Report - www52.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=1457270&pci=5101338687&t=1667021689&dest=x19.gdl.netease.com/netease/mclauncher/version/MCLauncher.0.6.0.exe

Report Overview

Submitted URL
www52.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=1457270&pci=5101338687&t=1667021689&dest=x19.gdl.netease.com/netease/mclauncher/version/MCLauncher.0.6.0.exe
IP
104.21.92.39
ASN
#13335 CLOUDFLARENET
Submitted
2022-10-29 05:36:08
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
herhomeou.xyz	unknown	2022-10-28T18:59:40Z	2023-02-13T21:07:10Z	3.7 kB	8.4 kB	54.230.111.6
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	606 B	127 B	52.42.74.230
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	3.2 kB	60 kB	34.120.237.76
banquetunarmedgrater.com	unknown	2022-08-04T17:12:50Z	2023-03-10T13:25:26Z	382 B	327 B	192.243.59.12
www10.davisonbarker.pro	unknown	2022-07-22T02:17:32Z	2023-03-05T15:06:10Z	666 B	855 B	172.67.186.48
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	3.7 kB	9.7 kB	23.36.76.226
www52.davisonbarker.pro	unknown	2022-07-25T13:05:34Z	2023-01-06T00:48:28Z	2.3 kB	56 kB	172.67.186.48
dc5k8fg5ioc8s.cloudfront.net	unknown	2021-01-11T12:54:35Z	2023-03-10T00:24:42Z	1.9 kB	102 kB	54.230.245.26
ndandinter.hair	unknown	2022-07-21T09:11:33Z	2023-03-07T02:50:14Z	2.4 kB	364 B	44.195.137.121
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	700 B	2.0 kB	54.230.245.110
eliss-vas.com	unknown	2022-07-29T13:12:20Z	2023-03-10T01:14:01Z	1.2 kB	6.5 kB	52.2.125.79
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	1.0 kB	2.4 kB	93.184.220.29
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	333 B	229 B	34.117.237.239
slieemem.xyz	unknown	2022-10-20T23:38:21Z	2023-02-23T12:00:01Z	2.4 kB	3.1 kB	104.21.3.137
simplewebanalysis.com	unknown	2022-02-25T05:06:25Z	2023-03-10T06:13:04Z	407 B	416 B	18.193.142.27
breedingdaringconcussion.com	unknown	2022-09-02T04:45:47Z	2023-03-09T05:08:01Z	455 B	611 B	173.233.137.36
reasonablelandmark.com	unknown	2022-08-06T04:07:43Z	2023-03-10T04:04:18Z	820 B	1.2 kB	173.233.137.60
dismantlepenantiterrorist.com	17847	2021-11-01T22:12:12Z	2023-03-09T23:39:55Z	1.5 kB	846 B	173.233.137.44
pogothere.xyz	unknown	2022-09-04T21:11:25Z	2023-03-10T12:21:51Z	1.7 kB	3.4 kB	172.64.173.27
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	413 B	5.8 kB	34.160.144.191
e1.o.lencr.org	6159	2021-08-20T09:36:30Z	2023-03-10T11:39:59Z	4.7 kB	10 kB	23.36.76.226
addresseepaper.com	18169	2021-11-01T22:11:31Z	2023-03-10T16:14:48Z	368 B	960 B	172.64.193.5

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-10-29	medium	breedingdaringconcussion.com	Sinkholed
2022-10-29	medium	banquetunarmedgrater.com	Sinkholed
2022-10-29	medium	reasonablelandmark.com	Sinkholed
2022-10-29	medium	dismantlepenantiterrorist.com	Sinkholed
2022-10-29	medium	reasonablelandmark.com	Sinkholed
2022-10-29	medium	dismantlepenantiterrorist.com	Sinkholed

JavaScript (9)

	URL	Size	First Seen	Last Seen
	www52.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=1457270&pci=5101338687&t=1667021689&dest=https://x19.gdl.netease.com/netease/mclauncher/version/MCLauncher.0.6.0.exe	1.9 kB	2023-03-10	2023-03-10
Pretty URL www52.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=1457270&pci=5101338687&t=1667021689&dest=https://x19.gdl.netease.com/netease/mclauncher/version/MCLauncher.0.6.0.exe IP 172.67.186.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 17:21:51 Last Seen2023-03-10 17:21:51 Times Seen1 Hash 6285d7fe98d41add38fc30367f0b4bef e74f48a9a6b504295a613e2c33ea0cb28ae905d0 1583a6b6988e2cbb65f17766738f5846b3c5c09b3934241f77b1323ab2275e69 Loading...

	www52.davisonbarker.pro/am-push-cps.js?puid=1457270&clickid=1457270_9842773&allb=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe&ob=https%3A%2F%2Fwww10.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D1457270%26pci%3D5101338687%26t%3D1667021689%26dest%3Dhttps%253A%252F%252Fx19.gdl.netease.com%252Fnetease%252Fmclauncher%252Fversion%252FMCLauncher.0.6.0.exe&clb=https%3A%2F%2Fwww10.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D1457270%26pci%3D5101338687%26t%3D1667021689%26dest%3Dhttps%253A%252F%252Fx19.gdl.netease.com%252Fnetease%252Fmclauncher%252Fversion%252FMCLauncher.0.6.0.exe&asb=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe	103 kB	2023-03-07	2023-05-09
Pretty URL www52.davisonbarker.pro/am-push-cps.js?puid=1457270&clickid=1457270_9842773&allb=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe&ob=https%3A%2F%2Fwww10.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D1457270%26pci%3D5101338687%26t%3D1667021689%26dest%3Dhttps%253A%252F%252Fx19.gdl.netease.com%252Fnetease%252Fmclauncher%252Fversion%252FMCLauncher.0.6.0.exe&clb=https%3A%2F%2Fwww10.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D1457270%26pci%3D5101338687%26t%3D1667021689%26dest%3Dhttps%253A%252F%252Fx19.gdl.netease.com%252Fnetease%252Fmclauncher%252Fversion%252FMCLauncher.0.6.0.exe&asb=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe IP 172.67.186.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:10 Last Seen2023-05-09 22:18:41 Times Seen109 Hash eafb95fa9988e0ccd923cb9fbdbe8fb2 de2bf24b137624384369d8127b40ccb4592939ce bc4720c44ed409f268f5c7791185c5464bd750e81a4e2deb2766b6d4270b4ca8 Loading...

	dc5k8fg5ioc8s.cloudfront.net/wZ1FzWFUEPh0+ahM4F2VtVWVHb2ZBOwA3OxdsHwEmVAYlGQ0vOFUsLwNsQ345Bj8UZXMCPxBlZEEwFzpoU3cHKDoMbAY2MQI3GjYwA3cGOWgKPgkxOQswVmoTUn9DfWdXeQQxOwM+BCtwVWEdLHBVYUJoe1d0QBpwVWEEMTtRZVZrF0JjQyBjU3RAGnBVYQ-EucFQQQmhgSWFafWdXNhY7Pgh0QR5nV2BDaGRXYFZqZQE4AT0zCClWahNWYUZ2ZUEkTmk	414 B	2023-03-10	2023-03-10
Pretty URL dc5k8fg5ioc8s.cloudfront.net/wZ1FzWFUEPh0+ahM4F2VtVWVHb2ZBOwA3OxdsHwEmVAYlGQ0vOFUsLwNsQ345Bj8UZXMCPxBlZEEwFzpoU3cHKDoMbAY2MQI3GjYwA3cGOWgKPgkxOQswVmoTUn9DfWdXeQQxOwM+BCtwVWEdLHBVYUJoe1d0QBpwVWEEMTtRZVZrF0JjQyBjU3RAGnBVYQ-EucFQQQmhgSWFafWdXNhY7Pgh0QR5nV2BDaGRXYFZqZQE4AT0zCClWahNWYUZ2ZUEkTmk IP 54.230.245.26 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 17:21:51 Last Seen2023-03-10 17:21:51 Times Seen1 Hash 4aec66fbb612f5a78771dc60d85299d9 f3c01d05e7ac7f29b219fc5a6aa18d02d6371670 5824d53a72521680bec5b59eaefaf1527a56acb5d0eb735018a8e39becd8d512 Loading...

	www10.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=1457270&pci=5101338687&t=1667021689&dest=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe	1.5 kB	2023-03-10	2023-03-10
Pretty URL www10.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=1457270&pci=5101338687&t=1667021689&dest=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe IP 172.67.186.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 17:21:51 Last Seen2023-03-10 17:21:51 Times Seen1 Hash d524db8da3b49060997450f7faa6ac2f 3a951a2eca8dc4030e6d228da9e0868f8147f462 c169c8b78679e1632add0357004cac063c877eaf8ce9dbadb987ed995e2e4796 Loading...

	dc5k8fg5ioc8s.cloudfront.net/IVVlhRnc2Ng8gSCEwBXtPZ21VcURzMxIpGSVkKTQWPWogcA0xKUcyDTFkUWAbNDcGe1EwNwJ7RnM4BSRKYX8VNhg+ZBQoEzA/CCgSMX8UJ0o4NhsvGzk4RHQxYHdRY0VlcRYvGTE2FjVSZ2kPMlJnaVB2WWV8UgRSZ2kWLxljbUR1NXBrUT5BYXxSBFJnaR-MwUmYYUHZCe2lIY0VlPgQlHDp8UwBFZWhRdkZlaER0RzMwEyMROiFEdDFkaVRoR3MsXHc	414 B	2023-03-10	2023-03-10
Pretty URL dc5k8fg5ioc8s.cloudfront.net/IVVlhRnc2Ng8gSCEwBXtPZ21VcURzMxIpGSVkKTQWPWogcA0xKUcyDTFkUWAbNDcGe1EwNwJ7RnM4BSRKYX8VNhg+ZBQoEzA/CCgSMX8UJ0o4NhsvGzk4RHQxYHdRY0VlcRYvGTE2FjVSZ2kPMlJnaVB2WWV8UgRSZ2kWLxljbUR1NXBrUT5BYXxSBFJnaR-MwUmYYUHZCe2lIY0VlPgQlHDp8UwBFZWhRdkZlaER0RzMwEyMROiFEdDFkaVRoR3MsXHc IP 54.230.245.166 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 17:21:51 Last Seen2023-03-10 17:21:51 Times Seen1 Hash d29afe491966c5d2ee3095f71d6a0519 0173f9d4f02c2defae7c21b248ef6bb14618471d 6a3622f9526cfc552f933ecb120fc3ec4fd50f2e1b9d14b7f5390fb0b749fa7c Loading...

	banquetunarmedgrater.com/advertisers.js	0 B	2023-03-07	2024-04-25
Pretty URL banquetunarmedgrater.com/advertisers.js IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 17:18:44 Times Seen37067593 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	herhomeou.xyz/ZUJrQWIEIAgsXQR/CWcXFy5WZFAjZ1kHBgZ3AHkEAncCLgFdMUUiDgo3DycQCiwfbwwANk5zJBIYWgcYMgQ+BDINck5zIAQqJnUkVxQfFzUzCglzOCcNHABRKjoPMioSBwYXIzwuLBBSEw0tFBEpNSUyM1Z2XgMIXRcxGS8mEhMDDj8HLjYkHzIEFFEGCiAFDSggKhhQKBMiciUPGxwAUQYFJBYFLhIMKhoqExg2NAgtPxQMXAYNFgY9JzoQGio1JmRQJwAoNRUzFS4lLi0APRg3Ly0OcAZVEykxFTMVLgQvMTY5GzQ/MC1xKA8TEgMIMHE5ACULAD0YM0gHHiIkNBM6LAoCETwHAwMVDxksDRtcEQUNcjoTVwsUWQMmBAU5GTsjGBobMyB2KhVSHwEoLTUEKiUWOzAYWRs3ICk/LAlDKBguDBV/BxgRVhU9ADotKw	3.0 kB	2023-03-10	2023-03-10
Pretty URL herhomeou.xyz/ZUJrQWIEIAgsXQR/CWcXFy5WZFAjZ1kHBgZ3AHkEAncCLgFdMUUiDgo3DycQCiwfbwwANk5zJBIYWgcYMgQ+BDINck5zIAQqJnUkVxQfFzUzCglzOCcNHABRKjoPMioSBwYXIzwuLBBSEw0tFBEpNSUyM1Z2XgMIXRcxGS8mEhMDDj8HLjYkHzIEFFEGCiAFDSggKhhQKBMiciUPGxwAUQYFJBYFLhIMKhoqExg2NAgtPxQMXAYNFgY9JzoQGio1JmRQJwAoNRUzFS4lLi0APRg3Ly0OcAZVEykxFTMVLgQvMTY5GzQ/MC1xKA8TEgMIMHE5ACULAD0YM0gHHiIkNBM6LAoCETwHAwMVDxksDRtcEQUNcjoTVwsUWQMmBAU5GTsjGBobMyB2KhVSHwEoLTUEKiUWOzAYWRs3ICk/LAlDKBguDBV/BxgRVhU9ADotKw IP 54.230.111.6 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 17:21:51 Last Seen2023-03-10 17:21:51 Times Seen1 Hash e43260e828353e41f66eb9d7a35c09dc eff6344480baf02fa1b4fcfa522f4189a897bcf3 66d32bf4d217d7fdee305dd68fc5edab5ea07ea610d5fb9b7d6b4ffb666d2a25 Loading...

	www10.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=1457270&pci=5101338687&t=1667021689&dest=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe	70 kB	2023-03-07	2023-05-15
Pretty URL www10.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=1457270&pci=5101338687&t=1667021689&dest=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe IP 172.67.186.48 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:50:57 Last Seen2023-05-15 22:48:54 Times Seen200 Hash 89a65ce6b1af31ff4330437afdbe7728 7b70a59efda26765a821b0193df597de8f4b8d74 bf4e261b5462befef118ed2771250f3b265b874ed0ea073399ed9edf1a6e3b12 Loading...

	herhomeou.xyz/TFBtTTQtMg4gCy1tD2tBPjxQaAYKdV8LUC9lBnVSK2UEIld0I0MuWCMlCStGIz4ZY1opJEh/cgUGOyFcHj4Of3oraAoedwknLxVAHApffGIvBT83eTQZHQpnGjsmGWUbADoiUy8RXTV/GTMUCWAKOzgadS4eKS5zKWEoOno7GlofWgFkLx5mBwk1dWICOApoBg4KLxxbCSosaAYKEy4qZwEIVRh+fD9ZA1w/Jio3X3gCJRxMFRgJH218BgEuZhUmKhlxfhYHG2cWYgYdeSAaAyxiDmI6GmJ0BQofZxZiBhp4NDwHL2EeYSMVdj4FOXh2FQgVHnYKGgMsZmEdGhhZFQk4BW4PNV8hfRVgOyFkKwEBBXA8aDg6dgoKOiVmKDs3IVUJAl0fTgEnKDR5Hh8EC3EoFCsmVRoCAh8HASM1BVdqOh4iWjxtJT9VJGMse04oIA	3.0 kB	2023-03-10	2023-03-10
Pretty URL herhomeou.xyz/TFBtTTQtMg4gCy1tD2tBPjxQaAYKdV8LUC9lBnVSK2UEIld0I0MuWCMlCStGIz4ZY1opJEh/cgUGOyFcHj4Of3oraAoedwknLxVAHApffGIvBT83eTQZHQpnGjsmGWUbADoiUy8RXTV/GTMUCWAKOzgadS4eKS5zKWEoOno7GlofWgFkLx5mBwk1dWICOApoBg4KLxxbCSosaAYKEy4qZwEIVRh+fD9ZA1w/Jio3X3gCJRxMFRgJH218BgEuZhUmKhlxfhYHG2cWYgYdeSAaAyxiDmI6GmJ0BQofZxZiBhp4NDwHL2EeYSMVdj4FOXh2FQgVHnYKGgMsZmEdGhhZFQk4BW4PNV8hfRVgOyFkKwEBBXA8aDg6dgoKOiVmKDs3IVUJAl0fTgEnKDR5Hh8EC3EoFCsmVRoCAh8HASM1BVdqOh4iWjxtJT9VJGMse04oIA IP 54.230.111.9 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 17:21:51 Last Seen2023-03-10 17:21:51 Times Seen1 Hash 0a253eb401dcc8fd8980d567ce59340f d4276dfde7a8802e136d5dbf40ba0c5760c343aa c84ca1ccbd263f85a26486e12a07864ef3eeb9e43319db35facf21c52128739f Loading...

HTTP Transactions (71)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
82788b8b26eeba7f492106ea47729bbb
823b2d3c336d11064a6b809057bed46bb65a7969
7671d088ba1420ffa01dbd63c5f7ab28d52d3591bc04c4cc182d1f9e64a7f2f8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7671D088BA1420FFA01DBD63C5F7AB28D52D3591BC04C4CC182D1F9E64A7F2F8"
Last-Modified: Sat, 29 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7732
Expires: Sat, 29 Oct 2022 07:44:49 GMT
Date: Sat, 29 Oct 2022 05:35:57 GMT
Connection: keep-alive

www52.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=1457270&pci=5101338687&t=1667021689&dest=https://x19.gdl.netease.com/netease/mclauncher/version/MCLauncher.0.6.0.exe

172.67.186.48

200 OK

2.5 kB

URL HTTP/1.1
www52.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=1457270&pci=5101338687&t=1667021689&dest=https://x19.gdl.netease.com/netease/mclauncher/version/MCLauncher.0.6.0.exe
IP
172.67.186.48:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1021)
Size
2.5 kB (2474 bytes)
Hash
7e276da15b4303abdd811e32ad7d1e85
1df6137eeeb52be848772f4af26bfa7b80c73803
ff930763f48ee82fda58b6414b7151752792b73f783cbbe2647918550876655c

HTTP Headers

GET /pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=1457270&pci=5101338687&t=1667021689&dest=https://x19.gdl.netease.com/netease/mclauncher/version/MCLauncher.0.6.0.exe HTTP/1.1
Host: www52.davisonbarker.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sat, 29 Oct 2022 05:35:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/7.3.27
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
set-cookie: lastUrlPushTmp=www52.davisonbarker.pro
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a27DgR6W32RpJxnQ6oPTEF3JOuaWxDkcfQ0bkz9FHS%2FzrPKFuiDFw59QfUJ2DR0kUgHVtPD8W%2BqqI4ymct%2BIXD6uAlrxpdu7rH2TFvLv0WmLZTWq88MIic3jw9Cf0tgM9jquWvljttKgYg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76198cfe0b80b4f3-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
922281894182eba1fc67c2d8678e3238
e169209341b09bf4f14ebb3fc7c07b03f2121bf1
37516083f7655af68d7e426efca6f9f3709a80318ac7bb8cc492c183916141b1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2046
Cache-Control: max-age=102556
Content-Type: application/ocsp-response
Date: Sat, 29 Oct 2022 05:35:57 GMT
Etag: "635ba15b-1d7"
Expires: Sun, 30 Oct 2022 10:05:13 GMT
Last-Modified: Fri, 28 Oct 2022 09:31:07 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
922281894182eba1fc67c2d8678e3238
e169209341b09bf4f14ebb3fc7c07b03f2121bf1
37516083f7655af68d7e426efca6f9f3709a80318ac7bb8cc492c183916141b1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2046
Cache-Control: max-age=102556
Content-Type: application/ocsp-response
Date: Sat, 29 Oct 2022 05:35:57 GMT
Etag: "635ba15b-1d7"
Expires: Sun, 30 Oct 2022 10:05:13 GMT
Last-Modified: Fri, 28 Oct 2022 09:31:07 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
22eebb819dc140cc288474d9891526b4
45c18772664e9e3efb6a44d7da93699c81f71827
ce6a96e470dbfb48ff42fdaf5eaa464a87dc60b495e3e2767086ec0b6564fdd7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE6A96E470DBFB48FF42FDAF5EAA464A87DC60B495E3E2767086EC0B6564FDD7"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3840
Expires: Sat, 29 Oct 2022 06:39:57 GMT
Date: Sat, 29 Oct 2022 05:35:57 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: NGmJNeZ3m8jti96eqDOIPou6XvMNt+hz6uPxnCOJoU9Tl9vGPLDTGqiCEbGWW7sq8nFMK/En1fU=
x-amz-request-id: JK5SEXASECWW0NTT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 29 Oct 2022 05:10:33 GMT
age: 1524
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 29 Oct 2022 05:35:57 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473

54.230.245.26

200 OK

50 kB

URL HTTP/1.1
dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
IP
54.230.245.26:0
ASN
#16509 AMAZON-02

File type
Unicode text, UTF-8 text, with very long lines (15952)
Size
50 kB (49670 bytes)
Hash
78d09368bd62ea4f3b30ed4ff19e40a5
4f7dd4ff922a12217da1ef43653bac0085697c07
b55c1df3ee601759faad96d84c24aade54500fe4134caa715ae930e237f62110

HTTP Headers

GET /?gfkcd=824473 HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www52.davisonbarker.pro/

HTTP/1.1 200 OK
Content-Length: 49670
Connection: keep-alive
Date: Sat, 29 Oct 2022 05:35:57 GMT
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: NAA2hwT1Tl6ZBPtq9zDocIPACcth7twwdogrb2Km62bhIy6mpUrqeQ==

www52.davisonbarker.pro/static/image/logo.png

172.67.186.48

200 OK

11 kB

URL HTTP/1.1
www52.davisonbarker.pro/static/image/logo.png
IP
172.67.186.48:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 185 x 90, 8-bit/color RGBA, non-interlaced\012- data
Size
11 kB (10726 bytes)
Hash
f819716ccd5a0e06aecdb273cfb4ccbe
f60bad9a95299264085d01c9705b03c768a71da8
196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a

HTTP Headers

GET /static/image/logo.png HTTP/1.1
Host: www52.davisonbarker.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www52.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=1457270&pci=5101338687&t=1667021689&dest=https://x19.gdl.netease.com/netease/mclauncher/version/MCLauncher.0.6.0.exe

HTTP/1.1 200 OK
Date: Sat, 29 Oct 2022 05:35:57 GMT
Content-Type: image/png
Content-Length: 10726
Connection: keep-alive
cache-control: public, max-age=604800
expires: Sat, 05 Nov 2022 05:35:57 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "29e6-5faa60e6-b22ed065d915c717;;;"
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GUANFWOXIvPXqNzmpasJxiyi1DDhkOPUn%2BuRhNWjkliPjF6VsuZJSzkfKwOpsHbTuYmEbCVUoTPuX4tzYzWE20ddF2M0cc1OzKIT5vVRk%2B%2Fs06JUSP8TCorsGMli4yC2aWUgng1GHZ3lug%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76198d010d44b4f3-OSL
alt-svc: h2=":443"; ma=60

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
5a49b861d9c18847bb396fe518a7373d
4d40971f23898c64c1badbfce7eddf6d6ab7e713
6fb409ac009d3034b03e336cc82d45e94768d386febbc581bf072da9dd8bdcc5

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6FB409AC009D3034B03E336CC82D45E94768D386FEBBC581BF072DA9DD8BDCC5"
Last-Modified: Thu, 27 Oct 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6257
Expires: Sat, 29 Oct 2022 07:20:14 GMT
Date: Sat, 29 Oct 2022 05:35:57 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
5a49b861d9c18847bb396fe518a7373d
4d40971f23898c64c1badbfce7eddf6d6ab7e713
6fb409ac009d3034b03e336cc82d45e94768d386febbc581bf072da9dd8bdcc5

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6FB409AC009D3034B03E336CC82D45E94768D386FEBBC581BF072DA9DD8BDCC5"
Last-Modified: Thu, 27 Oct 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6257
Expires: Sat, 29 Oct 2022 07:20:14 GMT
Date: Sat, 29 Oct 2022 05:35:57 GMT
Connection: keep-alive

herhomeou.xyz/ZUJrQWIEIAgsXQR/CWcXFy5WZFAjZ1kHBgZ3AHkEAncCLgFdMUUiDgo3DycQCiwfbwwANk5zJBIYWgcYMgQ+BDINck5zIAQqJnUkVxQfFzUzCglzOCcNHABRKjoPMioSBwYXIzwuLBBSEw0tFBEpNSUyM1Z2XgMIXRcxGS8mEhMDDj8HLjYkHzIEFFEGCiAFDSggKhhQKBMiciUPGxwAUQYFJBYFLhIMKhoqExg2NAgtPxQMXAYNFgY9JzoQGio1JmRQJwAoNRUzFS4lLi0APRg3Ly0OcAZVEykxFTMVLgQvMTY5GzQ/MC1xKA8TEgMIMHE5ACULAD0YM0gHHiIkNBM6LAoCETwHAwMVDxksDRtcEQUNcjoTVwsUWQMmBAU5GTsjGBobMyB2KhVSHwEoLTUEKiUWOzAYWRs3ICk/LAlDKBguDBV/BxgRVhU9ADotKw

54.230.111.6

200 OK

1.2 kB

URL HTTP/1.1
herhomeou.xyz/ZUJrQWIEIAgsXQR/CWcXFy5WZFAjZ1kHBgZ3AHkEAncCLgFdMUUiDgo3DycQCiwfbwwANk5zJBIYWgcYMgQ+BDINck5zIAQqJnUkVxQfFzUzCglzOCcNHABRKjoPMioSBwYXIzwuLBBSEw0tFBEpNSUyM1Z2XgMIXRcxGS8mEhMDDj8HLjYkHzIEFFEGCiAFDSggKhhQKBMiciUPGxwAUQYFJBYFLhIMKhoqExg2NAgtPxQMXAYNFgY9JzoQGio1JmRQJwAoNRUzFS4lLi0APRg3Ly0OcAZVEykxFTMVLgQvMTY5GzQ/MC1xKA8TEgMIMHE5ACULAD0YM0gHHiIkNBM6LAoCETwHAwMVDxksDRtcEQUNcjoTVwsUWQMmBAU5GTsjGBobMyB2KhVSHwEoLTUEKiUWOzAYWRs3ICk/LAlDKBguDBV/BxgRVhU9ADotKw
IP
54.230.111.6:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3035), with no line terminators
Size
1.2 kB (1185 bytes)
Hash
5bbe39c1cbdcd1279b1ccbd92cfd6228
5af1d44b9c0a5da15b7c59475790e746481c1c43
6420e642051a43f6da1fe6284f8aa877ec12e64c56c0d4b6883e066824906003

HTTP Headers

GET /ZUJrQWIEIAgsXQR/CWcXFy5WZFAjZ1kHBgZ3AHkEAncCLgFdMUUiDgo3DycQCiwfbwwANk5zJBIYWgcYMgQ+BDINck5zIAQqJnUkVxQfFzUzCglzOCcNHABRKjoPMioSBwYXIzwuLBBSEw0tFBEpNSUyM1Z2XgMIXRcxGS8mEhMDDj8HLjYkHzIEFFEGCiAFDSggKhhQKBMiciUPGxwAUQYFJBYFLhIMKhoqExg2NAgtPxQMXAYNFgY9JzoQGio1JmRQJwAoNRUzFS4lLi0APRg3Ly0OcAZVEykxFTMVLgQvMTY5GzQ/MC1xKA8TEgMIMHE5ACULAD0YM0gHHiIkNBM6LAoCETwHAwMVDxksDRtcEQUNcjoTVwsUWQMmBAU5GTsjGBobMyB2KhVSHwEoLTUEKiUWOzAYWRs3ICk/LAlDKBguDBV/BxgRVhU9ADotKw HTTP/1.1
Host: herhomeou.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www52.davisonbarker.pro/
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1185
Connection: keep-alive
Date: Sat, 29 Oct 2022 05:35:57 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Ln-3egxuSD5M8CP04fFqb8lOdeRpCdqdoCOBNjy4o6nO7U0LwKPbiA==

www52.davisonbarker.pro/am-push-cps.js?puid=1457270&clickid=1457270_9842773&allb=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe&ob=https%3A%2F%2Fwww10.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D1457270%26pci%3D5101338687%26t%3D1667021689%26dest%3Dhttps%253A%252F%252Fx19.gdl.netease.com%252Fnetease%252Fmclauncher%252Fversion%252FMCLauncher.0.6.0.exe&clb=https%3A%2F%2Fwww10.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D1457270%26pci%3D5101338687%26t%3D1667021689%26dest%3Dhttps%253A%252F%252Fx19.gdl.netease.com%252Fnetease%252Fmclauncher%252Fversion%252FMCLauncher.0.6.0.exe&asb=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe

172.67.186.48

200 OK

40 kB

URL HTTP/1.1
www52.davisonbarker.pro/am-push-cps.js?puid=1457270&clickid=1457270_9842773&allb=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe&ob=https%3A%2F%2Fwww10.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D1457270%26pci%3D5101338687%26t%3D1667021689%26dest%3Dhttps%253A%252F%252Fx19.gdl.netease.com%252Fnetease%252Fmclauncher%252Fversion%252FMCLauncher.0.6.0.exe&clb=https%3A%2F%2Fwww10.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D1457270%26pci%3D5101338687%26t%3D1667021689%26dest%3Dhttps%253A%252F%252Fx19.gdl.netease.com%252Fnetease%252Fmclauncher%252Fversion%252FMCLauncher.0.6.0.exe&asb=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe
IP
172.67.186.48:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
40 kB (40440 bytes)
Hash
845473a7fd284503f57855602add14fd
2974d9f2091d778fb076ebda7e908a1a029e38e5
7763be30b9a78bac4c785a49b0ee887135f9c2185689e8a31f630adfd26506ff

HTTP Headers

GET /am-push-cps.js?puid=1457270&clickid=1457270_9842773&allb=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe&ob=https%3A%2F%2Fwww10.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D1457270%26pci%3D5101338687%26t%3D1667021689%26dest%3Dhttps%253A%252F%252Fx19.gdl.netease.com%252Fnetease%252Fmclauncher%252Fversion%252FMCLauncher.0.6.0.exe&clb=https%3A%2F%2Fwww10.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D1457270%26pci%3D5101338687%26t%3D1667021689%26dest%3Dhttps%253A%252F%252Fx19.gdl.netease.com%252Fnetease%252Fmclauncher%252Fversion%252FMCLauncher.0.6.0.exe&asb=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe HTTP/1.1
Host: www52.davisonbarker.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www52.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=3&ppi=1457270&pci=5101338687&t=1667021689&dest=https://x19.gdl.netease.com/netease/mclauncher/version/MCLauncher.0.6.0.exe

HTTP/1.1 200 OK
Date: Sat, 29 Oct 2022 05:35:57 GMT
Content-Type: application/x-javascript
Content-Length: 40440
Connection: keep-alive
cache-control: public, max-age=604800
expires: Sat, 05 Nov 2022 05:35:44 GMT
last-modified: Mon, 08 Aug 2022 14:16:52 GMT
etag: "19284-62f11ad4-dcbd68a41223eabf;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mtSq0gFtWxb0F5s72mVJGEpqJtHispsHfF%2Bwflroly0wu7NlwYkENW4uQL3MolTh1wkILhWQwepxxTPzIAYPSAtheWDe4WxRzz8HkjCfDlYw80J%2FiBLc0wd%2F42XUwUgNX%2F4mgLXQ1WjWtg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 76198d012fd20b49-OSL
alt-svc: h2=":443"; ma=60

slieemem.xyz/cEpzNkNfdRBFfiUPIgIZJSYDUhIyHhZhL0MJQlJ3KXkyfxUoOVVCKhR3SwR3RH1AEDMZLk4FcVY5B1c3BTlOB2UZJBVZflY8TgZtSGRCBm1AbAYLclY+A1ckTXtVRjcEJk4HdUZ9QwRyR39GD3ZF

104.21.3.137

204 No Content

0 B

URL HTTP/2
slieemem.xyz/cEpzNkNfdRBFfiUPIgIZJSYDUhIyHhZhL0MJQlJ3KXkyfxUoOVVCKhR3SwR3RH1AEDMZLk4FcVY5B1c3BTlOB2UZJBVZflY8TgZtSGRCBm1AbAYLclY+A1ckTXtVRjcEJk4HdUZ9QwRyR39GD3ZF
IP
104.21.3.137:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cEpzNkNfdRBFfiUPIgIZJSYDUhIyHhZhL0MJQlJ3KXkyfxUoOVVCKhR3SwR3RH1AEDMZLk4FcVY5B1c3BTlOB2UZJBVZflY8TgZtSGRCBm1AbAYLclY+A1ckTXtVRjcEJk4HdUZ9QwRyR39GD3ZF HTTP/1.1
Host: slieemem.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www52.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Sat, 29 Oct 2022 05:35:58 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C5s5n%2B5ARTI6JGz%2BNRhrvWvPi6TqGBzCYuFKWQtvTmsQsy%2BM06HqqT%2Fxh3djcYfxLZvSUBPkBb6fpJ3gf%2B6KzzyHe1PM0gtfhPSMjWCKfus4nmgV9WciGRGIsESfyIQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76198d02cfe3b4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

slieemem.xyz/WE1GQ3B3ciUwTQsLABA9ajU+Gjc3Cx4LNjEUFwUUPX8QKjFpeWA3GTxwfnFEbHp1ZQAxKXtwQn4+MiIELT57cUBoemAqHj4ie3FWLnB2bUh2fHZtQH44e3JWLD0nJE1pazY3BDRwd3VGb310ckdteH92SA

104.21.3.137

204 No Content

0 B

URL HTTP/2
slieemem.xyz/WE1GQ3B3ciUwTQsLABA9ajU+Gjc3Cx4LNjEUFwUUPX8QKjFpeWA3GTxwfnFEbHp1ZQAxKXtwQn4+MiIELT57cUBoemAqHj4ie3FWLnB2bUh2fHZtQH44e3JWLD0nJE1pazY3BDRwd3VGb310ckdteH92SA
IP
104.21.3.137:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /WE1GQ3B3ciUwTQsLABA9ajU+Gjc3Cx4LNjEUFwUUPX8QKjFpeWA3GTxwfnFEbHp1ZQAxKXtwQn4+MiIELT57cUBoemAqHj4ie3FWLnB2bUh2fHZtQH44e3JWLD0nJE1pazY3BDRwd3VGb310ckdteH92SA HTTP/1.1
Host: slieemem.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www52.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Sat, 29 Oct 2022 05:35:58 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hTWx%2F2IU8MXQ8OsZN3MHb0ne7Kqf4pzB024oFW7tYMwnjzasu%2FBaA6MJp1JbIe%2BLlDP2nuDfU6O%2FOxLjGYCmAJK4GUPO5FT9VnKUjadVIKmqFPzhGbn292VZ6EN%2BNhw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76198d02dfebb4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
5a49b861d9c18847bb396fe518a7373d
4d40971f23898c64c1badbfce7eddf6d6ab7e713
6fb409ac009d3034b03e336cc82d45e94768d386febbc581bf072da9dd8bdcc5

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6FB409AC009D3034B03E336CC82D45E94768D386FEBBC581BF072DA9DD8BDCC5"
Last-Modified: Thu, 27 Oct 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6256
Expires: Sat, 29 Oct 2022 07:20:14 GMT
Date: Sat, 29 Oct 2022 05:35:58 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.76.226

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
36a3eefd0dee1f7e167373449e8c55ac
c6d0b917baab60c1eb4befdb6ebf7ae9d588d5b7
73f9b6126e2397cce56ec65fa758ff15fea0e0e10d7d9d079eec54e7cdea512b

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "73F9B6126E2397CCE56EC65FA758FF15FEA0E0E10D7D9D079EEC54E7CDEA512B"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6087
Expires: Sat, 29 Oct 2022 07:17:25 GMT
Date: Sat, 29 Oct 2022 05:35:58 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.76.226

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
36a3eefd0dee1f7e167373449e8c55ac
c6d0b917baab60c1eb4befdb6ebf7ae9d588d5b7
73f9b6126e2397cce56ec65fa758ff15fea0e0e10d7d9d079eec54e7cdea512b

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "73F9B6126E2397CCE56EC65FA758FF15FEA0E0E10D7D9D079EEC54E7CDEA512B"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6087
Expires: Sat, 29 Oct 2022 07:17:25 GMT
Date: Sat, 29 Oct 2022 05:35:58 GMT
Connection: keep-alive

herhomeou.xyz/utx?cb=uO6hk04mmtfX&top=www52.davisonbarker.pro&tid=824473

54.230.111.6

204 No Content

0 B

URL HTTP/2
herhomeou.xyz/utx?cb=uO6hk04mmtfX&top=www52.davisonbarker.pro&tid=824473
IP
54.230.111.6:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=uO6hk04mmtfX&top=www52.davisonbarker.pro&tid=824473 HTTP/1.1
Host: herhomeou.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www52.davisonbarker.pro
Connection: keep-alive
Referer: http://www52.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Sat, 29 Oct 2022 05:35:58 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www52.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 29 Oct 2022 05:36:58 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uPWAHEgBpS-FGsuD6XHGghsNAkZqzxnPCe-2Z43P5lPGjHeVHM2prw==
X-Firefox-Spdy: h2

dc5k8fg5ioc8s.cloudfront.net/wZ1FzWFUEPh0+ahM4F2VtVWVHb2ZBOwA3OxdsHwEmVAYlGQ0vOFUsLwNsQ345Bj8UZXMCPxBlZEEwFzpoU3cHKDoMbAY2MQI3GjYwA3cGOWgKPgkxOQswVmoTUn9DfWdXeQQxOwM+BCtwVWEdLHBVYUJoe1d0QBpwVWEEMTtRZVZrF0JjQyBjU3RAGnBVYQ-EucFQQQmhgSWFafWdXNhY7Pgh0QR5nV2BDaGRXYFZqZQE4AT0zCClWahNWYUZ2ZUEkTmk

54.230.245.26

200 OK

330 B

URL HTTP/1.1
dc5k8fg5ioc8s.cloudfront.net/wZ1FzWFUEPh0+ahM4F2VtVWVHb2ZBOwA3OxdsHwEmVAYlGQ0vOFUsLwNsQ345Bj8UZXMCPxBlZEEwFzpoU3cHKDoMbAY2MQI3GjYwA3cGOWgKPgkxOQswVmoTUn9DfWdXeQQxOwM+BCtwVWEdLHBVYUJoe1d0QBpwVWEEMTtRZVZrF0JjQyBjU3RAGnBVYQ-EucFQQQmhgSWFafWdXNhY7Pgh0QR5nV2BDaGRXYFZqZQE4AT0zCClWahNWYUZ2ZUEkTmk
IP
54.230.245.26:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (414), with no line terminators
Size
330 B (330 bytes)
Hash
45bdbfe90b14878bed9a0786abf3315a
c6e7fd2eba951403b8ba375c0ca507067538532e
38d07c15ed6e36fe9ce688781562b24ea4396348ac55bade4de03f7795ab7724

HTTP Headers

GET /wZ1FzWFUEPh0+ahM4F2VtVWVHb2ZBOwA3OxdsHwEmVAYlGQ0vOFUsLwNsQ345Bj8UZXMCPxBlZEEwFzpoU3cHKDoMbAY2MQI3GjYwA3cGOWgKPgkxOQswVmoTUn9DfWdXeQQxOwM+BCtwVWEdLHBVYUJoe1d0QBpwVWEEMTtRZVZrF0JjQyBjU3RAGnBVYQ-EucFQQQmhgSWFafWdXNhY7Pgh0QR5nV2BDaGRXYFZqZQE4AT0zCClWahNWYUZ2ZUEkTmk HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://herhomeou.xyz/

HTTP/1.1 200 OK
Content-Length: 330
Connection: keep-alive
Date: Sat, 29 Oct 2022 05:35:58 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: yU-r7ovdnwjg6RAV3TuSYkB_aQp02SLjs74jQKeyMb3fXOtRWtTNag==

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
6b7c0ce49b8ebb90707ec439581bc979
1affe02f362f59f8acaaa2cc16185fc2942a82cf
99057099a66b378f0825443f175ad6f84a9f69c0abb8f8db546eb348de4facb4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3297
Cache-Control: max-age=98747
Content-Type: application/ocsp-response
Date: Sat, 29 Oct 2022 05:35:58 GMT
Etag: "635b8d98-1d7"
Expires: Sun, 30 Oct 2022 09:01:45 GMT
Last-Modified: Fri, 28 Oct 2022 08:06:48 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

e1.o.lencr.org/

23.36.76.226

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
36a3eefd0dee1f7e167373449e8c55ac
c6d0b917baab60c1eb4befdb6ebf7ae9d588d5b7
73f9b6126e2397cce56ec65fa758ff15fea0e0e10d7d9d079eec54e7cdea512b

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "73F9B6126E2397CCE56EC65FA758FF15FEA0E0E10D7D9D079EEC54E7CDEA512B"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6087
Expires: Sat, 29 Oct 2022 07:17:25 GMT
Date: Sat, 29 Oct 2022 05:35:58 GMT
Connection: keep-alive

ndandinter.hair/MjJaeTZJECkOaUdANlsMEFouDUYIHXUOQUUHaFdSU0QzCllcUDsLXVdAdAlEXR07FBtCRykRG1FCKVdcQQ0qDF9WD2tNAwUAbUkQUV4zGl1bVmdIAgcFaE4GbQtiTQQFBWlfV15eOEReRkYqChMBc39LcBcAHAEHCxw9HVocXD8NU1NBP1dVXV9%2FS3BcVy4cV0FXf0twX1E2GENcUTIcRBcAHA9TQEEzFlgXABw0dX5TLxdVWlcoVwYcBHRJGFdKP19ZUA8yDUJCQX9KdxcAHFwEdEUtDgcCHD4YQFtBNRdUU0AxHEQcQigWEwB0KgxFWkA%2FHV9AVzkNEwB0f0pwRl8qXAV2A39LAFxXLg5ZQFl%2FSnIBF2hPX11Bf0pyAhdoT0VbRj9cBXZTPh9aSxdoT1UXAR5NEwAEKglfFwEeSAIHBWhOBhcAbAlVWxdpPQMDAmtKBQoEYk4TAAQuXAV2A2xPAQIAa08OCxdoT1JXQS5cBXZaLg1GQRdoTAVzF2hMBHQXaEwEdEprQBhVVjZXWFdGPxhFVxw5FlsXAG9LcFxXLhxXQVd%2FSwMAdDcaWlNHNBpeV0B%2FSwMAdCwcREFbNRcTAAdoP3txfjsMWFFaPwsYAhxsVwYcVyIcEFFeOEReRkYqChMBc39LcBcAHA5BRQNqV1JTRDMKWVxQOwtdV0B0CURdF2g%2FRkdBMgtTVlsoHFVGF2g%2FEwF0LhRGFwEeSxMABDQcQkVdKBITAXZpXAQEWzUKEwF2alwEBEEzDVMXAR4YUlReI1wEBFF%2FSnIGF2hPRkJbf0pyAwZvTgQFAn9LAEJRM1wFdgdrSQcBAWJPDgUXaE9CFwEeSAAEBWpLBwQKY1wEBFY%2FCkIXAR4RQkZCKVwEBwEbXAQHABxcBAcAHAEHCxw9HVocXD8NU1NBP1dVXV9%2FSwMAdDQcQldTKRwTAAdoP1tRXjsMWFFaPwsTAAdoP0BXQCkQWVwXaEwEdH8ZNVdHXDkRU0AcalcAHAJ0HE5XFDsKVA9aLg1GQRdpOBMAdH9LcEoDY1dRVl50F1NGVzsKUxxRNRQTAHQ0HEJXUykcEwB0NxpaU0c0Gl5XQH9LcERXKApfXVx%2FS3B%2FcRYYQ1xRMhxEHAJ0TxgCHD8BUxAeeApbVBBgSBoQQTcPFAgQblcFEB54DVdVbTMdFAgQYkgOAApsWxoQQS8baVtWa1sMEANuTAEABWpbGhBBLxtpW1ZoWwwQA25MAQAFaiYPCgZoTgEBEHZbV15eOFsMEFouDUZBCHVWTgMLdB5SXhw0HEJXUykcGFFdN1ZYV0Y%2FGEVXHTcaWlNHNBpeV0B1D1NAQTMWWB1%2FGTVXR1w5EVNAHGpXABwCdBxOVxB2W1lQEGBbXkZGKgoMHR0tDkEDAnQdV0RbKRZYUFMoElNAHCoLWR1CLwpeQFc%2BEERXUS5WCUZfKkQHFFw%2FDUFdQDFEBRRbNQoLAhQpEEJXDzsdUF5LfBoLBhQqCV8PA25MAQAFal9GUVtnTAcCA2lKDgQKbV9CDwNsTwECAGtPDgsUPhxFRg8yDUJCQX9KdxcAHFwEdEprQBhVVjZXWFdGPxhFVxw5FlsXABwXU0ZXOwpTFwAcFFVeUy8XVVpXKFwEdEQ%2FC0VbXTRcBHR%2FGTVXR1w5EVNAHGpXABwCdBxOVxB2W1VeUHhDFFpGLglFCB11DkFFA2pXUlNEMwpZXFA7C11XQHQJRF0dKgxFWkA%2FHV9AVzkNGQ1GNwkLABQ0HEJFXSgSCwEUMxZFDwJ8Cl9GV2cYUlReI19VDwZ8CUZbD2tNAwUAbUkQQlEzRAMDAmtKBQoEYk4QRg9rTwAFAmhIAAoLfB1TQUZnEUJGQilcBXMXaD8TAHQiSA8cVT4VGFxXLhxXQVd0GllfF2g%2FWFdGPxhFVxdoP1tRXjsMWFFaPwsTAHQsHERBWzUXEwB0Fzp6U0c0Gl5XQHRJGAQcaldTSld4VRRTQThbDBBaLg1GQQh1Vk4DC3QeUl4cNBxCV1MpHBhRXTdWWFdGPxhFVx03GlpTRzQaXldAdQ9TQEEzFlgdfxk1V0dcORFTQBxqVwAcAnQcTlcQJw

44.195.137.121

502 Bad Gateway

0 B

URL HTTP/1.1
ndandinter.hair/MjJaeTZJECkOaUdANlsMEFouDUYIHXUOQUUHaFdSU0QzCllcUDsLXVdAdAlEXR07FBtCRykRG1FCKVdcQQ0qDF9WD2tNAwUAbUkQUV4zGl1bVmdIAgcFaE4GbQtiTQQFBWlfV15eOEReRkYqChMBc39LcBcAHAEHCxw9HVocXD8NU1NBP1dVXV9%2FS3BcVy4cV0FXf0twX1E2GENcUTIcRBcAHA9TQEEzFlgXABw0dX5TLxdVWlcoVwYcBHRJGFdKP19ZUA8yDUJCQX9KdxcAHFwEdEUtDgcCHD4YQFtBNRdUU0AxHEQcQigWEwB0KgxFWkA%2FHV9AVzkNEwB0f0pwRl8qXAV2A39LAFxXLg5ZQFl%2FSnIBF2hPX11Bf0pyAhdoT0VbRj9cBXZTPh9aSxdoT1UXAR5NEwAEKglfFwEeSAIHBWhOBhcAbAlVWxdpPQMDAmtKBQoEYk4TAAQuXAV2A2xPAQIAa08OCxdoT1JXQS5cBXZaLg1GQRdoTAVzF2hMBHQXaEwEdEprQBhVVjZXWFdGPxhFVxw5FlsXAG9LcFxXLhxXQVd%2FSwMAdDcaWlNHNBpeV0B%2FSwMAdCwcREFbNRcTAAdoP3txfjsMWFFaPwsYAhxsVwYcVyIcEFFeOEReRkYqChMBc39LcBcAHA5BRQNqV1JTRDMKWVxQOwtdV0B0CURdF2g%2FRkdBMgtTVlsoHFVGF2g%2FEwF0LhRGFwEeSxMABDQcQkVdKBITAXZpXAQEWzUKEwF2alwEBEEzDVMXAR4YUlReI1wEBFF%2FSnIGF2hPRkJbf0pyAwZvTgQFAn9LAEJRM1wFdgdrSQcBAWJPDgUXaE9CFwEeSAAEBWpLBwQKY1wEBFY%2FCkIXAR4RQkZCKVwEBwEbXAQHABxcBAcAHAEHCxw9HVocXD8NU1NBP1dVXV9%2FSwMAdDQcQldTKRwTAAdoP1tRXjsMWFFaPwsTAAdoP0BXQCkQWVwXaEwEdH8ZNVdHXDkRU0AcalcAHAJ0HE5XFDsKVA9aLg1GQRdpOBMAdH9LcEoDY1dRVl50F1NGVzsKUxxRNRQTAHQ0HEJXUykcEwB0NxpaU0c0Gl5XQH9LcERXKApfXVx%2FS3B%2FcRYYQ1xRMhxEHAJ0TxgCHD8BUxAeeApbVBBgSBoQQTcPFAgQblcFEB54DVdVbTMdFAgQYkgOAApsWxoQQS8baVtWa1sMEANuTAEABWpbGhBBLxtpW1ZoWwwQA25MAQAFaiYPCgZoTgEBEHZbV15eOFsMEFouDUZBCHVWTgMLdB5SXhw0HEJXUykcGFFdN1ZYV0Y%2FGEVXHTcaWlNHNBpeV0B1D1NAQTMWWB1%2FGTVXR1w5EVNAHGpXABwCdBxOVxB2W1lQEGBbXkZGKgoMHR0tDkEDAnQdV0RbKRZYUFMoElNAHCoLWR1CLwpeQFc%2BEERXUS5WCUZfKkQHFFw%2FDUFdQDFEBRRbNQoLAhQpEEJXDzsdUF5LfBoLBhQqCV8PA25MAQAFal9GUVtnTAcCA2lKDgQKbV9CDwNsTwECAGtPDgsUPhxFRg8yDUJCQX9KdxcAHFwEdEprQBhVVjZXWFdGPxhFVxw5FlsXABwXU0ZXOwpTFwAcFFVeUy8XVVpXKFwEdEQ%2FC0VbXTRcBHR%2FGTVXR1w5EVNAHGpXABwCdBxOVxB2W1VeUHhDFFpGLglFCB11DkFFA2pXUlNEMwpZXFA7C11XQHQJRF0dKgxFWkA%2FHV9AVzkNGQ1GNwkLABQ0HEJFXSgSCwEUMxZFDwJ8Cl9GV2cYUlReI19VDwZ8CUZbD2tNAwUAbUkQQlEzRAMDAmtKBQoEYk4QRg9rTwAFAmhIAAoLfB1TQUZnEUJGQilcBXMXaD8TAHQiSA8cVT4VGFxXLhxXQVd0GllfF2g%2FWFdGPxhFVxdoP1tRXjsMWFFaPwsTAHQsHERBWzUXEwB0Fzp6U0c0Gl5XQHRJGAQcaldTSld4VRRTQThbDBBaLg1GQQh1Vk4DC3QeUl4cNBxCV1MpHBhRXTdWWFdGPxhFVx03GlpTRzQaXldAdQ9TQEEzFlgdfxk1V0dcORFTQBxqVwAcAnQcTlcQJw
IP
44.195.137.121:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /MjJaeTZJECkOaUdANlsMEFouDUYIHXUOQUUHaFdSU0QzCllcUDsLXVdAdAlEXR07FBtCRykRG1FCKVdcQQ0qDF9WD2tNAwUAbUkQUV4zGl1bVmdIAgcFaE4GbQtiTQQFBWlfV15eOEReRkYqChMBc39LcBcAHAEHCxw9HVocXD8NU1NBP1dVXV9%2FS3BcVy4cV0FXf0twX1E2GENcUTIcRBcAHA9TQEEzFlgXABw0dX5TLxdVWlcoVwYcBHRJGFdKP19ZUA8yDUJCQX9KdxcAHFwEdEUtDgcCHD4YQFtBNRdUU0AxHEQcQigWEwB0KgxFWkA%2FHV9AVzkNEwB0f0pwRl8qXAV2A39LAFxXLg5ZQFl%2FSnIBF2hPX11Bf0pyAhdoT0VbRj9cBXZTPh9aSxdoT1UXAR5NEwAEKglfFwEeSAIHBWhOBhcAbAlVWxdpPQMDAmtKBQoEYk4TAAQuXAV2A2xPAQIAa08OCxdoT1JXQS5cBXZaLg1GQRdoTAVzF2hMBHQXaEwEdEprQBhVVjZXWFdGPxhFVxw5FlsXAG9LcFxXLhxXQVd%2FSwMAdDcaWlNHNBpeV0B%2FSwMAdCwcREFbNRcTAAdoP3txfjsMWFFaPwsYAhxsVwYcVyIcEFFeOEReRkYqChMBc39LcBcAHA5BRQNqV1JTRDMKWVxQOwtdV0B0CURdF2g%2FRkdBMgtTVlsoHFVGF2g%2FEwF0LhRGFwEeSxMABDQcQkVdKBITAXZpXAQEWzUKEwF2alwEBEEzDVMXAR4YUlReI1wEBFF%2FSnIGF2hPRkJbf0pyAwZvTgQFAn9LAEJRM1wFdgdrSQcBAWJPDgUXaE9CFwEeSAAEBWpLBwQKY1wEBFY%2FCkIXAR4RQkZCKVwEBwEbXAQHABxcBAcAHAEHCxw9HVocXD8NU1NBP1dVXV9%2FSwMAdDQcQldTKRwTAAdoP1tRXjsMWFFaPwsTAAdoP0BXQCkQWVwXaEwEdH8ZNVdHXDkRU0AcalcAHAJ0HE5XFDsKVA9aLg1GQRdpOBMAdH9LcEoDY1dRVl50F1NGVzsKUxxRNRQTAHQ0HEJXUykcEwB0NxpaU0c0Gl5XQH9LcERXKApfXVx%2FS3B%2FcRYYQ1xRMhxEHAJ0TxgCHD8BUxAeeApbVBBgSBoQQTcPFAgQblcFEB54DVdVbTMdFAgQYkgOAApsWxoQQS8baVtWa1sMEANuTAEABWpbGhBBLxtpW1ZoWwwQA25MAQAFaiYPCgZoTgEBEHZbV15eOFsMEFouDUZBCHVWTgMLdB5SXhw0HEJXUykcGFFdN1ZYV0Y%2FGEVXHTcaWlNHNBpeV0B1D1NAQTMWWB1%2FGTVXR1w5EVNAHGpXABwCdBxOVxB2W1lQEGBbXkZGKgoMHR0tDkEDAnQdV0RbKRZYUFMoElNAHCoLWR1CLwpeQFc%2BEERXUS5WCUZfKkQHFFw%2FDUFdQDFEBRRbNQoLAhQpEEJXDzsdUF5LfBoLBhQqCV8PA25MAQAFal9GUVtnTAcCA2lKDgQKbV9CDwNsTwECAGtPDgsUPhxFRg8yDUJCQX9KdxcAHFwEdEprQBhVVjZXWFdGPxhFVxw5FlsXABwXU0ZXOwpTFwAcFFVeUy8XVVpXKFwEdEQ%2FC0VbXTRcBHR%2FGTVXR1w5EVNAHGpXABwCdBxOVxB2W1VeUHhDFFpGLglFCB11DkFFA2pXUlNEMwpZXFA7C11XQHQJRF0dKgxFWkA%2FHV9AVzkNGQ1GNwkLABQ0HEJFXSgSCwEUMxZFDwJ8Cl9GV2cYUlReI19VDwZ8CUZbD2tNAwUAbUkQQlEzRAMDAmtKBQoEYk4QRg9rTwAFAmhIAAoLfB1TQUZnEUJGQilcBXMXaD8TAHQiSA8cVT4VGFxXLhxXQVd0GllfF2g%2FWFdGPxhFVxdoP1tRXjsMWFFaPwsTAHQsHERBWzUXEwB0Fzp6U0c0Gl5XQHRJGAQcaldTSld4VRRTQThbDBBaLg1GQQh1Vk4DC3QeUl4cNBxCV1MpHBhRXTdWWFdGPxhFVx03GlpTRzQaXldAdQ9TQEEzFlgdfxk1V0dcORFTQBxqVwAcAnQcTlcQJw HTTP/1.1
Host: ndandinter.hair
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www52.davisonbarker.pro/

HTTP/1.1 502 Bad Gateway
Server: openresty/1.15.8.3
Date: Sat, 29 Oct 2022 05:35:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: 1fc8b9d87ac7c475668b3e8060b60845=1; Max-Age=604800
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: X-Requested-With,content-type

slieemem.xyz/popunder.gif

104.21.3.137

200 OK

58 B

URL HTTP/1.1
slieemem.xyz/popunder.gif
IP
104.21.3.137:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 1 x 1\012- data
Size
58 B (58 bytes)
Hash
79c15b369d32d2f0f17c116f541b6df3
3039289d4d1f5bc7385a81621deb2614423b769b
e3a3c6b90f511e80a77636fdd4c6047336d4ed5b2c86adf74318a08142649e08

HTTP Headers

GET /popunder.gif HTTP/1.1
Host: slieemem.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www52.davisonbarker.pro/

HTTP/1.1 200 OK
Date: Sat, 29 Oct 2022 05:35:58 GMT
Content-Type: image/gif
Content-Length: 58
Connection: keep-alive
access-control-allow-origin: *
Pragma: public
cache-control: public, max-age=604800, immutable
content-encoding: gzip
CF-Cache-Status: HIT
Age: 129891
Last-Modified: Thu, 27 Oct 2022 17:31:07 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NvdXcSOBG6iEFd488rJteleoK1Emqko4fgitol8%2FSd2BvQxnfx978r3V6bd2y2BRzDWqtmKthChqC3psTQfxwmCQ43dg1qWVZqEdUdmPUrzrrSyp6Ho%2BFk9m94h5%2F5I%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 76198d06488bb4f3-OSL
alt-svc: h2=":443"; ma=60

e1.o.lencr.org/

23.36.76.226

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
2d0c9aa9d2a627b0acc22f8512a81df9
d38a614696da8ee1505c5d10206487d1c3db0bd2
764a44bcc9017c8d46a798a2a49206b2af5dfbef1ff8a0cbd78880f3bd15e7cc

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "764A44BCC9017C8D46A798A2A49206B2AF5DFBEF1FF8A0CBD78880F3BD15E7CC"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2643
Expires: Sat, 29 Oct 2022 06:20:01 GMT
Date: Sat, 29 Oct 2022 05:35:58 GMT
Connection: keep-alive

push.services.mozilla.com/

52.42.74.230

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.42.74.230:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 2BIzMGkWYG4QLT+IoTQkbA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KAhz6EBrEQnZjoeGw7zstrf/0nE=

e1.o.lencr.org/

23.36.76.226

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
2d0c9aa9d2a627b0acc22f8512a81df9
d38a614696da8ee1505c5d10206487d1c3db0bd2
764a44bcc9017c8d46a798a2a49206b2af5dfbef1ff8a0cbd78880f3bd15e7cc

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "764A44BCC9017C8D46A798A2A49206B2AF5DFBEF1FF8A0CBD78880F3BD15E7CC"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2643
Expires: Sat, 29 Oct 2022 06:20:01 GMT
Date: Sat, 29 Oct 2022 05:35:58 GMT
Connection: keep-alive

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.110:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
9503f3bfa4ed7d97bf2eae2c838062f7
4cb41744988488534d15315ba0a6534c5baf5cc8
fe6ad242fd0eb471cdad28d8cfdb4357ac31d267aa697d3b767bc4a73931ee5f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=111474
Date: Sat, 29 Oct 2022 05:35:59 GMT
Etag: "635bcb82-1d7"
Expires: Sun, 30 Oct 2022 12:33:53 GMT
Last-Modified: Fri, 28 Oct 2022 12:30:58 GMT
Server: ECS (nyb/1D0F)
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 3vHHq-p8yQYn4i9KqK6w0Dkpmh84cDusE8gAXM8d64SrE0cGYNb6Hg==
Age: 175

simplewebanalysis.com/stats

18.193.142.27

200 OK

40 B

URL HTTP/2
simplewebanalysis.com/stats
IP
18.193.142.27:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
ddb3168d42d77d8a0e334aa638b8410c
27c6431a278a7886a38745bbe6af57c695002a1f
f2c3a1a46afa4b7fbaf9e100c38d8452024fe629334b7ef57295a6e7b8808f7d

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www10.davisonbarker.pro
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 29 Oct 2022 05:35:59 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www10.davisonbarker.pro
access-control-allow-credentials: true
set-cookie: uid_id2=0e2ec58a-191f-466e-907e-e3762f215175:1:1; expires=Tue, 26 Oct 2032 05:35:59 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473

54.230.245.166

200 OK

50 kB

URL HTTP/2
dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
IP
54.230.245.166:0
ASN
#16509 AMAZON-02

File type
Unicode text, UTF-8 text, with very long lines (15952)
Size
50 kB (49670 bytes)
Hash
78d09368bd62ea4f3b30ed4ff19e40a5
4f7dd4ff922a12217da1ef43653bac0085697c07
b55c1df3ee601759faad96d84c24aade54500fe4134caa715ae930e237f62110

HTTP Headers

GET /?gfkcd=824473 HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-length: 49670
date: Sat, 29 Oct 2022 05:35:59 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: sxZnTh6w9mIoASOW3VAC2iflm1CmXwMfBovRJwvpxdhuy-uY0dTjAA==
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
5a49b861d9c18847bb396fe518a7373d
4d40971f23898c64c1badbfce7eddf6d6ab7e713
6fb409ac009d3034b03e336cc82d45e94768d386febbc581bf072da9dd8bdcc5

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6FB409AC009D3034B03E336CC82D45E94768D386FEBBC581BF072DA9DD8BDCC5"
Last-Modified: Thu, 27 Oct 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6255
Expires: Sat, 29 Oct 2022 07:20:14 GMT
Date: Sat, 29 Oct 2022 05:35:59 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
5a49b861d9c18847bb396fe518a7373d
4d40971f23898c64c1badbfce7eddf6d6ab7e713
6fb409ac009d3034b03e336cc82d45e94768d386febbc581bf072da9dd8bdcc5

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6FB409AC009D3034B03E336CC82D45E94768D386FEBBC581BF072DA9DD8BDCC5"
Last-Modified: Thu, 27 Oct 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6255
Expires: Sat, 29 Oct 2022 07:20:14 GMT
Date: Sat, 29 Oct 2022 05:35:59 GMT
Connection: keep-alive

herhomeou.xyz/TFBtTTQtMg4gCy1tD2tBPjxQaAYKdV8LUC9lBnVSK2UEIld0I0MuWCMlCStGIz4ZY1opJEh/cgUGOyFcHj4Of3oraAoedwknLxVAHApffGIvBT83eTQZHQpnGjsmGWUbADoiUy8RXTV/GTMUCWAKOzgadS4eKS5zKWEoOno7GlofWgFkLx5mBwk1dWICOApoBg4KLxxbCSosaAYKEy4qZwEIVRh+fD9ZA1w/Jio3X3gCJRxMFRgJH218BgEuZhUmKhlxfhYHG2cWYgYdeSAaAyxiDmI6GmJ0BQofZxZiBhp4NDwHL2EeYSMVdj4FOXh2FQgVHnYKGgMsZmEdGhhZFQk4BW4PNV8hfRVgOyFkKwEBBXA8aDg6dgoKOiVmKDs3IVUJAl0fTgEnKDR5Hh8EC3EoFCsmVRoCAh8HASM1BVdqOh4iWjxtJT9VJGMse04oIA

54.230.111.9

200 OK

1.2 kB

URL HTTP/2
herhomeou.xyz/TFBtTTQtMg4gCy1tD2tBPjxQaAYKdV8LUC9lBnVSK2UEIld0I0MuWCMlCStGIz4ZY1opJEh/cgUGOyFcHj4Of3oraAoedwknLxVAHApffGIvBT83eTQZHQpnGjsmGWUbADoiUy8RXTV/GTMUCWAKOzgadS4eKS5zKWEoOno7GlofWgFkLx5mBwk1dWICOApoBg4KLxxbCSosaAYKEy4qZwEIVRh+fD9ZA1w/Jio3X3gCJRxMFRgJH218BgEuZhUmKhlxfhYHG2cWYgYdeSAaAyxiDmI6GmJ0BQofZxZiBhp4NDwHL2EeYSMVdj4FOXh2FQgVHnYKGgMsZmEdGhhZFQk4BW4PNV8hfRVgOyFkKwEBBXA8aDg6dgoKOiVmKDs3IVUJAl0fTgEnKDR5Hh8EC3EoFCsmVRoCAh8HASM1BVdqOh4iWjxtJT9VJGMse04oIA
IP
54.230.111.9:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3035), with no line terminators
Size
1.2 kB (1185 bytes)
Hash
8727c05b4347ed0b602f6ca14439bd07
d31a7a46624ed18a0da0244e23f7884d57b638ff
2179be1e1898637532532a5daf3b6a6e878c77bda362de64f55f9142c50b2242

HTTP Headers

GET /TFBtTTQtMg4gCy1tD2tBPjxQaAYKdV8LUC9lBnVSK2UEIld0I0MuWCMlCStGIz4ZY1opJEh/cgUGOyFcHj4Of3oraAoedwknLxVAHApffGIvBT83eTQZHQpnGjsmGWUbADoiUy8RXTV/GTMUCWAKOzgadS4eKS5zKWEoOno7GlofWgFkLx5mBwk1dWICOApoBg4KLxxbCSosaAYKEy4qZwEIVRh+fD9ZA1w/Jio3X3gCJRxMFRgJH218BgEuZhUmKhlxfhYHG2cWYgYdeSAaAyxiDmI6GmJ0BQofZxZiBhp4NDwHL2EeYSMVdj4FOXh2FQgVHnYKGgMsZmEdGhhZFQk4BW4PNV8hfRVgOyFkKwEBBXA8aDg6dgoKOiVmKDs3IVUJAl0fTgEnKDR5Hh8EC3EoFCsmVRoCAh8HASM1BVdqOh4iWjxtJT9VJGMse04oIA HTTP/1.1
Host: herhomeou.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
content-length: 1185
date: Sat, 29 Oct 2022 05:35:59 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 5zHIVF44ikcotXel23er_R9sWcS6Pc95ksRSMTL2E2S2vKmsJHEwNA==
X-Firefox-Spdy: h2

slieemem.xyz/S2trdEtkVAgHdig+AEQRJSkuEjwFPzkhETwvPTYBGjNbMR4gLk0AIi9WU0Z/f1xYUjsiD1ZHeW0YHxU/PhhWRnt7XE0dJS0EVkZtPVZbWnNlWltae20eVkVtPxsKE3Z6TRsAPydWWkJ9fFtZRXx+XFhAcw

172.67.130.191

204 No Content

0 B

URL HTTP/2
slieemem.xyz/S2trdEtkVAgHdig+AEQRJSkuEjwFPzkhETwvPTYBGjNbMR4gLk0AIi9WU0Z/f1xYUjsiD1ZHeW0YHxU/PhhWRnt7XE0dJS0EVkZtPVZbWnNlWltae20eVkVtPxsKE3Z6TRsAPydWWkJ9fFtZRXx+XFhAcw
IP
172.67.130.191:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /S2trdEtkVAgHdig+AEQRJSkuEjwFPzkhETwvPTYBGjNbMR4gLk0AIi9WU0Z/f1xYUjsiD1ZHeW0YHxU/PhhWRnt7XE0dJS0EVkZtPVZbWnNlWltae20eVkVtPxsKE3Z6TRsAPydWWkJ9fFtZRXx+XFhAcw HTTP/1.1
Host: slieemem.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Sat, 29 Oct 2022 05:35:59 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b7V%2FLZjIQekefjwUpDVP2Qk51z518bs0xKZRRH%2BR%2BZZErPRy2vFpfgDQpOgwqu3a9wDgU6lSKBPK12%2FFLnl0GRpMqD%2BcfMZrHfSLO8CfjXtgIauMC4X4qx101p2bCFI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76198d0b6f38b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

slieemem.xyz/ZUtmQnVKdAUxSDQhCiMXVh1VBkdUKjcKICQSVy44BixXMyJVGkA2HAF2XnBBUXxVZAUML1txR0M4EiMBEDhbc1MMJQAtSEM9W3JbXWVXcltVbRN/REM/FiMSWHpAMgERJ1tzQ1N8VnBEUn5RcUFQ

172.67.130.191

204 No Content

0 B

URL HTTP/2
slieemem.xyz/ZUtmQnVKdAUxSDQhCiMXVh1VBkdUKjcKICQSVy44BixXMyJVGkA2HAF2XnBBUXxVZAUML1txR0M4EiMBEDhbc1MMJQAtSEM9W3JbXWVXcltVbRN/REM/FiMSWHpAMgERJ1tzQ1N8VnBEUn5RcUFQ
IP
172.67.130.191:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ZUtmQnVKdAUxSDQhCiMXVh1VBkdUKjcKICQSVy44BixXMyJVGkA2HAF2XnBBUXxVZAUML1txR0M4EiMBEDhbc1MMJQAtSEM9W3JbXWVXcltVbRN/REM/FiMSWHpAMgERJ1tzQ1N8VnBEUn5RcUFQ HTTP/1.1
Host: slieemem.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Sat, 29 Oct 2022 05:35:59 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fx%2FJJqRdUGRaTZ9iksYhMCEk%2BjRBZEE1gMQutjALRt2ruhjfeJynWP%2FWsGNikjh%2FUnSNrpAd2dj70BrrmpHT83aDZh8wximSU123w3mfQxsNlGg2qs9zlEuIDoQnPCo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76198d0b6f36b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f8df02b33eb8defe5aab1f33a6b043a9
beefbf0b0ddc4da6f2688e5249ee8740c488afed
f017300c81d22b2d6cd081b9166774e60b8336805ec43402b1fbc437d83e0c9f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F017300C81D22B2D6CD081B9166774E60B8336805EC43402B1FBC437D83E0C9F"
Last-Modified: Sat, 29 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1747
Expires: Sat, 29 Oct 2022 06:05:06 GMT
Date: Sat, 29 Oct 2022 05:35:59 GMT
Connection: keep-alive

dc5k8fg5ioc8s.cloudfront.net/IVVlhRnc2Ng8gSCEwBXtPZ21VcURzMxIpGSVkKTQWPWogcA0xKUcyDTFkUWAbNDcGe1EwNwJ7RnM4BSRKYX8VNhg+ZBQoEzA/CCgSMX8UJ0o4NhsvGzk4RHQxYHdRY0VlcRYvGTE2FjVSZ2kPMlJnaVB2WWV8UgRSZ2kWLxljbUR1NXBrUT5BYXxSBFJnaR-MwUmYYUHZCe2lIY0VlPgQlHDp8UwBFZWhRdkZlaER0RzMwEyMROiFEdDFkaVRoR3MsXHc

54.230.245.166

200 OK

329 B

URL HTTP/2
dc5k8fg5ioc8s.cloudfront.net/IVVlhRnc2Ng8gSCEwBXtPZ21VcURzMxIpGSVkKTQWPWogcA0xKUcyDTFkUWAbNDcGe1EwNwJ7RnM4BSRKYX8VNhg+ZBQoEzA/CCgSMX8UJ0o4NhsvGzk4RHQxYHdRY0VlcRYvGTE2FjVSZ2kPMlJnaVB2WWV8UgRSZ2kWLxljbUR1NXBrUT5BYXxSBFJnaR-MwUmYYUHZCe2lIY0VlPgQlHDp8UwBFZWhRdkZlaER0RzMwEyMROiFEdDFkaVRoR3MsXHc
IP
54.230.245.166:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (414), with no line terminators
Size
329 B (329 bytes)
Hash
9fd5eb6632f1b310b1c0f71494f49219
63e3519381bee23f8e4b5a7cd085844dfbff133d
bb0184f36ad503d26ea0063e61d2d59ad4d57551198d5c420e977301cc3d3c0c

HTTP Headers

GET /IVVlhRnc2Ng8gSCEwBXtPZ21VcURzMxIpGSVkKTQWPWogcA0xKUcyDTFkUWAbNDcGe1EwNwJ7RnM4BSRKYX8VNhg+ZBQoEzA/CCgSMX8UJ0o4NhsvGzk4RHQxYHdRY0VlcRYvGTE2FjVSZ2kPMlJnaVB2WWV8UgRSZ2kWLxljbUR1NXBrUT5BYXxSBFJnaR-MwUmYYUHZCe2lIY0VlPgQlHDp8UwBFZWhRdkZlaER0RzMwEyMROiFEdDFkaVRoR3MsXHc HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://herhomeou.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 329
date: Sat, 29 Oct 2022 05:35:59 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: KCVW_n9vi16yXWSRzzxqhnGzUeSU5baPMlxaXA4_9KSWqLifaq90lA==
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d74fd61a9f3caa5eada0b6b9f7154475
eb94382c5deaf0de61635a7d4ecc89928ef84e65
b8fe819d80e3dbca42f89e4654dfb96aa886892d265b475c7e23c780120aa5cd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B8FE819D80E3DBCA42F89E4654DFB96AA886892D265B475C7E23C780120AA5CD"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6533
Expires: Sat, 29 Oct 2022 07:24:52 GMT
Date: Sat, 29 Oct 2022 05:35:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d74fd61a9f3caa5eada0b6b9f7154475
eb94382c5deaf0de61635a7d4ecc89928ef84e65
b8fe819d80e3dbca42f89e4654dfb96aa886892d265b475c7e23c780120aa5cd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B8FE819D80E3DBCA42F89E4654DFB96AA886892D265B475C7E23C780120AA5CD"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6533
Expires: Sat, 29 Oct 2022 07:24:52 GMT
Date: Sat, 29 Oct 2022 05:35:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d74fd61a9f3caa5eada0b6b9f7154475
eb94382c5deaf0de61635a7d4ecc89928ef84e65
b8fe819d80e3dbca42f89e4654dfb96aa886892d265b475c7e23c780120aa5cd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B8FE819D80E3DBCA42F89E4654DFB96AA886892D265B475C7E23C780120AA5CD"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6533
Expires: Sat, 29 Oct 2022 07:24:52 GMT
Date: Sat, 29 Oct 2022 05:35:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d74fd61a9f3caa5eada0b6b9f7154475
eb94382c5deaf0de61635a7d4ecc89928ef84e65
b8fe819d80e3dbca42f89e4654dfb96aa886892d265b475c7e23c780120aa5cd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B8FE819D80E3DBCA42F89E4654DFB96AA886892D265B475C7E23C780120AA5CD"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6533
Expires: Sat, 29 Oct 2022 07:24:52 GMT
Date: Sat, 29 Oct 2022 05:35:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d74fd61a9f3caa5eada0b6b9f7154475
eb94382c5deaf0de61635a7d4ecc89928ef84e65
b8fe819d80e3dbca42f89e4654dfb96aa886892d265b475c7e23c780120aa5cd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B8FE819D80E3DBCA42F89E4654DFB96AA886892D265B475C7E23C780120AA5CD"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6533
Expires: Sat, 29 Oct 2022 07:24:52 GMT
Date: Sat, 29 Oct 2022 05:35:59 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97b6c4b-9ae3-43f9-a0be-52e33d2041b0.jpeg

34.120.237.76

200 OK

7.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97b6c4b-9ae3-43f9-a0be-52e33d2041b0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.3 kB (7268 bytes)
Hash
1ab38f9f7924c7ee9271368faf55a2ee
2508c0e5c7471244baa94fbc97769e5a19641a34
c314c69fc7e82538b2694da79c93a909620a1820e9ef8a25c3d8b675118e3e79

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb97b6c4b-9ae3-43f9-a0be-52e33d2041b0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7268
x-amzn-requestid: 2426674e-b28d-47c2-a32c-7275864a418c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: apxNRF57IAMFtAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635a2f21-3a8349e635018e2d6400a13b;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 07:11:29 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ZGZUUir8a2FA7VzAmP1cc6SJr8-nXbb8rjIEaYBWZWaSgITHWY2cig==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 28 Oct 2022 07:18:19 GMT
age: 80260
etag: "2508c0e5c7471244baa94fbc97769e5a19641a34"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F036fdb83-72c9-40f5-9e16-f4502570667e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11107 bytes)
Hash
6a37da3b0df2c3eb74825cdad7dff6d4
01125adb299608812ffca7fb3c0ad526803bd723
351fdadfc462aa0c8a38964217c40f085e62d65335152d0530233017f9fc0df6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F036fdb83-72c9-40f5-9e16-f4502570667e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11107
x-amzn-requestid: 6fc669c8-f46f-4f5a-a538-b4a49c43319e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: amdsuE6GoAMFcSw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6358dcb7-0c9461505096b7d92509e55e;Sampled=0
x-amzn-remapped-date: Wed, 26 Oct 2022 07:07:35 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: BzeW9D2DmkFVHVzWCV9ZZUx62NboDogcBvN96OikqnyImftEXu9RnQ==
via: 1.1 d0387b833e3ca8cb748a1296b4b4bf2a.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Fri, 28 Oct 2022 07:05:04 GMT
age: 81055
etag: "01125adb299608812ffca7fb3c0ad526803bd723"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F493e6c0e-987f-4e8a-b2a1-5fe4f452da17.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.0 kB (6036 bytes)
Hash
3044824aa388754b4834dc79496d135b
ee65caaa8a746599f6c29d74900472a98c121499
1e7f15e9d74e3559bbe51f66a861045d02a1cb227c978ba09c47e52972095930

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F493e6c0e-987f-4e8a-b2a1-5fe4f452da17.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6036
x-amzn-requestid: 3614efdd-d9db-4461-a335-30cfc17cf8b5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: avCGmEyVoAMFnPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635c4a2a-5f619a592c75e97c3dc2689a;Sampled=0
x-amzn-remapped-date: Fri, 28 Oct 2022 21:31:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Q4BKx39YfIUToWYusxR0A0ndnPGlNBDgQrP6ZlO8f5_D7xzdgelZ2A==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 2ab6211e66998c8b58132661a7e3cade.cloudfront.net (CloudFront), 1.1 google
date: Fri, 28 Oct 2022 21:51:16 GMT
age: 27883
etag: "ee65caaa8a746599f6c29d74900472a98c121499"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd830c901-a7fd-448a-9a5c-b65235a10127.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (15494 bytes)
Hash
8ccb6be5f8a61354dfff4fa9d48852fe
33b4a66a9693ca4c327c13303cb4f1aa4354b261
aa48f106bdfd580cea5f691ddf2c7e0445a30d89526355953ae9d87881ad6495

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd830c901-a7fd-448a-9a5c-b65235a10127.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 15494
x-amzn-requestid: 5c6a874b-b97e-44ba-93e2-ebc4517220d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: apSLZGNGoAMFrgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359fd7b-0a756fdd554b64381bf74525;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 03:39:39 GMT
x-amz-cf-pop: YVR50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: IZrTbVtjoc8LALwjuxZKdHwsRJ6EOAPwdJgdAFxYcNKdIVtVV7mSsQ==
via: 1.1 c4e77f714a7aade06aaed8bdc8b66fca.cloudfront.net (CloudFront), 1.1 89791e6b21b9a30cc51cac1bc51cf098.cloudfront.net (CloudFront), 1.1 google
date: Fri, 28 Oct 2022 21:51:41 GMT
age: 27858
etag: "33b4a66a9693ca4c327c13303cb4f1aa4354b261"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08dc8195-80b5-41fa-a5cd-b0bb44072b0c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5655 bytes)
Hash
146f86a561cb46170f482f06a95b63ee
19a0a4eb1e396b958de5406fba58e9d94c92d6c7
ffb65219c904fa391d4879dedfe319b7adb601bce809c63f25e1bf95f3ba3030

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F08dc8195-80b5-41fa-a5cd-b0bb44072b0c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5655
x-amzn-requestid: a9d3a921-a6a1-4425-a2d8-b26fefbd8ec5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: af25SHnCoAMFuJw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6356383b-41baf7e718f95502497ef36c;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 07:01:15 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: FUH6VNRi61sXkAnPHCYYTpb28QZcrMu_Jttb-0sLUlF62horpQsiyA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 28 Oct 2022 08:58:38 GMT
age: 74241
etag: "19a0a4eb1e396b958de5406fba58e9d94c92d6c7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff9145127-23fb-40ec-af25-e7ec5b697df8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8084 bytes)
Hash
32c2813ce699bc420eb13f02b9f1e86a
934a57f7596fc4a844485539d9ce2165f212e6e4
5e3c8ed8a00dff724fc7f3c5ef99252ef1b1aa45f87578177aa43d5fcd593233

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff9145127-23fb-40ec-af25-e7ec5b697df8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8084
x-amzn-requestid: 9ed3b0b2-8755-44b5-87ae-abd65bfa6d84
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: apNExEF7oAMFcIw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6359f551-7919426b5945afad4e3f9473;Sampled=0
x-amzn-remapped-date: Thu, 27 Oct 2022 03:04:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: oPTErTmth_yOMrSkzbGcn1NjdUkjlnOVJ6eeEqshtswaDwDkjTap6A==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 29 Oct 2022 04:14:07 GMT
age: 4912
etag: "934a57f7596fc4a844485539d9ce2165f212e6e4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

breedingdaringconcussion.com/aa/24/05/aa240591af5d8573573bb87d25c7ab12.json

173.233.137.36

403 Forbidden

0 B

URL HTTP/1.1
breedingdaringconcussion.com/aa/24/05/aa240591af5d8573573bb87d25c7ab12.json
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /aa/24/05/aa240591af5d8573573bb87d25c7ab12.json HTTP/1.1
Host: breedingdaringconcussion.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www10.davisonbarker.pro
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 403 Forbidden
Server: nginx/1.19.5
Date: Sat, 29 Oct 2022 05:35:59 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA

e1.o.lencr.org/

23.36.76.226

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
36a3eefd0dee1f7e167373449e8c55ac
c6d0b917baab60c1eb4befdb6ebf7ae9d588d5b7
73f9b6126e2397cce56ec65fa758ff15fea0e0e10d7d9d079eec54e7cdea512b

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "73F9B6126E2397CCE56EC65FA758FF15FEA0E0E10D7D9D079EEC54E7CDEA512B"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6086
Expires: Sat, 29 Oct 2022 07:17:25 GMT
Date: Sat, 29 Oct 2022 05:35:59 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.76.226

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
36a3eefd0dee1f7e167373449e8c55ac
c6d0b917baab60c1eb4befdb6ebf7ae9d588d5b7
73f9b6126e2397cce56ec65fa758ff15fea0e0e10d7d9d079eec54e7cdea512b

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "73F9B6126E2397CCE56EC65FA758FF15FEA0E0E10D7D9D079EEC54E7CDEA512B"
Last-Modified: Thu, 27 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6086
Expires: Sat, 29 Oct 2022 07:17:25 GMT
Date: Sat, 29 Oct 2022 05:35:59 GMT
Connection: keep-alive

herhomeou.xyz/utx?cb=RJRR3UvozSNy&top=www10.davisonbarker.pro&tid=824473

54.230.111.9

204 No Content

0 B

URL HTTP/2
herhomeou.xyz/utx?cb=RJRR3UvozSNy&top=www10.davisonbarker.pro&tid=824473
IP
54.230.111.9:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=RJRR3UvozSNy&top=www10.davisonbarker.pro&tid=824473 HTTP/1.1
Host: herhomeou.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www10.davisonbarker.pro
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
date: Sat, 29 Oct 2022 05:35:59 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www10.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 29 Oct 2022 05:36:59 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 55RR6PF30Yr4BJ599ocXtChrnAJMhWYxSWiAM1tu-HxFFX39zcIV1g==
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
1874946cfd71c87d6f0a29d9d20b0ee6
bcac8b76f5622900fd5cb7553cd1155d840a6d40
6f04b42ea07e47e315c9f6a251dabdca58e2425352ad3c3d7b589b4d66ba44c8

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "6F04B42EA07E47E315C9F6A251DABDCA58E2425352AD3C3D7B589B4D66BA44C8"
Last-Modified: Wed, 26 Oct 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8393
Expires: Sat, 29 Oct 2022 07:55:52 GMT
Date: Sat, 29 Oct 2022 05:35:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
85f7203ce54b178fde3841f77cbdc841
4af42a01a03f3808769ba87bab5d97b0118d5071
390c92ee44ffbd4c90da7418f8e9b8bacd1529e0b40da48adaddbd227ed9b298

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "390C92EE44FFBD4C90DA7418F8E9B8BACD1529E0B40DA48ADADDBD227ED9B298"
Last-Modified: Wed, 26 Oct 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7074
Expires: Sat, 29 Oct 2022 07:33:54 GMT
Date: Sat, 29 Oct 2022 05:36:00 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.76.226

200 OK

344 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
344 B (344 bytes)
Hash
1874946cfd71c87d6f0a29d9d20b0ee6
bcac8b76f5622900fd5cb7553cd1155d840a6d40
6f04b42ea07e47e315c9f6a251dabdca58e2425352ad3c3d7b589b4d66ba44c8

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "6F04B42EA07E47E315C9F6A251DABDCA58E2425352AD3C3D7B589B4D66BA44C8"
Last-Modified: Wed, 26 Oct 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8392
Expires: Sat, 29 Oct 2022 07:55:52 GMT
Date: Sat, 29 Oct 2022 05:36:00 GMT
Connection: keep-alive

banquetunarmedgrater.com/advertisers.js

192.243.59.12

200 OK

0 B

URL HTTP/1.1
banquetunarmedgrater.com/advertisers.js
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sat, 29 Oct 2022 05:36:00 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6f9a505018c4c709061ab4727ea78d51
Strict-Transport-Security: max-age=0; includeSubdomains

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aac0e40c6f536db5701e39b016e261d0
e18355b5360fc135ccd7db5a6db0fdab967c9514
c9ffbe832d006dc14376d21a53b21f6a9dc1ada4d03c19a63f0a0b7d1c4bbe61

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9FFBE832D006DC14376D21A53B21F6A9DC1ADA4D03C19A63F0A0B7D1C4BBE61"
Last-Modified: Fri, 28 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8097
Expires: Sat, 29 Oct 2022 07:50:57 GMT
Date: Sat, 29 Oct 2022 05:36:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
51aef1aff18e8f618dce51fa5389faf8
b8b2bb7ac50739f425dfe5f347b957efd4a4f981
28d63f166c54dc9ff835988869a29724d6af5218e1944fa6e42509b8c1fe0708

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28D63F166C54DC9FF835988869A29724D6AF5218E1944FA6E42509B8C1FE0708"
Last-Modified: Fri, 28 Oct 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4771
Expires: Sat, 29 Oct 2022 06:55:31 GMT
Date: Sat, 29 Oct 2022 05:36:00 GMT
Connection: keep-alive

reasonablelandmark.com/bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js

173.233.137.60

403 Forbidden

0 B

URL HTTP/1.1
reasonablelandmark.com/bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js HTTP/1.1
Host: reasonablelandmark.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 403 Forbidden
Server: nginx/1.19.5
Date: Sat, 29 Oct 2022 05:36:00 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA

dismantlepenantiterrorist.com/pxf.gif?uuid=0e2ec58a-191f-466e-907e-e3762f215175&eb=f7f733e10dbfb66931f79b4d6cd2ec08&te=3a754cebd09bb2f7570f96954fbfd43e&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=13.1055&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5

173.233.137.44

200 OK

1 B

URL HTTP/1.1
dismantlepenantiterrorist.com/pxf.gif?uuid=0e2ec58a-191f-466e-907e-e3762f215175&eb=f7f733e10dbfb66931f79b4d6cd2ec08&te=3a754cebd09bb2f7570f96954fbfd43e&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=13.1055&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=0e2ec58a-191f-466e-907e-e3762f215175&eb=f7f733e10dbfb66931f79b4d6cd2ec08&te=3a754cebd09bb2f7570f96954fbfd43e&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=13.1055&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: dismantlepenantiterrorist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 29 Oct 2022 05:36:00 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: caadc3c02e3e31cb8058c8cad51eee70
Strict-Transport-Security: max-age=0; includeSubdomains

herhomeou.xyz/floater?cs=QkpTUmN3fGRnVnVzamRacn5jZlI&abt=0&red=1&sm=83&k=&v=0.8.10.0&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww10.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D1457270%26pci%3D5101338687%26t%3D1667021689%26dest%3Dhttps%253A%252F%252Fx19.gdl.netease.com%252Fnetease%252Fmclauncher%252Fversion%252FMCLauncher.0.6.0.exe&osr=www52.davisonbarker.pro&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=ta1_oi1_&_AXQr=1667021757889&crc=1

54.230.111.9

200 OK

2.7 kB

URL HTTP/2
herhomeou.xyz/floater?cs=QkpTUmN3fGRnVnVzamRacn5jZlI&abt=0&red=1&sm=83&k=&v=0.8.10.0&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww10.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D1457270%26pci%3D5101338687%26t%3D1667021689%26dest%3Dhttps%253A%252F%252Fx19.gdl.netease.com%252Fnetease%252Fmclauncher%252Fversion%252FMCLauncher.0.6.0.exe&osr=www52.davisonbarker.pro&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=ta1_oi1_&_AXQr=1667021757889&crc=1
IP
54.230.111.9:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (5075), with no line terminators
Size
2.7 kB (2747 bytes)
Hash
becbcfb05ebf7a1f1b88abe03659f8f6
67d2a08d618b66af529f897ef156d77c2dc94669
c04b52327ff317b0952478df26522cd2f4779bbca0b2289558c21595ed57c648

HTTP Headers

GET /floater?cs=QkpTUmN3fGRnVnVzamRacn5jZlI&abt=0&red=1&sm=83&k=&v=0.8.10.0&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww10.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D4%26ppi%3D1457270%26pci%3D5101338687%26t%3D1667021689%26dest%3Dhttps%253A%252F%252Fx19.gdl.netease.com%252Fnetease%252Fmclauncher%252Fversion%252FMCLauncher.0.6.0.exe&osr=www52.davisonbarker.pro&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=ta1_oi1_&_AXQr=1667021757889&crc=1 HTTP/1.1
Host: herhomeou.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www10.davisonbarker.pro
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/plain
content-length: 2747
date: Sat, 29 Oct 2022 05:36:00 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www10.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=ef3cbd70-ceda-4583-8e49-d5345afe28a8
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: drKVfKWwOVla-42xpUoBGMyTVjjagoIcBqrBPE5exIxTOzYRyjZOZg==
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.110:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
bb9b0487cea0ade2ef1868b05b6cbed4
e5153b7c056b7e50236a0443ba7a976ea8c80d5c
02cd1410ba20f4ea8caec60aef73f1b3d2ba2a297662e521f97b0f4fada5cd0b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=170580
Date: Sat, 29 Oct 2022 05:36:03 GMT
Etag: "635ca123-1d7"
Expires: Mon, 31 Oct 2022 04:59:03 GMT
Last-Modified: Sat, 29 Oct 2022 03:42:27 GMT
Server: ECS (bsa/EB1A)
X-Cache: Miss from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: EL7Ku9ril8O6Ahtk-KiM4CNwQ92M9ejNdA5HOueOU7lepKsyLzeszw==
Age: 4597

eliss-vas.com/imp/92353e44-574b-11ed-9c1d-0a58c19385bf/2/e0d34cc0-1cf9-11ea-81fc-0a97765f9322/_-bDGVuAqdhH-NqidbHrPw_ncCuEUXuIUDIhkSsnqro977I51AqpVTKh2v9oE1EHnqeNlAf7hY_8o9bjEvkJ38G6Pbrh3o9gJYhHuEDS9ItI2vGjf5Zzh94fV5YdXmHOBt_l1xkXyRF1wQzcKBkPUBalY_nzwqY5KnvoxWvVC3DgKhzsGb3QYBPmnMI0_StOynG9bMNWgtMUq9XnQMQAHwA_t60M-mLds0U5FnxEO85j3YmU4HRKerUEQyloB7B2u7VRrl75v_2iTB8eLbR7NCSaXOAcZAkX2GJKQWH8Yoc0TK9e-si5tklVbM18XkTnHc9hIckc2ijkw595rIj7lBritJ12_3TjwNqJb3rIWKRPCjMjvDTzWojKT4d3DZE-CCzumUU9C-U37aWCJR3D41VxOLJY9vD9V_K8_5rT-unWT_XFKA-O77PI8JlaZUiESk5-hn9_4mEYajBpWxVB3L2OMNuf8TWNVe5WOLbmfqs-K3Bl3u3p4FPA4KKa8HYKbzGy1nLF4eraw9OSgqF186ryypSkGtfukkz6PH4LRbxwPsXvx_VlIc45S30FONBqT9IJ0SGMQ8XvV6ZNwYuev6MsrrB-IxPT5X2eMn_9kgt9vaFrB7Ozy4M7Cl6ZdBtozoJoxCLg4Luh4vlcQ3gaZ5VKxD57ajWOGDTzsNum0wHS1-PpY-mGgdVFjYtolDGnbDfAf_U5.AaMfAmN9Ldw4g824HkgUDg==

52.2.125.79

200 OK

6.3 kB

URL HTTP/2
eliss-vas.com/imp/92353e44-574b-11ed-9c1d-0a58c19385bf/2/e0d34cc0-1cf9-11ea-81fc-0a97765f9322/_-bDGVuAqdhH-NqidbHrPw_ncCuEUXuIUDIhkSsnqro977I51AqpVTKh2v9oE1EHnqeNlAf7hY_8o9bjEvkJ38G6Pbrh3o9gJYhHuEDS9ItI2vGjf5Zzh94fV5YdXmHOBt_l1xkXyRF1wQzcKBkPUBalY_nzwqY5KnvoxWvVC3DgKhzsGb3QYBPmnMI0_StOynG9bMNWgtMUq9XnQMQAHwA_t60M-mLds0U5FnxEO85j3YmU4HRKerUEQyloB7B2u7VRrl75v_2iTB8eLbR7NCSaXOAcZAkX2GJKQWH8Yoc0TK9e-si5tklVbM18XkTnHc9hIckc2ijkw595rIj7lBritJ12_3TjwNqJb3rIWKRPCjMjvDTzWojKT4d3DZE-CCzumUU9C-U37aWCJR3D41VxOLJY9vD9V_K8_5rT-unWT_XFKA-O77PI8JlaZUiESk5-hn9_4mEYajBpWxVB3L2OMNuf8TWNVe5WOLbmfqs-K3Bl3u3p4FPA4KKa8HYKbzGy1nLF4eraw9OSgqF186ryypSkGtfukkz6PH4LRbxwPsXvx_VlIc45S30FONBqT9IJ0SGMQ8XvV6ZNwYuev6MsrrB-IxPT5X2eMn_9kgt9vaFrB7Ozy4M7Cl6ZdBtozoJoxCLg4Luh4vlcQ3gaZ5VKxD57ajWOGDTzsNum0wHS1-PpY-mGgdVFjYtolDGnbDfAf_U5.AaMfAmN9Ldw4g824HkgUDg==
IP
52.2.125.79:0
ASN
#14618 AMAZON-AES

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 192x192, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
6.3 kB (6332 bytes)
Hash
8992c4259b9c80b2c53f7df07cb9d559
ee38e759228661da3747c10a7adf24aa9ff48602
c5c3bbda861b749088dd9de647243bd9dba7805de8ca83dd6252ddb972ec87cb

HTTP Headers

GET /imp/92353e44-574b-11ed-9c1d-0a58c19385bf/2/e0d34cc0-1cf9-11ea-81fc-0a97765f9322/_-bDGVuAqdhH-NqidbHrPw_ncCuEUXuIUDIhkSsnqro977I51AqpVTKh2v9oE1EHnqeNlAf7hY_8o9bjEvkJ38G6Pbrh3o9gJYhHuEDS9ItI2vGjf5Zzh94fV5YdXmHOBt_l1xkXyRF1wQzcKBkPUBalY_nzwqY5KnvoxWvVC3DgKhzsGb3QYBPmnMI0_StOynG9bMNWgtMUq9XnQMQAHwA_t60M-mLds0U5FnxEO85j3YmU4HRKerUEQyloB7B2u7VRrl75v_2iTB8eLbR7NCSaXOAcZAkX2GJKQWH8Yoc0TK9e-si5tklVbM18XkTnHc9hIckc2ijkw595rIj7lBritJ12_3TjwNqJb3rIWKRPCjMjvDTzWojKT4d3DZE-CCzumUU9C-U37aWCJR3D41VxOLJY9vD9V_K8_5rT-unWT_XFKA-O77PI8JlaZUiESk5-hn9_4mEYajBpWxVB3L2OMNuf8TWNVe5WOLbmfqs-K3Bl3u3p4FPA4KKa8HYKbzGy1nLF4eraw9OSgqF186ryypSkGtfukkz6PH4LRbxwPsXvx_VlIc45S30FONBqT9IJ0SGMQ8XvV6ZNwYuev6MsrrB-IxPT5X2eMn_9kgt9vaFrB7Ozy4M7Cl6ZdBtozoJoxCLg4Luh4vlcQ3gaZ5VKxD57ajWOGDTzsNum0wHS1-PpY-mGgdVFjYtolDGnbDfAf_U5.AaMfAmN9Ldw4g824HkgUDg== HTTP/1.1
Host: eliss-vas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 29 Oct 2022 05:36:03 GMT
content-type: image/webp
content-length: 6332
content-disposition: inline;filename=f.txt
X-Firefox-Spdy: h2

reasonablelandmark.com/bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js

173.233.137.60

403 Forbidden

0 B

URL HTTP/1.1
reasonablelandmark.com/bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js HTTP/1.1
Host: reasonablelandmark.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 403 Forbidden
Server: nginx/1.19.5
Date: Sat, 29 Oct 2022 05:36:04 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA

dismantlepenantiterrorist.com/pxf.gif?uuid=0e2ec58a-191f-466e-907e-e3762f215175&eb=f7f733e10dbfb66931f79b4d6cd2ec08&te=3a754cebd09bb2f7570f96954fbfd43e&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5

173.233.137.44

200 OK

1 B

URL HTTP/1.1
dismantlepenantiterrorist.com/pxf.gif?uuid=0e2ec58a-191f-466e-907e-e3762f215175&eb=f7f733e10dbfb66931f79b4d6cd2ec08&te=3a754cebd09bb2f7570f96954fbfd43e&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=0e2ec58a-191f-466e-907e-e3762f215175&eb=f7f733e10dbfb66931f79b4d6cd2ec08&te=3a754cebd09bb2f7570f96954fbfd43e&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1055&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: dismantlepenantiterrorist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 29 Oct 2022 05:36:04 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 64b904291657b6bdf05c1f74744d94c2
Strict-Transport-Security: max-age=0; includeSubdomains

pogothere.xyz/

172.64.173.27

200 OK

0 B

URL HTTP/2
pogothere.xyz/
IP
172.64.173.27:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www52.davisonbarker.pro/
Origin: http://www52.davisonbarker.pro
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 29 Oct 2022 05:35:58 GMT
content-type: text/plain
set-cookie: csu=2237760722212080@1@1667021758; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://www52.davisonbarker.pro
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YccgLvvSt1e2biqIj5wNKC6eRGKr3NzTvInAsYh0Qz%2BpOihj%2F5vQqOKIDdffIYuKk%2BGq2KwwFcMoFCOnf%2BZUETmnV5Rlmo1R6nizWP%2FDTuB1Lh6E0KxSi50H5a7GujEQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76198d047d21d16c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

pogothere.xyz/asd100.bin

172.64.173.27

200 OK

0 B

URL HTTP/2
pogothere.xyz/asd100.bin
IP
172.64.173.27:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www52.davisonbarker.pro/
Origin: http://www52.davisonbarker.pro
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 29 Oct 2022 05:35:58 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://www52.davisonbarker.pro
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Sat, 29 Oct 2022 05:35:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B9GxcP91zIypGnUK%2F7RJkW0TYn0%2BVvmNfLUkcnDJ3RzIG8Y3D9nAQucT5XTJOc8HTliDg1uez%2FAi4P1cl2V9WJ7tJnAWK2pFUF3bfFlZXTgWLjGdoihw49SHOtsNbaSN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76198d046d1bd16c-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www10.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=1457270&pci=5101338687&t=1667021689&dest=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe

172.67.186.48

200 OK

0 B

URL HTTP/2
www10.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=1457270&pci=5101338687&t=1667021689&dest=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe
IP
172.67.186.48:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=4&ppi=1457270&pci=5101338687&t=1667021689&dest=https%3A%2F%2Fx19.gdl.netease.com%2Fnetease%2Fmclauncher%2Fversion%2FMCLauncher.0.6.0.exe HTTP/1.1
Host: www10.davisonbarker.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www52.davisonbarker.pro/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 29 Oct 2022 05:35:58 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.27
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
set-cookie: lastUrlPushTmp=www10.davisonbarker.pro; secure
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q7EGkWIidm3o7OuCTUe79cbdo%2BS%2B67ALxhQPs3BDhWayRF%2BUFLGIJHm7T2WfctPydYeVUTjbQ3yLvl3K4osxGTrrXlp3C7gQL%2FVkkoDqBU6SjYGqU8ow3uKKnMSk4pDypuq%2BSwx4MEoh5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76198d06dc3bb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

pogothere.xyz/

172.64.172.27

200 OK

0 B

URL HTTP/2
pogothere.xyz/
IP
172.64.172.27:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www10.davisonbarker.pro/
Origin: https://www10.davisonbarker.pro
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 29 Oct 2022 05:35:59 GMT
content-type: text/plain
set-cookie: csu=1796523578596377@1@1667021759; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www10.davisonbarker.pro
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3itYLSp48HlPS1uRwZsvF3EspXXvZAqMfQZRMtPQ0vJTVX0SHTCnZj7rm5i%2F66oRnlUfAu9rLGPu%2F8v%2BP%2F2Obfjk5G%2B5AlfSshEBtjpac%2F%2BZ%2Fxbc9sSnCIFis7foAmV0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76198d0e9eb3892a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

pogothere.xyz/asd100.bin

172.64.172.27

200 OK

0 B

URL HTTP/2
pogothere.xyz/asd100.bin
IP
172.64.172.27:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www10.davisonbarker.pro/
Origin: https://www10.davisonbarker.pro
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 29 Oct 2022 05:35:59 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www10.davisonbarker.pro
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Sat, 29 Oct 2022 02:24:51 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k54wEI34nCF%2FFzf%2BRohl9VHsdRxwj7ReN0wIpHs2wt5YBRs1ROVQMh2wSmxMNE0QepWKt1uHsIzl497ysZ7mVWZmejF3gGdrq1VJgbZoX%2BHHYXl7FmWBVj0BYkUvl7RH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76198d0e9ebe892a-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

addresseepaper.com/sfp.js

172.64.193.5

200 OK

0 B

URL HTTP/2
addresseepaper.com/sfp.js
IP
172.64.193.5:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www10.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 29 Oct 2022 05:36:00 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 6c7a675f119005fbbd253ae673224deb
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 29 Oct 2022 05:35:59 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DShf7jXp5b2RKEnfrOzpHpCppo%2FNy6oIfCTaciccPdc3qBvsBYwZXhqQrkIuPUg%2FS9Zn2diIgsCqPNcytbifXFNJHrnZRkUzq6nRtjINc%2BL7r7jmYs%2F2dUAOtBJY8AcrGOlWt48%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76198d0f6dbc88b3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations