Report - www13.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=26006973&pci=7137021235&t=1665950951&dest=www.file-upload.net/download-15000101/Mitsubishi_Lancer_EVO_X_Hycade_Bodykit

Report Overview

Submitted URL
www13.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=26006973&pci=7137021235&t=1665950951&dest=www.file-upload.net/download-15000101/Mitsubishi_Lancer_EVO_X_Hycade_Bodykit_Toldi.7z.html
IP
172.67.186.48
ASN
#13335 CLOUDFLARENET
Submitted
2022-10-16 20:10:09
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-09T05:09:13Z	594 B	127 B	34.214.236.46
reasonablelandmark.com	unknown	2022-08-06T04:07:43Z	2023-03-09T05:08:01Z	316 B	14 kB	192.243.59.12
creepingbrings.com	unknown	2022-05-27T16:56:26Z	2023-03-01T13:25:12Z	274 B	28 kB	104.21.234.232
webpick-cdn.s3.us-west-2.amazonaws.com	74835	2019-04-01T02:24:55Z	2023-03-08T21:18:11Z	360 B	9.7 kB	52.218.250.17
addresseepaper.com	18169	2021-11-01T22:11:31Z	2023-03-10T08:01:44Z	274 B	28 kB	104.21.235.2
simplewebanalysis.com	unknown	2022-02-25T05:06:25Z	2023-03-09T11:23:24Z	393 B	415 B	52.29.95.124
eautifuleed.xyz	unknown	2022-10-12T22:37:42Z	2023-01-02T12:45:19Z	2.2 kB	4.3 kB	108.157.229.11
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-09T11:52:10Z	329 B	797 B	93.184.220.29
pogothere.xyz	unknown	2022-09-04T21:11:25Z	2023-03-09T13:58:15Z	813 B	110 kB	172.64.198.35
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-09T05:09:18Z	758 B	2.8 kB	143.204.55.36
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-09T05:09:49Z	401 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-09T05:09:48Z	321 B	229 B	34.117.237.239
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	676 B	2.0 kB	54.230.245.100
dsoodbye.xyz	unknown	2022-10-13T10:02:22Z	2022-12-11T09:17:36Z	1.3 kB	2.0 kB	104.21.16.22
breedingdaringconcussion.com	unknown	2022-09-02T04:45:47Z	2023-03-05T02:03:30Z	364 B	1.2 kB	192.243.59.20
banquetunarmedgrater.com	unknown	2022-08-04T17:12:50Z	2023-03-09T05:53:57Z	288 B	327 B	173.233.137.36
dismantlepenantiterrorist.com	17847	2021-11-01T22:12:12Z	2023-03-09T23:39:55Z	622 B	423 B	192.243.61.227
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-09T05:09:05Z	978 B	2.7 kB	23.36.76.226
www13.davisonbarker.pro	unknown	2022-07-23T18:40:06Z	2023-02-13T01:40:32Z	1.7 kB	47 kB	104.21.92.39
dc5k8fg5ioc8s.cloudfront.net	unknown	2021-01-11T12:54:35Z	2023-03-09T11:58:33Z	805 B	51 kB	54.230.245.26
e1.o.lencr.org	6159	2021-08-20T09:36:30Z	2023-03-09T05:14:34Z	2.0 kB	4.4 kB	23.36.76.226
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-09T10:04:36Z	2.6 kB	52 kB	34.120.237.76
unseenreport.com	unknown	2022-03-30T16:33:17Z	2023-03-09T09:20:47Z	609 B	423 B	192.243.61.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-10-16	medium	breedingdaringconcussion.com	Sinkholed
2022-10-16	medium	banquetunarmedgrater.com	Sinkholed
2022-10-16	medium	reasonablelandmark.com	Sinkholed
2022-10-16	medium	dismantlepenantiterrorist.com	Sinkholed
2022-10-16	medium	unseenreport.com	Sinkholed

JavaScript (6)

	URL	Size	First Seen	Last Seen
	www13.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=26006973&pci=7137021235&t=1665950951&dest=https://www.file-upload.net/download-15000101/Mitsubishi_Lancer_EVO_X_Hycade_Bodykit_Toldi.7z.html	70 kB	2023-03-07	2023-05-15
Pretty URL www13.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=26006973&pci=7137021235&t=1665950951&dest=https://www.file-upload.net/download-15000101/Mitsubishi_Lancer_EVO_X_Hycade_Bodykit_Toldi.7z.html IP 104.21.92.39 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:50:57 Last Seen2023-05-15 22:48:54 Times Seen200 Hash 89a65ce6b1af31ff4330437afdbe7728 7b70a59efda26765a821b0193df597de8f4b8d74 bf4e261b5462befef118ed2771250f3b265b874ed0ea073399ed9edf1a6e3b12 Loading...

	www13.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=26006973&pci=7137021235&t=1665950951&dest=https://www.file-upload.net/download-15000101/Mitsubishi_Lancer_EVO_X_Hycade_Bodykit_Toldi.7z.html	1.6 kB	2023-03-10	2023-03-10
Pretty URL www13.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=26006973&pci=7137021235&t=1665950951&dest=https://www.file-upload.net/download-15000101/Mitsubishi_Lancer_EVO_X_Hycade_Bodykit_Toldi.7z.html IP 104.21.92.39 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 10:32:28 Last Seen2023-03-10 10:32:28 Times Seen1 Hash fbd942ce03f354a1dc6961fb101e52bf 6e6a3e61f05ae64359f33d1e5ed1d2ebe2ec4798 b7f7e065db6b82353a3575e02f73e88b045c2a53f79bb2de40e2a20a552dc1b7 Loading...

	eautifuleed.xyz/WFFxWlg5MxI3ZzlsE3wtKj1Mf2oedEMcPDtkGmI+P2QYNTtgIl85NDckFTwqNz8FdDY9JVRoHg0yNm4iDWNJDhkOYUAPGQkZJ2htAAAdNRACFwkNGh0QSRsJGgUpIxI8EBtrbh4mRQ8QagQrHTIsMzcJOw4XNxccPAA8CBkeAwQJCg0QJB1tPQcWYwAVBzsfCx0yGxsaLAUjMGgUFyAyOQgAHg8LHQgIDzBoEyIONxwZMGIPAQIdHAkZH0MCDRoWImgSPQcnayA8PUAbGTQ+SB0/MB0wDRUAAjcyKwIHBQwAABdDAg0ZMiMCAjscJzkePgdIAAsvfDcwGxoEPw0cIBogMz8aCEBvGQA2OzAANAcSGyINFjA9LA4BMz4OABknKw8OZBQcCwICIAt+MiIeNChlPQBoKgsYNTs8KQc7LxNt	3.0 kB	2023-03-10	2023-03-10
Pretty URL eautifuleed.xyz/WFFxWlg5MxI3ZzlsE3wtKj1Mf2oedEMcPDtkGmI+P2QYNTtgIl85NDckFTwqNz8FdDY9JVRoHg0yNm4iDWNJDhkOYUAPGQkZJ2htAAAdNRACFwkNGh0QSRsJGgUpIxI8EBtrbh4mRQ8QagQrHTIsMzcJOw4XNxccPAA8CBkeAwQJCg0QJB1tPQcWYwAVBzsfCx0yGxsaLAUjMGgUFyAyOQgAHg8LHQgIDzBoEyIONxwZMGIPAQIdHAkZH0MCDRoWImgSPQcnayA8PUAbGTQ+SB0/MB0wDRUAAjcyKwIHBQwAABdDAg0ZMiMCAjscJzkePgdIAAsvfDcwGxoEPw0cIBogMz8aCEBvGQA2OzAANAcSGyINFjA9LA4BMz4OABknKw8OZBQcCwICIAt+MiIeNChlPQBoKgsYNTs8KQc7LxNt IP 108.157.229.11 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 10:32:28 Last Seen2023-03-10 10:32:28 Times Seen1 Hash 29da50c35408cdf9c6d7eac9c2302e50 26b25d52bd2d51073338bbf49fea450eed5faec6 0d83caf66b302ed68085aab9afc30a4054ae6fbb4b4d50f7469abbbd0d9595c3 Loading...

	dc5k8fg5ioc8s.cloudfront.net/UcG4zU28TAV01UAQHV25XQloHZFxWBEA8AQBTXyJdAj16Fw4UH2UZGjtbFScVFFMDdQMRAFRuSRUAUG5eVg9XMVJESEcjABtTRj0LFQhaPQoUSEYyUh0BSToDHA8WYSlFQAN2XUBGS2JeVV1xdl1AAlo9GghLAWMXSFhsZVtVXXF2XUAcRXZcMVcFfV9ZSw-FjCBUNWDxKQigBY15AXgJjXlVcAzUGAgtVPBdVXHVqWV5eFSZSQQ	423 B	2023-03-10	2023-03-10
Pretty URL dc5k8fg5ioc8s.cloudfront.net/UcG4zU28TAV01UAQHV25XQloHZFxWBEA8AQBTXyJdAj16Fw4UH2UZGjtbFScVFFMDdQMRAFRuSRUAUG5eVg9XMVJESEcjABtTRj0LFQhaPQoUSEYyUh0BSToDHA8WYSlFQAN2XUBGS2JeVV1xdl1AAlo9GghLAWMXSFhsZVtVXXF2XUAcRXZcMVcFfV9ZSw-FjCBUNWDxKQigBY15AXgJjXlVcAzUGAgtVPBdVXHVqWV5eFSZSQQ IP 54.230.245.26 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 10:32:28 Last Seen2023-03-10 10:32:28 Times Seen1 Hash 5101dd987fb610df88d37a8036692df4 282cf105045308e07e2e935d4ce47435daef29b7 24194d5c0125eff6230d3b638e4cd86f9cf8372c6adcf2defd15caeeb2f6f97f Loading...

	banquetunarmedgrater.com/advertisers.js	0 B	2023-03-07	2024-04-19
Pretty URL banquetunarmedgrater.com/advertisers.js IP 173.233.137.36 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 00:03:10 Times Seen36949605 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	reasonablelandmark.com/bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js	37 kB	2023-03-10	2023-03-10
Pretty URL reasonablelandmark.com/bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 10:32:28 Last Seen2023-03-10 10:32:28 Times Seen1 Hash 654fb3a4fb619fa38bdd9fc114112059 9232c2a2bcb3c4ee8e5465e7c9a59a79dce808ab d36e1194cb3aa60834f8fcfd60dfae6b694396ebb726c134da5af490d10542c0 Loading...

HTTP Transactions (44)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
07b3389fc24c0f8eb82a9d05b546d17e
02716741b8952e548b9a223adbb3f16204eef2b2
25e13458988115ae1f8176cb2328dbfebd612eabebf256b4af64594d5e23d6ca

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25E13458988115AE1F8176CB2328DBFEBD612EABEBF256B4AF64594D5E23D6CA"
Last-Modified: Sat, 15 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15979
Expires: Mon, 17 Oct 2022 00:36:17 GMT
Date: Sun, 16 Oct 2022 20:09:58 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
c9df6b36bf16969ac566c1b798362e4a
e56eff34815153ae019a4bf63eb9746dd9ae2e5b
33c1175144ab2be42c9de383f7893a6e60cd1f21f282eacb413d546331db3fa0

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Retry-After, Alert, Content-Type, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 16 Oct 2022 19:50:32 GMT
Expires: Sun, 16 Oct 2022 20:38:15 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: xuhgoCgnXTRGF3dbT1QGrWTbt8ChqVU3N6fY1Z_nnHILT3v5gZbLKA==
Age: 1165

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a57d0f62d9bd29668b94a513fa45d18e
d7cb263502e21f9235b4523a596e2138d22042ec
df7acd4fe34cc9c4945a5d83ef538105a73dfc1a8b485bc7a62488c5406b1294

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF7ACD4FE34CC9C4945A5D83EF538105A73DFC1A8B485BC7A62488C5406B1294"
Last-Modified: Sat, 15 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10066
Expires: Sun, 16 Oct 2022 22:57:44 GMT
Date: Sun, 16 Oct 2022 20:09:58 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: x4LC15RGJFEElXZiObrgKf5QCoZi3RCGigOKJs4+3D4kSF+iyAPgQNif4WH2Ydecud4/NLM8754=
x-amz-request-id: MYJF7S1ZZKBVMJE0
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 16 Oct 2022 19:35:10 GMT
age: 2088
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 16 Oct 2022 20:09:58 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

www13.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=26006973&pci=7137021235&t=1665950951&dest=https://www.file-upload.net/download-15000101/Mitsubishi_Lancer_EVO_X_Hycade_Bodykit_Toldi.7z.html

104.21.92.39

200 OK

28 kB

URL HTTP/1.1
www13.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=26006973&pci=7137021235&t=1665950951&dest=https://www.file-upload.net/download-15000101/Mitsubishi_Lancer_EVO_X_Hycade_Bodykit_Toldi.7z.html
IP
104.21.92.39:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (62619)
Size
28 kB (28534 bytes)
Hash
179476c88698da8c0cf9697ff74b1787
bcc0a6e496afee686437f89e184f814a9074e034
e00782fe7dafd79774643bdf200b7ef11aa297c6f3b3c1f2977fa81609d7341c

HTTP Headers

GET /pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=26006973&pci=7137021235&t=1665950951&dest=https://www.file-upload.net/download-15000101/Mitsubishi_Lancer_EVO_X_Hycade_Bodykit_Toldi.7z.html HTTP/1.1
Host: www13.davisonbarker.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sun, 16 Oct 2022 20:09:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/7.3.27
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
set-cookie: lastUrlPushTmp=www13.davisonbarker.pro
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WMSEVLStXZaddW1BJF%2FpvteteAVqu59a1O8nfUX6sJJZDLCwj4SUD48eQieeXBRIIKcRPVzAfv2pZipTJWJv7mSP8y2uqF9siVMxi4L6PMlck%2B2jQDitAwTx8z%2BVRqV4sqpCkZt2iFRoMA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75b36f68deb81bfe-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.sca1b.amazontrust.com/

54.230.245.100

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.100:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
f0413efff3fc4435819eea0892565002
68f2cbf9d99cbc2f3500c911fe2906ea03a6d72f
f5ebdb13ab4ad27844b4ad00d4bb79c9238bd02937bdab5dc83d0802d956895f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=150459
Date: Sun, 16 Oct 2022 20:09:58 GMT
Etag: "634bf982-1d7"
Expires: Tue, 18 Oct 2022 13:57:37 GMT
Last-Modified: Sun, 16 Oct 2022 12:30:58 GMT
Server: ECS (bsa/EB12)
X-Cache: Miss from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: gugAQH9b8mQCWm-I2rJqVZxh97W3HbxcByY_ESu71vHSpwomEwyrBA==
Age: 5199

dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473

54.230.245.26

200 OK

50 kB

URL HTTP/1.1
dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
IP
54.230.245.26:0
ASN
#16509 AMAZON-02

File type
Unicode text, UTF-8 text, with very long lines (15952)
Size
50 kB (49676 bytes)
Hash
9e6b1b04c02ddcfe7ab85a842fda69da
38a44be5c9995d33ec8fb244dfefb37f652b001d
876bcab017a09b120da7ce7442b1b45dfda159c0421fc638197f85f049e35f44

HTTP Headers

GET /?gfkcd=824473 HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/

HTTP/1.1 200 OK
Content-Length: 49676
Connection: keep-alive
Date: Sun, 16 Oct 2022 20:09:58 GMT
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 958ZOJwLCv5SzFcNvOTalHZQqQagKzH6c_62f38XsazLKh9E-lJysQ==

simplewebanalysis.com/stats

52.29.95.124

200 OK

40 B

URL HTTP/2
simplewebanalysis.com/stats
IP
52.29.95.124:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
b62b666786a62d4e213729743a646c83
32fac75ff742f6d760f6738114afb90ba1b20810
dc1a7fed713f0a4624c74bc8ddff5bf0b5fd5c42fffd39460c40aba45434ff09

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www13.davisonbarker.pro
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 16 Oct 2022 20:09:58 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://www13.davisonbarker.pro
access-control-allow-credentials: true
set-cookie: uid_id2=14864c40-22c8-437b-ba46-b8944ecb7515:1:1; expires=Wed, 13 Oct 2032 20:09:58 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

www13.davisonbarker.pro/static/image/logo.png

104.21.92.39

200 OK

11 kB

URL HTTP/1.1
www13.davisonbarker.pro/static/image/logo.png
IP
104.21.92.39:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 185 x 90, 8-bit/color RGBA, non-interlaced\012- data
Size
11 kB (10726 bytes)
Hash
f819716ccd5a0e06aecdb273cfb4ccbe
f60bad9a95299264085d01c9705b03c768a71da8
196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a

HTTP Headers

GET /static/image/logo.png HTTP/1.1
Host: www13.davisonbarker.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=26006973&pci=7137021235&t=1665950951&dest=https://www.file-upload.net/download-15000101/Mitsubishi_Lancer_EVO_X_Hycade_Bodykit_Toldi.7z.html

HTTP/1.1 200 OK
Date: Sun, 16 Oct 2022 20:09:58 GMT
Content-Type: image/png
Content-Length: 10726
Connection: keep-alive
cache-control: public, max-age=604800
expires: Sun, 23 Oct 2022 20:09:58 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "29e6-5faa60e6-b22ed065d915c717;;;"
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HpdjiUNG6M%2BHKCtyKmetQbU%2BVSmB0F%2BlxLm473Ftmc6MKistHAYYv7d4WBPNPB6iI5b0VeLTefRAv4fkoiZb1eAN9TvHovF8D%2FxGpn%2F0XYfqepzrfXZofuzEfxwywaK%2FP%2BC9jd%2B37lOLBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75b36f6b8a041bfe-OSL
alt-svc: h2=":443"; ma=60

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 16 Oct 2022 20:07:43 GMT
Expires: Sun, 16 Oct 2022 20:43:40 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 2t4sweMlhSkaGO-OLMQkbvGumDMdr2rmLdkwWOhghZ58VWm6mA3VnQ==
Age: 135

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
f611de559333fa15533c52ffc7aeda37
ac9f4fe8673c1511766befe0fa35803e34419582
f5e652821af51974a59045c138336c3b667af78d107e1784d6182f0274f0dc20

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F5E652821AF51974A59045C138336C3B667AF78D107E1784D6182F0274F0DC20"
Last-Modified: Sat, 15 Oct 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16108
Expires: Mon, 17 Oct 2022 00:38:26 GMT
Date: Sun, 16 Oct 2022 20:09:58 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
f611de559333fa15533c52ffc7aeda37
ac9f4fe8673c1511766befe0fa35803e34419582
f5e652821af51974a59045c138336c3b667af78d107e1784d6182f0274f0dc20

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F5E652821AF51974A59045C138336C3B667AF78D107E1784D6182F0274F0DC20"
Last-Modified: Sat, 15 Oct 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16108
Expires: Mon, 17 Oct 2022 00:38:26 GMT
Date: Sun, 16 Oct 2022 20:09:58 GMT
Connection: keep-alive

eautifuleed.xyz/WFFxWlg5MxI3ZzlsE3wtKj1Mf2oedEMcPDtkGmI+P2QYNTtgIl85NDckFTwqNz8FdDY9JVRoHg0yNm4iDWNJDhkOYUAPGQkZJ2htAAAdNRACFwkNGh0QSRsJGgUpIxI8EBtrbh4mRQ8QagQrHTIsMzcJOw4XNxccPAA8CBkeAwQJCg0QJB1tPQcWYwAVBzsfCx0yGxsaLAUjMGgUFyAyOQgAHg8LHQgIDzBoEyIONxwZMGIPAQIdHAkZH0MCDRoWImgSPQcnayA8PUAbGTQ+SB0/MB0wDRUAAjcyKwIHBQwAABdDAg0ZMiMCAjscJzkePgdIAAsvfDcwGxoEPw0cIBogMz8aCEBvGQA2OzAANAcSGyINFjA9LA4BMz4OABknKw8OZBQcCwICIAt+MiIeNChlPQBoKgsYNTs8KQc7LxNt

108.157.229.11

200 OK

1.2 kB

URL HTTP/1.1
eautifuleed.xyz/WFFxWlg5MxI3ZzlsE3wtKj1Mf2oedEMcPDtkGmI+P2QYNTtgIl85NDckFTwqNz8FdDY9JVRoHg0yNm4iDWNJDhkOYUAPGQkZJ2htAAAdNRACFwkNGh0QSRsJGgUpIxI8EBtrbh4mRQ8QagQrHTIsMzcJOw4XNxccPAA8CBkeAwQJCg0QJB1tPQcWYwAVBzsfCx0yGxsaLAUjMGgUFyAyOQgAHg8LHQgIDzBoEyIONxwZMGIPAQIdHAkZH0MCDRoWImgSPQcnayA8PUAbGTQ+SB0/MB0wDRUAAjcyKwIHBQwAABdDAg0ZMiMCAjscJzkePgdIAAsvfDcwGxoEPw0cIBogMz8aCEBvGQA2OzAANAcSGyINFjA9LA4BMz4OABknKw8OZBQcCwICIAt+MiIeNChlPQBoKgsYNTs8KQc7LxNt
IP
108.157.229.11:0
ASN
#0

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3023), with no line terminators
Size
1.2 kB (1176 bytes)
Hash
9418080d0a2ccc06ac870ba456ecdd79
6a6a14edf15f154a32ea555c1803331e9964a7bb
3ec5c7bb4155bbdd91a5ee8de50bed11b36bc584bf59ad5ba7b8ee1db66c5436

HTTP Headers

GET /WFFxWlg5MxI3ZzlsE3wtKj1Mf2oedEMcPDtkGmI+P2QYNTtgIl85NDckFTwqNz8FdDY9JVRoHg0yNm4iDWNJDhkOYUAPGQkZJ2htAAAdNRACFwkNGh0QSRsJGgUpIxI8EBtrbh4mRQ8QagQrHTIsMzcJOw4XNxccPAA8CBkeAwQJCg0QJB1tPQcWYwAVBzsfCx0yGxsaLAUjMGgUFyAyOQgAHg8LHQgIDzBoEyIONxwZMGIPAQIdHAkZH0MCDRoWImgSPQcnayA8PUAbGTQ+SB0/MB0wDRUAAjcyKwIHBQwAABdDAg0ZMiMCAjscJzkePgdIAAsvfDcwGxoEPw0cIBogMz8aCEBvGQA2OzAANAcSGyINFjA9LA4BMz4OABknKw8OZBQcCwICIAt+MiIeNChlPQBoKgsYNTs8KQc7LxNt HTTP/1.1
Host: eautifuleed.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1176
Connection: keep-alive
Date: Sun, 16 Oct 2022 20:09:58 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 3130c9b603e4215bb05d32cd39e3843c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P2
X-Amz-Cf-Id: fWr5xPh1oAp0VMINsi_8uagN_xx28eUiMJZhhpaoIveFWTN96osSXg==

dsoodbye.xyz/M2l2cXUcVhUCSFAuMAEhZyc+JERLXjVBI2k+Lkk9YVgeFxNiOFAFHFdUTkNBB15FVwVaDUtCRxUaAhABRhpLQFNaBxAeSBUfS0FbC0dHQVsDTwNMRBUdBhASDlhQAQFHBUtAQwVcT0REA1lEQkAG

104.21.16.22

204 No Content

0 B

URL HTTP/2
dsoodbye.xyz/M2l2cXUcVhUCSFAuMAEhZyc+JERLXjVBI2k+Lkk9YVgeFxNiOFAFHFdUTkNBB15FVwVaDUtCRxUaAhABRhpLQFNaBxAeSBUfS0FbC0dHQVsDTwNMRBUdBhASDlhQAQFHBUtAQwVcT0REA1lEQkAG
IP
104.21.16.22:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /M2l2cXUcVhUCSFAuMAEhZyc+JERLXjVBI2k+Lkk9YVgeFxNiOFAFHFdUTkNBB15FVwVaDUtCRxUaAhABRhpLQFNaBxAeSBUfS0FbC0dHQVsDTwNMRBUdBhASDlhQAQFHBUtAQwVcT0REA1lEQkAG HTTP/1.1
Host: dsoodbye.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Sun, 16 Oct 2022 20:09:58 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ieRWRt74LUFW3uxegqk28HIbmrKjooOhajYEr5Ioejjco3x2Ri%2Fj00nypNC1XQuomlSEhY%2FgLCxSr5mUJG7%2F1cDo5YgfXcOF2FlkejM8PFZ2MrwcJkBdkb2xOCxcOw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75b36f6dcf121c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

dsoodbye.xyz/Skg5TWdld1o+Wh4yY309ewoNDyIMGlgFCAUafxsMLwkADjF4Kx85Di51AX9Tfn8KaxcjLAR+VWw7TSwTPzsEf1d6fx8kCSwnBH9BPHUJY19keQljV2w9BHxBPjhYKlp7bkk5EyZ1CHtRf3EMfFd6egp7Vw

104.21.16.22

204 No Content

0 B

URL HTTP/2
dsoodbye.xyz/Skg5TWdld1o+Wh4yY309ewoNDyIMGlgFCAUafxsMLwkADjF4Kx85Di51AX9Tfn8KaxcjLAR+VWw7TSwTPzsEf1d6fx8kCSwnBH9BPHUJY19keQljV2w9BHxBPjhYKlp7bkk5EyZ1CHtRf3EMfFd6egp7Vw
IP
104.21.16.22:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /Skg5TWdld1o+Wh4yY309ewoNDyIMGlgFCAUafxsMLwkADjF4Kx85Di51AX9Tfn8KaxcjLAR+VWw7TSwTPzsEf1d6fx8kCSwnBH9BPHUJY19keQljV2w9BHxBPjhYKlp7bkk5EyZ1CHtRf3EMfFd6egp7Vw HTTP/1.1
Host: dsoodbye.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Sun, 16 Oct 2022 20:09:58 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=otAdplcBhhZvo6FgdKmFVBm6DM%2FjdQ6NPIxkPO54NrpTDVbtchUSbg4bLPj4jeT2EeZRDcFf7qOltCXz%2BUe8TXfXq4ISKjtSHUIIgz%2BZNfeA3Z644IPHWznKpTgpl9w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75b36f6dbf0f1c06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
f611de559333fa15533c52ffc7aeda37
ac9f4fe8673c1511766befe0fa35803e34419582
f5e652821af51974a59045c138336c3b667af78d107e1784d6182f0274f0dc20

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "F5E652821AF51974A59045C138336C3B667AF78D107E1784D6182F0274F0DC20"
Last-Modified: Sat, 15 Oct 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16108
Expires: Mon, 17 Oct 2022 00:38:26 GMT
Date: Sun, 16 Oct 2022 20:09:58 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
cfc92c8f6ee7599505d969732542ac42
7f4804d49c8ccd76ccffa6b72d41b1df611eb090
406c057a8392b9fa0ab09efa8b3222a58ec5fc17fa73f55a1f093e3d1092b0e4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6569
Cache-Control: max-age=135978
Content-Type: application/ocsp-response
Date: Sun, 16 Oct 2022 20:09:58 GMT
Etag: "634bbb97-1d7"
Expires: Tue, 18 Oct 2022 09:56:16 GMT
Last-Modified: Sun, 16 Oct 2022 08:06:47 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

breedingdaringconcussion.com/aa/24/05/aa240591af5d8573573bb87d25c7ab12.json

192.243.59.20

200 OK

409 B

URL HTTP/1.1
breedingdaringconcussion.com/aa/24/05/aa240591af5d8573573bb87d25c7ab12.json
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
JSON data\012- , ASCII text, with very long lines (409), with no line terminators
Size
409 B (409 bytes)
Hash
a47854e61a7a0f004df676c43b1211b6
582cd146844285922d6be63ccc81be57ce6ace1e
4cefe3d8d4f30376cc75677566601cded75ebbdae45f2ddadddbd9b7294ed246

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /aa/24/05/aa240591af5d8573573bb87d25c7ab12.json HTTP/1.1
Host: breedingdaringconcussion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://www13.davisonbarker.pro
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/

HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 16 Oct 2022 20:09:58 GMT
Content-Type: application/json
Content-Length: 409
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 485dd9f86fd0e39a2a923f51db1e844e
Strict-Transport-Security: max-age=0; includeSubdomains

dc5k8fg5ioc8s.cloudfront.net/UcG4zU28TAV01UAQHV25XQloHZFxWBEA8AQBTXyJdAj16Fw4UH2UZGjtbFScVFFMDdQMRAFRuSRUAUG5eVg9XMVJESEcjABtTRj0LFQhaPQoUSEYyUh0BSToDHA8WYSlFQAN2XUBGS2JeVV1xdl1AAlo9GghLAWMXSFhsZVtVXXF2XUAcRXZcMVcFfV9ZSw-FjCBUNWDxKQigBY15AXgJjXlVcAzUGAgtVPBdVXHVqWV5eFSZSQQ

54.230.245.26

200 OK

334 B

URL HTTP/1.1
dc5k8fg5ioc8s.cloudfront.net/UcG4zU28TAV01UAQHV25XQloHZFxWBEA8AQBTXyJdAj16Fw4UH2UZGjtbFScVFFMDdQMRAFRuSRUAUG5eVg9XMVJESEcjABtTRj0LFQhaPQoUSEYyUh0BSToDHA8WYSlFQAN2XUBGS2JeVV1xdl1AAlo9GghLAWMXSFhsZVtVXXF2XUAcRXZcMVcFfV9ZSw-FjCBUNWDxKQigBY15AXgJjXlVcAzUGAgtVPBdVXHVqWV5eFSZSQQ
IP
54.230.245.26:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (423), with no line terminators
Size
334 B (334 bytes)
Hash
3f849ee48b5aa9b0a44dead4fbaeb785
628f504291da0c0c7ee4a7d129a8d3a154e3b5f1
06e3056312fad624f1e59a35cc451e368f192bd4f018eaf94cdb463d60d5084b

HTTP Headers

GET /UcG4zU28TAV01UAQHV25XQloHZFxWBEA8AQBTXyJdAj16Fw4UH2UZGjtbFScVFFMDdQMRAFRuSRUAUG5eVg9XMVJESEcjABtTRj0LFQhaPQoUSEYyUh0BSToDHA8WYSlFQAN2XUBGS2JeVV1xdl1AAlo9GghLAWMXSFhsZVtVXXF2XUAcRXZcMVcFfV9ZSw-FjCBUNWDxKQigBY15AXgJjXlVcAzUGAgtVPBdVXHVqWV5eFSZSQQ HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eautifuleed.xyz/

HTTP/1.1 200 OK
Content-Length: 334
Connection: keep-alive
Date: Sun, 16 Oct 2022 20:09:58 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: D9ieM_2YSqNrC_zmk48Y-QGNuf1XjdDP8CQruW1DWHNgnFLTBDxGyw==

push.services.mozilla.com/

34.214.236.46

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.214.236.46:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: sz8AiPimV3bnqK84eHyf1g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: zbZM4WK5tQ2kPA93wHYYSfBdzyo=

banquetunarmedgrater.com/advertisers.js

173.233.137.36

200 OK

0 B

URL HTTP/1.1
banquetunarmedgrater.com/advertisers.js
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 16 Oct 2022 20:09:59 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b9b0a60cb3394c9b34f0d71b70a0b5e9
Strict-Transport-Security: max-age=0; includeSubdomains

dsoodbye.xyz/popunder.gif

104.21.16.22

200 OK

58 B

URL HTTP/1.1
dsoodbye.xyz/popunder.gif
IP
104.21.16.22:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 1 x 1\012- data
Size
58 B (58 bytes)
Hash
79c15b369d32d2f0f17c116f541b6df3
3039289d4d1f5bc7385a81621deb2614423b769b
e3a3c6b90f511e80a77636fdd4c6047336d4ed5b2c86adf74318a08142649e08

HTTP Headers

GET /popunder.gif HTTP/1.1
Host: dsoodbye.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/

HTTP/1.1 200 OK
Date: Sun, 16 Oct 2022 20:09:59 GMT
Content-Type: image/gif
Content-Length: 58
Connection: keep-alive
access-control-allow-origin: *
Pragma: public
cache-control: public, max-age=604800, immutable
content-encoding: gzip
CF-Cache-Status: HIT
Age: 178270
Last-Modified: Fri, 14 Oct 2022 18:38:49 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ep3WeWVahvMqRze8a89J3nIk0%2FOb%2Fl8E3TFp2CSYA8rCyfZ%2FN3oZrpZj1V4c9x5rvc%2Bb%2FWZWli%2FjsA2LpYOzNEUyBP26QB%2BMIlSH2utzgtlVwaAFQ7y6J4Nuzr%2FImvc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75b36f718e13b4f1-OSL
alt-svc: h2=":443"; ma=60

addresseepaper.com/sfp.js

104.21.235.2

200 OK

28 kB

URL HTTP/1.1
addresseepaper.com/sfp.js
IP
104.21.235.2:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27574 bytes)
Hash
b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14

HTTP Headers

GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/

HTTP/1.1 200 OK
Date: Sun, 16 Oct 2022 20:09:59 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 83cbeadd43908848f75f86aaf6112509
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sun, 16 Oct 2022 20:09:58 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sdtZbYcnU7nUphJxgGpGQEB%2FTK0Q9rkyOGw7oCyAJTlN06rPT%2BSqkDMgViPEm6e39%2FTD3zvrdfkaWVLRWC5A5szojMF78dfa%2BhDjlAesrNjE81usjaHG%2BAcOjWmT3t27nNIrV3o%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75b36f6fcb5c8865-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

reasonablelandmark.com/bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js

192.243.59.12

200 OK

13 kB

URL HTTP/1.1
reasonablelandmark.com/bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with very long lines (37120), with no line terminators
Size
13 kB (13402 bytes)
Hash
77324a5bbc939dfbd67656e89622e047
82a53450f3944ee599a5ffa0fb594c4079871a32
9d1342430df61d54da506943fa173ef55d2a8cb76c9db287ca358941a0f561f9

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js HTTP/1.1
Host: reasonablelandmark.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 16 Oct 2022 20:09:59 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0047881188134260775ef7d503fa8192
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
d2e85ca944ca4959c3a7fefed9e62409
adb02a689b93e29bc250ccd89a798b4c905f8677
7ebde8e537b6cb68b9a900ffc7beb1d2dd9be7c3fb8efec00e4f66c852399562

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7EBDE8E537B6CB68B9A900FFC7BEB1D2DD9BE7C3FB8EFEC00E4F66C852399562"
Last-Modified: Sat, 15 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4592
Expires: Sun, 16 Oct 2022 21:26:31 GMT
Date: Sun, 16 Oct 2022 20:09:59 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
d2e85ca944ca4959c3a7fefed9e62409
adb02a689b93e29bc250ccd89a798b4c905f8677
7ebde8e537b6cb68b9a900ffc7beb1d2dd9be7c3fb8efec00e4f66c852399562

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7EBDE8E537B6CB68B9A900FFC7BEB1D2DD9BE7C3FB8EFEC00E4F66C852399562"
Last-Modified: Sat, 15 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4592
Expires: Sun, 16 Oct 2022 21:26:31 GMT
Date: Sun, 16 Oct 2022 20:09:59 GMT
Connection: keep-alive

dismantlepenantiterrorist.com/pxf.gif?uuid=14864c40-22c8-437b-ba46-b8944ecb7515&eb=f7f733e10dbfb66931f79b4d6cd2ec08&te=3a754cebd09bb2f7570f96954fbfd43e&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.29&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20

192.243.61.227

200 OK

1 B

URL HTTP/1.1
dismantlepenantiterrorist.com/pxf.gif?uuid=14864c40-22c8-437b-ba46-b8944ecb7515&eb=f7f733e10dbfb66931f79b4d6cd2ec08&te=3a754cebd09bb2f7570f96954fbfd43e&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.29&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=14864c40-22c8-437b-ba46-b8944ecb7515&eb=f7f733e10dbfb66931f79b4d6cd2ec08&te=3a754cebd09bb2f7570f96954fbfd43e&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.29&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20 HTTP/1.1
Host: dismantlepenantiterrorist.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 20:09:59 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 037943099154cc77c594420a158e8376
Strict-Transport-Security: max-age=0; includeSubdomains

eautifuleed.xyz/utx?cb=5V2RcKFPANGY&top=www13.davisonbarker.pro&tid=824473

108.157.229.11

204 No Content

0 B

URL HTTP/2
eautifuleed.xyz/utx?cb=5V2RcKFPANGY&top=www13.davisonbarker.pro&tid=824473
IP
108.157.229.11:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=5V2RcKFPANGY&top=www13.davisonbarker.pro&tid=824473 HTTP/1.1
Host: eautifuleed.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www13.davisonbarker.pro
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Sun, 16 Oct 2022 20:09:59 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www13.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 16 Oct 2022 20:10:59 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 fedd444eadd43dacc7e53f24b46bddf8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: KuVl0xa5t-G82Fn_38y9q1GgJ9kmeZC9Ef8OA-vO0CX0vgTOIA5TWg==
X-Firefox-Spdy: h2

creepingbrings.com/sfp.js

104.21.234.232

200 OK

28 kB

URL HTTP/1.1
creepingbrings.com/sfp.js
IP
104.21.234.232:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27574 bytes)
Hash
b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14

HTTP Headers

GET /sfp.js HTTP/1.1
Host: creepingbrings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/

HTTP/1.1 200 OK
Date: Sun, 16 Oct 2022 20:09:59 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: cc0a8a4aa2a9c2a3691a3177f37981ae
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sun, 16 Oct 2022 20:09:59 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ga4Cl%2BirbSEX6X%2FxMznMN94Ga80t2gVB8I6M74uouZVpVNfJI6a7ib2MFbPATcI2DMsF8w9tEabgiemQ1mMwqcs3QWQr5jerzvUl%2BM5prLjJAttN2a9romGaLAX17PmVbHsPSNY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75b36f73aea87767-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
d2e85ca944ca4959c3a7fefed9e62409
adb02a689b93e29bc250ccd89a798b4c905f8677
7ebde8e537b6cb68b9a900ffc7beb1d2dd9be7c3fb8efec00e4f66c852399562

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7EBDE8E537B6CB68B9A900FFC7BEB1D2DD9BE7C3FB8EFEC00E4F66C852399562"
Last-Modified: Sat, 15 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4592
Expires: Sun, 16 Oct 2022 21:26:31 GMT
Date: Sun, 16 Oct 2022 20:09:59 GMT
Connection: keep-alive

eautifuleed.xyz/floater?cs=c1VXYjVEZ2JUDUZtZ1ABRGxhUgI&abt=0&red=1&sm=83&k=&v=0.8.10.0&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=http%3A%2F%2Fwww13.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D26006973%26pci%3D7137021235%26t%3D1665950951%26dest%3Dhttps%3A%2F%2Fwww.file-upload.net%2Fdownload-15000101%2FMitsubishi_Lancer_EVO_X_Hycade_Bodykit_Toldi.7z.html&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td5_oi1_&_aw9r=1665951003074&crc=1

108.157.229.11

200 OK

1.1 kB

URL HTTP/2
eautifuleed.xyz/floater?cs=c1VXYjVEZ2JUDUZtZ1ABRGxhUgI&abt=0&red=1&sm=83&k=&v=0.8.10.0&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=http%3A%2F%2Fwww13.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D26006973%26pci%3D7137021235%26t%3D1665950951%26dest%3Dhttps%3A%2F%2Fwww.file-upload.net%2Fdownload-15000101%2FMitsubishi_Lancer_EVO_X_Hycade_Bodykit_Toldi.7z.html&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td5_oi1_&_aw9r=1665951003074&crc=1
IP
108.157.229.11:0
ASN
#0

File type
ASCII text, with very long lines (1811), with no line terminators
Size
1.1 kB (1147 bytes)
Hash
07fda8416559e7175430b77329add39a
6a349fb23c618581876a3f54c037c78ecd1bd442
5a6fbb5a856d7fa33f758206509f7024a0e0aefc7e16f9fb248a886b25cf3e7f

HTTP Headers

GET /floater?cs=c1VXYjVEZ2JUDUZtZ1ABRGxhUgI&abt=0&red=1&sm=83&k=&v=0.8.10.0&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=http%3A%2F%2Fwww13.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D26006973%26pci%3D7137021235%26t%3D1665950951%26dest%3Dhttps%3A%2F%2Fwww.file-upload.net%2Fdownload-15000101%2FMitsubishi_Lancer_EVO_X_Hycade_Bodykit_Toldi.7z.html&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A96.0)%20gecko%2F20100101%20firefox%2F96.0&tzd=0&uloc=&if=0&aa=td5_oi1_&_aw9r=1665951003074&crc=1 HTTP/1.1
Host: eautifuleed.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www13.davisonbarker.pro
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/plain
content-length: 1147
date: Sun, 16 Oct 2022 20:09:59 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www13.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=d90e8753-4216-4448-9549-7dd461020ff8
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 fedd444eadd43dacc7e53f24b46bddf8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: BwUteT1wC2lxScSWyrGsEfyworkaqJb73gH0GVE9AXRZGIE8Nmr4Lg==
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
467c98217b3c90dedabafc249207b8eb
8a0756b2c6003aaaba58cc75be784e8e283feb45
82b3ac154fd4347d2a7827d48ff7f0ccc8c0abe562cb6796a52b02e7cc9b6467

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "82B3AC154FD4347D2A7827D48FF7F0CCC8C0ABE562CB6796A52B02E7CC9B6467"
Last-Modified: Sat, 15 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9014
Expires: Sun, 16 Oct 2022 22:40:14 GMT
Date: Sun, 16 Oct 2022 20:10:00 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc72044c0-fdd0-4da5-aa61-159d966f040f.jpeg

34.120.237.76

200 OK

7.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc72044c0-fdd0-4da5-aa61-159d966f040f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.1 kB (7075 bytes)
Hash
3e86d948bf8ed2f5918f8323b043ad5f
41548e231e2358d3453e7630f0d07a645cc25ddc
6602f2a020618234d34a9b6cd107398f0405de6dd14227e265aca84b38eaa5cc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc72044c0-fdd0-4da5-aa61-159d966f040f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7075
x-amzn-requestid: 254a8860-b3bf-4e8d-a08d-31effa209a6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEL5iGQqIAMFmkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b26a3-1a2820f550f35bf830444c22;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:31:15 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: noeZThjNw_knj4oZ39f_xFQl_eFhT_iJ5ki1eaCv873z5WThwd7gXA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:39:58 GMT
age: 81002
etag: "41548e231e2358d3453e7630f0d07a645cc25ddc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=14864c40-22c8-437b-ba46-b8944ecb7515&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.29&b_frame=0&pk=bff29f0d3318d4c4b9a844119e218228&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20

192.243.61.227

200 OK

1 B

URL HTTP/1.1
unseenreport.com/pxf.gif?uuid=14864c40-22c8-437b-ba46-b8944ecb7515&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.29&b_frame=0&pk=bff29f0d3318d4c4b9a844119e218228&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=14864c40-22c8-437b-ba46-b8944ecb7515&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.29&b_frame=0&pk=bff29f0d3318d4c4b9a844119e218228&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=20 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 16 Oct 2022 20:10:00 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 96bdc9fb366ded1797e38d8c8b350af4
Strict-Transport-Security: max-age=0; includeSubdomains

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a5488a3-4a1c-4773-99f6-81e18bcdccd2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (15855 bytes)
Hash
319cbf11bba3f159e5c9f606deded924
13f29acb7a694030fc2de0b42c0d95c4be49deb7
09aa7d94e4829f4daf33d5e2aed077afcc59628839c5d6e877172e8455879062

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a5488a3-4a1c-4773-99f6-81e18bcdccd2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 15855
x-amzn-requestid: c8171eaf-67b4-4179-9e69-36fe00ef3bfe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZhQU8HmcIAMFw0w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633d2db9-2985178a31d0e8c430323a26;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 07:09:45 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Zo6PXcoqkbRgpug8ZDp-0Q9RtLAwpAOlASdtGT4KHy6Q9q-4HgLqfw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sun, 16 Oct 2022 05:08:57 GMT
age: 54063
etag: "13f29acb7a694030fc2de0b42c0d95c4be49deb7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4cebbc75-2448-4faf-839b-c39ac6e47b98.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.3 kB (7337 bytes)
Hash
6432c2bf0bab32f918d931dd98a6e1e4
bba4f37b146e5aea2b6490f8f7da63fa61ffc849
bde0d98cb1dcd70f22cd2aee5860eb0cd824d1bb12ab18245ab8eed06a79cf1d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4cebbc75-2448-4faf-839b-c39ac6e47b98.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7337
x-amzn-requestid: 43a16c4d-c5b9-4d01-8ba4-e811b09e96b1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Z-WYqEwVoAMFe5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6348d104-121eda8b7a73518849342e7a;Sampled=0
x-amzn-remapped-date: Fri, 14 Oct 2022 03:01:24 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: z8x5zYoU_lGHWGt8ZhQFB6G9gS1Q4YhG_AxOdLCqIpZkXp_-f45ExA==
via: 1.1 25b9a991f871f75614e7f92f97b136a4.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sun, 16 Oct 2022 05:16:13 GMT
age: 53627
etag: "bba4f37b146e5aea2b6490f8f7da63fa61ffc849"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbdbc5b51-a9c2-4f99-ad40-8ab061924326.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.1 kB (7082 bytes)
Hash
cd94762992136ed2f4d24dd34a745154
2050cee63f8005c5d9ac1a817730ada51b323f34
4548836d8846da958f477e1df952f6da9b9640e204804a7c76194d3e061b90a4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbdbc5b51-a9c2-4f99-ad40-8ab061924326.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7082
x-amzn-requestid: 5e98988f-faad-4e52-a49f-28d5a77b15d4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aEL46HFloAMFSag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b269f-6759e36c79241479181c1d05;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:31:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: u2l4A1Vt7WLHe9NdaSFyBhwnBo9XfI3n5bXqpv8MGUXl7YaywUknJQ==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:37:09 GMT
age: 81171
etag: "2050cee63f8005c5d9ac1a817730ada51b323f34"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

pogothere.xyz/asd100.bin

172.64.198.35

200 OK

109 kB

URL HTTP/2
pogothere.xyz/asd100.bin
IP
172.64.198.35:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
109 kB (108767 bytes)
Hash
b3673d9d7a7a4a8262a80ce8655e5dc6
2c03c93fc9ff5ba004f25eb95f1f5ca25b33bfb5
2c27e25ebdfc5b393b4b9087e056892e1df7996c80b79e90f7a207eb46262e5e

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www13.davisonbarker.pro/
Origin: http://www13.davisonbarker.pro
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 16 Oct 2022 20:09:59 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://www13.davisonbarker.pro
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Sun, 16 Oct 2022 20:09:59 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GvRsmdNvBqDgXxqPw4coKjrBq%2FnsnESqebjsEeUNyQuCGzEtQH3gxP%2B5a1vu5b1j0BTAsMm91cokHmEpVt75OWj2I8AQ9UxrXc5hnt31%2BX0fNr%2FO3gR6ByLdKyKWB0wH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75b36f73cc0d71cf-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb25d7cce-c352-4b25-a8c5-aa8493d99e4c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.3 kB (9260 bytes)
Hash
e20daa74ab04b1b9859672acfc070f7e
d291947f161c928e6c6682a05835478b5f0cffc5
ebbe051930f46dd25de2a4c5795f3bdddf1513c0657cdc986c48f3dfdc90f575

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb25d7cce-c352-4b25-a8c5-aa8493d99e4c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9260
x-amzn-requestid: dfd8deb0-fc73-4321-b024-330b2a3d1759
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aENyFH9RoAMF24w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634b29a6-0aaf75c43b51d5775bc48a95;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 21:44:06 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 61ygCro-e2iz9SdywbShi7CWHcWLovGr7Ob2wWno2E2bpRWujT_OOA==
via: 1.1 ef6538ee7be7b17c84d06edb0f4c0a1a.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Sat, 15 Oct 2022 21:53:51 GMT
age: 80169
etag: "d291947f161c928e6c6682a05835478b5f0cffc5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.100

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.100:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
9b6753c35f65fa4e0b4add30d5802c71
f0e5aacb63a6d2b06c862ee186bb2ca86542d46f
2359031e66c13feff887ace8308d04acbc0bffb2e2e514a6a20a412e9002984b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=145534
Date: Sun, 16 Oct 2022 20:10:02 GMT
Etag: "634bf825-1d7"
Expires: Tue, 18 Oct 2022 12:35:36 GMT
Last-Modified: Sun, 16 Oct 2022 12:25:09 GMT
Server: ECS (nyb/1D32)
X-Cache: Miss from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 5vSSxj_lOuJ2FUFsCvUN3b05qetqIiENmjDXLBYOaSoYy3CZIrbbhg==
Age: 627

webpick-cdn.s3.us-west-2.amazonaws.com/getlaid.jpeg

52.218.250.17

200 OK

9.3 kB

URL HTTP/1.1
webpick-cdn.s3.us-west-2.amazonaws.com/getlaid.jpeg
IP
52.218.250.17:0
ASN
#16509 AMAZON-02

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
9.3 kB (9313 bytes)
Hash
e73bda30c82b74c32e5f03e4ed4e4bb1
e2b381468138921e418865ca53fd7b91ab8febb8
e6a18e81d67bc6cfadbe2c86c78b99c0e01644cdeafb48144663121b629ea227

HTTP Headers

GET /getlaid.jpeg HTTP/1.1
Host: webpick-cdn.s3.us-west-2.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
x-amz-id-2: DyaVmlee4u0BvJvdPc55H49m531Xq77XX/Qj0g/JJUSwDbiiLHLiEQRI0P1XvbvkmVjwtEB29i8=
x-amz-request-id: 501MNCFHPCH55K80
Date: Sun, 16 Oct 2022 20:10:03 GMT
Last-Modified: Thu, 25 Jun 2020 08:18:14 GMT
ETag: "e73bda30c82b74c32e5f03e4ed4e4bb1"
x-amz-meta-s3b-last-modified: 20200625T081632Z
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 9313

www13.davisonbarker.pro/static/image/skip_ad/en_tran.png

104.21.92.39

200 OK

5.1 kB

URL HTTP/1.1
www13.davisonbarker.pro/static/image/skip_ad/en_tran.png
IP
104.21.92.39:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 155 x 41, 8-bit/color RGBA, non-interlaced\012- data
Size
5.1 kB (5076 bytes)
Hash
a58f5ea6f1f6bb35658c351f876f1ba9
47fa621b845faf7df13e4021dcffd6f4c73c1018
ef8721967f0cca2539ee60f9cad0e8c1ef89f18a53964a4e6101033d23a4ba29

HTTP Headers

GET /static/image/skip_ad/en_tran.png HTTP/1.1
Host: www13.davisonbarker.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www13.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=26006973&pci=7137021235&t=1665950951&dest=https://www.file-upload.net/download-15000101/Mitsubishi_Lancer_EVO_X_Hycade_Bodykit_Toldi.7z.html
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=14864c40-22c8-437b-ba46-b8944ecb7515%3A1%3A1; ppu_main_aa240591af5d8573573bb87d25c7ab12=1

HTTP/1.1 200 OK
Date: Sun, 16 Oct 2022 20:10:03 GMT
Content-Type: image/png
Content-Length: 5076
Connection: keep-alive
cache-control: public, max-age=604800
expires: Sun, 23 Oct 2022 20:10:03 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "13d4-5faa60e6-eb24f435e560d3dd;;;"
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QOUtwnoJJH99wu2tJBisKbDRBmAo19jgM1lP%2Fu1dRE8nO9md1vQePwNYZbFhzOFPEUYqiwsjEgeta1mYdCJkHe3XLw6qdr0mvrXL62M0H%2BfdzhA0MU8gglc0%2BZ2u1WV%2FDNJi3bXVl0EWKg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75b36f8aba621bfe-OSL
alt-svc: h2=":443"; ma=60

pogothere.xyz/

172.64.198.35

200 OK

0 B

URL HTTP/2
pogothere.xyz/
IP
172.64.198.35:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www13.davisonbarker.pro/
Origin: http://www13.davisonbarker.pro
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 16 Oct 2022 20:09:59 GMT
content-type: text/plain
set-cookie: csu=1982835642395559@1@1665950999; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://www13.davisonbarker.pro
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uTIQuuNOAAQnL72MsBqzlXZoo1lQQtNjv6zZKdAqTm3HiavFQfMkdZ1qADJmOkQcUuz8MSjtdcGTueaTJBFN8jymJ5HrlbhVXpgWmty8knYQ6nUgrIJX%2FVE4TXjbkTJX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75b36f73dc5571cf-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (44)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size