Report - www20.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=5062974&pci=1619079470&t=1681381818&dest=https://www.dropbox.com/s/es1mh066y6dpp3i/TheMadnessMedley.rar

Report Overview

Submitted URL
www20.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=5062974&pci=1619079470&t=1681381818&dest=https://www.dropbox.com/s/es1mh066y6dpp3i/TheMadnessMedley.rar
IP
104.21.92.39
ASN
#13335 CLOUDFLARENET
Submitted
2023-04-13 10:31:39
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
simplewebanalysis.com	unknown	2022-02-25	2023-04-12	440 B	430 B	3.65.16.149
static.serve-servee.com	unknown	2022-06-18	2023-04-12	433 B	13 kB	172.64.130.18
unseenreport.com	unknown	2022-03-30	2023-04-13	741 B	424 B	192.243.61.225
www20.davisonbarker.pro	unknown	2022-07-22	2023-03-29	2.3 kB	56 kB	104.21.92.39
ndandinter.hair	unknown	2022-07-21	2023-04-10	2.3 kB	364 B	54.162.51.18
xml.serve-servee.com	unknown	2022-06-18	2023-04-12	444 B	705 B	172.64.130.18
dismantlepenantiterrorist.com	17847	2021-11-01	2023-04-11	754 B	0 B	0.0.0.0
dc5k8fg5ioc8s.cloudfront.net	unknown	2021-01-11	2023-04-11	2.0 kB	106 kB	54.230.245.36
asgildedalloverw.com	unknown	2023-04-02	2023-04-02	4.5 kB	4.9 kB	188.114.97.1
erdeallyighab.com	unknown	No data	No data	3.8 kB	7.1 kB	52.85.242.129
www87.davisonbarker.pro	unknown	2022-08-11	2023-04-08	2.2 kB	93 kB	104.21.92.39
breedingdaringconcussion.com	unknown	2022-09-02	2023-04-10	488 B	1.1 kB	173.233.139.164
banquetunarmedgrater.com	unknown	2022-08-04	2023-04-13	415 B	327 B	173.233.137.60
pogothere.xyz	unknown	2022-09-04	2023-04-12	868 B	104 kB	188.114.97.1
ocsp.r2m01.amazontrust.com	unknown	2022-10-12	2023-04-12	340 B	1.0 kB	54.230.80.227
reasonablelandmark.com	unknown	2022-08-06	2023-04-10	443 B	14 kB	192.243.59.12
addresseepaper.com	18169	2021-11-01	2023-04-12	403 B	0 B	0.0.0.0
friendshipmale.com	unknown	2022-10-21	2023-04-12	403 B	86 kB	172.64.167.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-04-13	medium	dc5k8fg5ioc8s.cloudfront.net/RZEhQcmoHJz4UVRAhNE9SVnxkRVlCIiMdBBR1GQQmXCJjCgU0O3YGEAB1YFQGBSY3T0wBJjNPW0IpNBBXUG4kAgUPdSUcDgEuORwPAG4lE1cJJyobBggpdUAsUWZgV1hUYChDW0F7EldYVCQ5HB8cbWJCElx+D0ReQXsSV1hUOiZXWSV5YEtEVGF1QFoDLT-MZBUF6FkBaVXhgQ1pVbWJCDA06NRQFHG1iNFtVeX5CTBF1YQ
2023-04-13	medium	dc5k8fg5ioc8s.cloudfront.net/maENuUjcLLAA0CBwqCm8PWndaZQROKR09WRh+KxpWWS4MMQIHZRooU1VzSD5WBiRTdFIGIFNjEQknDG8DTjcePVxVNgA2Ug4qADdTTjYPb1oHOQc+WwlmXBQCRnNLYAdAO19jElsBS2AHBCoAJ09NcV4qD14cWGYSWwFLYAcaNUthdllzV3wHQWZcYlANIA-U9EloFXGIGWHNfYgZNcV40XhomCD1PTXEoYwZZbV50QlVy

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator
2023-04-13	medium	unseenreport.com
2023-04-13	medium	addresseepaper.com
2023-04-13	medium	dismantlepenantiterrorist.com

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	erdeallyighab.com/MzA1NHJSUlZZTVINVxIHQVwIEUB1FQdyFlAFXgwUVAVcWxELQxtXHlxFUVIAXF5BGhxWRBAGNF5RcHoHZlpWeD5ycQV3MERBdllKY2dbUBNpYWd7OWEADGMgWxUHdjlLQGJjIQd9eGU7e2pnWx1mAWNOIXcFYnYbYWRRcjt0eXN6GHZhXlo2dAhxYBhQVWViCmV+UnVAZlcBRTN3VGFgGGpgVwUde39kV1cBcmJDHl5od2UxYV57eCtyVHR7QwpacFgBcWMHdTpxc1p1OAMJe1ckB0FxBUZQZ3JtIWRHc3grclNUeidHWFFYHklmBkM6YmdvVytfcXt9Mx5lDHEeXHZtczt0Z316FGpXb3oRZQQFbBpcXXZwQ2NkbXEdakdvbhBlBQVlHmVJE14BXF5FCTd7UQRZEFAFWg	3.0 kB	2023-04-13	2023-04-13
Pretty URL erdeallyighab.com/MzA1NHJSUlZZTVINVxIHQVwIEUB1FQdyFlAFXgwUVAVcWxELQxtXHlxFUVIAXF5BGhxWRBAGNF5RcHoHZlpWeD5ycQV3MERBdllKY2dbUBNpYWd7OWEADGMgWxUHdjlLQGJjIQd9eGU7e2pnWx1mAWNOIXcFYnYbYWRRcjt0eXN6GHZhXlo2dAhxYBhQVWViCmV+UnVAZlcBRTN3VGFgGGpgVwUde39kV1cBcmJDHl5od2UxYV57eCtyVHR7QwpacFgBcWMHdTpxc1p1OAMJe1ckB0FxBUZQZ3JtIWRHc3grclNUeidHWFFYHklmBkM6YmdvVytfcXt9Mx5lDHEeXHZtczt0Z316FGpXb3oRZQQFbBpcXXZwQ2NkbXEdakdvbhBlBQVlHmVJE14BXF5FCTd7UQRZEFAFWg IP 52.85.242.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-13 12:31:42 Last Seen2023-04-13 12:31:42 Times Seen1 Hash 805ab55cf7aa655a5ffd3af2e9c80a1c d7cf5df9df7b962c019cb9f58b8dbcc39c7fed81 14da4787692722f7220bde3c6aaee05878084813f01041124390aac64a9c02b1 Loading...

	www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar	70 kB	2023-03-07	2023-05-15
Pretty URL www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar IP 104.21.92.39 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 14:50:57 Last Seen2023-05-15 22:48:54 Times Seen200 Hash 89a65ce6b1af31ff4330437afdbe7728 7b70a59efda26765a821b0193df597de8f4b8d74 bf4e261b5462befef118ed2771250f3b265b874ed0ea073399ed9edf1a6e3b12 Loading...

	www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar	1.4 kB	2023-04-13	2023-04-13
Pretty URL www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar IP 104.21.92.39 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-13 12:31:42 Last Seen2023-04-13 12:31:42 Times Seen1 Hash fe2b453de68b804de82cc537a19fd49e cdf742835808d4d8214322c3a8cf7f24ac429559 21dcb8f0f168e80ab41ac847160164520a1f93c42fc6dd32b01327340af1e1b6 Loading...

	dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473	185 kB	2023-04-13	2023-04-13
Pretty URL dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473 IP 54.230.245.36 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-13 12:31:42 Last Seen2023-04-13 12:33:24 Times Seen23 Hash 9e285075ba59b7e3f7dd2275e0bae7a5 15461425d4e44591e2357f14e8e0ff5519f3b6be 609e8896e9ac20d464705a952de09ca35ded0708db654bd81d13af70ba30f5ca Loading...

	dc5k8fg5ioc8s.cloudfront.net/maENuUjcLLAA0CBwqCm8PWndaZQROKR09WRh+KxpWWS4MMQIHZRooU1VzSD5WBiRTdFIGIFNjEQknDG8DTjcePVxVNgA2Ug4qADdTTjYPb1oHOQc+WwlmXBQCRnNLYAdAO19jElsBS2AHBCoAJ09NcV4qD14cWGYSWwFLYAcaNUthdllzV3wHQWZcYlANIA-U9EloFXGIGWHNfYgZNcV40XhomCD1PTXEoYwZZbV50QlVy	437 B	2023-04-13	2023-04-13
Pretty URL dc5k8fg5ioc8s.cloudfront.net/maENuUjcLLAA0CBwqCm8PWndaZQROKR09WRh+KxpWWS4MMQIHZRooU1VzSD5WBiRTdFIGIFNjEQknDG8DTjcePVxVNgA2Ug4qADdTTjYPb1oHOQc+WwlmXBQCRnNLYAdAO19jElsBS2AHBCoAJ09NcV4qD14cWGYSWwFLYAcaNUthdllzV3wHQWZcYlANIA-U9EloFXGIGWHNfYgZNcV40XhomCD1PTXEoYwZZbV50QlVy IP 54.230.245.166 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-13 12:31:42 Last Seen2023-04-13 12:31:42 Times Seen2 Hash 275784701287582f39bef7b1d007cb3c 9ae24f613c15c04a13c6131f96eee0de820ddd92 2b02de7cfaccd4c32b3b3264b670fd744d3670625af1dfad0db3e70d50e15905 Loading...

	banquetunarmedgrater.com/advertisers.js	0 B	2023-03-07	2024-07-27
Pretty URL banquetunarmedgrater.com/advertisers.js IP 173.233.137.60 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-07-27 06:54:27 Times Seen41189016 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	reasonablelandmark.com/bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js	37 kB	2023-04-12	2023-04-20
Pretty URL reasonablelandmark.com/bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-12 04:50:15 Last Seen2023-04-20 13:45:00 Times Seen10 Hash 0bec4081f9c43ba7c3e63eb3fb3e05d2 055d2fc4fb4814cb7ba7d47bd9b93913ae9ad0cd 269aa70f554609468a1aa55930649b6b3ad4bc717e78b402a819b6a775d577f7 Loading...

	friendshipmale.com/sfp.js	86 kB	2023-04-05	2023-08-25
Pretty URL friendshipmale.com/sfp.js IP 172.64.167.29 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 07:35:42 Last Seen2023-08-25 11:30:02 Times Seen8520 Hash 8bf542db65f0ff20d510889d62e5e092 1b1b7cc04275b7641e2f07b0f4bf99b5387303bf 77a3bebee72af7beb49cd94b7f16852a532aac5f3db8f610160440fe75ca4711 Loading...

HTTP Transactions (37)

URL IP Response Size

www20.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=5062974&pci=1619079470&t=1681381818&dest=https://www.dropbox.com/s/es1mh066y6dpp3i/TheMadnessMedley.rar

104.21.92.39

2.5 kB

URL
www20.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=5062974&pci=1619079470&t=1681381818&dest=https://www.dropbox.com/s/es1mh066y6dpp3i/TheMadnessMedley.rar
IP
104.21.92.39:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1021)
Size
2.5 kB (2462 bytes)
Hash
5b87a4b47689d943c5c0ec5853e09576
ee4ad5c309e562ae27631e51b17c3cf6dee89a75
fb84f58dfeffd5c1f32b68a3fede0f563149679be344360661a5e8a7de24bd15

HTTP Headers

GET /pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=5062974&pci=1619079470&t=1681381818&dest=https://www.dropbox.com/s/es1mh066y6dpp3i/TheMadnessMedley.rar HTTP/1.1
Host: www20.davisonbarker.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 13 Apr 2023 10:31:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/7.3.27
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
set-cookie: lastUrlPushTmp=www20.davisonbarker.pro
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q1XwMi9wDuBnTguS5pPwnWf%2B%2BLgk1YcuAENHgt5qo0tQ3hHsolHPaqeOizw2sP006J4YsblPxevkEOg0DEYqzI8JzyfYxH6rpEXRX62o4KM76ZK1czy4lhv6QnXJ7kErxIuG0OvyI5DIHg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b730a0d492f0b61-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473

54.230.245.36

200 OK

52 kB

URL GET HTTP/2
dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
IP
54.230.245.36:443
ASN
#16509 AMAZON-02

Requested by
https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (15955)
Size
52 kB (51540 bytes)
Hash
31afdfb63196025be4ed7cc20cf68c4b
8f070892551235aa9dfece9f0d2547d095bb67ed
0e4f5d18002ef46087fca2df15cc3916c672b1d50eba9eaf22225ffccfdc12f3

HTTP Headers

GET /?gfkcd=824473 HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www20.davisonbarker.pro/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 51540
Connection: keep-alive
Date: Thu, 13 Apr 2023 10:31:25 GMT
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: UDOrbBgu5VcV5e_wpo9DS6I9E2tkMAC7WDSvHLsMMduvcjzhiKPUFw==

www20.davisonbarker.pro/static/image/logo.png

104.21.92.39

11 kB

URL
www20.davisonbarker.pro/static/image/logo.png
IP
104.21.92.39:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 185 x 90, 8-bit/color RGBA, non-interlaced\012- data
Size
11 kB (10726 bytes)
Hash
f819716ccd5a0e06aecdb273cfb4ccbe
f60bad9a95299264085d01c9705b03c768a71da8
196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a

HTTP Headers

GET /static/image/logo.png HTTP/1.1
Host: www20.davisonbarker.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www20.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=5062974&pci=1619079470&t=1681381818&dest=https://www.dropbox.com/s/es1mh066y6dpp3i/TheMadnessMedley.rar
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 13 Apr 2023 10:31:25 GMT
Content-Type: image/png
Content-Length: 10726
Connection: keep-alive
cache-control: public, max-age=604800
expires: Thu, 20 Apr 2023 10:31:25 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "29e6-5faa60e6-b4021a56880f53fc;;;"
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ej4N17RBEEZUyYPQkHP5SrMs8JTQokBtq%2BC5bZ6iDVk9hUm6dpvaewvrCZF75s0W0eHSX05yHh%2F1d8eZrnU2M9%2FyIDWwlSOznrfGy7R97c6jvRFfsfx1lCfBRbFC5TkUeGoMARbtWRxPAw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b730a0f9d910b61-OSL
alt-svc: h2=":443"; ma=60

www20.davisonbarker.pro/am-push-cps.js?puid=5062974&clickid=5062974_8170375&allb=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar&ob=https%3A%2F%2Fwww87.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D5062974%26pci%3D1619079470%26t%3D1681381818%26dest%3Dhttps%253A%252F%252Fwww.dropbox.com%252Fs%252Fes1mh066y6dpp3i%252FTheMadnessMedley.rar&clb=https%3A%2F%2Fwww87.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D5062974%26pci%3D1619079470%26t%3D1681381818%26dest%3Dhttps%253A%252F%252Fwww.dropbox.com%252Fs%252Fes1mh066y6dpp3i%252FTheMadnessMedley.rar&asb=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar

104.21.92.39

40 kB

URL
www20.davisonbarker.pro/am-push-cps.js?puid=5062974&clickid=5062974_8170375&allb=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar&ob=https%3A%2F%2Fwww87.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D5062974%26pci%3D1619079470%26t%3D1681381818%26dest%3Dhttps%253A%252F%252Fwww.dropbox.com%252Fs%252Fes1mh066y6dpp3i%252FTheMadnessMedley.rar&clb=https%3A%2F%2Fwww87.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D5062974%26pci%3D1619079470%26t%3D1681381818%26dest%3Dhttps%253A%252F%252Fwww.dropbox.com%252Fs%252Fes1mh066y6dpp3i%252FTheMadnessMedley.rar&asb=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
IP
104.21.92.39:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
40 kB (40440 bytes)
Hash
845473a7fd284503f57855602add14fd
2974d9f2091d778fb076ebda7e908a1a029e38e5
7763be30b9a78bac4c785a49b0ee887135f9c2185689e8a31f630adfd26506ff

HTTP Headers

GET /am-push-cps.js?puid=5062974&clickid=5062974_8170375&allb=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar&ob=https%3A%2F%2Fwww87.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D5062974%26pci%3D1619079470%26t%3D1681381818%26dest%3Dhttps%253A%252F%252Fwww.dropbox.com%252Fs%252Fes1mh066y6dpp3i%252FTheMadnessMedley.rar&clb=https%3A%2F%2Fwww87.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D5062974%26pci%3D1619079470%26t%3D1681381818%26dest%3Dhttps%253A%252F%252Fwww.dropbox.com%252Fs%252Fes1mh066y6dpp3i%252FTheMadnessMedley.rar&asb=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar HTTP/1.1
Host: www20.davisonbarker.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www20.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=5062974&pci=1619079470&t=1681381818&dest=https://www.dropbox.com/s/es1mh066y6dpp3i/TheMadnessMedley.rar
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 13 Apr 2023 10:31:25 GMT
Content-Type: application/x-javascript
Content-Length: 40440
Connection: keep-alive
cache-control: public, max-age=604800
expires: Thu, 20 Apr 2023 10:29:17 GMT
last-modified: Mon, 08 Aug 2022 14:16:52 GMT
etag: "19284-62f11ad4-ba71540cd1782978;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qNfrsZchowhIJLOxKWQkFACMUi29W6SnjQJHbmyZmRmfkhOlwagpSFJ4J4OfvLR8Y%2FuqTM4ruuAxPLhMBKxfmQwlnTvYBueXRCfbE%2FEWEhDqgNUZvT3YVpPCZqFFbEFkdTzO24Q7NyITSA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b730a0f9e72b4f1-OSL
alt-svc: h2=":443"; ma=60

asgildedalloverw.com/TThFTnZiByY9SxlWBDYvGlRyHDcPYRIWTwR5dAgsKwgICCALV2M6HykFfXxCeQ92aAYkXHh9RGtLMS8COEt4fEZ9D2MnGCtXeHxQOwV1YE9jCWt7UDgFdGgCPVkic0drSDE6GnAJc3ZHfgB0d0V+CHF6

188.114.97.1

0 B

URL
asgildedalloverw.com/TThFTnZiByY9SxlWBDYvGlRyHDcPYRIWTwR5dAgsKwgICCALV2M6HykFfXxCeQ92aAYkXHh9RGtLMS8COEt4fEZ9D2MnGCtXeHxQOwV1YE9jCWt7UDgFdGgCPVkic0drSDE6GnAJc3ZHfgB0d0V+CHF6
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /TThFTnZiByY9SxlWBDYvGlRyHDcPYRIWTwR5dAgsKwgICCALV2M6HykFfXxCeQ92aAYkXHh9RGtLMS8COEt4fEZ9D2MnGCtXeHxQOwV1YE9jCWt7UDgFdGgCPVkic0drSDE6GnAJc3ZHfgB0d0V+CHF6 HTTP/1.1
Host: asgildedalloverw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www20.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Thu, 13 Apr 2023 10:31:25 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WzvaaVYx68uL0ruhfSeMQ49%2BmtfIS9G21FsgkOD%2FAZoyX960SrFoXy22QOd45kcgqeVG221HJhbbdqIhD%2BqO8qbeFMOg4tT0%2BthkQTRG1BAJkmWjO8bT5A7ycVTEM9ozNqOyQh1eOA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b730a114c40b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

asgildedalloverw.com/TXNyTTBiTBE+DRQmRyV9FSEnKFwMOiALcn8mBQt1GDtDG3IIEFQ5WSlOSn8EeURBa0AkF09+AmsABixEOABPfBYkHRQiDWsFT30edF1DYwVrBk98FjkDEyoNfFUCOUQhTkN7CHxASnwJfkBCeQI

188.114.97.1

0 B

URL
asgildedalloverw.com/TXNyTTBiTBE+DRQmRyV9FSEnKFwMOiALcn8mBQt1GDtDG3IIEFQ5WSlOSn8EeURBa0AkF09+AmsABixEOABPfBYkHRQiDWsFT30edF1DYwVrBk98FjkDEyoNfFUCOUQhTkN7CHxASnwJfkBCeQI
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /TXNyTTBiTBE+DRQmRyV9FSEnKFwMOiALcn8mBQt1GDtDG3IIEFQ5WSlOSn8EeURBa0AkF09+AmsABixEOABPfBYkHRQiDWsFT30edF1DYwVrBk98FjkDEyoNfFUCOUQhTkN7CHxASnwJfkBCeQI HTTP/1.1
Host: asgildedalloverw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www20.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Thu, 13 Apr 2023 10:31:25 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1O8YSz5Ys20vgA7859oFjsRVWXfHhGCzuyqMxs32i3ybu5K1RB6xiyH7Ljg3SpKo98zqMKqfYvK38Y0cdtDRZ5C2ejSsujHN%2FKTrddS209P2n%2FUt1CbAoVXXne5gfIQ2ZpJFCGHS%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b730a114c3bb4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

erdeallyighab.com/M1VIQnhSNysvR1JoKmQNQTl1Z0p1cHoEHFBgI3oeVGAhLRsLJmYhFFwgLCQKXDs8bBZWIW1wPmEPDSopUDgnCjJJYR0UKnI9BgdBYAMmOhNhAyQBMVoYLAA6YWQPEyleDQsIEnAyHXI3AAwPBzlxZBEEKXQXGxtLZ2U/ADJZGxgVSHolBgA6awAPdhNyMh0SHGAAKwYfdiAHEA9jFA92FHZkKwgySjoqAB9UJSwXOUAAHxgfZWQgFyFwPQwVSHViDS4cagMLE017F3AhGmQfCwcUS3B6ADwDBy0TIEAGHnMQZhohGCBkBh53IXYhDRQ/dWQZBBd3GRxvNWkXHQROdT4KIy5rPS8TSUMDKhUycBEJck59BxkEMHRkIQw+RwMtGk1wAQoESWoEbigLXDs4fzFFGXAoS0s6GDE

52.85.242.129

1.2 kB

URL
erdeallyighab.com/M1VIQnhSNysvR1JoKmQNQTl1Z0p1cHoEHFBgI3oeVGAhLRsLJmYhFFwgLCQKXDs8bBZWIW1wPmEPDSopUDgnCjJJYR0UKnI9BgdBYAMmOhNhAyQBMVoYLAA6YWQPEyleDQsIEnAyHXI3AAwPBzlxZBEEKXQXGxtLZ2U/ADJZGxgVSHolBgA6awAPdhNyMh0SHGAAKwYfdiAHEA9jFA92FHZkKwgySjoqAB9UJSwXOUAAHxgfZWQgFyFwPQwVSHViDS4cagMLE017F3AhGmQfCwcUS3B6ADwDBy0TIEAGHnMQZhohGCBkBh53IXYhDRQ/dWQZBBd3GRxvNWkXHQROdT4KIy5rPS8TSUMDKhUycBEJck59BxkEMHRkIQw+RwMtGk1wAQoESWoEbigLXDs4fzFFGXAoS0s6GDE
IP
52.85.242.129:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3014), with no line terminators
Size
1.2 kB (1170 bytes)
Hash
7b3b24ad59539c11c296678f2a8c2f15
1b02cda73ee6b25580aaaa1144ebfbc101536fa8
ab4f369164e07c464cc6231f370ff09a7c06c25a6660ac20aa01b0fd50ea11b4

HTTP Headers

GET /M1VIQnhSNysvR1JoKmQNQTl1Z0p1cHoEHFBgI3oeVGAhLRsLJmYhFFwgLCQKXDs8bBZWIW1wPmEPDSopUDgnCjJJYR0UKnI9BgdBYAMmOhNhAyQBMVoYLAA6YWQPEyleDQsIEnAyHXI3AAwPBzlxZBEEKXQXGxtLZ2U/ADJZGxgVSHolBgA6awAPdhNyMh0SHGAAKwYfdiAHEA9jFA92FHZkKwgySjoqAB9UJSwXOUAAHxgfZWQgFyFwPQwVSHViDS4cagMLE017F3AhGmQfCwcUS3B6ADwDBy0TIEAGHnMQZhohGCBkBh53IXYhDRQ/dWQZBBd3GRxvNWkXHQROdT4KIy5rPS8TSUMDKhUycBEJck59BxkEMHRkIQw+RwMtGk1wAQoESWoEbigLXDs4fzFFGXAoS0s6GDE HTTP/1.1
Host: erdeallyighab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www20.davisonbarker.pro/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1170
Connection: keep-alive
Date: Thu, 13 Apr 2023 10:31:25 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
X-Cache: Miss from cloudfront
Via: 1.1 844de3d616579278fb702fc6b9b5c9a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN1-C1
X-Amz-Cf-Id: cTHBXmTyH-_621II5vKK4f5SRSqf9-y59EyD1Xim2-9jr0iYqGRiGg==

ndandinter.hair/VVdLUloudTglBSAlJ3Bgdz8%2FJipveGQlLSJle3w%2BNCEiITU7NSogMTAlZSIoOngqP3clIjg6dzYnOHwwJmg7JzMxan5ibGdufGZ8NjsiMTE8M3ZnamNlcmVuCm96ZWpmYH50Ozk7KW8yISM7IX9mFm5gHHBlDSUtInkvIDUlNSQqdDY4JndoEyRuYBwwJHo%2FMmVhfStsMSc7YTNwZQ0GMjAaKjY0MCQ4Hz8xOy4rdCc2OXQ1N2ojJi4lJG5hG3BlDXdoEyA8JWJieS8zLDwkJDw4NCUgNyh7Jzk9f2cROycpPSUuNjMnMigmf2cRbmEcITo7d2kRZm5gbDsyPyU1JzxuYR5mcnlkMzokbmEeZXJ5ZCk8Iy53aRE2LzQ2LHJ5ZDlwZA9mf2dhOyIzcGQPZ2pjZXJlbnBlfSI5PHJ4FmtjZnJibWxjfGJ%2FZ2E%2Fd2kRZn1qa2ZvemprbXJ5ZD4wJD93aRE%2FPyYqJnJ5Z2kUcnlnaBNyeWdoEyA8JXQxJSQiODovZTE1OHJ5Z2gTJG5gb2cRLiFrOD97ZGwsYS8iKmY%2BbmBvZxEfOj8YNi88PyYkBjc%2BOTIyfCg0JW0xNjdqIyYuJSRuYRtwZQ13aBMgPCViYnkvMyw8JCQ8ODQlIDcoeyc5PX9nETsnKT0lLjYzJzIoJn9nEW5hHCE6O3dpEWVuYGw7Mj8lNSc8bmEeZnJ5ZDM6JG5hHmVyeWQpPCMud2kRNi80NixyeWQ5cGQPZn9nYTsiM3BkD2dqY2VyZW5wZX0iOTxyeBZrY2ZyYm1sY3xif2dhP3dpEWZ9amtmb3pqa21yeWQ%2BMCQ%2Fd2kRPz8mKiZyeWdpFHJ5Z2gTcnlnaBMgPCV0MSUkIjg6L2UxNThyeWdoEyRuYG9nES4hazg%2Fe2RsLGEvIipmPm5gb2cRHzo%2FGDYvPD8mJAY3PjkyMnwoNCVtMyk3aiMmLiUkbmEbcGUNd2gTIDwldDElJCI4Oi9lMTU4cnkUKXBlDTcpZDojYmxjLn02KiVkIndoEwMjNxc0MyU3KSYaLjY2MC5lIDsndWdwKTgxaWhreXU4Pyx3bWlmdGZ1Z3AuNDAUOz53bWlqa21lc2R4eXU4JzgKPi9jeG91fmJsZ258Znh5dTgnOAo%2BL2B4b3V%2BYmxnbnxmBW1mfGJpYmJpfng0OycweG91IyYuJSRxfXUiIDx8Pic4OzA1LXkoPTd6JGQ3KWQ6I2JsYy59NiolZCJ9Dj0yBjM%2BOzI4IRcwMyc3I3slKiB4eXUkMHhvdSMmLiUkcX11IiA8am17MyokMyY4JTA7JzwuIHQlJSR9KiAkIyA%2FMT45NzkheHQmNyVqenQ0MCM8PSg%2Banh0MzokdmJ8Jj4%2FN2c0My0%2BI3M0dmZ8JScib29lYXlrbWFxOzEzaGZ9Y2NlYHJmbWVxP29rY296YWJkb3pqfDEyOCZnPSM%2FIilwZAp3aBNyeRQtIiBlNig6Jyk9Ins0JD9%2FZxE4d2gTMjhjNz1nfWQjYzM7Imk8cnkUDj0yBjM%2BOzI4IRcwMyc3I3slKiB4eXUoPjh3bWk6LiEnOGh1eiA8JWJieS8zLDwkJDw4NCUgNyh7Jzk9dSUiODooMDMiID82I2RtLjgndmB8OzI%2FJTUnPHZhfDw4OG9qcyQiJj9oNi80NixxKG9ucyc7O2dgZ31gY2JjbSI5PGp6ZGtsZ3xrbmJnbSZnZGFzY2ltZnNjYnMzLiEuaD8%2FJiomcngTf2cRbmAcIiA8fD4nODswNS15KD03cGUNIX9nES4hazg%2Fe2RsLGEvIipmPm5gHAE%2FLh87MTkuISkYMi8%2BPyx5OTMod3tpMyk3dXFwMiEjOyFgeng8JS17Mzk9Kjc4M3w5OjpkIXUwJHo%2FMmVhfStsMSc7YTN6AyM3FzQzJTcpJhouNjYwLmUgOyd1Ng

54.162.51.18

0 B

URL
ndandinter.hair/VVdLUloudTglBSAlJ3Bgdz8%2FJipveGQlLSJle3w%2BNCEiITU7NSogMTAlZSIoOngqP3clIjg6dzYnOHwwJmg7JzMxan5ibGdufGZ8NjsiMTE8M3ZnamNlcmVuCm96ZWpmYH50Ozk7KW8yISM7IX9mFm5gHHBlDSUtInkvIDUlNSQqdDY4JndoEyRuYBwwJHo%2FMmVhfStsMSc7YTNwZQ0GMjAaKjY0MCQ4Hz8xOy4rdCc2OXQ1N2ojJi4lJG5hG3BlDXdoEyA8JWJieS8zLDwkJDw4NCUgNyh7Jzk9f2cROycpPSUuNjMnMigmf2cRbmEcITo7d2kRZm5gbDsyPyU1JzxuYR5mcnlkMzokbmEeZXJ5ZCk8Iy53aRE2LzQ2LHJ5ZDlwZA9mf2dhOyIzcGQPZ2pjZXJlbnBlfSI5PHJ4FmtjZnJibWxjfGJ%2FZ2E%2Fd2kRZn1qa2ZvemprbXJ5ZD4wJD93aRE%2FPyYqJnJ5Z2kUcnlnaBNyeWdoEyA8JXQxJSQiODovZTE1OHJ5Z2gTJG5gb2cRLiFrOD97ZGwsYS8iKmY%2BbmBvZxEfOj8YNi88PyYkBjc%2BOTIyfCg0JW0xNjdqIyYuJSRuYRtwZQ13aBMgPCViYnkvMyw8JCQ8ODQlIDcoeyc5PX9nETsnKT0lLjYzJzIoJn9nEW5hHCE6O3dpEWVuYGw7Mj8lNSc8bmEeZnJ5ZDM6JG5hHmVyeWQpPCMud2kRNi80NixyeWQ5cGQPZn9nYTsiM3BkD2dqY2VyZW5wZX0iOTxyeBZrY2ZyYm1sY3xif2dhP3dpEWZ9amtmb3pqa21yeWQ%2BMCQ%2Fd2kRPz8mKiZyeWdpFHJ5Z2gTcnlnaBMgPCV0MSUkIjg6L2UxNThyeWdoEyRuYG9nES4hazg%2Fe2RsLGEvIipmPm5gb2cRHzo%2FGDYvPD8mJAY3PjkyMnwoNCVtMyk3aiMmLiUkbmEbcGUNd2gTIDwldDElJCI4Oi9lMTU4cnkUKXBlDTcpZDojYmxjLn02KiVkIndoEwMjNxc0MyU3KSYaLjY2MC5lIDsndWdwKTgxaWhreXU4Pyx3bWlmdGZ1Z3AuNDAUOz53bWlqa21lc2R4eXU4JzgKPi9jeG91fmJsZ258Znh5dTgnOAo%2BL2B4b3V%2BYmxnbnxmBW1mfGJpYmJpfng0OycweG91IyYuJSRxfXUiIDx8Pic4OzA1LXkoPTd6JGQ3KWQ6I2JsYy59NiolZCJ9Dj0yBjM%2BOzI4IRcwMyc3I3slKiB4eXUkMHhvdSMmLiUkcX11IiA8am17MyokMyY4JTA7JzwuIHQlJSR9KiAkIyA%2FMT45NzkheHQmNyVqenQ0MCM8PSg%2Banh0MzokdmJ8Jj4%2FN2c0My0%2BI3M0dmZ8JScib29lYXlrbWFxOzEzaGZ9Y2NlYHJmbWVxP29rY296YWJkb3pqfDEyOCZnPSM%2FIilwZAp3aBNyeRQtIiBlNig6Jyk9Ins0JD9%2FZxE4d2gTMjhjNz1nfWQjYzM7Imk8cnkUDj0yBjM%2BOzI4IRcwMyc3I3slKiB4eXUoPjh3bWk6LiEnOGh1eiA8JWJieS8zLDwkJDw4NCUgNyh7Jzk9dSUiODooMDMiID82I2RtLjgndmB8OzI%2FJTUnPHZhfDw4OG9qcyQiJj9oNi80NixxKG9ucyc7O2dgZ31gY2JjbSI5PGp6ZGtsZ3xrbmJnbSZnZGFzY2ltZnNjYnMzLiEuaD8%2FJiomcngTf2cRbmAcIiA8fD4nODswNS15KD03cGUNIX9nES4hazg%2Fe2RsLGEvIipmPm5gHAE%2FLh87MTkuISkYMi8%2BPyx5OTMod3tpMyk3dXFwMiEjOyFgeng8JS17Mzk9Kjc4M3w5OjpkIXUwJHo%2FMmVhfStsMSc7YTN6AyM3FzQzJTcpJhouNjYwLmUgOyd1Ng
IP
54.162.51.18:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /VVdLUloudTglBSAlJ3Bgdz8%2FJipveGQlLSJle3w%2BNCEiITU7NSogMTAlZSIoOngqP3clIjg6dzYnOHwwJmg7JzMxan5ibGdufGZ8NjsiMTE8M3ZnamNlcmVuCm96ZWpmYH50Ozk7KW8yISM7IX9mFm5gHHBlDSUtInkvIDUlNSQqdDY4JndoEyRuYBwwJHo%2FMmVhfStsMSc7YTNwZQ0GMjAaKjY0MCQ4Hz8xOy4rdCc2OXQ1N2ojJi4lJG5hG3BlDXdoEyA8JWJieS8zLDwkJDw4NCUgNyh7Jzk9f2cROycpPSUuNjMnMigmf2cRbmEcITo7d2kRZm5gbDsyPyU1JzxuYR5mcnlkMzokbmEeZXJ5ZCk8Iy53aRE2LzQ2LHJ5ZDlwZA9mf2dhOyIzcGQPZ2pjZXJlbnBlfSI5PHJ4FmtjZnJibWxjfGJ%2FZ2E%2Fd2kRZn1qa2ZvemprbXJ5ZD4wJD93aRE%2FPyYqJnJ5Z2kUcnlnaBNyeWdoEyA8JXQxJSQiODovZTE1OHJ5Z2gTJG5gb2cRLiFrOD97ZGwsYS8iKmY%2BbmBvZxEfOj8YNi88PyYkBjc%2BOTIyfCg0JW0xNjdqIyYuJSRuYRtwZQ13aBMgPCViYnkvMyw8JCQ8ODQlIDcoeyc5PX9nETsnKT0lLjYzJzIoJn9nEW5hHCE6O3dpEWVuYGw7Mj8lNSc8bmEeZnJ5ZDM6JG5hHmVyeWQpPCMud2kRNi80NixyeWQ5cGQPZn9nYTsiM3BkD2dqY2VyZW5wZX0iOTxyeBZrY2ZyYm1sY3xif2dhP3dpEWZ9amtmb3pqa21yeWQ%2BMCQ%2Fd2kRPz8mKiZyeWdpFHJ5Z2gTcnlnaBMgPCV0MSUkIjg6L2UxNThyeWdoEyRuYG9nES4hazg%2Fe2RsLGEvIipmPm5gb2cRHzo%2FGDYvPD8mJAY3PjkyMnwoNCVtMyk3aiMmLiUkbmEbcGUNd2gTIDwldDElJCI4Oi9lMTU4cnkUKXBlDTcpZDojYmxjLn02KiVkIndoEwMjNxc0MyU3KSYaLjY2MC5lIDsndWdwKTgxaWhreXU4Pyx3bWlmdGZ1Z3AuNDAUOz53bWlqa21lc2R4eXU4JzgKPi9jeG91fmJsZ258Znh5dTgnOAo%2BL2B4b3V%2BYmxnbnxmBW1mfGJpYmJpfng0OycweG91IyYuJSRxfXUiIDx8Pic4OzA1LXkoPTd6JGQ3KWQ6I2JsYy59NiolZCJ9Dj0yBjM%2BOzI4IRcwMyc3I3slKiB4eXUkMHhvdSMmLiUkcX11IiA8am17MyokMyY4JTA7JzwuIHQlJSR9KiAkIyA%2FMT45NzkheHQmNyVqenQ0MCM8PSg%2Banh0MzokdmJ8Jj4%2FN2c0My0%2BI3M0dmZ8JScib29lYXlrbWFxOzEzaGZ9Y2NlYHJmbWVxP29rY296YWJkb3pqfDEyOCZnPSM%2FIilwZAp3aBNyeRQtIiBlNig6Jyk9Ins0JD9%2FZxE4d2gTMjhjNz1nfWQjYzM7Imk8cnkUDj0yBjM%2BOzI4IRcwMyc3I3slKiB4eXUoPjh3bWk6LiEnOGh1eiA8JWJieS8zLDwkJDw4NCUgNyh7Jzk9dSUiODooMDMiID82I2RtLjgndmB8OzI%2FJTUnPHZhfDw4OG9qcyQiJj9oNi80NixxKG9ucyc7O2dgZ31gY2JjbSI5PGp6ZGtsZ3xrbmJnbSZnZGFzY2ltZnNjYnMzLiEuaD8%2FJiomcngTf2cRbmAcIiA8fD4nODswNS15KD03cGUNIX9nES4hazg%2Fe2RsLGEvIipmPm5gHAE%2FLh87MTkuISkYMi8%2BPyx5OTMod3tpMyk3dXFwMiEjOyFgeng8JS17Mzk9Kjc4M3w5OjpkIXUwJHo%2FMmVhfStsMSc7YTN6AyM3FzQzJTcpJhouNjYwLmUgOyd1Ng HTTP/1.1
Host: ndandinter.hair
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www20.davisonbarker.pro/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 502 Bad Gateway
Server: openresty/1.21.4.1
Date: Thu, 13 Apr 2023 10:31:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: dc622046360ac67e3833071f9bfd5915=1; Max-Age=604800
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: X-Requested-With,content-type

erdeallyighab.com/utx?cb=5CsPIXHevt76&top=www20.davisonbarker.pro&tid=824473

52.85.242.129

0 B

URL
erdeallyighab.com/utx?cb=5CsPIXHevt76&top=www20.davisonbarker.pro&tid=824473
IP
52.85.242.129:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=5CsPIXHevt76&top=www20.davisonbarker.pro&tid=824473 HTTP/1.1
Host: erdeallyighab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www20.davisonbarker.pro
Connection: keep-alive
Referer: http://www20.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Thu, 13 Apr 2023 10:31:26 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www20.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 13 Apr 2023 10:32:26 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 8556a7e6f097b43ef38a15da76d83874.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: o0iSW7hlpblYxY5C6yfffX_txUWjAq8vGk_BEWp-yRoEob13z7F0YQ==
X-Firefox-Spdy: h2

dc5k8fg5ioc8s.cloudfront.net/RZEhQcmoHJz4UVRAhNE9SVnxkRVlCIiMdBBR1GQQmXCJjCgU0O3YGEAB1YFQGBSY3T0wBJjNPW0IpNBBXUG4kAgUPdSUcDgEuORwPAG4lE1cJJyobBggpdUAsUWZgV1hUYChDW0F7EldYVCQ5HB8cbWJCElx+D0ReQXsSV1hUOiZXWSV5YEtEVGF1QFoDLT-MZBUF6FkBaVXhgQ1pVbWJCDA06NRQFHG1iNFtVeX5CTBF1YQ

54.230.245.36

345 B

URL
dc5k8fg5ioc8s.cloudfront.net/RZEhQcmoHJz4UVRAhNE9SVnxkRVlCIiMdBBR1GQQmXCJjCgU0O3YGEAB1YFQGBSY3T0wBJjNPW0IpNBBXUG4kAgUPdSUcDgEuORwPAG4lE1cJJyobBggpdUAsUWZgV1hUYChDW0F7EldYVCQ5HB8cbWJCElx+D0ReQXsSV1hUOiZXWSV5YEtEVGF1QFoDLT-MZBUF6FkBaVXhgQ1pVbWJCDA06NRQFHG1iNFtVeX5CTBF1YQ
IP
54.230.245.36:0
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (438), with no line terminators
Size
345 B (345 bytes)
Hash
9215c31706bc0c8aa426b0f2d3007580
fc9794e139c0c1eee53612361edbea37cf1ee4fc
978b6b6e0627f7146b2c89f96b201746c243c6dae8a63bd8f76529695c58b573

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /RZEhQcmoHJz4UVRAhNE9SVnxkRVlCIiMdBBR1GQQmXCJjCgU0O3YGEAB1YFQGBSY3T0wBJjNPW0IpNBBXUG4kAgUPdSUcDgEuORwPAG4lE1cJJyobBggpdUAsUWZgV1hUYChDW0F7EldYVCQ5HB8cbWJCElx+D0ReQXsSV1hUOiZXWSV5YEtEVGF1QFoDLT-MZBUF6FkBaVXhgQ1pVbWJCDA06NRQFHG1iNFtVeX5CTBF1YQ HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://erdeallyighab.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 345
Connection: keep-alive
Date: Thu, 13 Apr 2023 10:31:26 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: PPHt_3m-gMRhOY-gUBSgwisFfJqapeK1YoR6EIEzLszVXqFGAaex8g==

asgildedalloverw.com/popunder.gif

188.114.97.1

200 OK

0 B

URL GET HTTP/3
asgildedalloverw.com/popunder.gif
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate
IssuerLet's Encrypt
Subject*.asgildedalloverw.com
FingerprintF9:54:53:EA:19:E8:A3:15:3A:5C:44:16:B9:2D:55:18:D5:D4:2D:67
ValiditySun, 02 Apr 2023 13:20:29 GMT - Sat, 01 Jul 2023 13:20:28 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /popunder.gif HTTP/1.1
Host: asgildedalloverw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www20.davisonbarker.pro/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Thu, 13 Apr 2023 10:31:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 13 Apr 2023 11:31:26 GMT
Location: https://asgildedalloverw.com/popunder.gif
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EfIxH%2BC0QY2Tb6CbNp%2F00BplChVHHjr8fqfMBEglYjnMVSJMv7NS2JAbDbwr2qEz2x1k6U1NdPBVD%2BKYndlBr6pM4Wf25fWJcmxgqa2FhORW%2FGfk69tu35EQsCvZm%2FFUtRZE7VUO7g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b730a14cdd70b69-OSL
alt-svc: h2=":443"; ma=60

dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473

54.230.245.166

200 OK

52 kB

URL GET HTTP/2
dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
IP
54.230.245.166:443
ASN
#16509 AMAZON-02

Requested by
https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (15955)
Size
52 kB (51540 bytes)
Hash
31afdfb63196025be4ed7cc20cf68c4b
8f070892551235aa9dfece9f0d2547d095bb67ed
0e4f5d18002ef46087fca2df15cc3916c672b1d50eba9eaf22225ffccfdc12f3

HTTP Headers

GET /?gfkcd=824473 HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 51540
date: Thu, 13 Apr 2023 10:31:26 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Lfj82or6leOab25uRogSzK5SkNPXGXVkRtPhPrRIphsTIAG-76Fr1w==
X-Firefox-Spdy: h2

www87.davisonbarker.pro/static/image/logo.png

104.21.92.39

200 OK

11 kB

URL GET HTTP/3
www87.davisonbarker.pro/static/image/logo.png
IP
104.21.92.39:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:EF:ED:A7:D2:3C:ED:C8:23:64:8B:82:4F:9F:53:D0:2A:0A:B3:20
ValidityThu, 26 Jan 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT

File type
PNG image data, 185 x 90, 8-bit/color RGBA, non-interlaced\012- data
Size
11 kB (10726 bytes)
Hash
f819716ccd5a0e06aecdb273cfb4ccbe
f60bad9a95299264085d01c9705b03c768a71da8
196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a

HTTP Headers

GET /static/image/logo.png HTTP/1.1
Host: www87.davisonbarker.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: www87.davisonbarker.pro
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 13 Apr 2023 10:31:26 GMT
content-type: image/png
content-length: 10726
cache-control: public, max-age=604800
expires: Thu, 20 Apr 2023 10:31:26 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "29e6-5faa60e6-b4021a56880f53fc;;;"
x-turbo-charged-by: LiteSpeed
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tNc%2FPuieFBlAy2sRwBKiwj3t3uNswgRHvB78JpS%2FYYMccH6cyy%2F1v83XwXbEqbFJ2mpmafril2%2BdSMFCJaJx%2BB1eSlA1Mb8gx7Ml1WuE55sYSWtnfHsr%2BATWbD1B4hcOzZFZBmtU505Z1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b730a17ebfa0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

ocsp.r2m01.amazontrust.com/

54.230.80.227

471 B

URL
ocsp.r2m01.amazontrust.com/
IP
54.230.80.227:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
204c06c67dab4319a44c8cc8181ef9cd
27498168e88a4b5a1748a4f1ff6dee5ece836121
24d2af52d40fd8bf71c94b0258e442b56b89f5f907af22dfee22932df500fd1e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=112436
Date: Thu, 13 Apr 2023 10:31:26 GMT
Etag: "6436dcc8-1d7"
Expires: Fri, 14 Apr 2023 17:45:22 GMT
Last-Modified: Wed, 12 Apr 2023 16:31:04 GMT
Server: ECAcc (bsa/EACA)
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: aJJYNhmgKbKF-Tgl06kAQcsSPIcPe9CwnaO_i0YO1wig71U397k3uA==
Age: 4458

simplewebanalysis.com/stats

3.65.16.149

200 OK

40 B

URL GET HTTP/2
simplewebanalysis.com/stats
IP
3.65.16.149:443
ASN
#16509 AMAZON-02

Requested by
https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate
IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
947fb816681f17eac5aa04d96895747a
7aa27fdbe066b0fb7a5f730aab475ce68f24a7dc
2c8f937cb502ec11f716724af955fa9021423ae7e4364ddafc637e5804b324af

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www87.davisonbarker.pro
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 13 Apr 2023 10:31:27 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www87.davisonbarker.pro
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=81d5f8fb-0873-4e86-882b-4b161cf0f813:2:1; expires=Sun, 10 Apr 2033 10:31:27 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

asgildedalloverw.com/blZVdXpBaTYGRzhkAxQbFDIjIxdbAhdHNDo3OR4/NBAbBiI/B3MBEwprbUdOWmFmUwoHMmhGSEglIRQOGyVoRFwHODMaR0ggaEVUV3hkW09II2hEXBomNBJHX3AlAQ4Ca2RDQl9lbURDXWJmTU0

188.114.96.1

204 No Content

0 B

URL GET HTTP/2
asgildedalloverw.com/blZVdXpBaTYGRzhkAxQbFDIjIxdbAhdHNDo3OR4/NBAbBiI/B3MBEwprbUdOWmFmUwoHMmhGSEglIRQOGyVoRFwHODMaR0ggaEVUV3hkW09II2hEXBomNBJHX3AlAQ4Ca2RDQl9lbURDXWJmTU0
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate
IssuerLet's Encrypt
Subject*.asgildedalloverw.com
FingerprintF9:54:53:EA:19:E8:A3:15:3A:5C:44:16:B9:2D:55:18:D5:D4:2D:67
ValiditySun, 02 Apr 2023 13:20:29 GMT - Sat, 01 Jul 2023 13:20:28 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /blZVdXpBaTYGRzhkAxQbFDIjIxdbAhdHNDo3OR4/NBAbBiI/B3MBEwprbUdOWmFmUwoHMmhGSEglIRQOGyVoRFwHODMaR0ggaEVUV3hkW09II2hEXBomNBJHX3AlAQ4Ca2RDQl9lbURDXWJmTU0 HTTP/1.1
Host: asgildedalloverw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Thu, 13 Apr 2023 10:31:27 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ha%2B8iZZZijZGnXmqdjet2%2FmWUtg56xsELDBGwTSYIe4RkXWqFjrfajdmBtdqPc0%2FT57glSTiinUKNRPVAOOxgEXsmTU5JhkH9s69RqwE%2BtSrkky2o%2FKWO7X8OhQz5YJ1nM7OMuPhZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b730a19c8a5b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

asgildedalloverw.com/T2Y0WFBgWVcrbSsudgwCIih5CWIrQwYaBX8kcwFjHTdmaAojBXIZdjsPUGVofVIAb2NpFl08bXxUEiskLhJBK219VgRvdiYIUjdtfUBCZWBhXxppfnpAQWVhaRJEOTdyVxIoJDsKCWlmd1cHYGF2VQBraX0

188.114.96.1

204 No Content

0 B

URL GET HTTP/2
asgildedalloverw.com/T2Y0WFBgWVcrbSsudgwCIih5CWIrQwYaBX8kcwFjHTdmaAojBXIZdjsPUGVofVIAb2NpFl08bXxUEiskLhJBK219VgRvdiYIUjdtfUBCZWBhXxppfnpAQWVhaRJEOTdyVxIoJDsKCWlmd1cHYGF2VQBraX0
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate
IssuerLet's Encrypt
Subject*.asgildedalloverw.com
FingerprintF9:54:53:EA:19:E8:A3:15:3A:5C:44:16:B9:2D:55:18:D5:D4:2D:67
ValiditySun, 02 Apr 2023 13:20:29 GMT - Sat, 01 Jul 2023 13:20:28 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /T2Y0WFBgWVcrbSsudgwCIih5CWIrQwYaBX8kcwFjHTdmaAojBXIZdjsPUGVofVIAb2NpFl08bXxUEiskLhJBK219VgRvdiYIUjdtfUBCZWBhXxppfnpAQWVhaRJEOTdyVxIoJDsKCWlmd1cHYGF2VQBraX0 HTTP/1.1
Host: asgildedalloverw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Thu, 13 Apr 2023 10:31:27 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F2x6zF2OBV6Cd6%2Bu04fhLJ2Uir1jHVYm%2FnjwiUGFwv%2FMQL%2BUBtOtFwcHIlGjEEinHhwhGYstWjaRFUYeZGvqIW1ImJ30Vo%2FWDTaFDOALCsOPWadtovd92rNnXV4KcjU5iSSowSxhiw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b730a19d8b1b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

erdeallyighab.com/MzA1NHJSUlZZTVINVxIHQVwIEUB1FQdyFlAFXgwUVAVcWxELQxtXHlxFUVIAXF5BGhxWRBAGNF5RcHoHZlpWeD5ycQV3MERBdllKY2dbUBNpYWd7OWEADGMgWxUHdjlLQGJjIQd9eGU7e2pnWx1mAWNOIXcFYnYbYWRRcjt0eXN6GHZhXlo2dAhxYBhQVWViCmV+UnVAZlcBRTN3VGFgGGpgVwUde39kV1cBcmJDHl5od2UxYV57eCtyVHR7QwpacFgBcWMHdTpxc1p1OAMJe1ckB0FxBUZQZ3JtIWRHc3grclNUeidHWFFYHklmBkM6YmdvVytfcXt9Mx5lDHEeXHZtczt0Z316FGpXb3oRZQQFbBpcXXZwQ2NkbXEdakdvbhBlBQVlHmVJE14BXF5FCTd7UQRZEFAFWg

52.85.242.129

200 OK

1.2 kB

URL GET HTTP/2
erdeallyighab.com/MzA1NHJSUlZZTVINVxIHQVwIEUB1FQdyFlAFXgwUVAVcWxELQxtXHlxFUVIAXF5BGhxWRBAGNF5RcHoHZlpWeD5ycQV3MERBdllKY2dbUBNpYWd7OWEADGMgWxUHdjlLQGJjIQd9eGU7e2pnWx1mAWNOIXcFYnYbYWRRcjt0eXN6GHZhXlo2dAhxYBhQVWViCmV+UnVAZlcBRTN3VGFgGGpgVwUde39kV1cBcmJDHl5od2UxYV57eCtyVHR7QwpacFgBcWMHdTpxc1p1OAMJe1ckB0FxBUZQZ3JtIWRHc3grclNUeidHWFFYHklmBkM6YmdvVytfcXt9Mx5lDHEeXHZtczt0Z316FGpXb3oRZQQFbBpcXXZwQ2NkbXEdakdvbhBlBQVlHmVJE14BXF5FCTd7UQRZEFAFWg
IP
52.85.242.129:443
ASN
#16509 AMAZON-02

Requested by
https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate
IssuerAmazon
Subjecterdeallyighab.com
Fingerprint4D:0D:9C:56:2C:EF:55:B9:2D:69:42:8D:9E:C4:0B:4E:B2:D8:05:6F
ValiditySun, 02 Apr 2023 00:00:00 GMT - Tue, 30 Apr 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3011), with no line terminators
Size
1.2 kB (1167 bytes)
Hash
61c7a866644d341c39a4360cd49ecbac
c50255bfed75ca1e543fa64cad5beadf55ab5b37
cce3326a3bac315e8159bc4aa872531fd048b85cc14bac2d249d81b387b98830

HTTP Headers

GET /MzA1NHJSUlZZTVINVxIHQVwIEUB1FQdyFlAFXgwUVAVcWxELQxtXHlxFUVIAXF5BGhxWRBAGNF5RcHoHZlpWeD5ycQV3MERBdllKY2dbUBNpYWd7OWEADGMgWxUHdjlLQGJjIQd9eGU7e2pnWx1mAWNOIXcFYnYbYWRRcjt0eXN6GHZhXlo2dAhxYBhQVWViCmV+UnVAZlcBRTN3VGFgGGpgVwUde39kV1cBcmJDHl5od2UxYV57eCtyVHR7QwpacFgBcWMHdTpxc1p1OAMJe1ckB0FxBUZQZ3JtIWRHc3grclNUeidHWFFYHklmBkM6YmdvVytfcXt9Mx5lDHEeXHZtczt0Z316FGpXb3oRZQQFbBpcXXZwQ2NkbXEdakdvbhBlBQVlHmVJE14BXF5FCTd7UQRZEFAFWg HTTP/1.1
Host: erdeallyighab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
content-length: 1167
date: Thu, 13 Apr 2023 10:31:27 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 f9a0ddc3860252ab6c4d02ab024b4890.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: 5ZCRIY-r0GkgFltqb0b4cLoDh_IJRrfk7t5VPYEd0SbPvCgf_HkIoA==
X-Firefox-Spdy: h2

dc5k8fg5ioc8s.cloudfront.net/maENuUjcLLAA0CBwqCm8PWndaZQROKR09WRh+KxpWWS4MMQIHZRooU1VzSD5WBiRTdFIGIFNjEQknDG8DTjcePVxVNgA2Ug4qADdTTjYPb1oHOQc+WwlmXBQCRnNLYAdAO19jElsBS2AHBCoAJ09NcV4qD14cWGYSWwFLYAcaNUthdllzV3wHQWZcYlANIA-U9EloFXGIGWHNfYgZNcV40XhomCD1PTXEoYwZZbV50QlVy

54.230.245.166

200 OK

345 B

URL GET HTTP/2
dc5k8fg5ioc8s.cloudfront.net/maENuUjcLLAA0CBwqCm8PWndaZQROKR09WRh+KxpWWS4MMQIHZRooU1VzSD5WBiRTdFIGIFNjEQknDG8DTjcePVxVNgA2Ug4qADdTTjYPb1oHOQc+WwlmXBQCRnNLYAdAO19jElsBS2AHBCoAJ09NcV4qD14cWGYSWwFLYAcaNUthdllzV3wHQWZcYlANIA-U9EloFXGIGWHNfYgZNcV40XhomCD1PTXEoYwZZbV50QlVy
IP
54.230.245.166:443
ASN
#16509 AMAZON-02

Requested by
https://erdeallyighab.com/MzA1NHJSUlZZTVINVxIHQVwIEUB1FQdyFlAFXgwUVAVcWxELQxtXHlxFUVIAXF5BGhxWRBAGNF5RcHoHZlpWeD5ycQV3MERBdllKY2dbUBNpYWd7OWEADGMgWxUHdjlLQGJjIQd9eGU7e2pnWx1mAWNOIXcFYnYbYWRRcjt0eXN6GHZhXlo2dAhxYBhQVWViCmV+UnVAZlcBRTN3VGFgGGpgVwUde39kV1cBcmJDHl5od2UxYV57eCtyVHR7QwpacFgBcWMHdTpxc1p1OAMJe1ckB0FxBUZQZ3JtIWRHc3grclNUeidHWFFYHklmBkM6YmdvVytfcXt9Mx5lDHEeXHZtczt0Z316FGpXb3oRZQQFbBpcXXZwQ2NkbXEdakdvbhBlBQVlHmVJE14BXF5FCTd7UQRZEFAFWg
Certificate
IssuerAmazon
Subject*.cloudfront.net
FingerprintBA:0F:CD:B3:EA:19:B2:9D:99:9B:51:2D:16:33:6B:D0:3F:31:A2:AB
ValidityThu, 08 Dec 2022 00:00:00 GMT - Thu, 07 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (437), with no line terminators
Size
345 B (345 bytes)
Hash
397efcf84fd4cc42a8b338172dc21a33
96401e9bdc9b3fa76e53526bdb15f48382e4e67e
5028d10da1a10d0304de1d36f38693079af80eaec478d0f7d9d68429e3d9c687

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /maENuUjcLLAA0CBwqCm8PWndaZQROKR09WRh+KxpWWS4MMQIHZRooU1VzSD5WBiRTdFIGIFNjEQknDG8DTjcePVxVNgA2Ug4qADdTTjYPb1oHOQc+WwlmXBQCRnNLYAdAO19jElsBS2AHBCoAJ09NcV4qD14cWGYSWwFLYAcaNUthdllzV3wHQWZcYlANIA-U9EloFXGIGWHNfYgZNcV40XhomCD1PTXEoYwZZbV50QlVy HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://erdeallyighab.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-length: 345
date: Thu, 13 Apr 2023 10:31:27 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5PVZNOeHmABUoxj1-95ttN25_NdxDvxLO2ZANm40EeILtbS57azXAw==
X-Firefox-Spdy: h2

breedingdaringconcussion.com/aa/24/05/aa240591af5d8573573bb87d25c7ab12.json

173.233.139.164

200 OK

404 B

URL GET HTTP/1.1
breedingdaringconcussion.com/aa/24/05/aa240591af5d8573573bb87d25c7ab12.json
IP
173.233.139.164:443
ASN
#7979 SERVERS-COM

Requested by
https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate
IssuerLet's Encrypt
Subjectbreedingdaringconcussion.com
FingerprintCA:E2:B8:68:85:85:E0:A2:47:D3:14:D9:CC:BA:6C:37:21:54:45:F2
ValidityFri, 03 Mar 2023 06:06:30 GMT - Thu, 01 Jun 2023 06:06:29 GMT

File type
JSON data\012- , ASCII text, with very long lines (404), with no line terminators
Size
404 B (404 bytes)
Hash
dde03c37818682aab11a08a3ccb28f51
c4f9c63862839104b6e641c05ec1a35b357b6722
eb29c75a394a1628f3b790d994a7c91d8f8a696a169083a035cf1c4689f553b6

HTTP Headers

GET /aa/24/05/aa240591af5d8573573bb87d25c7ab12.json HTTP/1.1
Host: breedingdaringconcussion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www87.davisonbarker.pro
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 13 Apr 2023 10:31:27 GMT
Content-Type: application/json
Content-Length: 404
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: af77706f530ed78d1595dbfb3260a990
Strict-Transport-Security: max-age=0; includeSubdomains

erdeallyighab.com/utx?cb=6ETKaTHvaWMs&top=www87.davisonbarker.pro&tid=824473

52.85.242.129

204 No Content

0 B

URL GET HTTP/2
erdeallyighab.com/utx?cb=6ETKaTHvaWMs&top=www87.davisonbarker.pro&tid=824473
IP
52.85.242.129:443
ASN
#16509 AMAZON-02

Requested by
https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate
IssuerAmazon
Subjecterdeallyighab.com
Fingerprint4D:0D:9C:56:2C:EF:55:B9:2D:69:42:8D:9E:C4:0B:4E:B2:D8:05:6F
ValiditySun, 02 Apr 2023 00:00:00 GMT - Tue, 30 Apr 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=6ETKaTHvaWMs&top=www87.davisonbarker.pro&tid=824473 HTTP/1.1
Host: erdeallyighab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www87.davisonbarker.pro
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
date: Thu, 13 Apr 2023 10:31:27 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www87.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 13 Apr 2023 10:32:27 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 f9a0ddc3860252ab6c4d02ab024b4890.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: AjryCbgB2_InbdT34thdbLoutlsdFZS2247qM8QH3LdG08JyqlOnLg==
X-Firefox-Spdy: h2

banquetunarmedgrater.com/advertisers.js

173.233.137.60

200 OK

0 B

URL GET HTTP/1.1
banquetunarmedgrater.com/advertisers.js
IP
173.233.137.60:443
ASN
#7979 SERVERS-COM

Requested by
https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate
IssuerLet's Encrypt
Subject*.banquetunarmedgrater.com
FingerprintB6:94:DA:E3:84:16:54:0C:6B:00:48:97:8B:AC:17:A6:7D:9D:BE:6B
ValidityMon, 03 Apr 2023 06:06:16 GMT - Sun, 02 Jul 2023 06:06:15 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 13 Apr 2023 10:31:27 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 046629ac36874415f51bd9c949bd8bab
Strict-Transport-Security: max-age=0; includeSubdomains

asgildedalloverw.com/ZFUxMEFLalJDfAEAXgMbMhdzVRAqMWh1cFwXAFQrNztGchRWGBdEKABoCQJ1UGICFjENMQwDc0ImRVE1ESYMAnFUYhdZLwI6DAJnEmgBHnhKZB8FZxFoABY1FDRWDXBCJUVELVlkBwhwV20ACXJQbAQH

188.114.96.1

204 No Content

0 B

URL POST HTTP/3
asgildedalloverw.com/ZFUxMEFLalJDfAEAXgMbMhdzVRAqMWh1cFwXAFQrNztGchRWGBdEKABoCQJ1UGICFjENMQwDc0ImRVE1ESYMAnFUYhdZLwI6DAJnEmgBHnhKZB8FZxFoABY1FDRWDXBCJUVELVlkBwhwV20ACXJQbAQH
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate
IssuerLet's Encrypt
Subject*.asgildedalloverw.com
FingerprintF9:54:53:EA:19:E8:A3:15:3A:5C:44:16:B9:2D:55:18:D5:D4:2D:67
ValiditySun, 02 Apr 2023 13:20:29 GMT - Sat, 01 Jul 2023 13:20:28 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /ZFUxMEFLalJDfAEAXgMbMhdzVRAqMWh1cFwXAFQrNztGchRWGBdEKABoCQJ1UGICFjENMQwDc0ImRVE1ESYMAnFUYhdZLwI6DAJnEmgBHnhKZB8FZxFoABY1FDRWDXBCJUVELVlkBwhwV20ACXJQbAQH HTTP/1.1
Host: asgildedalloverw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www87.davisonbarker.pro
Alt-Used: asgildedalloverw.com
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
date: Thu, 13 Apr 2023 10:31:27 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C1Ip6lSzRkQUDPNWstZMAVf6yFW9Zd8uZxlL9631T3j%2BnVjEwpVyN9RjJ%2BFhyt5phOkUjJrTMO2j%2F3eJehqvxzh72Hi%2BuExMVhFOAUpfxx0egbz6matUAaWdjMz8CHbUx8I%2BviKS9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b730a1d1ad9b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

erdeallyighab.com/floater?cs=RU9vd1B9fFtPYHF5X0VjdnlZQWM&abt=0&red=1&sm=83&k=&v=0.9.1.5&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww87.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D5062974%26pci%3D1619079470%26t%3D1681381818%26dest%3Dhttps%253A%252F%252Fwww.dropbox.com%252Fs%252Fes1mh066y6dpp3i%252FTheMadnessMedley.rar&osr=www20.davisonbarker.pro&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A109.0)%20gecko%2F20100101%20firefox%2F111.0&tzd=0&uloc=&if=0&aa=oi1_&_tCKT=1681381934958&crc=1

52.85.242.129

200 OK

1.2 kB

URL GET HTTP/2
erdeallyighab.com/floater?cs=RU9vd1B9fFtPYHF5X0VjdnlZQWM&abt=0&red=1&sm=83&k=&v=0.9.1.5&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww87.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D5062974%26pci%3D1619079470%26t%3D1681381818%26dest%3Dhttps%253A%252F%252Fwww.dropbox.com%252Fs%252Fes1mh066y6dpp3i%252FTheMadnessMedley.rar&osr=www20.davisonbarker.pro&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A109.0)%20gecko%2F20100101%20firefox%2F111.0&tzd=0&uloc=&if=0&aa=oi1_&_tCKT=1681381934958&crc=1
IP
52.85.242.129:443
ASN
#16509 AMAZON-02

Requested by
https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate
IssuerAmazon
Subjecterdeallyighab.com
Fingerprint4D:0D:9C:56:2C:EF:55:B9:2D:69:42:8D:9E:C4:0B:4E:B2:D8:05:6F
ValiditySun, 02 Apr 2023 00:00:00 GMT - Tue, 30 Apr 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1947), with no line terminators
Size
1.2 kB (1160 bytes)
Hash
8a056fdf22c9f678b8c0062a791f901f
e9e0e4cda6a45fd5342fb7796fd5914bc3a86fab
e188f0cdac863da98edb392663a0526e6fad0698762fee329c3614471cc02282

HTTP Headers

GET /floater?cs=RU9vd1B9fFtPYHF5X0VjdnlZQWM&abt=0&red=1&sm=83&k=&v=0.9.1.5&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww87.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D5062974%26pci%3D1619079470%26t%3D1681381818%26dest%3Dhttps%253A%252F%252Fwww.dropbox.com%252Fs%252Fes1mh066y6dpp3i%252FTheMadnessMedley.rar&osr=www20.davisonbarker.pro&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A109.0)%20gecko%2F20100101%20firefox%2F111.0&tzd=0&uloc=&if=0&aa=oi1_&_tCKT=1681381934958&crc=1 HTTP/1.1
Host: erdeallyighab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www87.davisonbarker.pro
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/plain
content-length: 1160
date: Thu, 13 Apr 2023 10:31:28 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www87.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=a2b712df-c438-4b55-a4c9-330b82a857f4
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 f9a0ddc3860252ab6c4d02ab024b4890.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: BEx02SKT-xt5buHbcNeghR8J2_0nLS0HbViyYn_BT7-Y6rrDnOKldw==
X-Firefox-Spdy: h2

reasonablelandmark.com/bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js

192.243.59.12

200 OK

13 kB

URL GET HTTP/1.1
reasonablelandmark.com/bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate
IssuerLet's Encrypt
Subject*.reasonablelandmark.com
FingerprintA6:FE:13:26:EB:43:3F:9F:74:4B:D5:F5:1D:EC:77:CC:F3:2E:6B:A3
ValidityTue, 04 Apr 2023 06:41:09 GMT - Mon, 03 Jul 2023 06:41:08 GMT

File type
ASCII text, with very long lines (37145), with no line terminators
Size
13 kB (13411 bytes)
Hash
12c91b886910a82d4a5f963ad564740b
c56d9c10fdef1817b3966e052e086ecc329bea3d
81c03b1d6f2e4a5c9bc2ad789f16abc8505246e27adad01f06e2fbdc1ccceb30

HTTP Headers

GET /bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js HTTP/1.1
Host: reasonablelandmark.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 13 Apr 2023 10:31:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0333ee1bf7c82fb5f9692183f8e74390
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

asgildedalloverw.com/popunder.gif

188.114.96.1

200 OK

36 B

URL GET HTTP/3
asgildedalloverw.com/popunder.gif
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate
IssuerLet's Encrypt
Subject*.asgildedalloverw.com
FingerprintF9:54:53:EA:19:E8:A3:15:3A:5C:44:16:B9:2D:55:18:D5:D4:2D:67
ValiditySun, 02 Apr 2023 13:20:29 GMT - Sat, 01 Jul 2023 13:20:28 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
36 B (36 bytes)
Hash
ad6a6cb23b0391c6652e018b9ac3bfc7
d38bd8446c3505f9b4797660388a8d6e8fd3d450
be4f754acf2dd33169add8976c1264f647470efdc993927040e23c4d310a835f

HTTP Headers

GET /popunder.gif HTTP/1.1
Host: asgildedalloverw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: asgildedalloverw.com
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 13 Apr 2023 10:31:27 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 40920
last-modified: Wed, 12 Apr 2023 23:09:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RltIYOJJiGmYCVyyIQxbdqOpBUbBV980bABY5l72qACE8Kv%2FEcXlUv3d1NLrSnJqZqa4YORxC4WURqzJI81zHvHTDRtLS5T9adR5tYbyFySSL1W%2BJu6PZUm2NjVkvIcdU8em9r7o6g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b730a1cda79b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

asgildedalloverw.com/UjkyTUN9BlE+fgEJRhsmBElIKAQUe1MjemtjZzkzN3EDJxdgUhQ5KjYECn93Zg4BazM7XQ9+cXRKRiw3J0oPf3NiDBQkLTRWD39zYg8CfXJhCxd6ADpNRj0wdwpzaHEUHAALOz9VHD4mIE9XYDA3S0QoJnxaXSBmYH9GJTY/W1wsKj4cAQsqdwp2FAwbeHgae2pWYRgcYhwAezN3CnZ8dWoIAXVyagEKY3FgCQp8dncLBCQuNU0Xfgc7Wl0jZmV6XDgvPhwFDnVmCAZ+dmEMAX5xaw4LfHtgDwFrNW8JHHRtYxcHazZvAQp1emIIAX51ZQEHf3dgH0Y9IjUEA2szJk1ecHJkAQN+e2MAAXp0aw4

188.114.96.1

204 No Content

0 B

URL POST HTTP/3
asgildedalloverw.com/UjkyTUN9BlE+fgEJRhsmBElIKAQUe1MjemtjZzkzN3EDJxdgUhQ5KjYECn93Zg4BazM7XQ9+cXRKRiw3J0oPf3NiDBQkLTRWD39zYg8CfXJhCxd6ADpNRj0wdwpzaHEUHAALOz9VHD4mIE9XYDA3S0QoJnxaXSBmYH9GJTY/W1wsKj4cAQsqdwp2FAwbeHgae2pWYRgcYhwAezN3CnZ8dWoIAXVyagEKY3FgCQp8dncLBCQuNU0Xfgc7Wl0jZmV6XDgvPhwFDnVmCAZ+dmEMAX5xaw4LfHtgDwFrNW8JHHRtYxcHazZvAQp1emIIAX51ZQEHf3dgH0Y9IjUEA2szJk1ecHJkAQN+e2MAAXp0aw4
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate
IssuerLet's Encrypt
Subject*.asgildedalloverw.com
FingerprintF9:54:53:EA:19:E8:A3:15:3A:5C:44:16:B9:2D:55:18:D5:D4:2D:67
ValiditySun, 02 Apr 2023 13:20:29 GMT - Sat, 01 Jul 2023 13:20:28 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /UjkyTUN9BlE+fgEJRhsmBElIKAQUe1MjemtjZzkzN3EDJxdgUhQ5KjYECn93Zg4BazM7XQ9+cXRKRiw3J0oPf3NiDBQkLTRWD39zYg8CfXJhCxd6ADpNRj0wdwpzaHEUHAALOz9VHD4mIE9XYDA3S0QoJnxaXSBmYH9GJTY/W1wsKj4cAQsqdwp2FAwbeHgae2pWYRgcYhwAezN3CnZ8dWoIAXVyagEKY3FgCQp8dncLBCQuNU0Xfgc7Wl0jZmV6XDgvPhwFDnVmCAZ+dmEMAX5xaw4LfHtgDwFrNW8JHHRtYxcHazZvAQp1emIIAX51ZQEHf3dgH0Y9IjUEA2szJk1ecHJkAQN+e2MAAXp0aw4 HTTP/1.1
Host: asgildedalloverw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www87.davisonbarker.pro
Alt-Used: asgildedalloverw.com
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/3 204 No Content
date: Thu, 13 Apr 2023 10:31:30 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=amgREi0JU%2FFX2WZTQbxrJAP6DQu387hZYmhzE4FLMPhOMoSeSFd9Lm5fQnDLwnuVrdvhPLrtmH1L0q%2BNYVWfN9QK3TXSaX1BIaveQ2FfYNbMvMS%2BY0rEpb9UgFdE8cEnQoq9S1hW2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b730a2edc37b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

xml.serve-servee.com/thumbnail?i=YOIAJW88oSU_0&p=1681381888.220815&imgt=icon

172.64.130.18

302 Found

0 B

URL GET HTTP/2
xml.serve-servee.com/thumbnail?i=YOIAJW88oSU_0&p=1681381888.220815&imgt=icon
IP
172.64.130.18:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF9:F4:6D:CB:77:34:5B:81:93:D5:4D:A0:AC:62:B8:EA:AB:A6:7E:14
ValiditySat, 04 Feb 2023 00:00:00 GMT - Sat, 03 Feb 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /thumbnail?i=YOIAJW88oSU_0&p=1681381888.220815&imgt=icon HTTP/1.1
Host: xml.serve-servee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Thu, 13 Apr 2023 10:31:30 GMT
content-length: 0
location: https://static.serve-servee.com/n337/ad/300x300_J3j2Bprhh38fI10u8oIb.jpeg
cache-control: no-store
age: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HGrphJrq4F9CK0AFLdf9k%2BQubfR7yWigZ87ydQz7ly29Ob%2BO1p%2B9ZfwMwzzlklE%2FUBY9aMCWM9ggSzEBkR1O6HBCeLkiqnmmdY%2FXmu3sAcKLlSNbwYHm7LxNYSI%2FTrQlE%2Bs0R8%2FCLw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b730a2f9ecb71aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

static.serve-servee.com/n337/ad/300x300_J3j2Bprhh38fI10u8oIb.jpeg

172.64.130.18

200 OK

12 kB

URL GET HTTP/2
static.serve-servee.com/n337/ad/300x300_J3j2Bprhh38fI10u8oIb.jpeg
IP
172.64.130.18:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF9:F4:6D:CB:77:34:5B:81:93:D5:4D:A0:AC:62:B8:EA:AB:A6:7E:14
ValiditySat, 04 Feb 2023 00:00:00 GMT - Sat, 03 Feb 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Size
12 kB (12198 bytes)
Hash
3278dcc26908cafe737e2512f6346dbc
20ae23dc2ddc0235b15060bd3f6d91ea10c527f5
03e2c0a4a6e59c8784a4b800d639f7cc776e4d2b00df76b617d275d70363df02

HTTP Headers

GET /n337/ad/300x300_J3j2Bprhh38fI10u8oIb.jpeg HTTP/1.1
Host: static.serve-servee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 13 Apr 2023 10:31:30 GMT
content-type: image/jpeg
content-length: 12198
last-modified: Fri, 07 Apr 2023 23:13:51 GMT
accept-ranges: bytes
etag: "6430a3af-2fa6"
cache-control: max-age=86400
x-hw: 1681381890.cds290.lo4.h2,1681381890.cds304.lo4.c
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=plfqdwDK8wV%2B6dw9T7pDyHjiFZzqV89el5w2o8VNzEkY5g4JE58kC2sOrOBd%2FZIbUOiKtjcunfcf%2Bh%2FSk%2F6hw8Q6R0KXljqdv8SubslI0edK0%2ByJPcp2eukaVVDZY5wAG8%2F2CyagqKfQeg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b730a3108b971aa-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www87.davisonbarker.pro/static/image/skip_ad/en_tran.png

104.21.92.39

200 OK

5.1 kB

URL GET HTTP/3
www87.davisonbarker.pro/static/image/skip_ad/en_tran.png
IP
104.21.92.39:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:EF:ED:A7:D2:3C:ED:C8:23:64:8B:82:4F:9F:53:D0:2A:0A:B3:20
ValidityThu, 26 Jan 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT

File type
PNG image data, 155 x 41, 8-bit/color RGBA, non-interlaced\012- data
Size
5.1 kB (5076 bytes)
Hash
a58f5ea6f1f6bb35658c351f876f1ba9
47fa621b845faf7df13e4021dcffd6f4c73c1018
ef8721967f0cca2539ee60f9cad0e8c1ef89f18a53964a4e6101033d23a4ba29

HTTP Headers

GET /static/image/skip_ad/en_tran.png HTTP/1.1
Host: www87.davisonbarker.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: www87.davisonbarker.pro
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=81d5f8fb-0873-4e86-882b-4b161cf0f813%3A2%3A1; ppu_main_aa240591af5d8573573bb87d25c7ab12=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 13 Apr 2023 10:31:31 GMT
content-type: image/png
content-length: 5076
cache-control: public, max-age=604800
expires: Thu, 20 Apr 2023 10:31:31 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "13d4-5faa60e6-d082b40bd28384ce;;;"
x-turbo-charged-by: LiteSpeed
cf-cache-status: EXPIRED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=chGmcmZ7HioWxA6fx24Ud4GkFiaMbAGrTtGrwBs3QakOYZ1Hab9LREsiBam4y4EtyU01aDYYu0TvA2JSbFz69CrPJGUJ8IQF2BiE4OEN%2BPZf2R7ciGdbPxMauN%2FpFvLf7J57UW5Shld4Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b730a375f660b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

unseenreport.com/pxf.gif?uuid=81d5f8fb-0873-4e86-882b-4b161cf0f813&eb=1825ffe812838d20280215b5ec6bf9db&te=188e0523b921745c60844a7eb1ad8eb5&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=bff29f0d3318d4c4b9a844119e218228&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=10

192.243.61.225

200 OK

0 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=81d5f8fb-0873-4e86-882b-4b161cf0f813&eb=1825ffe812838d20280215b5ec6bf9db&te=188e0523b921745c60844a7eb1ad8eb5&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=bff29f0d3318d4c4b9a844119e218228&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=10
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint33:54:5C:58:7C:8E:75:EE:DF:A0:8C:41:D3:AC:1B:BF:B6:66:28:EC
ValidityMon, 27 Mar 2023 07:09:08 GMT - Sun, 25 Jun 2023 07:09:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=81d5f8fb-0873-4e86-882b-4b161cf0f813&eb=1825ffe812838d20280215b5ec6bf9db&te=188e0523b921745c60844a7eb1ad8eb5&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=bff29f0d3318d4c4b9a844119e218228&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=10 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 13 Apr 2023 10:31:29 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 96ac4ba6645a215c174ce90989ebbd23
Strict-Transport-Security: max-age=0; includeSubdomains

addresseepaper.com/sfp.js

0.0.0.0

0 B

URL GET
addresseepaper.com/sfp.js
IP
0.0.0.0:0
ASN
#0

Requested by
https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar

104.21.92.39

200 OK

74 kB

URL User Request GET HTTP/2
www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
IP
104.21.92.39:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintA9:EF:ED:A7:D2:3C:ED:C8:23:64:8B:82:4F:9F:53:D0:2A:0A:B3:20
ValidityThu, 26 Jan 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (62619)
Size
74 kB (74471 bytes)
Hash
7c219c092b2aa2facab889211a6393d7
5b07a2010ca86571e359fe0a672cbd0afc293ab8
367befb88a74ee44cda9c55a2663e7b943d68692c3e57edeff4150a71ea89bb5

HTTP Headers

GET /pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar HTTP/1.1
Host: www87.davisonbarker.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www20.davisonbarker.pro/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 13 Apr 2023 10:31:26 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.27
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
set-cookie: lastUrlPushTmp=www87.davisonbarker.pro; secure
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dhwmgypmaYd0qcWeDRnGF2ZAhRWM2sGSmMQi%2FhQZ%2Fgzr8Q09Z8VsuJ22BPiz7ku1A5dyjx87Df54WAyvDCstEfCVcRh7EQJsAvxplSGsqBwlAJ1GdOh8887wyolypMlwSe3N%2BBrkYjVZVw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b730a155d15b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

pogothere.xyz/

188.114.97.1

200 OK

26 B

URL GET HTTP/2
pogothere.xyz/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
26 B (26 bytes)
Hash
ea323077697bde81d0fe4d5df0a15859
bb10ce004d450bfadf0c05c725e25fb7fc3beb40
2bc7eda577bf39cbd8b5fdc971d2c2a6c3325a8a9f3edd7f7e101a22883b65d2

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www87.davisonbarker.pro/
Origin: https://www87.davisonbarker.pro
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 13 Apr 2023 10:31:27 GMT
content-type: text/plain
set-cookie: csu=888901336785242@1@1681381887; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www87.davisonbarker.pro
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vUW8ZyKHEsHiTXBhRoH14AOkG8NerS6D%2FopXLCEOCbUkfMs8WDJZqj03D0kmMk%2BI%2B8WhL7K6FD2iriFk3istErZQd3YR9OIic1JDP9mholIIdl24no5AWAWF%2BsXavMEs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b730a1c4b311c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

pogothere.xyz/asd100.bin

188.114.97.1

200 OK

102 kB

URL GET HTTP/2
pogothere.xyz/asd100.bin
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT

File type
data
Size
102 kB (102400 bytes)
Hash
4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www87.davisonbarker.pro/
Origin: https://www87.davisonbarker.pro
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 13 Apr 2023 10:31:27 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www87.davisonbarker.pro
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Wed, 12 Apr 2023 11:05:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b%2BT1iuyfhZoEF1Gd1C8dD6bTEAdgRmQI3maNQHskVu3rxJ%2B7R5%2BQvzbf3VVTn%2FDsVTgdHb%2FIR6nH%2BpqTDxTANheLPSeXH3Xj4U34AuuPJTBaCBppz7KIyq41V4%2F2UDD%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b730a1c4b291c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

dismantlepenantiterrorist.com/pxf.gif?uuid=81d5f8fb-0873-4e86-882b-4b161cf0f813&eb=438d316e0e696928da604403013b50e2&te=bc8a3ff347655a560a72a09ac34fae64&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=13.2079&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=10

0.0.0.0

0 B

URL GET
dismantlepenantiterrorist.com/pxf.gif?uuid=81d5f8fb-0873-4e86-882b-4b161cf0f813&eb=438d316e0e696928da604403013b50e2&te=bc8a3ff347655a560a72a09ac34fae64&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=13.2079&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=10
IP
0.0.0.0:0
ASN
#0

Requested by
https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=81d5f8fb-0873-4e86-882b-4b161cf0f813&eb=438d316e0e696928da604403013b50e2&te=bc8a3ff347655a560a72a09ac34fae64&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=13.2079&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=10 HTTP/1.1
Host: dismantlepenantiterrorist.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

friendshipmale.com/sfp.js

172.64.167.29

200 OK

86 kB

URL GET HTTP/2
friendshipmale.com/sfp.js
IP
172.64.167.29:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www87.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=5062974&pci=1619079470&t=1681381818&dest=https%3A%2F%2Fwww.dropbox.com%2Fs%2Fes1mh066y6dpp3i%2FTheMadnessMedley.rar
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type

Size
86 kB (85467 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www87.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 13 Apr 2023 10:31:28 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 7286ae8690109eb672c5de4289707bf7
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Thu, 13 Apr 2023 10:31:28 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2l%2BCqLMjx50yTVaww%2BhjHTm6n8dkHkrHZuJIIVE%2BCfP9PRWL5ADYkeolXpb7r2jsE6Tx1IiBd0pm%2FNn4bL1bboWDVMC3S1EJssuzBbfGHAdiwS6m65eugZvEcyPnSs1vkusd0PM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b730a23188d48c3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML