r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 82788b8b26eeba7f492106ea47729bbb
823b2d3c336d11064a6b809057bed46bb65a7969
7671d088ba1420ffa01dbd63c5f7ab28d52d3591bc04c4cc182d1f9e64a7f2f8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7671D088BA1420FFA01DBD63C5F7AB28D52D3591BC04C4CC182D1F9E64A7F2F8"
Last-Modified: Sat, 29 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7732
Expires: Sat, 29 Oct 2022 07:44:49 GMT
Date: Sat, 29 Oct 2022 05:35:57 GMT
Connection: keep-alive
www52.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=1457270&pci=5101338687&t=1667021689&dest=https://x19.gdl.netease.com/netease/mclauncher/version/MCLauncher.0.6.0.exe
172.67.186.48200 OK 2.5 kB URL HTTP/1.1 www52.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=1457270&pci=5101338687&t=1667021689&dest=https://x19.gdl.netease.com/netease/mclauncher/version/MCLauncher.0.6.0.exe
IP 172.67.186.48:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1021)
Hash 7e276da15b4303abdd811e32ad7d1e85
1df6137eeeb52be848772f4af26bfa7b80c73803
ff930763f48ee82fda58b6414b7151752792b73f783cbbe2647918550876655c
GET /pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=1457270&pci=5101338687&t=1667021689&dest=https://x19.gdl.netease.com/netease/mclauncher/version/MCLauncher.0.6.0.exe HTTP/1.1
Host: www52.davisonbarker.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 29 Oct 2022 05:35:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/7.3.27
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
set-cookie: lastUrlPushTmp=www52.davisonbarker.pro
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a27DgR6W32RpJxnQ6oPTEF3JOuaWxDkcfQ0bkz9FHS%2FzrPKFuiDFw59QfUJ2DR0kUgHVtPD8W%2BqqI4ymct%2BIXD6uAlrxpdu7rH2TFvLv0WmLZTWq88MIic3jw9Cf0tgM9jquWvljttKgYg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76198cfe0b80b4f3-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 922281894182eba1fc67c2d8678e3238
e169209341b09bf4f14ebb3fc7c07b03f2121bf1
37516083f7655af68d7e426efca6f9f3709a80318ac7bb8cc492c183916141b1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2046
Cache-Control: max-age=102556
Content-Type: application/ocsp-response
Date: Sat, 29 Oct 2022 05:35:57 GMT
Etag: "635ba15b-1d7"
Expires: Sun, 30 Oct 2022 10:05:13 GMT
Last-Modified: Fri, 28 Oct 2022 09:31:07 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 922281894182eba1fc67c2d8678e3238
e169209341b09bf4f14ebb3fc7c07b03f2121bf1
37516083f7655af68d7e426efca6f9f3709a80318ac7bb8cc492c183916141b1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2046
Cache-Control: max-age=102556
Content-Type: application/ocsp-response
Date: Sat, 29 Oct 2022 05:35:57 GMT
Etag: "635ba15b-1d7"
Expires: Sun, 30 Oct 2022 10:05:13 GMT
Last-Modified: Fri, 28 Oct 2022 09:31:07 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 22eebb819dc140cc288474d9891526b4
45c18772664e9e3efb6a44d7da93699c81f71827
ce6a96e470dbfb48ff42fdaf5eaa464a87dc60b495e3e2767086ec0b6564fdd7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE6A96E470DBFB48FF42FDAF5EAA464A87DC60B495E3E2767086EC0B6564FDD7"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3840
Expires: Sat, 29 Oct 2022 06:39:57 GMT
Date: Sat, 29 Oct 2022 05:35:57 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: NGmJNeZ3m8jti96eqDOIPou6XvMNt+hz6uPxnCOJoU9Tl9vGPLDTGqiCEbGWW7sq8nFMK/En1fU=
x-amz-request-id: JK5SEXASECWW0NTT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 29 Oct 2022 05:10:33 GMT
age: 1524
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 29 Oct 2022 05:35:57 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
54.230.245.26200 OK 50 kB URL HTTP/1.1 dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
IP 54.230.245.26:0
File type Unicode text, UTF-8 text, with very long lines (15952)
Hash 78d09368bd62ea4f3b30ed4ff19e40a5
4f7dd4ff922a12217da1ef43653bac0085697c07
b55c1df3ee601759faad96d84c24aade54500fe4134caa715ae930e237f62110
GET /?gfkcd=824473 HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www52.davisonbarker.pro/
HTTP/1.1 200 OK
Content-Length: 49670
Connection: keep-alive
Date: Sat, 29 Oct 2022 05:35:57 GMT
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: NAA2hwT1Tl6ZBPtq9zDocIPACcth7twwdogrb2Km62bhIy6mpUrqeQ==
www52.davisonbarker.pro/static/image/logo.png
172.67.186.48200 OK 11 kB URL HTTP/1.1 www52.davisonbarker.pro/static/image/logo.png
IP 172.67.186.48:0
File type PNG image data, 185 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash f819716ccd5a0e06aecdb273cfb4ccbe
f60bad9a95299264085d01c9705b03c768a71da8
196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a
GET /static/image/logo.png HTTP/1.1
Host: www52.davisonbarker.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www52.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=1457270&pci=5101338687&t=1667021689&dest=https://x19.gdl.netease.com/netease/mclauncher/version/MCLauncher.0.6.0.exe
HTTP/1.1 200 OK
Date: Sat, 29 Oct 2022 05:35:57 GMT
Content-Type: image/png
Content-Length: 10726
Connection: keep-alive
cache-control: public, max-age=604800
expires: Sat, 05 Nov 2022 05:35:57 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "29e6-5faa60e6-b22ed065d915c717;;;"
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GUANFWOXIvPXqNzmpasJxiyi1DDhkOPUn%2BuRhNWjkliPjF6VsuZJSzkfKwOpsHbTuYmEbCVUoTPuX4tzYzWE20ddF2M0cc1OzKIT5vVRk%2B%2Fs06JUSP8TCorsGMli4yC2aWUgng1GHZ3lug%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76198d010d44b4f3-OSL
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5a49b861d9c18847bb396fe518a7373d
4d40971f23898c64c1badbfce7eddf6d6ab7e713
6fb409ac009d3034b03e336cc82d45e94768d386febbc581bf072da9dd8bdcc5
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6FB409AC009D3034B03E336CC82D45E94768D386FEBBC581BF072DA9DD8BDCC5"
Last-Modified: Thu, 27 Oct 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6257
Expires: Sat, 29 Oct 2022 07:20:14 GMT
Date: Sat, 29 Oct 2022 05:35:57 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5a49b861d9c18847bb396fe518a7373d
4d40971f23898c64c1badbfce7eddf6d6ab7e713
6fb409ac009d3034b03e336cc82d45e94768d386febbc581bf072da9dd8bdcc5
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6FB409AC009D3034B03E336CC82D45E94768D386FEBBC581BF072DA9DD8BDCC5"
Last-Modified: Thu, 27 Oct 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6257
Expires: Sat, 29 Oct 2022 07:20:14 GMT
Date: Sat, 29 Oct 2022 05:35:57 GMT
Connection: keep-alive
herhomeou.xyz/ZUJrQWIEIAgsXQR/CWcXFy5WZFAjZ1kHBgZ3AHkEAncCLgFdMUUiDgo3DycQCiwfbwwANk5zJBIYWgcYMgQ+BDINck5zIAQqJnUkVxQfFzUzCglzOCcNHABRKjoPMioSBwYXIzwuLBBSEw0tFBEpNSUyM1Z2XgMIXRcxGS8mEhMDDj8HLjYkHzIEFFEGCiAFDSggKhhQKBMiciUPGxwAUQYFJBYFLhIMKhoqExg2NAgtPxQMXAYNFgY9JzoQGio1JmRQJwAoNRUzFS4lLi0APRg3Ly0OcAZVEykxFTMVLgQvMTY5GzQ/MC1xKA8TEgMIMHE5ACULAD0YM0gHHiIkNBM6LAoCETwHAwMVDxksDRtcEQUNcjoTVwsUWQMmBAU5GTsjGBobMyB2KhVSHwEoLTUEKiUWOzAYWRs3ICk/LAlDKBguDBV/BxgRVhU9ADotKw
54.230.111.6200 OK 1.2 kB URL HTTP/1.1 herhomeou.xyz/ZUJrQWIEIAgsXQR/CWcXFy5WZFAjZ1kHBgZ3AHkEAncCLgFdMUUiDgo3DycQCiwfbwwANk5zJBIYWgcYMgQ+BDINck5zIAQqJnUkVxQfFzUzCglzOCcNHABRKjoPMioSBwYXIzwuLBBSEw0tFBEpNSUyM1Z2XgMIXRcxGS8mEhMDDj8HLjYkHzIEFFEGCiAFDSggKhhQKBMiciUPGxwAUQYFJBYFLhIMKhoqExg2NAgtPxQMXAYNFgY9JzoQGio1JmRQJwAoNRUzFS4lLi0APRg3Ly0OcAZVEykxFTMVLgQvMTY5GzQ/MC1xKA8TEgMIMHE5ACULAD0YM0gHHiIkNBM6LAoCETwHAwMVDxksDRtcEQUNcjoTVwsUWQMmBAU5GTsjGBobMyB2KhVSHwEoLTUEKiUWOzAYWRs3ICk/LAlDKBguDBV/BxgRVhU9ADotKw
IP 54.230.111.6:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3035), with no line terminators
Hash 5bbe39c1cbdcd1279b1ccbd92cfd6228
5af1d44b9c0a5da15b7c59475790e746481c1c43
6420e642051a43f6da1fe6284f8aa877ec12e64c56c0d4b6883e066824906003
GET /ZUJrQWIEIAgsXQR/CWcXFy5WZFAjZ1kHBgZ3AHkEAncCLgFdMUUiDgo3DycQCiwfbwwANk5zJBIYWgcYMgQ+BDINck5zIAQqJnUkVxQfFzUzCglzOCcNHABRKjoPMioSBwYXIzwuLBBSEw0tFBEpNSUyM1Z2XgMIXRcxGS8mEhMDDj8HLjYkHzIEFFEGCiAFDSggKhhQKBMiciUPGxwAUQYFJBYFLhIMKhoqExg2NAgtPxQMXAYNFgY9JzoQGio1JmRQJwAoNRUzFS4lLi0APRg3Ly0OcAZVEykxFTMVLgQvMTY5GzQ/MC1xKA8TEgMIMHE5ACULAD0YM0gHHiIkNBM6LAoCETwHAwMVDxksDRtcEQUNcjoTVwsUWQMmBAU5GTsjGBobMyB2KhVSHwEoLTUEKiUWOzAYWRs3ICk/LAlDKBguDBV/BxgRVhU9ADotKw HTTP/1.1
Host: herhomeou.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www52.davisonbarker.pro/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1185
Connection: keep-alive
Date: Sat, 29 Oct 2022 05:35:57 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Ln-3egxuSD5M8CP04fFqb8lOdeRpCdqdoCOBNjy4o6nO7U0LwKPbiA==
www52.davisonbarker.pro/am-push-cps.js?puid=1457270&clickid=1457270_9842773&allb=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe&ob=https%3A%2F%2Fwww10.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D1457270%26pci%3D5101338687%26t%3D1667021689%26dest%3Dhttps%253A%252F%252Fx19.gdl.netease.com%252Fnetease%252Fmclauncher%252Fversion%252FMCLauncher.0.6.0.exe&clb=https%3A%2F%2Fwww10.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D1457270%26pci%3D5101338687%26t%3D1667021689%26dest%3Dhttps%253A%252F%252Fx19.gdl.netease.com%252Fnetease%252Fmclauncher%252Fversion%252FMCLauncher.0.6.0.exe&asb=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe
172.67.186.48200 OK 40 kB URL HTTP/1.1 www52.davisonbarker.pro/am-push-cps.js?puid=1457270&clickid=1457270_9842773&allb=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe&ob=https%3A%2F%2Fwww10.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D1457270%26pci%3D5101338687%26t%3D1667021689%26dest%3Dhttps%253A%252F%252Fx19.gdl.netease.com%252Fnetease%252Fmclauncher%252Fversion%252FMCLauncher.0.6.0.exe&clb=https%3A%2F%2Fwww10.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D1457270%26pci%3D5101338687%26t%3D1667021689%26dest%3Dhttps%253A%252F%252Fx19.gdl.netease.com%252Fnetease%252Fmclauncher%252Fversion%252FMCLauncher.0.6.0.exe&asb=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe
IP 172.67.186.48:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 845473a7fd284503f57855602add14fd
2974d9f2091d778fb076ebda7e908a1a029e38e5
7763be30b9a78bac4c785a49b0ee887135f9c2185689e8a31f630adfd26506ff
GET /am-push-cps.js?puid=1457270&clickid=1457270_9842773&allb=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe&ob=https%3A%2F%2Fwww10.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D1457270%26pci%3D5101338687%26t%3D1667021689%26dest%3Dhttps%253A%252F%252Fx19.gdl.netease.com%252Fnetease%252Fmclauncher%252Fversion%252FMCLauncher.0.6.0.exe&clb=https%3A%2F%2Fwww10.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D1457270%26pci%3D5101338687%26t%3D1667021689%26dest%3Dhttps%253A%252F%252Fx19.gdl.netease.com%252Fnetease%252Fmclauncher%252Fversion%252FMCLauncher.0.6.0.exe&asb=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe HTTP/1.1
Host: www52.davisonbarker.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www52.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=1457270&pci=5101338687&t=1667021689&dest=https://x19.gdl.netease.com/netease/mclauncher/version/MCLauncher.0.6.0.exe
HTTP/1.1 200 OK
Date: Sat, 29 Oct 2022 05:35:57 GMT
Content-Type: application/x-javascript
Content-Length: 40440
Connection: keep-alive
cache-control: public, max-age=604800
expires: Sat, 05 Nov 2022 05:35:44 GMT
last-modified: Mon, 08 Aug 2022 14:16:52 GMT
etag: "19284-62f11ad4-dcbd68a41223eabf;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mtSq0gFtWxb0F5s72mVJGEpqJtHispsHfF%2Bwflroly0wu7NlwYkENW4uQL3MolTh1wkILhWQwepxxTPzIAYPSAtheWDe4WxRzz8HkjCfDlYw80J%2FiBLc0wd%2F42XUwUgNX%2F4mgLXQ1WjWtg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76198d012fd20b49-OSL
alt-svc: h2=":443"; ma=60
slieemem.xyz/cEpzNkNfdRBFfiUPIgIZJSYDUhIyHhZhL0MJQlJ3KXkyfxUoOVVCKhR3SwR3RH1AEDMZLk4FcVY5B1c3BTlOB2UZJBVZflY8TgZtSGRCBm1AbAYLclY+A1ckTXtVRjcEJk4HdUZ9QwRyR39GD3ZF
104.21.3.137204 No Content 0 B URL HTTP/2 slieemem.xyz/cEpzNkNfdRBFfiUPIgIZJSYDUhIyHhZhL0MJQlJ3KXkyfxUoOVVCKhR3SwR3RH1AEDMZLk4FcVY5B1c3BTlOB2UZJBVZflY8TgZtSGRCBm1AbAYLclY+A1ckTXtVRjcEJk4HdUZ9QwRyR39GD3ZF
IP 104.21.3.137:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cEpzNkNfdRBFfiUPIgIZJSYDUhIyHhZhL0MJQlJ3KXkyfxUoOVVCKhR3SwR3RH1AEDMZLk4FcVY5B1c3BTlOB2UZJBVZflY8TgZtSGRCBm1AbAYLclY+A1ckTXtVRjcEJk4HdUZ9QwRyR39GD3ZF HTTP/1.1
Host: slieemem.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www52.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 29 Oct 2022 05:35:58 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C5s5n%2B5ARTI6JGz%2BNRhrvWvPi6TqGBzCYuFKWQtvTmsQsy%2BM06HqqT%2Fxh3djcYfxLZvSUBPkBb6fpJ3gf%2B6KzzyHe1PM0gtfhPSMjWCKfus4nmgV9WciGRGIsESfyIQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76198d02cfe3b4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
slieemem.xyz/WE1GQ3B3ciUwTQsLABA9ajU+Gjc3Cx4LNjEUFwUUPX8QKjFpeWA3GTxwfnFEbHp1ZQAxKXtwQn4+MiIELT57cUBoemAqHj4ie3FWLnB2bUh2fHZtQH44e3JWLD0nJE1pazY3BDRwd3VGb310ckdteH92SA
104.21.3.137204 No Content 0 B URL HTTP/2 slieemem.xyz/WE1GQ3B3ciUwTQsLABA9ajU+Gjc3Cx4LNjEUFwUUPX8QKjFpeWA3GTxwfnFEbHp1ZQAxKXtwQn4+MiIELT57cUBoemAqHj4ie3FWLnB2bUh2fHZtQH44e3JWLD0nJE1pazY3BDRwd3VGb310ckdteH92SA
IP 104.21.3.137:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WE1GQ3B3ciUwTQsLABA9ajU+Gjc3Cx4LNjEUFwUUPX8QKjFpeWA3GTxwfnFEbHp1ZQAxKXtwQn4+MiIELT57cUBoemAqHj4ie3FWLnB2bUh2fHZtQH44e3JWLD0nJE1pazY3BDRwd3VGb310ckdteH92SA HTTP/1.1
Host: slieemem.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www52.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 29 Oct 2022 05:35:58 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hTWx%2F2IU8MXQ8OsZN3MHb0ne7Kqf4pzB024oFW7tYMwnjzasu%2FBaA6MJp1JbIe%2BLlDP2nuDfU6O%2FOxLjGYCmAJK4GUPO5FT9VnKUjadVIKmqFPzhGbn292VZ6EN%2BNhw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76198d02dfebb4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5a49b861d9c18847bb396fe518a7373d
4d40971f23898c64c1badbfce7eddf6d6ab7e713
6fb409ac009d3034b03e336cc82d45e94768d386febbc581bf072da9dd8bdcc5
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6FB409AC009D3034B03E336CC82D45E94768D386FEBBC581BF072DA9DD8BDCC5"
Last-Modified: Thu, 27 Oct 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6256
Expires: Sat, 29 Oct 2022 07:20:14 GMT
Date: Sat, 29 Oct 2022 05:35:58 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 36a3eefd0dee1f7e167373449e8c55ac
c6d0b917baab60c1eb4befdb6ebf7ae9d588d5b7
73f9b6126e2397cce56ec65fa758ff15fea0e0e10d7d9d079eec54e7cdea512b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "73F9B6126E2397CCE56EC65FA758FF15FEA0E0E10D7D9D079EEC54E7CDEA512B"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6087
Expires: Sat, 29 Oct 2022 07:17:25 GMT
Date: Sat, 29 Oct 2022 05:35:58 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 36a3eefd0dee1f7e167373449e8c55ac
c6d0b917baab60c1eb4befdb6ebf7ae9d588d5b7
73f9b6126e2397cce56ec65fa758ff15fea0e0e10d7d9d079eec54e7cdea512b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "73F9B6126E2397CCE56EC65FA758FF15FEA0E0E10D7D9D079EEC54E7CDEA512B"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6087
Expires: Sat, 29 Oct 2022 07:17:25 GMT
Date: Sat, 29 Oct 2022 05:35:58 GMT
Connection: keep-alive
herhomeou.xyz/utx?cb=uO6hk04mmtfX&top=www52.davisonbarker.pro&tid=824473
54.230.111.6204 No Content 0 B URL HTTP/2 herhomeou.xyz/utx?cb=uO6hk04mmtfX&top=www52.davisonbarker.pro&tid=824473
IP 54.230.111.6:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=uO6hk04mmtfX&top=www52.davisonbarker.pro&tid=824473 HTTP/1.1
Host: herhomeou.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www52.davisonbarker.pro
Connection: keep-alive
Referer: http://www52.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 29 Oct 2022 05:35:58 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www52.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 29 Oct 2022 05:36:58 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uPWAHEgBpS-FGsuD6XHGghsNAkZqzxnPCe-2Z43P5lPGjHeVHM2prw==
X-Firefox-Spdy: h2
dc5k8fg5ioc8s.cloudfront.net/wZ1FzWFUEPh0+ahM4F2VtVWVHb2ZBOwA3OxdsHwEmVAYlGQ0vOFUsLwNsQ345Bj8UZXMCPxBlZEEwFzpoU3cHKDoMbAY2MQI3GjYwA3cGOWgKPgkxOQswVmoTUn9DfWdXeQQxOwM+BCtwVWEdLHBVYUJoe1d0QBpwVWEEMTtRZVZrF0JjQyBjU3RAGnBVYQ-EucFQQQmhgSWFafWdXNhY7Pgh0QR5nV2BDaGRXYFZqZQE4AT0zCClWahNWYUZ2ZUEkTmk
54.230.245.26200 OK 330 B URL HTTP/1.1 dc5k8fg5ioc8s.cloudfront.net/wZ1FzWFUEPh0+ahM4F2VtVWVHb2ZBOwA3OxdsHwEmVAYlGQ0vOFUsLwNsQ345Bj8UZXMCPxBlZEEwFzpoU3cHKDoMbAY2MQI3GjYwA3cGOWgKPgkxOQswVmoTUn9DfWdXeQQxOwM+BCtwVWEdLHBVYUJoe1d0QBpwVWEEMTtRZVZrF0JjQyBjU3RAGnBVYQ-EucFQQQmhgSWFafWdXNhY7Pgh0QR5nV2BDaGRXYFZqZQE4AT0zCClWahNWYUZ2ZUEkTmk
IP 54.230.245.26:0
File type ASCII text, with very long lines (414), with no line terminators
Hash 45bdbfe90b14878bed9a0786abf3315a
c6e7fd2eba951403b8ba375c0ca507067538532e
38d07c15ed6e36fe9ce688781562b24ea4396348ac55bade4de03f7795ab7724
GET /wZ1FzWFUEPh0+ahM4F2VtVWVHb2ZBOwA3OxdsHwEmVAYlGQ0vOFUsLwNsQ345Bj8UZXMCPxBlZEEwFzpoU3cHKDoMbAY2MQI3GjYwA3cGOWgKPgkxOQswVmoTUn9DfWdXeQQxOwM+BCtwVWEdLHBVYUJoe1d0QBpwVWEEMTtRZVZrF0JjQyBjU3RAGnBVYQ-EucFQQQmhgSWFafWdXNhY7Pgh0QR5nV2BDaGRXYFZqZQE4AT0zCClWahNWYUZ2ZUEkTmk HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://herhomeou.xyz/
HTTP/1.1 200 OK
Content-Length: 330
Connection: keep-alive
Date: Sat, 29 Oct 2022 05:35:58 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: yU-r7ovdnwjg6RAV3TuSYkB_aQp02SLjs74jQKeyMb3fXOtRWtTNag==
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 6b7c0ce49b8ebb90707ec439581bc979
1affe02f362f59f8acaaa2cc16185fc2942a82cf
99057099a66b378f0825443f175ad6f84a9f69c0abb8f8db546eb348de4facb4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3297
Cache-Control: max-age=98747
Content-Type: application/ocsp-response
Date: Sat, 29 Oct 2022 05:35:58 GMT
Etag: "635b8d98-1d7"
Expires: Sun, 30 Oct 2022 09:01:45 GMT
Last-Modified: Fri, 28 Oct 2022 08:06:48 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 36a3eefd0dee1f7e167373449e8c55ac
c6d0b917baab60c1eb4befdb6ebf7ae9d588d5b7
73f9b6126e2397cce56ec65fa758ff15fea0e0e10d7d9d079eec54e7cdea512b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "73F9B6126E2397CCE56EC65FA758FF15FEA0E0E10D7D9D079EEC54E7CDEA512B"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6087
Expires: Sat, 29 Oct 2022 07:17:25 GMT
Date: Sat, 29 Oct 2022 05:35:58 GMT
Connection: keep-alive
ndandinter.hair/MjJaeTZJECkOaUdANlsMEFouDUYIHXUOQUUHaFdSU0QzCllcUDsLXVdAdAlEXR07FBtCRykRG1FCKVdcQQ0qDF9WD2tNAwUAbUkQUV4zGl1bVmdIAgcFaE4GbQtiTQQFBWlfV15eOEReRkYqChMBc39LcBcAHAEHCxw9HVocXD8NU1NBP1dVXV9%2FS3BcVy4cV0FXf0twX1E2GENcUTIcRBcAHA9TQEEzFlgXABw0dX5TLxdVWlcoVwYcBHRJGFdKP19ZUA8yDUJCQX9KdxcAHFwEdEUtDgcCHD4YQFtBNRdUU0AxHEQcQigWEwB0KgxFWkA%2FHV9AVzkNEwB0f0pwRl8qXAV2A39LAFxXLg5ZQFl%2FSnIBF2hPX11Bf0pyAhdoT0VbRj9cBXZTPh9aSxdoT1UXAR5NEwAEKglfFwEeSAIHBWhOBhcAbAlVWxdpPQMDAmtKBQoEYk4TAAQuXAV2A2xPAQIAa08OCxdoT1JXQS5cBXZaLg1GQRdoTAVzF2hMBHQXaEwEdEprQBhVVjZXWFdGPxhFVxw5FlsXAG9LcFxXLhxXQVd%2FSwMAdDcaWlNHNBpeV0B%2FSwMAdCwcREFbNRcTAAdoP3txfjsMWFFaPwsYAhxsVwYcVyIcEFFeOEReRkYqChMBc39LcBcAHA5BRQNqV1JTRDMKWVxQOwtdV0B0CURdF2g%2FRkdBMgtTVlsoHFVGF2g%2FEwF0LhRGFwEeSxMABDQcQkVdKBITAXZpXAQEWzUKEwF2alwEBEEzDVMXAR4YUlReI1wEBFF%2FSnIGF2hPRkJbf0pyAwZvTgQFAn9LAEJRM1wFdgdrSQcBAWJPDgUXaE9CFwEeSAAEBWpLBwQKY1wEBFY%2FCkIXAR4RQkZCKVwEBwEbXAQHABxcBAcAHAEHCxw9HVocXD8NU1NBP1dVXV9%2FSwMAdDQcQldTKRwTAAdoP1tRXjsMWFFaPwsTAAdoP0BXQCkQWVwXaEwEdH8ZNVdHXDkRU0AcalcAHAJ0HE5XFDsKVA9aLg1GQRdpOBMAdH9LcEoDY1dRVl50F1NGVzsKUxxRNRQTAHQ0HEJXUykcEwB0NxpaU0c0Gl5XQH9LcERXKApfXVx%2FS3B%2FcRYYQ1xRMhxEHAJ0TxgCHD8BUxAeeApbVBBgSBoQQTcPFAgQblcFEB54DVdVbTMdFAgQYkgOAApsWxoQQS8baVtWa1sMEANuTAEABWpbGhBBLxtpW1ZoWwwQA25MAQAFaiYPCgZoTgEBEHZbV15eOFsMEFouDUZBCHVWTgMLdB5SXhw0HEJXUykcGFFdN1ZYV0Y%2FGEVXHTcaWlNHNBpeV0B1D1NAQTMWWB1%2FGTVXR1w5EVNAHGpXABwCdBxOVxB2W1lQEGBbXkZGKgoMHR0tDkEDAnQdV0RbKRZYUFMoElNAHCoLWR1CLwpeQFc%2BEERXUS5WCUZfKkQHFFw%2FDUFdQDFEBRRbNQoLAhQpEEJXDzsdUF5LfBoLBhQqCV8PA25MAQAFal9GUVtnTAcCA2lKDgQKbV9CDwNsTwECAGtPDgsUPhxFRg8yDUJCQX9KdxcAHFwEdEprQBhVVjZXWFdGPxhFVxw5FlsXABwXU0ZXOwpTFwAcFFVeUy8XVVpXKFwEdEQ%2FC0VbXTRcBHR%2FGTVXR1w5EVNAHGpXABwCdBxOVxB2W1VeUHhDFFpGLglFCB11DkFFA2pXUlNEMwpZXFA7C11XQHQJRF0dKgxFWkA%2FHV9AVzkNGQ1GNwkLABQ0HEJFXSgSCwEUMxZFDwJ8Cl9GV2cYUlReI19VDwZ8CUZbD2tNAwUAbUkQQlEzRAMDAmtKBQoEYk4QRg9rTwAFAmhIAAoLfB1TQUZnEUJGQilcBXMXaD8TAHQiSA8cVT4VGFxXLhxXQVd0GllfF2g%2FWFdGPxhFVxdoP1tRXjsMWFFaPwsTAHQsHERBWzUXEwB0Fzp6U0c0Gl5XQHRJGAQcaldTSld4VRRTQThbDBBaLg1GQQh1Vk4DC3QeUl4cNBxCV1MpHBhRXTdWWFdGPxhFVx03GlpTRzQaXldAdQ9TQEEzFlgdfxk1V0dcORFTQBxqVwAcAnQcTlcQJw
44.195.137.121502 Bad Gateway 0 B URL HTTP/1.1 ndandinter.hair/MjJaeTZJECkOaUdANlsMEFouDUYIHXUOQUUHaFdSU0QzCllcUDsLXVdAdAlEXR07FBtCRykRG1FCKVdcQQ0qDF9WD2tNAwUAbUkQUV4zGl1bVmdIAgcFaE4GbQtiTQQFBWlfV15eOEReRkYqChMBc39LcBcAHAEHCxw9HVocXD8NU1NBP1dVXV9%2FS3BcVy4cV0FXf0twX1E2GENcUTIcRBcAHA9TQEEzFlgXABw0dX5TLxdVWlcoVwYcBHRJGFdKP19ZUA8yDUJCQX9KdxcAHFwEdEUtDgcCHD4YQFtBNRdUU0AxHEQcQigWEwB0KgxFWkA%2FHV9AVzkNEwB0f0pwRl8qXAV2A39LAFxXLg5ZQFl%2FSnIBF2hPX11Bf0pyAhdoT0VbRj9cBXZTPh9aSxdoT1UXAR5NEwAEKglfFwEeSAIHBWhOBhcAbAlVWxdpPQMDAmtKBQoEYk4TAAQuXAV2A2xPAQIAa08OCxdoT1JXQS5cBXZaLg1GQRdoTAVzF2hMBHQXaEwEdEprQBhVVjZXWFdGPxhFVxw5FlsXAG9LcFxXLhxXQVd%2FSwMAdDcaWlNHNBpeV0B%2FSwMAdCwcREFbNRcTAAdoP3txfjsMWFFaPwsYAhxsVwYcVyIcEFFeOEReRkYqChMBc39LcBcAHA5BRQNqV1JTRDMKWVxQOwtdV0B0CURdF2g%2FRkdBMgtTVlsoHFVGF2g%2FEwF0LhRGFwEeSxMABDQcQkVdKBITAXZpXAQEWzUKEwF2alwEBEEzDVMXAR4YUlReI1wEBFF%2FSnIGF2hPRkJbf0pyAwZvTgQFAn9LAEJRM1wFdgdrSQcBAWJPDgUXaE9CFwEeSAAEBWpLBwQKY1wEBFY%2FCkIXAR4RQkZCKVwEBwEbXAQHABxcBAcAHAEHCxw9HVocXD8NU1NBP1dVXV9%2FSwMAdDQcQldTKRwTAAdoP1tRXjsMWFFaPwsTAAdoP0BXQCkQWVwXaEwEdH8ZNVdHXDkRU0AcalcAHAJ0HE5XFDsKVA9aLg1GQRdpOBMAdH9LcEoDY1dRVl50F1NGVzsKUxxRNRQTAHQ0HEJXUykcEwB0NxpaU0c0Gl5XQH9LcERXKApfXVx%2FS3B%2FcRYYQ1xRMhxEHAJ0TxgCHD8BUxAeeApbVBBgSBoQQTcPFAgQblcFEB54DVdVbTMdFAgQYkgOAApsWxoQQS8baVtWa1sMEANuTAEABWpbGhBBLxtpW1ZoWwwQA25MAQAFaiYPCgZoTgEBEHZbV15eOFsMEFouDUZBCHVWTgMLdB5SXhw0HEJXUykcGFFdN1ZYV0Y%2FGEVXHTcaWlNHNBpeV0B1D1NAQTMWWB1%2FGTVXR1w5EVNAHGpXABwCdBxOVxB2W1lQEGBbXkZGKgoMHR0tDkEDAnQdV0RbKRZYUFMoElNAHCoLWR1CLwpeQFc%2BEERXUS5WCUZfKkQHFFw%2FDUFdQDFEBRRbNQoLAhQpEEJXDzsdUF5LfBoLBhQqCV8PA25MAQAFal9GUVtnTAcCA2lKDgQKbV9CDwNsTwECAGtPDgsUPhxFRg8yDUJCQX9KdxcAHFwEdEprQBhVVjZXWFdGPxhFVxw5FlsXABwXU0ZXOwpTFwAcFFVeUy8XVVpXKFwEdEQ%2FC0VbXTRcBHR%2FGTVXR1w5EVNAHGpXABwCdBxOVxB2W1VeUHhDFFpGLglFCB11DkFFA2pXUlNEMwpZXFA7C11XQHQJRF0dKgxFWkA%2FHV9AVzkNGQ1GNwkLABQ0HEJFXSgSCwEUMxZFDwJ8Cl9GV2cYUlReI19VDwZ8CUZbD2tNAwUAbUkQQlEzRAMDAmtKBQoEYk4QRg9rTwAFAmhIAAoLfB1TQUZnEUJGQilcBXMXaD8TAHQiSA8cVT4VGFxXLhxXQVd0GllfF2g%2FWFdGPxhFVxdoP1tRXjsMWFFaPwsTAHQsHERBWzUXEwB0Fzp6U0c0Gl5XQHRJGAQcaldTSld4VRRTQThbDBBaLg1GQQh1Vk4DC3QeUl4cNBxCV1MpHBhRXTdWWFdGPxhFVx03GlpTRzQaXldAdQ9TQEEzFlgdfxk1V0dcORFTQBxqVwAcAnQcTlcQJw
IP 44.195.137.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /MjJaeTZJECkOaUdANlsMEFouDUYIHXUOQUUHaFdSU0QzCllcUDsLXVdAdAlEXR07FBtCRykRG1FCKVdcQQ0qDF9WD2tNAwUAbUkQUV4zGl1bVmdIAgcFaE4GbQtiTQQFBWlfV15eOEReRkYqChMBc39LcBcAHAEHCxw9HVocXD8NU1NBP1dVXV9%2FS3BcVy4cV0FXf0twX1E2GENcUTIcRBcAHA9TQEEzFlgXABw0dX5TLxdVWlcoVwYcBHRJGFdKP19ZUA8yDUJCQX9KdxcAHFwEdEUtDgcCHD4YQFtBNRdUU0AxHEQcQigWEwB0KgxFWkA%2FHV9AVzkNEwB0f0pwRl8qXAV2A39LAFxXLg5ZQFl%2FSnIBF2hPX11Bf0pyAhdoT0VbRj9cBXZTPh9aSxdoT1UXAR5NEwAEKglfFwEeSAIHBWhOBhcAbAlVWxdpPQMDAmtKBQoEYk4TAAQuXAV2A2xPAQIAa08OCxdoT1JXQS5cBXZaLg1GQRdoTAVzF2hMBHQXaEwEdEprQBhVVjZXWFdGPxhFVxw5FlsXAG9LcFxXLhxXQVd%2FSwMAdDcaWlNHNBpeV0B%2FSwMAdCwcREFbNRcTAAdoP3txfjsMWFFaPwsYAhxsVwYcVyIcEFFeOEReRkYqChMBc39LcBcAHA5BRQNqV1JTRDMKWVxQOwtdV0B0CURdF2g%2FRkdBMgtTVlsoHFVGF2g%2FEwF0LhRGFwEeSxMABDQcQkVdKBITAXZpXAQEWzUKEwF2alwEBEEzDVMXAR4YUlReI1wEBFF%2FSnIGF2hPRkJbf0pyAwZvTgQFAn9LAEJRM1wFdgdrSQcBAWJPDgUXaE9CFwEeSAAEBWpLBwQKY1wEBFY%2FCkIXAR4RQkZCKVwEBwEbXAQHABxcBAcAHAEHCxw9HVocXD8NU1NBP1dVXV9%2FSwMAdDQcQldTKRwTAAdoP1tRXjsMWFFaPwsTAAdoP0BXQCkQWVwXaEwEdH8ZNVdHXDkRU0AcalcAHAJ0HE5XFDsKVA9aLg1GQRdpOBMAdH9LcEoDY1dRVl50F1NGVzsKUxxRNRQTAHQ0HEJXUykcEwB0NxpaU0c0Gl5XQH9LcERXKApfXVx%2FS3B%2FcRYYQ1xRMhxEHAJ0TxgCHD8BUxAeeApbVBBgSBoQQTcPFAgQblcFEB54DVdVbTMdFAgQYkgOAApsWxoQQS8baVtWa1sMEANuTAEABWpbGhBBLxtpW1ZoWwwQA25MAQAFaiYPCgZoTgEBEHZbV15eOFsMEFouDUZBCHVWTgMLdB5SXhw0HEJXUykcGFFdN1ZYV0Y%2FGEVXHTcaWlNHNBpeV0B1D1NAQTMWWB1%2FGTVXR1w5EVNAHGpXABwCdBxOVxB2W1lQEGBbXkZGKgoMHR0tDkEDAnQdV0RbKRZYUFMoElNAHCoLWR1CLwpeQFc%2BEERXUS5WCUZfKkQHFFw%2FDUFdQDFEBRRbNQoLAhQpEEJXDzsdUF5LfBoLBhQqCV8PA25MAQAFal9GUVtnTAcCA2lKDgQKbV9CDwNsTwECAGtPDgsUPhxFRg8yDUJCQX9KdxcAHFwEdEprQBhVVjZXWFdGPxhFVxw5FlsXABwXU0ZXOwpTFwAcFFVeUy8XVVpXKFwEdEQ%2FC0VbXTRcBHR%2FGTVXR1w5EVNAHGpXABwCdBxOVxB2W1VeUHhDFFpGLglFCB11DkFFA2pXUlNEMwpZXFA7C11XQHQJRF0dKgxFWkA%2FHV9AVzkNGQ1GNwkLABQ0HEJFXSgSCwEUMxZFDwJ8Cl9GV2cYUlReI19VDwZ8CUZbD2tNAwUAbUkQQlEzRAMDAmtKBQoEYk4QRg9rTwAFAmhIAAoLfB1TQUZnEUJGQilcBXMXaD8TAHQiSA8cVT4VGFxXLhxXQVd0GllfF2g%2FWFdGPxhFVxdoP1tRXjsMWFFaPwsTAHQsHERBWzUXEwB0Fzp6U0c0Gl5XQHRJGAQcaldTSld4VRRTQThbDBBaLg1GQQh1Vk4DC3QeUl4cNBxCV1MpHBhRXTdWWFdGPxhFVx03GlpTRzQaXldAdQ9TQEEzFlgdfxk1V0dcORFTQBxqVwAcAnQcTlcQJw HTTP/1.1
Host: ndandinter.hair
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www52.davisonbarker.pro/
HTTP/1.1 502 Bad Gateway
Server: openresty/1.15.8.3
Date: Sat, 29 Oct 2022 05:35:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: 1fc8b9d87ac7c475668b3e8060b60845=1; Max-Age=604800
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: X-Requested-With,content-type
slieemem.xyz/popunder.gif
104.21.3.137200 OK 58 B URL HTTP/1.1 slieemem.xyz/popunder.gif
IP 104.21.3.137:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 79c15b369d32d2f0f17c116f541b6df3
3039289d4d1f5bc7385a81621deb2614423b769b
e3a3c6b90f511e80a77636fdd4c6047336d4ed5b2c86adf74318a08142649e08
GET /popunder.gif HTTP/1.1
Host: slieemem.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www52.davisonbarker.pro/
HTTP/1.1 200 OK
Date: Sat, 29 Oct 2022 05:35:58 GMT
Content-Type: image/gif
Content-Length: 58
Connection: keep-alive
access-control-allow-origin: *
Pragma: public
cache-control: public, max-age=604800, immutable
content-encoding: gzip
CF-Cache-Status: HIT
Age: 129891
Last-Modified: Thu, 27 Oct 2022 17:31:07 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NvdXcSOBG6iEFd488rJteleoK1Emqko4fgitol8%2FSd2BvQxnfx978r3V6bd2y2BRzDWqtmKthChqC3psTQfxwmCQ43dg1qWVZqEdUdmPUrzrrSyp6Ho%2BFk9m94h5%2F5I%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76198d06488bb4f3-OSL
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2d0c9aa9d2a627b0acc22f8512a81df9
d38a614696da8ee1505c5d10206487d1c3db0bd2
764a44bcc9017c8d46a798a2a49206b2af5dfbef1ff8a0cbd78880f3bd15e7cc
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "764A44BCC9017C8D46A798A2A49206B2AF5DFBEF1FF8A0CBD78880F3BD15E7CC"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2643
Expires: Sat, 29 Oct 2022 06:20:01 GMT
Date: Sat, 29 Oct 2022 05:35:58 GMT
Connection: keep-alive
push.services.mozilla.com/
52.42.74.230101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.42.74.230:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 2BIzMGkWYG4QLT+IoTQkbA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KAhz6EBrEQnZjoeGw7zstrf/0nE=
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2d0c9aa9d2a627b0acc22f8512a81df9
d38a614696da8ee1505c5d10206487d1c3db0bd2
764a44bcc9017c8d46a798a2a49206b2af5dfbef1ff8a0cbd78880f3bd15e7cc
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "764A44BCC9017C8D46A798A2A49206B2AF5DFBEF1FF8A0CBD78880F3BD15E7CC"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2643
Expires: Sat, 29 Oct 2022 06:20:01 GMT
Date: Sat, 29 Oct 2022 05:35:58 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 9503f3bfa4ed7d97bf2eae2c838062f7
4cb41744988488534d15315ba0a6534c5baf5cc8
fe6ad242fd0eb471cdad28d8cfdb4357ac31d267aa697d3b767bc4a73931ee5f
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=111474
Date: Sat, 29 Oct 2022 05:35:59 GMT
Etag: "635bcb82-1d7"
Expires: Sun, 30 Oct 2022 12:33:53 GMT
Last-Modified: Fri, 28 Oct 2022 12:30:58 GMT
Server: ECS (nyb/1D0F)
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 3vHHq-p8yQYn4i9KqK6w0Dkpmh84cDusE8gAXM8d64SrE0cGYNb6Hg==
Age: 175
simplewebanalysis.com/stats
18.193.142.27200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.193.142.27:0
File type ASCII text, with no line terminators
Hash ddb3168d42d77d8a0e334aa638b8410c
27c6431a278a7886a38745bbe6af57c695002a1f
f2c3a1a46afa4b7fbaf9e100c38d8452024fe629334b7ef57295a6e7b8808f7d
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www10.davisonbarker.pro
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 29 Oct 2022 05:35:59 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www10.davisonbarker.pro
access-control-allow-credentials: true
set-cookie: uid_id2=0e2ec58a-191f-466e-907e-e3762f215175:1:1; expires=Tue, 26 Oct 2032 05:35:59 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
54.230.245.166200 OK 50 kB URL HTTP/2 dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
IP 54.230.245.166:0
File type Unicode text, UTF-8 text, with very long lines (15952)
Hash 78d09368bd62ea4f3b30ed4ff19e40a5
4f7dd4ff922a12217da1ef43653bac0085697c07
b55c1df3ee601759faad96d84c24aade54500fe4134caa715ae930e237f62110
GET /?gfkcd=824473 HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 49670
date: Sat, 29 Oct 2022 05:35:59 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: sxZnTh6w9mIoASOW3VAC2iflm1CmXwMfBovRJwvpxdhuy-uY0dTjAA==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5a49b861d9c18847bb396fe518a7373d
4d40971f23898c64c1badbfce7eddf6d6ab7e713
6fb409ac009d3034b03e336cc82d45e94768d386febbc581bf072da9dd8bdcc5
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6FB409AC009D3034B03E336CC82D45E94768D386FEBBC581BF072DA9DD8BDCC5"
Last-Modified: Thu, 27 Oct 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6255
Expires: Sat, 29 Oct 2022 07:20:14 GMT
Date: Sat, 29 Oct 2022 05:35:59 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5a49b861d9c18847bb396fe518a7373d
4d40971f23898c64c1badbfce7eddf6d6ab7e713
6fb409ac009d3034b03e336cc82d45e94768d386febbc581bf072da9dd8bdcc5
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6FB409AC009D3034B03E336CC82D45E94768D386FEBBC581BF072DA9DD8BDCC5"
Last-Modified: Thu, 27 Oct 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6255
Expires: Sat, 29 Oct 2022 07:20:14 GMT
Date: Sat, 29 Oct 2022 05:35:59 GMT
Connection: keep-alive
herhomeou.xyz/TFBtTTQtMg4gCy1tD2tBPjxQaAYKdV8LUC9lBnVSK2UEIld0I0MuWCMlCStGIz4ZY1opJEh/cgUGOyFcHj4Of3oraAoedwknLxVAHApffGIvBT83eTQZHQpnGjsmGWUbADoiUy8RXTV/GTMUCWAKOzgadS4eKS5zKWEoOno7GlofWgFkLx5mBwk1dWICOApoBg4KLxxbCSosaAYKEy4qZwEIVRh+fD9ZA1w/Jio3X3gCJRxMFRgJH218BgEuZhUmKhlxfhYHG2cWYgYdeSAaAyxiDmI6GmJ0BQofZxZiBhp4NDwHL2EeYSMVdj4FOXh2FQgVHnYKGgMsZmEdGhhZFQk4BW4PNV8hfRVgOyFkKwEBBXA8aDg6dgoKOiVmKDs3IVUJAl0fTgEnKDR5Hh8EC3EoFCsmVRoCAh8HASM1BVdqOh4iWjxtJT9VJGMse04oIA
54.230.111.9200 OK 1.2 kB URL HTTP/2 herhomeou.xyz/TFBtTTQtMg4gCy1tD2tBPjxQaAYKdV8LUC9lBnVSK2UEIld0I0MuWCMlCStGIz4ZY1opJEh/cgUGOyFcHj4Of3oraAoedwknLxVAHApffGIvBT83eTQZHQpnGjsmGWUbADoiUy8RXTV/GTMUCWAKOzgadS4eKS5zKWEoOno7GlofWgFkLx5mBwk1dWICOApoBg4KLxxbCSosaAYKEy4qZwEIVRh+fD9ZA1w/Jio3X3gCJRxMFRgJH218BgEuZhUmKhlxfhYHG2cWYgYdeSAaAyxiDmI6GmJ0BQofZxZiBhp4NDwHL2EeYSMVdj4FOXh2FQgVHnYKGgMsZmEdGhhZFQk4BW4PNV8hfRVgOyFkKwEBBXA8aDg6dgoKOiVmKDs3IVUJAl0fTgEnKDR5Hh8EC3EoFCsmVRoCAh8HASM1BVdqOh4iWjxtJT9VJGMse04oIA
IP 54.230.111.9:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3035), with no line terminators
Hash 8727c05b4347ed0b602f6ca14439bd07
d31a7a46624ed18a0da0244e23f7884d57b638ff
2179be1e1898637532532a5daf3b6a6e878c77bda362de64f55f9142c50b2242
GET /TFBtTTQtMg4gCy1tD2tBPjxQaAYKdV8LUC9lBnVSK2UEIld0I0MuWCMlCStGIz4ZY1opJEh/cgUGOyFcHj4Of3oraAoedwknLxVAHApffGIvBT83eTQZHQpnGjsmGWUbADoiUy8RXTV/GTMUCWAKOzgadS4eKS5zKWEoOno7GlofWgFkLx5mBwk1dWICOApoBg4KLxxbCSosaAYKEy4qZwEIVRh+fD9ZA1w/Jio3X3gCJRxMFRgJH218BgEuZhUmKhlxfhYHG2cWYgYdeSAaAyxiDmI6GmJ0BQofZxZiBhp4NDwHL2EeYSMVdj4FOXh2FQgVHnYKGgMsZmEdGhhZFQk4BW4PNV8hfRVgOyFkKwEBBXA8aDg6dgoKOiVmKDs3IVUJAl0fTgEnKDR5Hh8EC3EoFCsmVRoCAh8HASM1BVdqOh4iWjxtJT9VJGMse04oIA HTTP/1.1
Host: herhomeou.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1185
date: Sat, 29 Oct 2022 05:35:59 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5zHIVF44ikcotXel23er_R9sWcS6Pc95ksRSMTL2E2S2vKmsJHEwNA==
X-Firefox-Spdy: h2
slieemem.xyz/S2trdEtkVAgHdig+AEQRJSkuEjwFPzkhETwvPTYBGjNbMR4gLk0AIi9WU0Z/f1xYUjsiD1ZHeW0YHxU/PhhWRnt7XE0dJS0EVkZtPVZbWnNlWltae20eVkVtPxsKE3Z6TRsAPydWWkJ9fFtZRXx+XFhAcw
172.67.130.191204 No Content 0 B URL HTTP/2 slieemem.xyz/S2trdEtkVAgHdig+AEQRJSkuEjwFPzkhETwvPTYBGjNbMR4gLk0AIi9WU0Z/f1xYUjsiD1ZHeW0YHxU/PhhWRnt7XE0dJS0EVkZtPVZbWnNlWltae20eVkVtPxsKE3Z6TRsAPydWWkJ9fFtZRXx+XFhAcw
IP 172.67.130.191:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /S2trdEtkVAgHdig+AEQRJSkuEjwFPzkhETwvPTYBGjNbMR4gLk0AIi9WU0Z/f1xYUjsiD1ZHeW0YHxU/PhhWRnt7XE0dJS0EVkZtPVZbWnNlWltae20eVkVtPxsKE3Z6TRsAPydWWkJ9fFtZRXx+XFhAcw HTTP/1.1
Host: slieemem.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 29 Oct 2022 05:35:59 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b7V%2FLZjIQekefjwUpDVP2Qk51z518bs0xKZRRH%2BR%2BZZErPRy2vFpfgDQpOgwqu3a9wDgU6lSKBPK12%2FFLnl0GRpMqD%2BcfMZrHfSLO8CfjXtgIauMC4X4qx101p2bCFI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76198d0b6f38b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
slieemem.xyz/ZUtmQnVKdAUxSDQhCiMXVh1VBkdUKjcKICQSVy44BixXMyJVGkA2HAF2XnBBUXxVZAUML1txR0M4EiMBEDhbc1MMJQAtSEM9W3JbXWVXcltVbRN/REM/FiMSWHpAMgERJ1tzQ1N8VnBEUn5RcUFQ
172.67.130.191204 No Content 0 B URL HTTP/2 slieemem.xyz/ZUtmQnVKdAUxSDQhCiMXVh1VBkdUKjcKICQSVy44BixXMyJVGkA2HAF2XnBBUXxVZAUML1txR0M4EiMBEDhbc1MMJQAtSEM9W3JbXWVXcltVbRN/REM/FiMSWHpAMgERJ1tzQ1N8VnBEUn5RcUFQ
IP 172.67.130.191:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ZUtmQnVKdAUxSDQhCiMXVh1VBkdUKjcKICQSVy44BixXMyJVGkA2HAF2XnBBUXxVZAUML1txR0M4EiMBEDhbc1MMJQAtSEM9W3JbXWVXcltVbRN/REM/FiMSWHpAMgERJ1tzQ1N8VnBEUn5RcUFQ HTTP/1.1
Host: slieemem.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 29 Oct 2022 05:35:59 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fx%2FJJqRdUGRaTZ9iksYhMCEk%2BjRBZEE1gMQutjALRt2ruhjfeJynWP%2FWsGNikjh%2FUnSNrpAd2dj70BrrmpHT83aDZh8wximSU123w3mfQxsNlGg2qs9zlEuIDoQnPCo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76198d0b6f36b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f8df02b33eb8defe5aab1f33a6b043a9
beefbf0b0ddc4da6f2688e5249ee8740c488afed
f017300c81d22b2d6cd081b9166774e60b8336805ec43402b1fbc437d83e0c9f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F017300C81D22B2D6CD081B9166774E60B8336805EC43402B1FBC437D83E0C9F"
Last-Modified: Sat, 29 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1747
Expires: Sat, 29 Oct 2022 06:05:06 GMT
Date: Sat, 29 Oct 2022 05:35:59 GMT
Connection: keep-alive
dc5k8fg5ioc8s.cloudfront.net/IVVlhRnc2Ng8gSCEwBXtPZ21VcURzMxIpGSVkKTQWPWogcA0xKUcyDTFkUWAbNDcGe1EwNwJ7RnM4BSRKYX8VNhg+ZBQoEzA/CCgSMX8UJ0o4NhsvGzk4RHQxYHdRY0VlcRYvGTE2FjVSZ2kPMlJnaVB2WWV8UgRSZ2kWLxljbUR1NXBrUT5BYXxSBFJnaR-MwUmYYUHZCe2lIY0VlPgQlHDp8UwBFZWhRdkZlaER0RzMwEyMROiFEdDFkaVRoR3MsXHc
54.230.245.166200 OK 329 B URL HTTP/2 dc5k8fg5ioc8s.cloudfront.net/IVVlhRnc2Ng8gSCEwBXtPZ21VcURzMxIpGSVkKTQWPWogcA0xKUcyDTFkUWAbNDcGe1EwNwJ7RnM4BSRKYX8VNhg+ZBQoEzA/CCgSMX8UJ0o4NhsvGzk4RHQxYHdRY0VlcRYvGTE2FjVSZ2kPMlJnaVB2WWV8UgRSZ2kWLxljbUR1NXBrUT5BYXxSBFJnaR-MwUmYYUHZCe2lIY0VlPgQlHDp8UwBFZWhRdkZlaER0RzMwEyMROiFEdDFkaVRoR3MsXHc
IP 54.230.245.166:0
File type ASCII text, with very long lines (414), with no line terminators
Hash 9fd5eb6632f1b310b1c0f71494f49219
63e3519381bee23f8e4b5a7cd085844dfbff133d
bb0184f36ad503d26ea0063e61d2d59ad4d57551198d5c420e977301cc3d3c0c
GET /IVVlhRnc2Ng8gSCEwBXtPZ21VcURzMxIpGSVkKTQWPWogcA0xKUcyDTFkUWAbNDcGe1EwNwJ7RnM4BSRKYX8VNhg+ZBQoEzA/CCgSMX8UJ0o4NhsvGzk4RHQxYHdRY0VlcRYvGTE2FjVSZ2kPMlJnaVB2WWV8UgRSZ2kWLxljbUR1NXBrUT5BYXxSBFJnaR-MwUmYYUHZCe2lIY0VlPgQlHDp8UwBFZWhRdkZlaER0RzMwEyMROiFEdDFkaVRoR3MsXHc HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://herhomeou.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 329
date: Sat, 29 Oct 2022 05:35:59 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: KCVW_n9vi16yXWSRzzxqhnGzUeSU5baPMlxaXA4_9KSWqLifaq90lA==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d74fd61a9f3caa5eada0b6b9f7154475
eb94382c5deaf0de61635a7d4ecc89928ef84e65
b8fe819d80e3dbca42f89e4654dfb96aa886892d265b475c7e23c780120aa5cd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B8FE819D80E3DBCA42F89E4654DFB96AA886892D265B475C7E23C780120AA5CD"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6533
Expires: Sat, 29 Oct 2022 07:24:52 GMT
Date: Sat, 29 Oct 2022 05:35:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d74fd61a9f3caa5eada0b6b9f7154475
eb94382c5deaf0de61635a7d4ecc89928ef84e65
b8fe819d80e3dbca42f89e4654dfb96aa886892d265b475c7e23c780120aa5cd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B8FE819D80E3DBCA42F89E4654DFB96AA886892D265B475C7E23C780120AA5CD"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6533
Expires: Sat, 29 Oct 2022 07:24:52 GMT
Date: Sat, 29 Oct 2022 05:35:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d74fd61a9f3caa5eada0b6b9f7154475
eb94382c5deaf0de61635a7d4ecc89928ef84e65
b8fe819d80e3dbca42f89e4654dfb96aa886892d265b475c7e23c780120aa5cd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B8FE819D80E3DBCA42F89E4654DFB96AA886892D265B475C7E23C780120AA5CD"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6533
Expires: Sat, 29 Oct 2022 07:24:52 GMT
Date: Sat, 29 Oct 2022 05:35:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d74fd61a9f3caa5eada0b6b9f7154475
eb94382c5deaf0de61635a7d4ecc89928ef84e65
b8fe819d80e3dbca42f89e4654dfb96aa886892d265b475c7e23c780120aa5cd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B8FE819D80E3DBCA42F89E4654DFB96AA886892D265B475C7E23C780120AA5CD"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6533
Expires: Sat, 29 Oct 2022 07:24:52 GMT
Date: Sat, 29 Oct 2022 05:35:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d74fd61a9f3caa5eada0b6b9f7154475
eb94382c5deaf0de61635a7d4ecc89928ef84e65
b8fe819d80e3dbca42f89e4654dfb96aa886892d265b475c7e23c780120aa5cd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B8FE819D80E3DBCA42F89E4654DFB96AA886892D265B475C7E23C780120AA5CD"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6533
Expires: Sat, 29 Oct 2022 07:24:52 GMT
Date: Sat, 29 Oct 2022 05:35:59 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97b6c4b-9ae3-43f9-a0be-52e33d2041b0.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97b6c4b-9ae3-43f9-a0be-52e33d2041b0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1ab38f9f7924c7ee9271368faf55a2ee
2508c0e5c7471244baa94fbc97769e5a19641a34
c314c69fc7e82538b2694da79c93a909620a1820e9ef8a25c3d8b675118e3e79
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97b6c4b-9ae3-43f9-a0be-52e33d2041b0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7268
x-amzn-requestid: 2426674e-b28d-47c2-a32c-7275864a418c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: apxNRF57IAMFtAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635a2f21-3a8349e635018e2d6400a13b;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 07:11:29 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ZGZUUir8a2FA7VzAmP1cc6SJr8-nXbb8rjIEaYBWZWaSgITHWY2cig==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 28 Oct 2022 07:18:19 GMT
age: 80260
etag: "2508c0e5c7471244baa94fbc97769e5a19641a34"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F036fdb83-72c9-40f5-9e16-f4502570667e.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F036fdb83-72c9-40f5-9e16-f4502570667e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6a37da3b0df2c3eb74825cdad7dff6d4
01125adb299608812ffca7fb3c0ad526803bd723
351fdadfc462aa0c8a38964217c40f085e62d65335152d0530233017f9fc0df6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F036fdb83-72c9-40f5-9e16-f4502570667e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11107
x-amzn-requestid: 6fc669c8-f46f-4f5a-a538-b4a49c43319e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: amdsuE6GoAMFcSw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6358dcb7-0c9461505096b7d92509e55e;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 07:07:35 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: BzeW9D2DmkFVHVzWCV9ZZUx62NboDogcBvN96OikqnyImftEXu9RnQ==
via: 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Fri, 28 Oct 2022 07:05:04 GMT
age: 81055
etag: "01125adb299608812ffca7fb3c0ad526803bd723"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F493e6c0e-987f-4e8a-b2a1-5fe4f452da17.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F493e6c0e-987f-4e8a-b2a1-5fe4f452da17.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3044824aa388754b4834dc79496d135b
ee65caaa8a746599f6c29d74900472a98c121499
1e7f15e9d74e3559bbe51f66a861045d02a1cb227c978ba09c47e52972095930
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F493e6c0e-987f-4e8a-b2a1-5fe4f452da17.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6036
x-amzn-requestid: 3614efdd-d9db-4461-a335-30cfc17cf8b5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: avCGmEyVoAMFnPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635c4a2a-5f619a592c75e97c3dc2689a;Sampled=0
x-amzn-remapped-date: Fri, 28 Oct 2022 21:31:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Q4BKx39YfIUToWYusxR0A0ndnPGlNBDgQrP6ZlO8f5_D7xzdgelZ2A==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Fri, 28 Oct 2022 21:51:16 GMT
age: 27883
etag: "ee65caaa8a746599f6c29d74900472a98c121499"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd830c901-a7fd-448a-9a5c-b65235a10127.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd830c901-a7fd-448a-9a5c-b65235a10127.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8ccb6be5f8a61354dfff4fa9d48852fe
33b4a66a9693ca4c327c13303cb4f1aa4354b261
aa48f106bdfd580cea5f691ddf2c7e0445a30d89526355953ae9d87881ad6495
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd830c901-a7fd-448a-9a5c-b65235a10127.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15494
x-amzn-requestid: 5c6a874b-b97e-44ba-93e2-ebc4517220d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: apSLZGNGoAMFrgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359fd7b-0a756fdd554b64381bf74525;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 03:39:39 GMT
x-amz-cf-pop: YVR50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: IZrTbVtjoc8LALwjuxZKdHwsRJ6EOAPwdJgdAFxYcNKdIVtVV7mSsQ==
via: 1.1 c4e77f714a7aade06aaed8bdc8b66fca.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Fri, 28 Oct 2022 21:51:41 GMT
age: 27858
etag: "33b4a66a9693ca4c327c13303cb4f1aa4354b261"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08dc8195-80b5-41fa-a5cd-b0bb44072b0c.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08dc8195-80b5-41fa-a5cd-b0bb44072b0c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 146f86a561cb46170f482f06a95b63ee
19a0a4eb1e396b958de5406fba58e9d94c92d6c7
ffb65219c904fa391d4879dedfe319b7adb601bce809c63f25e1bf95f3ba3030
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08dc8195-80b5-41fa-a5cd-b0bb44072b0c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5655
x-amzn-requestid: a9d3a921-a6a1-4425-a2d8-b26fefbd8ec5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: af25SHnCoAMFuJw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6356383b-41baf7e718f95502497ef36c;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 07:01:15 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: FUH6VNRi61sXkAnPHCYYTpb28QZcrMu_Jttb-0sLUlF62horpQsiyA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 28 Oct 2022 08:58:38 GMT
age: 74241
etag: "19a0a4eb1e396b958de5406fba58e9d94c92d6c7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff9145127-23fb-40ec-af25-e7ec5b697df8.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff9145127-23fb-40ec-af25-e7ec5b697df8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 32c2813ce699bc420eb13f02b9f1e86a
934a57f7596fc4a844485539d9ce2165f212e6e4
5e3c8ed8a00dff724fc7f3c5ef99252ef1b1aa45f87578177aa43d5fcd593233
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff9145127-23fb-40ec-af25-e7ec5b697df8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8084
x-amzn-requestid: 9ed3b0b2-8755-44b5-87ae-abd65bfa6d84
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: apNExEF7oAMFcIw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359f551-7919426b5945afad4e3f9473;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 03:04:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: oPTErTmth_yOMrSkzbGcn1NjdUkjlnOVJ6eeEqshtswaDwDkjTap6A==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 29 Oct 2022 04:14:07 GMT
age: 4912
etag: "934a57f7596fc4a844485539d9ce2165f212e6e4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
breedingdaringconcussion.com/aa/24/05/aa240591af5d8573573bb87d25c7ab12.json
173.233.137.36403 Forbidden 0 B URL HTTP/1.1 breedingdaringconcussion.com/aa/24/05/aa240591af5d8573573bb87d25c7ab12.json
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /aa/24/05/aa240591af5d8573573bb87d25c7ab12.json HTTP/1.1
Host: breedingdaringconcussion.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www10.davisonbarker.pro
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 403 Forbidden
Server: nginx/1.19.5
Date: Sat, 29 Oct 2022 05:35:59 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 36a3eefd0dee1f7e167373449e8c55ac
c6d0b917baab60c1eb4befdb6ebf7ae9d588d5b7
73f9b6126e2397cce56ec65fa758ff15fea0e0e10d7d9d079eec54e7cdea512b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "73F9B6126E2397CCE56EC65FA758FF15FEA0E0E10D7D9D079EEC54E7CDEA512B"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6086
Expires: Sat, 29 Oct 2022 07:17:25 GMT
Date: Sat, 29 Oct 2022 05:35:59 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 36a3eefd0dee1f7e167373449e8c55ac
c6d0b917baab60c1eb4befdb6ebf7ae9d588d5b7
73f9b6126e2397cce56ec65fa758ff15fea0e0e10d7d9d079eec54e7cdea512b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "73F9B6126E2397CCE56EC65FA758FF15FEA0E0E10D7D9D079EEC54E7CDEA512B"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6086
Expires: Sat, 29 Oct 2022 07:17:25 GMT
Date: Sat, 29 Oct 2022 05:35:59 GMT
Connection: keep-alive
herhomeou.xyz/utx?cb=RJRR3UvozSNy&top=www10.davisonbarker.pro&tid=824473
54.230.111.9204 No Content 0 B URL HTTP/2 herhomeou.xyz/utx?cb=RJRR3UvozSNy&top=www10.davisonbarker.pro&tid=824473
IP 54.230.111.9:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=RJRR3UvozSNy&top=www10.davisonbarker.pro&tid=824473 HTTP/1.1
Host: herhomeou.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www10.davisonbarker.pro
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sat, 29 Oct 2022 05:35:59 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www10.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 29 Oct 2022 05:36:59 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 55RR6PF30Yr4BJ599ocXtChrnAJMhWYxSWiAM1tu-HxFFX39zcIV1g==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1874946cfd71c87d6f0a29d9d20b0ee6
bcac8b76f5622900fd5cb7553cd1155d840a6d40
6f04b42ea07e47e315c9f6a251dabdca58e2425352ad3c3d7b589b4d66ba44c8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "6F04B42EA07E47E315C9F6A251DABDCA58E2425352AD3C3D7B589B4D66BA44C8"
Last-Modified: Wed, 26 Oct 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8393
Expires: Sat, 29 Oct 2022 07:55:52 GMT
Date: Sat, 29 Oct 2022 05:35:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 85f7203ce54b178fde3841f77cbdc841
4af42a01a03f3808769ba87bab5d97b0118d5071
390c92ee44ffbd4c90da7418f8e9b8bacd1529e0b40da48adaddbd227ed9b298
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "390C92EE44FFBD4C90DA7418F8E9B8BACD1529E0B40DA48ADADDBD227ED9B298"
Last-Modified: Wed, 26 Oct 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7074
Expires: Sat, 29 Oct 2022 07:33:54 GMT
Date: Sat, 29 Oct 2022 05:36:00 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1874946cfd71c87d6f0a29d9d20b0ee6
bcac8b76f5622900fd5cb7553cd1155d840a6d40
6f04b42ea07e47e315c9f6a251dabdca58e2425352ad3c3d7b589b4d66ba44c8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "6F04B42EA07E47E315C9F6A251DABDCA58E2425352AD3C3D7B589B4D66BA44C8"
Last-Modified: Wed, 26 Oct 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8392
Expires: Sat, 29 Oct 2022 07:55:52 GMT
Date: Sat, 29 Oct 2022 05:36:00 GMT
Connection: keep-alive
banquetunarmedgrater.com/advertisers.js
192.243.59.12200 OK 0 B URL HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 29 Oct 2022 05:36:00 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6f9a505018c4c709061ab4727ea78d51
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aac0e40c6f536db5701e39b016e261d0
e18355b5360fc135ccd7db5a6db0fdab967c9514
c9ffbe832d006dc14376d21a53b21f6a9dc1ada4d03c19a63f0a0b7d1c4bbe61
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9FFBE832D006DC14376D21A53B21F6A9DC1ADA4D03C19A63F0A0B7D1C4BBE61"
Last-Modified: Fri, 28 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8097
Expires: Sat, 29 Oct 2022 07:50:57 GMT
Date: Sat, 29 Oct 2022 05:36:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 51aef1aff18e8f618dce51fa5389faf8
b8b2bb7ac50739f425dfe5f347b957efd4a4f981
28d63f166c54dc9ff835988869a29724d6af5218e1944fa6e42509b8c1fe0708
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28D63F166C54DC9FF835988869A29724D6AF5218E1944FA6E42509B8C1FE0708"
Last-Modified: Fri, 28 Oct 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4771
Expires: Sat, 29 Oct 2022 06:55:31 GMT
Date: Sat, 29 Oct 2022 05:36:00 GMT
Connection: keep-alive
reasonablelandmark.com/bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js
173.233.137.60403 Forbidden 0 B URL HTTP/1.1 reasonablelandmark.com/bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js HTTP/1.1
Host: reasonablelandmark.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 403 Forbidden
Server: nginx/1.19.5
Date: Sat, 29 Oct 2022 05:36:00 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
dismantlepenantiterrorist.com/pxf.gif?uuid=0e2ec58a-191f-466e-907e-e3762f215175&eb=f7f733e10dbfb66931f79b4d6cd2ec08&te=3a754cebd09bb2f7570f96954fbfd43e&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=13.1055&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
173.233.137.44200 OK 1 B URL HTTP/1.1 dismantlepenantiterrorist.com/pxf.gif?uuid=0e2ec58a-191f-466e-907e-e3762f215175&eb=f7f733e10dbfb66931f79b4d6cd2ec08&te=3a754cebd09bb2f7570f96954fbfd43e&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=13.1055&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
IP 173.233.137.44:0
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=0e2ec58a-191f-466e-907e-e3762f215175&eb=f7f733e10dbfb66931f79b4d6cd2ec08&te=3a754cebd09bb2f7570f96954fbfd43e&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=13.1055&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: dismantlepenantiterrorist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 29 Oct 2022 05:36:00 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: caadc3c02e3e31cb8058c8cad51eee70
Strict-Transport-Security: max-age=0; includeSubdomains
herhomeou.xyz/floater?cs=QkpTUmN3fGRnVnVzamRacn5jZlI&abt=0&red=1&sm=83&k=&v=0.8.10.0&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww10.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D1457270%26pci%3D5101338687%26t%3D1667021689%26dest%3Dhttps%253A%252F%252Fx19.gdl.netease.com%252Fnetease%252Fmclauncher%252Fversion%252FMCLauncher.0.6.0.exe&osr=www52.davisonbarker.pro&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=ta1_oi1_&_AXQr=1667021757889&crc=1
54.230.111.9200 OK 2.7 kB URL HTTP/2 herhomeou.xyz/floater?cs=QkpTUmN3fGRnVnVzamRacn5jZlI&abt=0&red=1&sm=83&k=&v=0.8.10.0&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww10.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D1457270%26pci%3D5101338687%26t%3D1667021689%26dest%3Dhttps%253A%252F%252Fx19.gdl.netease.com%252Fnetease%252Fmclauncher%252Fversion%252FMCLauncher.0.6.0.exe&osr=www52.davisonbarker.pro&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=ta1_oi1_&_AXQr=1667021757889&crc=1
IP 54.230.111.9:0
File type ASCII text, with very long lines (5075), with no line terminators
Hash becbcfb05ebf7a1f1b88abe03659f8f6
67d2a08d618b66af529f897ef156d77c2dc94669
c04b52327ff317b0952478df26522cd2f4779bbca0b2289558c21595ed57c648
GET /floater?cs=QkpTUmN3fGRnVnVzamRacn5jZlI&abt=0&red=1&sm=83&k=&v=0.8.10.0&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww10.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D1457270%26pci%3D5101338687%26t%3D1667021689%26dest%3Dhttps%253A%252F%252Fx19.gdl.netease.com%252Fnetease%252Fmclauncher%252Fversion%252FMCLauncher.0.6.0.exe&osr=www52.davisonbarker.pro&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=ta1_oi1_&_AXQr=1667021757889&crc=1 HTTP/1.1
Host: herhomeou.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www10.davisonbarker.pro
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 2747
date: Sat, 29 Oct 2022 05:36:00 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www10.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=ef3cbd70-ceda-4583-8e49-d5345afe28a8
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: drKVfKWwOVla-42xpUoBGMyTVjjagoIcBqrBPE5exIxTOzYRyjZOZg==
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash bb9b0487cea0ade2ef1868b05b6cbed4
e5153b7c056b7e50236a0443ba7a976ea8c80d5c
02cd1410ba20f4ea8caec60aef73f1b3d2ba2a297662e521f97b0f4fada5cd0b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=170580
Date: Sat, 29 Oct 2022 05:36:03 GMT
Etag: "635ca123-1d7"
Expires: Mon, 31 Oct 2022 04:59:03 GMT
Last-Modified: Sat, 29 Oct 2022 03:42:27 GMT
Server: ECS (bsa/EB1A)
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: EL7Ku9ril8O6Ahtk-KiM4CNwQ92M9ejNdA5HOueOU7lepKsyLzeszw==
Age: 4597
eliss-vas.com/imp/92353e44-574b-11ed-9c1d-0a58c19385bf/2/e0d34cc0-1cf9-11ea-81fc-0a97765f9322/_-bDGVuAqdhH-NqidbHrPw_ncCuEUXuIUDIhkSsnqro977I51AqpVTKh2v9oE1EHnqeNlAf7hY_8o9bjEvkJ38G6Pbrh3o9gJYhHuEDS9ItI2vGjf5Zzh94fV5YdXmHOBt_l1xkXyRF1wQzcKBkPUBalY_nzwqY5KnvoxWvVC3DgKhzsGb3QYBPmnMI0_StOynG9bMNWgtMUq9XnQMQAHwA_t60M-mLds0U5FnxEO85j3YmU4HRKerUEQyloB7B2u7VRrl75v_2iTB8eLbR7NCSaXOAcZAkX2GJKQWH8Yoc0TK9e-si5tklVbM18XkTnHc9hIckc2ijkw595rIj7lBritJ12_3TjwNqJb3rIWKRPCjMjvDTzWojKT4d3DZE-CCzumUU9C-U37aWCJR3D41VxOLJY9vD9V_K8_5rT-unWT_XFKA-O77PI8JlaZUiESk5-hn9_4mEYajBpWxVB3L2OMNuf8TWNVe5WOLbmfqs-K3Bl3u3p4FPA4KKa8HYKbzGy1nLF4eraw9OSgqF186ryypSkGtfukkz6PH4LRbxwPsXvx_VlIc45S30FONBqT9IJ0SGMQ8XvV6ZNwYuev6MsrrB-IxPT5X2eMn_9kgt9vaFrB7Ozy4M7Cl6ZdBtozoJoxCLg4Luh4vlcQ3gaZ5VKxD57ajWOGDTzsNum0wHS1-PpY-mGgdVFjYtolDGnbDfAf_U5.AaMfAmN9Ldw4g824HkgUDg==
52.2.125.79200 OK 6.3 kB URL HTTP/2 eliss-vas.com/imp/92353e44-574b-11ed-9c1d-0a58c19385bf/2/e0d34cc0-1cf9-11ea-81fc-0a97765f9322/_-bDGVuAqdhH-NqidbHrPw_ncCuEUXuIUDIhkSsnqro977I51AqpVTKh2v9oE1EHnqeNlAf7hY_8o9bjEvkJ38G6Pbrh3o9gJYhHuEDS9ItI2vGjf5Zzh94fV5YdXmHOBt_l1xkXyRF1wQzcKBkPUBalY_nzwqY5KnvoxWvVC3DgKhzsGb3QYBPmnMI0_StOynG9bMNWgtMUq9XnQMQAHwA_t60M-mLds0U5FnxEO85j3YmU4HRKerUEQyloB7B2u7VRrl75v_2iTB8eLbR7NCSaXOAcZAkX2GJKQWH8Yoc0TK9e-si5tklVbM18XkTnHc9hIckc2ijkw595rIj7lBritJ12_3TjwNqJb3rIWKRPCjMjvDTzWojKT4d3DZE-CCzumUU9C-U37aWCJR3D41VxOLJY9vD9V_K8_5rT-unWT_XFKA-O77PI8JlaZUiESk5-hn9_4mEYajBpWxVB3L2OMNuf8TWNVe5WOLbmfqs-K3Bl3u3p4FPA4KKa8HYKbzGy1nLF4eraw9OSgqF186ryypSkGtfukkz6PH4LRbxwPsXvx_VlIc45S30FONBqT9IJ0SGMQ8XvV6ZNwYuev6MsrrB-IxPT5X2eMn_9kgt9vaFrB7Ozy4M7Cl6ZdBtozoJoxCLg4Luh4vlcQ3gaZ5VKxD57ajWOGDTzsNum0wHS1-PpY-mGgdVFjYtolDGnbDfAf_U5.AaMfAmN9Ldw4g824HkgUDg==
IP 52.2.125.79:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 192x192, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 8992c4259b9c80b2c53f7df07cb9d559
ee38e759228661da3747c10a7adf24aa9ff48602
c5c3bbda861b749088dd9de647243bd9dba7805de8ca83dd6252ddb972ec87cb
GET /imp/92353e44-574b-11ed-9c1d-0a58c19385bf/2/e0d34cc0-1cf9-11ea-81fc-0a97765f9322/_-bDGVuAqdhH-NqidbHrPw_ncCuEUXuIUDIhkSsnqro977I51AqpVTKh2v9oE1EHnqeNlAf7hY_8o9bjEvkJ38G6Pbrh3o9gJYhHuEDS9ItI2vGjf5Zzh94fV5YdXmHOBt_l1xkXyRF1wQzcKBkPUBalY_nzwqY5KnvoxWvVC3DgKhzsGb3QYBPmnMI0_StOynG9bMNWgtMUq9XnQMQAHwA_t60M-mLds0U5FnxEO85j3YmU4HRKerUEQyloB7B2u7VRrl75v_2iTB8eLbR7NCSaXOAcZAkX2GJKQWH8Yoc0TK9e-si5tklVbM18XkTnHc9hIckc2ijkw595rIj7lBritJ12_3TjwNqJb3rIWKRPCjMjvDTzWojKT4d3DZE-CCzumUU9C-U37aWCJR3D41VxOLJY9vD9V_K8_5rT-unWT_XFKA-O77PI8JlaZUiESk5-hn9_4mEYajBpWxVB3L2OMNuf8TWNVe5WOLbmfqs-K3Bl3u3p4FPA4KKa8HYKbzGy1nLF4eraw9OSgqF186ryypSkGtfukkz6PH4LRbxwPsXvx_VlIc45S30FONBqT9IJ0SGMQ8XvV6ZNwYuev6MsrrB-IxPT5X2eMn_9kgt9vaFrB7Ozy4M7Cl6ZdBtozoJoxCLg4Luh4vlcQ3gaZ5VKxD57ajWOGDTzsNum0wHS1-PpY-mGgdVFjYtolDGnbDfAf_U5.AaMfAmN9Ldw4g824HkgUDg== HTTP/1.1
Host: eliss-vas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 29 Oct 2022 05:36:03 GMT
content-type: image/webp
content-length: 6332
content-disposition: inline;filename=f.txt
X-Firefox-Spdy: h2
reasonablelandmark.com/bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js
173.233.137.60403 Forbidden 0 B URL HTTP/1.1 reasonablelandmark.com/bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js HTTP/1.1
Host: reasonablelandmark.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 403 Forbidden
Server: nginx/1.19.5
Date: Sat, 29 Oct 2022 05:36:04 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
dismantlepenantiterrorist.com/pxf.gif?uuid=0e2ec58a-191f-466e-907e-e3762f215175&eb=f7f733e10dbfb66931f79b4d6cd2ec08&te=3a754cebd09bb2f7570f96954fbfd43e&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
173.233.137.44200 OK 1 B URL HTTP/1.1 dismantlepenantiterrorist.com/pxf.gif?uuid=0e2ec58a-191f-466e-907e-e3762f215175&eb=f7f733e10dbfb66931f79b4d6cd2ec08&te=3a754cebd09bb2f7570f96954fbfd43e&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
IP 173.233.137.44:0
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=0e2ec58a-191f-466e-907e-e3762f215175&eb=f7f733e10dbfb66931f79b4d6cd2ec08&te=3a754cebd09bb2f7570f96954fbfd43e&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: dismantlepenantiterrorist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 29 Oct 2022 05:36:04 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 64b904291657b6bdf05c1f74744d94c2
Strict-Transport-Security: max-age=0; includeSubdomains
pogothere.xyz/
172.64.173.27200 OK 0 B IP 172.64.173.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www52.davisonbarker.pro/
Origin: http://www52.davisonbarker.pro
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 29 Oct 2022 05:35:58 GMT
content-type: text/plain
set-cookie: csu=2237760722212080@1@1667021758; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://www52.davisonbarker.pro
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YccgLvvSt1e2biqIj5wNKC6eRGKr3NzTvInAsYh0Qz%2BpOihj%2F5vQqOKIDdffIYuKk%2BGq2KwwFcMoFCOnf%2BZUETmnV5Rlmo1R6nizWP%2FDTuB1Lh6E0KxSi50H5a7GujEQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76198d047d21d16c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.173.27200 OK 0 B IP 172.64.173.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www52.davisonbarker.pro/
Origin: http://www52.davisonbarker.pro
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 29 Oct 2022 05:35:58 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://www52.davisonbarker.pro
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Sat, 29 Oct 2022 05:35:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B9GxcP91zIypGnUK%2F7RJkW0TYn0%2BVvmNfLUkcnDJ3RzIG8Y3D9nAQucT5XTJOc8HTliDg1uez%2FAi4P1cl2V9WJ7tJnAWK2pFUF3bfFlZXTgWLjGdoihw49SHOtsNbaSN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76198d046d1bd16c-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www10.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=1457270&pci=5101338687&t=1667021689&dest=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe
172.67.186.48200 OK 0 B URL HTTP/2 www10.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=1457270&pci=5101338687&t=1667021689&dest=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe
IP 172.67.186.48:0
GET /pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=1457270&pci=5101338687&t=1667021689&dest=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe HTTP/1.1
Host: www10.davisonbarker.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www52.davisonbarker.pro/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 29 Oct 2022 05:35:58 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.27
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
set-cookie: lastUrlPushTmp=www10.davisonbarker.pro; secure
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q7EGkWIidm3o7OuCTUe79cbdo%2BS%2B67ALxhQPs3BDhWayRF%2BUFLGIJHm7T2WfctPydYeVUTjbQ3yLvl3K4osxGTrrXlp3C7gQL%2FVkkoDqBU6SjYGqU8ow3uKKnMSk4pDypuq%2BSwx4MEoh5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76198d06dc3bb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www10.davisonbarker.pro/
Origin: https://www10.davisonbarker.pro
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 29 Oct 2022 05:35:59 GMT
content-type: text/plain
set-cookie: csu=1796523578596377@1@1667021759; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www10.davisonbarker.pro
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3itYLSp48HlPS1uRwZsvF3EspXXvZAqMfQZRMtPQ0vJTVX0SHTCnZj7rm5i%2F66oRnlUfAu9rLGPu%2F8v%2BP%2F2Obfjk5G%2B5AlfSshEBtjpac%2F%2BZ%2Fxbc9sSnCIFis7foAmV0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76198d0e9eb3892a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www10.davisonbarker.pro/
Origin: https://www10.davisonbarker.pro
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 29 Oct 2022 05:35:59 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www10.davisonbarker.pro
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Sat, 29 Oct 2022 02:24:51 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k54wEI34nCF%2FFzf%2BRohl9VHsdRxwj7ReN0wIpHs2wt5YBRs1ROVQMh2wSmxMNE0QepWKt1uHsIzl497ysZ7mVWZmejF3gGdrq1VJgbZoX%2BHHYXl7FmWBVj0BYkUvl7RH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76198d0e9ebe892a-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
addresseepaper.com/sfp.js
172.64.193.5200 OK 0 B URL HTTP/2 addresseepaper.com/sfp.js
IP 172.64.193.5:0
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 29 Oct 2022 05:36:00 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 6c7a675f119005fbbd253ae673224deb
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 29 Oct 2022 05:35:59 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DShf7jXp5b2RKEnfrOzpHpCppo%2FNy6oIfCTaciccPdc3qBvsBYwZXhqQrkIuPUg%2FS9Zn2diIgsCqPNcytbifXFNJHrnZRkUzq6nRtjINc%2BL7r7jmYs%2F2dUAOtBJY8AcrGOlWt48%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76198d0f6dbc88b3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2