.11:0
File type ASCII text, with very long lines (1811), with no line terminators
Hash 07fda8416559e7175430b77329add39a
6a349fb23c618581876a3f54c037c78ecd1bd442
5a6fbb5a856d7fa33f758206509f7024a0e0aefc7e16f9fb248a886b25cf3e7f
GET /floater?cs=c1VXYjVEZ2JUDUZtZ1ABRGxhUgI&abt=0&red=1&sm=83&k=&v=0.8.10.0&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=http%3A%2F%2Fwww13.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D26006973%26pci%3D7137021235%26t%3D1665950951%26dest%3Dhttps%3A%2F%2Fwww.file-upload.net%2Fdownload-15000101%2FMitsubishi_Lancer_EVO_X_Hycade_Bodykit_Toldi.7z.html&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td5_oi1_&_aw9r=1665951003074&crc=1 HTTP/1.1
Host: eautifuleed.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www13.davisonbarker.pro
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
content-length: 1147
date: Sun, 16 Oct 2022 20:09:59 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www13.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=d90e8753-4216-4448-9549-7dd461020ff8
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 fedd444eadd43dacc7e53f24b46bddf8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: BwUteT1wC2lxScSWyrGsEfyworkaqJb73gH0GVE9AXRZGIE8Nmr4Lg==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 467c98217b3c90dedabafc249207b8eb
8a0756b2c6003aaaba58cc75be784e8e283feb45
82b3ac154fd4347d2a7827d48ff7f0ccc8c0abe562cb6796a52b02e7cc9b6467
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "82B3AC154FD4347D2A7827D48FF7F0CCC8C0ABE562CB6796A52B02E7CC9B6467"
Last-Modified: Sat, 15 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9014
Expires: Sun, 16 Oct 2022 22:40:14 GMT
Date: Sun, 16 Oct 2022 20:10:00 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc72044c0-fdd0-4da5-aa61-159d966f040f.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc72044c0-fdd0-4da5-aa61-159d966f040f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3e86d948bf8ed2f5918f8323b043ad5f
41548e231e2358d3453e7630f0d07a645cc25ddc
6602f2a020618234d34a9b6cd107398f0405de6dd14227e265aca84b38eaa5cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc72044c0-fdd0-4da5-aa61-159d966f040f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7075
x-amzn-requestid: 254a8860-b3bf-4e8d-a08d-31effa209a6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEL5iGQqIAMFmkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b26a3-1a2820f550f35bf830444c22;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:31:15 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: noeZThjNw_knj4oZ39f_xFQl_eFhT_iJ5ki1eaCv873z5WThwd7gXA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:39:58 GMT
age: 81002
etag: "41548e231e2358d3453e7630f0d07a645cc25ddc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=14864c40-22c8-437b-ba46-b8944ecb7515&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.29&b_frame=0&pk=bff29f0d3318d4c4b9a844119e218228&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=14864c40-22c8-437b-ba46-b8944ecb7515&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.29&b_frame=0&pk=bff29f0d3318d4c4b9a844119e218228&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=14864c40-22c8-437b-ba46-b8944ecb7515&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.29&b_frame=0&pk=bff29f0d3318d4c4b9a844119e218228&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 20:10:00 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 96bdc9fb366ded1797e38d8c8b350af4
Strict-Transport-Security: max-age=0; includeSubdomains
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a5488a3-4a1c-4773-99f6-81e18bcdccd2.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a5488a3-4a1c-4773-99f6-81e18bcdccd2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 319cbf11bba3f159e5c9f606deded924
13f29acb7a694030fc2de0b42c0d95c4be49deb7
09aa7d94e4829f4daf33d5e2aed077afcc59628839c5d6e877172e8455879062
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a5488a3-4a1c-4773-99f6-81e18bcdccd2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15855
x-amzn-requestid: c8171eaf-67b4-4179-9e69-36fe00ef3bfe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZhQU8HmcIAMFw0w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633d2db9-2985178a31d0e8c430323a26;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 07:09:45 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Zo6PXcoqkbRgpug8ZDp-0Q9RtLAwpAOlASdtGT4KHy6Q9q-4HgLqfw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sun, 16 Oct 2022 05:08:57 GMT
age: 54063
etag: "13f29acb7a694030fc2de0b42c0d95c4be49deb7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4cebbc75-2448-4faf-839b-c39ac6e47b98.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4cebbc75-2448-4faf-839b-c39ac6e47b98.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6432c2bf0bab32f918d931dd98a6e1e4
bba4f37b146e5aea2b6490f8f7da63fa61ffc849
bde0d98cb1dcd70f22cd2aee5860eb0cd824d1bb12ab18245ab8eed06a79cf1d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4cebbc75-2448-4faf-839b-c39ac6e47b98.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7337
x-amzn-requestid: 43a16c4d-c5b9-4d01-8ba4-e811b09e96b1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z-WYqEwVoAMFe5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6348d104-121eda8b7a73518849342e7a;Sampled=0
x-amzn-remapped-date: Fri, 14 Oct 2022 03:01:24 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: z8x5zYoU_lGHWGt8ZhQFB6G9gS1Q4YhG_AxOdLCqIpZkXp_-f45ExA==
via: 1.1 25b9a991f871f75614e7f92f97b136a4.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sun, 16 Oct 2022 05:16:13 GMT
age: 53627
etag: "bba4f37b146e5aea2b6490f8f7da63fa61ffc849"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbdbc5b51-a9c2-4f99-ad40-8ab061924326.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbdbc5b51-a9c2-4f99-ad40-8ab061924326.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cd94762992136ed2f4d24dd34a745154
2050cee63f8005c5d9ac1a817730ada51b323f34
4548836d8846da958f477e1df952f6da9b9640e204804a7c76194d3e061b90a4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbdbc5b51-a9c2-4f99-ad40-8ab061924326.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7082
x-amzn-requestid: 5e98988f-faad-4e52-a49f-28d5a77b15d4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEL46HFloAMFSag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b269f-6759e36c79241479181c1d05;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:31:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: u2l4A1Vt7WLHe9NdaSFyBhwnBo9XfI3n5bXqpv8MGUXl7YaywUknJQ==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:37:09 GMT
age: 81171
etag: "2050cee63f8005c5d9ac1a817730ada51b323f34"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.198.35200 OK 109 kB IP 172.64.198.35:0
Size 109 kB (108767 bytes)
Hash b3673d9d7a7a4a8262a80ce8655e5dc6
2c03c93fc9ff5ba004f25eb95f1f5ca25b33bfb5
2c27e25ebdfc5b393b4b9087e056892e1df7996c80b79e90f7a207eb46262e5e
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www13.davisonbarker.pro/
Origin: http://www13.davisonbarker.pro
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 16 Oct 2022 20:09:59 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://www13.davisonbarker.pro
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Sun, 16 Oct 2022 20:09:59 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GvRsmdNvBqDgXxqPw4coKjrBq%2FnsnESqebjsEeUNyQuCGzEtQH3gxP%2B5a1vu5b1j0BTAsMm91cokHmEpVt75OWj2I8AQ9UxrXc5hnt31%2BX0fNr%2FO3gR6ByLdKyKWB0wH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75b36f73cc0d71cf-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb25d7cce-c352-4b25-a8c5-aa8493d99e4c.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb25d7cce-c352-4b25-a8c5-aa8493d99e4c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e20daa74ab04b1b9859672acfc070f7e
d291947f161c928e6c6682a05835478b5f0cffc5
ebbe051930f46dd25de2a4c5795f3bdddf1513c0657cdc986c48f3dfdc90f575
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb25d7cce-c352-4b25-a8c5-aa8493d99e4c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9260
x-amzn-requestid: dfd8deb0-fc73-4321-b024-330b2a3d1759
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aENyFH9RoAMF24w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b29a6-0aaf75c43b51d5775bc48a95;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:44:06 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 61ygCro-e2iz9SdywbShi7CWHcWLovGr7Ob2wWno2E2bpRWujT_OOA==
via: 1.1 ef6538ee7be7b17c84d06edb0f4c0a1a.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:53:51 GMT
age: 80169
etag: "d291947f161c928e6c6682a05835478b5f0cffc5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash 9b6753c35f65fa4e0b4add30d5802c71
f0e5aacb63a6d2b06c862ee186bb2ca86542d46f
2359031e66c13feff887ace8308d04acbc0bffb2e2e514a6a20a412e9002984b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=145534
Date: Sun, 16 Oct 2022 20:10:02 GMT
Etag: "634bf825-1d7"
Expires: Tue, 18 Oct 2022 12:35:36 GMT
Last-Modified: Sun, 16 Oct 2022 12:25:09 GMT
Server: ECS (nyb/1D32)
X-Cache: Miss from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 5vSSxj_lOuJ2FUFsCvUN3b05qetqIiENmjDXLBYOaSoYy3CZIrbbhg==
Age: 627
webpick-cdn.s3.us-west-2.amazonaws.com/getlaid.jpeg
52.218.250.17200 OK 9.3 kB URL HTTP/1.1 webpick-cdn.s3.us-west-2.amazonaws.com/getlaid.jpeg
IP 52.218.250.17:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash e73bda30c82b74c32e5f03e4ed4e4bb1
e2b381468138921e418865ca53fd7b91ab8febb8
e6a18e81d67bc6cfadbe2c86c78b99c0e01644cdeafb48144663121b629ea227
GET /getlaid.jpeg HTTP/1.1
Host: webpick-cdn.s3.us-west-2.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: DyaVmlee4u0BvJvdPc55H49m531Xq77XX/Qj0g/JJUSwDbiiLHLiEQRI0P1XvbvkmVjwtEB29i8=
x-amz-request-id: 501MNCFHPCH55K80
Date: Sun, 16 Oct 2022 20:10:03 GMT
Last-Modified: Thu, 25 Jun 2020 08:18:14 GMT
ETag: "e73bda30c82b74c32e5f03e4ed4e4bb1"
x-amz-meta-s3b-last-modified: 20200625T081632Z
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 9313
www13.davisonbarker.pro/static/image/skip_ad/en_tran.png
104.21.92.39200 OK 5.1 kB URL HTTP/1.1 www13.davisonbarker.pro/static/image/skip_ad/en_tran.png
IP 104.21.92.39:0
File type PNG image data, 155 x 41, 8-bit/color RGBA, non-interlaced\012- data
Hash a58f5ea6f1f6bb35658c351f876f1ba9
47fa621b845faf7df13e4021dcffd6f4c73c1018
ef8721967f0cca2539ee60f9cad0e8c1ef89f18a53964a4e6101033d23a4ba29
GET /static/image/skip_ad/en_tran.png HTTP/1.1
Host: www13.davisonbarker.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=26006973&pci=7137021235&t=1665950951&dest=https://www.file-upload.net/download-15000101/Mitsubishi_Lancer_EVO_X_Hycade_Bodykit_Toldi.7z.html
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=14864c40-22c8-437b-ba46-b8944ecb7515%3A1%3A1; ppu_main_aa240591af5d8573573bb87d25c7ab12=1
HTTP/1.1 200 OK
Date: Sun, 16 Oct 2022 20:10:03 GMT
Content-Type: image/png
Content-Length: 5076
Connection: keep-alive
cache-control: public, max-age=604800
expires: Sun, 23 Oct 2022 20:10:03 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "13d4-5faa60e6-eb24f435e560d3dd;;;"
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QOUtwnoJJH99wu2tJBisKbDRBmAo19jgM1lP%2Fu1dRE8nO9md1vQePwNYZbFhzOFPEUYqiwsjEgeta1mYdCJkHe3XLw6qdr0mvrXL62M0H%2BfdzhA0MU8gglc0%2BZ2u1WV%2FDNJi3bXVl0EWKg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75b36f8aba621bfe-OSL
alt-svc: h2=":443"; ma=60
pogothere.xyz/
172.64.198.35200 OK 0 B IP 172.64.198.35:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www13.davisonbarker.pro/
Origin: http://www13.davisonbarker.pro
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 16 Oct 2022 20:09:59 GMT
content-type: text/plain
set-cookie: csu=1982835642395559@1@1665950999; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://www13.davisonbarker.pro
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uTIQuuNOAAQnL72MsBqzlXZoo1lQQtNjv6zZKdAqTm3HiavFQfMkdZ1qADJmOkQcUuz8MSjtdcGTueaTJBFN8jymJ5HrlbhVXpgWmty8knYQ6nUgrIJX%2FVE4TXjbkTJX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75b36f73dc5571cf-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2