www20.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=5062974&pci=1619079470&t=1681381818&dest=https://www.dropbox.com/s/es1mh066y6dpp3i/TheMadnessMedley.rar
104.21.92.39 2.5 kB URL www20.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=5062974&pci=1619079470&t=1681381818&dest=https://www.dropbox.com/s/es1mh066y6dpp3i/TheMadnessMedley.rar
IP 104.21.92.39:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1021)
Hash 5b87a4b47689d943c5c0ec5853e09576
ee4ad5c309e562ae27631e51b17c3cf6dee89a75
fb84f58dfeffd5c1f32b68a3fede0f563149679be344360661a5e8a7de24bd15
GET /pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=5062974&pci=1619079470&t=1681381818&dest=https://www.dropbox.com/s/es1mh066y6dpp3i/TheMadnessMedley.rar HTTP/1.1
Host: www20.davisonbarker.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 13 Apr 2023 10:31:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/7.3.27
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
set-cookie: lastUrlPushTmp=www20.davisonbarker.pro
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q1XwMi9wDuBnTguS5pPwnWf%2B%2BLgk1YcuAENHgt5qo0tQ3hHsolHPaqeOizw2sP006J4YsblPxevkEOg0DEYqzI8JzyfYxH6rpEXRX62o4KM76ZK1czy4lhv6QnXJ7kErxIuG0OvyI5DIHg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b730a0d492f0b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
54.230.245.36200 OK 52 kB URL GET HTTP/2 dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
IP 54.230.245.36:443
Requested by https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (15955)
Hash 31afdfb63196025be4ed7cc20cf68c4b
8f070892551235aa9dfece9f0d2547d095bb67ed
0e4f5d18002ef46087fca2df15cc3916c672b1d50eba9eaf22225ffccfdc12f3
GET /?gfkcd=824473 HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www20.davisonbarker.pro/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 51540
Connection: keep-alive
Date: Thu, 13 Apr 2023 10:31:25 GMT
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: UDOrbBgu5VcV5e_wpo9DS6I9E2tkMAC7WDSvHLsMMduvcjzhiKPUFw==
www20.davisonbarker.pro/static/image/logo.png
104.21.92.39 11 kB URL www20.davisonbarker.pro/static/image/logo.png
IP 104.21.92.39:0
File type PNG image data, 185 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash f819716ccd5a0e06aecdb273cfb4ccbe
f60bad9a95299264085d01c9705b03c768a71da8
196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a
GET /static/image/logo.png HTTP/1.1
Host: www20.davisonbarker.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www20.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=5062974&pci=1619079470&t=1681381818&dest=https://www.dropbox.com/s/es1mh066y6dpp3i/TheMadnessMedley.rar
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 13 Apr 2023 10:31:25 GMT
Content-Type: image/png
Content-Length: 10726
Connection: keep-alive
cache-control: public, max-age=604800
expires: Thu, 20 Apr 2023 10:31:25 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "29e6-5faa60e6-b4021a56880f53fc;;;"
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ej4N17RBEEZUyYPQkHP5SrMs8JTQokBtq%2BC5bZ6iDVk9hUm6dpvaewvrCZF75s0W0eHSX05yHh%2F1d8eZrnU2M9%2FyIDWwlSOznrfGy7R97c6jvRFfsfx1lCfBRbFC5TkUeGoMARbtWRxPAw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b730a0f9d910b61-OSL
alt-svc: h2=":443"; ma=60
www20.davisonbarker.pro/am-push-cps.js?puid=5062974&clickid=5062974_8170375&allb=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar&ob=https%3A%2F%2Fwww87.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D5062974%26pci%3D1619079470%26t%3D1681381818%26dest%3Dhttps%253A%252F%252Fwww.dropbox.com%252Fs%252Fes1mh066y6dpp3i%252FTheMadnessMedley.rar&clb=https%3A%2F%2Fwww87.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D5062974%26pci%3D1619079470%26t%3D1681381818%26dest%3Dhttps%253A%252F%252Fwww.dropbox.com%252Fs%252Fes1mh066y6dpp3i%252FTheMadnessMedley.rar&asb=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
104.21.92.39 40 kB URL www20.davisonbarker.pro/am-push-cps.js?puid=5062974&clickid=5062974_8170375&allb=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar&ob=https%3A%2F%2Fwww87.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D5062974%26pci%3D1619079470%26t%3D1681381818%26dest%3Dhttps%253A%252F%252Fwww.dropbox.com%252Fs%252Fes1mh066y6dpp3i%252FTheMadnessMedley.rar&clb=https%3A%2F%2Fwww87.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D5062974%26pci%3D1619079470%26t%3D1681381818%26dest%3Dhttps%253A%252F%252Fwww.dropbox.com%252Fs%252Fes1mh066y6dpp3i%252FTheMadnessMedley.rar&asb=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
IP 104.21.92.39:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 845473a7fd284503f57855602add14fd
2974d9f2091d778fb076ebda7e908a1a029e38e5
7763be30b9a78bac4c785a49b0ee887135f9c2185689e8a31f630adfd26506ff
GET /am-push-cps.js?puid=5062974&clickid=5062974_8170375&allb=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar&ob=https%3A%2F%2Fwww87.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D5062974%26pci%3D1619079470%26t%3D1681381818%26dest%3Dhttps%253A%252F%252Fwww.dropbox.com%252Fs%252Fes1mh066y6dpp3i%252FTheMadnessMedley.rar&clb=https%3A%2F%2Fwww87.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D5062974%26pci%3D1619079470%26t%3D1681381818%26dest%3Dhttps%253A%252F%252Fwww.dropbox.com%252Fs%252Fes1mh066y6dpp3i%252FTheMadnessMedley.rar&asb=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar HTTP/1.1
Host: www20.davisonbarker.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www20.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=5062974&pci=1619079470&t=1681381818&dest=https://www.dropbox.com/s/es1mh066y6dpp3i/TheMadnessMedley.rar
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 13 Apr 2023 10:31:25 GMT
Content-Type: application/x-javascript
Content-Length: 40440
Connection: keep-alive
cache-control: public, max-age=604800
expires: Thu, 20 Apr 2023 10:29:17 GMT
last-modified: Mon, 08 Aug 2022 14:16:52 GMT
etag: "19284-62f11ad4-ba71540cd1782978;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qNfrsZchowhIJLOxKWQkFACMUi29W6SnjQJHbmyZmRmfkhOlwagpSFJ4J4OfvLR8Y%2FuqTM4ruuAxPLhMBKxfmQwlnTvYBueXRCfbE%2FEWEhDqgNUZvT3YVpPCZqFFbEFkdTzO24Q7NyITSA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b730a0f9e72b4f1-OSL
alt-svc: h2=":443"; ma=60
asgildedalloverw.com/TThFTnZiByY9SxlWBDYvGlRyHDcPYRIWTwR5dAgsKwgICCALV2M6HykFfXxCeQ92aAYkXHh9RGtLMS8COEt4fEZ9D2MnGCtXeHxQOwV1YE9jCWt7UDgFdGgCPVkic0drSDE6GnAJc3ZHfgB0d0V+CHF6
188.114.97.1 0 B URL asgildedalloverw.com/TThFTnZiByY9SxlWBDYvGlRyHDcPYRIWTwR5dAgsKwgICCALV2M6HykFfXxCeQ92aAYkXHh9RGtLMS8COEt4fEZ9D2MnGCtXeHxQOwV1YE9jCWt7UDgFdGgCPVkic0drSDE6GnAJc3ZHfgB0d0V+CHF6
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TThFTnZiByY9SxlWBDYvGlRyHDcPYRIWTwR5dAgsKwgICCALV2M6HykFfXxCeQ92aAYkXHh9RGtLMS8COEt4fEZ9D2MnGCtXeHxQOwV1YE9jCWt7UDgFdGgCPVkic0drSDE6GnAJc3ZHfgB0d0V+CHF6 HTTP/1.1
Host: asgildedalloverw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www20.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Thu, 13 Apr 2023 10:31:25 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WzvaaVYx68uL0ruhfSeMQ49%2BmtfIS9G21FsgkOD%2FAZoyX960SrFoXy22QOd45kcgqeVG221HJhbbdqIhD%2BqO8qbeFMOg4tT0%2BthkQTRG1BAJkmWjO8bT5A7ycVTEM9ozNqOyQh1eOA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b730a114c40b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
asgildedalloverw.com/TXNyTTBiTBE+DRQmRyV9FSEnKFwMOiALcn8mBQt1GDtDG3IIEFQ5WSlOSn8EeURBa0AkF09+AmsABixEOABPfBYkHRQiDWsFT30edF1DYwVrBk98FjkDEyoNfFUCOUQhTkN7CHxASnwJfkBCeQI
188.114.97.1 0 B URL asgildedalloverw.com/TXNyTTBiTBE+DRQmRyV9FSEnKFwMOiALcn8mBQt1GDtDG3IIEFQ5WSlOSn8EeURBa0AkF09+AmsABixEOABPfBYkHRQiDWsFT30edF1DYwVrBk98FjkDEyoNfFUCOUQhTkN7CHxASnwJfkBCeQI
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TXNyTTBiTBE+DRQmRyV9FSEnKFwMOiALcn8mBQt1GDtDG3IIEFQ5WSlOSn8EeURBa0AkF09+AmsABixEOABPfBYkHRQiDWsFT30edF1DYwVrBk98FjkDEyoNfFUCOUQhTkN7CHxASnwJfkBCeQI HTTP/1.1
Host: asgildedalloverw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www20.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Thu, 13 Apr 2023 10:31:25 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1O8YSz5Ys20vgA7859oFjsRVWXfHhGCzuyqMxs32i3ybu5K1RB6xiyH7Ljg3SpKo98zqMKqfYvK38Y0cdtDRZ5C2ejSsujHN%2FKTrddS209P2n%2FUt1CbAoVXXne5gfIQ2ZpJFCGHS%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b730a114c3bb4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
erdeallyighab.com/M1VIQnhSNysvR1JoKmQNQTl1Z0p1cHoEHFBgI3oeVGAhLRsLJmYhFFwgLCQKXDs8bBZWIW1wPmEPDSopUDgnCjJJYR0UKnI9BgdBYAMmOhNhAyQBMVoYLAA6YWQPEyleDQsIEnAyHXI3AAwPBzlxZBEEKXQXGxtLZ2U/ADJZGxgVSHolBgA6awAPdhNyMh0SHGAAKwYfdiAHEA9jFA92FHZkKwgySjoqAB9UJSwXOUAAHxgfZWQgFyFwPQwVSHViDS4cagMLE017F3AhGmQfCwcUS3B6ADwDBy0TIEAGHnMQZhohGCBkBh53IXYhDRQ/dWQZBBd3GRxvNWkXHQROdT4KIy5rPS8TSUMDKhUycBEJck59BxkEMHRkIQw+RwMtGk1wAQoESWoEbigLXDs4fzFFGXAoS0s6GDE
52.85.242.129 1.2 kB URL erdeallyighab.com/M1VIQnhSNysvR1JoKmQNQTl1Z0p1cHoEHFBgI3oeVGAhLRsLJmYhFFwgLCQKXDs8bBZWIW1wPmEPDSopUDgnCjJJYR0UKnI9BgdBYAMmOhNhAyQBMVoYLAA6YWQPEyleDQsIEnAyHXI3AAwPBzlxZBEEKXQXGxtLZ2U/ADJZGxgVSHolBgA6awAPdhNyMh0SHGAAKwYfdiAHEA9jFA92FHZkKwgySjoqAB9UJSwXOUAAHxgfZWQgFyFwPQwVSHViDS4cagMLE017F3AhGmQfCwcUS3B6ADwDBy0TIEAGHnMQZhohGCBkBh53IXYhDRQ/dWQZBBd3GRxvNWkXHQROdT4KIy5rPS8TSUMDKhUycBEJck59BxkEMHRkIQw+RwMtGk1wAQoESWoEbigLXDs4fzFFGXAoS0s6GDE
IP 52.85.242.129:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3014), with no line terminators
Hash 7b3b24ad59539c11c296678f2a8c2f15
1b02cda73ee6b25580aaaa1144ebfbc101536fa8
ab4f369164e07c464cc6231f370ff09a7c06c25a6660ac20aa01b0fd50ea11b4
GET /M1VIQnhSNysvR1JoKmQNQTl1Z0p1cHoEHFBgI3oeVGAhLRsLJmYhFFwgLCQKXDs8bBZWIW1wPmEPDSopUDgnCjJJYR0UKnI9BgdBYAMmOhNhAyQBMVoYLAA6YWQPEyleDQsIEnAyHXI3AAwPBzlxZBEEKXQXGxtLZ2U/ADJZGxgVSHolBgA6awAPdhNyMh0SHGAAKwYfdiAHEA9jFA92FHZkKwgySjoqAB9UJSwXOUAAHxgfZWQgFyFwPQwVSHViDS4cagMLE017F3AhGmQfCwcUS3B6ADwDBy0TIEAGHnMQZhohGCBkBh53IXYhDRQ/dWQZBBd3GRxvNWkXHQROdT4KIy5rPS8TSUMDKhUycBEJck59BxkEMHRkIQw+RwMtGk1wAQoESWoEbigLXDs4fzFFGXAoS0s6GDE HTTP/1.1
Host: erdeallyighab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www20.davisonbarker.pro/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1170
Connection: keep-alive
Date: Thu, 13 Apr 2023 10:31:25 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
X-Cache: Miss from cloudfront
Via: 1.1 844de3d616579278fb702fc6b9b5c9a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN1-C1
X-Amz-Cf-Id: cTHBXmTyH-_621II5vKK4f5SRSqf9-y59EyD1Xim2-9jr0iYqGRiGg==
ndandinter.hair/VVdLUloudTglBSAlJ3Bgdz8%2FJipveGQlLSJle3w%2BNCEiITU7NSogMTAlZSIoOngqP3clIjg6dzYnOHwwJmg7JzMxan5ibGdufGZ8NjsiMTE8M3ZnamNlcmVuCm96ZWpmYH50Ozk7KW8yISM7IX9mFm5gHHBlDSUtInkvIDUlNSQqdDY4JndoEyRuYBwwJHo%2FMmVhfStsMSc7YTNwZQ0GMjAaKjY0MCQ4Hz8xOy4rdCc2OXQ1N2ojJi4lJG5hG3BlDXdoEyA8JWJieS8zLDwkJDw4NCUgNyh7Jzk9f2cROycpPSUuNjMnMigmf2cRbmEcITo7d2kRZm5gbDsyPyU1JzxuYR5mcnlkMzokbmEeZXJ5ZCk8Iy53aRE2LzQ2LHJ5ZDlwZA9mf2dhOyIzcGQPZ2pjZXJlbnBlfSI5PHJ4FmtjZnJibWxjfGJ%2FZ2E%2Fd2kRZn1qa2ZvemprbXJ5ZD4wJD93aRE%2FPyYqJnJ5Z2kUcnlnaBNyeWdoEyA8JXQxJSQiODovZTE1OHJ5Z2gTJG5gb2cRLiFrOD97ZGwsYS8iKmY%2BbmBvZxEfOj8YNi88PyYkBjc%2BOTIyfCg0JW0xNjdqIyYuJSRuYRtwZQ13aBMgPCViYnkvMyw8JCQ8ODQlIDcoeyc5PX9nETsnKT0lLjYzJzIoJn9nEW5hHCE6O3dpEWVuYGw7Mj8lNSc8bmEeZnJ5ZDM6JG5hHmVyeWQpPCMud2kRNi80NixyeWQ5cGQPZn9nYTsiM3BkD2dqY2VyZW5wZX0iOTxyeBZrY2ZyYm1sY3xif2dhP3dpEWZ9amtmb3pqa21yeWQ%2BMCQ%2Fd2kRPz8mKiZyeWdpFHJ5Z2gTcnlnaBMgPCV0MSUkIjg6L2UxNThyeWdoEyRuYG9nES4hazg%2Fe2RsLGEvIipmPm5gb2cRHzo%2FGDYvPD8mJAY3PjkyMnwoNCVtMyk3aiMmLiUkbmEbcGUNd2gTIDwldDElJCI4Oi9lMTU4cnkUKXBlDTcpZDojYmxjLn02KiVkIndoEwMjNxc0MyU3KSYaLjY2MC5lIDsndWdwKTgxaWhreXU4Pyx3bWlmdGZ1Z3AuNDAUOz53bWlqa21lc2R4eXU4JzgKPi9jeG91fmJsZ258Znh5dTgnOAo%2BL2B4b3V%2BYmxnbnxmBW1mfGJpYmJpfng0OycweG91IyYuJSRxfXUiIDx8Pic4OzA1LXkoPTd6JGQ3KWQ6I2JsYy59NiolZCJ9Dj0yBjM%2BOzI4IRcwMyc3I3slKiB4eXUkMHhvdSMmLiUkcX11IiA8am17MyokMyY4JTA7JzwuIHQlJSR9KiAkIyA%2FMT45NzkheHQmNyVqenQ0MCM8PSg%2Banh0MzokdmJ8Jj4%2FN2c0My0%2BI3M0dmZ8JScib29lYXlrbWFxOzEzaGZ9Y2NlYHJmbWVxP29rY296YWJkb3pqfDEyOCZnPSM%2FIilwZAp3aBNyeRQtIiBlNig6Jyk9Ins0JD9%2FZxE4d2gTMjhjNz1nfWQjYzM7Imk8cnkUDj0yBjM%2BOzI4IRcwMyc3I3slKiB4eXUoPjh3bWk6LiEnOGh1eiA8JWJieS8zLDwkJDw4NCUgNyh7Jzk9dSUiODooMDMiID82I2RtLjgndmB8OzI%2FJTUnPHZhfDw4OG9qcyQiJj9oNi80NixxKG9ucyc7O2dgZ31gY2JjbSI5PGp6ZGtsZ3xrbmJnbSZnZGFzY2ltZnNjYnMzLiEuaD8%2FJiomcngTf2cRbmAcIiA8fD4nODswNS15KD03cGUNIX9nES4hazg%2Fe2RsLGEvIipmPm5gHAE%2FLh87MTkuISkYMi8%2BPyx5OTMod3tpMyk3dXFwMiEjOyFgeng8JS17Mzk9Kjc4M3w5OjpkIXUwJHo%2FMmVhfStsMSc7YTN6AyM3FzQzJTcpJhouNjYwLmUgOyd1Ng
54.162.51.18 0 B URL ndandinter.hair/VVdLUloudTglBSAlJ3Bgdz8%2FJipveGQlLSJle3w%2BNCEiITU7NSogMTAlZSIoOngqP3clIjg6dzYnOHwwJmg7JzMxan5ibGdufGZ8NjsiMTE8M3ZnamNlcmVuCm96ZWpmYH50Ozk7KW8yISM7IX9mFm5gHHBlDSUtInkvIDUlNSQqdDY4JndoEyRuYBwwJHo%2FMmVhfStsMSc7YTNwZQ0GMjAaKjY0MCQ4Hz8xOy4rdCc2OXQ1N2ojJi4lJG5hG3BlDXdoEyA8JWJieS8zLDwkJDw4NCUgNyh7Jzk9f2cROycpPSUuNjMnMigmf2cRbmEcITo7d2kRZm5gbDsyPyU1JzxuYR5mcnlkMzokbmEeZXJ5ZCk8Iy53aRE2LzQ2LHJ5ZDlwZA9mf2dhOyIzcGQPZ2pjZXJlbnBlfSI5PHJ4FmtjZnJibWxjfGJ%2FZ2E%2Fd2kRZn1qa2ZvemprbXJ5ZD4wJD93aRE%2FPyYqJnJ5Z2kUcnlnaBNyeWdoEyA8JXQxJSQiODovZTE1OHJ5Z2gTJG5gb2cRLiFrOD97ZGwsYS8iKmY%2BbmBvZxEfOj8YNi88PyYkBjc%2BOTIyfCg0JW0xNjdqIyYuJSRuYRtwZQ13aBMgPCViYnkvMyw8JCQ8ODQlIDcoeyc5PX9nETsnKT0lLjYzJzIoJn9nEW5hHCE6O3dpEWVuYGw7Mj8lNSc8bmEeZnJ5ZDM6JG5hHmVyeWQpPCMud2kRNi80NixyeWQ5cGQPZn9nYTsiM3BkD2dqY2VyZW5wZX0iOTxyeBZrY2ZyYm1sY3xif2dhP3dpEWZ9amtmb3pqa21yeWQ%2BMCQ%2Fd2kRPz8mKiZyeWdpFHJ5Z2gTcnlnaBMgPCV0MSUkIjg6L2UxNThyeWdoEyRuYG9nES4hazg%2Fe2RsLGEvIipmPm5gb2cRHzo%2FGDYvPD8mJAY3PjkyMnwoNCVtMyk3aiMmLiUkbmEbcGUNd2gTIDwldDElJCI4Oi9lMTU4cnkUKXBlDTcpZDojYmxjLn02KiVkIndoEwMjNxc0MyU3KSYaLjY2MC5lIDsndWdwKTgxaWhreXU4Pyx3bWlmdGZ1Z3AuNDAUOz53bWlqa21lc2R4eXU4JzgKPi9jeG91fmJsZ258Znh5dTgnOAo%2BL2B4b3V%2BYmxnbnxmBW1mfGJpYmJpfng0OycweG91IyYuJSRxfXUiIDx8Pic4OzA1LXkoPTd6JGQ3KWQ6I2JsYy59NiolZCJ9Dj0yBjM%2BOzI4IRcwMyc3I3slKiB4eXUkMHhvdSMmLiUkcX11IiA8am17MyokMyY4JTA7JzwuIHQlJSR9KiAkIyA%2FMT45NzkheHQmNyVqenQ0MCM8PSg%2Banh0MzokdmJ8Jj4%2FN2c0My0%2BI3M0dmZ8JScib29lYXlrbWFxOzEzaGZ9Y2NlYHJmbWVxP29rY296YWJkb3pqfDEyOCZnPSM%2FIilwZAp3aBNyeRQtIiBlNig6Jyk9Ins0JD9%2FZxE4d2gTMjhjNz1nfWQjYzM7Imk8cnkUDj0yBjM%2BOzI4IRcwMyc3I3slKiB4eXUoPjh3bWk6LiEnOGh1eiA8JWJieS8zLDwkJDw4NCUgNyh7Jzk9dSUiODooMDMiID82I2RtLjgndmB8OzI%2FJTUnPHZhfDw4OG9qcyQiJj9oNi80NixxKG9ucyc7O2dgZ31gY2JjbSI5PGp6ZGtsZ3xrbmJnbSZnZGFzY2ltZnNjYnMzLiEuaD8%2FJiomcngTf2cRbmAcIiA8fD4nODswNS15KD03cGUNIX9nES4hazg%2Fe2RsLGEvIipmPm5gHAE%2FLh87MTkuISkYMi8%2BPyx5OTMod3tpMyk3dXFwMiEjOyFgeng8JS17Mzk9Kjc4M3w5OjpkIXUwJHo%2FMmVhfStsMSc7YTN6AyM3FzQzJTcpJhouNjYwLmUgOyd1Ng
IP 54.162.51.18:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /VVdLUloudTglBSAlJ3Bgdz8%2FJipveGQlLSJle3w%2BNCEiITU7NSogMTAlZSIoOngqP3clIjg6dzYnOHwwJmg7JzMxan5ibGdufGZ8NjsiMTE8M3ZnamNlcmVuCm96ZWpmYH50Ozk7KW8yISM7IX9mFm5gHHBlDSUtInkvIDUlNSQqdDY4JndoEyRuYBwwJHo%2FMmVhfStsMSc7YTNwZQ0GMjAaKjY0MCQ4Hz8xOy4rdCc2OXQ1N2ojJi4lJG5hG3BlDXdoEyA8JWJieS8zLDwkJDw4NCUgNyh7Jzk9f2cROycpPSUuNjMnMigmf2cRbmEcITo7d2kRZm5gbDsyPyU1JzxuYR5mcnlkMzokbmEeZXJ5ZCk8Iy53aRE2LzQ2LHJ5ZDlwZA9mf2dhOyIzcGQPZ2pjZXJlbnBlfSI5PHJ4FmtjZnJibWxjfGJ%2FZ2E%2Fd2kRZn1qa2ZvemprbXJ5ZD4wJD93aRE%2FPyYqJnJ5Z2kUcnlnaBNyeWdoEyA8JXQxJSQiODovZTE1OHJ5Z2gTJG5gb2cRLiFrOD97ZGwsYS8iKmY%2BbmBvZxEfOj8YNi88PyYkBjc%2BOTIyfCg0JW0xNjdqIyYuJSRuYRtwZQ13aBMgPCViYnkvMyw8JCQ8ODQlIDcoeyc5PX9nETsnKT0lLjYzJzIoJn9nEW5hHCE6O3dpEWVuYGw7Mj8lNSc8bmEeZnJ5ZDM6JG5hHmVyeWQpPCMud2kRNi80NixyeWQ5cGQPZn9nYTsiM3BkD2dqY2VyZW5wZX0iOTxyeBZrY2ZyYm1sY3xif2dhP3dpEWZ9amtmb3pqa21yeWQ%2BMCQ%2Fd2kRPz8mKiZyeWdpFHJ5Z2gTcnlnaBMgPCV0MSUkIjg6L2UxNThyeWdoEyRuYG9nES4hazg%2Fe2RsLGEvIipmPm5gb2cRHzo%2FGDYvPD8mJAY3PjkyMnwoNCVtMyk3aiMmLiUkbmEbcGUNd2gTIDwldDElJCI4Oi9lMTU4cnkUKXBlDTcpZDojYmxjLn02KiVkIndoEwMjNxc0MyU3KSYaLjY2MC5lIDsndWdwKTgxaWhreXU4Pyx3bWlmdGZ1Z3AuNDAUOz53bWlqa21lc2R4eXU4JzgKPi9jeG91fmJsZ258Znh5dTgnOAo%2BL2B4b3V%2BYmxnbnxmBW1mfGJpYmJpfng0OycweG91IyYuJSRxfXUiIDx8Pic4OzA1LXkoPTd6JGQ3KWQ6I2JsYy59NiolZCJ9Dj0yBjM%2BOzI4IRcwMyc3I3slKiB4eXUkMHhvdSMmLiUkcX11IiA8am17MyokMyY4JTA7JzwuIHQlJSR9KiAkIyA%2FMT45NzkheHQmNyVqenQ0MCM8PSg%2Banh0MzokdmJ8Jj4%2FN2c0My0%2BI3M0dmZ8JScib29lYXlrbWFxOzEzaGZ9Y2NlYHJmbWVxP29rY296YWJkb3pqfDEyOCZnPSM%2FIilwZAp3aBNyeRQtIiBlNig6Jyk9Ins0JD9%2FZxE4d2gTMjhjNz1nfWQjYzM7Imk8cnkUDj0yBjM%2BOzI4IRcwMyc3I3slKiB4eXUoPjh3bWk6LiEnOGh1eiA8JWJieS8zLDwkJDw4NCUgNyh7Jzk9dSUiODooMDMiID82I2RtLjgndmB8OzI%2FJTUnPHZhfDw4OG9qcyQiJj9oNi80NixxKG9ucyc7O2dgZ31gY2JjbSI5PGp6ZGtsZ3xrbmJnbSZnZGFzY2ltZnNjYnMzLiEuaD8%2FJiomcngTf2cRbmAcIiA8fD4nODswNS15KD03cGUNIX9nES4hazg%2Fe2RsLGEvIipmPm5gHAE%2FLh87MTkuISkYMi8%2BPyx5OTMod3tpMyk3dXFwMiEjOyFgeng8JS17Mzk9Kjc4M3w5OjpkIXUwJHo%2FMmVhfStsMSc7YTN6AyM3FzQzJTcpJhouNjYwLmUgOyd1Ng HTTP/1.1
Host: ndandinter.hair
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www20.davisonbarker.pro/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 502 Bad Gateway
Server: openresty/1.21.4.1
Date: Thu, 13 Apr 2023 10:31:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: dc622046360ac67e3833071f9bfd5915=1; Max-Age=604800
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: X-Requested-With,content-type
erdeallyighab.com/utx?cb=5CsPIXHevt76&top=www20.davisonbarker.pro&tid=824473
52.85.242.129 0 B URL erdeallyighab.com/utx?cb=5CsPIXHevt76&top=www20.davisonbarker.pro&tid=824473
IP 52.85.242.129:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=5CsPIXHevt76&top=www20.davisonbarker.pro&tid=824473 HTTP/1.1
Host: erdeallyighab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www20.davisonbarker.pro
Connection: keep-alive
Referer: http://www20.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Thu, 13 Apr 2023 10:31:26 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www20.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 13 Apr 2023 10:32:26 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 8556a7e6f097b43ef38a15da76d83874.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: o0iSW7hlpblYxY5C6yfffX_txUWjAq8vGk_BEWp-yRoEob13z7F0YQ==
X-Firefox-Spdy: h2
dc5k8fg5ioc8s.cloudfront.net/RZEhQcmoHJz4UVRAhNE9SVnxkRVlCIiMdBBR1GQQmXCJjCgU0O3YGEAB1YFQGBSY3T0wBJjNPW0IpNBBXUG4kAgUPdSUcDgEuORwPAG4lE1cJJyobBggpdUAsUWZgV1hUYChDW0F7EldYVCQ5HB8cbWJCElx+D0ReQXsSV1hUOiZXWSV5YEtEVGF1QFoDLT-MZBUF6FkBaVXhgQ1pVbWJCDA06NRQFHG1iNFtVeX5CTBF1YQ
54.230.245.36 345 B URL dc5k8fg5ioc8s.cloudfront.net/RZEhQcmoHJz4UVRAhNE9SVnxkRVlCIiMdBBR1GQQmXCJjCgU0O3YGEAB1YFQGBSY3T0wBJjNPW0IpNBBXUG4kAgUPdSUcDgEuORwPAG4lE1cJJyobBggpdUAsUWZgV1hUYChDW0F7EldYVCQ5HB8cbWJCElx+D0ReQXsSV1hUOiZXWSV5YEtEVGF1QFoDLT-MZBUF6FkBaVXhgQ1pVbWJCDA06NRQFHG1iNFtVeX5CTBF1YQ
IP 54.230.245.36:0
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (438), with no line terminators
Hash 9215c31706bc0c8aa426b0f2d3007580
fc9794e139c0c1eee53612361edbea37cf1ee4fc
978b6b6e0627f7146b2c89f96b201746c243c6dae8a63bd8f76529695c58b573
Analyzer Verdict Alert fortinet Malware
GET /RZEhQcmoHJz4UVRAhNE9SVnxkRVlCIiMdBBR1GQQmXCJjCgU0O3YGEAB1YFQGBSY3T0wBJjNPW0IpNBBXUG4kAgUPdSUcDgEuORwPAG4lE1cJJyobBggpdUAsUWZgV1hUYChDW0F7EldYVCQ5HB8cbWJCElx+D0ReQXsSV1hUOiZXWSV5YEtEVGF1QFoDLT-MZBUF6FkBaVXhgQ1pVbWJCDA06NRQFHG1iNFtVeX5CTBF1YQ HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://erdeallyighab.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 345
Connection: keep-alive
Date: Thu, 13 Apr 2023 10:31:26 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: PPHt_3m-gMRhOY-gUBSgwisFfJqapeK1YoR6EIEzLszVXqFGAaex8g==
asgildedalloverw.com/popunder.gif
188.114.97.1200 OK 0 B URL GET HTTP/3 asgildedalloverw.com/popunder.gif
IP 188.114.97.1:443
Requested by https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate IssuerLet's Encrypt
Subject*.asgildedalloverw.com
FingerprintF9:54:53:EA:19:E8:A3:15:3A:5C:44:16:B9:2D:55:18:D5:D4:2D:67
ValiditySun, 02 Apr 2023 13:20:29 GMT - Sat, 01 Jul 2023 13:20:28 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /popunder.gif HTTP/1.1
Host: asgildedalloverw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www20.davisonbarker.pro/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Thu, 13 Apr 2023 10:31:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 13 Apr 2023 11:31:26 GMT
Location: https://asgildedalloverw.com/popunder.gif
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EfIxH%2BC0QY2Tb6CbNp%2F00BplChVHHjr8fqfMBEglYjnMVSJMv7NS2JAbDbwr2qEz2x1k6U1NdPBVD%2BKYndlBr6pM4Wf25fWJcmxgqa2FhORW%2FGfk69tu35EQsCvZm%2FFUtRZE7VUO7g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b730a14cdd70b69-OSL
alt-svc: h2=":443"; ma=60
dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
54.230.245.166200 OK 52 kB URL GET HTTP/2 dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
IP 54.230.245.166:443
Requested by https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type Unicode text, UTF-8 text, with very long lines (15955)
Hash 31afdfb63196025be4ed7cc20cf68c4b
8f070892551235aa9dfece9f0d2547d095bb67ed
0e4f5d18002ef46087fca2df15cc3916c672b1d50eba9eaf22225ffccfdc12f3
GET /?gfkcd=824473 HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-length: 51540
date: Thu, 13 Apr 2023 10:31:26 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Lfj82or6leOab25uRogSzK5SkNPXGXVkRtPhPrRIphsTIAG-76Fr1w==
X-Firefox-Spdy: h2
www87.davisonbarker.pro/static/image/logo.png
104.21.92.39200 OK 11 kB URL GET HTTP/3 www87.davisonbarker.pro/static/image/logo.png
IP 104.21.92.39:443
Requested by https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:EF:ED:A7:D2:3C:ED:C8:23:64:8B:82:4F:9F:53:D0:2A:0A:B3:20
ValidityThu, 26 Jan 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type PNG image data, 185 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash f819716ccd5a0e06aecdb273cfb4ccbe
f60bad9a95299264085d01c9705b03c768a71da8
196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a
GET /static/image/logo.png HTTP/1.1
Host: www87.davisonbarker.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: www87.davisonbarker.pro
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 13 Apr 2023 10:31:26 GMT
content-type: image/png
content-length: 10726
cache-control: public, max-age=604800
expires: Thu, 20 Apr 2023 10:31:26 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "29e6-5faa60e6-b4021a56880f53fc;;;"
x-turbo-charged-by: LiteSpeed
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tNc%2FPuieFBlAy2sRwBKiwj3t3uNswgRHvB78JpS%2FYYMccH6cyy%2F1v83XwXbEqbFJ2mpmafril2%2BdSMFCJaJx%2BB1eSlA1Mb8gx7Ml1WuE55sYSWtnfHsr%2BATWbD1B4hcOzZFZBmtU505Z1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b730a17ebfa0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ocsp.r2m01.amazontrust.com/
54.230.80.227 471 B URL ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 204c06c67dab4319a44c8cc8181ef9cd
27498168e88a4b5a1748a4f1ff6dee5ece836121
24d2af52d40fd8bf71c94b0258e442b56b89f5f907af22dfee22932df500fd1e
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=112436
Date: Thu, 13 Apr 2023 10:31:26 GMT
Etag: "6436dcc8-1d7"
Expires: Fri, 14 Apr 2023 17:45:22 GMT
Last-Modified: Wed, 12 Apr 2023 16:31:04 GMT
Server: ECAcc (bsa/EACA)
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: aJJYNhmgKbKF-Tgl06kAQcsSPIcPe9CwnaO_i0YO1wig71U397k3uA==
Age: 4458
simplewebanalysis.com/stats
3.65.16.149200 OK 40 B URL GET HTTP/2 simplewebanalysis.com/stats
IP 3.65.16.149:443
Requested by https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 947fb816681f17eac5aa04d96895747a
7aa27fdbe066b0fb7a5f730aab475ce68f24a7dc
2c8f937cb502ec11f716724af955fa9021423ae7e4364ddafc637e5804b324af
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www87.davisonbarker.pro
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 13 Apr 2023 10:31:27 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www87.davisonbarker.pro
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=81d5f8fb-0873-4e86-882b-4b161cf0f813:2:1; expires=Sun, 10 Apr 2033 10:31:27 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
asgildedalloverw.com/blZVdXpBaTYGRzhkAxQbFDIjIxdbAhdHNDo3OR4/NBAbBiI/B3MBEwprbUdOWmFmUwoHMmhGSEglIRQOGyVoRFwHODMaR0ggaEVUV3hkW09II2hEXBomNBJHX3AlAQ4Ca2RDQl9lbURDXWJmTU0
188.114.96.1204 No Content 0 B URL GET HTTP/2 asgildedalloverw.com/blZVdXpBaTYGRzhkAxQbFDIjIxdbAhdHNDo3OR4/NBAbBiI/B3MBEwprbUdOWmFmUwoHMmhGSEglIRQOGyVoRFwHODMaR0ggaEVUV3hkW09II2hEXBomNBJHX3AlAQ4Ca2RDQl9lbURDXWJmTU0
IP 188.114.96.1:443
Requested by https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate IssuerLet's Encrypt
Subject*.asgildedalloverw.com
FingerprintF9:54:53:EA:19:E8:A3:15:3A:5C:44:16:B9:2D:55:18:D5:D4:2D:67
ValiditySun, 02 Apr 2023 13:20:29 GMT - Sat, 01 Jul 2023 13:20:28 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /blZVdXpBaTYGRzhkAxQbFDIjIxdbAhdHNDo3OR4/NBAbBiI/B3MBEwprbUdOWmFmUwoHMmhGSEglIRQOGyVoRFwHODMaR0ggaEVUV3hkW09II2hEXBomNBJHX3AlAQ4Ca2RDQl9lbURDXWJmTU0 HTTP/1.1
Host: asgildedalloverw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Thu, 13 Apr 2023 10:31:27 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ha%2B8iZZZijZGnXmqdjet2%2FmWUtg56xsELDBGwTSYIe4RkXWqFjrfajdmBtdqPc0%2FT57glSTiinUKNRPVAOOxgEXsmTU5JhkH9s69RqwE%2BtSrkky2o%2FKWO7X8OhQz5YJ1nM7OMuPhZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b730a19c8a5b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
asgildedalloverw.com/T2Y0WFBgWVcrbSsudgwCIih5CWIrQwYaBX8kcwFjHTdmaAojBXIZdjsPUGVofVIAb2NpFl08bXxUEiskLhJBK219VgRvdiYIUjdtfUBCZWBhXxppfnpAQWVhaRJEOTdyVxIoJDsKCWlmd1cHYGF2VQBraX0
188.114.96.1204 No Content 0 B URL GET HTTP/2 asgildedalloverw.com/T2Y0WFBgWVcrbSsudgwCIih5CWIrQwYaBX8kcwFjHTdmaAojBXIZdjsPUGVofVIAb2NpFl08bXxUEiskLhJBK219VgRvdiYIUjdtfUBCZWBhXxppfnpAQWVhaRJEOTdyVxIoJDsKCWlmd1cHYGF2VQBraX0
IP 188.114.96.1:443
Requested by https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate IssuerLet's Encrypt
Subject*.asgildedalloverw.com
FingerprintF9:54:53:EA:19:E8:A3:15:3A:5C:44:16:B9:2D:55:18:D5:D4:2D:67
ValiditySun, 02 Apr 2023 13:20:29 GMT - Sat, 01 Jul 2023 13:20:28 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /T2Y0WFBgWVcrbSsudgwCIih5CWIrQwYaBX8kcwFjHTdmaAojBXIZdjsPUGVofVIAb2NpFl08bXxUEiskLhJBK219VgRvdiYIUjdtfUBCZWBhXxppfnpAQWVhaRJEOTdyVxIoJDsKCWlmd1cHYGF2VQBraX0 HTTP/1.1
Host: asgildedalloverw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Thu, 13 Apr 2023 10:31:27 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F2x6zF2OBV6Cd6%2Bu04fhLJ2Uir1jHVYm%2FnjwiUGFwv%2FMQL%2BUBtOtFwcHIlGjEEinHhwhGYstWjaRFUYeZGvqIW1ImJ30Vo%2FWDTaFDOALCsOPWadtovd92rNnXV4KcjU5iSSowSxhiw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b730a19d8b1b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
erdeallyighab.com/MzA1NHJSUlZZTVINVxIHQVwIEUB1FQdyFlAFXgwUVAVcWxELQxtXHlxFUVIAXF5BGhxWRBAGNF5RcHoHZlpWeD5ycQV3MERBdllKY2dbUBNpYWd7OWEADGMgWxUHdjlLQGJjIQd9eGU7e2pnWx1mAWNOIXcFYnYbYWRRcjt0eXN6GHZhXlo2dAhxYBhQVWViCmV+UnVAZlcBRTN3VGFgGGpgVwUde39kV1cBcmJDHl5od2UxYV57eCtyVHR7QwpacFgBcWMHdTpxc1p1OAMJe1ckB0FxBUZQZ3JtIWRHc3grclNUeidHWFFYHklmBkM6YmdvVytfcXt9Mx5lDHEeXHZtczt0Z316FGpXb3oRZQQFbBpcXXZwQ2NkbXEdakdvbhBlBQVlHmVJE14BXF5FCTd7UQRZEFAFWg
52.85.242.129200 OK 1.2 kB URL GET HTTP/2 erdeallyighab.com/MzA1NHJSUlZZTVINVxIHQVwIEUB1FQdyFlAFXgwUVAVcWxELQxtXHlxFUVIAXF5BGhxWRBAGNF5RcHoHZlpWeD5ycQV3MERBdllKY2dbUBNpYWd7OWEADGMgWxUHdjlLQGJjIQd9eGU7e2pnWx1mAWNOIXcFYnYbYWRRcjt0eXN6GHZhXlo2dAhxYBhQVWViCmV+UnVAZlcBRTN3VGFgGGpgVwUde39kV1cBcmJDHl5od2UxYV57eCtyVHR7QwpacFgBcWMHdTpxc1p1OAMJe1ckB0FxBUZQZ3JtIWRHc3grclNUeidHWFFYHklmBkM6YmdvVytfcXt9Mx5lDHEeXHZtczt0Z316FGpXb3oRZQQFbBpcXXZwQ2NkbXEdakdvbhBlBQVlHmVJE14BXF5FCTd7UQRZEFAFWg
IP 52.85.242.129:443
Requested by https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate IssuerAmazon
Subjecterdeallyighab.com
Fingerprint4D:0D:9C:56:2C:EF:55:B9:2D:69:42:8D:9E:C4:0B:4E:B2:D8:05:6F
ValiditySun, 02 Apr 2023 00:00:00 GMT - Tue, 30 Apr 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3011), with no line terminators
Hash 61c7a866644d341c39a4360cd49ecbac
c50255bfed75ca1e543fa64cad5beadf55ab5b37
cce3326a3bac315e8159bc4aa872531fd048b85cc14bac2d249d81b387b98830
GET /MzA1NHJSUlZZTVINVxIHQVwIEUB1FQdyFlAFXgwUVAVcWxELQxtXHlxFUVIAXF5BGhxWRBAGNF5RcHoHZlpWeD5ycQV3MERBdllKY2dbUBNpYWd7OWEADGMgWxUHdjlLQGJjIQd9eGU7e2pnWx1mAWNOIXcFYnYbYWRRcjt0eXN6GHZhXlo2dAhxYBhQVWViCmV+UnVAZlcBRTN3VGFgGGpgVwUde39kV1cBcmJDHl5od2UxYV57eCtyVHR7QwpacFgBcWMHdTpxc1p1OAMJe1ckB0FxBUZQZ3JtIWRHc3grclNUeidHWFFYHklmBkM6YmdvVytfcXt9Mx5lDHEeXHZtczt0Z316FGpXb3oRZQQFbBpcXXZwQ2NkbXEdakdvbhBlBQVlHmVJE14BXF5FCTd7UQRZEFAFWg HTTP/1.1
Host: erdeallyighab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 1167
date: Thu, 13 Apr 2023 10:31:27 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 f9a0ddc3860252ab6c4d02ab024b4890.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: 5ZCRIY-r0GkgFltqb0b4cLoDh_IJRrfk7t5VPYEd0SbPvCgf_HkIoA==
X-Firefox-Spdy: h2
dc5k8fg5ioc8s.cloudfront.net/maENuUjcLLAA0CBwqCm8PWndaZQROKR09WRh+KxpWWS4MMQIHZRooU1VzSD5WBiRTdFIGIFNjEQknDG8DTjcePVxVNgA2Ug4qADdTTjYPb1oHOQc+WwlmXBQCRnNLYAdAO19jElsBS2AHBCoAJ09NcV4qD14cWGYSWwFLYAcaNUthdllzV3wHQWZcYlANIA-U9EloFXGIGWHNfYgZNcV40XhomCD1PTXEoYwZZbV50QlVy
54.230.245.166200 OK 345 B URL GET HTTP/2 dc5k8fg5ioc8s.cloudfront.net/maENuUjcLLAA0CBwqCm8PWndaZQROKR09WRh+KxpWWS4MMQIHZRooU1VzSD5WBiRTdFIGIFNjEQknDG8DTjcePVxVNgA2Ug4qADdTTjYPb1oHOQc+WwlmXBQCRnNLYAdAO19jElsBS2AHBCoAJ09NcV4qD14cWGYSWwFLYAcaNUthdllzV3wHQWZcYlANIA-U9EloFXGIGWHNfYgZNcV40XhomCD1PTXEoYwZZbV50QlVy
IP 54.230.245.166:443
Requested by https://erdeallyighab.com/MzA1NHJSUlZZTVINVxIHQVwIEUB1FQdyFlAFXgwUVAVcWxELQxtXHlxFUVIAXF5BGhxWRBAGNF5RcHoHZlpWeD5ycQV3MERBdllKY2dbUBNpYWd7OWEADGMgWxUHdjlLQGJjIQd9eGU7e2pnWx1mAWNOIXcFYnYbYWRRcjt0eXN6GHZhXlo2dAhxYBhQVWViCmV+UnVAZlcBRTN3VGFgGGpgVwUde39kV1cBcmJDHl5od2UxYV57eCtyVHR7QwpacFgBcWMHdTpxc1p1OAMJe1ckB0FxBUZQZ3JtIWRHc3grclNUeidHWFFYHklmBkM6YmdvVytfcXt9Mx5lDHEeXHZtczt0Z316FGpXb3oRZQQFbBpcXXZwQ2NkbXEdakdvbhBlBQVlHmVJE14BXF5FCTd7UQRZEFAFWg
Certificate IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT
File type ASCII text, with very long lines (437), with no line terminators
Hash 397efcf84fd4cc42a8b338172dc21a33
96401e9bdc9b3fa76e53526bdb15f48382e4e67e
5028d10da1a10d0304de1d36f38693079af80eaec478d0f7d9d68429e3d9c687
Analyzer Verdict Alert fortinet Malware
GET /maENuUjcLLAA0CBwqCm8PWndaZQROKR09WRh+KxpWWS4MMQIHZRooU1VzSD5WBiRTdFIGIFNjEQknDG8DTjcePVxVNgA2Ug4qADdTTjYPb1oHOQc+WwlmXBQCRnNLYAdAO19jElsBS2AHBCoAJ09NcV4qD14cWGYSWwFLYAcaNUthdllzV3wHQWZcYlANIA-U9EloFXGIGWHNfYgZNcV40XhomCD1PTXEoYwZZbV50QlVy HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://erdeallyighab.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-length: 345
date: Thu, 13 Apr 2023 10:31:27 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5PVZNOeHmABUoxj1-95ttN25_NdxDvxLO2ZANm40EeILtbS57azXAw==
X-Firefox-Spdy: h2
breedingdaringconcussion.com/aa/24/05/aa240591af5d8573573bb87d25c7ab12.json
173.233.139.164200 OK 404 B URL GET HTTP/1.1 breedingdaringconcussion.com/aa/24/05/aa240591af5d8573573bb87d25c7ab12.json
IP 173.233.139.164:443
Requested by https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate IssuerLet's Encrypt
Subjectbreedingdaringconcussion.com
FingerprintCA:E2:B8:68:85:85:E0:A2:47:D3:14:D9:CC:BA:6C:37:21:54:45:F2
ValidityFri, 03 Mar 2023 06:06:30 GMT - Thu, 01 Jun 2023 06:06:29 GMT
File type JSON data\012- , ASCII text, with very long lines (404), with no line terminators
Hash dde03c37818682aab11a08a3ccb28f51
c4f9c63862839104b6e641c05ec1a35b357b6722
eb29c75a394a1628f3b790d994a7c91d8f8a696a169083a035cf1c4689f553b6
GET /aa/24/05/aa240591af5d8573573bb87d25c7ab12.json HTTP/1.1
Host: breedingdaringconcussion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www87.davisonbarker.pro
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 13 Apr 2023 10:31:27 GMT
Content-Type: application/json
Content-Length: 404
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: af77706f530ed78d1595dbfb3260a990
Strict-Transport-Security: max-age=0; includeSubdomains
erdeallyighab.com/utx?cb=6ETKaTHvaWMs&top=www87.davisonbarker.pro&tid=824473
52.85.242.129204 No Content 0 B URL GET HTTP/2 erdeallyighab.com/utx?cb=6ETKaTHvaWMs&top=www87.davisonbarker.pro&tid=824473
IP 52.85.242.129:443
Requested by https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate IssuerAmazon
Subjecterdeallyighab.com
Fingerprint4D:0D:9C:56:2C:EF:55:B9:2D:69:42:8D:9E:C4:0B:4E:B2:D8:05:6F
ValiditySun, 02 Apr 2023 00:00:00 GMT - Tue, 30 Apr 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=6ETKaTHvaWMs&top=www87.davisonbarker.pro&tid=824473 HTTP/1.1
Host: erdeallyighab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www87.davisonbarker.pro
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Thu, 13 Apr 2023 10:31:27 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www87.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 13 Apr 2023 10:32:27 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 f9a0ddc3860252ab6c4d02ab024b4890.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: AjryCbgB2_InbdT34thdbLoutlsdFZS2247qM8QH3LdG08JyqlOnLg==
X-Firefox-Spdy: h2
banquetunarmedgrater.com/advertisers.js
173.233.137.60200 OK 0 B URL GET HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 173.233.137.60:443
Requested by https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate IssuerLet's Encrypt
Subject*.banquetunarmedgrater.com
FingerprintB6:94:DA:E3:84:16:54:0C:6B:00:48:97:8B:AC:17:A6:7D:9D:BE:6B
ValidityMon, 03 Apr 2023 06:06:16 GMT - Sun, 02 Jul 2023 06:06:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 13 Apr 2023 10:31:27 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 046629ac36874415f51bd9c949bd8bab
Strict-Transport-Security: max-age=0; includeSubdomains
asgildedalloverw.com/ZFUxMEFLalJDfAEAXgMbMhdzVRAqMWh1cFwXAFQrNztGchRWGBdEKABoCQJ1UGICFjENMQwDc0ImRVE1ESYMAnFUYhdZLwI6DAJnEmgBHnhKZB8FZxFoABY1FDRWDXBCJUVELVlkBwhwV20ACXJQbAQH
188.114.96.1204 No Content 0 B URL POST HTTP/3 asgildedalloverw.com/ZFUxMEFLalJDfAEAXgMbMhdzVRAqMWh1cFwXAFQrNztGchRWGBdEKABoCQJ1UGICFjENMQwDc0ImRVE1ESYMAnFUYhdZLwI6DAJnEmgBHnhKZB8FZxFoABY1FDRWDXBCJUVELVlkBwhwV20ACXJQbAQH
IP 188.114.96.1:443
Requested by https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate IssuerLet's Encrypt
Subject*.asgildedalloverw.com
FingerprintF9:54:53:EA:19:E8:A3:15:3A:5C:44:16:B9:2D:55:18:D5:D4:2D:67
ValiditySun, 02 Apr 2023 13:20:29 GMT - Sat, 01 Jul 2023 13:20:28 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ZFUxMEFLalJDfAEAXgMbMhdzVRAqMWh1cFwXAFQrNztGchRWGBdEKABoCQJ1UGICFjENMQwDc0ImRVE1ESYMAnFUYhdZLwI6DAJnEmgBHnhKZB8FZxFoABY1FDRWDXBCJUVELVlkBwhwV20ACXJQbAQH HTTP/1.1
Host: asgildedalloverw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www87.davisonbarker.pro
Alt-Used: asgildedalloverw.com
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/3 204 No Content
date: Thu, 13 Apr 2023 10:31:27 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C1Ip6lSzRkQUDPNWstZMAVf6yFW9Zd8uZxlL9631T3j%2BnVjEwpVyN9RjJ%2BFhyt5phOkUjJrTMO2j%2F3eJehqvxzh72Hi%2BuExMVhFOAUpfxx0egbz6matUAaWdjMz8CHbUx8I%2BviKS9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b730a1d1ad9b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
erdeallyighab.com/floater?cs=RU9vd1B9fFtPYHF5X0VjdnlZQWM&abt=0&red=1&sm=83&k=&v=0.9.1.5&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww87.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D5062974%26pci%3D1619079470%26t%3D1681381818%26dest%3Dhttps%253A%252F%252Fwww.dropbox.com%252Fs%252Fes1mh066y6dpp3i%252FTheMadnessMedley.rar&osr=www20.davisonbarker.pro&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A109.0)%20gecko%2F20100101%20firefox%2F111.0&tzd=0&uloc=&if=0&aa=oi1_&_tCKT=1681381934958&crc=1
52.85.242.129200 OK 1.2 kB URL GET HTTP/2 erdeallyighab.com/floater?cs=RU9vd1B9fFtPYHF5X0VjdnlZQWM&abt=0&red=1&sm=83&k=&v=0.9.1.5&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww87.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D5062974%26pci%3D1619079470%26t%3D1681381818%26dest%3Dhttps%253A%252F%252Fwww.dropbox.com%252Fs%252Fes1mh066y6dpp3i%252FTheMadnessMedley.rar&osr=www20.davisonbarker.pro&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A109.0)%20gecko%2F20100101%20firefox%2F111.0&tzd=0&uloc=&if=0&aa=oi1_&_tCKT=1681381934958&crc=1
IP 52.85.242.129:443
Requested by https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate IssuerAmazon
Subjecterdeallyighab.com
Fingerprint4D:0D:9C:56:2C:EF:55:B9:2D:69:42:8D:9E:C4:0B:4E:B2:D8:05:6F
ValiditySun, 02 Apr 2023 00:00:00 GMT - Tue, 30 Apr 2024 23:59:59 GMT
File type ASCII text, with very long lines (1947), with no line terminators
Hash 8a056fdf22c9f678b8c0062a791f901f
e9e0e4cda6a45fd5342fb7796fd5914bc3a86fab
e188f0cdac863da98edb392663a0526e6fad0698762fee329c3614471cc02282
GET /floater?cs=RU9vd1B9fFtPYHF5X0VjdnlZQWM&abt=0&red=1&sm=83&k=&v=0.9.1.5&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww87.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D5062974%26pci%3D1619079470%26t%3D1681381818%26dest%3Dhttps%253A%252F%252Fwww.dropbox.com%252Fs%252Fes1mh066y6dpp3i%252FTheMadnessMedley.rar&osr=www20.davisonbarker.pro&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A109.0)%20gecko%2F20100101%20firefox%2F111.0&tzd=0&uloc=&if=0&aa=oi1_&_tCKT=1681381934958&crc=1 HTTP/1.1
Host: erdeallyighab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www87.davisonbarker.pro
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1160
date: Thu, 13 Apr 2023 10:31:28 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www87.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=a2b712df-c438-4b55-a4c9-330b82a857f4
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 f9a0ddc3860252ab6c4d02ab024b4890.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: BEx02SKT-xt5buHbcNeghR8J2_0nLS0HbViyYn_BT7-Y6rrDnOKldw==
X-Firefox-Spdy: h2
reasonablelandmark.com/bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js
192.243.59.12200 OK 13 kB URL GET HTTP/1.1 reasonablelandmark.com/bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js
IP 192.243.59.12:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate IssuerLet's Encrypt
Subject*.reasonablelandmark.com
FingerprintA6:FE:13:26:EB:43:3F:9F:74:4B:D5:F5:1D:EC:77:CC:F3:2E:6B:A3
ValidityTue, 04 Apr 2023 06:41:09 GMT - Mon, 03 Jul 2023 06:41:08 GMT
File type ASCII text, with very long lines (37145), with no line terminators
Hash 12c91b886910a82d4a5f963ad564740b
c56d9c10fdef1817b3966e052e086ecc329bea3d
81c03b1d6f2e4a5c9bc2ad789f16abc8505246e27adad01f06e2fbdc1ccceb30
GET /bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js HTTP/1.1
Host: reasonablelandmark.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 13 Apr 2023 10:31:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0333ee1bf7c82fb5f9692183f8e74390
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
asgildedalloverw.com/popunder.gif
188.114.96.1200 OK 36 B URL GET HTTP/3 asgildedalloverw.com/popunder.gif
IP 188.114.96.1:443
Requested by https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate IssuerLet's Encrypt
Subject*.asgildedalloverw.com
FingerprintF9:54:53:EA:19:E8:A3:15:3A:5C:44:16:B9:2D:55:18:D5:D4:2D:67
ValiditySun, 02 Apr 2023 13:20:29 GMT - Sat, 01 Jul 2023 13:20:28 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad6a6cb23b0391c6652e018b9ac3bfc7
d38bd8446c3505f9b4797660388a8d6e8fd3d450
be4f754acf2dd33169add8976c1264f647470efdc993927040e23c4d310a835f
GET /popunder.gif HTTP/1.1
Host: asgildedalloverw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: asgildedalloverw.com
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 13 Apr 2023 10:31:27 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 40920
last-modified: Wed, 12 Apr 2023 23:09:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RltIYOJJiGmYCVyyIQxbdqOpBUbBV980bABY5l72qACE8Kv%2FEcXlUv3d1NLrSnJqZqa4YORxC4WURqzJI81zHvHTDRtLS5T9adR5tYbyFySSL1W%2BJu6PZUm2NjVkvIcdU8em9r7o6g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b730a1cda79b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
asgildedalloverw.com/UjkyTUN9BlE+fgEJRhsmBElIKAQUe1MjemtjZzkzN3EDJxdgUhQ5KjYECn93Zg4BazM7XQ9+cXRKRiw3J0oPf3NiDBQkLTRWD39zYg8CfXJhCxd6ADpNRj0wdwpzaHEUHAALOz9VHD4mIE9XYDA3S0QoJnxaXSBmYH9GJTY/W1wsKj4cAQsqdwp2FAwbeHgae2pWYRgcYhwAezN3CnZ8dWoIAXVyagEKY3FgCQp8dncLBCQuNU0Xfgc7Wl0jZmV6XDgvPhwFDnVmCAZ+dmEMAX5xaw4LfHtgDwFrNW8JHHRtYxcHazZvAQp1emIIAX51ZQEHf3dgH0Y9IjUEA2szJk1ecHJkAQN+e2MAAXp0aw4
188.114.96.1204 No Content 0 B URL POST HTTP/3 asgildedalloverw.com/UjkyTUN9BlE+fgEJRhsmBElIKAQUe1MjemtjZzkzN3EDJxdgUhQ5KjYECn93Zg4BazM7XQ9+cXRKRiw3J0oPf3NiDBQkLTRWD39zYg8CfXJhCxd6ADpNRj0wdwpzaHEUHAALOz9VHD4mIE9XYDA3S0QoJnxaXSBmYH9GJTY/W1wsKj4cAQsqdwp2FAwbeHgae2pWYRgcYhwAezN3CnZ8dWoIAXVyagEKY3FgCQp8dncLBCQuNU0Xfgc7Wl0jZmV6XDgvPhwFDnVmCAZ+dmEMAX5xaw4LfHtgDwFrNW8JHHRtYxcHazZvAQp1emIIAX51ZQEHf3dgH0Y9IjUEA2szJk1ecHJkAQN+e2MAAXp0aw4
IP 188.114.96.1:443
Requested by https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate IssuerLet's Encrypt
Subject*.asgildedalloverw.com
FingerprintF9:54:53:EA:19:E8:A3:15:3A:5C:44:16:B9:2D:55:18:D5:D4:2D:67
ValiditySun, 02 Apr 2023 13:20:29 GMT - Sat, 01 Jul 2023 13:20:28 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /UjkyTUN9BlE+fgEJRhsmBElIKAQUe1MjemtjZzkzN3EDJxdgUhQ5KjYECn93Zg4BazM7XQ9+cXRKRiw3J0oPf3NiDBQkLTRWD39zYg8CfXJhCxd6ADpNRj0wdwpzaHEUHAALOz9VHD4mIE9XYDA3S0QoJnxaXSBmYH9GJTY/W1wsKj4cAQsqdwp2FAwbeHgae2pWYRgcYhwAezN3CnZ8dWoIAXVyagEKY3FgCQp8dncLBCQuNU0Xfgc7Wl0jZmV6XDgvPhwFDnVmCAZ+dmEMAX5xaw4LfHtgDwFrNW8JHHRtYxcHazZvAQp1emIIAX51ZQEHf3dgH0Y9IjUEA2szJk1ecHJkAQN+e2MAAXp0aw4 HTTP/1.1
Host: asgildedalloverw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www87.davisonbarker.pro
Alt-Used: asgildedalloverw.com
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/3 204 No Content
date: Thu, 13 Apr 2023 10:31:30 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=amgREi0JU%2FFX2WZTQbxrJAP6DQu387hZYmhzE4FLMPhOMoSeSFd9Lm5fQnDLwnuVrdvhPLrtmH1L0q%2BNYVWfN9QK3TXSaX1BIaveQ2FfYNbMvMS%2BY0rEpb9UgFdE8cEnQoq9S1hW2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b730a2edc37b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
xml.serve-servee.com/thumbnail?i=YOIAJW88oSU_0&p=1681381888.220815&imgt=icon
172.64.130.18302 Found 0 B URL GET HTTP/2 xml.serve-servee.com/thumbnail?i=YOIAJW88oSU_0&p=1681381888.220815&imgt=icon
IP 172.64.130.18:443
Requested by https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF9:F4:6D:CB:77:34:5B:81:93:D5:4D:A0:AC:62:B8:EA:AB:A6:7E:14
ValiditySat, 04 Feb 2023 00:00:00 GMT - Sat, 03 Feb 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thumbnail?i=YOIAJW88oSU_0&p=1681381888.220815&imgt=icon HTTP/1.1
Host: xml.serve-servee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
date: Thu, 13 Apr 2023 10:31:30 GMT
content-length: 0
location: https://static.serve-servee.com/n337/ad/300x300_J3j2Bprhh38fI10u8oIb.jpeg
cache-control: no-store
age: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HGrphJrq4F9CK0AFLdf9k%2BQubfR7yWigZ87ydQz7ly29Ob%2BO1p%2B9ZfwMwzzlklE%2FUBY9aMCWM9ggSzEBkR1O6HBCeLkiqnmmdY%2FXmu3sAcKLlSNbwYHm7LxNYSI%2FTrQlE%2Bs0R8%2FCLw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b730a2f9ecb71aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.serve-servee.com/n337/ad/300x300_J3j2Bprhh38fI10u8oIb.jpeg
172.64.130.18200 OK 12 kB URL GET HTTP/2 static.serve-servee.com/n337/ad/300x300_J3j2Bprhh38fI10u8oIb.jpeg
IP 172.64.130.18:443
Requested by https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF9:F4:6D:CB:77:34:5B:81:93:D5:4D:A0:AC:62:B8:EA:AB:A6:7E:14
ValiditySat, 04 Feb 2023 00:00:00 GMT - Sat, 03 Feb 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Hash 3278dcc26908cafe737e2512f6346dbc
20ae23dc2ddc0235b15060bd3f6d91ea10c527f5
03e2c0a4a6e59c8784a4b800d639f7cc776e4d2b00df76b617d275d70363df02
GET /n337/ad/300x300_J3j2Bprhh38fI10u8oIb.jpeg HTTP/1.1
Host: static.serve-servee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 13 Apr 2023 10:31:30 GMT
content-type: image/jpeg
content-length: 12198
last-modified: Fri, 07 Apr 2023 23:13:51 GMT
accept-ranges: bytes
etag: "6430a3af-2fa6"
cache-control: max-age=86400
x-hw: 1681381890.cds290.lo4.h2,1681381890.cds304.lo4.c
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=plfqdwDK8wV%2B6dw9T7pDyHjiFZzqV89el5w2o8VNzEkY5g4JE58kC2sOrOBd%2FZIbUOiKtjcunfcf%2Bh%2FSk%2F6hw8Q6R0KXljqdv8SubslI0edK0%2ByJPcp2eukaVVDZY5wAG8%2F2CyagqKfQeg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b730a3108b971aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www87.davisonbarker.pro/static/image/skip_ad/en_tran.png
104.21.92.39200 OK 5.1 kB URL GET HTTP/3 www87.davisonbarker.pro/static/image/skip_ad/en_tran.png
IP 104.21.92.39:443
Requested by https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:EF:ED:A7:D2:3C:ED:C8:23:64:8B:82:4F:9F:53:D0:2A:0A:B3:20
ValidityThu, 26 Jan 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type PNG image data, 155 x 41, 8-bit/color RGBA, non-interlaced\012- data
Hash a58f5ea6f1f6bb35658c351f876f1ba9
47fa621b845faf7df13e4021dcffd6f4c73c1018
ef8721967f0cca2539ee60f9cad0e8c1ef89f18a53964a4e6101033d23a4ba29
GET /static/image/skip_ad/en_tran.png HTTP/1.1
Host: www87.davisonbarker.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: www87.davisonbarker.pro
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=81d5f8fb-0873-4e86-882b-4b161cf0f813%3A2%3A1; ppu_main_aa240591af5d8573573bb87d25c7ab12=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 13 Apr 2023 10:31:31 GMT
content-type: image/png
content-length: 5076
cache-control: public, max-age=604800
expires: Thu, 20 Apr 2023 10:31:31 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "13d4-5faa60e6-d082b40bd28384ce;;;"
x-turbo-charged-by: LiteSpeed
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=chGmcmZ7HioWxA6fx24Ud4GkFiaMbAGrTtGrwBs3QakOYZ1Hab9LREsiBam4y4EtyU01aDYYu0TvA2JSbFz69CrPJGUJ8IQF2BiE4OEN%2BPZf2R7ciGdbPxMauN%2FpFvLf7J57UW5Shld4Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b730a375f660b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
unseenreport.com/pxf.gif?uuid=81d5f8fb-0873-4e86-882b-4b161cf0f813&eb=1825ffe812838d20280215b5ec6bf9db&te=188e0523b921745c60844a7eb1ad8eb5&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=bff29f0d3318d4c4b9a844119e218228&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=10
192.243.61.225200 OK 0 B URL GET HTTP/1.1 unseenreport.com/pxf.gif?uuid=81d5f8fb-0873-4e86-882b-4b161cf0f813&eb=1825ffe812838d20280215b5ec6bf9db&te=188e0523b921745c60844a7eb1ad8eb5&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=bff29f0d3318d4c4b9a844119e218228&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=10
IP 192.243.61.225:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint33:54:5C:58:7C:8E:75:EE:DF:A0:8C:41:D3:AC:1B:BF:B6:66:28:EC
ValidityMon, 27 Mar 2023 07:09:08 GMT - Sun, 25 Jun 2023 07:09:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=81d5f8fb-0873-4e86-882b-4b161cf0f813&eb=1825ffe812838d20280215b5ec6bf9db&te=188e0523b921745c60844a7eb1ad8eb5&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=bff29f0d3318d4c4b9a844119e218228&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=10 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 13 Apr 2023 10:31:29 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 96ac4ba6645a215c174ce90989ebbd23
Strict-Transport-Security: max-age=0; includeSubdomains
addresseepaper.com/sfp.js
0.0.0.0 0 B URL GET addresseepaper.com/sfp.js
IP 0.0.0.0:0
Requested by https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
104.21.92.39200 OK 74 kB URL User Request GET HTTP/2 www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
IP 104.21.92.39:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:EF:ED:A7:D2:3C:ED:C8:23:64:8B:82:4F:9F:53:D0:2A:0A:B3:20
ValidityThu, 26 Jan 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (62619)
Hash 7c219c092b2aa2facab889211a6393d7
5b07a2010ca86571e359fe0a672cbd0afc293ab8
367befb88a74ee44cda9c55a2663e7b943d68692c3e57edeff4150a71ea89bb5
GET /pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar HTTP/1.1
Host: www87.davisonbarker.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www20.davisonbarker.pro/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 13 Apr 2023 10:31:26 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.27
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
set-cookie: lastUrlPushTmp=www87.davisonbarker.pro; secure
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dhwmgypmaYd0qcWeDRnGF2ZAhRWM2sGSmMQi%2FhQZ%2Fgzr8Q09Z8VsuJ22BPiz7ku1A5dyjx87Df54WAyvDCstEfCVcRh7EQJsAvxplSGsqBwlAJ1GdOh8887wyolypMlwSe3N%2BBrkYjVZVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b730a155d15b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
188.114.97.1200 OK 26 B IP 188.114.97.1:443
Requested by https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash ea323077697bde81d0fe4d5df0a15859
bb10ce004d450bfadf0c05c725e25fb7fc3beb40
2bc7eda577bf39cbd8b5fdc971d2c2a6c3325a8a9f3edd7f7e101a22883b65d2
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www87.davisonbarker.pro/
Origin: https://www87.davisonbarker.pro
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 13 Apr 2023 10:31:27 GMT
content-type: text/plain
set-cookie: csu=888901336785242@1@1681381887; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www87.davisonbarker.pro
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vUW8ZyKHEsHiTXBhRoH14AOkG8NerS6D%2FopXLCEOCbUkfMs8WDJZqj03D0kmMk%2BI%2B8WhL7K6FD2iriFk3istErZQd3YR9OIic1JDP9mholIIdl24no5AWAWF%2BsXavMEs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b730a1c4b311c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
188.114.97.1200 OK 102 kB IP 188.114.97.1:443
Requested by https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
Size 102 kB (102400 bytes)
Hash 4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www87.davisonbarker.pro/
Origin: https://www87.davisonbarker.pro
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 13 Apr 2023 10:31:27 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www87.davisonbarker.pro
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Wed, 12 Apr 2023 11:05:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b%2BT1iuyfhZoEF1Gd1C8dD6bTEAdgRmQI3maNQHskVu3rxJ%2B7R5%2BQvzbf3VVTn%2FDsVTgdHb%2FIR6nH%2BpqTDxTANheLPSeXH3Xj4U34AuuPJTBaCBppz7KIyq41V4%2F2UDD%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b730a1c4b291c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dismantlepenantiterrorist.com/pxf.gif?uuid=81d5f8fb-0873-4e86-882b-4b161cf0f813&eb=438d316e0e696928da604403013b50e2&te=bc8a3ff347655a560a72a09ac34fae64&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=13.2079&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=10
0.0.0.0 0 B URL GET dismantlepenantiterrorist.com/pxf.gif?uuid=81d5f8fb-0873-4e86-882b-4b161cf0f813&eb=438d316e0e696928da604403013b50e2&te=bc8a3ff347655a560a72a09ac34fae64&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=13.2079&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=10
IP 0.0.0.0:0
Requested by https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=81d5f8fb-0873-4e86-882b-4b161cf0f813&eb=438d316e0e696928da604403013b50e2&te=bc8a3ff347655a560a72a09ac34fae64&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=13.2079&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=10 HTTP/1.1
Host: dismantlepenantiterrorist.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
friendshipmale.com/sfp.js
172.64.167.29200 OK 86 kB URL GET HTTP/2 friendshipmale.com/sfp.js
IP 172.64.167.29:443
Requested by https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 13 Apr 2023 10:31:28 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 7286ae8690109eb672c5de4289707bf7
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Thu, 13 Apr 2023 10:31:28 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2l%2BCqLMjx50yTVaww%2BhjHTm6n8dkHkrHZuJIIVE%2BCfP9PRWL5ADYkeolXpb7r2jsE6Tx1IiBd0pm%2FNn4bL1bboWDVMC3S1EJssuzBbfGHAdiwS6m65eugZvEcyPnSs1vkusd0PM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b730a23188d48c3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2