www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
104.21.92.39 28 kB URL www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
IP 104.21.92.39:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (62619)
Hash c59ea2739fb649867ff4b4cbfdd3f30b
0b58ff48fa54a647cd11c4616508933617754dc8
95685659505557380fad58d1a15cac9a8ca97ee3e15275b708ea25258bae7ff6
GET /pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0 HTTP/1.1
Host: www41.davisonbarker.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 20 Apr 2023 11:45:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/7.3.27
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
set-cookie: lastUrlPushTmp=www41.davisonbarker.pro
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jneepwmitknCYB85f%2BQOJd2VwS%2Bh73fu6dRf5byx%2Fc6WoT4z%2BNXc7tu9Gu%2FU%2B1pfrXv5%2BlJJFbc0QhakmUGQOl42H6weXiiTstiHh%2BtcLxVJYiz%2B9l01iQgBx82HBEwwafTXa5cgXt85oA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7bad242fcec4b505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
www41.davisonbarker.pro/static/image/logo.png
104.21.92.39200 OK 11 kB URL GET HTTP/1.1 www41.davisonbarker.pro/static/image/logo.png
IP 104.21.92.39:80
Requested by http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
File type PNG image data, 185 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash f819716ccd5a0e06aecdb273cfb4ccbe
f60bad9a95299264085d01c9705b03c768a71da8
196c51f778db9df7ecf75ce7f663ea3bb07726b67feeae45ad9abfd3008b937a
GET /static/image/logo.png HTTP/1.1
Host: www41.davisonbarker.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 20 Apr 2023 11:45:29 GMT
Content-Type: image/png
Content-Length: 10726
Connection: keep-alive
cache-control: public, max-age=604800
expires: Thu, 27 Apr 2023 11:28:56 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "29e6-5faa60e6-b22ed065d915c717;;;"
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 925
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q5B40kj5o10n8VMgCTNU1nGBtcCpGXho833sc1YrxBzjkQkVSTn5ht%2BkBmuN2GX8bSvx6HWIWf6j4F%2F3ZQYTITBggeI3rx1%2BfLd%2FLAw7yD226nk8u8rYBrynkDl%2F9x7YCPgt7vc8pIboMg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7bad24327a4fb505-OSL
alt-svc: h2=":443"; ma=60
dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
54.230.245.166200 OK 52 kB URL GET HTTP/1.1 dc5k8fg5ioc8s.cloudfront.net/?gfkcd=824473
IP 54.230.245.166:80
Requested by http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
File type Unicode text, UTF-8 text, with very long lines (15955)
Hash 8bd518635addba48118697f05c1623d9
fb73c93ddd487577a7718949e98827bad8e13802
f5987ee6f35dce3991cad92aa4d188a08b2de022ae8d35e1cce6c4064d19498c
GET /?gfkcd=824473 HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www41.davisonbarker.pro/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 51542
Connection: keep-alive
Date: Thu, 20 Apr 2023 11:44:11 GMT
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Hit from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 9QMGbwpjhzhvCrCDLr7XpBJMBzQWF-Sr3yh6JKHSj8DkWzGAPs_mGg==
Age: 79
rrentlysearchi.info/WlR3bkd1axQdej8SGyceaDg5DykYAC9eLywyRjQmCRNGWRJrJ1EaLj5pT1xzbmNESDczMEpddXwnAw8zLydKXHdqY1EHKTw7SlxhLGlHQH50ZVlbYS9pRkgzKjUQU3Z8JAMaK2dlQVZ2Y21GXH5qbEJe
104.21.45.124204 No Content 0 B URL GET HTTP/3 rrentlysearchi.info/WlR3bkd1axQdej8SGyceaDg5DykYAC9eLywyRjQmCRNGWRJrJ1EaLj5pT1xzbmNESDczMEpddXwnAw8zLydKXHdqY1EHKTw7SlxhLGlHQH50ZVlbYS9pRkgzKjUQU3Z8JAMaK2dlQVZ2Y21GXH5qbEJe
IP 104.21.45.124:443
Requested by http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
Certificate IssuerLet's Encrypt
Subjectrrentlysearchi.info
FingerprintB1:B4:E5:E5:D3:63:68:C6:C6:37:6F:04:AD:CF:F8:E6:BC:75:16:EE
ValiditySun, 16 Apr 2023 11:11:24 GMT - Sat, 15 Jul 2023 11:11:23 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WlR3bkd1axQdej8SGyceaDg5DykYAC9eLywyRjQmCRNGWRJrJ1EaLj5pT1xzbmNESDczMEpddXwnAw8zLydKXHdqY1EHKTw7SlxhLGlHQH50ZVlbYS9pRkgzKjUQU3Z8JAMaK2dlQVZ2Y21GXH5qbEJe HTTP/1.1
Host: rrentlysearchi.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: rrentlysearchi.info
Connection: keep-alive
Referer: http://www41.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Thu, 20 Apr 2023 11:45:30 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GE5L0AvHQjgXbQ7DX2ed3YpoaLcIYTgwBFxy5cloQCQkCrM%2FwTRiN1idUMety8emAoYvUlDAxl8NjL1L%2Fq8RNQFaCHyvl5SsfhR5MK%2B3oG%2FgNe9RJFkLvWxU4GM7d6RHL%2Bo1T1Rr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7bad2432e894b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
rrentlysearchi.info/bHhSR1hDRzE0ZT4CEB4POhQrBmouCDB0OysaYD8pCA8ANTk7C3QzMQhFanVsWE9hYSgFHG90akoLJiYsGQtvdn4FFjQoZUoOb3d2VVZjaW1KDW92fhgIMyBlXV4iMywARWNxYF1Ba3ZqVUhqc28
104.21.45.124204 No Content 0 B URL GET HTTP/3 rrentlysearchi.info/bHhSR1hDRzE0ZT4CEB4POhQrBmouCDB0OysaYD8pCA8ANTk7C3QzMQhFanVsWE9hYSgFHG90akoLJiYsGQtvdn4FFjQoZUoOb3d2VVZjaW1KDW92fhgIMyBlXV4iMywARWNxYF1Ba3ZqVUhqc28
IP 104.21.45.124:443
Requested by http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
Certificate IssuerLet's Encrypt
Subjectrrentlysearchi.info
FingerprintB1:B4:E5:E5:D3:63:68:C6:C6:37:6F:04:AD:CF:F8:E6:BC:75:16:EE
ValiditySun, 16 Apr 2023 11:11:24 GMT - Sat, 15 Jul 2023 11:11:23 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bHhSR1hDRzE0ZT4CEB4POhQrBmouCDB0OysaYD8pCA8ANTk7C3QzMQhFanVsWE9hYSgFHG90akoLJiYsGQtvdn4FFjQoZUoOb3d2VVZjaW1KDW92fhgIMyBlXV4iMywARWNxYF1Ba3ZqVUhqc28 HTTP/1.1
Host: rrentlysearchi.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: rrentlysearchi.info
Connection: keep-alive
Referer: http://www41.davisonbarker.pro/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Thu, 20 Apr 2023 11:45:30 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Wdt%2BjOHeV97BCq%2BrT4MPG6FKklCxbDlQp5UVO58ujU1J69SLOgvVHFe%2Fw4XNApVrWG7f2Z8n6LzO9R%2BNSjVUIjeA%2BuykAtKm2abKV2nvT6u5ZLsrCmADHX9YRvxame0WIcifasd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7bad2432e896b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ghabovethec.info/RHhQczklGjMeBiVFMlVMNhRtVgsCXWI1XSdNO0tfI005HFp8C34QVSsNNBVLKxYkXVchDHVBfwMrO0JvHi0nA3AuCxQQQ3ATHSVRdB0YH1ERFmkAcz0hGzpTNA8ANXQeHSk2bQIsNzpyPRwEOGgNMxImdHA1Ex9WEi8/HnUACxMQbjMXHwRjPB1iAAkFK2VAXBw1AiN6ERUxMXgtNDkUQwA7GQVyHDUBP2EnHx8bASgyOTYJFTBkPlwMDAYSYSxBNiEIfR1iG1QOSjxHXxATHTpTfEkzNV18NT4lUwsWIFYLBhkXKlclIDhKczw2IBZoPBMGK28vHgheQQUePhxICTkJHXMTED46CnFONjRvEh4IAwEnPjRLdQcpPjJ6KxQeK3scOz4HAR49JEtbABA/JXhiEiMcVzRFOUVsdRQWA00GHiJFXAw/AA
108.157.214.120200 OK 1.2 kB URL GET HTTP/1.1 ghabovethec.info/RHhQczklGjMeBiVFMlVMNhRtVgsCXWI1XSdNO0tfI005HFp8C34QVSsNNBVLKxYkXVchDHVBfwMrO0JvHi0nA3AuCxQQQ3ATHSVRdB0YH1ERFmkAcz0hGzpTNA8ANXQeHSk2bQIsNzpyPRwEOGgNMxImdHA1Ex9WEi8/HnUACxMQbjMXHwRjPB1iAAkFK2VAXBw1AiN6ERUxMXgtNDkUQwA7GQVyHDUBP2EnHx8bASgyOTYJFTBkPlwMDAYSYSxBNiEIfR1iG1QOSjxHXxATHTpTfEkzNV18NT4lUwsWIFYLBhkXKlclIDhKczw2IBZoPBMGK28vHgheQQUePhxICTkJHXMTED46CnFONjRvEh4IAwEnPjRLdQcpPjJ6KxQeK3scOz4HAR49JEtbABA/JXhiEiMcVzRFOUVsdRQWA00GHiJFXAw/AA
IP 108.157.214.120:80
Requested by http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3028), with no line terminators
Hash e9dec566a8fc56a00d357454b45809d5
6d3b981d44f48b215fb2f58b8aa180edd9a25cec
e2dd3c9a6695d6179dfa6ff6c41d94ea15c35c09c61891fd589131689f6066c3
GET /RHhQczklGjMeBiVFMlVMNhRtVgsCXWI1XSdNO0tfI005HFp8C34QVSsNNBVLKxYkXVchDHVBfwMrO0JvHi0nA3AuCxQQQ3ATHSVRdB0YH1ERFmkAcz0hGzpTNA8ANXQeHSk2bQIsNzpyPRwEOGgNMxImdHA1Ex9WEi8/HnUACxMQbjMXHwRjPB1iAAkFK2VAXBw1AiN6ERUxMXgtNDkUQwA7GQVyHDUBP2EnHx8bASgyOTYJFTBkPlwMDAYSYSxBNiEIfR1iG1QOSjxHXxATHTpTfEkzNV18NT4lUwsWIFYLBhkXKlclIDhKczw2IBZoPBMGK28vHgheQQUePhxICTkJHXMTED46CnFONjRvEh4IAwEnPjRLdQcpPjJ6KxQeK3scOz4HAR49JEtbABA/JXhiEiMcVzRFOUVsdRQWA00GHiJFXAw/AA HTTP/1.1
Host: ghabovethec.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www41.davisonbarker.pro/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1180
Connection: keep-alive
Date: Thu, 20 Apr 2023 11:45:30 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
X-Cache: Miss from cloudfront
Via: 1.1 301faf3f65621d2ccd9fad88788c128a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P1
X-Amz-Cf-Id: RXv18a53Ae358Agk1hwqcMEMhe2Sz5lBSxZi31QCCEkH1B5Iw6xKDg==
breedingdaringconcussion.com/aa/24/05/aa240591af5d8573573bb87d25c7ab12.json
173.233.137.44200 OK 407 B URL GET HTTP/1.1 breedingdaringconcussion.com/aa/24/05/aa240591af5d8573573bb87d25c7ab12.json
IP 173.233.137.44:80
Requested by http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
File type JSON data\012- , ASCII text, with very long lines (407), with no line terminators
Hash 1b13bdc2b6477bdf5a808ecb7120f4c5
f472c1197f0173ea2c6e1d123b8ae5ad99f2914f
5726e65b6991e3204faa79da176ff6fffa2e3f086190942387c94110e6bceefc
GET /aa/24/05/aa240591af5d8573573bb87d25c7ab12.json HTTP/1.1
Host: breedingdaringconcussion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://www41.davisonbarker.pro
Connection: keep-alive
Referer: http://www41.davisonbarker.pro/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 20 Apr 2023 11:45:30 GMT
Content-Type: application/json
Content-Length: 407
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d586f87732d298a890daabcb841e3e3b
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.r2m01.amazontrust.com/
143.204.48.16 471 B URL ocsp.r2m01.amazontrust.com/
IP 143.204.48.16:0
Hash 917847a3f7cf49dfbf477764ae95fd23
51d340665c9fdda2ec13c5b52c6031d9bd23fe91
53b2dd936a8700650558c6f34b7ef880cfc33ca84c8e0bcb8290578057043fa8
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 20 Apr 2023 11:45:30 GMT
Last-Modified: Thu, 20 Apr 2023 10:55:26 GMT
Server: ECAcc (nya/7958)
X-Cache: Miss from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Vn69ByGPmHYxn-S0ruxOw5jf-wOMAu4miFhK2TD_ojph_7bfpYKVSg==
Age: 3004
simplewebanalysis.com/stats
3.65.16.149200 OK 40 B URL GET HTTP/2 simplewebanalysis.com/stats
IP 3.65.16.149:443
Requested by http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
Certificate IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 274c91772b96a13cc6b78c3c6e58f49c
5e8ff0ca07653b4e43ec5982e37323499efc694e
3f7f886aeefdd1fe8a94b4c513d8b77505b4b7cf06e9e0d1cf4955432aa96b91
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www41.davisonbarker.pro
Connection: keep-alive
Referer: http://www41.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 20 Apr 2023 11:45:30 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://www41.davisonbarker.pro
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=5771bb7a-ef05-4406-a72b-ed2e9cd5274c:2:1; expires=Sun, 17 Apr 2033 11:45:30 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
3.65.16.149200 OK 40 B URL GET HTTP/2 simplewebanalysis.com/stats
IP 3.65.16.149:443
Requested by http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
Certificate IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 302d4089b76c583f0458c598a0be1962
8f2e74d6f25e0683c15d456d898b72692c03c898
8d9f2314fa9af48e848ca22e8b65cd55a8d4a195ea97754dac5ab617f16a1e0c
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www41.davisonbarker.pro
Connection: keep-alive
Referer: http://www41.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 20 Apr 2023 11:45:30 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://www41.davisonbarker.pro
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=7ded896a-fc8b-405d-a9ab-91ff9c1626e7:1:1; expires=Sun, 17 Apr 2033 11:45:30 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
banquetunarmedgrater.com/advertisers.js
192.243.59.12200 OK 0 B URL GET HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 192.243.59.12:80
ASN #39572 DataWeb Global Group B.V.
Requested by http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www41.davisonbarker.pro/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Thu, 20 Apr 2023 11:45:30 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 596ebc7c4b639282269834992d2d4a79
Strict-Transport-Security: max-age=0; includeSubdomains
dc5k8fg5ioc8s.cloudfront.net/GSk1VZUwpIjsDcz4kMVh0eHlhUn9sJyYKIjpwPFMZeyETFTgIKydTKQIKBUM4MCloVWomLDsCcWwoOwZxe2s0AS53eXMRPCUmaBAiLigzDCIvKXMQLXcgOh8lJiE0QH4MeHtVaXh9fR19e2hmJ2l4fTkMIj81cFd8MnVjOnp+aGYnaXh9JxNpeQxkVXVkfX-xAfnoqMAYnJWhnI356fGVVfXp8cFd8LCQnAColNXBXCnt8ZEt8bDhoVA
54.230.245.166200 OK 349 B URL GET HTTP/1.1 dc5k8fg5ioc8s.cloudfront.net/GSk1VZUwpIjsDcz4kMVh0eHlhUn9sJyYKIjpwPFMZeyETFTgIKydTKQIKBUM4MCloVWomLDsCcWwoOwZxe2s0AS53eXMRPCUmaBAiLigzDCIvKXMQLXcgOh8lJiE0QH4MeHtVaXh9fR19e2hmJ2l4fTkMIj81cFd8MnVjOnp+aGYnaXh9JxNpeQxkVXVkfX-xAfnoqMAYnJWhnI356fGVVfXp8cFd8LCQnAColNXBXCnt8ZEt8bDhoVA
IP 54.230.245.166:80
Requested by http://ghabovethec.info/RHhQczklGjMeBiVFMlVMNhRtVgsCXWI1XSdNO0tfI005HFp8C34QVSsNNBVLKxYkXVchDHVBfwMrO0JvHi0nA3AuCxQQQ3ATHSVRdB0YH1ERFmkAcz0hGzpTNA8ANXQeHSk2bQIsNzpyPRwEOGgNMxImdHA1Ex9WEi8/HnUACxMQbjMXHwRjPB1iAAkFK2VAXBw1AiN6ERUxMXgtNDkUQwA7GQVyHDUBP2EnHx8bASgyOTYJFTBkPlwMDAYSYSxBNiEIfR1iG1QOSjxHXxATHTpTfEkzNV18NT4lUwsWIFYLBhkXKlclIDhKczw2IBZoPBMGK28vHgheQQUePhxICTkJHXMTED46CnFONjRvEh4IAwEnPjRLdQcpPjJ6KxQeK3scOz4HAR49JEtbABA/JXhiEiMcVzRFOUVsdRQWA00GHiJFXAw/AA
File type ASCII text, with very long lines (440), with no line terminators
Hash 54a880f5e585a4651acc5042bdd34cd4
a906751c66b86ab290bb0f493d5fe0881941c3d4
7f4e552c67fa823e62f0f9e7d5e864e88f7d9dca69c1caf5f32c986e0e941f03
Analyzer Verdict Alert fortinet Malware
GET /GSk1VZUwpIjsDcz4kMVh0eHlhUn9sJyYKIjpwPFMZeyETFTgIKydTKQIKBUM4MCloVWomLDsCcWwoOwZxe2s0AS53eXMRPCUmaBAiLigzDCIvKXMQLXcgOh8lJiE0QH4MeHtVaXh9fR19e2hmJ2l4fTkMIj81cFd8MnVjOnp+aGYnaXh9JxNpeQxkVXVkfX-xAfnoqMAYnJWhnI356fGVVfXp8cFd8LCQnAColNXBXCnt8ZEt8bDhoVA HTTP/1.1
Host: dc5k8fg5ioc8s.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ghabovethec.info/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 349
Connection: keep-alive
Date: Thu, 20 Apr 2023 11:45:30 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: XqPSPip9hpb1Db0smZn6BcAZPAkveV9LADYy73UwTH4szyUCBi66Mw==
reasonablelandmark.com/bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js
173.233.137.60200 OK 13 kB URL GET HTTP/1.1 reasonablelandmark.com/bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js
IP 173.233.137.60:80
Requested by http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
File type ASCII text, with very long lines (37124), with no line terminators
Hash b938c327c984395b647924d2f30e9e24
52ad6ceac0caf5c11afc7abf79ab4dfc02d8d6ba
2de5207d29d934d5ceb1ff0e8c13e3bf69584e8ae25ccb739d038f4e0c31b88a
Analyzer Verdict Alert quad9 Sinkholed
GET /bf/f2/9f/bff29f0d3318d4c4b9a844119e218228.js HTTP/1.1
Host: reasonablelandmark.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www41.davisonbarker.pro/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Thu, 20 Apr 2023 11:45:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 61b5e19f4a87716a1aeaae21feed3a7a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
rrentlysearchi.info/popunder.gif
104.21.45.124301 Moved Permanently 0 B URL GET HTTP/1.1 rrentlysearchi.info/popunder.gif
IP 104.21.45.124:80
Requested by http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /popunder.gif HTTP/1.1
Host: rrentlysearchi.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www41.davisonbarker.pro/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Thu, 20 Apr 2023 11:45:30 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 20 Apr 2023 12:45:30 GMT
Location: https://rrentlysearchi.info/popunder.gif
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aT9FBPbs4HJygR6MPdVNVukqVwhrBzG9fx%2BM4IY0efQdkw0uea0YD76XHD1Pa8mzZreFgMNXUmFsUMlcnoFklShGbWBPwhPxzkNoWzKALXsP5eBEuXbuDdStRVr6cxgnmoFD3bys"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7bad2436cccb0b51-OSL
alt-svc: h2=":443"; ma=60
rrentlysearchi.info/popunder.gif
104.21.45.124301 Moved Permanently 35 B URL GET HTTP/1.1 rrentlysearchi.info/popunder.gif
IP 104.21.45.124:80
Requested by http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /popunder.gif HTTP/1.1
Host: rrentlysearchi.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www41.davisonbarker.pro/
Alt-Used: rrentlysearchi.info
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 20 Apr 2023 11:45:30 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 21910
last-modified: Thu, 20 Apr 2023 05:40:20 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wTZuCbvErJQryv%2BX2FNWoAit8RktrmOE4pyFK3rLqAED0qtO%2FbGWJuZHfaFOpGKRBBTWW4%2FWzy0TaWgEFtUqij4z81SaPODQyrQdO%2FsOI%2FM8JoP99MxhWCx%2F076asfNkAnyY3TRG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7bad2436ed5db511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
friendshipmale.com/sfp.js
172.64.202.23200 OK 28 kB URL GET HTTP/1.1 friendshipmale.com/sfp.js
IP 172.64.202.23:80
Requested by http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www41.davisonbarker.pro/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 20 Apr 2023 11:45:30 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: bdfdc4e2d1ee0e0823b7b289a09b23b7
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Thu, 20 Apr 2023 11:45:30 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2GruYuVLaIgDzzH535YrSFrIcjjAdBU7E3Jh3aetQ6KzzOVQz6uqqraCZwENvsQ3Nhna15ln3R1KvgsYLt2wP1tDSHIMrfkAOgnlEcSRPW7i8yIwj5p7UDZuSQTSMr%2BVBvEnXBw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7bad2436f98a7326-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ghabovethec.info/utx?cb=lu7cQjPAO8La&top=www41.davisonbarker.pro&tid=824473
108.157.214.120204 No Content 0 B URL GET HTTP/2 ghabovethec.info/utx?cb=lu7cQjPAO8La&top=www41.davisonbarker.pro&tid=824473
IP 108.157.214.120:443
Requested by http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
Certificate IssuerAmazon
Subjectghabovethec.info
Fingerprint31:D7:53:3E:73:B9:5C:CA:A9:4E:9A:20:4C:CA:96:40:C3:A0:5A:8F
ValiditySun, 09 Apr 2023 00:00:00 GMT - Tue, 07 May 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=lu7cQjPAO8La&top=www41.davisonbarker.pro&tid=824473 HTTP/1.1
Host: ghabovethec.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www41.davisonbarker.pro
Connection: keep-alive
Referer: http://www41.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Thu, 20 Apr 2023 11:45:31 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www41.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 20 Apr 2023 11:46:31 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 009f08cce389af684f28c36891875534.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: 8MKuzS6zsDrAYqd3PswxynOjHEm6Bimq5mfXP2XzRDfdEmb9L-DXAQ==
X-Firefox-Spdy: h2
ghabovethec.info/floater?cs=SElzRGR9ekt0Unh%2FRHFXeH1AdFY&abt=0&red=1&sm=83&k=&v=0.9.1.5&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=http%3A%2F%2Fwww41.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D9%26ppi%3D3836590%26pci%3D2638232642%26t%3D1681990997%26dest%3Dhttps%3A%2F%2Fwww.dropbox.com%2Fs%2Fiqkwj1tanib95s0%2F%5BMario_Boss%5D%5B1.8%5D%2B-%2BbyBrutec.zip%3Fdl%3D0&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A109.0)%20gecko%2F20100101%20firefox%2F111.0&tzd=0&uloc=&if=0&aa=oi1_&_SxFe=1681991291518&crc=1
108.157.214.120200 OK 991 B URL GET HTTP/2 ghabovethec.info/floater?cs=SElzRGR9ekt0Unh%2FRHFXeH1AdFY&abt=0&red=1&sm=83&k=&v=0.9.1.5&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=http%3A%2F%2Fwww41.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D9%26ppi%3D3836590%26pci%3D2638232642%26t%3D1681990997%26dest%3Dhttps%3A%2F%2Fwww.dropbox.com%2Fs%2Fiqkwj1tanib95s0%2F%5BMario_Boss%5D%5B1.8%5D%2B-%2BbyBrutec.zip%3Fdl%3D0&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A109.0)%20gecko%2F20100101%20firefox%2F111.0&tzd=0&uloc=&if=0&aa=oi1_&_SxFe=1681991291518&crc=1
IP 108.157.214.120:443
Requested by http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
Certificate IssuerAmazon
Subjectghabovethec.info
Fingerprint31:D7:53:3E:73:B9:5C:CA:A9:4E:9A:20:4C:CA:96:40:C3:A0:5A:8F
ValiditySun, 09 Apr 2023 00:00:00 GMT - Tue, 07 May 2024 23:59:59 GMT
File type ASCII text, with very long lines (1499), with no line terminators
Hash ef53bbd565dc94cfe6cce619d6f5e003
656a27453f54277e3bd37d639eab0c77a8915b73
3e685c6553ebbfce7221d66310f082d54b5a274d94397159eb554b012e25ae85
GET /floater?cs=SElzRGR9ekt0Unh%2FRHFXeH1AdFY&abt=0&red=1&sm=83&k=&v=0.9.1.5&sts=0&prn=0&emb=0&tid=824473&rxy=1280_1024&fs=1&t=600&m=2&ns=1&ndp=1&asi=1&ref=http%3A%2F%2Fwww41.davisonbarker.pro%2Fpushredirect%2F%3Ftmp%3D1%26network%3D3%26ios%3D0%26site%3Dadfly%26c%3D9%26ppi%3D3836590%26pci%3D2638232642%26t%3D1681990997%26dest%3Dhttps%3A%2F%2Fwww.dropbox.com%2Fs%2Fiqkwj1tanib95s0%2F%5BMario_Boss%5D%5B1.8%5D%2B-%2BbyBrutec.zip%3Fdl%3D0&jst=0&enr=0&lcua=mozilla%2F5.0%20(x11%3B%20linux%20x86_64%3B%20rv%3A109.0)%20gecko%2F20100101%20firefox%2F111.0&tzd=0&uloc=&if=0&aa=oi1_&_SxFe=1681991291518&crc=1 HTTP/1.1
Host: ghabovethec.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www41.davisonbarker.pro
Connection: keep-alive
Referer: http://www41.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/plain
content-length: 991
date: Thu, 20 Apr 2023 11:45:31 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://www41.davisonbarker.pro
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=d9b770f5-4554-4694-b84e-972ab0c94f28
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 009f08cce389af684f28c36891875534.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: jutIKfTL8KSEG_ygEznvoo9HmnrYjTM_NY-VP3Tx6ZI_YqSH3uQcRw==
X-Firefox-Spdy: h2
rrentlysearchi.info/b3Jnc01ATQQAcDkmPQoCOEMAMRgAODBBGC4gNgsoNSMtMQ45SkEHJAtPX0F5W0VUVT0GFlpAf0kBExI5GgFaQX1fR0EaIwkdWkF9X0RXQ3xcQEJEDgcGEwM+SkEmVn8pV1U1NQIeSQAoHQQCXj4KABEWKEERCB5oXTQTGzgCEAkSJANXVDUkSkEjNhhFAAUXFSUEKTISXVdVRT1KQSNCe1dDXkp8XkFWXX9dQl9CeEpAURogCAZCQAkGEQgdaFgxCQYhA1dQMHtbQV5EeVpAU0Z9WktTSn9ZQl9VO1JCSUpjXlxSVThSQ19Kf1xGXkR9V0JfS3laRUEHPQ4VWkJrHwYTH3BeRF9CdFZDVUp5XUVW
104.21.45.124204 No Content 0 B URL POST HTTP/3 rrentlysearchi.info/b3Jnc01ATQQAcDkmPQoCOEMAMRgAODBBGC4gNgsoNSMtMQ45SkEHJAtPX0F5W0VUVT0GFlpAf0kBExI5GgFaQX1fR0EaIwkdWkF9X0RXQ3xcQEJEDgcGEwM+SkEmVn8pV1U1NQIeSQAoHQQCXj4KABEWKEERCB5oXTQTGzgCEAkSJANXVDUkSkEjNhhFAAUXFSUEKTISXVdVRT1KQSNCe1dDXkp8XkFWXX9dQl9CeEpAURogCAZCQAkGEQgdaFgxCQYhA1dQMHtbQV5EeVpAU0Z9WktTSn9ZQl9VO1JCSUpjXlxSVThSQ19Kf1xGXkR9V0JfS3laRUEHPQ4VWkJrHwYTH3BeRF9CdFZDVUp5XUVW
IP 104.21.45.124:443
Requested by http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
Certificate IssuerLet's Encrypt
Subjectrrentlysearchi.info
FingerprintB1:B4:E5:E5:D3:63:68:C6:C6:37:6F:04:AD:CF:F8:E6:BC:75:16:EE
ValiditySun, 16 Apr 2023 11:11:24 GMT - Sat, 15 Jul 2023 11:11:23 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /b3Jnc01ATQQAcDkmPQoCOEMAMRgAODBBGC4gNgsoNSMtMQ45SkEHJAtPX0F5W0VUVT0GFlpAf0kBExI5GgFaQX1fR0EaIwkdWkF9X0RXQ3xcQEJEDgcGEwM+SkEmVn8pV1U1NQIeSQAoHQQCXj4KABEWKEERCB5oXTQTGzgCEAkSJANXVDUkSkEjNhhFAAUXFSUEKTISXVdVRT1KQSNCe1dDXkp8XkFWXX9dQl9CeEpAURogCAZCQAkGEQgdaFgxCQYhA1dQMHtbQV5EeVpAU0Z9WktTSn9ZQl9VO1JCSUpjXlxSVThSQ19Kf1xGXkR9V0JfS3laRUEHPQ4VWkJrHwYTH3BeRF9CdFZDVUp5XUVW HTTP/1.1
Host: rrentlysearchi.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www41.davisonbarker.pro
Alt-Used: rrentlysearchi.info
Connection: keep-alive
Referer: http://www41.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/3 204 No Content
date: Thu, 20 Apr 2023 11:45:33 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UF4SbXX27YQ9ZGcIkuECeYjyElhXA1PCbUmZLEEoCQl7iTXrf8XXXzLJGlQH%2BXq8TlCbPeulanji79Vl%2Fkz0JZAsfDOZLHOHEOcDvhl1WycuqMlAgWoZ5sHnclM2JqQCc4cIBO4I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7bad24483c9fb511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
xml.serve-servee.com/thumbnail?i=EU*rbdXJvNA_2&p=1681991131.220815&imgt=icon
172.64.131.18302 Found 0 B URL GET HTTP/2 xml.serve-servee.com/thumbnail?i=EU*rbdXJvNA_2&p=1681991131.220815&imgt=icon
IP 172.64.131.18:443
Requested by http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF9:F4:6D:CB:77:34:5B:81:93:D5:4D:A0:AC:62:B8:EA:AB:A6:7E:14
ValiditySat, 04 Feb 2023 00:00:00 GMT - Sat, 03 Feb 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thumbnail?i=EU*rbdXJvNA_2&p=1681991131.220815&imgt=icon HTTP/1.1
Host: xml.serve-servee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
date: Thu, 20 Apr 2023 11:45:33 GMT
content-length: 0
location: https://static.serve-servee.com/n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png
cache-control: no-store
age: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oVWyCKkVIP1d6tzaZJslJEVfrQ9JzFumNM511wOpfwBqwI7dTg1893sUTLIFoAXEev7V7OsMVqHUgTPvKl59TQnOTu3psexw52cKyLpFyHx0i786YqWXYTOCEKVleUwNf27Ul7%2FQpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7bad2448f9f48892-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.serve-servee.com/n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png
172.64.131.18200 OK 1.1 kB URL GET HTTP/2 static.serve-servee.com/n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png
IP 172.64.131.18:443
Requested by http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintF9:F4:6D:CB:77:34:5B:81:93:D5:4D:A0:AC:62:B8:EA:AB:A6:7E:14
ValiditySat, 04 Feb 2023 00:00:00 GMT - Sat, 03 Feb 2024 23:59:59 GMT
File type PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Hash 4fa2beaeca8f598401f3ec6300cb860b
45634806ea1fa936c0e600b8b22f835600529b36
ef897a0bab353d84bf69ae3570347dea36236575a7b1bbd5992b8f256f856577
GET /n337/ad/192x192_duwWEKdQ4PMk0stZ69y8.png HTTP/1.1
Host: static.serve-servee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 20 Apr 2023 11:45:33 GMT
content-type: image/png
content-length: 1112
last-modified: Fri, 24 Apr 2020 13:59:43 GMT
accept-ranges: bytes
etag: "5ea2f0cf-458"
cache-control: max-age=86400
x-hw: 1681991133.cds319.lo4.h2,1681991133.cds272.lo4.c
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9h3lQjdDMh21eBUQPkWJZwrWVrAF%2F%2BvbrlJWf72%2BCFRtEZFTnde8FiJXe%2BNEExT6t%2BnDhir2vKEcbZIV3UTRKw5dMSuBvu2tL7drfUnRUlmogMCKUWu%2Fh48Fr0efwhKhOOBghmiuoVfnwA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7bad2449bb0d8892-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www41.davisonbarker.pro/static/image/skip_ad/en_tran.png
104.21.92.39200 OK 5.1 kB URL GET HTTP/1.1 www41.davisonbarker.pro/static/image/skip_ad/en_tran.png
IP 104.21.92.39:80
Requested by http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
File type PNG image data, 155 x 41, 8-bit/color RGBA, non-interlaced\012- data
Hash a58f5ea6f1f6bb35658c351f876f1ba9
47fa621b845faf7df13e4021dcffd6f4c73c1018
ef8721967f0cca2539ee60f9cad0e8c1ef89f18a53964a4e6101033d23a4ba29
GET /static/image/skip_ad/en_tran.png HTTP/1.1
Host: www41.davisonbarker.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=7ded896a-fc8b-405d-a9ab-91ff9c1626e7%3A1%3A1; ppu_main_aa240591af5d8573573bb87d25c7ab12=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 20 Apr 2023 11:45:35 GMT
Content-Type: image/png
Content-Length: 5076
Connection: keep-alive
cache-control: public, max-age=604800
expires: Thu, 27 Apr 2023 11:42:25 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "13d4-5faa60e6-eb24f435e560d3dd;;;"
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 189
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bQhIeKDysZWP840sgfyB9HjcRnZuF7%2FeGxCOwiUpklXD%2By1a8S8vwoWt8t7yJ4UWoxg5IHGF%2Br0H6J%2Bw8Y8Ewkgcj41Ju0PhqgYSYxS4FyuuhXQolBsltHddTKl6FY6i%2BudqpYWHjXX3rQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7bad2451ba4db505-OSL
alt-svc: h2=":443"; ma=60
dismantlepenantiterrorist.com/pxf.gif?uuid=7ded896a-fc8b-405d-a9ab-91ff9c1626e7&eb=438d316e0e696928da604403013b50e2&te=bc8a3ff347655a560a72a09ac34fae64&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=13.2077&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=11
0.0.0.0 0 B URL GET dismantlepenantiterrorist.com/pxf.gif?uuid=7ded896a-fc8b-405d-a9ab-91ff9c1626e7&eb=438d316e0e696928da604403013b50e2&te=bc8a3ff347655a560a72a09ac34fae64&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=13.2077&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=11
IP 0.0.0.0:0
Requested by http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=7ded896a-fc8b-405d-a9ab-91ff9c1626e7&eb=438d316e0e696928da604403013b50e2&te=bc8a3ff347655a560a72a09ac34fae64&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=13.2077&b_frame=0&pk=aa240591af5d8573573bb87d25c7ab12&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=11 HTTP/1.1
Host: dismantlepenantiterrorist.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www41.davisonbarker.pro/
Pragma: no-cache
Cache-Control: no-cache
addresseepaper.com/sfp.js
0.0.0.0 0 B URL GET addresseepaper.com/sfp.js
IP 0.0.0.0:0
Requested by http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www41.davisonbarker.pro/
Pragma: no-cache
Cache-Control: no-cache
rrentlysearchi.info/YjZwNWZNCRNGWzBiMl48CGwHdFcaYTF9MyVjQXggBmcibTAFZ1ZBDwYLSAdSVgFDExYLUk0GVERFBFQSF0VNB1ZSAVZcCARZTQdAFAtAG19MB14AQBcLQRMSElcXCFdERgRBCl8HRg1XWw9BB19TA0EC
104.21.45.124204 No Content 0 B URL POST HTTP/3 rrentlysearchi.info/YjZwNWZNCRNGWzBiMl48CGwHdFcaYTF9MyVjQXggBmcibTAFZ1ZBDwYLSAdSVgFDExYLUk0GVERFBFQSF0VNB1ZSAVZcCARZTQdAFAtAG19MB14AQBcLQRMSElcXCFdERgRBCl8HRg1XWw9BB19TA0EC
IP 104.21.45.124:443
Requested by http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
Certificate IssuerLet's Encrypt
Subjectrrentlysearchi.info
FingerprintB1:B4:E5:E5:D3:63:68:C6:C6:37:6F:04:AD:CF:F8:E6:BC:75:16:EE
ValiditySun, 16 Apr 2023 11:11:24 GMT - Sat, 15 Jul 2023 11:11:23 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /YjZwNWZNCRNGWzBiMl48CGwHdFcaYTF9MyVjQXggBmcibTAFZ1ZBDwYLSAdSVgFDExYLUk0GVERFBFQSF0VNB1ZSAVZcCARZTQdAFAtAG19MB14AQBcLQRMSElcXCFdERgRBCl8HRg1XWw9BB19TA0EC HTTP/1.1
Host: rrentlysearchi.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www41.davisonbarker.pro
Alt-Used: rrentlysearchi.info
Connection: keep-alive
Referer: http://www41.davisonbarker.pro/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/3 204 No Content
date: Thu, 20 Apr 2023 11:45:30 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KdOlJUvSxkgE0YoX1MLTnvicAIZXtGuyP3K%2BnM3mKH6hKetddox%2FHVmzIaQD07Iou4T1HWJjavpgcIoD9d7M8gfCDu%2FpStKxNSZTLYY6SpcXhXskbF7fXZDhRKm78K7q3gO%2FIWJR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7bad2436fd75b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pogothere.xyz/asd100.bin
104.21.0.182200 OK 102 kB IP 104.21.0.182:443
Requested by http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
Size 102 kB (102400 bytes)
Hash 4c6426ac7ef186464ecbb0d81cbfcb1e
5a6918eebd9d635e8f632e3ef34e3792b1b5ec13
f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www41.davisonbarker.pro/
Origin: http://www41.davisonbarker.pro
Alt-Used: pogothere.xyz
Connection: keep-alive
Cookie: csu=1892349708088457@1@1681991039
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 20 Apr 2023 11:45:30 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://www41.davisonbarker.pro
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 79
last-modified: Thu, 20 Apr 2023 11:44:11 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WJP7Phi9JfdeScXRrACBeXH%2Bmm3%2FIui8DJAL%2BFtVJXeTT7oi8ynnZQv%2Fiz6eJ6W4p7SYpRmxTi0YzJ87je4aFloENzE4xNXeNuPQo5Jdh7SmJzJnV3AogkXGsE9xA39q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7bad24388805b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pogothere.xyz/
104.21.0.182200 OK 27 B IP 104.21.0.182:443
Requested by http://www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint17:F9:2D:6F:B5:5E:5F:37:A6:FB:BE:61:4F:97:64:33:85:5C:3A:FB
ValidityTue, 28 Feb 2023 00:00:00 GMT - Tue, 27 Feb 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash d1e42242a629110a42726d19139b40c5
944afd292f1a692484f97133ee0389436ddc5a75
65ea3e2dc842a274999779c00699b2a288cd19b56275e8a664488ea58bfee42a
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www41.davisonbarker.pro/
Origin: http://www41.davisonbarker.pro
Alt-Used: pogothere.xyz
Connection: keep-alive
Cookie: csu=1892349708088457@1@1681991039
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 20 Apr 2023 11:45:31 GMT
content-type: text/plain
set-cookie: csu=1892349708088457@2@1681991039; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://www41.davisonbarker.pro
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mgw5MZASZotupSJltJ2XwkpJNJD104pe54BgqDva5u249qeQ7vXdYHdThDeKpm6T2GMDeF4kqMc%2B81RUIPnREEn0amX8hn4P6mC%2BUlupjgDCJkmV7tz9Z745TMLkaT%2FE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7bad24388806b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
104.21.92.39200 OK 75 kB URL User Request GET HTTP/1.1 www41.davisonbarker.pro/pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0
IP 104.21.92.39:80
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (62619)
Hash 0effd14c019a5374f9aa2cd3015716e7
aafb3b92457a688ae5c832a176d9b34237659812
4f0fc5b8dce7262a44cedb5ec5403684baa03f6db9f8596abf667c83be9c94aa
GET /pushredirect/?tmp=1&network=3&ios=0&site=adfly&c=9&ppi=3836590&pci=2638232642&t=1681990997&dest=https://www.dropbox.com/s/iqkwj1tanib95s0/[Mario_Boss][1.8]+-+byBrutec.zip?dl=0 HTTP/1.1
Host: www41.davisonbarker.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 20 Apr 2023 11:45:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/7.3.27
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-cache
set-cookie: lastUrlPushTmp=www41.davisonbarker.pro
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jneepwmitknCYB85f%2BQOJd2VwS%2Bh73fu6dRf5byx%2Fc6WoT4z%2BNXc7tu9Gu%2FU%2B1pfrXv5%2BlJJFbc0QhakmUGQOl42H6weXiiTstiHh%2BtcLxVJYiz%2B9l01iQgBx82HBEwwafTXa5cgXt85oA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7bad242fcec4b505-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60