oxy.st/d/Kpug
185.178.208.137301 Moved Permanently 568 B IP 185.178.208.137:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (564), with no line terminators
Hash 2761b98db33884ab29711096ab315edb
8cea6e53464aea178b72e06a906205d040f14ca5
9f7a07f69d9b9a5af186a79159ccea18935ab4103128ca967e3f3f8ae45fb3ee
GET /d/Kpug HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: ddos-guard
Date: Thu, 26 Jan 2023 23:40:46 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Location: https://oxy.st/d/Kpug
Content-Type: text/html; charset=utf8
Content-Length: 568
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9fbe85f42e8ae8ae41cc12df5f98b141
949fa36ff0f22f72565fd584bef094dd4de23037
184d3e4df4bce559b4d7c4836372f5fd2de9782a96b04d364230b7d695d737d8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "184D3E4DF4BCE559B4D7C4836372F5FD2DE9782A96B04D364230B7D695D737D8"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12241
Expires: Fri, 27 Jan 2023 03:04:47 GMT
Date: Thu, 26 Jan 2023 23:40:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2405562765b49b2782ebd2e2994851d5
be7ac8e558f7875bb1fb86ab5ec674424a5ff269
422cfa907461cb7b93b9089d600052f9e94951e5e0c93d97651905002e48ad3e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "422CFA907461CB7B93B9089D600052F9E94951E5E0C93D97651905002E48AD3E"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14138
Expires: Fri, 27 Jan 2023 03:36:24 GMT
Date: Thu, 26 Jan 2023 23:40:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6931
Expires: Fri, 27 Jan 2023 01:36:17 GMT
Date: Thu, 26 Jan 2023 23:40:46 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 26 Jan 2023 22:42:56 GMT
content-type: application/json
age: 3470
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: YVAebA26QudJFqdCZACDh2s3pD2XPX7UkYIh23beFchF5e61+S9xb4C8xGC2l2m9W3f9kPMfHVQ=
x-amz-request-id: QKWMF6W82FQR3XZM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 26 Jan 2023 22:49:10 GMT
age: 3096
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:46 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 48625664de2bc864799ae12d4a26e960
61c74ded7e7f99c46b7dc45a8e436178884dc717
c1506ce10f939dec66f904dd0ff62dd8a5cb31b2b2630f9d83999a521979ec72
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C1506CE10F939DEC66F904DD0FF62DD8A5CB31B2B2630F9D83999A521979EC72"
Last-Modified: Thu, 26 Jan 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8124
Expires: Fri, 27 Jan 2023 01:56:10 GMT
Date: Thu, 26 Jan 2023 23:40:46 GMT
Connection: keep-alive
oxy.st/slake/asset/css/jquery.mCustomScrollbar.min.css
185.178.208.137200 OK 4.0 kB URL HTTP/2 oxy.st/slake/asset/css/jquery.mCustomScrollbar.min.css
IP 185.178.208.137:0
File type ASCII text, with very long lines (42894), with no line terminators
Hash a6ffd799664bd950121e2e9f0d9b2667
88af5ed7d6e3ed43ee0ec21fb314e03fb07867f0
de088565a1c5910a1c409bf3ec676c5d0c7c1304a18c744b46771c09fa6bdcad
GET /slake/asset/css/jquery.mCustomScrollbar.min.css HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 20 Jan 2023 02:57:41 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
etag: W/"5eefbeb2-a78e"
access-control-allow-origin: *
content-encoding: gzip
age: 592986
content-length: 3950
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/slake/style.css?ver=6
185.178.208.137200 OK 24 kB URL HTTP/2 oxy.st/slake/style.css?ver=6
IP 185.178.208.137:0
Hash cd7b3e4dfecea7028bc1bdeda5a47477
5c37dcaa4ed3c2a4051e4dc1714a342ac0de8365
4d401337713e7f1c9f6588f8f7d79721e531c837b5f2f73c0b3cb372fd8f9b87
GET /slake/style.css?ver=6 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 21 Jan 2023 16:34:50 GMT
content-type: text/css
last-modified: Fri, 18 Dec 2020 20:37:06 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5fdd12f2-2a549"
age: 457557
content-length: 24360
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/slake/asset/css/elements.css?1
185.178.208.137200 OK 24 kB URL HTTP/2 oxy.st/slake/asset/css/elements.css?1
IP 185.178.208.137:0
File type ASCII text, with very long lines (460), with CRLF line terminators
Hash 82db06ca267ac7fdd878a1df35f41f4e
9dae7f1ae60d7b83dbdada64fd1b4296f8f20051
3847721350fd764d4d21cb4d2e02ab95c4ccdaa9d8ffefeb6f1078bf169ac6fb
GET /slake/asset/css/elements.css?1 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 19 Jan 2023 10:53:34 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 24208
ddg-cache-status: HIT,HIT
etag: W/"5eefbeb2-2fbea"
age: 650833
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
104.17.24.14200 OK 591 B URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (1266)
Hash 414869f16aa77a65b4928a018f7f1abb
cea521f7a2958a50239526ed6b068f0937527653
afee364ce513c6517247b81cce5eb5eadb1dbbb35e439eb3fa97bbc15fac2cd3
GET /ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 591
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec1-514"
last-modified: Mon, 04 May 2020 16:11:45 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 7370340
expires: Tue, 16 Jan 2024 23:40:47 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tSQBJ8X2rI3OXw0FJiE80XiwSbwqjUi%2BbCPFaHu37bs0OKj2uvgQuClbAD%2BkDYu2BKaYQfaB4uDgixSmSw%2F2B2vav0NuANpkGp%2B56DrwKw1UlS1%2BPENxFUD8hGDa2AW1wHFKcS9A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 78fd187a2a73b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
oxy.st/slake/cookie.css?ver=6
185.178.208.137200 OK 299 B URL HTTP/2 oxy.st/slake/cookie.css?ver=6
IP 185.178.208.137:0
Hash 6d5f76f4027c2e9a60d78a83f4b952cd
b4ae6d8509643916be8eff3979acec375867708b
2338311f30dadbc2bffe2bdbfdd100c148e8fe4cb50ca669c7ff602a9c206f94
GET /slake/cookie.css?ver=6 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 25 Jan 2023 20:55:55 GMT
content-type: text/css
last-modified: Mon, 15 Feb 2021 21:38:28 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 299
ddg-cache-status: HIT,HIT
etag: "602ae9d4-224"
age: 96292
X-Firefox-Spdy: h2
oxy.st/img/oxy-logo.svg
185.178.208.137200 OK 3.2 kB IP 185.178.208.137:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1126)
Hash 4dbb074be70991a358f914be3c00ad99
5f699e31b76bcb7e69fc4478a04b73b3df0e855a
9531a716a5007ddfc819613ec77f883ba963578d699f824034b4962f8221b8bf
GET /img/oxy-logo.svg HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 17 Jan 2023 13:56:30 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Feb 2021 01:25:02 GMT
vary: Accept-Encoding
etag: W/"602c706e-2019"
access-control-allow-origin: *
content-encoding: gzip
age: 812657
ddg-cache-status: HIT,MISS
content-length: 3204
X-Firefox-Spdy: h2
oxy.st/css/cloud.css
185.178.208.137200 OK 9.2 kB IP 185.178.208.137:0
File type ASCII text, with very long lines (14454)
Hash 0517562cc81de376b3c1fee3e8bef414
80df32c8b71549b0253cce1b47fe13d82fc1b604
184ccb46109faef0678ef3a603a551e55d3f9ff74a200ebeaba2c23655e52c8a
GET /css/cloud.css HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 19 Jan 2023 12:30:29 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:25 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 9206
ddg-cache-status: HIT,HIT
etag: W/"5eefbeb1-d024"
age: 645018
X-Firefox-Spdy: h2
oxy.st/slake/asset/js/bootstrap.min.js
185.178.208.137200 OK 13 kB URL HTTP/2 oxy.st/slake/asset/js/bootstrap.min.js
IP 185.178.208.137:0
File type ASCII text, with very long lines (48664)
Hash 061a1656d3064d501413d45bef002938
1fec864435f996d6f5cec2f95b9b24cafef0b182
a7b82b175ee2cb823d904fc89454e91e6e92c91f91c0de1663d54e62bf3cc6e1
GET /slake/asset/js/bootstrap.min.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 25 Jan 2023 17:11:40 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 13046
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-bf30"
age: 109747
X-Firefox-Spdy: h2
oxy.st/slake/asset/css/bootstrap.min.css
185.178.208.137200 OK 20 kB URL HTTP/2 oxy.st/slake/asset/css/bootstrap.min.css
IP 185.178.208.137:0
File type ASCII text, with very long lines (65325)
Hash 4588208961b6b7ed6cd974687346348a
52085a4f6c875b6949261704f05050c1727e9c55
95a95b07b4e0d051f83a51b680810572bd1244b42cb6e640d3b29b98f3e92885
GET /slake/asset/css/bootstrap.min.css HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 22 Jan 2023 06:48:10 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-235ed"
age: 406357
content-length: 20483
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/slake/asset/js/jquery.min.js
185.178.208.137200 OK 30 kB URL HTTP/2 oxy.st/slake/asset/js/jquery.min.js
IP 185.178.208.137:0
File type ASCII text, with very long lines (65451)
Hash 28198fab85f1ac98f664600f670ba43d
ee0dd46d793071270130c08412258d8c32194a32
81bd52c3dd2417f30deadecbe5412bed404a86e05233b7b7ba6b7e8f682b5b49
GET /slake/asset/js/jquery.min.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 23 Jan 2023 08:38:54 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-1538e"
age: 313313
content-length: 30285
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js
185.178.208.137200 OK 13 kB URL HTTP/2 oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js
IP 185.178.208.137:0
File type ASCII text, with very long lines (32001), with CRLF line terminators
Hash 112891904d2ce52d072013c5e993463a
4cca8f66204463d7dc6f9f6819e3ebbd0636f5b1
d58c3c940e6ac6a2587c3d28ef50dd9dc6f20ea23c213ac5ff75419656fd3291
GET /slake/asset/js/jquery.mCustomScrollbar.concat.min.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 26 Jan 2023 22:48:34 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 12929
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-b1ab"
age: 3133
X-Firefox-Spdy: h2
oxy.st/images/sprite3.png
185.178.208.137200 OK 2.1 kB URL HTTP/2 oxy.st/images/sprite3.png
IP 185.178.208.137:0
File type PNG image data, 124 x 49, 8-bit/color RGBA, non-interlaced\012- data
Hash b08166a270b58c28d429bf2f9ffece6c
91dab55cbe8c802a7c56cd9d2ffaee9ccea4a49f
a21a9fa89fb6dd8c8e84907a99b0374abdf641c71c55e0283b7758e8f2a12507
GET /images/sprite3.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 25 Aug 2022 10:28:42 GMT
content-type: image/png
content-length: 2059
last-modified: Sun, 27 Mar 2022 20:43:28 GMT
etag: "6240cc70-80b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 13353125
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/slake/asset/slice_white.png
185.178.208.137200 OK 6.1 kB URL HTTP/2 oxy.st/slake/asset/slice_white.png
IP 185.178.208.137:0
File type PNG image data, 201 x 45, 8-bit/color RGBA, non-interlaced\012- data
Hash 946ed1d2bd247854fa58e938de28ee95
883cda7ee0087e29a32f07b6c8ead3e8df5db738
bfe6c8b9cf34578f573091bb118f86a10b918b7d530b25107648f12158759e85
GET /slake/asset/slice_white.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 21 Jan 2023 14:13:36 GMT
content-type: image/png
content-length: 6078
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
access-control-allow-origin: *
accept-ranges: bytes
etag: "5eefbeb2-17be"
age: 466031
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/images/ltd.svg
185.178.208.137200 OK 20 kB IP 185.178.208.137:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (50102)
Hash d37ece4290313a264b5e235c0dadf2fb
9ae09bed58122b3d3c4914c45e682dce63993e14
e08d9d0fd918211315836b13807379efdf0a22ac163c96f96c5a14d1212781bd
GET /images/ltd.svg HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 25 Jan 2023 05:14:49 GMT
content-type: image/svg+xml
last-modified: Fri, 20 Nov 2020 00:55:29 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 19700
ddg-cache-status: HIT,HIT
etag: W/"5fb71401-c420"
age: 152758
X-Firefox-Spdy: h2
oxy.st/slake/asset/js/plugins.js
185.178.208.137200 OK 91 kB URL HTTP/2 oxy.st/slake/asset/js/plugins.js
IP 185.178.208.137:0
File type Unicode text, UTF-8 text, with very long lines (8320), with CRLF line terminators
Hash f64473f7f0d77763bf319a920044a5fe
085e34089773af2ec9ec67f206d51e9ada6a84fb
d0ce3ff70f038c52fd30f79350f60b4dff5c9bf0f327a1389c83c409a1f8846d
GET /slake/asset/js/plugins.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 25 Jan 2023 05:09:08 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 90933
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-52d51"
age: 153099
X-Firefox-Spdy: h2
oxy.st/slake/asset/js/main.js
185.178.208.137200 OK 1.8 kB URL HTTP/2 oxy.st/slake/asset/js/main.js
IP 185.178.208.137:0
File type ASCII text, with very long lines (368)
Hash 76d3c4da3644ed1684ed54ff59305a5a
3e03f21e8af17de66be1aa22a6f952c000fbcc70
adc0957a4224cf75ae632338e6e52591d0552189b8ba1a4e7f19885405dfc2f8
GET /slake/asset/js/main.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 22 Jan 2023 13:24:04 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
etag: W/"5eefbeb2-2210"
access-control-allow-origin: *
content-encoding: gzip
age: 382603
content-length: 1840
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2ebcc7cd4c50e87a984668828c1e612e
f693d36335f333e3647f9fb2460e34dd73e17421
27f1d63422ccd02a6af514c2c0a36ac6f4e0d6f74ad6d9fc8c32e8ea487ffe15
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
oxy.st/slake/asset/js/ajax-subscribe.js
185.178.208.137200 OK 635 B URL HTTP/2 oxy.st/slake/asset/js/ajax-subscribe.js
IP 185.178.208.137:0
File type ASCII text, with CRLF line terminators
Hash 574b8cde44d6b421cd12af0df0cca335
7dbd98f2d7925795343e8b8a3fc0c91ba496f526
035c75b2646589e751a275f3469f1e53b5e9c55cff4f0b3d3cbdfbb248aef9c2
GET /slake/asset/js/ajax-subscribe.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 20 Jan 2023 16:13:47 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
etag: W/"5eefbeb2-595"
access-control-allow-origin: *
content-encoding: gzip
age: 545220
content-length: 635
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/slake/asset/js/ajax-mail.js
185.178.208.137200 OK 544 B URL HTTP/2 oxy.st/slake/asset/js/ajax-mail.js
IP 185.178.208.137:0
File type ASCII text, with CRLF line terminators
Hash 4eb7582278a2e3748b9017bb83307caf
93c419ea8637148be2192bfa8068ed8009e3add7
59ccbe475f369df6e9daf6480deb023a38b4fc29016142e062f76f4218f66abc
GET /slake/asset/js/ajax-mail.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 26 Jan 2023 16:25:47 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 544
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-683"
age: 26100
X-Firefox-Spdy: h2
oxy.st/slake/responsive.css?ver=5
185.178.208.137200 OK 12 kB URL HTTP/2 oxy.st/slake/responsive.css?ver=5
IP 185.178.208.137:0
Hash c9887952027ae1466ab90ba9dcd23ce3
0afb76db6c9644265da1820da0afe7aaef448e53
f16e171dae88fb2e1970604b6152409551d184fb1977a2668dd19f36dc0ab338
GET /slake/responsive.css?ver=5 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 20 Jan 2023 18:15:26 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 22:27:36 GMT
vary: Accept-Encoding
etag: W/"5eefded8-135c7"
access-control-allow-origin: *
content-encoding: gzip
age: 537921
content-length: 11872
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 26 Jan 2023 23:24:53 GMT
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
age: 954
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash effbf58edd0a6a8e39ff3b7e5087c44f
b50bd928ea43d096de8ef85d0c9c88c488d79991
0f8ffdcdf2848c698273e527691e11a08f50668eb8fc7fb59ece64d337ca49aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0F8FFDCDF2848C698273E527691E11A08F50668EB8FC7FB59ECE64D337CA49AA"
Last-Modified: Wed, 25 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4608
Expires: Fri, 27 Jan 2023 00:57:35 GMT
Date: Thu, 26 Jan 2023 23:40:47 GMT
Connection: keep-alive
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash a49a89d4a52d659818f7937ed1c4e7ea
ef5cc8b0f7c54921ff8ed61cdca0b9d55f7d408f
4c3da9caef852c3725a10d21185cf0d8aaa29fd4a354520fa7079de4716c5e70
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 23:40:47 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 04:59:13 GMT
Expires: Wed, 01 Feb 2023 04:59:12 GMT
Etag: "ef5cc8b0f7c54921ff8ed61cdca0b9d55f7d408f"
Cache-Control: max-age=450504,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78fd187b9a7eb505-OSL
whereres.com/api/scripts/mSetupWidget?id=363
88.208.46.156200 OK 9.0 kB URL HTTP/1.1 whereres.com/api/scripts/mSetupWidget?id=363
IP 88.208.46.156:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (3565)
Hash 9c6d8fe1a69623dcc4c1948506d672af
b400e0ddf00fbbeed8a94c949165659d78714911
a5b9db9230019c2386cbd1bd2b8e193cd202b1f5558cc20a4a52058f79542c09
GET /api/scripts/mSetupWidget?id=363 HTTP/1.1
Host: whereres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 26 Jan 2023 23:40:47 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.0.27
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2ebcc7cd4c50e87a984668828c1e612e
f693d36335f333e3647f9fb2460e34dd73e17421
27f1d63422ccd02a6af514c2c0a36ac6f4e0d6f74ad6d9fc8c32e8ea487ffe15
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.adlook.me/js/rlf.js
92.223.124.24200 OK 19 kB IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
File type Unicode text, UTF-8 text, with very long lines (65509), with no line terminators
Hash 4753bd99e680f991e358fcfc5956d348
f7506e35d1e97953351bacf094278a919dd2d5e9
417b57437a57fdbfdbe26fb8e676b6936d868f23f5aa5ca587811aa01ce9d03f
GET /js/rlf.js HTTP/1.1
Host: cdn.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: application/javascript,application/javascript;charset=utf-8
content-length: 19276
content-encoding: gzip
last-modified: Wed, 14 Dec 2022 11:05:17 GMT
etag: "8054b6f2abfd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
cache: HIT
x-cached-since: 2023-01-26T23:39:19+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=2
185.76.9.16200 OK 50 kB URL HTTP/2 ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=2
IP 185.76.9.16:0
ASN #60068 Datacamp Limited
Hash d4885a2b444beebe43ed192ee62a2de0
a52595bd984ac395e28f8bd9cedaeafe20870c32
81133a0558ba0bb22c57d67937a35d5b1401e28e66203b71dbcad6c9bf705ce7
GET /s/requestform.js?siteId=85433&formatId=2 HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=604800
x-accel-expires: @1675314385
server: CDN77-Turbo
x-77-nzt: AblMCQ3xjy//LgUBAA
x-77-nzt-ray: c0a4cc28904dcdef7f0fd363f3181814
x-cache: HIT
x-age: 66862
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
oxy.st/slake/asset/fonts/themify--fvbane.woff
185.178.208.137200 OK 56 kB URL HTTP/2 oxy.st/slake/asset/fonts/themify--fvbane.woff
IP 185.178.208.137:0
File type Web Open Font Format, CFF, length 56108, version 1.0\012- data
Hash a1ecc3b826d01251edddf29c3e4e1e97
9394f35bd2addd24666b79bfc36d4f9d247cb01d
0db5c5a1475eb7a3e5028983ea1e642d1b2c00faff6a250a37502b0f3832a4a7
GET /slake/asset/fonts/themify--fvbane.woff HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://oxy.st/slake/asset/css/elements.css?1
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 20 Jan 2023 12:46:09 GMT
content-type: font/woff
content-length: 56108
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
access-control-allow-origin: *
accept-ranges: bytes
etag: "5eefbeb2-db2c"
age: 557678
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d9bf2793558044193d7e5d27708a9144
5a8f73462cfda6544cc3efe488854c3cd80bb0a7
e1db5ce5f130aa6d6a1bf18da60fee5c6bb76625a26aef0fee67702e7209ef7e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d9bf2793558044193d7e5d27708a9144
5a8f73462cfda6544cc3efe488854c3cd80bb0a7
e1db5ce5f130aa6d6a1bf18da60fee5c6bb76625a26aef0fee67702e7209ef7e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2
216.58.207.227200 OK 21 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 21276, version 1.0\012- data
Hash 59c9b83cc112cf7eeb3bf7a5e96b21fe
771790b776b5e1bc3039c337024e400974184208
a8447cdec51e85d9e93971a0d4a53bcf6085d70bf1d201662837d2fb953422c7
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21276
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 23 Jan 2023 16:07:46 GMT
expires: Tue, 23 Jan 2024 16:07:46 GMT
cache-control: public, max-age=31536000
age: 286381
last-modified: Mon, 11 Jul 2022 19:01:17 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d9bf2793558044193d7e5d27708a9144
5a8f73462cfda6544cc3efe488854c3cd80bb0a7
e1db5ce5f130aa6d6a1bf18da60fee5c6bb76625a26aef0fee67702e7209ef7e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
216.58.207.227200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Jan 2023 07:08:09 GMT
expires: Sat, 20 Jan 2024 07:08:09 GMT
cache-control: public, max-age=31536000
age: 577958
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 938 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash d648132810da4bd70a76cfa07e9b02fe
52de2f76bada13e2db41b22933eed61dc04bf8fb
1c26f86700444c95b99c3a0fafa4c53f5977a8bc4283fc14180cf86123ea7279
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 23:40:47 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Mon, 30 Jan 2023 21:32:02 GMT
ETag: "52de2f76bada13e2db41b22933eed61dc04bf8fb"
Last-Modified: Thu, 26 Jan 2023 21:32:03 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3204
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78fd187d3ca21c0e-OSL
push.services.mozilla.com/
34.212.115.25101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.212.115.25:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3yKV7ib8JalCrORrKEujeg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: xFHgJD7qjg49FXyBIF/pNRLVxgI=
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 938 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash d648132810da4bd70a76cfa07e9b02fe
52de2f76bada13e2db41b22933eed61dc04bf8fb
1c26f86700444c95b99c3a0fafa4c53f5977a8bc4283fc14180cf86123ea7279
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 23:40:47 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Mon, 30 Jan 2023 21:32:02 GMT
ETag: "52de2f76bada13e2db41b22933eed61dc04bf8fb"
Last-Modified: Thu, 26 Jan 2023 21:32:03 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3204
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78fd187d3e980b45-OSL
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d9bf2793558044193d7e5d27708a9144
5a8f73462cfda6544cc3efe488854c3cd80bb0a7
e1db5ce5f130aa6d6a1bf18da60fee5c6bb76625a26aef0fee67702e7209ef7e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
oxy.st/slake/asset/img/bg/footer-bg.png
185.178.208.137200 OK 75 kB URL HTTP/2 oxy.st/slake/asset/img/bg/footer-bg.png
IP 185.178.208.137:0
File type PNG image data, 1920 x 890, 8-bit/color RGB, non-interlaced\012- data
Hash ce2f90b81ee3a43f46c29223ad1d981b
b82b68c892bd7c8b0bf06a883f1bdcd8ca0121e5
7b5c7bc066eb345c6c48189f960ad13fac80add5b5769e2d7a1f59d82a382505
GET /slake/asset/img/bg/footer-bg.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/slake/style.css?ver=6
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 21 Jan 2023 22:29:33 GMT
content-type: image/png
content-length: 74560
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
access-control-allow-origin: *
accept-ranges: bytes
etag: "5eefbeb2-12340"
age: 436274
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
yastatic.net/islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2
178.154.131.217200 OK 45 kB URL HTTP/2 yastatic.net/islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2
IP 178.154.131.217:0
File type Web Open Font Format (Version 2), TrueType, length 45100, version 1.0\012- data
Hash e783c489351712fa80a7cb4206cffd02
4d1d924e4cbae116baf57958cea28dedc9e361f4
281e998fb084bbc3243914bfd01a00ef5cdbc847179c43106808821a6e0ae1a5
GET /islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2 HTTP/1.1
Host: yastatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.17.9
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: application/font-woff2
content-length: 45100
access-control-allow-origin: *
cache-control: public, max-age=31556952
etag: "e783c489351712fa80a7cb4206cffd02"
expires: Sat, 27 Jan 2024 05:25:32 GMT
last-modified: Tue, 22 Jan 2019 17:07:25 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-nginx-request-id: 52e52eaa4c149c4d
accept-ranges: bytes
X-Firefox-Spdy: h2
ads.themoneytizer.com/s/gen.js?type=2
185.76.9.16200 OK 46 kB URL HTTP/2 ads.themoneytizer.com/s/gen.js?type=2
IP 185.76.9.16:0
ASN #60068 Datacamp Limited
Hash dcca0b6bfaba6db5d52b2b929e8a12ef
cf7968c806dc7a463f8594fb1289237c22682004
d73e3134b944440d0b9263d608945d2a4a7f782941f450951b66e94719600b02
GET /s/gen.js?type=2 HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=604800
x-accel-expires: @1675314250
server: CDN77-Turbo
x-77-nzt: AblMCQ3jqWH/tQUBAA
x-77-nzt-ray: c0a4cc28904dcdef7f0fd363cd240f14
x-cache: HIT
x-age: 66997
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.adlook.me/u/cds.html
92.223.124.24200 OK 1.4 kB IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 092b935eec2ba1199c03c1c856472e77
90d533fb895dda57fd0645cf484a4ecb7a64c344
8719a7a7e474f30d7a1d5dbf2ab97bbd73437c28ef567b410361540ad38c985e
GET /u/cds.html HTTP/1.1
Host: cdn.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: text/html
content-length: 1439
last-modified: Thu, 06 Aug 2020 17:06:57 GMT
etag: "207a2dfe136cd61:0"
x-powered-by: ASP.NET
cache: HIT
x-cached-since: 2023-01-26T23:35:32+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.adlook.me/css/rlf.css?1.4
92.223.124.24200 OK 1.6 kB URL HTTP/2 cdn.adlook.me/css/rlf.css?1.4
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (1612), with no line terminators
Hash ebb99a8c16a4ad70389cc2e9306fa4b1
b926dbbe4d67d1a39e3a7b1f4ea992c41388067b
d1b01565ed50bb2012a6d2c9b409fa41752d6c3a30e735f9f7008b7f635a21f1
GET /css/rlf.css?1.4 HTTP/1.1
Host: cdn.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: text/css
content-length: 1612
last-modified: Mon, 11 Oct 2021 12:59:26 GMT
etag: "2fce1cd29fbed71:0"
x-powered-by: ASP.NET
cache: HIT
x-cached-since: 2023-01-26T23:34:03+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash f1d55ab20f757f7fd0b51462c7f4a9b0
e1ec60e23dda34f6bebe9654e9fbcee9374e7d4b
4bc645f135acb91082641116f38ba1a2371b49c50df7dc2527c6fc62601482df
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3713
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:47 GMT
Last-Modified: Thu, 26 Jan 2023 22:38:54 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 312
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ef59aa85c9572bcc65b9073860bf25a8
67f76f3edf37a48f3fc9244d4d76c2abfa1a4a2a
de67a6263dceb38bc328eaf7fc5dee5ce983c954cf3a5c673a1b5ab140990188
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE67A6263DCEB38BC328EAF7FC5DEE5CE983C954CF3A5C673A1B5AB140990188"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9430
Expires: Fri, 27 Jan 2023 02:17:57 GMT
Date: Thu, 26 Jan 2023 23:40:47 GMT
Connection: keep-alive
onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1674776447412
51.89.9.252204 No Content 0 B URL HTTP/2 onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1674776447412
IP 51.89.9.252:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /usync/?pubId=2a897e3f18e6769&cb=1674776447412 HTTP/1.1
Host: onetag-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
cache-control: no-store
strict-transport-security: max-age=15552000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2c396903b0b464c236fcabab2b6d5880
daa0bdb277827048f33e7f74f1ac3c9d2c026289
ba1814bbae020a67517ef0e23ff545f59fac26994600a064cb02822c15dfb4a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BA1814BBAE020A67517EF0E23FF545F59FAC26994600A064CB02822C15DFB4A3"
Last-Modified: Wed, 25 Jan 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19099
Expires: Fri, 27 Jan 2023 04:59:06 GMT
Date: Thu, 26 Jan 2023 23:40:47 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3b7fe1c4f817d20bfd737c730914dd99
518e8ab7225a0c25390c7a03e0f9c4832bc6d5cc
2d87ef9dcdde302d9a0ef30f4d06bc9f56420b8795a6a8ef230c83bdca26cb76
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2D87EF9DCDDE302D9A0EF30F4D06BC9F56420B8795A6A8EF230C83BDCA26CB76"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1341
Expires: Fri, 27 Jan 2023 00:03:08 GMT
Date: Thu, 26 Jan 2023 23:40:47 GMT
Connection: keep-alive
tag.leadplace.fr/libJsLP.js
145.239.193.51200 OK 5.5 kB URL HTTP/1.1 tag.leadplace.fr/libJsLP.js
IP 145.239.193.51:0
Hash a0c24f993bc0901cfe62d1e801cb2b45
7eb2bdce06161ae486bc8e7ecd0b5c9c4f7b2984
80fccb00db57a177d26368cda09f8a540cf1aa641b8b6837047e86d3bd8d6333
GET /libJsLP.js HTTP/1.1
Host: tag.leadplace.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 26 Jan 2023 23:40:47 GMT
Content-Type: application/javascript
Content-Length: 5547
Last-Modified: Thu, 14 Oct 2021 07:27:52 GMT
ETag: "6167dbf8-15ab"
Accept-Ranges: bytes
X-IPLB-Request-ID: 5B5A2A9A:A7CF_91EFC133:01BB_63D30F7F_6408BCA8:14262
X-IPLB-Instance: 29922
spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258
172.67.13.182200 OK 21 kB URL HTTP/2 spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258
IP 172.67.13.182:0
File type Unicode text, UTF-8 text, with very long lines (50946), with LF, NEL line terminators
Hash d2379de57527224899b86edfb0996ba9
64dbf8f37c269765e4787f05e0c428f2e0a2d5a6
173782f023ac9a34bd986e6992fdfabc4caf1941cf79fb118f62817ae5af12a0
GET /mapper.js?env=mWeb&eventType=pageview&zdid=1258 HTTP/1.1
Host: spl.zeotap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://oxy.st
vary: Origin, Accept-Encoding
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 78fd187d8b78b511-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash e2d4d6ce7f7429d82966d6d9dc16356b
fcd4edfef113db414c102864a1a4e3a38c23e9c9
97f329ca52876a991e1bd435d8841a0a0f7b657e5c6312390421f236d6cd3b90
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 23:40:47 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 20:45:24 GMT
Expires: Wed, 01 Feb 2023 20:45:23 GMT
Etag: "fcd4edfef113db414c102864a1a4e3a38c23e9c9"
Cache-Control: max-age=507275,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78fd187e5ca9b505-OSL
tag.leadplace.fr/wckr.php?ref=https%3A%2F%2Foxy.st%2Fd%2FKpug&id=MTIZ
145.239.193.51200 OK 0 B URL HTTP/1.1 tag.leadplace.fr/wckr.php?ref=https%3A%2F%2Foxy.st%2Fd%2FKpug&id=MTIZ
IP 145.239.193.51:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wckr.php?ref=https%3A%2F%2Foxy.st%2Fd%2FKpug&id=MTIZ HTTP/1.1
Host: tag.leadplace.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 26 Jan 2023 23:40:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
X-IPLB-Request-ID: 5B5A2A9A:A7CF_91EFC133:01BB_63D30F7F_6408BCAB:14262
X-IPLB-Instance: 29922
p.cpx.to/p/12771/px.js
34.252.124.99200 OK 2.0 kB IP 34.252.124.99:0
File type ASCII text, with very long lines (1990), with no line terminators
Hash a667f26d4e73b4b5098a9c9637d3d29f
83d9b753da4c51039a689bc67956f7f9997854cc
a559f41c7e0d2f4852afbf1cf44b736b9158e65b01843c05850f6e8d6b6db9b6
GET /p/12771/px.js HTTP/1.1
Host: p.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2419200, public
Content-Type: application/javascript; charset=UTF-8
Date: Thu, 26 Jan 2023 23:40:47 GMT
Content-Length: 1990
Connection: keep-alive
c.tmyzer.com/c/?s=85433&f=2&fi=99
54.38.64.100200 OK 0 B URL HTTP/1.1 c.tmyzer.com/c/?s=85433&f=2&fi=99
IP 54.38.64.100:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c/?s=85433&f=2&fi=99 HTTP/1.1
Host: c.tmyzer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 26 Jan 2023 23:40:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
X-IPLB-Request-ID: 5B5A2A9A:7C43_36264064:01BB_63D30F7F_782623:2AED2
X-IPLB-Instance: 24858
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 0f1ba60402ab9eac433f3a75cf52422e
87265442ece1893f4e1ad20cd2a42773735d03e0
c04830a384fb019b37de4b24ff5f0191ffd527b79475b3b8f54303aeaec2630e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3243
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:47 GMT
Last-Modified: Thu, 26 Jan 2023 22:46:44 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 314
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4fed69565ceab3f7d13caae0921dcbc7
6619cd41cc183cbebd9eb0de90105bd7437fd8a3
06339124aa4a93d8811614cac0418fdbdc60cad00afc74ad798e257d10990e90
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "06339124AA4A93D8811614CAC0418FDBDC60CAD00AFC74AD798E257D10990E90"
Last-Modified: Wed, 25 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15477
Expires: Fri, 27 Jan 2023 03:58:45 GMT
Date: Thu, 26 Jan 2023 23:40:48 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 0f1ba60402ab9eac433f3a75cf52422e
87265442ece1893f4e1ad20cd2a42773735d03e0
c04830a384fb019b37de4b24ff5f0191ffd527b79475b3b8f54303aeaec2630e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3244
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:48 GMT
Last-Modified: Thu, 26 Jan 2023 22:46:44 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 314
id5-sync.com/api/config/prebid
162.19.138.120200 134 B URL HTTP/1.1 id5-sync.com/api/config/prebid
IP 162.19.138.120:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99be75395b3c89cdd6781761e5a85ad2
225a8b587c3545be2581aa9ac2b630b51679d7be
559ffc5fa5eadd77f8bfaaeb793648763e312a17391d8e6bbb7d8d3dec2147e1
POST /api/config/prebid HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 95
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Thu, 26 Jan 2023 23:40:47 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
ads.adlook.me/vast?id=5344&w=1268&h=713&mult=1&rw=0&ref=&loc=https%3A%2F%2Foxy.st%2Fd%2FKpug&top=&_ts=1674776447837
5.200.50.170200 OK 2 B URL HTTP/2 ads.adlook.me/vast?id=5344&w=1268&h=713&mult=1&rw=0&ref=&loc=https%3A%2F%2Foxy.st%2Fd%2FKpug&top=&_ts=1674776447837
IP 5.200.50.170:0
ASN #48096 Enterprise Cloud Ltd.
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /vast?id=5344&w=1268&h=713&mult=1&rw=0&ref=&loc=https%3A%2F%2Foxy.st%2Fd%2FKpug&top=&_ts=1674776447837 HTTP/1.1
Host: ads.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
server: Microsoft-IIS/10.0
set-cookie: adlm_userId=89bd9d3e900d4c48a5ae5e3aea59c9fe; expires=Fri, 26 Jan 2024 21:00:00 GMT; path=/; SameSite=None; secure; samesite=lax
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
date: Thu, 26 Jan 2023 23:40:47 GMT
content-length: 2
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e00a674a0c70c9d697802909f3d3836c
e8862ab9105e10e004509050a8cb650fb53390c4
1b78e3fe9ac8c6c62f14d7c08894ec1fcaada17cc807b067396bee1813c903fc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1B78E3FE9AC8C6C62F14D7C08894EC1FCAADA17CC807B067396BEE1813C903FC"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3542
Expires: Fri, 27 Jan 2023 00:39:50 GMT
Date: Thu, 26 Jan 2023 23:40:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f0a4098f041b32de6aeac7e8919dfb93
d3dd3d384e3bc4454b58f48c878261b5d165c2bd
1a2e07af32d611f5b897d8f26ba1ba7008bdbb7814bc749dc3f6992167ed6d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1A2E07AF32D611F5B897D8F26BA1BA7008BDBB7814BC749DC3F6992167ED6D64"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4608
Expires: Fri, 27 Jan 2023 00:57:36 GMT
Date: Thu, 26 Jan 2023 23:40:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d84f383ade441229a3b8c3bdb440dec1
1a3fe5fbdb453238fd1bba1698ab7e42cc964455
00f8082421d59df44b61e96c4cdf71aec562e572fd3fbebfb2f1c5aa5fa22c6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "00F8082421D59DF44B61E96C4CDF71AEC562E572FD3FBEBFB2F1C5AA5FA22C6F"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4143
Expires: Fri, 27 Jan 2023 00:49:51 GMT
Date: Thu, 26 Jan 2023 23:40:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2fd3b5487710791cafa87110d681647a
6f3de59c79cf8f93c3312d917e9bb225a8bb25f9
35c24aa8f70e97185a0a18761f04b283cefecdce3abcd2261ccc6377077730c5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35C24AA8F70E97185A0A18761F04B283CEFECDCE3ABCD2261CCC6377077730C5"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11648
Expires: Fri, 27 Jan 2023 02:54:56 GMT
Date: Thu, 26 Jan 2023 23:40:48 GMT
Connection: keep-alive
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.227200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 23 Jan 2023 18:52:41 GMT
expires: Tue, 23 Jan 2024 18:52:41 GMT
cache-control: public, max-age=31536000
age: 276487
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash aa79f831fbade48affa43928694677db
ddb17e61adc783e7a0fb0ae60c2f049e082c5097
abcc206a3c1727354a2371f825b9640133e8617f2a47f84a8cdcc9300357d654
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 23:40:48 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 26 Jan 2023 19:14:51 GMT
Expires: Thu, 02 Feb 2023 19:14:50 GMT
Etag: "ddb17e61adc783e7a0fb0ae60c2f049e082c5097"
Cache-Control: max-age=588241,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78fd1880ce80b505-OSL
s.cpx.to/fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FKpug&hn_ver=40&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431
63.32.10.107200 OK 652 B URL HTTP/1.1 s.cpx.to/fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FKpug&hn_ver=40&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431
IP 63.32.10.107:0
File type ASCII text, with very long lines (652), with no line terminators
Hash 38f9c82fe32a812a2c1579ebd33b858a
9e240a02c118be016bd569e536767ac8c629ee16
54490871b857cb27ed0b4cf62d8dbbec2bbda6ebd96f422e397833bba00e5e6e
GET /fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FKpug&hn_ver=40&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431 HTTP/1.1
Host: s.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 23:40:48 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 652
Connection: keep-alive
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: none
cache-control: no-store, must-revalidate, private, max-age=0
pragma: no-cache
p3p: CP="NOI DEV ADM"
expires: Wed, 18 Jan 2023 18:33:03 UTC
set-cookie: cpSess=8fc71c476d2432c; Expires=Fri, 26 Jan 2024 23:40:48 GMT; Domain=.cpx.to; Path=/; Secure; HttpOnly; SameSite=None
my.rtmark.net/gid.js?userId=3a033a90860b452280c7637d449e0135
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=3a033a90860b452280c7637d449e0135
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 4ac98924d382b92968853eced8e7ecd4
75ba7c817cfe6286e0ffe4c40576e477afba7715
d64e9bf1b28ba4a824fb086a8f9c712fb98f5f1ae2a629dc1ed0c1047dc47d81
GET /gid.js?userId=3a033a90860b452280c7637d449e0135 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=3a033a90860b452280c7637d449e0135; expires=Fri, 26 Jan 2024 23:40:48 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 492d03b6c1a0e73fb127623d0e1618d3
b162afe517d930681f78a5435e4a698c54b552c5
acc6d55af7b0b68b0dab453548667f030e4d20a239a74af40555a357ef9603eb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ACC6D55AF7B0B68B0DAB453548667F030E4D20A239A74AF40555A357EF9603EB"
Last-Modified: Wed, 25 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15444
Expires: Fri, 27 Jan 2023 03:58:12 GMT
Date: Thu, 26 Jan 2023 23:40:48 GMT
Connection: keep-alive
lb.eu-1-id5-sync.com/lb/v1
141.95.98.64200 33 B URL HTTP/1.1 lb.eu-1-id5-sync.com/lb/v1
IP 141.95.98.64:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 3ead78c59626b9716390b86ae4db6162
545633a45da3a1b06e39cb7010e712e984d51c45
49441abe70222bebd34aa2539df6f165aa0fcbfcbeca6ceefa702af70e20496c
GET /lb/v1 HTTP/1.1
Host: lb.eu-1-id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://oxy.st
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Thu, 26 Jan 2023 23:40:47 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
ibrapush.com/zone?pub=0&zone_id=5630104&is_mobile=false&domain=oxy.st&var=&ymid=&var_3=
139.45.197.250200 OK 705 B URL HTTP/2 ibrapush.com/zone?pub=0&zone_id=5630104&is_mobile=false&domain=oxy.st&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (704)
Hash 53fd4fda83983a95b2ce314003de8718
f748134fb9af3caa678b515e2cbc82eff9881bc4
fd13354afb4688df091fa2c30a00d1ec42fb3f9fbadfebcf926f4e5581238def
GET /zone?pub=0&zone_id=5630104&is_mobile=false&domain=oxy.st&var=&ymid=&var_3= HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: application/json; charset=utf-8
content-length: 705
x-trace-id: 7da89c0edc17210bf2e0a52e7084740c
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 188d447a0eee6a7f972e26e76514f7c3
e7eb7fddc22b1aa83e2d546ee7890ebd7de8bfc8
6284a8ac73437e1e92bac3e2257aa60c7001f814613d82c2522accb34b21a0f2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2010
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:48 GMT
Last-Modified: Thu, 26 Jan 2023 23:07:18 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 313
dnacdn.net/dna
178.250.2.146200 OK 0 B IP 178.250.2.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:48 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=kpR5I180M0RITmhlJTJCZkMwOUJGQlhaMUN2czMzeWtETENUMnB5VXhIUDIlMkZKMDNZJTJCWHhMdk5WbTZuVmJZOFFob1BwenglMkY; expires=Tue, 20 Feb 2024 23:40:48 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 163557
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 287da7c85e4553bf4e0706514e6cdc1b
c874bc074a5dbe6a233d61eed89a1533ddccb942
5969a6d485bb97b8f0edf457512cd97bd8391ed78c33af25b68798a749b7efd9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5969A6D485BB97B8F0EDF457512CD97BD8391ED78C33AF25B68798A749B7EFD9"
Last-Modified: Thu, 26 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8783
Expires: Fri, 27 Jan 2023 02:07:11 GMT
Date: Thu, 26 Jan 2023 23:40:48 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/x-QEV4IR2x0
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/x-QEV4IR2x0
IP 142.250.74.131:0
Hash a183b8ab4dc63e3c7570c080b82630b2
69bb25aebf6b4418e5ac45c9654a2a24d1b8b168
976587f6dc6510ce04ac4af2a4bd3079beb1777dab443d1223a7d99d4ca2040c
POST /s/gts1p5/x-QEV4IR2x0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:48 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
nanouwho.com/27/f0e85569ebf902c5568035fe1b0a0004
139.45.197.242200 OK 130 kB URL HTTP/2 nanouwho.com/27/f0e85569ebf902c5568035fe1b0a0004
IP 139.45.197.242:0
Size 130 kB (129976 bytes)
Hash 52897cc49373965670ddcd2499fdaea5
a2bc4d58d27c36f35929ffdbe213f13122c17485
a2fee995e7938468d9d836e2ea2ae60104caed21bea99333153d0d0260134cff
Analyzer Verdict Alert quad9 Sinkholed
GET /27/f0e85569ebf902c5568035fe1b0a0004 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Cookie: scm=1; OAID=2ff241ee25cd4d76ad13fca078d1b555; oaidts=1674776448
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
cache-control: max-age:290304000, public
last-modified: Thu, 26 Jan 2023 04:44:45 GMT
expires: Thu, 25 Feb 2083 04:44:45 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
onmarshtompor.com/?rb=fbV-5S5xxyYEPr83eTjq3zo2rAfQDFc0PJ8zwGK9nf_6OTTXtoLIpRpLIv6aBUzM3apdtRvvRKzh_QUMnvE2uP--ZwjFd4Jj_6uW2V7i47HNPkvyzQPKglllKwVm-ImzD2BopVayFlHTEAspxvxDKopCZ8wc2BFXKLUFXKNcOFGbLyhb1WqNu4K73kLrtRbF0uRvyl8ectoxSD7sa3LQhrWiu9GYXU_c&request_ab2=0&zoneid=5630105&js_build=iclick-v1.473.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=3&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.473.0&bs=e8cef702-598c-4929-9ff7-d7ba2a3e0592&userId=3a033a90860b452280c7637d449e0135&m=link
139.45.197.243200 OK 1.6 kB URL HTTP/2 onmarshtompor.com/?rb=fbV-5S5xxyYEPr83eTjq3zo2rAfQDFc0PJ8zwGK9nf_6OTTXtoLIpRpLIv6aBUzM3apdtRvvRKzh_QUMnvE2uP--ZwjFd4Jj_6uW2V7i47HNPkvyzQPKglllKwVm-ImzD2BopVayFlHTEAspxvxDKopCZ8wc2BFXKLUFXKNcOFGbLyhb1WqNu4K73kLrtRbF0uRvyl8ectoxSD7sa3LQhrWiu9GYXU_c&request_ab2=0&zoneid=5630105&js_build=iclick-v1.473.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=3&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.473.0&bs=e8cef702-598c-4929-9ff7-d7ba2a3e0592&userId=3a033a90860b452280c7637d449e0135&m=link
IP 139.45.197.243:0
File type JSON data\012- , ASCII text, with very long lines (2176), with no line terminators
Hash 5ecf64e1257e7bc8e381b0208a18cce0
250d5fc267c6bc08916724756739e30561020354
c1280fa55d71b920e6ea4ae7add8e9ecba1cc922f7513e24661bc294eb9cd7be
GET /?rb=fbV-5S5xxyYEPr83eTjq3zo2rAfQDFc0PJ8zwGK9nf_6OTTXtoLIpRpLIv6aBUzM3apdtRvvRKzh_QUMnvE2uP--ZwjFd4Jj_6uW2V7i47HNPkvyzQPKglllKwVm-ImzD2BopVayFlHTEAspxvxDKopCZ8wc2BFXKLUFXKNcOFGbLyhb1WqNu4K73kLrtRbF0uRvyl8ectoxSD7sa3LQhrWiu9GYXU_c&request_ab2=0&zoneid=5630105&js_build=iclick-v1.473.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=3&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.473.0&bs=e8cef702-598c-4929-9ff7-d7ba2a3e0592&userId=3a033a90860b452280c7637d449e0135&m=link HTTP/1.1
Host: onmarshtompor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: application/json
x-trace-id: 4a9c0591b9c3b2e0c9d4f53564b69937
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=3a033a90860b452280c7637d449e0135; expires=Fri, 26 Jan 2024 23:40:48 GMT; path=/; secure; SameSite=None
oaidts=1674776448; expires=Fri, 26 Jan 2024 23:40:48 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Thu, 02 Feb 2023 23:40:48 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/x-QEV4IR2x0
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/x-QEV4IR2x0
IP 142.250.74.131:0
Hash a183b8ab4dc63e3c7570c080b82630b2
69bb25aebf6b4418e5ac45c9654a2a24d1b8b168
976587f6dc6510ce04ac4af2a4bd3079beb1777dab443d1223a7d99d4ca2040c
POST /s/gts1p5/x-QEV4IR2x0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:48 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tzegilo.com/stattag.js
172.67.141.224200 OK 5.3 kB IP 172.67.141.224:0
File type ASCII text, with very long lines (13121), with no line terminators
Hash 69599ccb0b322c5919bb7f588a743ab6
aaf5551525223bc6cfa47bfdbb90368a8613aecc
bc58d50736374e380cf7c5650e52f608b40d9d494795403dd0e73af8241257a5
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: application/javascript
last-modified: Thu, 29 Dec 2022 16:01:28 GMT
etag: W/"63adb9d8-3341"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 497
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oazEWGLuq0ExNAxab0iUcrxd062yW3NV12L%2BTCFRA%2FPgWgiHwfogvvvyEDcmiou%2BWLKADtaFBh3pgYR3tbvMT6Ws1geaCbfhtfG2R9zRvVHxLRpIJQBmeTRdkDET5w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78fd18835c94b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
nanouwho.com/11?rnd=3979313740&z=5630103&b=16536120&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=fUO_c7nVW2qxXr6lSzSXy5CuueAYAyZZOQMNpPc-JammBTVFARTo0pnPiCH9x2qBZoqC6XWRoG4N50gLnLrkexpom1HFBZUjEJr9XTrmRSPfFHpWiMJZsBptRMjaWT25CyYdfy9ymgw_bGD-nhnHHpoZ2e4P6tXD8HgQf_CH3WHtaQE70V5f-jPQO5oL3DQhYKZfzytD-I5y7ijFq5h6Qp0EQkSOQ6irSuEzU5ykMujzzoY0bPZvegjulYZs0fYefJ9-GXP6TzrkSVIF0FIPGTKNO7mGXxOO_oFxp3zkKdrrrrzH_ETXU0UbH6hsB-U3RU0dNf_TKoqgjg1MNUMeU__BRojoEsKZwbuo7wbiTQKvgH8zxvO9Ntj2pFcdL5XXNvFQ7ok1tpbt1RZwu_ZqwZlHHJgdyh21ofR_iwuN7_HI9zIn2_1F-TcebotSH25T4nESS1jc6-0A3fYHRELnV4Sek24wFkKCowXDLT7vIKpoeilhH94XJ2S1rKOO3jrvNj7HnFtMIvYPp53SAhswqdkSHr_HcxByW-4vLSg1odlsFLZ3h0SZW1ubQ98CILCjzci73BakD25AdksTSjhQH52xL6hUlkekrxWijCjcM291DwZiK0F4i9bY4uWYYIfUXriwJ-U84X4_i4bScAZpMw==&ruid=a0e6624a-d607-4e97-b3a3-8b04052d81ae&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=275
139.45.197.242200 OK 0 B URL HTTP/2 nanouwho.com/11?rnd=3979313740&z=5630103&b=16536120&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=fUO_c7nVW2qxXr6lSzSXy5CuueAYAyZZOQMNpPc-JammBTVFARTo0pnPiCH9x2qBZoqC6XWRoG4N50gLnLrkexpom1HFBZUjEJr9XTrmRSPfFHpWiMJZsBptRMjaWT25CyYdfy9ymgw_bGD-nhnHHpoZ2e4P6tXD8HgQf_CH3WHtaQE70V5f-jPQO5oL3DQhYKZfzytD-I5y7ijFq5h6Qp0EQkSOQ6irSuEzU5ykMujzzoY0bPZvegjulYZs0fYefJ9-GXP6TzrkSVIF0FIPGTKNO7mGXxOO_oFxp3zkKdrrrrzH_ETXU0UbH6hsB-U3RU0dNf_TKoqgjg1MNUMeU__BRojoEsKZwbuo7wbiTQKvgH8zxvO9Ntj2pFcdL5XXNvFQ7ok1tpbt1RZwu_ZqwZlHHJgdyh21ofR_iwuN7_HI9zIn2_1F-TcebotSH25T4nESS1jc6-0A3fYHRELnV4Sek24wFkKCowXDLT7vIKpoeilhH94XJ2S1rKOO3jrvNj7HnFtMIvYPp53SAhswqdkSHr_HcxByW-4vLSg1odlsFLZ3h0SZW1ubQ98CILCjzci73BakD25AdksTSjhQH52xL6hUlkekrxWijCjcM291DwZiK0F4i9bY4uWYYIfUXriwJ-U84X4_i4bScAZpMw==&ruid=a0e6624a-d607-4e97-b3a3-8b04052d81ae&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=275
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /11?rnd=3979313740&z=5630103&b=16536120&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=fUO_c7nVW2qxXr6lSzSXy5CuueAYAyZZOQMNpPc-JammBTVFARTo0pnPiCH9x2qBZoqC6XWRoG4N50gLnLrkexpom1HFBZUjEJr9XTrmRSPfFHpWiMJZsBptRMjaWT25CyYdfy9ymgw_bGD-nhnHHpoZ2e4P6tXD8HgQf_CH3WHtaQE70V5f-jPQO5oL3DQhYKZfzytD-I5y7ijFq5h6Qp0EQkSOQ6irSuEzU5ykMujzzoY0bPZvegjulYZs0fYefJ9-GXP6TzrkSVIF0FIPGTKNO7mGXxOO_oFxp3zkKdrrrrzH_ETXU0UbH6hsB-U3RU0dNf_TKoqgjg1MNUMeU__BRojoEsKZwbuo7wbiTQKvgH8zxvO9Ntj2pFcdL5XXNvFQ7ok1tpbt1RZwu_ZqwZlHHJgdyh21ofR_iwuN7_HI9zIn2_1F-TcebotSH25T4nESS1jc6-0A3fYHRELnV4Sek24wFkKCowXDLT7vIKpoeilhH94XJ2S1rKOO3jrvNj7HnFtMIvYPp53SAhswqdkSHr_HcxByW-4vLSg1odlsFLZ3h0SZW1ubQ98CILCjzci73BakD25AdksTSjhQH52xL6hUlkekrxWijCjcM291DwZiK0F4i9bY4uWYYIfUXriwJ-U84X4_i4bScAZpMw==&ruid=a0e6624a-d607-4e97-b3a3-8b04052d81ae&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=275 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: scm=1; OAID=3a033a90860b452280c7637d449e0135; oaidts=1674776448
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: b9b75d4bd08462837f4e9c9c873de860
access-control-expose-headers: X-Sc
set-cookie: OAID=3a033a90860b452280c7637d449e0135; expires=Fri, 26 Jan 2024 23:40:48 GMT; secure; SameSite=None
oaidts=1674776448; expires=Fri, 26 Jan 2024 23:40:48 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
ibrapush.com/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
ibrapush.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Content-Type: application/json
Origin: https://oxy.st
Content-Length: 355
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 2361c6cdd37be1b354b47986ebfdcb38
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash da6d1131f8c9ad77c09853b9bc65a467
dfcde7da9dc04065f6a3bbd2457ef90c75ed01ba
ea18b3e2c606aeb6128c798d0ce25827e7a630701a73248211b7d448805d2233
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 23:40:48 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 15:49:39 GMT
Expires: Wed, 01 Feb 2023 15:49:38 GMT
Etag: "dfcde7da9dc04065f6a3bbd2457ef90c75ed01ba"
Cache-Control: max-age=489529,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78fd1884ea17b505-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 19e4588d58d51de33385e9732a761856
3b4531235582139915d57c1259361a6ccc1bc923
dfcf8c58a963c5749d1cd921f9089d8bcd4a11717f3403f04c9865200decb466
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DFCF8C58A963C5749D1CD921F9089D8BCD4A11717F3403F04C9865200DECB466"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1596
Expires: Fri, 27 Jan 2023 00:07:24 GMT
Date: Thu, 26 Jan 2023 23:40:48 GMT
Connection: keep-alive
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.254200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.254:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 892
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Thu, 26 Jan 2023 23:41:15 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://oxy.st
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d49cf0a2dc8f3dd6b5e4730d50cb1f8a
973d6fd723abbad6bcdde56b95cff0b956aeb3d0
ac3accfa00116f3f8c98e66aeefa227f1575b1279eaea5fee34cc6620af9eb81
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5210
Cache-Control: max-age=96778
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:49 GMT
Etag: "63d1d231-117"
Expires: Sat, 28 Jan 2023 02:33:47 GMT
Last-Modified: Thu, 26 Jan 2023 01:06:57 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279
offerimage.com/www/images/7d763937692f59aea0578ffe58c10ee0.jpeg
104.22.33.172200 OK 14 kB URL HTTP/2 offerimage.com/www/images/7d763937692f59aea0578ffe58c10ee0.jpeg
IP 104.22.33.172:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 7d763937692f59aea0578ffe58c10ee0
b3a4cc4fd1a0d8319e59057e535b0b19f1a3b35b
2d7300c572db1683cbc8071be4bbaf31b00954193f6f82d453c99a7a58bd7620
GET /www/images/7d763937692f59aea0578ffe58c10ee0.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:49 GMT
content-type: image/jpeg
content-length: 13778
cache-control: max-age=86400
cf-bgj: h2pri
etag: "63888441-35d2"
expires: Fri, 27 Jan 2023 09:23:33 GMT
last-modified: Thu, 01 Dec 2022 10:38:57 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 51436
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 78fd1886be170a3f-ARN
X-Firefox-Spdy: h2
oxy.st/slake/asset/img/favicon/apple-touch-icon.png
185.178.208.137200 OK 2.0 kB URL HTTP/2 oxy.st/slake/asset/img/favicon/apple-touch-icon.png
IP 185.178.208.137:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 05807c4aceabfb49ab9d66e54618ff53
fddb5a3eb50d1a255989f72f91911dc21e2d5d9b
725d652f8c9ad3d148a0528878b51e2e250d228ab6eaf39111d0664abad359b3
GET /slake/asset/img/favicon/apple-touch-icon.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227; _pbjs_userid_consent_data=3524755945110770; sharedid=e33c1931-a382-4eda-ae00-66fc59a66efd; cto_bundle=bBhj1l9hR1ZsUksxdUYxMEpZVzhRRnVkSHpsQXYxNVUzSTdQMXV5QTdranBFRXQyNEVaWGIzZDk1ekgwaE1QaEZCUndoJTJGZ3prZ084TDM3ZERlbVJJakpBNG5vNUJuemhMaUcxWEFIT0huV2d0bG5jJTNE; cto_bidid=mPkR0F9GVUFCa2VHSFRwY01Gb3JwZFNJbHlKaktzamhsN0tBaVp0TjFVQU9pZyUyRnRHVjR0elVKUWVDRHF1U0FJJTJGVUdiWjdlUENRY0Y3WmRINlZpRGdpMFV2bEElM0QlM0Q; prefetchAd_5630105=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 25 Aug 2022 10:29:17 GMT
content-type: image/png
content-length: 1994
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
etag: "5eefbeb2-7ca"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 13353092
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
id5-sync.com/i/12/9.gif?gdpr=&gdpr_consent=
162.19.138.120200 43 B URL HTTP/1.1 id5-sync.com/i/12/9.gif?gdpr=&gdpr_consent=
IP 162.19.138.120:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 07fff40b5dd495aca2ac4e1c3fbc60aa
e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
GET /i/12/9.gif?gdpr=&gdpr_consent= HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: cf=; Max-Age=300; Expires=Thu, 26-Jan-2023 23:45:49 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cip=; Max-Age=300; Expires=Thu, 26-Jan-2023 23:45:49 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cnac=; Max-Age=300; Expires=Thu, 26-Jan-2023 23:45:49 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
car=; Max-Age=300; Expires=Thu, 26-Jan-2023 23:45:49 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
gdpr=; Max-Age=300; Expires=Thu, 26-Jan-2023 23:45:49 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
callback=; Max-Age=300; Expires=Thu, 26-Jan-2023 23:45:49 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
content-type: image/gif;charset=UTF-8
transfer-encoding: chunked
date: Thu, 26 Jan 2023 23:40:48 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
oxy.st/images/icon.png
185.178.208.137200 OK 7.5 kB IP 185.178.208.137:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash b63d70eb8c5d379fa68fe0f63e8c4255
232de1f52e52611ae67aab8ebaa143946154a233
100c7773d318b841267dc4ac654366ac19ba903e6cd6551777268f6eb4ed86cd
GET /images/icon.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227; _pbjs_userid_consent_data=3524755945110770; sharedid=e33c1931-a382-4eda-ae00-66fc59a66efd; cto_bundle=bBhj1l9hR1ZsUksxdUYxMEpZVzhRRnVkSHpsQXYxNVUzSTdQMXV5QTdranBFRXQyNEVaWGIzZDk1ekgwaE1QaEZCUndoJTJGZ3prZ084TDM3ZERlbVJJakpBNG5vNUJuemhMaUcxWEFIT0huV2d0bG5jJTNE; cto_bidid=mPkR0F9GVUFCa2VHSFRwY01Gb3JwZFNJbHlKaktzamhsN0tBaVp0TjFVQU9pZyUyRnRHVjR0elVKUWVDRHF1U0FJJTJGVUdiWjdlUENRY0Y3WmRINlZpRGdpMFV2bEElM0QlM0Q; prefetchAd_5630105=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 20 Jan 2023 10:13:39 GMT
content-type: image/png
content-length: 7531
last-modified: Sun, 21 Jun 2020 20:10:25 GMT
etag: "5eefbeb1-1d6b"
access-control-allow-origin: *
accept-ranges: bytes
age: 566830
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
ced.sascdn.com/tag/1097/smart.js
95.101.10.57200 OK 33 kB URL HTTP/1.1 ced.sascdn.com/tag/1097/smart.js
IP 95.101.10.57:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash ab5d7bcba6f9bbe86e71d3f75061efc8
bf137eb7dc8285e29d986f6b8f3272f6f979bc0e
a973cdadddcd9ba18f6e262f602d39e091090e4a94ac036b3fc4f7428e5b84e6
GET /tag/1097/smart.js HTTP/1.1
Host: ced.sascdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 32964
Cache-Control: public, max-age=7200
Expires: Fri, 27 Jan 2023 01:40:49 GMT
Date: Thu, 26 Jan 2023 23:40:49 GMT
Connection: keep-alive
d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js
54.230.245.170200 OK 26 kB URL HTTP/1.1 d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js
IP 54.230.245.170:0
File type ASCII text, with very long lines (16085)
Hash 8703fc9eead243fe2f47380e962d7fa2
3d9f707259112fa9ccdd1e676f00eadcff71906c
b47b4ca26c57e3dceebd7abd067df9622599bed6bfb11b480f92d09a945cd213
GET /a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js HTTP/1.1
Host: d2zur9cc2gf1tx.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 25704
Connection: keep-alive
Accept-Ranges: bytes
Last-Modified: Mon, 18 Feb 2019 16:54:28 GMT
Server: Apache
Date: Thu, 26 Jan 2023 03:45:34 GMT
X-Cache: Hit from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: YYIwH8j7HgJk4cp1r5lMaci50gMbadUoyMq4DEtNnCnhang0hr5BjQ==
Age: 71737
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7b8dcc42710b2f68c0ec782d2b2a3ae3
b865da423aa26e774270b8e3942b6fbe76793133
2da0fcf67d020f7c563946fca7ade89803cbe7cfe484f123640f8a9950b3f2b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
interstitial-07.com/contents/s/22/c3/d7/36b6f5657cde24feae14c9773b/0608422639029.jpeg
139.45.197.152200 OK 25 kB URL HTTP/2 interstitial-07.com/contents/s/22/c3/d7/36b6f5657cde24feae14c9773b/0608422639029.jpeg
IP 139.45.197.152:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 256x256, components 3\012- data
Hash 22c3d736b6f5657cde24feae14c9773b
126151dc35c149dad2aa1e7ad40856eda756a0a3
686dabfa96f39e22f655edd3bf99484caf1aa3b63165e6d47ae6c6c2de974bec
GET /contents/s/22/c3/d7/36b6f5657cde24feae14c9773b/0608422639029.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=fK0qfSEKc3WaGMt&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D601141132%26z%3D5630103%26b%3D16536120%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DfUO_c7nVW2qxXr6lSzSXy5CuueAYAyZZOQMNpPc-JammBTVFARTo0pnPiCH9x2qBZoqC6XWRoG4N50gLnLrkexpom1HFBZUjEJr9XTrmRSPfFHpWiMJZsBptRMjaWT25CyYdfy9ymgw_bGD-nhnHHpoZ2e4P6tXD8HgQf_CH3WHtaQE70V5f-jPQO5oL3DQhYKZfzytD-I5y7ijFq5h6Qp0EQkSOQ6irSuEzU5ykMujzzoY0bPZvegjulYZs0fYefJ9-GXP6TzrkSVIF0FIPGTKNO7mGXxOO_oFxp3zkKdrrrrzH_ETXU0UbH6hsB-U3RU0dNf_TKoqgjg1MNUMeU__BRojoEsKZwbuo7wbiTQKvgH8zxvO9Ntj2pFcdL5XXNvFQ7ok1tpbt1RZwu_ZqwZlHHJgdyh21ofR_iwuN7_HI9zIn2_1F-TcebotSH25T4nESS1jc6-0A3fYHRELnV4Sek24wFkKCowXDLT7vIKpoeilhH94XJ2S1rKOO3jrvNj7HnFtMIvYPp53SAhswqdkSHr_HcxByW-4vLSg1odlsFLZ3h0SZW1ubQ98CILCjzci73BakD25AdksTSjhQH52xL6hUlkekrxWijCjcM291DwZiK0F4i9bY4uWYYIfUXriwJ-U84X4_i4bScAZpMw%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3Da0e6624a-d607-4e97-b3a3-8b04052d81ae%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKpug%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:49 GMT
content-type: image/jpeg
content-length: 25424
last-modified: Mon, 21 Mar 2022 17:16:40 GMT
vary: Accept-Encoding
etag: "6238b2f8-6350"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP 178.250.2.146:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-crto-bundle
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:48 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-headers: X-CRTO-SID, X-CRTO-IDCPY, X-CRTO-OPTOUT, X-CRTO-BUNDLE
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 658413
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 8842ce0e8a7ade68a541b843fd4cdde3
af08cd580c467949030f86fc17132a11843bce26
c1ee92c539f729fff35e9c9814569b46ed36d9f3de13c348daefc46816d6fbda
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3462
Cache-Control: max-age=156229
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:49 GMT
Etag: "63d2c140-1d7"
Expires: Sat, 28 Jan 2023 19:04:38 GMT
Last-Modified: Thu, 26 Jan 2023 18:06:56 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
interstitial-07.com/?l=fK0qfSEKc3WaGMt&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D601141132%26z%3D5630103%26b%3D16536120%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DfUO_c7nVW2qxXr6lSzSXy5CuueAYAyZZOQMNpPc-JammBTVFARTo0pnPiCH9x2qBZoqC6XWRoG4N50gLnLrkexpom1HFBZUjEJr9XTrmRSPfFHpWiMJZsBptRMjaWT25CyYdfy9ymgw_bGD-nhnHHpoZ2e4P6tXD8HgQf_CH3WHtaQE70V5f-jPQO5oL3DQhYKZfzytD-I5y7ijFq5h6Qp0EQkSOQ6irSuEzU5ykMujzzoY0bPZvegjulYZs0fYefJ9-GXP6TzrkSVIF0FIPGTKNO7mGXxOO_oFxp3zkKdrrrrzH_ETXU0UbH6hsB-U3RU0dNf_TKoqgjg1MNUMeU__BRojoEsKZwbuo7wbiTQKvgH8zxvO9Ntj2pFcdL5XXNvFQ7ok1tpbt1RZwu_ZqwZlHHJgdyh21ofR_iwuN7_HI9zIn2_1F-TcebotSH25T4nESS1jc6-0A3fYHRELnV4Sek24wFkKCowXDLT7vIKpoeilhH94XJ2S1rKOO3jrvNj7HnFtMIvYPp53SAhswqdkSHr_HcxByW-4vLSg1odlsFLZ3h0SZW1ubQ98CILCjzci73BakD25AdksTSjhQH52xL6hUlkekrxWijCjcM291DwZiK0F4i9bY4uWYYIfUXriwJ-U84X4_i4bScAZpMw%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3Da0e6624a-d607-4e97-b3a3-8b04052d81ae%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKpug%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
139.45.197.152200 OK 67 kB URL HTTP/2 interstitial-07.com/?l=fK0qfSEKc3WaGMt&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D601141132%26z%3D5630103%26b%3D16536120%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DfUO_c7nVW2qxXr6lSzSXy5CuueAYAyZZOQMNpPc-JammBTVFARTo0pnPiCH9x2qBZoqC6XWRoG4N50gLnLrkexpom1HFBZUjEJr9XTrmRSPfFHpWiMJZsBptRMjaWT25CyYdfy9ymgw_bGD-nhnHHpoZ2e4P6tXD8HgQf_CH3WHtaQE70V5f-jPQO5oL3DQhYKZfzytD-I5y7ijFq5h6Qp0EQkSOQ6irSuEzU5ykMujzzoY0bPZvegjulYZs0fYefJ9-GXP6TzrkSVIF0FIPGTKNO7mGXxOO_oFxp3zkKdrrrrzH_ETXU0UbH6hsB-U3RU0dNf_TKoqgjg1MNUMeU__BRojoEsKZwbuo7wbiTQKvgH8zxvO9Ntj2pFcdL5XXNvFQ7ok1tpbt1RZwu_ZqwZlHHJgdyh21ofR_iwuN7_HI9zIn2_1F-TcebotSH25T4nESS1jc6-0A3fYHRELnV4Sek24wFkKCowXDLT7vIKpoeilhH94XJ2S1rKOO3jrvNj7HnFtMIvYPp53SAhswqdkSHr_HcxByW-4vLSg1odlsFLZ3h0SZW1ubQ98CILCjzci73BakD25AdksTSjhQH52xL6hUlkekrxWijCjcM291DwZiK0F4i9bY4uWYYIfUXriwJ-U84X4_i4bScAZpMw%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3Da0e6624a-d607-4e97-b3a3-8b04052d81ae%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKpug%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
IP 139.45.197.152:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1480)
Hash c1f2d365ebe5c794e56cd10ebc3b5716
cc98fc37e8e0d8e29d8ba62219a2f6a6f532943e
a15ff23a8e2cf24b769240664b7fd7f54d86185eb6d763b996e6865cfcf679e3
GET /?l=fK0qfSEKc3WaGMt&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D601141132%26z%3D5630103%26b%3D16536120%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DfUO_c7nVW2qxXr6lSzSXy5CuueAYAyZZOQMNpPc-JammBTVFARTo0pnPiCH9x2qBZoqC6XWRoG4N50gLnLrkexpom1HFBZUjEJr9XTrmRSPfFHpWiMJZsBptRMjaWT25CyYdfy9ymgw_bGD-nhnHHpoZ2e4P6tXD8HgQf_CH3WHtaQE70V5f-jPQO5oL3DQhYKZfzytD-I5y7ijFq5h6Qp0EQkSOQ6irSuEzU5ykMujzzoY0bPZvegjulYZs0fYefJ9-GXP6TzrkSVIF0FIPGTKNO7mGXxOO_oFxp3zkKdrrrrzH_ETXU0UbH6hsB-U3RU0dNf_TKoqgjg1MNUMeU__BRojoEsKZwbuo7wbiTQKvgH8zxvO9Ntj2pFcdL5XXNvFQ7ok1tpbt1RZwu_ZqwZlHHJgdyh21ofR_iwuN7_HI9zIn2_1F-TcebotSH25T4nESS1jc6-0A3fYHRELnV4Sek24wFkKCowXDLT7vIKpoeilhH94XJ2S1rKOO3jrvNj7HnFtMIvYPp53SAhswqdkSHr_HcxByW-4vLSg1odlsFLZ3h0SZW1ubQ98CILCjzci73BakD25AdksTSjhQH52xL6hUlkekrxWijCjcM291DwZiK0F4i9bY4uWYYIfUXriwJ-U84X4_i4bScAZpMw%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3Da0e6624a-d607-4e97-b3a3-8b04052d81ae%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKpug%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:49 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.25
set-cookie: reverse=2YcIXTA4eBOr3q6Mk5VHpGCtdLiXJZnWjZcAYKadM1E; expires=Fri, 27-Jan-2023 00:40:49 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431
142.250.74.130302 Found 341 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431
IP 142.250.74.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash f08fed0a98f17395928684c3b246d5c3
22f0db395e11ff656497e2eff0767488324b1893
14e9228bcd92e6f40e5513ef872eeb2a8c122314b7b99d91172295265d6744b3
GET /pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431 HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431&google_tc=
date: Thu, 26 Jan 2023 23:40:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 341
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 26-Jan-2023 23:55:49 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7b8dcc42710b2f68c0ec782d2b2a3ae3
b865da423aa26e774270b8e3942b6fbe76793133
2da0fcf67d020f7c563946fca7ade89803cbe7cfe484f123640f8a9950b3f2b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.20.226:0
Hash a224665906c0eb363d884019f19f4589
cc2ab9b84eae1afbf2dd3cc8dec59e970eb30f52
f5085217495d9914b91239e178ee942a05ee35b25e201fad0e6c663ef585a2c7
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 23:40:49 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Mon, 30 Jan 2023 21:09:36 GMT
ETag: "cc2ab9b84eae1afbf2dd3cc8dec59e970eb30f52"
Last-Modified: Thu, 26 Jan 2023 21:09:37 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1563
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78fd1887ca851c0e-OSL
secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12771%26ref%3D%26url%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKpug%26hn_ver%3D40%26fid%3D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431
185.89.210.244307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12771%26ref%3D%26url%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKpug%26hn_ver%3D40%26fid%3D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431
IP 185.89.210.244:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12771%26ref%3D%26url%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKpug%26hn_ver%3D40%26fid%3D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Thu, 26 Jan 2023 23:40:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FKpug%2526hn_ver%253D40%2526fid%253D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431
AN-X-Request-Uuid: cd0dd868-1d17-4e47-8d1d-de776f81d5b5
Set-Cookie: uuid2=4437223376576264530; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 26-Apr-2023 23:40:49 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2892ad526c4f55ae4025bf28c7461281
baf83f9b89b7c1d2c6dd0342058d444657da256e
cab8f28b37a5d5a2063f860fe8560631729b0da700bfe6cb60c7894a0144ebfe
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1241
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:49 GMT
Last-Modified: Thu, 26 Jan 2023 23:20:08 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8832
Expires: Fri, 27 Jan 2023 02:08:01 GMT
Date: Thu, 26 Jan 2023 23:40:49 GMT
Connection: keep-alive
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
178.250.2.146200 OK 9.3 kB URL HTTP/2 gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP 178.250.2.146:0
Hash 96aad1a31e75a6eb6815e0a98638b4fc
15c5879c014741bfd7b4fb43663b779a1dcd06e9
b198b181467df88e98989b3d32ab53b6dab54b8b9f552032363bb3481bb3932f
GET /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
x-crto-bundle: bBhj1l9hR1ZsUksxdUYxMEpZVzhRRnVkSHpsQXYxNVUzSTdQMXV5QTdranBFRXQyNEVaWGIzZDk1ekgwaE1QaEZCUndoJTJGZ3prZ084TDM3ZERlbVJJakpBNG5vNUJuemhMaUcxWEFIT0huV2d0bG5jJTNE
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 1342021
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8832
Expires: Fri, 27 Jan 2023 02:08:01 GMT
Date: Thu, 26 Jan 2023 23:40:49 GMT
Connection: keep-alive
cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5&reqId=1708d551-cbe6-4512-419b-490972e72233&zdid=1258
142.250.74.130302 Found 447 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5&reqId=1708d551-cbe6-4512-419b-490972e72233&zdid=1258
IP 142.250.74.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 9c6f1eea49ba5276389cbd5ccfd639e2
b787e989427ba8cb74880130e3584e142623daa2
e5208cc057a106a49e41c737201d02c8e43749c61b61b3046d7b38f5656c04b0
GET /pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5&reqId=1708d551-cbe6-4512-419b-490972e72233&zdid=1258 HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5&reqId=1708d551-cbe6-4512-419b-490972e72233&zdid=1258&google_tc=
date: Thu, 26 Jan 2023 23:40:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 447
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 26-Jan-2023 23:55:49 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 2e85f75e-ab9d-4d45-adad-7313950a9647
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSWbxGwnoAMFejw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d117-68f1a9e71a07a0453311fd32;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 06:49:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dbz3wXGNaetf6xvRE98rshyHy-FVfDo8co-4VDL0a4Qe3E4U8A82Og==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 18:35:59 GMT
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
age: 18290
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a0df2a65a0fc9131ffb4b2059f1053f7
c7be16e530fa09b5e32702beee2202be6369b52f
d76dbd828986a563ce073d1b271e6fa6e3b57ec55b2cd3fba0fc069fa4e33ecf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D76DBD828986A563CE073D1B271E6FA6E3B57EC55B2CD3FBA0FC069FA4E33ECF"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14256
Expires: Fri, 27 Jan 2023 03:38:25 GMT
Date: Thu, 26 Jan 2023 23:40:49 GMT
Connection: keep-alive
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash b71cb224bbac354fe18ca570add2721a
c13d0f243f5c958d9fb53f6c0cb0cd0bd213e1a5
22b527efc7350ed8c57ba4438a1a2f976a57b4b23f5afe85ea5e32adcc6f26d7
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 23:40:49 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Mon, 30 Jan 2023 19:26:29 GMT
ETag: "c13d0f243f5c958d9fb53f6c0cb0cd0bd213e1a5"
Last-Modified: Thu, 26 Jan 2023 19:26:30 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2444
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78fd18883f27b4eb-OSL
match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1
3.33.220.150200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1
IP 3.33.220.150:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:49 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5623b111-3a93-4843-8a40-550089a3d3eb.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5623b111-3a93-4843-8a40-550089a3d3eb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a5de6b54196befa95e9291a051c645d0
e3100707a4e9b1d5c30223d31f58cd6ee8ad010b
5bcc3dd7011df4e17d7ef86d892fedeca14b0d0eabbe782fecf35c9a82b25e40
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5623b111-3a93-4843-8a40-550089a3d3eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7804
x-amzn-requestid: f2bfdd54-e6bf-449f-9731-087e4e848e2e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUmhfF4MoAMFquw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1b7a2-3a06fc0b3cd076b23c947d99;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 23:13:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CVD5IG2xp8meHr_xgY1KgY8PPejuUnKuXPqDpbd6NQv6U1kKVvK0Vg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 08:45:17 GMT
age: 53732
etag: "e3100707a4e9b1d5c30223d31f58cd6ee8ad010b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d91ae98-1f78-4bbd-98ab-6e6d92c7fef2.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d91ae98-1f78-4bbd-98ab-6e6d92c7fef2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7364957de1b4c82a923bd947f0cce750
d8aa55b64a65757e043b4b1b63efd93c8261d275
f1f7059968d08adfa1c775c906ecb6e5b752210af0bcdcebfa77c2ba6f15bbf4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d91ae98-1f78-4bbd-98ab-6e6d92c7fef2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7573
x-amzn-requestid: 2946b91b-1d7e-4eba-966d-600ae368cd3f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLzVxGw1oAMF-xQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ce328b-04037751257e13ca156eee8d;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 07:08:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4TidB2H164ziAxKhEORFw4BBF0FB2pkkwNq3iMQfS4t7yObXCA59Pw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 14:49:11 GMT
age: 31898
etag: "d8aa55b64a65757e043b4b1b63efd93c8261d275"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM
2.18.172.23200 OK 5.7 kB URL HTTP/2 contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM
IP 2.18.172.23:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (13426)
Hash 95650c775060912301595dd6152cd93b
aadf8d91492a10f009b2834f4fead16383e454dd
7b04cd6616a65a6098754ccd4ed83c5b7e2bcf58d9a6d5402042b47ae44dd3a7
GET /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Sat, 28 Jan 2023 23:40:49 GMT
date: Thu, 26 Jan 2023 23:40:49 GMT
content-length: 5745
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52a1f3b3-38ab-4f58-ad1a-ca4c9f82503e.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52a1f3b3-38ab-4f58-ad1a-ca4c9f82503e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1695371c247eedad65b4cac82f01215d
50510052f0e22e23f747c761d57cdf72910ac533
aadde426229f04f6a489b87d6949a485b19d4fd035cb244b6094549efc08013f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52a1f3b3-38ab-4f58-ad1a-ca4c9f82503e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6394
x-amzn-requestid: 215e6698-30e7-45b0-8f8f-96a05c5f6992
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fOirZG1doAMFW_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf4b15-3e1bec6759816cf84467339b;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 03:05:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: tG3T0HguJWldw-LJ9SJSuuUT4ubLCWViwQFB-dZhNfEswMEexb7Tcw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 04:23:28 GMT
age: 69441
etag: "50510052f0e22e23f747c761d57cdf72910ac533"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
lg3.media.net/bping.php?vgd_len=486&&vgd_cdv=859&vgd_cage=1&gdpr=1&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1674776449751899929&ugd=4&lf=6&cc=NO&lper=100&wsip=2886995206&r=1674776449163&requrl=https%3A%2F%2Foxy.st%2Fd%2FKpug&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=50304&vgd_rakh=1674776449100023040&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p01069905250t202301262340&vgd_pgids=1&vgd_uspa=0&hvsid=00001674776449154015326356484433&gdpr=1&vgd_l2type=scs_newfl&vgd_end=1
2.18.172.23200 OK 15 B URL HTTP/2 lg3.media.net/bping.php?vgd_len=486&&vgd_cdv=859&vgd_cage=1&gdpr=1&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1674776449751899929&ugd=4&lf=6&cc=NO&lper=100&wsip=2886995206&r=1674776449163&requrl=https%3A%2F%2Foxy.st%2Fd%2FKpug&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=50304&vgd_rakh=1674776449100023040&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p01069905250t202301262340&vgd_pgids=1&vgd_uspa=0&hvsid=00001674776449154015326356484433&gdpr=1&vgd_l2type=scs_newfl&vgd_end=1
IP 2.18.172.23:0
File type ASCII text, with no line terminators
Hash 2ba5e95642c652c708881ad3c9d8443f
5bfcc33bb9cc897546c600206b03d1307bd63a94
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
GET /bping.php?vgd_len=486&&vgd_cdv=859&vgd_cage=1&gdpr=1&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1674776449751899929&ugd=4&lf=6&cc=NO&lper=100&wsip=2886995206&r=1674776449163&requrl=https%3A%2F%2Foxy.st%2Fd%2FKpug&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=50304&vgd_rakh=1674776449100023040&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p01069905250t202301262340&vgd_pgids=1&vgd_uspa=0&hvsid=00001674776449154015326356484433&gdpr=1&vgd_l2type=scs_newfl&vgd_end=1 HTTP/1.1
Host: lg3.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Apache
content-length: 15
content-type: text/html; charset=UTF-8
ntcoent-length: 15
strict-transport-security: max-age=21600
vary: Accept-Encoding
cache-control: max-age=85912
date: Thu, 26 Jan 2023 23:40:49 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8832
Expires: Fri, 27 Jan 2023 02:08:01 GMT
Date: Thu, 26 Jan 2023 23:40:49 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47dfbf8f-d762-4550-83d7-2992a8c8fe66.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47dfbf8f-d762-4550-83d7-2992a8c8fe66.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bad60daf652c598a06510ff955137b69
235bf4642e726bb6a303fe1b69238e2e973414cb
d655c5ac17274a30a89c31674e14dc9c1b6bc39bfff94db1c9ff0d8006bb673b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47dfbf8f-d762-4550-83d7-2992a8c8fe66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12508
x-amzn-requestid: 68787c38-72fe-4d8a-9521-aeb9efa56b05
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fBYWyGIHoAMF-LQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ca075e-1ee9488d2dd0437728beac94;Sampled=0
x-amzn-remapped-date: Fri, 20 Jan 2023 03:15:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0lNizMpeWOcOlokaaW-WB7LXRReZwaFfPE38C-SmsS_PbxJPhcRYfw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 15:21:30 GMT
age: 29959
etag: "235bf4642e726bb6a303fe1b69238e2e973414cb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7b8dcc42710b2f68c0ec782d2b2a3ae3
b865da423aa26e774270b8e3942b6fbe76793133
2da0fcf67d020f7c563946fca7ade89803cbe7cfe484f123640f8a9950b3f2b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431&google_tc=
142.250.74.130302 Found 292 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431&google_tc=
IP 142.250.74.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 276a8d64df2f1d7bd3da029105cf87c8
4af7bffeeed227c93910b11cda9db002b526ffe2
8712298e861dfb853fa8d3ee626957e5ae464498be20fdafb3e3f70ecaadcd62
GET /pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: https://s.cpx.to/ca.png?dsp=dbm&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431&google_error=3
date: Thu, 26 Jan 2023 23:40:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 292
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
betotodilea.com/500/5630102?excludes=&oaid=3a033a90860b452280c7637d449e0135&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 1.3 kB URL HTTP/2 betotodilea.com/500/5630102?excludes=&oaid=3a033a90860b452280c7637d449e0135&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash 215c2c220ef9ccf942899d9e3a9b7cb9
e2ada040e9a87a59b2b7755b08c3a01d840bab7c
b031ddc594f93f63a16c1d0813888a828bf70a2fbcc073a2f5895d0ca577753b
Analyzer Verdict Alert quad9 Sinkholed
GET /500/5630102?excludes=&oaid=3a033a90860b452280c7637d449e0135&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: OAID=956311944f4742668bf446e7fe5a6e7e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: application/javascript
x-trace-id: e293396bf77093ef904f815f5025db65
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://oxy.st
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=3a033a90860b452280c7637d449e0135; expires=Fri, 26 Jan 2024 23:40:48 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FKpug%2526hn_ver%253D40%2526fid%253D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431
185.89.210.244302 Found 0 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FKpug%2526hn_ver%253D40%2526fid%253D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431
IP 185.89.210.244:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FKpug%2526hn_ver%253D40%2526fid%253D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Thu, 26 Jan 2023 23:40:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://s.cpx.to/an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FKpug&hn_ver=40&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431
AN-X-Request-Uuid: d248c663-b5ab-4c8e-bf5e-60cddcd8af5d
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59e67210-efa8-4704-9931-e876d7c8922b.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59e67210-efa8-4704-9931-e876d7c8922b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 262b43386e404cb3d320c47c4cf792c1
87f304f8583fe6b6e942a9dbcb5efb5ee94987f2
ca0f72005920b2b2f49c387314540f3cd2f3d7808f0365dfb1c491500e8a8714
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59e67210-efa8-4704-9931-e876d7c8922b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8065
x-amzn-requestid: 4a4a6d4c-9c4b-418d-be96-8a0d1de4828a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fBYVuHZsoAMFmWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ca0757-74c21aa22d11c4240019a4b3;Sampled=0
x-amzn-remapped-date: Fri, 20 Jan 2023 03:15:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Ep_QyiLEIxubEC9RgbxdlAVYnQ65fxR22squ9p-9aXfpUVyah_oSow==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 21:47:43 GMT
age: 6786
etag: "87f304f8583fe6b6e942a9dbcb5efb5ee94987f2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5&reqId=1708d551-cbe6-4512-419b-490972e72233&zdid=1258&google_tc=
142.250.74.130302 Found 437 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5&reqId=1708d551-cbe6-4512-419b-490972e72233&zdid=1258&google_tc=
IP 142.250.74.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash e70a344931453420c286f1456d9457fa
7def693e984149b52c09afaba1a506f87c8f7d99
824db47033f23ae4c60903bc9a01867ca99571f59cb93d42656d325573294001
GET /pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5&reqId=1708d551-cbe6-4512-419b-490972e72233&zdid=1258&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: https://mwzeom.zeotap.com/mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5&reqId=1708d551-cbe6-4512-419b-490972e72233&zdid=1258&google_error=3
date: Thu, 26 Jan 2023 23:40:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 437
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FKpug&nse=5&vi=1674776449751899929&ugd=4&sff=0&pgid=p01069905250t202301262340&nb=1
2.18.172.23200 OK 330 B URL HTTP/2 contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FKpug&nse=5&vi=1674776449751899929&ugd=4&sff=0&pgid=p01069905250t202301262340&nb=1
IP 2.18.172.23:0
File type ASCII text, with very long lines (550), with no line terminators
Hash 43d3287aeab1b4c61eedf3aac031ef87
45773eb3b6b7166b977c76688b1ca5246e43e2e8
9d006af8a292d44af608cbd6387ea3d641f70fc27f1fecd0a7dcaa7047500cad
GET /smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FKpug&nse=5&vi=1674776449751899929&ugd=4&sff=0&pgid=p01069905250t202301262340&nb=1 HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
content-type: text/javascript
x-sc-h: 22-2gtl
expires: Thu, 26 Jan 2023 23:40:49 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Thu, 26 Jan 2023 23:40:49 GMT
content-length: 330
vary: Accept-Encoding
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
s.cpx.to/ca.png?dsp=dbm&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431&google_error=3
63.32.10.107200 OK 95 B URL HTTP/1.1 s.cpx.to/ca.png?dsp=dbm&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431&google_error=3
IP 63.32.10.107:0
File type PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Hash 9606fa62df0ffe87253f3baf418f0e42
fe8520ab0bf1622350513d685ece5faf70b4e8c1
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
GET /ca.png?dsp=dbm&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431&google_error=3 HTTP/1.1
Host: s.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Cookie: cpSess=8fc71c476d2432c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 23:40:49 GMT
Content-Type: image/png
Content-Length: 95
Connection: keep-alive
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: none
cache-control: no-store, must-revalidate, private, max-age=0
pragma: no-cache
set-cookie: cpSess=8fc71c476d2432c; Expires=Fri, 26 Jan 2024 23:40:49 GMT; Domain=.cpx.to; Path=/; Secure; HttpOnly; SameSite=None
unphionetor.com/vctx?t=72747
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vctx?t=72747
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /vctx?t=72747 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 26 Jan 2023 23:40:49 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: d8ae84888bc76c476d2635945c79d8a8
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
mwzeom.zeotap.com/mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5&reqId=1708d551-cbe6-4512-419b-490972e72233&zdid=1258&google_error=3
172.67.13.182200 OK 95 B URL HTTP/2 mwzeom.zeotap.com/mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5&reqId=1708d551-cbe6-4512-419b-490972e72233&zdid=1258&google_error=3
IP 172.67.13.182:0
File type PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Hash 71a50dbba44c78128b221b7df7bb51f1
0ec63b140374ba704a58fa0c743cb357683313dd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
GET /mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5&reqId=1708d551-cbe6-4512-419b-490972e72233&zdid=1258&google_error=3 HTTP/1.1
Host: mwzeom.zeotap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Cookie: zc=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5; zsc=%22az%09%21%1D%CFL%19%8B%87YN%E5%BB%5C%BE%9A%29%2A9U%28%24%99%D0%A37%D9r%C7%EEy%B1%23%F3J%021%7F%B6%C3%E1%27%5EJs%3C%DF%01%A05%26%8B%05%B6%8D%F0%FD%A2~v%CDM%10%89%BC%7F%F3fV%8Ce%FE%D1%D8%2C%F9%DC%F3.%A9%B3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:49 GMT
content-type: image/png
content-length: 95
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://oxy.st
set-cookie: zc=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 78fd1888fdbdb511-OSL
X-Firefox-Spdy: h2
rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js
54.230.111.4200 OK 671 B URL HTTP/2 rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js
IP 54.230.111.4:0
Hash 33ce999ffd6810bdb45d8acad8f90ad0
24be76c95bb2c43a3c4e0e09d7d360a93e0a86fb
0b4f9196da2d827f4eddf0e2fcc01b18c1d93c0210f25f477584dfa0bd6f7bed
GET /rules-p-6Fv0cGNfc_bw8.js HTTP/1.1
Host: rules.quantcount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Thu, 13 Oct 2022 22:35:53 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: gzip
date: Thu, 26 Jan 2023 23:37:03 GMT
cache-control: max-age=3600
etag: W/"1f431dc94c1f033d6666f0fe637e2d7b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -xweG3YumrjJtbgnw8NALhveBc2VDuyaDOts-SPeVudEKUOrhAlfLg==
age: 226
X-Firefox-Spdy: h2
image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431
185.64.190.80200 OK 115 B URL HTTP/2 image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431
IP 185.64.190.80:0
Hash 6a691d64c380564e70f6b8395ea6ccdb
cc8c68c02c4c18b5e9b7ca549b629fb2dc71c4b8
65023331d6af9780c5b69cb5ef00593fe3f9b4df6fa743869e30c523befd5514
GET /AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431 HTTP/1.1
Host: image2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:49 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip
X-Firefox-Spdy: h2
ibrapush.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Content-Type: application/json
Origin: https://oxy.st
Content-Length: 719
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:49 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: fb73008483fcb973d58eb4f81821d32a
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 26 Jan 2023 23:40:49 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 2f2efd5f27da3169b27bd03bef37e8b4
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st
178.250.2.146200 OK 5.5 kB URL HTTP/2 gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st
IP 178.250.2.146:0
Hash 235eea5309d128f686cf2687a77726fc
3c5ad5a4112720c38db65580b0533e21e7cbc33e
deed2cfd36946637177d7a9b756340a3a4a5da34a210395d1a3f2e1b7b6ab8c2
GET /syncframe?origin=rtus&topUrl=oxy.st HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
uid=60f94529-70bc-4f48-b860-e1d6e62e1094; expires=Tue, 20 Feb 2024 23:40:49 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 543360
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1&entry=c~Idfs.Rtus.147.Events.SyncframeDropped~1
178.250.2.150200 OK 43 B URL HTTP/2 csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1&entry=c~Idfs.Rtus.147.Events.SyncframeDropped~1
IP 178.250.2.150:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1&entry=c~Idfs.Rtus.147.Events.SyncframeDropped~1 HTTP/1.1
Host: csm.nl.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:49 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash c3fa0acd495f7caf6e73cd7d11915aa1
68214131a41d142e3f8cb2fc73fbc9a0d7ab5040
d343cb2efb8921f99f1acef382f5296d9f582fb8ad8d79b80d49e23bd7606a8c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1702
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:49 GMT
Last-Modified: Thu, 26 Jan 2023 23:12:28 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 313
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 061104e101442552c204bd46f812aa77
6253ce7fe8f353ef2ebb02992fb7909881cd235a
47d0f612ecdebad4e092e345fa39983592a6cf07fce44a00e42516791153371b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 26 Jan 2023 23:40:49 GMT
Last-Modified: Thu, 26 Jan 2023 23:03:57 GMT
Server: ECS (nyb/1D16)
X-Cache: Miss from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: SUu7qq1lGdZsUZFuuVSr6Imd2_cKDohiAvdlxqb9UGQirqMDZKaEJw==
Age: 2212
adtrack.adleadevent.com/notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7
54.154.10.160200 OK 20 B URL HTTP/1.1 adtrack.adleadevent.com/notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7
IP 54.154.10.160:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7 HTTP/1.1
Host: adtrack.adleadevent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://oxy.st
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Content-Encoding: gzip
Content-Type: application/x-javascript
Date: Thu, 26 Jan 2023 23:40:49 GMT
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 26 Jan 2023 23:40:49 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Length: 20
Connection: keep-alive
csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Origin.FromSyncframeBundle~1
178.250.2.150200 OK 43 B URL HTTP/2 csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Origin.FromSyncframeBundle~1
IP 178.250.2.150:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /iev?entry=c~Idfs.Rtus.147.Origin.FromSyncframeBundle~1 HTTP/1.1
Host: csm.nl.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:49 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
betotodilea.com/impression/pKsUKmfR7yATjrW76IUZzMit9vUm4Cl4J3hI0rJ2VEe9h05fd9B1dG1HS6_yn_B_M3UTMQJU8827NK2C7c5Dco8fCTFH5ewuw3u-Woc14s7YY9WBb3izichJJaX29Ft8rBNAYzw0q7R2q804qlam26xMs_-CYO3gAMhoInAqRM__jwoEF0LbHjUg4bXSZt3gd-fYXAYXykt9Bh--vOuIFlIr62MjlIBAMNhe8JSFIbIJ-BzWRIPAbO2ohBz9K4hV1euNp5Td_bsacO1irSlqAKw4nOhOckjk2gdhSYz6LlUPeGJSvkMC6lWDuTl-KU_P38-aWxbDvh030GkXUnqlTUtmvyDbIKrYLZrr21DfgZ2BnTc-4ytEsUSGPHDjITOTOJjGogpafDcc76jR_YynXHcey8aeehW2RI3IQod5mcYWwjJ_ON2J53in_NbP0KedGvkDZKZN8wsFxFc4g5caNjaowtTVvmsMQkz4bQ==?_z=5630102&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 43 B URL HTTP/2 betotodilea.com/impression/pKsUKmfR7yATjrW76IUZzMit9vUm4Cl4J3hI0rJ2VEe9h05fd9B1dG1HS6_yn_B_M3UTMQJU8827NK2C7c5Dco8fCTFH5ewuw3u-Woc14s7YY9WBb3izichJJaX29Ft8rBNAYzw0q7R2q804qlam26xMs_-CYO3gAMhoInAqRM__jwoEF0LbHjUg4bXSZt3gd-fYXAYXykt9Bh--vOuIFlIr62MjlIBAMNhe8JSFIbIJ-BzWRIPAbO2ohBz9K4hV1euNp5Td_bsacO1irSlqAKw4nOhOckjk2gdhSYz6LlUPeGJSvkMC6lWDuTl-KU_P38-aWxbDvh030GkXUnqlTUtmvyDbIKrYLZrr21DfgZ2BnTc-4ytEsUSGPHDjITOTOJjGogpafDcc76jR_YynXHcey8aeehW2RI3IQod5mcYWwjJ_ON2J53in_NbP0KedGvkDZKZN8wsFxFc4g5caNjaowtTVvmsMQkz4bQ==?_z=5630102&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert quad9 Sinkholed
GET /impression/pKsUKmfR7yATjrW76IUZzMit9vUm4Cl4J3hI0rJ2VEe9h05fd9B1dG1HS6_yn_B_M3UTMQJU8827NK2C7c5Dco8fCTFH5ewuw3u-Woc14s7YY9WBb3izichJJaX29Ft8rBNAYzw0q7R2q804qlam26xMs_-CYO3gAMhoInAqRM__jwoEF0LbHjUg4bXSZt3gd-fYXAYXykt9Bh--vOuIFlIr62MjlIBAMNhe8JSFIbIJ-BzWRIPAbO2ohBz9K4hV1euNp5Td_bsacO1irSlqAKw4nOhOckjk2gdhSYz6LlUPeGJSvkMC6lWDuTl-KU_P38-aWxbDvh030GkXUnqlTUtmvyDbIKrYLZrr21DfgZ2BnTc-4ytEsUSGPHDjITOTOJjGogpafDcc76jR_YynXHcey8aeehW2RI3IQod5mcYWwjJ_ON2J53in_NbP0KedGvkDZKZN8wsFxFc4g5caNjaowtTVvmsMQkz4bQ==?_z=5630102&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Cookie: OAID=3a033a90860b452280c7637d449e0135
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:53 GMT
content-type: image/gif
content-length: 43
x-trace-id: 823fa958da8a037495b94d77cd8f7ca0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
betotodilea.com/500/5630102?excludes=16368912&oaid=3a033a90860b452280c7637d449e0135&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 betotodilea.com/500/5630102?excludes=16368912&oaid=3a033a90860b452280c7637d449e0135&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/5630102?excludes=16368912&oaid=3a033a90860b452280c7637d449e0135&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:53 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://oxy.st
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
betotodilea.com/500/5630102?excludes=16368912&oaid=3a033a90860b452280c7637d449e0135&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 12 kB URL HTTP/2 betotodilea.com/500/5630102?excludes=16368912&oaid=3a033a90860b452280c7637d449e0135&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash 2479708151f1cff6980ecfc97acccdbb
48c6fe5ec16bd3a04b0d959321d4b3e6a9de6b4c
e72fe8ec4c649557163f5bc4b08fb0ae8fd0ea01c743f62386d1e11f7ed6afeb
Analyzer Verdict Alert quad9 Sinkholed
GET /500/5630102?excludes=16368912&oaid=3a033a90860b452280c7637d449e0135&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: OAID=3a033a90860b452280c7637d449e0135
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:53 GMT
content-type: application/javascript
x-trace-id: 0f85252cbd99e7c5c55acdf493fa702b
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://oxy.st
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=3a033a90860b452280c7637d449e0135; expires=Fri, 26 Jan 2024 23:40:53 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
nanouwho.com/1?z=5630103
139.45.197.242200 OK 7.1 kB IP 139.45.197.242:0
Hash ec970814fb9137d44dc01a09bd152121
fd07b55a47a05bcb2272db318483150e11e84008
70cc8faaefdea5b9f367597dcf1e005da807f3ba249c024bc2842946cf07007e
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=5630103 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 1ec2a5030f27f6e1a320e10c37e28dce
access-control-expose-headers: X-Sc
x-sc: VmvIc3DWt8kHh_Sq4mOelLY9DAeBa1EwbB4AXCg99s236XOizAN2PdPDvy8s4Es4s06JlgVf7zxevRvB_526sGUJFL8=
set-cookie: scm=1; expires=Fri, 26 Jan 2024 23:40:48 GMT; secure; SameSite=None
OAID=2ff241ee25cd4d76ad13fca078d1b555; expires=Fri, 26 Jan 2024 23:40:48 GMT; secure; SameSite=None
oaidts=1674776448; expires=Fri, 26 Jan 2024 23:40:48 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
bedrapiona.com/5/5630105/?oo=1&js_build=iclick-v1.473.0
139.45.197.234200 OK 0 B URL HTTP/2 bedrapiona.com/5/5630105/?oo=1&js_build=iclick-v1.473.0
IP 139.45.197.234:0
GET /5/5630105/?oo=1&js_build=iclick-v1.473.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: application/json
x-trace-id: 6f795990e9e85d232020dfa9f971b3e0
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=3a033a90860b452280c7637d449e0135; expires=Fri, 26 Jan 2024 23:40:47 GMT; path=/; secure; SameSite=None
oaidts=1674776447; expires=Fri, 26 Jan 2024 23:40:47 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
betotodilea.com/400/5630102
139.45.197.237200 OK 0 B URL HTTP/2 betotodilea.com/400/5630102
IP 139.45.197.237:0
Analyzer Verdict Alert quad9 Sinkholed
GET /400/5630102 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: application/javascript
x-trace-id: cadb0c8920ddec4682257e7300e36df4
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=956311944f4742668bf446e7fe5a6e7e; expires=Fri, 26 Jan 2024 23:40:48 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ibrapush.com/pfe/current/universal.min.js?v=3.1.414
139.45.197.250200 OK 0 B URL HTTP/2 ibrapush.com/pfe/current/universal.min.js?v=3.1.414
IP 139.45.197.250:0
GET /pfe/current/universal.min.js?v=3.1.414 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 14:02:57 GMT
etag: W/"63d28811-18c6c"
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
contextual.media.net/dmedianet.js?cid=8CU7BC15F
2.18.172.23200 OK 0 B URL HTTP/2 contextual.media.net/dmedianet.js?cid=8CU7BC15F
IP 2.18.172.23:0
GET /dmedianet.js?cid=8CU7BC15F HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
content-type: text/javascript; charset=utf-8
x-mnt-h: 8-16
x-mnt-w: 8-32
etag: "07c83206f44439062ce3e82213bdf949"
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=300
expires: Thu, 26 Jan 2023 23:45:49 GMT
date: Thu, 26 Jan 2023 23:40:49 GMT
X-Firefox-Spdy: h2
secure.quantserve.com/quant.js
91.228.74.200200 OK 0 B URL HTTP/2 secure.quantserve.com/quant.js
IP 91.228.74.200:0
GET /quant.js HTTP/1.1
Host: secure.quantserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:49 GMT
content-type: application/javascript
accept-ranges: bytes
cache-control: private, max-age=604800
content-encoding: gzip
etag: "OVi4z6W4qM+KoQEZlRgh5w=="
expires: Thu, 02 Feb 2023 23:40:49 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
unphionetor.com/fv.js?t=72747&cb=1395196566
139.45.197.236200 OK 0 B URL HTTP/2 unphionetor.com/fv.js?t=72747&cb=1395196566
IP 139.45.197.236:0
Analyzer Verdict Alert quad9 Sinkholed
GET /fv.js?t=72747&cb=1395196566 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:49 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 0302e143b76f8b7d967b6a48ad9db544
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
oxy.st/d/Kpug
185.178.208.137200 OK 0 B IP 185.178.208.137:0
GET /d/Kpug HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 26 Jan 2023 23:40:46 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; Domain=.oxy.st; HttpOnly; Path=/; Expires=Fri, 26-Jan-2024 23:40:46 GMT
PHPSESSID=vlfl22q355qsj814ml8i1ua227; path=/; domain=.oxy.st
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
ads.themoneytizer.com/IIQUniversalID.js
185.76.9.16200 OK 0 B URL HTTP/2 ads.themoneytizer.com/IIQUniversalID.js
IP 185.76.9.16:0
ASN #60068 Datacamp Limited
GET /IIQUniversalID.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: application/javascript
last-modified: Wed, 12 Oct 2022 18:48:43 GMT
expires: Fri, 27 Jan 2023 05:04:10 GMT
cache-control: max-age=86400, public, no-transform
pragma: public
x-accel-expires: @1674795850
server: CDN77-Turbo
x-77-nzt: AblMCQ0ZahP/tQUBAA
x-77-nzt-ray: c0a4cc28904dcdef7f0fd363ad16861c
x-cache: HIT
x-age: 66997
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
oxy.st/sw.js
185.178.208.137200 OK 0 B IP 185.178.208.137:0
GET /sw.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/d/Kpug
Connection: keep-alive
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227; _pbjs_userid_consent_data=3524755945110770; sharedid=e33c1931-a382-4eda-ae00-66fc59a66efd; cto_bundle=bBhj1l9hR1ZsUksxdUYxMEpZVzhRRnVkSHpsQXYxNVUzSTdQMXV5QTdranBFRXQyNEVaWGIzZDk1ekgwaE1QaEZCUndoJTJGZ3prZ084TDM3ZERlbVJJakpBNG5vNUJuemhMaUcxWEFIT0huV2d0bG5jJTNE; cto_bidid=mPkR0F9GVUFCa2VHSFRwY01Gb3JwZFNJbHlKaktzamhsN0tBaVp0TjFVQU9pZyUyRnRHVjR0elVKUWVDRHF1U0FJJTJGVUdiWjdlUENRY0Y3WmRINlZpRGdpMFV2bEElM0QlM0Q; prefetchAd_5630105=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
content-encoding: gzip
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP 178.250.2.146:0
GET /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 554279
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1
IP 178.250.2.146:0
OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 471283
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ads.themoneytizer.com/moneybile.js
185.76.9.16200 OK 0 B URL HTTP/2 ads.themoneytizer.com/moneybile.js
IP 185.76.9.16:0
ASN #60068 Datacamp Limited
GET /moneybile.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: application/javascript
last-modified: Fri, 12 Mar 2021 17:07:19 GMT
expires: Fri, 27 Jan 2023 05:04:10 GMT
cache-control: max-age=86400, public, no-transform
pragma: public
x-accel-expires: @1674795850
server: CDN77-Turbo
x-77-nzt: AblMCQ0oI3b/tQUBAA
x-77-nzt-ray: c0a4cc28904dcdef7f0fd36399eb9f1c
x-cache: HIT
x-age: 66997
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
ads.themoneytizer.com/moneybid7_28/build/dist/prebid.js
185.76.9.16200 OK 0 B URL HTTP/2 ads.themoneytizer.com/moneybid7_28/build/dist/prebid.js
IP 185.76.9.16:0
ASN #60068 Datacamp Limited
GET /moneybid7_28/build/dist/prebid.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: application/javascript
last-modified: Tue, 17 Jan 2023 14:40:20 GMT
expires: Fri, 27 Jan 2023 05:04:12 GMT
cache-control: max-age=86400, public, no-transform
pragma: public
x-accel-expires: @1674795852
server: CDN77-Turbo
x-77-nzt: AblMCQ0TbGb/swUBAA
x-77-nzt-ray: c0a4cc28904dcdef7f0fd36355d06021
x-cache: HIT
x-age: 66995
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1
178.250.2.146200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1
IP 178.250.2.146:0
GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 865753
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ibrapush.com/pfe/current/tag.min.js?z=5630104
139.45.197.250200 OK 0 B URL HTTP/2 ibrapush.com/pfe/current/tag.min.js?z=5630104
IP 139.45.197.250:0
GET /pfe/current/tag.min.js?z=5630104 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 14:02:57 GMT
etag: W/"63d28811-390a"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
link: <https://my.rtmark.net>; rel=dns-prefetch;, <https://my.rtmark.net>; rel=preconnect
content-encoding: gzip
X-Firefox-Spdy: h2
nanouwho.com/9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=3a033a90860b452280c7637d449e0135
139.45.197.242200 OK 0 B URL HTTP/2 nanouwho.com/9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=3a033a90860b452280c7637d449e0135
IP 139.45.197.242:0
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=3a033a90860b452280c7637d449e0135 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 172
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: scm=1; OAID=2ff241ee25cd4d76ad13fca078d1b555; oaidts=1674776448
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: f6b156414952df9c2e72df2a3634b609
access-control-expose-headers: X-Sc
set-cookie: OAID=3a033a90860b452280c7637d449e0135; expires=Fri, 26 Jan 2024 23:40:48 GMT; secure; SameSite=None
oaidts=1674776448; expires=Fri, 26 Jan 2024 23:40:48 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
ag.gbc.criteo.com/newidsd
178.250.6.125200 OK 0 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 178.250.6.125:0
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:49 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 106035
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
inklinkor.com/tag.min.js
104.21.91.63200 OK 0 B IP 104.21.91.63:0
GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: ab34261429c490b6e5a5d50fed7613a5
cache-control: max-age=86400
last-modified: Mon, 23 Jan 2023 15:51:55 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Fri, 27 Jan 2023 22:30:06 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 4241
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tsFBbIGI7fUQr1EeuFnoPFU6lEZ6smnYtc8FE03YxtnCOQgB47XpOWMHjihcZQAi7acYAYfBw6oQA61UYH30TV762TWsJrQTeAcwx3es6LFT9daS9MyPRjeJQ%2BbUrWj5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78fd187c396ab4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431
185.64.190.80302 Found 0 B URL HTTP/2 image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431
IP 185.64.190.80:0
GET /AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431 HTTP/1.1
Host: image2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Thu, 26 Jan 2023 23:40:49 GMT
set-cookie: KTPCACOOKIE=true; domain=pubmatic.com; secure; expires=Wed, 26-Apr-2023 23:40:49 GMT; path=/
location: https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
X-Firefox-Spdy: h2