r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20022
Expires: Sun, 05 Feb 2023 20:22:30 GMT
Date: Sun, 05 Feb 2023 14:48:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1cdc095521e9ee2606059be447d1fdd5
02b5d0a5b5823e2338daf7e144700babe2a213af
8bda3aabcf331c2bfcc4c7023cd797c760fd301dc353641bb95048e072f66c66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11525
Expires: Sun, 05 Feb 2023 18:00:53 GMT
Date: Sun, 05 Feb 2023 14:48:48 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 05 Feb 2023 14:36:19 GMT
content-type: application/json
age: 749
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www53.davisonbarker.pro/pushredirect/?network=3&site=adfly&ppi=23240303&pci=6559318525&t=1675608512&dest=https://github.com/axstin/rbxfpsunlocker/releases
172.67.186.48200 OK 2.5 kB URL HTTP/1.1 www53.davisonbarker.pro/pushredirect/?network=3&site=adfly&ppi=23240303&pci=6559318525&t=1675608512&dest=https://github.com/axstin/rbxfpsunlocker/releases
IP 172.67.186.48:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1021)
Hash 73d53be763dae25eb10a2a16ae3b8c5b
0d780cf7c4eaff1f284d537f7ffd92b54dadaeb2
68b5bc7b0501ddc324589893f7f46dfddc869947b39fa883ad3d1620d1b000b2
GET /pushredirect/?network=3&site=adfly&ppi=23240303&pci=6559318525&t=1675608512&dest=https://github.com/axstin/rbxfpsunlocker/releases HTTP/1.1
Host: www53.davisonbarker.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 14:48:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/7.3.27
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
set-cookie: lastUrlPushTmp=www53.davisonbarker.pro
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qWY8rfRSFr2cAbVL0qGMdUz14j9y5VPD7RHoMN%2BgY4yPANxvw%2FkD40NJOkCORifdeDTpBfHVPbV2r8VNG5y1UTvx9ZzKgxjNRJbH5KnEc2M0kku42X2dPqJHB9PQOlWHaxTRz8NiXXuGFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 794c72f47f13b4f3-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8227
Expires: Sun, 05 Feb 2023 17:05:55 GMT
Date: Sun, 05 Feb 2023 14:48:48 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: xbzilvJu6ttFraXoc09pGaBVdvNVpmgHC33YE6UeEqQb4WriR/I362IkGhVXCz8obxr4cTyiplPgKUQURkdC/w==
x-amz-request-id: NE55YWM8KE1BG3TS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Feb 2023 13:53:18 GMT
age: 3330
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Feb 2023 14:48:48 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www53.davisonbarker.pro/static/image/logo.png
172.67.186.48200 OK 11 kB URL HTTP/1.1 www53.davisonbarker.pro/static/image/logo.png
IP 172.67.186.48:0
File type PNG image data, 185 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash f819716ccd5a0e06aecdb273cfb4ccbe
f60bad9a95299264085d01c9705b03c768a71da8
196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a
GET /static/image/logo.png HTTP/1.1
Host: www53.davisonbarker.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www53.davisonbarker.pro/pushredirect/?network=3&site=adfly&ppi=23240303&pci=6559318525&t=1675608512&dest=https://github.com/axstin/rbxfpsunlocker/releases
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 14:48:48 GMT
Content-Type: image/png
Content-Length: 10726
Connection: keep-alive
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:34:46 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "29e6-5faa60e6-b4021a56880f53fc;;;"
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 842
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HGrily9QmGYyayD3OCX6JTC9OjDwydbElBZnmBqDR%2F1eWox6ntvOVw8%2FmLx45N%2BNppeKap5OX8CeGACON3NCVflWofWT0xZHYv9XL3hBrE4q1w%2BZWpceiQP6jxgM9Cn1Bb5DLF95ps1wsw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 794c72f73af5b4f3-OSL
alt-svc: h2=":443"; ma=60
dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
54.230.245.166200 OK 52 kB URL HTTP/1.1 dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
IP 54.230.245.166:0
File type Unicode text, UTF-8 text, with very long lines (15955)
Hash 8033292954f84989ee8670b3e0052087
f0954a6b78073a23c6161fc818b6461e5a0b3cb5
096c10fd6ab2a7764ad29bdef63829f0002b0881288b7467c4cfbec53cf03d69
GET /?gfkcd=824473 HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www53.davisonbarker.pro/
HTTP/1.1 200 OK
Content-Length: 51504
Connection: keep-alive
Date: Sun, 05 Feb 2023 14:48:48 GMT
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: NW632cdX9uwehlOYd6HCLjTvRQf435zu5h3WXwOOTk_rRvH5nhjV2Q==
www53.davisonbarker.pro/am-push-cps.js?puid=23240303&clickid=23240303_7596153&allb=https%3A%2F%2Fgithub.com%2Faxstin%2Frbxfpsunlocker%2Freleases&ob=https%3A%2F%2Fwww86.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D23240303%26pci%3D6559318525%26t%3D1675608512%26dest%3Dhttps%253A%252F%252Fgithub.com%252Faxstin%252Frbxfpsunlocker%252Freleases&clb=https%3A%2F%2Fwww86.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D23240303%26pci%3D6559318525%26t%3D1675608512%26dest%3Dhttps%253A%252F%252Fgithub.com%252Faxstin%252Frbxfpsunlocker%252Freleases&asb=https%3A%2F%2Fgithub.com%2Faxstin%2Frbxfpsunlocker%2Freleases
172.67.186.48200 OK 40 kB URL HTTP/1.1 www53.davisonbarker.pro/am-push-cps.js?puid=23240303&clickid=23240303_7596153&allb=https%3A%2F%2Fgithub.com%2Faxstin%2Frbxfpsunlocker%2Freleases&ob=https%3A%2F%2Fwww86.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D23240303%26pci%3D6559318525%26t%3D1675608512%26dest%3Dhttps%253A%252F%252Fgithub.com%252Faxstin%252Frbxfpsunlocker%252Freleases&clb=https%3A%2F%2Fwww86.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D23240303%26pci%3D6559318525%26t%3D1675608512%26dest%3Dhttps%253A%252F%252Fgithub.com%252Faxstin%252Frbxfpsunlocker%252Freleases&asb=https%3A%2F%2Fgithub.com%2Faxstin%2Frbxfpsunlocker%2Freleases
IP 172.67.186.48:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 845473a7fd284503f57855602add14fd
2974d9f2091d778fb076ebda7e908a1a029e38e5
7763be30b9a78bac4c785a49b0ee887135f9c2185689e8a31f630adfd26506ff
GET /am-push-cps.js?puid=23240303&clickid=23240303_7596153&allb=https%3A%2F%2Fgithub.com%2Faxstin%2Frbxfpsunlocker%2Freleases&ob=https%3A%2F%2Fwww86.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D23240303%26pci%3D6559318525%26t%3D1675608512%26dest%3Dhttps%253A%252F%252Fgithub.com%252Faxstin%252Frbxfpsunlocker%252Freleases&clb=https%3A%2F%2Fwww86.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D2%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D23240303%26pci%3D6559318525%26t%3D1675608512%26dest%3Dhttps%253A%252F%252Fgithub.com%252Faxstin%252Frbxfpsunlocker%252Freleases&asb=https%3A%2F%2Fgithub.com%2Faxstin%2Frbxfpsunlocker%2Freleases HTTP/1.1
Host: www53.davisonbarker.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www53.davisonbarker.pro/pushredirect/?network=3&site=adfly&ppi=23240303&pci=6559318525&t=1675608512&dest=https://github.com/axstin/rbxfpsunlocker/releases
HTTP/1.1 200 OK
Date: Sun, 05 Feb 2023 14:48:48 GMT
Content-Type: application/x-javascript
Content-Length: 40440
Connection: keep-alive
cache-control: public, max-age=604800
expires: Sun, 12 Feb 2023 14:48:39 GMT
last-modified: Mon, 08 Aug 2022 14:16:52 GMT
etag: "19284-62f11ad4-ba71540cd1782978;gz"
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GvAfPq%2BxV6FaCgoyVZfVshy9oYAE7Ac8ZbVEILisaPCWHr91yQLez8KyCLIHSN%2B1Lu5IazKIR4Nrlg75jmR1Q2MSgPMyYmAzyduFyazboZTmfeA1TwMj4yP2k5m%2BYZrnCa6vBdU4WcfQlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 794c72f77b54b4f3-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 05 Feb 2023 14:07:20 GMT
age: 2488
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/hFuUg_rClRM
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/hFuUg_rClRM
IP 142.250.74.3:0
Hash e76c7dec2261e9f3b609920627300b4d
c7638f98f738d67fac86c05bebea56620c06150c
1006f80c474eb5d34b113d7f39cb36acb2c5ff45ce59b4991c4071dd8e436395
POST /s/gts1p5/hFuUg_rClRM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 14:48:48 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/hFuUg_rClRM
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/hFuUg_rClRM
IP 142.250.74.3:0
Hash e76c7dec2261e9f3b609920627300b4d
c7638f98f738d67fac86c05bebea56620c06150c
1006f80c474eb5d34b113d7f39cb36acb2c5ff45ce59b4991c4071dd8e436395
POST /s/gts1p5/hFuUg_rClRM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 14:48:49 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
verysilenit.com/b2pvMTMOCAxcDA5XDRdGHQZSFAEpT113VwxfBAlVCF8GXlBXGUFSXwAfC1dBAAQbH10KHkoDdRcwXkF4NlgmdH08OylpYSIQI10GDjw4BBZdKDl3dS0nK1p+KygLX3sGASN/S1dSJWdcHywVXkAoLypEfi4OCWcAGAcuVkQuMF1GdCsrPV9WXz8rcEkHWTkBYjshBmR6NxImAX8IMyp1WT4cLQFiPCVcUnwrOF9LeQhSK2BeCCc5Wks3DFxZZzwCLkt5LgkhdHADHDpneiUmAghhOgY1QGkpJCdncQccOmd6PicWY2U5ASVBcCowPmdKJVI5AVc6LSgcCj0/B2RADVsuW2UCGkoDdTs8JX5VXAI7c2ImXyZgSyc8PUkHOlshaVIBHjtkAyUFClZmIyw7CUArKB9yUi4SPGRfJVoKWmY3PQJCFQUZAF9DUj4lWGMqHCkJfSIaIEs
143.204.55.59200 OK 1.2 kB URL HTTP/1.1 verysilenit.com/b2pvMTMOCAxcDA5XDRdGHQZSFAEpT113VwxfBAlVCF8GXlBXGUFSXwAfC1dBAAQbH10KHkoDdRcwXkF4NlgmdH08OylpYSIQI10GDjw4BBZdKDl3dS0nK1p+KygLX3sGASN/S1dSJWdcHywVXkAoLypEfi4OCWcAGAcuVkQuMF1GdCsrPV9WXz8rcEkHWTkBYjshBmR6NxImAX8IMyp1WT4cLQFiPCVcUnwrOF9LeQhSK2BeCCc5Wks3DFxZZzwCLkt5LgkhdHADHDpneiUmAghhOgY1QGkpJCdncQccOmd6PicWY2U5ASVBcCowPmdKJVI5AVc6LSgcCj0/B2RADVsuW2UCGkoDdTs8JX5VXAI7c2ImXyZgSyc8PUkHOlshaVIBHjtkAyUFClZmIyw7CUArKB9yUi4SPGRfJVoKWmY3PQJCFQUZAF9DUj4lWGMqHCkJfSIaIEs
IP 143.204.55.59:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3042), with no line terminators
Hash cc519a2294bbf995bcfbf221f7184170
4dd54d23d5ac108272407258939c286ca1bc917a
e600957ab315e58edbaac2b936afe37fffa82c1770a2f4b62db1a93d2131e347
Analyzer Verdict Alert fortinet Phishing
GET /b2pvMTMOCAxcDA5XDRdGHQZSFAEpT113VwxfBAlVCF8GXlBXGUFSXwAfC1dBAAQbH10KHkoDdRcwXkF4NlgmdH08OylpYSIQI10GDjw4BBZdKDl3dS0nK1p+KygLX3sGASN/S1dSJWdcHywVXkAoLypEfi4OCWcAGAcuVkQuMF1GdCsrPV9WXz8rcEkHWTkBYjshBmR6NxImAX8IMyp1WT4cLQFiPCVcUnwrOF9LeQhSK2BeCCc5Wks3DFxZZzwCLkt5LgkhdHADHDpneiUmAghhOgY1QGkpJCdncQccOmd6PicWY2U5ASVBcCowPmdKJVI5AVc6LSgcCj0/B2RADVsuW2UCGkoDdTs8JX5VXAI7c2ImXyZgSyc8PUkHOlshaVIBHjtkAyUFClZmIyw7CUArKB9yUi4SPGRfJVoKWmY3PQJCFQUZAF9DUj4lWGMqHCkJfSIaIEs HTTP/1.1
Host: verysilenit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www53.davisonbarker.pro/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1194
Connection: keep-alive
Date: Sun, 05 Feb 2023 14:48:49 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 4ekSTlKCcERH-Im9vTCtaurybz8uSnlxigch6jwDm3Lh8HtpBvFC-g==
yneationsliee.xyz/OEgxYjMXd1IRDmsAWSVibQJGMQB+eVI6S3QseQ5LXiMEUVBgDRcWWlx1CVAHDH8CRENRLAxRAR47RQNHTTsMUAMIfxcLXV4nDFAVTnUBTAoWeR9SFU11AERHSClWXwIeOEUWXwV5B1UGDngJVwUBfgBU
104.21.57.224204 No Content 0 B URL HTTP/2 yneationsliee.xyz/OEgxYjMXd1IRDmsAWSVibQJGMQB+eVI6S3QseQ5LXiMEUVBgDRcWWlx1CVAHDH8CRENRLAxRAR47RQNHTTsMUAMIfxcLXV4nDFAVTnUBTAoWeR9SFU11AERHSClWXwIeOEUWXwV5B1UGDngJVwUBfgBU
IP 104.21.57.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /OEgxYjMXd1IRDmsAWSVibQJGMQB+eVI6S3QseQ5LXiMEUVBgDRcWWlx1CVAHDH8CRENRLAxRAR47RQNHTTsMUAMIfxcLXV4nDFAVTnUBTAoWeR9SFU11AERHSClWXwIeOEUWXwV5B1UGDngJVwUBfgBU HTTP/1.1
Host: yneationsliee.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www53.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 05 Feb 2023 14:48:49 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MnBEetP%2B7pxnLoSDCVzBSvXYAyLkAH1eBxaKWuHInSw7PXLI1xneWScV5c1BR341zW6WUjoxWpXRdXgLRrmlYFSYSqohK1LjePtZvToBCbie9tYc3OBpSy5lPHjTfKvsaMMaZA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794c72fa5f7c0b41-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13086
Expires: Sun, 05 Feb 2023 18:26:55 GMT
Date: Sun, 05 Feb 2023 14:48:49 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/hFuUg_rClRM
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/hFuUg_rClRM
IP 142.250.74.3:0
Hash e76c7dec2261e9f3b609920627300b4d
c7638f98f738d67fac86c05bebea56620c06150c
1006f80c474eb5d34b113d7f39cb36acb2c5ff45ce59b4991c4071dd8e436395
POST /s/gts1p5/hFuUg_rClRM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 14:48:49 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yneationsliee.xyz/ZGdLaFBLWCgbbTEJO1g1LAs6OwUqKhgFCi41ICobPiIzLgMhCG0cOQBac1pkUFB4TiANA3ZbYkIUPwkkERR2WXYNCS0HbUIRdlh+XUl6RmBCEnZZdhAXKg9tVUE7HCQIWnpeZ1FRe1BlUl59WWE
104.21.57.224204 No Content 0 B URL HTTP/2 yneationsliee.xyz/ZGdLaFBLWCgbbTEJO1g1LAs6OwUqKhgFCi41ICobPiIzLgMhCG0cOQBac1pkUFB4TiANA3ZbYkIUPwkkERR2WXYNCS0HbUIRdlh+XUl6RmBCEnZZdhAXKg9tVUE7HCQIWnpeZ1FRe1BlUl59WWE
IP 104.21.57.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ZGdLaFBLWCgbbTEJO1g1LAs6OwUqKhgFCi41ICobPiIzLgMhCG0cOQBac1pkUFB4TiANA3ZbYkIUPwkkERR2WXYNCS0HbUIRdlh+XUl6RmBCEnZZdhAXKg9tVUE7HCQIWnpeZ1FRe1BlUl59WWE HTTP/1.1
Host: yneationsliee.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www53.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 05 Feb 2023 14:48:49 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nrUfFJctPiJjnP6YCZCc%2BISiHjSEpueXbCgG0bs96XIetJ84yy%2FLJtUlZ1YneP%2F2nVxMLJ9yRrphmOcan9XUkdNEu9PgCmWlvdPNvTM5zaLkwlPz5sDguX0JFe61EDenIVSb4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794c72fa8fad0b41-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ndandinter.hair/N2hoa3hMShscJ0IaBElCFQAcHwgNR0ccD0BdW0UcVh4BGBdZCgkZE1IaRhsKWEcJBlVHHRsDVVQYG0USRFcYHhFTVVpYSgNYW1tLEQsEAhtcAQxWSgRaXFtLB1s3XE0OXlleSxEJBAcaCgAcHwhETVsqXQUuTVk%2BUAEcAw1VRgsEFRJaLgoARBwBBV0FLhoJAFEYGx4WWwcLAB1FTVotClIEDQoLUhtOBBoKABwfCERNWypdBS5NWT5AHx9TThkMCR0RRAcGCRlFAw0ZVkcaB05KcRgdGBBFDQwCClILHE5KcU1bLQxaGE1YPAZNWl0WUhwfBApcTVsvSxJaXgIXRE1bL0gSWl4YEUMNTVg8VgwOBwESWl4IXQQsWU5KARgYAl0ELFpYSgNYW1tLElpeGxteTVsvTgJdUVhJD11aXl0FXhxOS3NZXlxNAVhQXkkFTVpdHFIbHE5LcwAcHwhETVpeS3ZNWl5KcU1aXkpxDwEfEEIKRggXWk1aXkpxCRAYDF4GTVlNBS4aCQBRGBseFlsHCwAdRU1aXkpxGg0HHVYbDRheVAQKVhBDHBgYXQQpTVk%2BElouHA9AUF5FHFYeARgXWQoJGRNSGkYbClhNWi0IQhsAGR1TARoOG0NNWi1dBC4cBggSWyxZXQVeBg4MQAcaAF0ELFtOSgEBBxhdBCxYTkoBGwEfHRJbLAocUQQRTkoBC01YPAZNWl0IRwFNWDwFW1pfSARYW05KARgLAl0ELF5eTQ5bWVNNBV1NWU5DTVsvSQFfXV1ID11ZWV0FXgwOC0NNWy8QQxwYGF0FXVsqXQVdWi1dBV1aLR9eHAAeGhkLBwZdBV1aLRlPGxwCFhJaXVk%2BRQoQDQhEHQYHF1QDDRldBV1aLQpSBA0KC1IbTgoLVVUAHwxHG01YORJaLk5KcQ8BHxBCCkYIF1pNWi0ZTxscAhYSWi4ZGk8OGBgNWQQHCBNSGk1ZPkUNBA4ZRA0bSVQVGwUNWg1ZREkLWh5KUVoDRltJVBUcCQwnXgxKUVoPWVBZQAFKREkLQgo3AhwGSlJJSgRaXFtLB1tKR1pEHQo0EVNaSlFaBVtaX0gEWFs0TwJRXlpNBEpESRlbBApJQhUAHB8IRFJHRB9eHAAeGhkLBwZXVhAbHxFZRxoJAFEYGx4WWwcLAB1FRxoOFFIJGw4LFURKBBoVUkoDDEMYG1FXGB8fHEABRgwKDl4bBwUaVhoDDgoZGBoEV0cdGwMKUgwBGR1UHEdUDFoYVVpeWQ0cHBdFA1VYXl4HG1ZIERsBHx0KCQwNFE5OC1ZJERgYAkUFW1pfSARYW00IVAFVXU0CUVtaQAJaXU0MClleXE0BWFBeSQVODA4LQ1UAHwxHG01YORJaLk5KcQ8BHxBCCkYIF1pNWi0ZTxscAhYSWi4ZGk8OGBgNWQQHCBNSGk1ZPkUNBA4ZRA0bSVQVCwQJWg1KAB8MRxtSRFdAHx9TThkMCR0RRAcGCRlFAw0ZVkcaB0QIQhsAGR1TARoOG0NHVx8VR1VaTRZSHB8EClxVW00RWBtVW15EARwORVYMDgcBEQtVWl5HGAFWSgRaXFtLB1tOGxteVV5eTQ5bWVNNBV1OH0UGXl9eTgdQXVpKEQwNGAwKABwfCERNWypdBS5NWT5QARwDDVVGCwQVElouCgBEHAEFXQUuGgkAURgbHhZbBwsAHUVNWi0KUgQNCgtSG0pHWlYbCklCFQAcHwhEUkdEH14cAB4aGQsHBldWEBsfEVlHGgkAURgbHhZbBwsAHUVHGg4UUgkbDgsVFQ
54.162.51.18502 Bad Gateway 0 B URL HTTP/1.1 ndandinter.hair/N2hoa3hMShscJ0IaBElCFQAcHwgNR0ccD0BdW0UcVh4BGBdZCgkZE1IaRhsKWEcJBlVHHRsDVVQYG0USRFcYHhFTVVpYSgNYW1tLEQsEAhtcAQxWSgRaXFtLB1s3XE0OXlleSxEJBAcaCgAcHwhETVsqXQUuTVk%2BUAEcAw1VRgsEFRJaLgoARBwBBV0FLhoJAFEYGx4WWwcLAB1FTVotClIEDQoLUhtOBBoKABwfCERNWypdBS5NWT5AHx9TThkMCR0RRAcGCRlFAw0ZVkcaB05KcRgdGBBFDQwCClILHE5KcU1bLQxaGE1YPAZNWl0WUhwfBApcTVsvSxJaXgIXRE1bL0gSWl4YEUMNTVg8VgwOBwESWl4IXQQsWU5KARgYAl0ELFpYSgNYW1tLElpeGxteTVsvTgJdUVhJD11aXl0FXhxOS3NZXlxNAVhQXkkFTVpdHFIbHE5LcwAcHwhETVpeS3ZNWl5KcU1aXkpxDwEfEEIKRggXWk1aXkpxCRAYDF4GTVlNBS4aCQBRGBseFlsHCwAdRU1aXkpxGg0HHVYbDRheVAQKVhBDHBgYXQQpTVk%2BElouHA9AUF5FHFYeARgXWQoJGRNSGkYbClhNWi0IQhsAGR1TARoOG0NNWi1dBC4cBggSWyxZXQVeBg4MQAcaAF0ELFtOSgEBBxhdBCxYTkoBGwEfHRJbLAocUQQRTkoBC01YPAZNWl0IRwFNWDwFW1pfSARYW05KARgLAl0ELF5eTQ5bWVNNBV1NWU5DTVsvSQFfXV1ID11ZWV0FXgwOC0NNWy8QQxwYGF0FXVsqXQVdWi1dBV1aLR9eHAAeGhkLBwZdBV1aLRlPGxwCFhJaXVk%2BRQoQDQhEHQYHF1QDDRldBV1aLQpSBA0KC1IbTgoLVVUAHwxHG01YORJaLk5KcQ8BHxBCCkYIF1pNWi0ZTxscAhYSWi4ZGk8OGBgNWQQHCBNSGk1ZPkUNBA4ZRA0bSVQVGwUNWg1ZREkLWh5KUVoDRltJVBUcCQwnXgxKUVoPWVBZQAFKREkLQgo3AhwGSlJJSgRaXFtLB1tKR1pEHQo0EVNaSlFaBVtaX0gEWFs0TwJRXlpNBEpESRlbBApJQhUAHB8IRFJHRB9eHAAeGhkLBwZXVhAbHxFZRxoJAFEYGx4WWwcLAB1FRxoOFFIJGw4LFURKBBoVUkoDDEMYG1FXGB8fHEABRgwKDl4bBwUaVhoDDgoZGBoEV0cdGwMKUgwBGR1UHEdUDFoYVVpeWQ0cHBdFA1VYXl4HG1ZIERsBHx0KCQwNFE5OC1ZJERgYAkUFW1pfSARYW00IVAFVXU0CUVtaQAJaXU0MClleXE0BWFBeSQVODA4LQ1UAHwxHG01YORJaLk5KcQ8BHxBCCkYIF1pNWi0ZTxscAhYSWi4ZGk8OGBgNWQQHCBNSGk1ZPkUNBA4ZRA0bSVQVCwQJWg1KAB8MRxtSRFdAHx9TThkMCR0RRAcGCRlFAw0ZVkcaB0QIQhsAGR1TARoOG0NHVx8VR1VaTRZSHB8EClxVW00RWBtVW15EARwORVYMDgcBEQtVWl5HGAFWSgRaXFtLB1tOGxteVV5eTQ5bWVNNBV1OH0UGXl9eTgdQXVpKEQwNGAwKABwfCERNWypdBS5NWT5QARwDDVVGCwQVElouCgBEHAEFXQUuGgkAURgbHhZbBwsAHUVNWi0KUgQNCgtSG0pHWlYbCklCFQAcHwhEUkdEH14cAB4aGQsHBldWEBsfEVlHGgkAURgbHhZbBwsAHUVHGg4UUgkbDgsVFQ
IP 54.162.51.18:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /N2hoa3hMShscJ0IaBElCFQAcHwgNR0ccD0BdW0UcVh4BGBdZCgkZE1IaRhsKWEcJBlVHHRsDVVQYG0USRFcYHhFTVVpYSgNYW1tLEQsEAhtcAQxWSgRaXFtLB1s3XE0OXlleSxEJBAcaCgAcHwhETVsqXQUuTVk%2BUAEcAw1VRgsEFRJaLgoARBwBBV0FLhoJAFEYGx4WWwcLAB1FTVotClIEDQoLUhtOBBoKABwfCERNWypdBS5NWT5AHx9TThkMCR0RRAcGCRlFAw0ZVkcaB05KcRgdGBBFDQwCClILHE5KcU1bLQxaGE1YPAZNWl0WUhwfBApcTVsvSxJaXgIXRE1bL0gSWl4YEUMNTVg8VgwOBwESWl4IXQQsWU5KARgYAl0ELFpYSgNYW1tLElpeGxteTVsvTgJdUVhJD11aXl0FXhxOS3NZXlxNAVhQXkkFTVpdHFIbHE5LcwAcHwhETVpeS3ZNWl5KcU1aXkpxDwEfEEIKRggXWk1aXkpxCRAYDF4GTVlNBS4aCQBRGBseFlsHCwAdRU1aXkpxGg0HHVYbDRheVAQKVhBDHBgYXQQpTVk%2BElouHA9AUF5FHFYeARgXWQoJGRNSGkYbClhNWi0IQhsAGR1TARoOG0NNWi1dBC4cBggSWyxZXQVeBg4MQAcaAF0ELFtOSgEBBxhdBCxYTkoBGwEfHRJbLAocUQQRTkoBC01YPAZNWl0IRwFNWDwFW1pfSARYW05KARgLAl0ELF5eTQ5bWVNNBV1NWU5DTVsvSQFfXV1ID11ZWV0FXgwOC0NNWy8QQxwYGF0FXVsqXQVdWi1dBV1aLR9eHAAeGhkLBwZdBV1aLRlPGxwCFhJaXVk%2BRQoQDQhEHQYHF1QDDRldBV1aLQpSBA0KC1IbTgoLVVUAHwxHG01YORJaLk5KcQ8BHxBCCkYIF1pNWi0ZTxscAhYSWi4ZGk8OGBgNWQQHCBNSGk1ZPkUNBA4ZRA0bSVQVGwUNWg1ZREkLWh5KUVoDRltJVBUcCQwnXgxKUVoPWVBZQAFKREkLQgo3AhwGSlJJSgRaXFtLB1tKR1pEHQo0EVNaSlFaBVtaX0gEWFs0TwJRXlpNBEpESRlbBApJQhUAHB8IRFJHRB9eHAAeGhkLBwZXVhAbHxFZRxoJAFEYGx4WWwcLAB1FRxoOFFIJGw4LFURKBBoVUkoDDEMYG1FXGB8fHEABRgwKDl4bBwUaVhoDDgoZGBoEV0cdGwMKUgwBGR1UHEdUDFoYVVpeWQ0cHBdFA1VYXl4HG1ZIERsBHx0KCQwNFE5OC1ZJERgYAkUFW1pfSARYW00IVAFVXU0CUVtaQAJaXU0MClleXE0BWFBeSQVODA4LQ1UAHwxHG01YORJaLk5KcQ8BHxBCCkYIF1pNWi0ZTxscAhYSWi4ZGk8OGBgNWQQHCBNSGk1ZPkUNBA4ZRA0bSVQVCwQJWg1KAB8MRxtSRFdAHx9TThkMCR0RRAcGCRlFAw0ZVkcaB0QIQhsAGR1TARoOG0NHVx8VR1VaTRZSHB8EClxVW00RWBtVW15EARwORVYMDgcBEQtVWl5HGAFWSgRaXFtLB1tOGxteVV5eTQ5bWVNNBV1OH0UGXl9eTgdQXVpKEQwNGAwKABwfCERNWypdBS5NWT5QARwDDVVGCwQVElouCgBEHAEFXQUuGgkAURgbHhZbBwsAHUVNWi0KUgQNCgtSG0pHWlYbCklCFQAcHwhEUkdEH14cAB4aGQsHBldWEBsfEVlHGgkAURgbHhZbBwsAHUVHGg4UUgkbDgsVFQ HTTP/1.1
Host: ndandinter.hair
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www53.davisonbarker.pro/
HTTP/1.1 502 Bad Gateway
Server: openresty/1.21.4.1
Date: Sun, 05 Feb 2023 14:48:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: a7bd0c402655b5108fbf518cec1a414d=1; Max-Age=604800
X-Powered-By: Express
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Headers: X-Requested-With,content-type
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7df4a9b8a8a54916b1ee5c697706ab93
08d87799f1e91b2e0c72f5fbca75ef5b7f79e97b
af104ae974297c4c0eefe2c9c16a2b2ab17c2950b972c98bb94a3df625dccd9a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "AF104AE974297C4C0EEFE2C9C16A2B2AB17C2950B972C98BB94A3DF625DCCD9A"
Last-Modified: Sun, 05 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4831
Expires: Sun, 05 Feb 2023 16:09:20 GMT
Date: Sun, 05 Feb 2023 14:48:49 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a1b4ed5bf6b215a05a1d6c667779fd80
b9f37aa5ec3f693a4965d29a4f6f7c54d8fb7b5b
cf2ca1d4b5a262f616570a0497d23577ddf44fc2f52c0e6cc8ec3f29b11213eb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6071
Cache-Control: max-age=103623
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 14:48:49 GMT
Etag: "63de9be1-117"
Expires: Mon, 06 Feb 2023 19:35:52 GMT
Last-Modified: Sat, 04 Feb 2023 17:54:41 GMT
Server: ECS (amb/6BBE)
X-Cache: HIT
Content-Length: 279
push.services.mozilla.com/
54.186.4.248101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.186.4.248:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: eAZYYtnnl630FUYaIMK3/g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: DmeKkDVWC1brXee48Ex2LMO+55k=
yneationsliee.xyz/popunder.gif
104.21.57.224301 Moved Permanently 0 B URL HTTP/1.1 yneationsliee.xyz/popunder.gif
IP 104.21.57.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /popunder.gif HTTP/1.1
Host: yneationsliee.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www53.davisonbarker.pro/
HTTP/1.1 301 Moved Permanently
Date: Sun, 05 Feb 2023 14:48:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 05 Feb 2023 15:48:49 GMT
Location: https://yneationsliee.xyz/popunder.gif
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kEFuSfbRf6ryvvTDNWmK1jHeIvspBhfryi1k%2F%2F3aBGf2GxDCZ24LwniYwkqolKPkLRTo%2ByTeCJ7TQcZi2pXku%2BWadW3SkleEZ%2FVdBz34AMfFEosrvMi7W4DuQ3xw7YfsD5RyJg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 794c72fd2f01b4f4-OSL
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a1b4ed5bf6b215a05a1d6c667779fd80
b9f37aa5ec3f693a4965d29a4f6f7c54d8fb7b5b
cf2ca1d4b5a262f616570a0497d23577ddf44fc2f52c0e6cc8ec3f29b11213eb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6071
Cache-Control: max-age=103623
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 14:48:49 GMT
Etag: "63de9be1-117"
Expires: Mon, 06 Feb 2023 19:35:52 GMT
Last-Modified: Sat, 04 Feb 2023 17:54:41 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
54.230.245.39200 OK 52 kB URL HTTP/2 dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
IP 54.230.245.39:0
File type Unicode text, UTF-8 text, with very long lines (15955)
Hash 8033292954f84989ee8670b3e0052087
f0954a6b78073a23c6161fc818b6461e5a0b3cb5
096c10fd6ab2a7764ad29bdef63829f0002b0881288b7467c4cfbec53cf03d69
GET /?gfkcd=824473 HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www86.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 51504
date: Sun, 05 Feb 2023 14:48:49 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: shJSD2R9aH4capqQisBYF40ooi4SGkhSIGmlRYjMISbaiNBnfW3w9A==
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/hFuUg_rClRM
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/hFuUg_rClRM
IP 142.250.74.3:0
Hash e76c7dec2261e9f3b609920627300b4d
c7638f98f738d67fac86c05bebea56620c06150c
1006f80c474eb5d34b113d7f39cb36acb2c5ff45ce59b4991c4071dd8e436395
POST /s/gts1p5/hFuUg_rClRM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 14:48:49 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
verysilenit.com/VGpNcnc1CC4fSDVXL1QCJgZwV0UST380EzdfJkoRM18kHRRsGWMRGzsfKRQFOwQ5XBkxHmhAMRY8IxYnGlgYQzAXLB8lHh0PBgUHMDAIPEAVLBcFPwASFDEODiECIyIuJA8ZBDIQCwc/EwYJOg0eISsKMh4kNRkYFwEACDAHHQYkPxU9BkMhDTMhN0AGHSJLJD4aFzMjGTgHHhwVJyE3QQIGKkUwEDwoMSM7PSwVIj4zfB5SZiwIHhM5MjcaEhcQBCs4ETgMKDI3AhxCNT84fkY/B1gXIREcPAwoMjdeFRUDMzt/HTIeWQM0EWRTGSsbHlIpJzU/ODdfRhY7CidFMg0pIxIRDiA3GzAHCDEHAS4nHiQyMgsqLT8waEAxFlsfHyU5BQskIxUPHSQ+ECUcSwYWOQMcJWcFFyQvFSkuFS5yAD4dGSRXO0AhNgQuOiNsAQ
143.204.55.46200 OK 1.2 kB URL HTTP/2 verysilenit.com/VGpNcnc1CC4fSDVXL1QCJgZwV0UST380EzdfJkoRM18kHRRsGWMRGzsfKRQFOwQ5XBkxHmhAMRY8IxYnGlgYQzAXLB8lHh0PBgUHMDAIPEAVLBcFPwASFDEODiECIyIuJA8ZBDIQCwc/EwYJOg0eISsKMh4kNRkYFwEACDAHHQYkPxU9BkMhDTMhN0AGHSJLJD4aFzMjGTgHHhwVJyE3QQIGKkUwEDwoMSM7PSwVIj4zfB5SZiwIHhM5MjcaEhcQBCs4ETgMKDI3AhxCNT84fkY/B1gXIREcPAwoMjdeFRUDMzt/HTIeWQM0EWRTGSsbHlIpJzU/ODdfRhY7CidFMg0pIxIRDiA3GzAHCDEHAS4nHiQyMgsqLT8waEAxFlsfHyU5BQskIxUPHSQ+ECUcSwYWOQMcJWcFFyQvFSkuFS5yAD4dGSRXO0AhNgQuOiNsAQ
IP 143.204.55.46:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3035), with no line terminators
Hash 76547f01d613da3e0745be8798315f5d
a93bbab6d38d1d783b9075d8dddb0c4419744ec3
1a8597d58a91938b2fed0545d706f46be8c5e5bc7c35bc3fdb1e46571501f7d9
Analyzer Verdict Alert fortinet Phishing
GET /VGpNcnc1CC4fSDVXL1QCJgZwV0UST380EzdfJkoRM18kHRRsGWMRGzsfKRQFOwQ5XBkxHmhAMRY8IxYnGlgYQzAXLB8lHh0PBgUHMDAIPEAVLBcFPwASFDEODiECIyIuJA8ZBDIQCwc/EwYJOg0eISsKMh4kNRkYFwEACDAHHQYkPxU9BkMhDTMhN0AGHSJLJD4aFzMjGTgHHhwVJyE3QQIGKkUwEDwoMSM7PSwVIj4zfB5SZiwIHhM5MjcaEhcQBCs4ETgMKDI3AhxCNT84fkY/B1gXIREcPAwoMjdeFRUDMzt/HTIeWQM0EWRTGSsbHlIpJzU/ODdfRhY7CidFMg0pIxIRDiA3GzAHCDEHAS4nHiQyMgsqLT8waEAxFlsfHyU5BQskIxUPHSQ+ECUcSwYWOQMcJWcFFyQvFSkuFS5yAD4dGSRXO0AhNgQuOiNsAQ HTTP/1.1
Host: verysilenit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www86.davisonbarker.pro/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1190
date: Sun, 05 Feb 2023 14:48:50 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Bth7riGeguHzsAXrYdk4BvoX4YQpuoUiEG37ZmLcOwZkihwrfRSxhg==
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/hFuUg_rClRM
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/hFuUg_rClRM
IP 142.250.74.3:0
Hash e76c7dec2261e9f3b609920627300b4d
c7638f98f738d67fac86c05bebea56620c06150c
1006f80c474eb5d34b113d7f39cb36acb2c5ff45ce59b4991c4071dd8e436395
POST /s/gts1p5/hFuUg_rClRM HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 14:48:50 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yneationsliee.xyz/V0l5bkd4dhodejMBKz0mAw84PxARLDteHRkTSF4FBSI3ABAWLl8aLjN0QVxzY35KSDc+LURddXE6DQ8zIjpEX2E+Jx8BenE/RF5pbmdIQHdxPERfYSM5GAl6Zm8JGjM7dEhYcGJ/SVZyYHlPXH4
104.21.57.224204 No Content 0 B URL HTTP/2 yneationsliee.xyz/V0l5bkd4dhodejMBKz0mAw84PxARLDteHRkTSF4FBSI3ABAWLl8aLjN0QVxzY35KSDc+LURddXE6DQ8zIjpEX2E+Jx8BenE/RF5pbmdIQHdxPERfYSM5GAl6Zm8JGjM7dEhYcGJ/SVZyYHlPXH4
IP 104.21.57.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /V0l5bkd4dhodejMBKz0mAw84PxARLDteHRkTSF4FBSI3ABAWLl8aLjN0QVxzY35KSDc+LURddXE6DQ8zIjpEX2E+Jx8BenE/RF5pbmdIQHdxPERfYSM5GAl6Zm8JGjM7dEhYcGJ/SVZyYHlPXH4 HTTP/1.1
Host: yneationsliee.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www86.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 05 Feb 2023 14:48:50 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Km1mQWDL3ZomcnJgrK%2FrxJfziklrIqDZDPUvacBJ%2BtQ8wIxAMXt9I0zUjxKeNmPbqqec2bKQC4hh7jFNwPqL8277BW2NUyfqPTb%2FdHehaRu5FJ18fwi1Uz3Y1pgrHJ9%2BzVqRNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794c73008c4ab503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
yneationsliee.xyz/NXVDUG0aSiAjUGYbLwE4XhlmYi9hMg08CwYdAgo6b0AmFVhZLHARS0EcJ21VB0F3Z14TBSo0UAZHZSMZVAE2I1AHRXNnS1wbJT9QB1M1bV0bTG1hQwVTNm1cEwEzMQoIRGUgGUEZfmFbAkB1YFUAQnNmXgY
104.21.57.224204 No Content 0 B URL HTTP/2 yneationsliee.xyz/NXVDUG0aSiAjUGYbLwE4XhlmYi9hMg08CwYdAgo6b0AmFVhZLHARS0EcJ21VB0F3Z14TBSo0UAZHZSMZVAE2I1AHRXNnS1wbJT9QB1M1bV0bTG1hQwVTNm1cEwEzMQoIRGUgGUEZfmFbAkB1YFUAQnNmXgY
IP 104.21.57.224:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /NXVDUG0aSiAjUGYbLwE4XhlmYi9hMg08CwYdAgo6b0AmFVhZLHARS0EcJ21VB0F3Z14TBSo0UAZHZSMZVAE2I1AHRXNnS1wbJT9QB1M1bV0bTG1hQwVTNm1cEwEzMQoIRGUgGUEZfmFbAkB1YFUAQnNmXgY HTTP/1.1
Host: yneationsliee.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www86.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 05 Feb 2023 14:48:50 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hzfzx3jpL1O%2Bb1SESU7AeeVZMhvF27PC8VT6EjzAcdU38o%2FeGPFyG3aO0VBv%2FVUoxVHInYxZOYCcOBjPKEe95Q%2FAoQopJF1W1SH3pYo%2FmmqMj2hneqUQ1RfA96n50Re3%2B25t2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794c73011d13b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dc5k8fg5ioc8s.cloudfront.net/BVndPN2U1GCFRWiIeKwpdZEN7AFZwHTxYCyZKOQUzNBksfzFuHGlDHzJKfxEJNxkoCkMzGSwKVHAWK1VYYlE7Rwo9SjpZATMRJlkAMlE6Vlg7GDVeCToWagUjY1l/EldmXzheCzIYOERAZEchQ0BkR34HS2ZSfHVAZEc4XgtgQ2oEJ3NFf09TYlJ8dUBkRz-1BQGU2fgdQeEdmEldmECpUDjlSfXFXZkZ/B1RmRmoFVTAePVIDOQ9qBSNnR3oZVXACcgY
54.230.245.39200 OK 344 B URL HTTP/2 dc5k8fg5ioc8s.cloudfront.net/BVndPN2U1GCFRWiIeKwpdZEN7AFZwHTxYCyZKOQUzNBksfzFuHGlDHzJKfxEJNxkoCkMzGSwKVHAWK1VYYlE7Rwo9SjpZATMRJlkAMlE6Vlg7GDVeCToWagUjY1l/EldmXzheCzIYOERAZEchQ0BkR34HS2ZSfHVAZEc4XgtgQ2oEJ3NFf09TYlJ8dUBkRz-1BQGU2fgdQeEdmEldmECpUDjlSfXFXZkZ/B1RmRmoFVTAePVIDOQ9qBSNnR3oZVXACcgY
IP 54.230.245.39:0
File type ASCII text, with very long lines (430), with no line terminators
Hash e52b4c53a9ba0796cc72a23b044b0632
1b4c1042e02e83322797cba2b7d011845f0110b3
2e660bf9d8b310a63f3b8f6f95e7a9420a3e1c9560170bdf6877d302c273664f
Analyzer Verdict Alert fortinet Malware
GET /BVndPN2U1GCFRWiIeKwpdZEN7AFZwHTxYCyZKOQUzNBksfzFuHGlDHzJKfxEJNxkoCkMzGSwKVHAWK1VYYlE7Rwo9SjpZATMRJlkAMlE6Vlg7GDVeCToWagUjY1l/EldmXzheCzIYOERAZEchQ0BkR34HS2ZSfHVAZEc4XgtgQ2oEJ3NFf09TYlJ8dUBkRz-1BQGU2fgdQeEdmEldmECpUDjlSfXFXZkZ/B1RmRmoFVTAePVIDOQ9qBSNnR3oZVXACcgY HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://verysilenit.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 344
date: Sun, 05 Feb 2023 14:48:50 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: sEbok2SjtbzqERtkCkMgDGvgM0srfQx7Z2Hxpzl0tzGmU6bgmFrmwg==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7df4a9b8a8a54916b1ee5c697706ab93
08d87799f1e91b2e0c72f5fbca75ef5b7f79e97b
af104ae974297c4c0eefe2c9c16a2b2ab17c2950b972c98bb94a3df625dccd9a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "AF104AE974297C4C0EEFE2C9C16A2B2AB17C2950B972C98BB94A3DF625DCCD9A"
Last-Modified: Sun, 05 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4830
Expires: Sun, 05 Feb 2023 16:09:20 GMT
Date: Sun, 05 Feb 2023 14:48:50 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7df4a9b8a8a54916b1ee5c697706ab93
08d87799f1e91b2e0c72f5fbca75ef5b7f79e97b
af104ae974297c4c0eefe2c9c16a2b2ab17c2950b972c98bb94a3df625dccd9a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "AF104AE974297C4C0EEFE2C9C16A2B2AB17C2950B972C98BB94A3DF625DCCD9A"
Last-Modified: Sun, 05 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4830
Expires: Sun, 05 Feb 2023 16:09:20 GMT
Date: Sun, 05 Feb 2023 14:48:50 GMT
Connection: keep-alive
verysilenit.com/utx?cb=RP1Zbnsbu9O7&top=www86.davisonbarker.pro&tid=824473
143.204.55.46204 No Content 0 B URL HTTP/2 verysilenit.com/utx?cb=RP1Zbnsbu9O7&top=www86.davisonbarker.pro&tid=824473
IP 143.204.55.46:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=RP1Zbnsbu9O7&top=www86.davisonbarker.pro&tid=824473 HTTP/1.1
Host: verysilenit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www86.davisonbarker.pro
Connection: keep-alive
Referer: https://www86.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 05 Feb 2023 14:48:50 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www86.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 05 Feb 2023 14:49:50 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: lVWJ_47gTmraG_ZjVDWS0etfVdPTu-vdIZdxNRiqR_-G71uoUoHrRw==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a9e5592362bb9585b69e47997807625c
33c141e24cd96e1b88d2751a013719f8820dc0b0
47e8131b49bdda71060d514aab1b543b3b8a1cc8714500faf1815ec5da4f1c2d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47E8131B49BDDA71060D514AAB1B543B3B8A1CC8714500FAF1815EC5DA4F1C2D"
Last-Modified: Sun, 05 Feb 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13679
Expires: Sun, 05 Feb 2023 18:36:49 GMT
Date: Sun, 05 Feb 2023 14:48:50 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7df4a9b8a8a54916b1ee5c697706ab93
08d87799f1e91b2e0c72f5fbca75ef5b7f79e97b
af104ae974297c4c0eefe2c9c16a2b2ab17c2950b972c98bb94a3df625dccd9a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "AF104AE974297C4C0EEFE2C9C16A2B2AB17C2950B972C98BB94A3DF625DCCD9A"
Last-Modified: Sun, 05 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4830
Expires: Sun, 05 Feb 2023 16:09:20 GMT
Date: Sun, 05 Feb 2023 14:48:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2701
Expires: Sun, 05 Feb 2023 15:33:51 GMT
Date: Sun, 05 Feb 2023 14:48:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2701
Expires: Sun, 05 Feb 2023 15:33:51 GMT
Date: Sun, 05 Feb 2023 14:48:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2701
Expires: Sun, 05 Feb 2023 15:33:51 GMT
Date: Sun, 05 Feb 2023 14:48:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2701
Expires: Sun, 05 Feb 2023 15:33:51 GMT
Date: Sun, 05 Feb 2023 14:48:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2701
Expires: Sun, 05 Feb 2023 15:33:51 GMT
Date: Sun, 05 Feb 2023 14:48:50 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5b6c30ad03669b66bf2f63b3edd69882
e630bd132b52b965a5ade646ea8a165d1abf6d7b
f8233d879ec17fd91909655ff8881f2ebfad84272fde3ed5e5be37580378a989
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37422a56-a7de-4ab8-ac8a-650de9dae97c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5014
x-amzn-requestid: a434aae4-fe4b-4fc7-9b7e-eeb552484e8a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bIE0aoAMF6YQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c47-5556d14757190c842bbc6b06;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: k6YqagXr3Wr-u1uDKojEnIGW0CxU5yvWPtlzNpzoIvmg9F-rJb9uFQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 11:24:01 GMT
age: 12289
etag: "e630bd132b52b965a5ade646ea8a165d1abf6d7b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 251f1a5d671fb797fb98e9a71754c341
335425603d9eec146a3c03422dbca91134272e53
74932f07561287e33302aabcf9c639e9df7ae0fbc4bf71f5467310aabafea208
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed9dd21c-6496-4f6e-b306-570e4802aba4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6202
x-amzn-requestid: 01b85fcd-69a0-49da-8640-32a3ef19378a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi3bUFEJoAMFapg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76c48-14817e717361e09170714e9d;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 07:05:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1_1mEN4j5cciWEiimz4PRjx3PNGnrSRib9oEJAdYLrrtyjqnz_zvcQ==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 11:30:31 GMT
age: 11899
etag: "335425603d9eec146a3c03422dbca91134272e53"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F030e2301-116b-4cdd-ae90-c5bbc86e9669.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F030e2301-116b-4cdd-ae90-c5bbc86e9669.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b1092c4dd4d9ca4d09462ae46e1dd7c1
17444ff60be1afbc40d3653fa936f9eaf9478068
ea8362c7249080b34288ee675f70333607fc3be37e716fdcf63e4901849def9f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F030e2301-116b-4cdd-ae90-c5bbc86e9669.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7288
x-amzn-requestid: 1aa297f5-2f9a-45be-b823-1eb4d5887769
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f1WrwH-iIAMFyhQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ded17e-2b630b4a302b8ae118883b71;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 21:43:26 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: z2oKgp1keqEkvN6jjsUepMbrxD4JCXKAOHrMNJHcuXN0CpulUh5GLA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:43:26 GMT
etag: "17444ff60be1afbc40d3653fa936f9eaf9478068"
content-type: image/jpeg
age: 61524
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8e0be7db14d930d6227443314bcd1747
4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d
baedfbdb08a67f9ff4c698f7e65b08d7e4c5078d0a4233e6bff529b44812735a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6718344-fcb4-4366-9239-8921034a7114.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12967
x-amzn-requestid: 013fa296-a431-410b-b3fb-7417b3e877eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fpIQAFCMIAMF0Sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9ed99-2e1daa8b75977de07c48b8fc;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 04:42:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UzQGDCYe_8AuYYLaLSAWzHQhwJMpzpXWbjE5AwukevW6G6SLDxDjmA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 03:42:59 GMT
age: 39951
etag: "4e42e2ad289dfe5bd9a55d34fd768f7532bdf71d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F085f1306-f595-4e1a-8162-7d3d1f959ac3.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F085f1306-f595-4e1a-8162-7d3d1f959ac3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7dbe304b5138a360ff07a9842bcf6a7f
00572f7667e322c9ef34bc35b7998c1c172dd34c
d63c58d6c96e23c61b92272de8c2aab01f4cf85f3420cc434c05447d355b1c77
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F085f1306-f595-4e1a-8162-7d3d1f959ac3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9108
x-amzn-requestid: a3bffa19-86ce-4a59-b826-551deddb3e9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fostZG2xIAMF0wQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9c188-18acd7311c6190c9486e86ac;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 01:34:00 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: mWqq5MbsWYvQmSzPw3kTdjzTkz22mNHbOoqyiHfbxv0BhNhgFfnZGw==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 21:44:03 GMT
age: 61487
etag: "00572f7667e322c9ef34bc35b7998c1c172dd34c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: 6a8c6487-6069-47d1-afa1-648626f85439
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyDqqGg5oAMFV-A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd7fdd-0a772cde1e6fba6d7da97435;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:42:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: CHWhIpyzhoPtMUplzh1430Q9FfCM1wkTc_hQsgQk6InM9tYBPGYnNg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 22:05:45 GMT
age: 60185
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ablesasmetotr.monster/utx?tid=818286&top=www86.davisonbarker.pro&cb=oWmRx1YZAkoZ
143.204.55.24204 No Content 0 B URL HTTP/2 ablesasmetotr.monster/utx?tid=818286&top=www86.davisonbarker.pro&cb=oWmRx1YZAkoZ
IP 143.204.55.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?tid=818286&top=www86.davisonbarker.pro&cb=oWmRx1YZAkoZ HTTP/1.1
Host: ablesasmetotr.monster
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www86.davisonbarker.pro
Connection: keep-alive
Referer: https://www86.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 05 Feb 2023 14:48:50 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www86.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 05 Feb 2023 14:49:50 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 1kBatPbt1jHMUjQX0aZ1DmA-onj3UnUpmgfBDlCrTrBIdhpGcOi2XQ==
X-Firefox-Spdy: h2
verysilenit.com/floater?cs=NHRacTIAQWlGBAZNb0UCBkNvQAs&abt=0&red=1&sm=83&k=&v=0.9.1.0&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&u=2117140054213834&agec=1675608530&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww86.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D23240303%26pci%3D6559318525%26t%3D1675608512%26dest%3Dhttps%253A%252F%252Fgithub.com%252Faxstin%252Frbxfpsunlocker%252Freleases&osr=www53.davisonbarker.pro&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi1_&_cTmS=1675608571303&crc=1
143.204.55.46200 OK 1.3 kB URL HTTP/2 verysilenit.com/floater?cs=NHRacTIAQWlGBAZNb0UCBkNvQAs&abt=0&red=1&sm=83&k=&v=0.9.1.0&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&u=2117140054213834&agec=1675608530&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww86.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D23240303%26pci%3D6559318525%26t%3D1675608512%26dest%3Dhttps%253A%252F%252Fgithub.com%252Faxstin%252Frbxfpsunlocker%252Freleases&osr=www53.davisonbarker.pro&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi1_&_cTmS=1675608571303&crc=1
IP 143.204.55.46:0
File type ASCII text, with very long lines (2031), with no line terminators
Hash 765856d8a366ea7c235e67a2ed644d0b
103b38beef3c0c4fcc6db0827adcbaa515a1defc
6710c17efe3dbecabcda188f13a940a16b30fce68c6aed4c46a52c6c4315b432
GET /floater?cs=NHRacTIAQWlGBAZNb0UCBkNvQAs&abt=0&red=1&sm=83&k=&v=0.9.1.0&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&u=2117140054213834&agec=1675608530&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww86.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D1%26ppi%3D23240303%26pci%3D6559318525%26t%3D1675608512%26dest%3Dhttps%253A%252F%252Fgithub.com%252Faxstin%252Frbxfpsunlocker%252Freleases&osr=www53.davisonbarker.pro&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&aa=oi1_&_cTmS=1675608571303&crc=1 HTTP/1.1
Host: verysilenit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www86.davisonbarker.pro
Connection: keep-alive
Referer: https://www86.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1257
date: Sun, 05 Feb 2023 14:48:51 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www86.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=4f680a36-31e2-411b-a8ed-266f9e272fac
csu=2117140054213834
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: e9LkmFI4WyIs6LtH_wNES6KrqEYg8aeA09-IBxyKZhpwtCeKS8P1Uw==
X-Firefox-Spdy: h2
ndandinter.hair/
52.20.131.174200 OK 0 B IP 52.20.131.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: ndandinter.hair
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 368
Origin: https://www86.davisonbarker.pro
Connection: keep-alive
Referer: https://www86.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
ndandinter.hair/
52.20.131.174200 OK 0 B IP 52.20.131.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: ndandinter.hair
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www86.davisonbarker.pro/
Content-Type: text/plain;charset=UTF-8
Origin: https://www86.davisonbarker.pro
Content-Length: 343
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
ndandinter.hair/
52.20.131.174200 OK 0 B IP 52.20.131.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: ndandinter.hair
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www86.davisonbarker.pro/
Content-Type: text/plain;charset=UTF-8
Origin: https://www86.davisonbarker.pro
Content-Length: 336
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 9d4dac342e76d0194f1092dba76b7c25
29174e2c20ab7dac4bd72130bd05f7e71ed1e60f
946060a865c72d2b5e6b5200fd0c822104c4f644a8aa6299294a87992a584e82
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5634
Cache-Control: max-age=103223
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 14:48:53 GMT
Etag: "63de9c0a-116"
Expires: Mon, 06 Feb 2023 19:29:16 GMT
Last-Modified: Sat, 04 Feb 2023 17:55:22 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 278
xml.serve-servee.com/thumbnail?i=0QvgR4WaWcU_1&p=1675608530.220815&imgt=icon
172.64.162.38302 Found 0 B URL HTTP/2 xml.serve-servee.com/thumbnail?i=0QvgR4WaWcU_1&p=1675608530.220815&imgt=icon
IP 172.64.162.38:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thumbnail?i=0QvgR4WaWcU_1&p=1675608530.220815&imgt=icon HTTP/1.1
Host: xml.serve-servee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 05 Feb 2023 14:48:53 GMT
content-length: 0
location: https://static.serve-servee.com/n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png
cache-control: no-store
age: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vrhXm9KwARdcHIQc3zusm40hezCyT5EEz3RFWRY8mNcSRPqbI%2BjH2nFHnlFErLWjBO%2BWV5jK0Px8XEYIjCdXk7DOonRHfDuAopn5pVZNYh40c1Lv%2FZCyoEJF9b4WdW2WLWuoPx2Fsw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794c7314daa223ed-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 9d4dac342e76d0194f1092dba76b7c25
29174e2c20ab7dac4bd72130bd05f7e71ed1e60f
946060a865c72d2b5e6b5200fd0c822104c4f644a8aa6299294a87992a584e82
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5634
Cache-Control: max-age=103223
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2023 14:48:53 GMT
Etag: "63de9c0a-116"
Expires: Mon, 06 Feb 2023 19:29:16 GMT
Last-Modified: Sat, 04 Feb 2023 17:55:22 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 278
static.serve-servee.com/n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png
172.64.162.38200 OK 1.1 kB URL HTTP/2 static.serve-servee.com/n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png
IP 172.64.162.38:0
File type PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Hash 4fa2beaeca8f598401f3ec6300cb860b
45634806ea1fa936c0e600b8b22f835600529b36
ef897a0bab353d84bf69ae3570347dea36236575a7b1bbd5992b8f256f856577
GET /n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png HTTP/1.1
Host: static.serve-servee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Feb 2023 14:48:53 GMT
content-type: image/png
content-length: 1112
last-modified: Fri, 24 Apr 2020 13:59:43 GMT
accept-ranges: bytes
etag: "5ea2f0cf-458"
cache-control: max-age=86400
x-sp-metadata: HS256.COWf/54GEk0KJDkyYTgxNjVkLWQyMGQtNGUxYy04ZDg4LWE3ODVkNzdiZTdiZRDA0sGB2rP8AhoGCNWD/54GIg4xNzIuNzEuMjQyLjE0Myii+gMwAhorCAESJGM3NjgxMTVlLTFiOWUtNDg0NS05MjM3LTk4ZjFlMTFkZTdiMRjYCCIYCAISFGNkczIxNi5sbzQuaHdjZG4ubmV0.4r1pl8Q1qMawSKjzotHJai6P1HnaNUQD4YDAP9DP7Jk=
x-hw: 1675608533.cds290.lo4.h2,1675608533.cds216.lo4.c
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AL7jPvMDxnWsoxa%2Brp83CRwmUNMiKi2ewU6sPjoH%2BEuJXSPtdoMd1dtwVRpiSi48%2F6cYZ8exN84EJNji4IyiJP%2FFI87Po8eoXaFuplKSugE0q%2FgOmBPNXIplAnQ3KCATaxB8DHAl1NndiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794c7315bbed23ed-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www86.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=1&ppi=23240303&pci=6559318525&t=1675608512&dest=https%3A%2F%2Fgithub.com%2Faxstin%2Frbxfpsunlocker%2Freleases
172.67.186.48200 OK 0 B URL HTTP/2 www86.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=1&ppi=23240303&pci=6559318525&t=1675608512&dest=https%3A%2F%2Fgithub.com%2Faxstin%2Frbxfpsunlocker%2Freleases
IP 172.67.186.48:0
GET /pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=1&ppi=23240303&pci=6559318525&t=1675608512&dest=https%3A%2F%2Fgithub.com%2Faxstin%2Frbxfpsunlocker%2Freleases HTTP/1.1
Host: www86.davisonbarker.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www53.davisonbarker.pro/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 14:48:49 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3.27
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
set-cookie: lastUrlPushTmp=www86.davisonbarker.pro; secure
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ygf%2B4aCapSo8FyiFGLfHyEazr53b0DSJw9ggInMXjmeZv76Av14vNgRM3dMAGPT9gl8KNhYs7mub7PBmU98xSAIwTEzK7tbISq5kshMg5eGAvupxyyg7Zg19zpP4xOqUJJuE1ssWTF0EUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794c72fc9f700b49-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.106.19200 OK 0 B IP 172.64.106.19:0
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www86.davisonbarker.pro/
Origin: https://www86.davisonbarker.pro
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Feb 2023 14:48:50 GMT
content-type: text/plain
set-cookie: csu=2117140054213834@1@1675608530; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: https://www86.davisonbarker.pro
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0DAy1NcSijANp7cahTkb6IWuKKOXu6%2FxSYmVAlLHTZCmoFpmpFESqNRLD4ruNgFhBKQJerXdicMWDKhGetm6MP3vn7rHesF%2FSXfkEoNsT8QwQwm24aaeTwCssNTJ2cNh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 794c730299b4774f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.106.19200 OK 0 B IP 172.64.106.19:0
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www86.davisonbarker.pro/
Origin: https://www86.davisonbarker.pro
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 05 Feb 2023 14:48:50 GMT
content-type: binary/octet-stream
access-control-allow-origin: https://www86.davisonbarker.pro
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: EXPIRED
last-modified: Sun, 05 Feb 2023 12:42:31 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j3ht298HJayBBRMMr0d5CLRn7AT6pCq8xJpJzT%2FVWbUe%2FWghuihTejE4eZg789ohxwI4oM75GmTZQqaTy1lzLBQzeEgSvO%2Bg7M0htr4nwcMD6W83F%2F%2BSzFwJHN%2FLClbg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 794c730299b2774f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ndandinter.hair/ZktGWUsdaTUuFBM5KntxRCMyLTsVcWl2PBE8fm9lAiowMDgJJSQ4OQ0uNHc7FCRpOCZLOzMqI0soNiplDDh5KT4PL3treFR%2Fdmp7VW0lNSIFIC89dlR4dG17VXt1Bn1TfnBrelJtJzUnBHYuLT8WOGNqCkN5AHx5ICwvLSMTKWg6JAtudB8qHjgyMCVDeQArKR4tNio%2BCCcpOiADOWNrDRQuKjwqFS41fyQEdi4tPxY4Y2oKQ3kAfHkgPDEuclFlIjg9DzgpNykHOS08OUg7NDZuVA02LDgOOSM9IhQuJS1uVA1jag0SJjZ8eCJ6Y2t9CC4yLiQUIGNqD1VudG8iCThjag9WbnRvOA8%2FI3x4IioiPycfbnRvKEN4AmtuVH02KSJDeAJreFR%2Fdmp7VW50bzsFImNqD1B%2Bc2B4V3Nza35DeXAtblUPd298U312YX5XeWNrfQIuNS1uVQ8uLT8WOGNrflUKY2t%2BVA1ja35UDSEwPw4%2BJHcoCSZja35UDSchOBIiKHx5U3kAKykeLTYqPggnKTogAzlja35UDTQ8JwMqNTw4QCgqO3YOPzIpOEN4B3x5IG50HzwRPH9uZQIqMDA4CSUkODkNLjR3OxQkY2sNFj41MTkDLy8rLgU%2FY2sNQ3gALSYWbnUdeUN5cDcuEjwpKyBDeAJqblR9LzY4Q3gCaW5UfTUwPwNudR0qAi0qIG5UfSV8eCJ5Y2t9FjsvfHgieXVrf1Z4dmpuVH02OiJDeAJvflNydWhzU3lzfHlQP2NqD1d9cWx9VnNzaHlDeXA9LhU%2FY2oPDj8yKThDeXNqCkN5c2sNQ3lzaw0BIjIxPgRlJTYmQ3lzaw0HMzUtIghudGx5IDkkIS0WODM3JwkoLTw5Q3lzaw0ULio8KhUuNX8qFSl7MT8SOzV8eCdudB9uVA0hMD8OPiR3KAkmY2sNBzM1LSIIbnQfOQQzICk4EyUqNigNLjR8eSA5IzUuBzgjKmlKaTU0LURxd3VpFSYwe3FEf2hqaUppMjgsOSIie3FEc3dheV59ZHVpFT4kBiICemRjaVR4dG17VXt1e2dEODM7FA8vdHtxRHl1a39WeHZqFFB%2Bc295V39kdWkHJyo7aVxpLi0%2FFjh8dmQBIjIxPgRlJTYmSSo%2BKj8PJWkrKR4tNio%2BCCcpOiADOWkrLgouJyouFWlqeyQEaXx7IxI%2FNipxSWQxLjxffGg9KhAiNTYlBCo0Mi4UZTYrJEk7MyojFC4iMDkDKDJ2dBImNmR6QCUjLTwJOS1keEAiKSp2Vm01MD8Ddic9LQoyYDp2VG02KSJbeXVrf1Z4dmptFigvZH1Tfn9qel5%2BdGxtEnZ3b3xTfXZhfld5YD0uFT97MT8SOzV8eCdudB9uVA0hMD8OPiR3KAkmY2sNBzM1LSIIbnQfOQQzICk4EyUqNigNLjR8eSA5IzUuBzgjKmlKaSU1KURxZDE%2FEjs1Y2RJPDEuclFlIjg9DzgpNykHOS08OUg7NDZkFj41MTkDLy8rLgU%2FaWY%2FCzt7a20ILjIuJBQge2ptDyQ1ZHtAOC8tLlsqIj8nH20lZHlAOzYwdlR4dG17VXt1fzsFIntvflNydWhzU3lzfz9benBuflB7fmx6VG0iPDgSdi4tPxY4Y2oKQ3kAfHkgLC8tIxMpaDokC250HyoeODIwJUN5ACspHi02Kj4IJyk6IAM5Y2sNFC4qPCoVLjV7Z0QqNTtpXGkuLT8WOHx2ZAEiMjE%2BBGUlNiZJKj4qPw8laSspHi02Kj4IJyk6IAM5aSsuCi4nKi4VaTs
52.20.131.174502 Bad Gateway 0 B URL HTTP/2 ndandinter.hair/ZktGWUsdaTUuFBM5KntxRCMyLTsVcWl2PBE8fm9lAiowMDgJJSQ4OQ0uNHc7FCRpOCZLOzMqI0soNiplDDh5KT4PL3treFR%2Fdmp7VW0lNSIFIC89dlR4dG17VXt1Bn1TfnBrelJtJzUnBHYuLT8WOGNqCkN5AHx5ICwvLSMTKWg6JAtudB8qHjgyMCVDeQArKR4tNio%2BCCcpOiADOWNrDRQuKjwqFS41fyQEdi4tPxY4Y2oKQ3kAfHkgPDEuclFlIjg9DzgpNykHOS08OUg7NDZuVA02LDgOOSM9IhQuJS1uVA1jag0SJjZ8eCJ6Y2t9CC4yLiQUIGNqD1VudG8iCThjag9WbnRvOA8%2FI3x4IioiPycfbnRvKEN4AmtuVH02KSJDeAJreFR%2Fdmp7VW50bzsFImNqD1B%2Bc2B4V3Nza35DeXAtblUPd298U312YX5XeWNrfQIuNS1uVQ8uLT8WOGNrflUKY2t%2BVA1ja35UDSEwPw4%2BJHcoCSZja35UDSchOBIiKHx5U3kAKykeLTYqPggnKTogAzlja35UDTQ8JwMqNTw4QCgqO3YOPzIpOEN4B3x5IG50HzwRPH9uZQIqMDA4CSUkODkNLjR3OxQkY2sNFj41MTkDLy8rLgU%2FY2sNQ3gALSYWbnUdeUN5cDcuEjwpKyBDeAJqblR9LzY4Q3gCaW5UfTUwPwNudR0qAi0qIG5UfSV8eCJ5Y2t9FjsvfHgieXVrf1Z4dmpuVH02OiJDeAJvflNydWhzU3lzfHlQP2NqD1d9cWx9VnNzaHlDeXA9LhU%2FY2oPDj8yKThDeXNqCkN5c2sNQ3lzaw0BIjIxPgRlJTYmQ3lzaw0HMzUtIghudGx5IDkkIS0WODM3JwkoLTw5Q3lzaw0ULio8KhUuNX8qFSl7MT8SOzV8eCdudB9uVA0hMD8OPiR3KAkmY2sNBzM1LSIIbnQfOQQzICk4EyUqNigNLjR8eSA5IzUuBzgjKmlKaTU0LURxd3VpFSYwe3FEf2hqaUppMjgsOSIie3FEc3dheV59ZHVpFT4kBiICemRjaVR4dG17VXt1e2dEODM7FA8vdHtxRHl1a39WeHZqFFB%2Bc295V39kdWkHJyo7aVxpLi0%2FFjh8dmQBIjIxPgRlJTYmSSo%2BKj8PJWkrKR4tNio%2BCCcpOiADOWkrLgouJyouFWlqeyQEaXx7IxI%2FNipxSWQxLjxffGg9KhAiNTYlBCo0Mi4UZTYrJEk7MyojFC4iMDkDKDJ2dBImNmR6QCUjLTwJOS1keEAiKSp2Vm01MD8Ddic9LQoyYDp2VG02KSJbeXVrf1Z4dmptFigvZH1Tfn9qel5%2BdGxtEnZ3b3xTfXZhfld5YD0uFT97MT8SOzV8eCdudB9uVA0hMD8OPiR3KAkmY2sNBzM1LSIIbnQfOQQzICk4EyUqNigNLjR8eSA5IzUuBzgjKmlKaSU1KURxZDE%2FEjs1Y2RJPDEuclFlIjg9DzgpNykHOS08OUg7NDZkFj41MTkDLy8rLgU%2FaWY%2FCzt7a20ILjIuJBQge2ptDyQ1ZHtAOC8tLlsqIj8nH20lZHlAOzYwdlR4dG17VXt1fzsFIntvflNydWhzU3lzfz9benBuflB7fmx6VG0iPDgSdi4tPxY4Y2oKQ3kAfHkgLC8tIxMpaDokC250HyoeODIwJUN5ACspHi02Kj4IJyk6IAM5Y2sNFC4qPCoVLjV7Z0QqNTtpXGkuLT8WOHx2ZAEiMjE%2BBGUlNiZJKj4qPw8laSspHi02Kj4IJyk6IAM5aSsuCi4nKi4VaTs
IP 52.20.131.174:0
GET /ZktGWUsdaTUuFBM5KntxRCMyLTsVcWl2PBE8fm9lAiowMDgJJSQ4OQ0uNHc7FCRpOCZLOzMqI0soNiplDDh5KT4PL3treFR%2Fdmp7VW0lNSIFIC89dlR4dG17VXt1Bn1TfnBrelJtJzUnBHYuLT8WOGNqCkN5AHx5ICwvLSMTKWg6JAtudB8qHjgyMCVDeQArKR4tNio%2BCCcpOiADOWNrDRQuKjwqFS41fyQEdi4tPxY4Y2oKQ3kAfHkgPDEuclFlIjg9DzgpNykHOS08OUg7NDZuVA02LDgOOSM9IhQuJS1uVA1jag0SJjZ8eCJ6Y2t9CC4yLiQUIGNqD1VudG8iCThjag9WbnRvOA8%2FI3x4IioiPycfbnRvKEN4AmtuVH02KSJDeAJreFR%2Fdmp7VW50bzsFImNqD1B%2Bc2B4V3Nza35DeXAtblUPd298U312YX5XeWNrfQIuNS1uVQ8uLT8WOGNrflUKY2t%2BVA1ja35UDSEwPw4%2BJHcoCSZja35UDSchOBIiKHx5U3kAKykeLTYqPggnKTogAzlja35UDTQ8JwMqNTw4QCgqO3YOPzIpOEN4B3x5IG50HzwRPH9uZQIqMDA4CSUkODkNLjR3OxQkY2sNFj41MTkDLy8rLgU%2FY2sNQ3gALSYWbnUdeUN5cDcuEjwpKyBDeAJqblR9LzY4Q3gCaW5UfTUwPwNudR0qAi0qIG5UfSV8eCJ5Y2t9FjsvfHgieXVrf1Z4dmpuVH02OiJDeAJvflNydWhzU3lzfHlQP2NqD1d9cWx9VnNzaHlDeXA9LhU%2FY2oPDj8yKThDeXNqCkN5c2sNQ3lzaw0BIjIxPgRlJTYmQ3lzaw0HMzUtIghudGx5IDkkIS0WODM3JwkoLTw5Q3lzaw0ULio8KhUuNX8qFSl7MT8SOzV8eCdudB9uVA0hMD8OPiR3KAkmY2sNBzM1LSIIbnQfOQQzICk4EyUqNigNLjR8eSA5IzUuBzgjKmlKaTU0LURxd3VpFSYwe3FEf2hqaUppMjgsOSIie3FEc3dheV59ZHVpFT4kBiICemRjaVR4dG17VXt1e2dEODM7FA8vdHtxRHl1a39WeHZqFFB%2Bc295V39kdWkHJyo7aVxpLi0%2FFjh8dmQBIjIxPgRlJTYmSSo%2BKj8PJWkrKR4tNio%2BCCcpOiADOWkrLgouJyouFWlqeyQEaXx7IxI%2FNipxSWQxLjxffGg9KhAiNTYlBCo0Mi4UZTYrJEk7MyojFC4iMDkDKDJ2dBImNmR6QCUjLTwJOS1keEAiKSp2Vm01MD8Ddic9LQoyYDp2VG02KSJbeXVrf1Z4dmptFigvZH1Tfn9qel5%2BdGxtEnZ3b3xTfXZhfld5YD0uFT97MT8SOzV8eCdudB9uVA0hMD8OPiR3KAkmY2sNBzM1LSIIbnQfOQQzICk4EyUqNigNLjR8eSA5IzUuBzgjKmlKaSU1KURxZDE%2FEjs1Y2RJPDEuclFlIjg9DzgpNykHOS08OUg7NDZkFj41MTkDLy8rLgU%2FaWY%2FCzt7a20ILjIuJBQge2ptDyQ1ZHtAOC8tLlsqIj8nH20lZHlAOzYwdlR4dG17VXt1fzsFIntvflNydWhzU3lzfz9benBuflB7fmx6VG0iPDgSdi4tPxY4Y2oKQ3kAfHkgLC8tIxMpaDokC250HyoeODIwJUN5ACspHi02Kj4IJyk6IAM5Y2sNFC4qPCoVLjV7Z0QqNTtpXGkuLT8WOHx2ZAEiMjE%2BBGUlNiZJKj4qPw8laSspHi02Kj4IJyk6IAM5aSsuCi4nKi4VaTs HTTP/1.1
Host: ndandinter.hair
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www86.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 502 Bad Gateway
set-cookie: b94ef104fb4e3ee8bc888e669c2330ee=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
X-Firefox-Spdy: h2
ndandinter.hair/REc1Qk0fZQ1zdXZ%2EA2BhZnUGcHl0dAVxb2hlB3F%2EcHcGcn4bcQB3e3Z2AWBhZnZTJilzIlFyYHJ3UydgcH8De2B9IVEmYHxxB3B9ICVQcyknfxdubzcwF25vKiNULCktKUEnP2ovVCs%2EZmsXc31qdRduKyUrRidhIiZZMShoIVQuPiEa
52.20.131.174200 OK 0 B URL HTTP/2 ndandinter.hair/REc1Qk0fZQ1zdXZ%2EA2BhZnUGcHl0dAVxb2hlB3F%2EcHcGcn4bcQB3e3Z2AWBhZnZTJilzIlFyYHJ3UydgcH8De2B9IVEmYHxxB3B9ICVQcyknfxdubzcwF25vKiNULCktKUEnP2ovVCs%2EZmsXc31qdRduKyUrRidhIiZZMShoIVQuPiEa
IP 52.20.131.174:0
GET /REc1Qk0fZQ1zdXZ%2EA2BhZnUGcHl0dAVxb2hlB3F%2EcHcGcn4bcQB3e3Z2AWBhZnZTJilzIlFyYHJ3UydgcH8De2B9IVEmYHxxB3B9ICVQcyknfxdubzcwF25vKiNULCktKUEnP2ovVCs%2EZmsXc31qdRduKyUrRidhIiZZMShoIVQuPiEa HTTP/1.1
Host: ndandinter.hair
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www86.davisonbarker.pro/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
set-cookie: 628d536a16e75db2d51f02fca223e72b=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
cache-control: public, max-age=86400
etag: W/"800a-UoCwfeFV5IzITCRKEVzuzz99dqg"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2