Report - oxy.st/d/Kpug

Report Overview

Submitted URL
oxy.st/d/Kpug
IP
185.178.208.137
ASN
#57724 Ddos-guard Ltd
Submitted
2023-01-26 23:40:57
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
4
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
inklinkor.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350 B	1.1 kB	104.21.91.63
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	3.9 kB	104.18.32.68
lb.eu-1-id5-sync.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	398 B	362 B	141.95.98.64
nanouwho.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.9 kB	140 kB	139.45.197.242
my.rtmark.net	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	406 B	735 B	139.45.195.8
ced.sascdn.com	6332	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	358 B	33 kB	95.101.10.57
gum.criteo.com	381	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.1 kB	18 kB	178.250.2.146
unphionetor.com	54035	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	2.1 kB	139.45.197.236
cdn.adlook.me	108334	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	23 kB	92.223.124.24
ads.themoneytizer.com	28463	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.9 kB	98 kB	185.76.9.16
ocsp2.globalsign.com	1544	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	357 B	1.9 kB	104.18.21.226
bedrapiona.com	34930	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	1.1 kB	139.45.197.234
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	418 B	1.6 kB	104.17.24.14
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	100 kB	216.58.207.227
d2zur9cc2gf1tx.cloudfront.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	404 B	26 kB	54.230.245.170
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	60 kB	34.120.237.76
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	6.8 kB	18 kB	23.36.76.226
id5-sync.com	504	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	813 B	1.5 kB	162.19.138.120
lg3.media.net	3558	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	851 B	278 B	2.18.172.23
csm.nl.eu.criteo.net	6830	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	716 B	178.250.2.150
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	4.7 kB	104.18.20.226
spl.zeotap.com	1638	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	388 B	21 kB	172.67.13.182
ag.gbc.criteo.com	5925	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	386 B	493 B	178.250.6.125
oxy.st	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	13 kB	426 kB	185.178.208.137
tzegilo.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	348 B	6.1 kB	172.67.141.224
betotodilea.com	52465	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.5 kB	16 kB	139.45.197.237
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350 B	944 B	54.230.245.110
whereres.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	370 B	9.2 kB	88.208.46.156
tag.leadplace.fr	28142	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	861 B	6.1 kB	145.239.193.51
ibrapush.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	3.3 kB	139.45.197.250
adtrack.adleadevent.com	30718	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	465 B	500 B	54.154.10.160
s.cpx.to	2014	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	902 B	1.9 kB	63.32.10.107
fleraprt.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	469 B	474 B	139.45.195.254
mwzeom.zeotap.com	1406	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	821 B	559 B	172.67.13.182
yastatic.net	72282	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	455 B	46 kB	178.154.131.217
onetag-sys.com	1840	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	499 B	113 B	51.89.9.252
dnacdn.net	3760	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	386 B	629 B	178.250.2.146
interstitial-07.com	36198	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.9 kB	94 kB	139.45.197.152
secure.adnxs.com	396	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	2.2 kB	185.89.210.244
rules.quantcount.com	877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	371 B	1.3 kB	54.230.111.4
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	34.212.115.25
p.cpx.to	10368	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	348 B	2.2 kB	34.252.124.99
onmarshtompor.com	24517	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	929 B	2.6 kB	139.45.197.243
offerimage.com	304078	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	410 B	14 kB	104.22.33.172
contextual.media.net	513	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	7.1 kB	2.18.172.23
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	7.7 kB	142.250.74.131
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	5.0 kB	93.184.220.29
image2.pubmatic.com	873	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	989 B	185.64.190.80
secure.quantserve.com	973	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	356 B	293 B	91.228.74.200
c.tmyzer.com	26868	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	379 B	263 B	54.38.64.100
ads.adlook.me	43352	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	461 B	380 B	5.200.50.170
cm.g.doubleclick.net	202	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	4.4 kB	142.250.74.130
match.adsrvr.org	349	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	407 B	352 B	3.33.220.150

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-01-26 23:40:47	medium	Client IP	Internal IP	ET DNS Query for .to TLD
2023-01-26 23:40:47	medium	Client IP	Internal IP	ET DNS Query for .to TLD
2023-01-26 23:40:47	medium	Client IP	Internal IP	ET DNS Query for .to TLD
2023-01-26 23:40:47	medium	Client IP	Internal IP	ET DNS Query for .to TLD

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-01-26	medium	nanouwho.com	Sinkholed
2023-01-26	medium	nanouwho.com	Sinkholed
2023-01-26	medium	fleraprt.com	Sinkholed
2023-01-26	medium	betotodilea.com	Sinkholed
2023-01-26	medium	unphionetor.com	Sinkholed
2023-01-26	medium	unphionetor.com	Sinkholed
2023-01-26	medium	betotodilea.com	Sinkholed
2023-01-26	medium	betotodilea.com	Sinkholed
2023-01-26	medium	betotodilea.com	Sinkholed
2023-01-26	medium	nanouwho.com	Sinkholed
2023-01-26	medium	betotodilea.com	Sinkholed
2023-01-26	medium	unphionetor.com	Sinkholed
2023-01-26	medium	nanouwho.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (57)

	URL	Size	First Seen	Last Seen
	oxy.st/slake/asset/js/ajax-mail.js	1.7 kB	2023-03-08	2024-04-20
Pretty URL oxy.st/slake/asset/js/ajax-mail.js IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2024-04-20 19:02:09 Times Seen19362 Hash 06acf64af6cd1d69540460ddb018c78c 9db22d7b6b6a223abca82e69fc4fba0c987587c2 259ce4dee332f67cc9d86367330efa87617f8c78428774d26dd0528f4942f39c Loading...

	tzegilo.com/stattag.js	13 kB	2023-03-12	2023-03-13
Pretty URL tzegilo.com/stattag.js IP 172.67.141.224 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 10:58:26 Last Seen2023-03-13 15:12:18 Times Seen1 Hash 06da61f9a1b79f424c81076c40127cc3 c733f65c9da2acdb14d82582021fbe9da897609b 99a71a1b07146af8472583c57014f45f928b4e3eb59112e40b28efc6fd7a3f60 Loading...

	oxy.st/d/Kpug	102 kB	2023-03-13	2023-03-13
Pretty URL oxy.st/d/Kpug IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:32:38 Last Seen2023-03-13 08:20:51 Times Seen1 Hash 1354650f1665edd7743c12e963d62158 d04b302ee4624b139875e1861038f8b4cc310af6 ba42141e148b2e8da374be3132718e675b3f2db25ed7d6dd92d4d223e7b497c7 Loading...

	ads.themoneytizer.com/moneybid7_28/build/dist/prebid.js	586 kB	2023-03-13	2023-03-13
Pretty URL ads.themoneytizer.com/moneybid7_28/build/dist/prebid.js IP 185.76.9.16 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 02:04:47 Last Seen2023-03-13 07:54:15 Times Seen1 Hash f8d342d1bdd4056bca6c2cbf2b215dce 9c953c0f4e2b153e724516cf837cbb09983ffa0b bf3fa4ce50ad36b772be20b1328382d5a2d4c8be7b66393cbdb90db4635748b9 Loading...

	p.cpx.to/p/12771/px.js	2.0 kB	2023-03-08	2023-05-09
Pretty URL p.cpx.to/p/12771/px.js IP 34.252.124.99 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:47:35 Last Seen2023-05-09 18:09:53 Times Seen100 Hash a667f26d4e73b4b5098a9c9637d3d29f 83d9b753da4c51039a689bc67956f7f9997854cc a559f41c7e0d2f4852afbf1cf44b736b9158e65b01843c05850f6e8d6b6db9b6 Loading...

	gum.criteo.com/sync?c=147&r=2&j=criteoCallback	30 kB	2023-03-07	2023-03-17
Pretty URL gum.criteo.com/sync?c=147&r=2&j=criteoCallback IP 178.250.2.146 ASN #44788 Criteo SA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 18:28:25 Last Seen2023-03-17 21:47:34 Times Seen1 Hash 5e15bb3f9382e9163057be081607e309 da2c43a4ade56013a5b5c0f492ba335a6e0cdf53 72e047fe47b6ec2855351a27f1793a4fd48a328791aa475682fb960bbad151b7 Loading...

	ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=2	134 kB	2023-03-13	2023-03-13
Pretty URL ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=2 IP 185.76.9.16 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:27:03 Last Seen2023-03-13 07:53:18 Times Seen1 Hash 6bc40bce8899d26c23971c1b90bf5233 28a2cdc6eec312c99abc9ed3058c10f8902b15b1 d29070f868414bb7ccecbbb1f61d25ac23aa43fb898b755c08c02777459e80c2 Loading...

	nanouwho.com/1?z=5630103	18 kB	2023-03-13	2023-03-13
Pretty URL nanouwho.com/1?z=5630103 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:53:18 Last Seen2023-03-13 07:53:18 Times Seen1 Hash 3c116e446933a1ade7886ecc54ad1ac3 a79be043c193d98e24916f004b1069c5866f1993 1ec11be3aaf8d1690fb35879d3a2de48c4db587c3f5ab68f66f187002c7a3328 Loading...

	betotodilea.com/400/5630102	84 kB	2023-03-13	2023-03-13
Pretty URL betotodilea.com/400/5630102 IP 139.45.197.237 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:53:18 Last Seen2023-03-13 07:53:18 Times Seen1 Hash d2050bfc22cbff366e23829cb7463cca db75b2cb3da6907da300df0571adde948a491906 9ef90f08c296753db5ce09d2b0e79b544b393813d6d77fcf7b3f32051204a602 Loading...

	ced.sascdn.com/tag/1097/smart.js	98 kB	2023-03-12	2023-03-13
Pretty URL ced.sascdn.com/tag/1097/smart.js IP 95.101.10.57 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 13:20:48 Last Seen2023-03-13 18:19:33 Times Seen1 Hash 147a33ff54d750b9436ca60581175181 623358022f123f42c2ce51b4b7fae76f6a7a77e1 b52ad46ce393602be0dcc61bf96cf97052d1e2c74f97bb85104a0889f690d4c8 Loading...

	whereres.com/api/scripts/mSetupWidget?id=363	35 kB	2023-03-12	2023-03-14
Pretty URL whereres.com/api/scripts/mSetupWidget?id=363 IP 88.208.46.156 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:08:26 Last Seen2023-03-14 06:50:29 Times Seen1 Hash dc43adec9be7ab048033ee28b0477ad1 63db771d90e9c1018605e140b2490a35da3d77ea 52e0cf3855c906381d0c5c0de9209dd3bf3de9289addf228de0b6e75108b642b Loading...

	oxy.st/d/Kpug	193 B	2023-03-08	2024-04-20
Pretty URL oxy.st/d/Kpug IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2024-04-20 19:02:09 Times Seen9763 Hash 6ecfa1336326d765e016a88ab498b19f f2c66833233de0ec9d468035e8b78dfc40a78de9 abf0d3ee81363003e4704b84b6662250bd8d3ced4685ef9ed9c9122328ae68e1 Loading...

	s.cpx.to/fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FKpug&hn_ver=40&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431	652 B	2023-03-13	2023-03-13
Pretty URL s.cpx.to/fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FKpug&hn_ver=40&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431 IP 63.32.10.107 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:53:18 Last Seen2023-03-13 07:53:18 Times Seen1 Hash 38f9c82fe32a812a2c1579ebd33b858a 9e240a02c118be016bd569e536767ac8c629ee16 54490871b857cb27ed0b4cf62d8dbbec2bbda6ebd96f422e397833bba00e5e6e Loading...

	rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js	1.1 kB	2023-03-08	2023-05-06
Pretty URL rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js IP 54.230.111.4 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:17:06 Last Seen2023-05-06 00:25:32 Times Seen369 Hash 1f431dc94c1f033d6666f0fe637e2d7b 18ee472909d5856fe9684765258c50731efbbdbe 1cc6de1a4f6a561a6aa75d08bae33388b2e8905d01753aa41e4886a466d7c28c Loading...

	oxy.st/d/Kpug	143 B	2023-03-13	2023-03-13
Pretty URL oxy.st/d/Kpug IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:53:18 Last Seen2023-03-13 07:53:18 Times Seen1 Hash 47e630eeab91ace4caa3055bb41fdd2e e72c13095d3ccf7819be5edebb61636368efb531 21eb4fb5d111295dddb24a29b3ee26a3bae1a0de0c658c39c66202f6afc57a88 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js	86 kB	2023-03-07	2024-04-25
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:28 Last Seen2024-04-25 09:33:46 Times Seen22762 Hash d0212568ce69457081dacf84e327fa5c d6702a1af0378b2342f6a0692e77c169f580aed7 266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d Loading...

	oxy.st/d/Kpug	965 B	2023-03-09	2023-04-01
Pretty URL oxy.st/d/Kpug IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 22:57:24 Last Seen2023-04-01 10:27:01 Times Seen23 Hash 1f2af4be15233c94732028f340908a41 6953d65533d246e0ce4d9d98973f68b9e2a0152b 5290521804727a0a6e618b6f9a515c04894358401f6b9356c9e1f48ab9ab7c6e Loading...

	ads.themoneytizer.com/s/gen.js?type=2	4.9 kB	2023-03-12	2023-03-13
Pretty URL ads.themoneytizer.com/s/gen.js?type=2 IP 185.76.9.16 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 15:45:41 Last Seen2023-03-13 19:38:17 Times Seen1 Hash 201890094a0bc618e37a4188bd05129c a8bf896da4eb9a532214295db220fe72a9013920 70ee840253a7cb7c07edabed96e9a7cf14e2099c8ee00fc0e1bebd6628d773fe Loading...

	cdn.adlook.me/js/rlf.js	71 kB	2023-03-09	2023-03-29
Pretty URL cdn.adlook.me/js/rlf.js IP 92.223.124.24 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 22:57:24 Last Seen2023-03-29 23:33:16 Times Seen24 Hash 44e861d9732eee28700fd9b91bc53455 edf09e207b8093b2af6ec34c747c854d8f18374d 4a16bb79b3eb9420d0158bf8ebe6e0e544a826154155f26d2f434e90d25e5085 Loading...

	spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258	62 kB	2023-03-07	2023-03-26
Pretty URL spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258 IP 172.67.13.182 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:29 Last Seen2023-03-26 09:14:01 Times Seen2 Hash 2274941132e3cabeb06ba10635e091e1 eae64e2336d41f210e684d766bbc90752b67f25a 52d507688e76dfbe48fce79beb89be7f30101e95e9e06c121c461e30517ab36f Loading...

	unknown	0 B	2023-03-07	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 15:50:38 Times Seen37065553 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	oxy.st/slake/asset/js/main.js	8.7 kB	2023-03-08	2024-04-20
Pretty URL oxy.st/slake/asset/js/main.js IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2024-04-20 19:02:09 Times Seen19332 Hash 86fe5c70d7107cc8ab30e192072ac15d 15cd81d73ddec861349d2f1b2d4cf10eaefa9373 b1de65cb0d3a28aeed81012371764b92d0ac30077edb2d768dfdfd8640cfc7c1 Loading...

	oxy.st/d/Kpug	143 B	2023-03-07	2024-04-22
Pretty URL oxy.st/d/Kpug IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:39:10 Last Seen2024-04-22 02:02:22 Times Seen9903 Hash 0e1ffe876425e6a6b54c517119ca9ec2 fe778fd505adb0f26552512e719c838f9df041fe b865ee6df9893808db5cca02720d02220c2c9c0259f249fa010495641dbcdf5e Loading...

	oxy.st/slake/asset/js/ajax-subscribe.js	1.4 kB	2023-03-08	2024-04-20
Pretty URL oxy.st/slake/asset/js/ajax-subscribe.js IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2024-04-20 19:02:09 Times Seen19335 Hash b53436c6ec7e681a3edcec13f42ec715 0aa1b02b89e734193d43d6385ebc5939bb666fd0 3b28dd2b4eda9085ee35fb2aae1d706c6d003c2521e4ad62bb2ef2e6969bca83 Loading...

	contextual.media.net/dmedianet.js?cid=8CU7BC15F	149 kB	2023-03-13	2023-03-13
Pretty URL contextual.media.net/dmedianet.js?cid=8CU7BC15F IP 2.18.172.23 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:53:18 Last Seen2023-03-13 07:53:18 Times Seen1 Hash ac1aa1ba923b581e3217500915fd895e 4417709e1ccad9d2924ad1b4e5c89a0e4e57a03a 79cf13fd39da2b2de015857d8734735cd49476bc4cde952aa198652cb8122bcc Loading...

	secure.quantserve.com/quant.js	26 kB	2023-03-13	2023-03-13
Pretty URL secure.quantserve.com/quant.js IP 91.228.74.200 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 01:02:32 Last Seen2023-03-13 12:35:24 Times Seen1 Hash 3958b8cfa5b8a8cf8aa10119951821e7 09ac8452c9000a2959af2a6c7c00a6affc7e3bee f7da44c9657d7a2dbd9d127c5d9834ab4d9599445f264f90e2b922e61bdc9ff9 Loading...

	interstitial-07.com/?l=fK0qfSEKc3WaGMt&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D601141132%26z%3D5630103%26b%3D16536120%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DfUO_c7nVW2qxXr6lSzSXy5CuueAYAyZZOQMNpPc-JammBTVFARTo0pnPiCH9x2qBZoqC6XWRoG4N50gLnLrkexpom1HFBZUjEJr9XTrmRSPfFHpWiMJZsBptRMjaWT25CyYdfy9ymgw_bGD-nhnHHpoZ2e4P6tXD8HgQf_CH3WHtaQE70V5f-jPQO5oL3DQhYKZfzytD-I5y7ijFq5h6Qp0EQkSOQ6irSuEzU5ykMujzzoY0bPZvegjulYZs0fYefJ9-GXP6TzrkSVIF0FIPGTKNO7mGXxOO_oFxp3zkKdrrrrzH_ETXU0UbH6hsB-U3RU0dNf_TKoqgjg1MNUMeU__BRojoEsKZwbuo7wbiTQKvgH8zxvO9Ntj2pFcdL5XXNvFQ7ok1tpbt1RZwu_ZqwZlHHJgdyh21ofR_iwuN7_HI9zIn2_1F-TcebotSH25T4nESS1jc6-0A3fYHRELnV4Sek24wFkKCowXDLT7vIKpoeilhH94XJ2S1rKOO3jrvNj7HnFtMIvYPp53SAhswqdkSHr_HcxByW-4vLSg1odlsFLZ3h0SZW1ubQ98CILCjzci73BakD25AdksTSjhQH52xL6hUlkekrxWijCjcM291DwZiK0F4i9bY4uWYYIfUXriwJ-U84X4_i4bScAZpMw%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3Da0e6624a-d607-4e97-b3a3-8b04052d81ae%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKpug%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0	1.4 kB	2023-03-13	2023-03-13
Pretty URL interstitial-07.com/?l=fK0qfSEKc3WaGMt&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D601141132%26z%3D5630103%26b%3D16536120%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DfUO_c7nVW2qxXr6lSzSXy5CuueAYAyZZOQMNpPc-JammBTVFARTo0pnPiCH9x2qBZoqC6XWRoG4N50gLnLrkexpom1HFBZUjEJr9XTrmRSPfFHpWiMJZsBptRMjaWT25CyYdfy9ymgw_bGD-nhnHHpoZ2e4P6tXD8HgQf_CH3WHtaQE70V5f-jPQO5oL3DQhYKZfzytD-I5y7ijFq5h6Qp0EQkSOQ6irSuEzU5ykMujzzoY0bPZvegjulYZs0fYefJ9-GXP6TzrkSVIF0FIPGTKNO7mGXxOO_oFxp3zkKdrrrrzH_ETXU0UbH6hsB-U3RU0dNf_TKoqgjg1MNUMeU__BRojoEsKZwbuo7wbiTQKvgH8zxvO9Ntj2pFcdL5XXNvFQ7ok1tpbt1RZwu_ZqwZlHHJgdyh21ofR_iwuN7_HI9zIn2_1F-TcebotSH25T4nESS1jc6-0A3fYHRELnV4Sek24wFkKCowXDLT7vIKpoeilhH94XJ2S1rKOO3jrvNj7HnFtMIvYPp53SAhswqdkSHr_HcxByW-4vLSg1odlsFLZ3h0SZW1ubQ98CILCjzci73BakD25AdksTSjhQH52xL6hUlkekrxWijCjcM291DwZiK0F4i9bY4uWYYIfUXriwJ-U84X4_i4bScAZpMw%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3Da0e6624a-d607-4e97-b3a3-8b04052d81ae%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKpug%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 IP 139.45.197.152 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:53:18 Last Seen2023-03-13 07:53:18 Times Seen1 Hash c4074c21662b1b011d4be1b1e55b1b55 d7b6ec51c70c60dda88ef9f08475ee676d413323 04f265daf5c2ecfdeb81103e4bddcf07d56b0dddd290d5b5b336981f72d8bf97 Loading...

	oxy.st/d/Kpug	497 B	2023-03-07	2023-04-05
Pretty URL oxy.st/d/Kpug IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:32 Last Seen2023-04-05 01:55:46 Times Seen28 Hash a010578715b1a87b2eb9cddffb170a90 a086b82341838ebecf514fac053023fa34b861a4 ccbe2ad7cc0e6e2882a8221b456efd5acc6ea52f922b0c8ffb6e965222df60da Loading...

	oxy.st/d/Kpug	212 B	2023-03-13	2023-03-13
Pretty URL oxy.st/d/Kpug IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:53:18 Last Seen2023-03-13 07:53:18 Times Seen1 Hash 1b5713104cbf9760d7ce02e97ec34749 63d2aed3fccee58d5e7432377787bd011c6a4709 881298ac6ace47d2c450b1f390eece5695d4eb452df5e282aaa242e206c8c656 Loading...

	tag.leadplace.fr/libJsLP.js	5.5 kB	2023-03-07	2023-12-06
Pretty URL tag.leadplace.fr/libJsLP.js IP 145.239.193.51 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:29 Last Seen2023-12-06 11:11:01 Times Seen14646 Hash a0c24f993bc0901cfe62d1e801cb2b45 7eb2bdce06161ae486bc8e7ecd0b5c9c4f7b2984 80fccb00db57a177d26368cda09f8a540cf1aa641b8b6837047e86d3bd8d6333 Loading...

	ibrapush.com/pfe/current/tag.min.js?z=5630104	15 kB	2023-03-13	2023-03-13
Pretty URL ibrapush.com/pfe/current/tag.min.js?z=5630104 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:32:38 Last Seen2023-03-13 08:20:51 Times Seen1 Hash 5f799359a19758e81079394984ac7498 98fdb94b88c76d61591027b4ed3d5af81e170188 0d73c85ffb8dd278eba11df33cf0fa7779b51974fcded0cfa3e70edf29ae736b Loading...

	d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js	26 kB	2023-03-07	2023-11-30
Pretty URL d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js IP 54.230.245.170 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:29 Last Seen2023-11-30 03:07:33 Times Seen15813 Hash 8703fc9eead243fe2f47380e962d7fa2 3d9f707259112fa9ccdd1e676f00eadcff71906c b47b4ca26c57e3dceebd7abd067df9622599bed6bfb11b480f92d09a945cd213 Loading...

	oxy.st/slake/asset/js/jquery.min.js	87 kB	2023-03-07	2024-04-25
Pretty URL oxy.st/slake/asset/js/jquery.min.js IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-04-25 14:45:39 Times Seen25906 Hash 4b57cf46dc8cb95c4cca54afc85e9540 05e1ad0cc600a057886deaf237ab6e3d4fcdb5ac a28ccf8a7b50522bdeea0cd83cdeca221c18fc1f9df3ee6b3d3c48d599206855 Loading...

	ads.themoneytizer.com/IIQUniversalID.js	53 kB	2023-03-10	2024-04-19
Pretty URL ads.themoneytizer.com/IIQUniversalID.js IP 185.76.9.16 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 09:11:21 Last Seen2024-04-19 15:08:44 Times Seen81 Hash e8f338d8c91c35b946dba69efca7a232 7f05768c9921dea0aad7c93ff354bf33517254e4 7bb23de30daa7e81e2fafc5d2fbcada4b6fefc10c3251661952a341d6864aa8e Loading...

	oxy.st/d/Kpug	711 B	2023-03-09	2024-04-20
Pretty URL oxy.st/d/Kpug IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 22:57:24 Last Seen2024-04-20 19:02:09 Times Seen9677 Hash 13e6988b26e75ff59bcbc49efbcd731e a69dec8eeeae18fa09688a66572d7329706ec7a4 7f9fb86fa3190bd7ccbd2c4d56b9ed87d71897e299917eaa5dc41ffdbb1f74ab Loading...

	oxy.st/d/Kpug	255 B	2023-03-09	2024-04-18
Pretty URL oxy.st/d/Kpug IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 22:57:24 Last Seen2024-04-18 09:27:26 Times Seen7522 Hash d47a28c42c0b4402186a014830e33c59 c65eca97fa75a6d7910a6511c9c26b7927c91dc2 b45fb4585ee569e83749f3d7dc9e2da394a9d6d463e1e8fc2effebbfb8527dc3 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js	1.3 kB	2023-03-07	2024-04-25
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:34 Last Seen2024-04-25 09:39:12 Times Seen8303 Hash 4412bf8023109ee9eb1f1f226d391329 c273960aa874a87dd022b5e597887142f1b8e34f d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6 Loading...

	oxy.st/d/Kpug	183 B	2023-03-08	2023-04-01
Pretty URL oxy.st/d/Kpug IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2023-04-01 10:27:01 Times Seen24 Hash dcfcdc72905c80505fc5222e23485031 afc7e2812ad5c3f7eb6954e4f54c6bee6e6f90f6 9518487666010d845d26fe2dd23260f566b305b6b528852a611a798d34d7df12 Loading...

	gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st#%7B%22uid%22:%7B%22value%22:null,%22origin%22:0%7D,%22lwid%22:%7B%22value%22:null,%22origin%22:0%7D,%22bundle%22:%7B%22value%22:%22bBhj1l9hR1ZsUksxdUYxMEpZVzhRRnVkSHpsQXYxNVUzSTdQMXV5QTdranBFRXQyNEVaWGIzZDk1ekgwaE1QaEZCUndoJTJGZ3prZ084TDM3ZERlbVJJakpBNG5vNUJuemhMaUcxWEFIT0huV2d0bG5jJTNE%22,%22origin%22:3%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22value%22:null,%22origin%22:0%7D,%22tld%22:%22oxy.st%22,%22topUrl%22:%22oxy.st%22,%22cw%22:true,%22lsw%22:true,%22origin%22:%22rtus%22,%22rtusCallerId%22:147,%22requestId%22:%220.2779568110723144%22%7D	418 B	2023-03-07	2023-03-17
Pretty URL gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st#%7B%22uid%22:%7B%22value%22:null,%22origin%22:0%7D,%22lwid%22:%7B%22value%22:null,%22origin%22:0%7D,%22bundle%22:%7B%22value%22:%22bBhj1l9hR1ZsUksxdUYxMEpZVzhRRnVkSHpsQXYxNVUzSTdQMXV5QTdranBFRXQyNEVaWGIzZDk1ekgwaE1QaEZCUndoJTJGZ3prZ084TDM3ZERlbVJJakpBNG5vNUJuemhMaUcxWEFIT0huV2d0bG5jJTNE%22,%22origin%22:3%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22value%22:null,%22origin%22:0%7D,%22tld%22:%22oxy.st%22,%22topUrl%22:%22oxy.st%22,%22cw%22:true,%22lsw%22:true,%22origin%22:%22rtus%22,%22rtusCallerId%22:147,%22requestId%22:%220.2779568110723144%22%7D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:53:17 Last Seen2023-03-17 21:47:34 Times Seen1 Hash 72ad3a00c4af14e8c301e9eafbe741ea 63dc5435a78e8b86fb54fa8be021d2f54b1903b1 d05385301aef1a77fd22c1c56c08102835063c8221b753de58aff20a800c95eb Loading...

	gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st#%7B%22uid%22:%7B%22value%22:null,%22origin%22:0%7D,%22lwid%22:%7B%22value%22:null,%22origin%22:0%7D,%22bundle%22:%7B%22value%22:%22bBhj1l9hR1ZsUksxdUYxMEpZVzhRRnVkSHpsQXYxNVUzSTdQMXV5QTdranBFRXQyNEVaWGIzZDk1ekgwaE1QaEZCUndoJTJGZ3prZ084TDM3ZERlbVJJakpBNG5vNUJuemhMaUcxWEFIT0huV2d0bG5jJTNE%22,%22origin%22:3%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22value%22:null,%22origin%22:0%7D,%22tld%22:%22oxy.st%22,%22topUrl%22:%22oxy.st%22,%22cw%22:true,%22lsw%22:true,%22origin%22:%22rtus%22,%22rtusCallerId%22:147,%22requestId%22:%220.2779568110723144%22%7D	14 kB	2023-03-07	2023-05-06
Pretty URL gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st#%7B%22uid%22:%7B%22value%22:null,%22origin%22:0%7D,%22lwid%22:%7B%22value%22:null,%22origin%22:0%7D,%22bundle%22:%7B%22value%22:%22bBhj1l9hR1ZsUksxdUYxMEpZVzhRRnVkSHpsQXYxNVUzSTdQMXV5QTdranBFRXQyNEVaWGIzZDk1ekgwaE1QaEZCUndoJTJGZ3prZ084TDM3ZERlbVJJakpBNG5vNUJuemhMaUcxWEFIT0huV2d0bG5jJTNE%22,%22origin%22:3%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22value%22:null,%22origin%22:0%7D,%22tld%22:%22oxy.st%22,%22topUrl%22:%22oxy.st%22,%22cw%22:true,%22lsw%22:true,%22origin%22:%22rtus%22,%22rtusCallerId%22:147,%22requestId%22:%220.2779568110723144%22%7D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:51:36 Last Seen2023-05-06 00:14:31 Times Seen2035 Hash 49e65b540d43d40997ce3844d41b2dd0 b7331c5edc086ee2c7731b1b36e937e7c44450a7 f185c1b78d87a007d9492a85c6ce64c06cc851ef9f13ca3caf8aaafe243b0ac2 Loading...

	cdn.adlook.me/u/cds.html	1.3 kB	2023-03-07	2023-03-29
Pretty URL cdn.adlook.me/u/cds.html IP 92.223.124.24 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:53:41 Last Seen2023-03-29 23:33:16 Times Seen25 Hash b1085e2e3e7908742eebe4b9c54d28e0 dbc685b9fd34b562bf2d8d140ce3f2824108994a 5d37320a43aaf6303b47381532935be8ea870415a8f006a83ffc2e8f1611a715 Loading...

	nanouwho.com/27/f0e85569ebf902c5568035fe1b0a0004	409 kB	2023-03-13	2023-03-13
Pretty URL nanouwho.com/27/f0e85569ebf902c5568035fe1b0a0004 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:27:03 Last Seen2023-03-13 08:23:59 Times Seen1 Hash ffb21bf6491462eca0471a2790287817 94c72746c53f14da6b724912ac1db08437a85f18 e61a0011cde4ea2e86bf7bbcd078d34c7ccb9cd11124c5f5d3257ec6857b8686 Loading...

	oxy.st/d/Kpug	199 B	2023-03-09	2024-04-20
Pretty URL oxy.st/d/Kpug IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 22:57:24 Last Seen2024-04-20 19:02:08 Times Seen9489 Hash c178512b2fa871ed859cc5c78614a90f 3ea9b0941dac51dd0ec23713471efcf88e4fe204 916a18878c3b59bd1b1faf426fd8e58722a759fcd14f5fe3209943b74a5bc952 Loading...

	oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js	46 kB	2023-03-07	2024-04-20
Pretty URL oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:19 Last Seen2024-04-20 19:02:09 Times Seen19988 Hash 9df3cfdcc9b72f1aa24e2e114455ae7a e6ac207cdb6c4591f2d39f2a645f6dbf42534f89 5ab5f19f9bd4a4ddcf14235fc1684eefe7cfbfbc33f0a1fce661b13de43092be Loading...

	oxy.st/d/Kpug	193 B	2023-03-12	2023-03-13
Pretty URL oxy.st/d/Kpug IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 14:58:04 Last Seen2023-03-13 22:55:43 Times Seen1 Hash c6f43beae4de3a12d3b73d59d424abab 572a02205a5f39f98da834572d60b4f2612f4a43 980850e4e7d9aff8c856608a70c975771451b48f2fff4ded566311403d16ec3b Loading...

	oxy.st/d/Kpug	203 B	2023-03-08	2024-04-20
Pretty URL oxy.st/d/Kpug IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2024-04-20 19:02:08 Times Seen9791 Hash bff65d72294ae1a1fc014c9e9f776615 cf200b19907d85ad2bcc12a6224d52b0e791cdaf 3d94f0c46ddac793f8834d2727f4f4c38915244512e7a4b42ec10d68106a7660 Loading...

	oxy.st/d/Kpug	102 B	2023-03-13	2023-03-13
Pretty URL oxy.st/d/Kpug IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:53:18 Last Seen2023-03-13 07:53:18 Times Seen1 Hash b5f41180a44eefd7d5700ddca07db143 0a6c79fc75a52cd33f3e628e235328f5c5a8d129 d8616771e2dd0efaaecc4d56a0ec5835dce78e93e640e73fffa8cd01afee7961 Loading...

	contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM	15 kB	2023-03-13	2023-03-13
Pretty URL contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM IP 2.18.172.23 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:27:03 Last Seen2023-03-13 07:53:18 Times Seen1 Hash e0e60976bae4d06a858117402826980f 593d50ab4042e02727d833afe5765fb4481a665c b363dcd8252128eec757d26b7f34d3e08133b57c1da26a15f971ed6b395e1220 Loading...

	contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FKpug&nse=5&vi=1674776449751899929&ugd=4&sff=0&pgid=p01069905250t202301262340&nb=1	550 B	2023-03-13	2023-03-13
Pretty URL contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FKpug&nse=5&vi=1674776449751899929&ugd=4&sff=0&pgid=p01069905250t202301262340&nb=1 IP 2.18.172.23 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:53:18 Last Seen2023-03-13 07:53:18 Times Seen1 Hash da0302caefc97333fafce9666faaf527 2a183c66bb023423c23ee86e9e2e1c37d8f5958f 988a5f53116b4b77e7ab9d4fbf79416e4dbd4ea46f928d067009c110fa76be37 Loading...

	oxy.st/slake/asset/js/bootstrap.min.js	49 kB	2023-03-07	2024-04-25
Pretty URL oxy.st/slake/asset/js/bootstrap.min.js IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-25 15:21:59 Times Seen136821 Hash 14d449eb8876fa55e1ef3c2cc52b0c17 a9545831803b1359cfeed47e3b4d6bae68e40e99 e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b Loading...

	unphionetor.com/fv.js?t=72747&cb=1395196566	5.2 kB	2023-03-07	2024-04-24
Pretty URL unphionetor.com/fv.js?t=72747&cb=1395196566 IP 139.45.197.236 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:56 Last Seen2024-04-24 01:48:23 Times Seen2355 Hash 563d777535ce88943a94a6be86f378c8 8753745424d367275e3fe55a5661fe51b1e1fb72 0f467a48a494f7f63968707dc43785b728d0c17f93c12937c1e5b12798f3a98a Loading...

	inklinkor.com/tag.min.js	75 kB	2023-03-13	2023-03-13
Pretty URL inklinkor.com/tag.min.js IP 104.21.91.63 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 06:20:25 Last Seen2023-03-13 09:11:06 Times Seen1 Hash 4adf897614f2d8871bd73e17b0ec5e05 f2e2d408d3024b1d83381bb1f5d2f936e5d180ff 10b73840b06233d1e6b6e195d8cb55913dd2a00e4cd540598782d9d9e4aa443d Loading...

	ads.themoneytizer.com/moneybile.js	39 kB	2023-03-07	2023-11-06
Pretty URL ads.themoneytizer.com/moneybile.js IP 185.76.9.16 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:28 Last Seen2023-11-06 07:20:59 Times Seen1830 Hash efe528f52c3d05d68794f3f0f8146a8e 577c01fdfae7dcc7e7d23009d74422f61b414783 4006e0481f9cfffd3a579c3dcbdad1b6953e844c1e3c76a8d9f86844c98d87a3 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 7cea701273fdc122ba8de03881cb68c9	79 B	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 07:53:18 Last Seen2023-03-13 07:53:18 Times Seen1 Hash 7cea701273fdc122ba8de03881cb68c9 284d796fae59d68ed02b39a57d173c245ec95ba7 9c3bf21b342cfc07f68d23002d09a55383178ceee4cb604133ba05613a76a06e Loading...

		Size	First Seen	Last Seen
	#1 Write - f54c3d67b3bd3d5d9a8e70afba9babd4	363 B	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 07:53:18 Last Seen2023-03-13 07:53:18 Times Seen1 Hash f54c3d67b3bd3d5d9a8e70afba9babd4 d91a90e5de3f745f0d3aa5371a9fe6a11b1ccbfd 75f8a39f3efd48b8fd6b81d8c58e1acdf35f9daad33d669d8a09f80d189590a9 Loading...

	#2 Write - ce6bffe55ce28b1e6ed9b06677acb502	298 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 16:10:53 Last Seen2023-04-30 21:31:06 Times Seen51 Hash ce6bffe55ce28b1e6ed9b06677acb502 73d0b9c700d603484dbe5447e3f95de8ba81b939 3f853347836c2f4e3f50a468fd03c0d34b1376dd0d9de42e26ae76a5f59497dd Loading...

	#3 Write - ce36fc6316e0f02a0e361d8d1a66013c	308 B	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 07:53:18 Last Seen2023-03-13 07:53:18 Times Seen1 Hash ce36fc6316e0f02a0e361d8d1a66013c fb2c1e203a26e0e4ef34801ae578e6096a6ac497 ee7ccf8d0fd9e81eeae58ee72975237510a1b73a12cce917bb9b3a2f183d6457 Loading...

HTTP Transactions (166)

URL IP Response Size

oxy.st/d/Kpug

185.178.208.137

301 Moved Permanently

568 B

URL HTTP/1.1
oxy.st/d/Kpug
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (564), with no line terminators
Size
568 B (568 bytes)
Hash
2761b98db33884ab29711096ab315edb
8cea6e53464aea178b72e06a906205d040f14ca5
9f7a07f69d9b9a5af186a79159ccea18935ab4103128ca967e3f3f8ae45fb3ee

HTTP Headers

GET /d/Kpug HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: ddos-guard
Date: Thu, 26 Jan 2023 23:40:46 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Location: https://oxy.st/d/Kpug
Content-Type: text/html; charset=utf8
Content-Length: 568

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9fbe85f42e8ae8ae41cc12df5f98b141
949fa36ff0f22f72565fd584bef094dd4de23037
184d3e4df4bce559b4d7c4836372f5fd2de9782a96b04d364230b7d695d737d8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "184D3E4DF4BCE559B4D7C4836372F5FD2DE9782A96B04D364230B7D695D737D8"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12241
Expires: Fri, 27 Jan 2023 03:04:47 GMT
Date: Thu, 26 Jan 2023 23:40:46 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2405562765b49b2782ebd2e2994851d5
be7ac8e558f7875bb1fb86ab5ec674424a5ff269
422cfa907461cb7b93b9089d600052f9e94951e5e0c93d97651905002e48ad3e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "422CFA907461CB7B93B9089D600052F9E94951E5E0C93D97651905002E48AD3E"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14138
Expires: Fri, 27 Jan 2023 03:36:24 GMT
Date: Thu, 26 Jan 2023 23:40:46 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6931
Expires: Fri, 27 Jan 2023 01:36:17 GMT
Date: Thu, 26 Jan 2023 23:40:46 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 26 Jan 2023 22:42:56 GMT
content-type: application/json
age: 3470
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: YVAebA26QudJFqdCZACDh2s3pD2XPX7UkYIh23beFchF5e61+S9xb4C8xGC2l2m9W3f9kPMfHVQ=
x-amz-request-id: QKWMF6W82FQR3XZM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 26 Jan 2023 22:49:10 GMT
age: 3096
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:46 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48625664de2bc864799ae12d4a26e960
61c74ded7e7f99c46b7dc45a8e436178884dc717
c1506ce10f939dec66f904dd0ff62dd8a5cb31b2b2630f9d83999a521979ec72

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C1506CE10F939DEC66F904DD0FF62DD8A5CB31B2B2630F9D83999A521979EC72"
Last-Modified: Thu, 26 Jan 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8124
Expires: Fri, 27 Jan 2023 01:56:10 GMT
Date: Thu, 26 Jan 2023 23:40:46 GMT
Connection: keep-alive

oxy.st/slake/asset/css/jquery.mCustomScrollbar.min.css

185.178.208.137

200 OK

4.0 kB

URL HTTP/2
oxy.st/slake/asset/css/jquery.mCustomScrollbar.min.css
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (42894), with no line terminators
Size
4.0 kB (3950 bytes)
Hash
a6ffd799664bd950121e2e9f0d9b2667
88af5ed7d6e3ed43ee0ec21fb314e03fb07867f0
de088565a1c5910a1c409bf3ec676c5d0c7c1304a18c744b46771c09fa6bdcad

HTTP Headers

GET /slake/asset/css/jquery.mCustomScrollbar.min.css HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 20 Jan 2023 02:57:41 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
etag: W/"5eefbeb2-a78e"
access-control-allow-origin: *
content-encoding: gzip
age: 592986
content-length: 3950
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

oxy.st/slake/style.css?ver=6

185.178.208.137

200 OK

24 kB

URL HTTP/2
oxy.st/slake/style.css?ver=6
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text
Size
24 kB (24360 bytes)
Hash
cd7b3e4dfecea7028bc1bdeda5a47477
5c37dcaa4ed3c2a4051e4dc1714a342ac0de8365
4d401337713e7f1c9f6588f8f7d79721e531c837b5f2f73c0b3cb372fd8f9b87

HTTP Headers

GET /slake/style.css?ver=6 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 21 Jan 2023 16:34:50 GMT
content-type: text/css
last-modified: Fri, 18 Dec 2020 20:37:06 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5fdd12f2-2a549"
age: 457557
content-length: 24360
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

oxy.st/slake/asset/css/elements.css?1

185.178.208.137

200 OK

24 kB

URL HTTP/2
oxy.st/slake/asset/css/elements.css?1
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (460), with CRLF line terminators
Size
24 kB (24208 bytes)
Hash
82db06ca267ac7fdd878a1df35f41f4e
9dae7f1ae60d7b83dbdada64fd1b4296f8f20051
3847721350fd764d4d21cb4d2e02ab95c4ccdaa9d8ffefeb6f1078bf169ac6fb

HTTP Headers

GET /slake/asset/css/elements.css?1 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 19 Jan 2023 10:53:34 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 24208
ddg-cache-status: HIT,HIT
etag: W/"5eefbeb2-2fbea"
age: 650833
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js

104.17.24.14

200 OK

591 B

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1266)
Size
591 B (591 bytes)
Hash
414869f16aa77a65b4928a018f7f1abb
cea521f7a2958a50239526ed6b068f0937527653
afee364ce513c6517247b81cce5eb5eadb1dbbb35e439eb3fa97bbc15fac2cd3

HTTP Headers

GET /ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 591
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec1-514"
last-modified: Mon, 04 May 2020 16:11:45 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 7370340
expires: Tue, 16 Jan 2024 23:40:47 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tSQBJ8X2rI3OXw0FJiE80XiwSbwqjUi%2BbCPFaHu37bs0OKj2uvgQuClbAD%2BkDYu2BKaYQfaB4uDgixSmSw%2F2B2vav0NuANpkGp%2B56DrwKw1UlS1%2BPENxFUD8hGDa2AW1wHFKcS9A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 78fd187a2a73b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

oxy.st/slake/cookie.css?ver=6

185.178.208.137

200 OK

299 B

URL HTTP/2
oxy.st/slake/cookie.css?ver=6
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text
Size
299 B (299 bytes)
Hash
6d5f76f4027c2e9a60d78a83f4b952cd
b4ae6d8509643916be8eff3979acec375867708b
2338311f30dadbc2bffe2bdbfdd100c148e8fe4cb50ca669c7ff602a9c206f94

HTTP Headers

GET /slake/cookie.css?ver=6 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 25 Jan 2023 20:55:55 GMT
content-type: text/css
last-modified: Mon, 15 Feb 2021 21:38:28 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 299
ddg-cache-status: HIT,HIT
etag: "602ae9d4-224"
age: 96292
X-Firefox-Spdy: h2

oxy.st/img/oxy-logo.svg

185.178.208.137

200 OK

3.2 kB

URL HTTP/2
oxy.st/img/oxy-logo.svg
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1126)
Size
3.2 kB (3204 bytes)
Hash
4dbb074be70991a358f914be3c00ad99
5f699e31b76bcb7e69fc4478a04b73b3df0e855a
9531a716a5007ddfc819613ec77f883ba963578d699f824034b4962f8221b8bf

HTTP Headers

GET /img/oxy-logo.svg HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 17 Jan 2023 13:56:30 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Feb 2021 01:25:02 GMT
vary: Accept-Encoding
etag: W/"602c706e-2019"
access-control-allow-origin: *
content-encoding: gzip
age: 812657
ddg-cache-status: HIT,MISS
content-length: 3204
X-Firefox-Spdy: h2

oxy.st/css/cloud.css

185.178.208.137

200 OK

9.2 kB

URL HTTP/2
oxy.st/css/cloud.css
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (14454)
Size
9.2 kB (9206 bytes)
Hash
0517562cc81de376b3c1fee3e8bef414
80df32c8b71549b0253cce1b47fe13d82fc1b604
184ccb46109faef0678ef3a603a551e55d3f9ff74a200ebeaba2c23655e52c8a

HTTP Headers

GET /css/cloud.css HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 19 Jan 2023 12:30:29 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:25 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 9206
ddg-cache-status: HIT,HIT
etag: W/"5eefbeb1-d024"
age: 645018
X-Firefox-Spdy: h2

oxy.st/slake/asset/js/bootstrap.min.js

185.178.208.137

200 OK

13 kB

URL HTTP/2
oxy.st/slake/asset/js/bootstrap.min.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (48664)
Size
13 kB (13046 bytes)
Hash
061a1656d3064d501413d45bef002938
1fec864435f996d6f5cec2f95b9b24cafef0b182
a7b82b175ee2cb823d904fc89454e91e6e92c91f91c0de1663d54e62bf3cc6e1

HTTP Headers

GET /slake/asset/js/bootstrap.min.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 25 Jan 2023 17:11:40 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 13046
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-bf30"
age: 109747
X-Firefox-Spdy: h2

oxy.st/slake/asset/css/bootstrap.min.css

185.178.208.137

200 OK

20 kB

URL HTTP/2
oxy.st/slake/asset/css/bootstrap.min.css
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (65325)
Size
20 kB (20483 bytes)
Hash
4588208961b6b7ed6cd974687346348a
52085a4f6c875b6949261704f05050c1727e9c55
95a95b07b4e0d051f83a51b680810572bd1244b42cb6e640d3b29b98f3e92885

HTTP Headers

GET /slake/asset/css/bootstrap.min.css HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 22 Jan 2023 06:48:10 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-235ed"
age: 406357
content-length: 20483
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

oxy.st/slake/asset/js/jquery.min.js

185.178.208.137

200 OK

30 kB

URL HTTP/2
oxy.st/slake/asset/js/jquery.min.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (65451)
Size
30 kB (30285 bytes)
Hash
28198fab85f1ac98f664600f670ba43d
ee0dd46d793071270130c08412258d8c32194a32
81bd52c3dd2417f30deadecbe5412bed404a86e05233b7b7ba6b7e8f682b5b49

HTTP Headers

GET /slake/asset/js/jquery.min.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 23 Jan 2023 08:38:54 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-1538e"
age: 313313
content-length: 30285
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js

185.178.208.137

200 OK

13 kB

URL HTTP/2
oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (32001), with CRLF line terminators
Size
13 kB (12929 bytes)
Hash
112891904d2ce52d072013c5e993463a
4cca8f66204463d7dc6f9f6819e3ebbd0636f5b1
d58c3c940e6ac6a2587c3d28ef50dd9dc6f20ea23c213ac5ff75419656fd3291

HTTP Headers

GET /slake/asset/js/jquery.mCustomScrollbar.concat.min.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 26 Jan 2023 22:48:34 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 12929
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-b1ab"
age: 3133
X-Firefox-Spdy: h2

oxy.st/images/sprite3.png

185.178.208.137

200 OK

2.1 kB

URL HTTP/2
oxy.st/images/sprite3.png
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 124 x 49, 8-bit/color RGBA, non-interlaced\012- data
Size
2.1 kB (2059 bytes)
Hash
b08166a270b58c28d429bf2f9ffece6c
91dab55cbe8c802a7c56cd9d2ffaee9ccea4a49f
a21a9fa89fb6dd8c8e84907a99b0374abdf641c71c55e0283b7758e8f2a12507

HTTP Headers

GET /images/sprite3.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 25 Aug 2022 10:28:42 GMT
content-type: image/png
content-length: 2059
last-modified: Sun, 27 Mar 2022 20:43:28 GMT
etag: "6240cc70-80b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 13353125
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

oxy.st/slake/asset/slice_white.png

185.178.208.137

200 OK

6.1 kB

URL HTTP/2
oxy.st/slake/asset/slice_white.png
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 201 x 45, 8-bit/color RGBA, non-interlaced\012- data
Size
6.1 kB (6078 bytes)
Hash
946ed1d2bd247854fa58e938de28ee95
883cda7ee0087e29a32f07b6c8ead3e8df5db738
bfe6c8b9cf34578f573091bb118f86a10b918b7d530b25107648f12158759e85

HTTP Headers

GET /slake/asset/slice_white.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 21 Jan 2023 14:13:36 GMT
content-type: image/png
content-length: 6078
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
access-control-allow-origin: *
accept-ranges: bytes
etag: "5eefbeb2-17be"
age: 466031
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

oxy.st/images/ltd.svg

185.178.208.137

200 OK

20 kB

URL HTTP/2
oxy.st/images/ltd.svg
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (50102)
Size
20 kB (19700 bytes)
Hash
d37ece4290313a264b5e235c0dadf2fb
9ae09bed58122b3d3c4914c45e682dce63993e14
e08d9d0fd918211315836b13807379efdf0a22ac163c96f96c5a14d1212781bd

HTTP Headers

GET /images/ltd.svg HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 25 Jan 2023 05:14:49 GMT
content-type: image/svg+xml
last-modified: Fri, 20 Nov 2020 00:55:29 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 19700
ddg-cache-status: HIT,HIT
etag: W/"5fb71401-c420"
age: 152758
X-Firefox-Spdy: h2

oxy.st/slake/asset/js/plugins.js

185.178.208.137

200 OK

91 kB

URL HTTP/2
oxy.st/slake/asset/js/plugins.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
Unicode text, UTF-8 text, with very long lines (8320), with CRLF line terminators
Size
91 kB (90933 bytes)
Hash
f64473f7f0d77763bf319a920044a5fe
085e34089773af2ec9ec67f206d51e9ada6a84fb
d0ce3ff70f038c52fd30f79350f60b4dff5c9bf0f327a1389c83c409a1f8846d

HTTP Headers

GET /slake/asset/js/plugins.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 25 Jan 2023 05:09:08 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 90933
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-52d51"
age: 153099
X-Firefox-Spdy: h2

oxy.st/slake/asset/js/main.js

185.178.208.137

200 OK

1.8 kB

URL HTTP/2
oxy.st/slake/asset/js/main.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (368)
Size
1.8 kB (1840 bytes)
Hash
76d3c4da3644ed1684ed54ff59305a5a
3e03f21e8af17de66be1aa22a6f952c000fbcc70
adc0957a4224cf75ae632338e6e52591d0552189b8ba1a4e7f19885405dfc2f8

HTTP Headers

GET /slake/asset/js/main.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 22 Jan 2023 13:24:04 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
etag: W/"5eefbeb2-2210"
access-control-allow-origin: *
content-encoding: gzip
age: 382603
content-length: 1840
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2ebcc7cd4c50e87a984668828c1e612e
f693d36335f333e3647f9fb2460e34dd73e17421
27f1d63422ccd02a6af514c2c0a36ac6f4e0d6f74ad6d9fc8c32e8ea487ffe15

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

oxy.st/slake/asset/js/ajax-subscribe.js

185.178.208.137

200 OK

635 B

URL HTTP/2
oxy.st/slake/asset/js/ajax-subscribe.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with CRLF line terminators
Size
635 B (635 bytes)
Hash
574b8cde44d6b421cd12af0df0cca335
7dbd98f2d7925795343e8b8a3fc0c91ba496f526
035c75b2646589e751a275f3469f1e53b5e9c55cff4f0b3d3cbdfbb248aef9c2

HTTP Headers

GET /slake/asset/js/ajax-subscribe.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 20 Jan 2023 16:13:47 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
etag: W/"5eefbeb2-595"
access-control-allow-origin: *
content-encoding: gzip
age: 545220
content-length: 635
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

oxy.st/slake/asset/js/ajax-mail.js

185.178.208.137

200 OK

544 B

URL HTTP/2
oxy.st/slake/asset/js/ajax-mail.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with CRLF line terminators
Size
544 B (544 bytes)
Hash
4eb7582278a2e3748b9017bb83307caf
93c419ea8637148be2192bfa8068ed8009e3add7
59ccbe475f369df6e9daf6480deb023a38b4fc29016142e062f76f4218f66abc

HTTP Headers

GET /slake/asset/js/ajax-mail.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 26 Jan 2023 16:25:47 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 544
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-683"
age: 26100
X-Firefox-Spdy: h2

oxy.st/slake/responsive.css?ver=5

185.178.208.137

200 OK

12 kB

URL HTTP/2
oxy.st/slake/responsive.css?ver=5
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text
Size
12 kB (11872 bytes)
Hash
c9887952027ae1466ab90ba9dcd23ce3
0afb76db6c9644265da1820da0afe7aaef448e53
f16e171dae88fb2e1970604b6152409551d184fb1977a2668dd19f36dc0ab338

HTTP Headers

GET /slake/responsive.css?ver=5 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 20 Jan 2023 18:15:26 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 22:27:36 GMT
vary: Accept-Encoding
etag: W/"5eefded8-135c7"
access-control-allow-origin: *
content-encoding: gzip
age: 537921
content-length: 11872
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 26 Jan 2023 23:24:53 GMT
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
age: 954
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
effbf58edd0a6a8e39ff3b7e5087c44f
b50bd928ea43d096de8ef85d0c9c88c488d79991
0f8ffdcdf2848c698273e527691e11a08f50668eb8fc7fb59ece64d337ca49aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0F8FFDCDF2848C698273E527691E11A08F50668EB8FC7FB59ECE64D337CA49AA"
Last-Modified: Wed, 25 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4608
Expires: Fri, 27 Jan 2023 00:57:35 GMT
Date: Thu, 26 Jan 2023 23:40:47 GMT
Connection: keep-alive

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
a49a89d4a52d659818f7937ed1c4e7ea
ef5cc8b0f7c54921ff8ed61cdca0b9d55f7d408f
4c3da9caef852c3725a10d21185cf0d8aaa29fd4a354520fa7079de4716c5e70

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 23:40:47 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 04:59:13 GMT
Expires: Wed, 01 Feb 2023 04:59:12 GMT
Etag: "ef5cc8b0f7c54921ff8ed61cdca0b9d55f7d408f"
Cache-Control: max-age=450504,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78fd187b9a7eb505-OSL

whereres.com/api/scripts/mSetupWidget?id=363

88.208.46.156

200 OK

9.0 kB

URL HTTP/1.1
whereres.com/api/scripts/mSetupWidget?id=363
IP
88.208.46.156:0
ASN
#39572 DataWeb Global Group B.V.

File type
Unicode text, UTF-8 text, with very long lines (3565)
Size
9.0 kB (8982 bytes)
Hash
9c6d8fe1a69623dcc4c1948506d672af
b400e0ddf00fbbeed8a94c949165659d78714911
a5b9db9230019c2386cbd1bd2b8e193cd202b1f5558cc20a4a52058f79542c09

HTTP Headers

GET /api/scripts/mSetupWidget?id=363 HTTP/1.1
Host: whereres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: openresty
Date: Thu, 26 Jan 2023 23:40:47 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.0.27
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2ebcc7cd4c50e87a984668828c1e612e
f693d36335f333e3647f9fb2460e34dd73e17421
27f1d63422ccd02a6af514c2c0a36ac6f4e0d6f74ad6d9fc8c32e8ea487ffe15

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn.adlook.me/js/rlf.js

92.223.124.24

200 OK

19 kB

URL HTTP/2
cdn.adlook.me/js/rlf.js
IP
92.223.124.24:0
ASN
#199524 G-Core Labs S.A.

File type
Unicode text, UTF-8 text, with very long lines (65509), with no line terminators
Size
19 kB (19276 bytes)
Hash
4753bd99e680f991e358fcfc5956d348
f7506e35d1e97953351bacf094278a919dd2d5e9
417b57437a57fdbfdbe26fb8e676b6936d868f23f5aa5ca587811aa01ce9d03f

HTTP Headers

GET /js/rlf.js HTTP/1.1
Host: cdn.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: application/javascript,application/javascript;charset=utf-8
content-length: 19276
content-encoding: gzip
last-modified: Wed, 14 Dec 2022 11:05:17 GMT
etag: "8054b6f2abfd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
cache: HIT
x-cached-since: 2023-01-26T23:39:19+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2

ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=2

185.76.9.16

200 OK

50 kB

URL HTTP/2
ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=2
IP
185.76.9.16:0
ASN
#60068 Datacamp Limited

File type
data
Size
50 kB (50259 bytes)
Hash
d4885a2b444beebe43ed192ee62a2de0
a52595bd984ac395e28f8bd9cedaeafe20870c32
81133a0558ba0bb22c57d67937a35d5b1401e28e66203b71dbcad6c9bf705ce7

HTTP Headers

GET /s/requestform.js?siteId=85433&formatId=2 HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=604800
x-accel-expires: @1675314385
server: CDN77-Turbo
x-77-nzt: AblMCQ3xjy//LgUBAA
x-77-nzt-ray: c0a4cc28904dcdef7f0fd363f3181814
x-cache: HIT
x-age: 66862
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

oxy.st/slake/asset/fonts/themify--fvbane.woff

185.178.208.137

200 OK

56 kB

URL HTTP/2
oxy.st/slake/asset/fonts/themify--fvbane.woff
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
Web Open Font Format, CFF, length 56108, version 1.0\012- data
Size
56 kB (56108 bytes)
Hash
a1ecc3b826d01251edddf29c3e4e1e97
9394f35bd2addd24666b79bfc36d4f9d247cb01d
0db5c5a1475eb7a3e5028983ea1e642d1b2c00faff6a250a37502b0f3832a4a7

HTTP Headers

GET /slake/asset/fonts/themify--fvbane.woff HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://oxy.st/slake/asset/css/elements.css?1
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 20 Jan 2023 12:46:09 GMT
content-type: font/woff
content-length: 56108
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
access-control-allow-origin: *
accept-ranges: bytes
etag: "5eefbeb2-db2c"
age: 557678
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d9bf2793558044193d7e5d27708a9144
5a8f73462cfda6544cc3efe488854c3cd80bb0a7
e1db5ce5f130aa6d6a1bf18da60fee5c6bb76625a26aef0fee67702e7209ef7e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d9bf2793558044193d7e5d27708a9144
5a8f73462cfda6544cc3efe488854c3cd80bb0a7
e1db5ce5f130aa6d6a1bf18da60fee5c6bb76625a26aef0fee67702e7209ef7e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2

216.58.207.227

200 OK

21 kB

URL HTTP/2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 21276, version 1.0\012- data
Size
21 kB (21276 bytes)
Hash
59c9b83cc112cf7eeb3bf7a5e96b21fe
771790b776b5e1bc3039c337024e400974184208
a8447cdec51e85d9e93971a0d4a53bcf6085d70bf1d201662837d2fb953422c7

HTTP Headers

GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21276
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 23 Jan 2023 16:07:46 GMT
expires: Tue, 23 Jan 2024 16:07:46 GMT
cache-control: public, max-age=31536000
age: 286381
last-modified: Mon, 11 Jul 2022 19:01:17 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d9bf2793558044193d7e5d27708a9144
5a8f73462cfda6544cc3efe488854c3cd80bb0a7
e1db5ce5f130aa6d6a1bf18da60fee5c6bb76625a26aef0fee67702e7209ef7e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

216.58.207.227

200 OK

31 kB

URL HTTP/2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Size
31 kB (30928 bytes)
Hash
ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780

HTTP Headers

GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Jan 2023 07:08:09 GMT
expires: Sat, 20 Jan 2024 07:08:09 GMT
cache-control: public, max-age=31536000
age: 577958
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.globalsign.com/gseccovsslca2018

104.18.20.226

200 OK

938 B

URL HTTP/1.1
ocsp.globalsign.com/gseccovsslca2018
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
938 B (938 bytes)
Hash
d648132810da4bd70a76cfa07e9b02fe
52de2f76bada13e2db41b22933eed61dc04bf8fb
1c26f86700444c95b99c3a0fafa4c53f5977a8bc4283fc14180cf86123ea7279

HTTP Headers

POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 23:40:47 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Mon, 30 Jan 2023 21:32:02 GMT
ETag: "52de2f76bada13e2db41b22933eed61dc04bf8fb"
Last-Modified: Thu, 26 Jan 2023 21:32:03 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3204
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78fd187d3ca21c0e-OSL

push.services.mozilla.com/

34.212.115.25

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.212.115.25:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3yKV7ib8JalCrORrKEujeg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: xFHgJD7qjg49FXyBIF/pNRLVxgI=

ocsp.globalsign.com/gseccovsslca2018

104.18.20.226

200 OK

938 B

URL HTTP/1.1
ocsp.globalsign.com/gseccovsslca2018
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
938 B (938 bytes)
Hash
d648132810da4bd70a76cfa07e9b02fe
52de2f76bada13e2db41b22933eed61dc04bf8fb
1c26f86700444c95b99c3a0fafa4c53f5977a8bc4283fc14180cf86123ea7279

HTTP Headers

POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 23:40:47 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Mon, 30 Jan 2023 21:32:02 GMT
ETag: "52de2f76bada13e2db41b22933eed61dc04bf8fb"
Last-Modified: Thu, 26 Jan 2023 21:32:03 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3204
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78fd187d3e980b45-OSL

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
d9bf2793558044193d7e5d27708a9144
5a8f73462cfda6544cc3efe488854c3cd80bb0a7
e1db5ce5f130aa6d6a1bf18da60fee5c6bb76625a26aef0fee67702e7209ef7e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

oxy.st/slake/asset/img/bg/footer-bg.png

185.178.208.137

200 OK

75 kB

URL HTTP/2
oxy.st/slake/asset/img/bg/footer-bg.png
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 1920 x 890, 8-bit/color RGB, non-interlaced\012- data
Size
75 kB (74560 bytes)
Hash
ce2f90b81ee3a43f46c29223ad1d981b
b82b68c892bd7c8b0bf06a883f1bdcd8ca0121e5
7b5c7bc066eb345c6c48189f960ad13fac80add5b5769e2d7a1f59d82a382505

HTTP Headers

GET /slake/asset/img/bg/footer-bg.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/slake/style.css?ver=6
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 21 Jan 2023 22:29:33 GMT
content-type: image/png
content-length: 74560
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
access-control-allow-origin: *
accept-ranges: bytes
etag: "5eefbeb2-12340"
age: 436274
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

yastatic.net/islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2

178.154.131.217

200 OK

45 kB

URL HTTP/2
yastatic.net/islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2
IP
178.154.131.217:0
ASN
#13238 YANDEX LLC

File type
Web Open Font Format (Version 2), TrueType, length 45100, version 1.0\012- data
Size
45 kB (45100 bytes)
Hash
e783c489351712fa80a7cb4206cffd02
4d1d924e4cbae116baf57958cea28dedc9e361f4
281e998fb084bbc3243914bfd01a00ef5cdbc847179c43106808821a6e0ae1a5

HTTP Headers

GET /islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2 HTTP/1.1
Host: yastatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.17.9
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: application/font-woff2
content-length: 45100
access-control-allow-origin: *
cache-control: public, max-age=31556952
etag: "e783c489351712fa80a7cb4206cffd02"
expires: Sat, 27 Jan 2024 05:25:32 GMT
last-modified: Tue, 22 Jan 2019 17:07:25 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-nginx-request-id: 52e52eaa4c149c4d
accept-ranges: bytes
X-Firefox-Spdy: h2

ads.themoneytizer.com/s/gen.js?type=2

185.76.9.16

200 OK

46 kB

URL HTTP/2
ads.themoneytizer.com/s/gen.js?type=2
IP
185.76.9.16:0
ASN
#60068 Datacamp Limited

File type
data
Size
46 kB (45526 bytes)
Hash
dcca0b6bfaba6db5d52b2b929e8a12ef
cf7968c806dc7a463f8594fb1289237c22682004
d73e3134b944440d0b9263d608945d2a4a7f782941f450951b66e94719600b02

HTTP Headers

GET /s/gen.js?type=2 HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=604800
x-accel-expires: @1675314250
server: CDN77-Turbo
x-77-nzt: AblMCQ3jqWH/tQUBAA
x-77-nzt-ray: c0a4cc28904dcdef7f0fd363cd240f14
x-cache: HIT
x-age: 66997
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.adlook.me/u/cds.html

92.223.124.24

200 OK

1.4 kB

URL HTTP/2
cdn.adlook.me/u/cds.html
IP
92.223.124.24:0
ASN
#199524 G-Core Labs S.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
1.4 kB (1439 bytes)
Hash
092b935eec2ba1199c03c1c856472e77
90d533fb895dda57fd0645cf484a4ecb7a64c344
8719a7a7e474f30d7a1d5dbf2ab97bbd73437c28ef567b410361540ad38c985e

HTTP Headers

GET /u/cds.html HTTP/1.1
Host: cdn.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: text/html
content-length: 1439
last-modified: Thu, 06 Aug 2020 17:06:57 GMT
etag: "207a2dfe136cd61:0"
x-powered-by: ASP.NET
cache: HIT
x-cached-since: 2023-01-26T23:35:32+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.adlook.me/css/rlf.css?1.4

92.223.124.24

200 OK

1.6 kB

URL HTTP/2
cdn.adlook.me/css/rlf.css?1.4
IP
92.223.124.24:0
ASN
#199524 G-Core Labs S.A.

File type
ASCII text, with very long lines (1612), with no line terminators
Size
1.6 kB (1612 bytes)
Hash
ebb99a8c16a4ad70389cc2e9306fa4b1
b926dbbe4d67d1a39e3a7b1f4ea992c41388067b
d1b01565ed50bb2012a6d2c9b409fa41752d6c3a30e735f9f7008b7f635a21f1

HTTP Headers

GET /css/rlf.css?1.4 HTTP/1.1
Host: cdn.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: text/css
content-length: 1612
last-modified: Mon, 11 Oct 2021 12:59:26 GMT
etag: "2fce1cd29fbed71:0"
x-powered-by: ASP.NET
cache: HIT
x-cached-since: 2023-01-26T23:34:03+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

312 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
312 B (312 bytes)
Hash
f1d55ab20f757f7fd0b51462c7f4a9b0
e1ec60e23dda34f6bebe9654e9fbcee9374e7d4b
4bc645f135acb91082641116f38ba1a2371b49c50df7dc2527c6fc62601482df

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3713
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:47 GMT
Last-Modified: Thu, 26 Jan 2023 22:38:54 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 312

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ef59aa85c9572bcc65b9073860bf25a8
67f76f3edf37a48f3fc9244d4d76c2abfa1a4a2a
de67a6263dceb38bc328eaf7fc5dee5ce983c954cf3a5c673a1b5ab140990188

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE67A6263DCEB38BC328EAF7FC5DEE5CE983C954CF3A5C673A1B5AB140990188"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9430
Expires: Fri, 27 Jan 2023 02:17:57 GMT
Date: Thu, 26 Jan 2023 23:40:47 GMT
Connection: keep-alive

onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1674776447412

51.89.9.252

204 No Content

0 B

URL HTTP/2
onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1674776447412
IP
51.89.9.252:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /usync/?pubId=2a897e3f18e6769&cb=1674776447412 HTTP/1.1
Host: onetag-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
cache-control: no-store
strict-transport-security: max-age=15552000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2c396903b0b464c236fcabab2b6d5880
daa0bdb277827048f33e7f74f1ac3c9d2c026289
ba1814bbae020a67517ef0e23ff545f59fac26994600a064cb02822c15dfb4a3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BA1814BBAE020A67517EF0E23FF545F59FAC26994600A064CB02822C15DFB4A3"
Last-Modified: Wed, 25 Jan 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19099
Expires: Fri, 27 Jan 2023 04:59:06 GMT
Date: Thu, 26 Jan 2023 23:40:47 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3b7fe1c4f817d20bfd737c730914dd99
518e8ab7225a0c25390c7a03e0f9c4832bc6d5cc
2d87ef9dcdde302d9a0ef30f4d06bc9f56420b8795a6a8ef230c83bdca26cb76

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2D87EF9DCDDE302D9A0EF30F4D06BC9F56420B8795A6A8EF230C83BDCA26CB76"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1341
Expires: Fri, 27 Jan 2023 00:03:08 GMT
Date: Thu, 26 Jan 2023 23:40:47 GMT
Connection: keep-alive

tag.leadplace.fr/libJsLP.js

145.239.193.51

200 OK

5.5 kB

URL HTTP/1.1
tag.leadplace.fr/libJsLP.js
IP
145.239.193.51:0
ASN
#16276 OVH SAS

File type
ASCII text
Size
5.5 kB (5547 bytes)
Hash
a0c24f993bc0901cfe62d1e801cb2b45
7eb2bdce06161ae486bc8e7ecd0b5c9c4f7b2984
80fccb00db57a177d26368cda09f8a540cf1aa641b8b6837047e86d3bd8d6333

HTTP Headers

GET /libJsLP.js HTTP/1.1
Host: tag.leadplace.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 26 Jan 2023 23:40:47 GMT
Content-Type: application/javascript
Content-Length: 5547
Last-Modified: Thu, 14 Oct 2021 07:27:52 GMT
ETag: "6167dbf8-15ab"
Accept-Ranges: bytes
X-IPLB-Request-ID: 5B5A2A9A:A7CF_91EFC133:01BB_63D30F7F_6408BCA8:14262
X-IPLB-Instance: 29922

spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258

172.67.13.182

200 OK

21 kB

URL HTTP/2
spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258
IP
172.67.13.182:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (50946), with LF, NEL line terminators
Size
21 kB (20906 bytes)
Hash
d2379de57527224899b86edfb0996ba9
64dbf8f37c269765e4787f05e0c428f2e0a2d5a6
173782f023ac9a34bd986e6992fdfabc4caf1941cf79fb118f62817ae5af12a0

HTTP Headers

GET /mapper.js?env=mWeb&eventType=pageview&zdid=1258 HTTP/1.1
Host: spl.zeotap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://oxy.st
vary: Origin, Accept-Encoding
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 78fd187d8b78b511-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
e2d4d6ce7f7429d82966d6d9dc16356b
fcd4edfef113db414c102864a1a4e3a38c23e9c9
97f329ca52876a991e1bd435d8841a0a0f7b657e5c6312390421f236d6cd3b90

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 23:40:47 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 20:45:24 GMT
Expires: Wed, 01 Feb 2023 20:45:23 GMT
Etag: "fcd4edfef113db414c102864a1a4e3a38c23e9c9"
Cache-Control: max-age=507275,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78fd187e5ca9b505-OSL

tag.leadplace.fr/wckr.php?ref=https%3A%2F%2Foxy.st%2Fd%2FKpug&id=MTIZ

145.239.193.51

200 OK

0 B

URL HTTP/1.1
tag.leadplace.fr/wckr.php?ref=https%3A%2F%2Foxy.st%2Fd%2FKpug&id=MTIZ
IP
145.239.193.51:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wckr.php?ref=https%3A%2F%2Foxy.st%2Fd%2FKpug&id=MTIZ HTTP/1.1
Host: tag.leadplace.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 26 Jan 2023 23:40:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
X-IPLB-Request-ID: 5B5A2A9A:A7CF_91EFC133:01BB_63D30F7F_6408BCAB:14262
X-IPLB-Instance: 29922

p.cpx.to/p/12771/px.js

34.252.124.99

200 OK

2.0 kB

URL HTTP/1.1
p.cpx.to/p/12771/px.js
IP
34.252.124.99:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (1990), with no line terminators
Size
2.0 kB (1990 bytes)
Hash
a667f26d4e73b4b5098a9c9637d3d29f
83d9b753da4c51039a689bc67956f7f9997854cc
a559f41c7e0d2f4852afbf1cf44b736b9158e65b01843c05850f6e8d6b6db9b6

HTTP Headers

GET /p/12771/px.js HTTP/1.1
Host: p.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=2419200, public
Content-Type: application/javascript; charset=UTF-8
Date: Thu, 26 Jan 2023 23:40:47 GMT
Content-Length: 1990
Connection: keep-alive

c.tmyzer.com/c/?s=85433&f=2&fi=99

54.38.64.100

200 OK

0 B

URL HTTP/1.1
c.tmyzer.com/c/?s=85433&f=2&fi=99
IP
54.38.64.100:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c/?s=85433&f=2&fi=99 HTTP/1.1
Host: c.tmyzer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 26 Jan 2023 23:40:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
X-IPLB-Request-ID: 5B5A2A9A:7C43_36264064:01BB_63D30F7F_782623:2AED2
X-IPLB-Instance: 24858

ocsp.digicert.com/

93.184.220.29

200 OK

314 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
314 B (314 bytes)
Hash
0f1ba60402ab9eac433f3a75cf52422e
87265442ece1893f4e1ad20cd2a42773735d03e0
c04830a384fb019b37de4b24ff5f0191ffd527b79475b3b8f54303aeaec2630e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3243
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:47 GMT
Last-Modified: Thu, 26 Jan 2023 22:46:44 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 314

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4fed69565ceab3f7d13caae0921dcbc7
6619cd41cc183cbebd9eb0de90105bd7437fd8a3
06339124aa4a93d8811614cac0418fdbdc60cad00afc74ad798e257d10990e90

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "06339124AA4A93D8811614CAC0418FDBDC60CAD00AFC74AD798E257D10990E90"
Last-Modified: Wed, 25 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15477
Expires: Fri, 27 Jan 2023 03:58:45 GMT
Date: Thu, 26 Jan 2023 23:40:48 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

314 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
314 B (314 bytes)
Hash
0f1ba60402ab9eac433f3a75cf52422e
87265442ece1893f4e1ad20cd2a42773735d03e0
c04830a384fb019b37de4b24ff5f0191ffd527b79475b3b8f54303aeaec2630e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3244
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:48 GMT
Last-Modified: Thu, 26 Jan 2023 22:46:44 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 314

id5-sync.com/api/config/prebid

162.19.138.120

200

134 B

URL HTTP/1.1
id5-sync.com/api/config/prebid
IP
162.19.138.120:0
ASN
#16276 OVH SAS

File type
JSON data\012- , ASCII text, with no line terminators
Size
134 B (134 bytes)
Hash
99be75395b3c89cdd6781761e5a85ad2
225a8b587c3545be2581aa9ac2b630b51679d7be
559ffc5fa5eadd77f8bfaaeb793648763e312a17391d8e6bbb7d8d3dec2147e1

HTTP Headers

POST /api/config/prebid HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 95
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Thu, 26 Jan 2023 23:40:47 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload

ads.adlook.me/vast?id=5344&w=1268&h=713&mult=1&rw=0&ref=&loc=https%3A%2F%2Foxy.st%2Fd%2FKpug&top=&_ts=1674776447837

5.200.50.170

200 OK

2 B

URL HTTP/2
ads.adlook.me/vast?id=5344&w=1268&h=713&mult=1&rw=0&ref=&loc=https%3A%2F%2Foxy.st%2Fd%2FKpug&top=&_ts=1674776447837
IP
5.200.50.170:0
ASN
#48096 Enterprise Cloud Ltd.

File type
JSON data\012- , ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

HTTP Headers

GET /vast?id=5344&w=1268&h=713&mult=1&rw=0&ref=&loc=https%3A%2F%2Foxy.st%2Fd%2FKpug&top=&_ts=1674776447837 HTTP/1.1
Host: ads.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/json
server: Microsoft-IIS/10.0
set-cookie: adlm_userId=89bd9d3e900d4c48a5ae5e3aea59c9fe; expires=Fri, 26 Jan 2024 21:00:00 GMT; path=/; SameSite=None; secure; samesite=lax
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
date: Thu, 26 Jan 2023 23:40:47 GMT
content-length: 2
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e00a674a0c70c9d697802909f3d3836c
e8862ab9105e10e004509050a8cb650fb53390c4
1b78e3fe9ac8c6c62f14d7c08894ec1fcaada17cc807b067396bee1813c903fc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1B78E3FE9AC8C6C62F14D7C08894EC1FCAADA17CC807B067396BEE1813C903FC"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3542
Expires: Fri, 27 Jan 2023 00:39:50 GMT
Date: Thu, 26 Jan 2023 23:40:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f0a4098f041b32de6aeac7e8919dfb93
d3dd3d384e3bc4454b58f48c878261b5d165c2bd
1a2e07af32d611f5b897d8f26ba1ba7008bdbb7814bc749dc3f6992167ed6d64

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1A2E07AF32D611F5B897D8F26BA1BA7008BDBB7814BC749DC3F6992167ED6D64"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4608
Expires: Fri, 27 Jan 2023 00:57:36 GMT
Date: Thu, 26 Jan 2023 23:40:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d84f383ade441229a3b8c3bdb440dec1
1a3fe5fbdb453238fd1bba1698ab7e42cc964455
00f8082421d59df44b61e96c4cdf71aec562e572fd3fbebfb2f1c5aa5fa22c6f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "00F8082421D59DF44B61E96C4CDF71AEC562E572FD3FBEBFB2F1C5AA5FA22C6F"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4143
Expires: Fri, 27 Jan 2023 00:49:51 GMT
Date: Thu, 26 Jan 2023 23:40:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2fd3b5487710791cafa87110d681647a
6f3de59c79cf8f93c3312d917e9bb225a8bb25f9
35c24aa8f70e97185a0a18761f04b283cefecdce3abcd2261ccc6377077730c5

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35C24AA8F70E97185A0A18761F04B283CEFECDCE3ABCD2261CCC6377077730C5"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11648
Expires: Fri, 27 Jan 2023 02:54:56 GMT
Date: Thu, 26 Jan 2023 23:40:48 GMT
Connection: keep-alive

fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

45 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size
45 kB (44856 bytes)
Hash
565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

HTTP Headers

GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 23 Jan 2023 18:52:41 GMT
expires: Tue, 23 Jan 2024 18:52:41 GMT
cache-control: public, max-age=31536000
age: 276487
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
aa79f831fbade48affa43928694677db
ddb17e61adc783e7a0fb0ae60c2f049e082c5097
abcc206a3c1727354a2371f825b9640133e8617f2a47f84a8cdcc9300357d654

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 23:40:48 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 26 Jan 2023 19:14:51 GMT
Expires: Thu, 02 Feb 2023 19:14:50 GMT
Etag: "ddb17e61adc783e7a0fb0ae60c2f049e082c5097"
Cache-Control: max-age=588241,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78fd1880ce80b505-OSL

s.cpx.to/fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FKpug&hn_ver=40&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431

63.32.10.107

200 OK

652 B

URL HTTP/1.1
s.cpx.to/fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FKpug&hn_ver=40&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431
IP
63.32.10.107:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (652), with no line terminators
Size
652 B (652 bytes)
Hash
38f9c82fe32a812a2c1579ebd33b858a
9e240a02c118be016bd569e536767ac8c629ee16
54490871b857cb27ed0b4cf62d8dbbec2bbda6ebd96f422e397833bba00e5e6e

HTTP Headers

GET /fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FKpug&hn_ver=40&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431 HTTP/1.1
Host: s.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 23:40:48 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 652
Connection: keep-alive
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: none
cache-control: no-store, must-revalidate, private, max-age=0
pragma: no-cache
p3p: CP="NOI DEV ADM"
expires: Wed, 18 Jan 2023 18:33:03 UTC
set-cookie: cpSess=8fc71c476d2432c; Expires=Fri, 26 Jan 2024 23:40:48 GMT; Domain=.cpx.to; Path=/; Secure; HttpOnly; SameSite=None

my.rtmark.net/gid.js?userId=3a033a90860b452280c7637d449e0135

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js?userId=3a033a90860b452280c7637d449e0135
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
4ac98924d382b92968853eced8e7ecd4
75ba7c817cfe6286e0ffe4c40576e477afba7715
d64e9bf1b28ba4a824fb086a8f9c712fb98f5f1ae2a629dc1ed0c1047dc47d81

HTTP Headers

GET /gid.js?userId=3a033a90860b452280c7637d449e0135 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=3a033a90860b452280c7637d449e0135; expires=Fri, 26 Jan 2024 23:40:48 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
492d03b6c1a0e73fb127623d0e1618d3
b162afe517d930681f78a5435e4a698c54b552c5
acc6d55af7b0b68b0dab453548667f030e4d20a239a74af40555a357ef9603eb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ACC6D55AF7B0B68B0DAB453548667F030E4D20A239A74AF40555A357EF9603EB"
Last-Modified: Wed, 25 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15444
Expires: Fri, 27 Jan 2023 03:58:12 GMT
Date: Thu, 26 Jan 2023 23:40:48 GMT
Connection: keep-alive

lb.eu-1-id5-sync.com/lb/v1

141.95.98.64

200

33 B

URL HTTP/1.1
lb.eu-1-id5-sync.com/lb/v1
IP
141.95.98.64:0
ASN
#16276 OVH SAS

File type
JSON data\012- , ASCII text, with no line terminators
Size
33 B (33 bytes)
Hash
3ead78c59626b9716390b86ae4db6162
545633a45da3a1b06e39cb7010e712e984d51c45
49441abe70222bebd34aa2539df6f165aa0fcbfcbeca6ceefa702af70e20496c

HTTP Headers

GET /lb/v1 HTTP/1.1
Host: lb.eu-1-id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://oxy.st
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Thu, 26 Jan 2023 23:40:47 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload

ibrapush.com/zone?pub=0&zone_id=5630104&is_mobile=false&domain=oxy.st&var=&ymid=&var_3=

139.45.197.250

200 OK

705 B

URL HTTP/2
ibrapush.com/zone?pub=0&zone_id=5630104&is_mobile=false&domain=oxy.st&var=&ymid=&var_3=
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with very long lines (704)
Size
705 B (705 bytes)
Hash
53fd4fda83983a95b2ce314003de8718
f748134fb9af3caa678b515e2cbc82eff9881bc4
fd13354afb4688df091fa2c30a00d1ec42fb3f9fbadfebcf926f4e5581238def

HTTP Headers

GET /zone?pub=0&zone_id=5630104&is_mobile=false&domain=oxy.st&var=&ymid=&var_3= HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: application/json; charset=utf-8
content-length: 705
x-trace-id: 7da89c0edc17210bf2e0a52e7084740c
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
188d447a0eee6a7f972e26e76514f7c3
e7eb7fddc22b1aa83e2d546ee7890ebd7de8bfc8
6284a8ac73437e1e92bac3e2257aa60c7001f814613d82c2522accb34b21a0f2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2010
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:48 GMT
Last-Modified: Thu, 26 Jan 2023 23:07:18 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 313

dnacdn.net/dna

178.250.2.146

200 OK

0 B

URL HTTP/2
dnacdn.net/dna
IP
178.250.2.146:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:48 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=kpR5I180M0RITmhlJTJCZkMwOUJGQlhaMUN2czMzeWtETENUMnB5VXhIUDIlMkZKMDNZJTJCWHhMdk5WbTZuVmJZOFFob1BwenglMkY; expires=Tue, 20 Feb 2024 23:40:48 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 163557
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
287da7c85e4553bf4e0706514e6cdc1b
c874bc074a5dbe6a233d61eed89a1533ddccb942
5969a6d485bb97b8f0edf457512cd97bd8391ed78c33af25b68798a749b7efd9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5969A6D485BB97B8F0EDF457512CD97BD8391ED78C33AF25B68798A749B7EFD9"
Last-Modified: Thu, 26 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8783
Expires: Fri, 27 Jan 2023 02:07:11 GMT
Date: Thu, 26 Jan 2023 23:40:48 GMT
Connection: keep-alive

ocsp.pki.goog/s/gts1p5/x-QEV4IR2x0

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/x-QEV4IR2x0
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a183b8ab4dc63e3c7570c080b82630b2
69bb25aebf6b4418e5ac45c9654a2a24d1b8b168
976587f6dc6510ce04ac4af2a4bd3079beb1777dab443d1223a7d99d4ca2040c

HTTP Headers

POST /s/gts1p5/x-QEV4IR2x0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:48 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

nanouwho.com/27/f0e85569ebf902c5568035fe1b0a0004

139.45.197.242

200 OK

130 kB

URL HTTP/2
nanouwho.com/27/f0e85569ebf902c5568035fe1b0a0004
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type
data
Size
130 kB (129976 bytes)
Hash
52897cc49373965670ddcd2499fdaea5
a2bc4d58d27c36f35929ffdbe213f13122c17485
a2fee995e7938468d9d836e2ea2ae60104caed21bea99333153d0d0260134cff

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /27/f0e85569ebf902c5568035fe1b0a0004 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Cookie: scm=1; OAID=2ff241ee25cd4d76ad13fca078d1b555; oaidts=1674776448
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
cache-control: max-age:290304000, public
last-modified: Thu, 26 Jan 2023 04:44:45 GMT
expires: Thu, 25 Feb 2083 04:44:45 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

onmarshtompor.com/?rb=fbV-5S5xxyYEPr83eTjq3zo2rAfQDFc0PJ8zwGK9nf_6OTTXtoLIpRpLIv6aBUzM3apdtRvvRKzh_QUMnvE2uP--ZwjFd4Jj_6uW2V7i47HNPkvyzQPKglllKwVm-ImzD2BopVayFlHTEAspxvxDKopCZ8wc2BFXKLUFXKNcOFGbLyhb1WqNu4K73kLrtRbF0uRvyl8ectoxSD7sa3LQhrWiu9GYXU_c&request_ab2=0&zoneid=5630105&js_build=iclick-v1.473.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=3&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.473.0&bs=e8cef702-598c-4929-9ff7-d7ba2a3e0592&userId=3a033a90860b452280c7637d449e0135&m=link

139.45.197.243

200 OK

1.6 kB

URL HTTP/2
onmarshtompor.com/?rb=fbV-5S5xxyYEPr83eTjq3zo2rAfQDFc0PJ8zwGK9nf_6OTTXtoLIpRpLIv6aBUzM3apdtRvvRKzh_QUMnvE2uP--ZwjFd4Jj_6uW2V7i47HNPkvyzQPKglllKwVm-ImzD2BopVayFlHTEAspxvxDKopCZ8wc2BFXKLUFXKNcOFGbLyhb1WqNu4K73kLrtRbF0uRvyl8ectoxSD7sa3LQhrWiu9GYXU_c&request_ab2=0&zoneid=5630105&js_build=iclick-v1.473.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=3&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.473.0&bs=e8cef702-598c-4929-9ff7-d7ba2a3e0592&userId=3a033a90860b452280c7637d449e0135&m=link
IP
139.45.197.243:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with very long lines (2176), with no line terminators
Size
1.6 kB (1649 bytes)
Hash
5ecf64e1257e7bc8e381b0208a18cce0
250d5fc267c6bc08916724756739e30561020354
c1280fa55d71b920e6ea4ae7add8e9ecba1cc922f7513e24661bc294eb9cd7be

HTTP Headers

GET /?rb=fbV-5S5xxyYEPr83eTjq3zo2rAfQDFc0PJ8zwGK9nf_6OTTXtoLIpRpLIv6aBUzM3apdtRvvRKzh_QUMnvE2uP--ZwjFd4Jj_6uW2V7i47HNPkvyzQPKglllKwVm-ImzD2BopVayFlHTEAspxvxDKopCZ8wc2BFXKLUFXKNcOFGbLyhb1WqNu4K73kLrtRbF0uRvyl8ectoxSD7sa3LQhrWiu9GYXU_c&request_ab2=0&zoneid=5630105&js_build=iclick-v1.473.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=3&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.473.0&bs=e8cef702-598c-4929-9ff7-d7ba2a3e0592&userId=3a033a90860b452280c7637d449e0135&m=link HTTP/1.1
Host: onmarshtompor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: application/json
x-trace-id: 4a9c0591b9c3b2e0c9d4f53564b69937
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=3a033a90860b452280c7637d449e0135; expires=Fri, 26 Jan 2024 23:40:48 GMT; path=/; secure; SameSite=None
oaidts=1674776448; expires=Fri, 26 Jan 2024 23:40:48 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Thu, 02 Feb 2023 23:40:48 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1p5/x-QEV4IR2x0

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/x-QEV4IR2x0
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a183b8ab4dc63e3c7570c080b82630b2
69bb25aebf6b4418e5ac45c9654a2a24d1b8b168
976587f6dc6510ce04ac4af2a4bd3079beb1777dab443d1223a7d99d4ca2040c

HTTP Headers

POST /s/gts1p5/x-QEV4IR2x0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:48 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tzegilo.com/stattag.js

172.67.141.224

200 OK

5.3 kB

URL HTTP/2
tzegilo.com/stattag.js
IP
172.67.141.224:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (13121), with no line terminators
Size
5.3 kB (5308 bytes)
Hash
69599ccb0b322c5919bb7f588a743ab6
aaf5551525223bc6cfa47bfdbb90368a8613aecc
bc58d50736374e380cf7c5650e52f608b40d9d494795403dd0e73af8241257a5

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: application/javascript
last-modified: Thu, 29 Dec 2022 16:01:28 GMT
etag: W/"63adb9d8-3341"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 497
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oazEWGLuq0ExNAxab0iUcrxd062yW3NV12L%2BTCFRA%2FPgWgiHwfogvvvyEDcmiou%2BWLKADtaFBh3pgYR3tbvMT6Ws1geaCbfhtfG2R9zRvVHxLRpIJQBmeTRdkDET5w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78fd18835c94b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

nanouwho.com/11?rnd=3979313740&z=5630103&b=16536120&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=fUO_c7nVW2qxXr6lSzSXy5CuueAYAyZZOQMNpPc-JammBTVFARTo0pnPiCH9x2qBZoqC6XWRoG4N50gLnLrkexpom1HFBZUjEJr9XTrmRSPfFHpWiMJZsBptRMjaWT25CyYdfy9ymgw_bGD-nhnHHpoZ2e4P6tXD8HgQf_CH3WHtaQE70V5f-jPQO5oL3DQhYKZfzytD-I5y7ijFq5h6Qp0EQkSOQ6irSuEzU5ykMujzzoY0bPZvegjulYZs0fYefJ9-GXP6TzrkSVIF0FIPGTKNO7mGXxOO_oFxp3zkKdrrrrzH_ETXU0UbH6hsB-U3RU0dNf_TKoqgjg1MNUMeU__BRojoEsKZwbuo7wbiTQKvgH8zxvO9Ntj2pFcdL5XXNvFQ7ok1tpbt1RZwu_ZqwZlHHJgdyh21ofR_iwuN7_HI9zIn2_1F-TcebotSH25T4nESS1jc6-0A3fYHRELnV4Sek24wFkKCowXDLT7vIKpoeilhH94XJ2S1rKOO3jrvNj7HnFtMIvYPp53SAhswqdkSHr_HcxByW-4vLSg1odlsFLZ3h0SZW1ubQ98CILCjzci73BakD25AdksTSjhQH52xL6hUlkekrxWijCjcM291DwZiK0F4i9bY4uWYYIfUXriwJ-U84X4_i4bScAZpMw==&ruid=a0e6624a-d607-4e97-b3a3-8b04052d81ae&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=275

139.45.197.242

200 OK

0 B

URL HTTP/2
nanouwho.com/11?rnd=3979313740&z=5630103&b=16536120&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=fUO_c7nVW2qxXr6lSzSXy5CuueAYAyZZOQMNpPc-JammBTVFARTo0pnPiCH9x2qBZoqC6XWRoG4N50gLnLrkexpom1HFBZUjEJr9XTrmRSPfFHpWiMJZsBptRMjaWT25CyYdfy9ymgw_bGD-nhnHHpoZ2e4P6tXD8HgQf_CH3WHtaQE70V5f-jPQO5oL3DQhYKZfzytD-I5y7ijFq5h6Qp0EQkSOQ6irSuEzU5ykMujzzoY0bPZvegjulYZs0fYefJ9-GXP6TzrkSVIF0FIPGTKNO7mGXxOO_oFxp3zkKdrrrrzH_ETXU0UbH6hsB-U3RU0dNf_TKoqgjg1MNUMeU__BRojoEsKZwbuo7wbiTQKvgH8zxvO9Ntj2pFcdL5XXNvFQ7ok1tpbt1RZwu_ZqwZlHHJgdyh21ofR_iwuN7_HI9zIn2_1F-TcebotSH25T4nESS1jc6-0A3fYHRELnV4Sek24wFkKCowXDLT7vIKpoeilhH94XJ2S1rKOO3jrvNj7HnFtMIvYPp53SAhswqdkSHr_HcxByW-4vLSg1odlsFLZ3h0SZW1ubQ98CILCjzci73BakD25AdksTSjhQH52xL6hUlkekrxWijCjcM291DwZiK0F4i9bY4uWYYIfUXriwJ-U84X4_i4bScAZpMw==&ruid=a0e6624a-d607-4e97-b3a3-8b04052d81ae&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=275
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /11?rnd=3979313740&z=5630103&b=16536120&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=fUO_c7nVW2qxXr6lSzSXy5CuueAYAyZZOQMNpPc-JammBTVFARTo0pnPiCH9x2qBZoqC6XWRoG4N50gLnLrkexpom1HFBZUjEJr9XTrmRSPfFHpWiMJZsBptRMjaWT25CyYdfy9ymgw_bGD-nhnHHpoZ2e4P6tXD8HgQf_CH3WHtaQE70V5f-jPQO5oL3DQhYKZfzytD-I5y7ijFq5h6Qp0EQkSOQ6irSuEzU5ykMujzzoY0bPZvegjulYZs0fYefJ9-GXP6TzrkSVIF0FIPGTKNO7mGXxOO_oFxp3zkKdrrrrzH_ETXU0UbH6hsB-U3RU0dNf_TKoqgjg1MNUMeU__BRojoEsKZwbuo7wbiTQKvgH8zxvO9Ntj2pFcdL5XXNvFQ7ok1tpbt1RZwu_ZqwZlHHJgdyh21ofR_iwuN7_HI9zIn2_1F-TcebotSH25T4nESS1jc6-0A3fYHRELnV4Sek24wFkKCowXDLT7vIKpoeilhH94XJ2S1rKOO3jrvNj7HnFtMIvYPp53SAhswqdkSHr_HcxByW-4vLSg1odlsFLZ3h0SZW1ubQ98CILCjzci73BakD25AdksTSjhQH52xL6hUlkekrxWijCjcM291DwZiK0F4i9bY4uWYYIfUXriwJ-U84X4_i4bScAZpMw==&ruid=a0e6624a-d607-4e97-b3a3-8b04052d81ae&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=275 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: scm=1; OAID=3a033a90860b452280c7637d449e0135; oaidts=1674776448
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: b9b75d4bd08462837f4e9c9c873de860
access-control-expose-headers: X-Sc
set-cookie: OAID=3a033a90860b452280c7637d449e0135; expires=Fri, 26 Jan 2024 23:40:48 GMT; secure; SameSite=None
oaidts=1674776448; expires=Fri, 26 Jan 2024 23:40:48 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

ibrapush.com/custom

139.45.197.250

200 OK

0 B

URL HTTP/2
ibrapush.com/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

ibrapush.com/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
ibrapush.com/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Content-Type: application/json
Origin: https://oxy.st
Content-Length: 355
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 2361c6cdd37be1b354b47986ebfdcb38
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
da6d1131f8c9ad77c09853b9bc65a467
dfcde7da9dc04065f6a3bbd2457ef90c75ed01ba
ea18b3e2c606aeb6128c798d0ce25827e7a630701a73248211b7d448805d2233

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 23:40:48 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 15:49:39 GMT
Expires: Wed, 01 Feb 2023 15:49:38 GMT
Etag: "dfcde7da9dc04065f6a3bbd2457ef90c75ed01ba"
Cache-Control: max-age=489529,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78fd1884ea17b505-OSL

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
19e4588d58d51de33385e9732a761856
3b4531235582139915d57c1259361a6ccc1bc923
dfcf8c58a963c5749d1cd921f9089d8bcd4a11717f3403f04c9865200decb466

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DFCF8C58A963C5749D1CD921F9089D8BCD4A11717F3403F04C9865200DECB466"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1596
Expires: Fri, 27 Jan 2023 00:07:24 GMT
Date: Thu, 26 Jan 2023 23:40:48 GMT
Connection: keep-alive

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f

139.45.195.254

200 OK

12 B

URL HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
139.45.195.254:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 892
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Thu, 26 Jan 2023 23:41:15 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://oxy.st
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
d49cf0a2dc8f3dd6b5e4730d50cb1f8a
973d6fd723abbad6bcdde56b95cff0b956aeb3d0
ac3accfa00116f3f8c98e66aeefa227f1575b1279eaea5fee34cc6620af9eb81

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5210
Cache-Control: max-age=96778
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:49 GMT
Etag: "63d1d231-117"
Expires: Sat, 28 Jan 2023 02:33:47 GMT
Last-Modified: Thu, 26 Jan 2023 01:06:57 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279

offerimage.com/www/images/7d763937692f59aea0578ffe58c10ee0.jpeg

104.22.33.172

200 OK

14 kB

URL HTTP/2
offerimage.com/www/images/7d763937692f59aea0578ffe58c10ee0.jpeg
IP
104.22.33.172:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
14 kB (13778 bytes)
Hash
7d763937692f59aea0578ffe58c10ee0
b3a4cc4fd1a0d8319e59057e535b0b19f1a3b35b
2d7300c572db1683cbc8071be4bbaf31b00954193f6f82d453c99a7a58bd7620

HTTP Headers

GET /www/images/7d763937692f59aea0578ffe58c10ee0.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:49 GMT
content-type: image/jpeg
content-length: 13778
cache-control: max-age=86400
cf-bgj: h2pri
etag: "63888441-35d2"
expires: Fri, 27 Jan 2023 09:23:33 GMT
last-modified: Thu, 01 Dec 2022 10:38:57 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 51436
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 78fd1886be170a3f-ARN
X-Firefox-Spdy: h2

oxy.st/slake/asset/img/favicon/apple-touch-icon.png

185.178.208.137

200 OK

2.0 kB

URL HTTP/2
oxy.st/slake/asset/img/favicon/apple-touch-icon.png
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
2.0 kB (1994 bytes)
Hash
05807c4aceabfb49ab9d66e54618ff53
fddb5a3eb50d1a255989f72f91911dc21e2d5d9b
725d652f8c9ad3d148a0528878b51e2e250d228ab6eaf39111d0664abad359b3

HTTP Headers

GET /slake/asset/img/favicon/apple-touch-icon.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227; _pbjs_userid_consent_data=3524755945110770; sharedid=e33c1931-a382-4eda-ae00-66fc59a66efd; cto_bundle=bBhj1l9hR1ZsUksxdUYxMEpZVzhRRnVkSHpsQXYxNVUzSTdQMXV5QTdranBFRXQyNEVaWGIzZDk1ekgwaE1QaEZCUndoJTJGZ3prZ084TDM3ZERlbVJJakpBNG5vNUJuemhMaUcxWEFIT0huV2d0bG5jJTNE; cto_bidid=mPkR0F9GVUFCa2VHSFRwY01Gb3JwZFNJbHlKaktzamhsN0tBaVp0TjFVQU9pZyUyRnRHVjR0elVKUWVDRHF1U0FJJTJGVUdiWjdlUENRY0Y3WmRINlZpRGdpMFV2bEElM0QlM0Q; prefetchAd_5630105=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 25 Aug 2022 10:29:17 GMT
content-type: image/png
content-length: 1994
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
etag: "5eefbeb2-7ca"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 13353092
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

id5-sync.com/i/12/9.gif?gdpr=&gdpr_consent=

162.19.138.120

200

43 B

URL HTTP/1.1
id5-sync.com/i/12/9.gif?gdpr=&gdpr_consent=
IP
162.19.138.120:0
ASN
#16276 OVH SAS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
07fff40b5dd495aca2ac4e1c3fbc60aa
e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

HTTP Headers

GET /i/12/9.gif?gdpr=&gdpr_consent= HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: cf=; Max-Age=300; Expires=Thu, 26-Jan-2023 23:45:49 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cip=; Max-Age=300; Expires=Thu, 26-Jan-2023 23:45:49 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cnac=; Max-Age=300; Expires=Thu, 26-Jan-2023 23:45:49 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
car=; Max-Age=300; Expires=Thu, 26-Jan-2023 23:45:49 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
gdpr=; Max-Age=300; Expires=Thu, 26-Jan-2023 23:45:49 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
callback=; Max-Age=300; Expires=Thu, 26-Jan-2023 23:45:49 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
content-type: image/gif;charset=UTF-8
transfer-encoding: chunked
date: Thu, 26 Jan 2023 23:40:48 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload

oxy.st/images/icon.png

185.178.208.137

200 OK

7.5 kB

URL HTTP/2
oxy.st/images/icon.png
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
7.5 kB (7531 bytes)
Hash
b63d70eb8c5d379fa68fe0f63e8c4255
232de1f52e52611ae67aab8ebaa143946154a233
100c7773d318b841267dc4ac654366ac19ba903e6cd6551777268f6eb4ed86cd

HTTP Headers

GET /images/icon.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/Kpug
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227; _pbjs_userid_consent_data=3524755945110770; sharedid=e33c1931-a382-4eda-ae00-66fc59a66efd; cto_bundle=bBhj1l9hR1ZsUksxdUYxMEpZVzhRRnVkSHpsQXYxNVUzSTdQMXV5QTdranBFRXQyNEVaWGIzZDk1ekgwaE1QaEZCUndoJTJGZ3prZ084TDM3ZERlbVJJakpBNG5vNUJuemhMaUcxWEFIT0huV2d0bG5jJTNE; cto_bidid=mPkR0F9GVUFCa2VHSFRwY01Gb3JwZFNJbHlKaktzamhsN0tBaVp0TjFVQU9pZyUyRnRHVjR0elVKUWVDRHF1U0FJJTJGVUdiWjdlUENRY0Y3WmRINlZpRGdpMFV2bEElM0QlM0Q; prefetchAd_5630105=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 20 Jan 2023 10:13:39 GMT
content-type: image/png
content-length: 7531
last-modified: Sun, 21 Jun 2020 20:10:25 GMT
etag: "5eefbeb1-1d6b"
access-control-allow-origin: *
accept-ranges: bytes
age: 566830
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

ced.sascdn.com/tag/1097/smart.js

95.101.10.57

200 OK

33 kB

URL HTTP/1.1
ced.sascdn.com/tag/1097/smart.js
IP
95.101.10.57:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
33 kB (32964 bytes)
Hash
ab5d7bcba6f9bbe86e71d3f75061efc8
bf137eb7dc8285e29d986f6b8f3272f6f979bc0e
a973cdadddcd9ba18f6e262f602d39e091090e4a94ac036b3fc4f7428e5b84e6

HTTP Headers

GET /tag/1097/smart.js HTTP/1.1
Host: ced.sascdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 32964
Cache-Control: public, max-age=7200
Expires: Fri, 27 Jan 2023 01:40:49 GMT
Date: Thu, 26 Jan 2023 23:40:49 GMT
Connection: keep-alive

d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js

54.230.245.170

200 OK

26 kB

URL HTTP/1.1
d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js
IP
54.230.245.170:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (16085)
Size
26 kB (25704 bytes)
Hash
8703fc9eead243fe2f47380e962d7fa2
3d9f707259112fa9ccdd1e676f00eadcff71906c
b47b4ca26c57e3dceebd7abd067df9622599bed6bfb11b480f92d09a945cd213

HTTP Headers

GET /a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js HTTP/1.1
Host: d2zur9cc2gf1tx.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 25704
Connection: keep-alive
Accept-Ranges: bytes
Last-Modified: Mon, 18 Feb 2019 16:54:28 GMT
Server: Apache
Date: Thu, 26 Jan 2023 03:45:34 GMT
X-Cache: Hit from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: YYIwH8j7HgJk4cp1r5lMaci50gMbadUoyMq4DEtNnCnhang0hr5BjQ==
Age: 71737

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
7b8dcc42710b2f68c0ec782d2b2a3ae3
b865da423aa26e774270b8e3942b6fbe76793133
2da0fcf67d020f7c563946fca7ade89803cbe7cfe484f123640f8a9950b3f2b1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

interstitial-07.com/contents/s/22/c3/d7/36b6f5657cde24feae14c9773b/0608422639029.jpeg

139.45.197.152

200 OK

25 kB

URL HTTP/2
interstitial-07.com/contents/s/22/c3/d7/36b6f5657cde24feae14c9773b/0608422639029.jpeg
IP
139.45.197.152:0
ASN
#9002 RETN Limited

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 256x256, components 3\012- data
Size
25 kB (25424 bytes)
Hash
22c3d736b6f5657cde24feae14c9773b
126151dc35c149dad2aa1e7ad40856eda756a0a3
686dabfa96f39e22f655edd3bf99484caf1aa3b63165e6d47ae6c6c2de974bec

HTTP Headers

GET /contents/s/22/c3/d7/36b6f5657cde24feae14c9773b/0608422639029.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=fK0qfSEKc3WaGMt&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D601141132%26z%3D5630103%26b%3D16536120%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DfUO_c7nVW2qxXr6lSzSXy5CuueAYAyZZOQMNpPc-JammBTVFARTo0pnPiCH9x2qBZoqC6XWRoG4N50gLnLrkexpom1HFBZUjEJr9XTrmRSPfFHpWiMJZsBptRMjaWT25CyYdfy9ymgw_bGD-nhnHHpoZ2e4P6tXD8HgQf_CH3WHtaQE70V5f-jPQO5oL3DQhYKZfzytD-I5y7ijFq5h6Qp0EQkSOQ6irSuEzU5ykMujzzoY0bPZvegjulYZs0fYefJ9-GXP6TzrkSVIF0FIPGTKNO7mGXxOO_oFxp3zkKdrrrrzH_ETXU0UbH6hsB-U3RU0dNf_TKoqgjg1MNUMeU__BRojoEsKZwbuo7wbiTQKvgH8zxvO9Ntj2pFcdL5XXNvFQ7ok1tpbt1RZwu_ZqwZlHHJgdyh21ofR_iwuN7_HI9zIn2_1F-TcebotSH25T4nESS1jc6-0A3fYHRELnV4Sek24wFkKCowXDLT7vIKpoeilhH94XJ2S1rKOO3jrvNj7HnFtMIvYPp53SAhswqdkSHr_HcxByW-4vLSg1odlsFLZ3h0SZW1ubQ98CILCjzci73BakD25AdksTSjhQH52xL6hUlkekrxWijCjcM291DwZiK0F4i9bY4uWYYIfUXriwJ-U84X4_i4bScAZpMw%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3Da0e6624a-d607-4e97-b3a3-8b04052d81ae%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKpug%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:49 GMT
content-type: image/jpeg
content-length: 25424
last-modified: Mon, 21 Mar 2022 17:16:40 GMT
vary: Accept-Encoding
etag: "6238b2f8-6350"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

gum.criteo.com/sync?c=147&r=2&j=criteoCallback

178.250.2.146

200 OK

0 B

URL HTTP/2
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP
178.250.2.146:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-crto-bundle
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:48 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-headers: X-CRTO-SID, X-CRTO-IDCPY, X-CRTO-OPTOUT, X-CRTO-BUNDLE
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 658413
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
8842ce0e8a7ade68a541b843fd4cdde3
af08cd580c467949030f86fc17132a11843bce26
c1ee92c539f729fff35e9c9814569b46ed36d9f3de13c348daefc46816d6fbda

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3462
Cache-Control: max-age=156229
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:49 GMT
Etag: "63d2c140-1d7"
Expires: Sat, 28 Jan 2023 19:04:38 GMT
Last-Modified: Thu, 26 Jan 2023 18:06:56 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

interstitial-07.com/?l=fK0qfSEKc3WaGMt&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D601141132%26z%3D5630103%26b%3D16536120%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DfUO_c7nVW2qxXr6lSzSXy5CuueAYAyZZOQMNpPc-JammBTVFARTo0pnPiCH9x2qBZoqC6XWRoG4N50gLnLrkexpom1HFBZUjEJr9XTrmRSPfFHpWiMJZsBptRMjaWT25CyYdfy9ymgw_bGD-nhnHHpoZ2e4P6tXD8HgQf_CH3WHtaQE70V5f-jPQO5oL3DQhYKZfzytD-I5y7ijFq5h6Qp0EQkSOQ6irSuEzU5ykMujzzoY0bPZvegjulYZs0fYefJ9-GXP6TzrkSVIF0FIPGTKNO7mGXxOO_oFxp3zkKdrrrrzH_ETXU0UbH6hsB-U3RU0dNf_TKoqgjg1MNUMeU__BRojoEsKZwbuo7wbiTQKvgH8zxvO9Ntj2pFcdL5XXNvFQ7ok1tpbt1RZwu_ZqwZlHHJgdyh21ofR_iwuN7_HI9zIn2_1F-TcebotSH25T4nESS1jc6-0A3fYHRELnV4Sek24wFkKCowXDLT7vIKpoeilhH94XJ2S1rKOO3jrvNj7HnFtMIvYPp53SAhswqdkSHr_HcxByW-4vLSg1odlsFLZ3h0SZW1ubQ98CILCjzci73BakD25AdksTSjhQH52xL6hUlkekrxWijCjcM291DwZiK0F4i9bY4uWYYIfUXriwJ-U84X4_i4bScAZpMw%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3Da0e6624a-d607-4e97-b3a3-8b04052d81ae%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKpug%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0

139.45.197.152

200 OK

67 kB

URL HTTP/2
interstitial-07.com/?l=fK0qfSEKc3WaGMt&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D601141132%26z%3D5630103%26b%3D16536120%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DfUO_c7nVW2qxXr6lSzSXy5CuueAYAyZZOQMNpPc-JammBTVFARTo0pnPiCH9x2qBZoqC6XWRoG4N50gLnLrkexpom1HFBZUjEJr9XTrmRSPfFHpWiMJZsBptRMjaWT25CyYdfy9ymgw_bGD-nhnHHpoZ2e4P6tXD8HgQf_CH3WHtaQE70V5f-jPQO5oL3DQhYKZfzytD-I5y7ijFq5h6Qp0EQkSOQ6irSuEzU5ykMujzzoY0bPZvegjulYZs0fYefJ9-GXP6TzrkSVIF0FIPGTKNO7mGXxOO_oFxp3zkKdrrrrzH_ETXU0UbH6hsB-U3RU0dNf_TKoqgjg1MNUMeU__BRojoEsKZwbuo7wbiTQKvgH8zxvO9Ntj2pFcdL5XXNvFQ7ok1tpbt1RZwu_ZqwZlHHJgdyh21ofR_iwuN7_HI9zIn2_1F-TcebotSH25T4nESS1jc6-0A3fYHRELnV4Sek24wFkKCowXDLT7vIKpoeilhH94XJ2S1rKOO3jrvNj7HnFtMIvYPp53SAhswqdkSHr_HcxByW-4vLSg1odlsFLZ3h0SZW1ubQ98CILCjzci73BakD25AdksTSjhQH52xL6hUlkekrxWijCjcM291DwZiK0F4i9bY4uWYYIfUXriwJ-U84X4_i4bScAZpMw%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3Da0e6624a-d607-4e97-b3a3-8b04052d81ae%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKpug%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
IP
139.45.197.152:0
ASN
#9002 RETN Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1480)
Size
67 kB (67388 bytes)
Hash
c1f2d365ebe5c794e56cd10ebc3b5716
cc98fc37e8e0d8e29d8ba62219a2f6a6f532943e
a15ff23a8e2cf24b769240664b7fd7f54d86185eb6d763b996e6865cfcf679e3

HTTP Headers

GET /?l=fK0qfSEKc3WaGMt&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D601141132%26z%3D5630103%26b%3D16536120%26c%3D6560718%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DfUO_c7nVW2qxXr6lSzSXy5CuueAYAyZZOQMNpPc-JammBTVFARTo0pnPiCH9x2qBZoqC6XWRoG4N50gLnLrkexpom1HFBZUjEJr9XTrmRSPfFHpWiMJZsBptRMjaWT25CyYdfy9ymgw_bGD-nhnHHpoZ2e4P6tXD8HgQf_CH3WHtaQE70V5f-jPQO5oL3DQhYKZfzytD-I5y7ijFq5h6Qp0EQkSOQ6irSuEzU5ykMujzzoY0bPZvegjulYZs0fYefJ9-GXP6TzrkSVIF0FIPGTKNO7mGXxOO_oFxp3zkKdrrrrzH_ETXU0UbH6hsB-U3RU0dNf_TKoqgjg1MNUMeU__BRojoEsKZwbuo7wbiTQKvgH8zxvO9Ntj2pFcdL5XXNvFQ7ok1tpbt1RZwu_ZqwZlHHJgdyh21ofR_iwuN7_HI9zIn2_1F-TcebotSH25T4nESS1jc6-0A3fYHRELnV4Sek24wFkKCowXDLT7vIKpoeilhH94XJ2S1rKOO3jrvNj7HnFtMIvYPp53SAhswqdkSHr_HcxByW-4vLSg1odlsFLZ3h0SZW1ubQ98CILCjzci73BakD25AdksTSjhQH52xL6hUlkekrxWijCjcM291DwZiK0F4i9bY4uWYYIfUXriwJ-U84X4_i4bScAZpMw%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3Da0e6624a-d607-4e97-b3a3-8b04052d81ae%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKpug%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:49 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.25
set-cookie: reverse=2YcIXTA4eBOr3q6Mk5VHpGCtdLiXJZnWjZcAYKadM1E; expires=Fri, 27-Jan-2023 00:40:49 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2

cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431

142.250.74.130

302 Found

341 B

URL HTTP/2
cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431
IP
142.250.74.130:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
341 B (341 bytes)
Hash
f08fed0a98f17395928684c3b246d5c3
22f0db395e11ff656497e2eff0767488324b1893
14e9228bcd92e6f40e5513ef872eeb2a8c122314b7b99d91172295265d6744b3

HTTP Headers

GET /pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431 HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431&google_tc=
date: Thu, 26 Jan 2023 23:40:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 341
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 26-Jan-2023 23:55:49 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
7b8dcc42710b2f68c0ec782d2b2a3ae3
b865da423aa26e774270b8e3942b6fbe76793133
2da0fcf67d020f7c563946fca7ade89803cbe7cfe484f123640f8a9950b3f2b1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.globalsign.com/gsgccr3dvtlsca2020

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsgccr3dvtlsca2020
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1414 bytes)
Hash
a224665906c0eb363d884019f19f4589
cc2ab9b84eae1afbf2dd3cc8dec59e970eb30f52
f5085217495d9914b91239e178ee942a05ee35b25e201fad0e6c663ef585a2c7

HTTP Headers

POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 23:40:49 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Mon, 30 Jan 2023 21:09:36 GMT
ETag: "cc2ab9b84eae1afbf2dd3cc8dec59e970eb30f52"
Last-Modified: Thu, 26 Jan 2023 21:09:37 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1563
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78fd1887ca851c0e-OSL

secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12771%26ref%3D%26url%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKpug%26hn_ver%3D40%26fid%3D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431

185.89.210.244

307 Redirection

0 B

URL HTTP/1.1
secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12771%26ref%3D%26url%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKpug%26hn_ver%3D40%26fid%3D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431
IP
185.89.210.244:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12771%26ref%3D%26url%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKpug%26hn_ver%3D40%26fid%3D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Thu, 26 Jan 2023 23:40:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FKpug%2526hn_ver%253D40%2526fid%253D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431
AN-X-Request-Uuid: cd0dd868-1d17-4e47-8d1d-de776f81d5b5
Set-Cookie: uuid2=4437223376576264530; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 26-Apr-2023 23:40:49 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
2892ad526c4f55ae4025bf28c7461281
baf83f9b89b7c1d2c6dd0342058d444657da256e
cab8f28b37a5d5a2063f860fe8560631729b0da700bfe6cb60c7894a0144ebfe

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1241
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:49 GMT
Last-Modified: Thu, 26 Jan 2023 23:20:08 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8832
Expires: Fri, 27 Jan 2023 02:08:01 GMT
Date: Thu, 26 Jan 2023 23:40:49 GMT
Connection: keep-alive

gum.criteo.com/sync?c=147&r=2&j=criteoCallback

178.250.2.146

200 OK

9.3 kB

URL HTTP/2
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP
178.250.2.146:0
ASN
#44788 Criteo SA

File type
data
Size
9.3 kB (9309 bytes)
Hash
96aad1a31e75a6eb6815e0a98638b4fc
15c5879c014741bfd7b4fb43663b779a1dcd06e9
b198b181467df88e98989b3d32ab53b6dab54b8b9f552032363bb3481bb3932f

HTTP Headers

GET /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
x-crto-bundle: bBhj1l9hR1ZsUksxdUYxMEpZVzhRRnVkSHpsQXYxNVUzSTdQMXV5QTdranBFRXQyNEVaWGIzZDk1ekgwaE1QaEZCUndoJTJGZ3prZ084TDM3ZERlbVJJakpBNG5vNUJuemhMaUcxWEFIT0huV2d0bG5jJTNE
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 1342021
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8832
Expires: Fri, 27 Jan 2023 02:08:01 GMT
Date: Thu, 26 Jan 2023 23:40:49 GMT
Connection: keep-alive

cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5&reqId=1708d551-cbe6-4512-419b-490972e72233&zdid=1258

142.250.74.130

302 Found

447 B

URL HTTP/2
cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5&reqId=1708d551-cbe6-4512-419b-490972e72233&zdid=1258
IP
142.250.74.130:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
447 B (447 bytes)
Hash
9c6f1eea49ba5276389cbd5ccfd639e2
b787e989427ba8cb74880130e3584e142623daa2
e5208cc057a106a49e41c737201d02c8e43749c61b61b3046d7b38f5656c04b0

HTTP Headers

GET /pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5&reqId=1708d551-cbe6-4512-419b-490972e72233&zdid=1258 HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5&reqId=1708d551-cbe6-4512-419b-490972e72233&zdid=1258&google_tc=
date: Thu, 26 Jan 2023 23:40:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 447
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 26-Jan-2023 23:55:49 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11568 bytes)
Hash
b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 2e85f75e-ab9d-4d45-adad-7313950a9647
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSWbxGwnoAMFejw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d117-68f1a9e71a07a0453311fd32;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 06:49:59 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dbz3wXGNaetf6xvRE98rshyHy-FVfDo8co-4VDL0a4Qe3E4U8A82Og==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 18:35:59 GMT
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
age: 18290
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a0df2a65a0fc9131ffb4b2059f1053f7
c7be16e530fa09b5e32702beee2202be6369b52f
d76dbd828986a563ce073d1b271e6fa6e3b57ec55b2cd3fba0fc069fa4e33ecf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D76DBD828986A563CE073D1B271E6FA6E3B57EC55B2CD3FBA0FC069FA4E33ECF"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14256
Expires: Fri, 27 Jan 2023 03:38:25 GMT
Date: Thu, 26 Jan 2023 23:40:49 GMT
Connection: keep-alive

ocsp2.globalsign.com/gsalphasha2g2

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsalphasha2g2
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1423 bytes)
Hash
b71cb224bbac354fe18ca570add2721a
c13d0f243f5c958d9fb53f6c0cb0cd0bd213e1a5
22b527efc7350ed8c57ba4438a1a2f976a57b4b23f5afe85ea5e32adcc6f26d7

HTTP Headers

POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 23:40:49 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Mon, 30 Jan 2023 19:26:29 GMT
ETag: "c13d0f243f5c958d9fb53f6c0cb0cd0bd213e1a5"
Last-Modified: Thu, 26 Jan 2023 19:26:30 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2444
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78fd18883f27b4eb-OSL

match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1

3.33.220.150

200 OK

70 B

URL HTTP/2
match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1
IP
3.33.220.150:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
70 B (70 bytes)
Hash
58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

HTTP Headers

GET /track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:49 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5623b111-3a93-4843-8a40-550089a3d3eb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.8 kB (7804 bytes)
Hash
a5de6b54196befa95e9291a051c645d0
e3100707a4e9b1d5c30223d31f58cd6ee8ad010b
5bcc3dd7011df4e17d7ef86d892fedeca14b0d0eabbe782fecf35c9a82b25e40

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5623b111-3a93-4843-8a40-550089a3d3eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7804
x-amzn-requestid: f2bfdd54-e6bf-449f-9731-087e4e848e2e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUmhfF4MoAMFquw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1b7a2-3a06fc0b3cd076b23c947d99;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 23:13:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CVD5IG2xp8meHr_xgY1KgY8PPejuUnKuXPqDpbd6NQv6U1kKVvK0Vg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 08:45:17 GMT
age: 53732
etag: "e3100707a4e9b1d5c30223d31f58cd6ee8ad010b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d91ae98-1f78-4bbd-98ab-6e6d92c7fef2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7573 bytes)
Hash
7364957de1b4c82a923bd947f0cce750
d8aa55b64a65757e043b4b1b63efd93c8261d275
f1f7059968d08adfa1c775c906ecb6e5b752210af0bcdcebfa77c2ba6f15bbf4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d91ae98-1f78-4bbd-98ab-6e6d92c7fef2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7573
x-amzn-requestid: 2946b91b-1d7e-4eba-966d-600ae368cd3f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLzVxGw1oAMF-xQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ce328b-04037751257e13ca156eee8d;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 07:08:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4TidB2H164ziAxKhEORFw4BBF0FB2pkkwNq3iMQfS4t7yObXCA59Pw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 14:49:11 GMT
age: 31898
etag: "d8aa55b64a65757e043b4b1b63efd93c8261d275"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM

2.18.172.23

200 OK

5.7 kB

URL HTTP/2
contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM
IP
2.18.172.23:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (13426)
Size
5.7 kB (5745 bytes)
Hash
95650c775060912301595dd6152cd93b
aadf8d91492a10f009b2834f4fead16383e454dd
7b04cd6616a65a6098754ccd4ed83c5b7e2bcf58d9a6d5402042b47ae44dd3a7

HTTP Headers

GET /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Sat, 28 Jan 2023 23:40:49 GMT
date: Thu, 26 Jan 2023 23:40:49 GMT
content-length: 5745
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52a1f3b3-38ab-4f58-ad1a-ca4c9f82503e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.4 kB (6394 bytes)
Hash
1695371c247eedad65b4cac82f01215d
50510052f0e22e23f747c761d57cdf72910ac533
aadde426229f04f6a489b87d6949a485b19d4fd035cb244b6094549efc08013f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52a1f3b3-38ab-4f58-ad1a-ca4c9f82503e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6394
x-amzn-requestid: 215e6698-30e7-45b0-8f8f-96a05c5f6992
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fOirZG1doAMFW_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf4b15-3e1bec6759816cf84467339b;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 03:05:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: tG3T0HguJWldw-LJ9SJSuuUT4ubLCWViwQFB-dZhNfEswMEexb7Tcw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 04:23:28 GMT
age: 69441
etag: "50510052f0e22e23f747c761d57cdf72910ac533"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

lg3.media.net/bping.php?vgd_len=486&&vgd_cdv=859&vgd_cage=1&gdpr=1&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1674776449751899929&ugd=4&lf=6&cc=NO&lper=100&wsip=2886995206&r=1674776449163&requrl=https%3A%2F%2Foxy.st%2Fd%2FKpug&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=50304&vgd_rakh=1674776449100023040&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p01069905250t202301262340&vgd_pgids=1&vgd_uspa=0&hvsid=00001674776449154015326356484433&gdpr=1&vgd_l2type=scs_newfl&vgd_end=1

2.18.172.23

200 OK

15 B

URL HTTP/2
lg3.media.net/bping.php?vgd_len=486&&vgd_cdv=859&vgd_cage=1&gdpr=1&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1674776449751899929&ugd=4&lf=6&cc=NO&lper=100&wsip=2886995206&r=1674776449163&requrl=https%3A%2F%2Foxy.st%2Fd%2FKpug&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=50304&vgd_rakh=1674776449100023040&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p01069905250t202301262340&vgd_pgids=1&vgd_uspa=0&hvsid=00001674776449154015326356484433&gdpr=1&vgd_l2type=scs_newfl&vgd_end=1
IP
2.18.172.23:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with no line terminators
Size
15 B (15 bytes)
Hash
2ba5e95642c652c708881ad3c9d8443f
5bfcc33bb9cc897546c600206b03d1307bd63a94
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

HTTP Headers

GET /bping.php?vgd_len=486&&vgd_cdv=859&vgd_cage=1&gdpr=1&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1674776449751899929&ugd=4&lf=6&cc=NO&lper=100&wsip=2886995206&r=1674776449163&requrl=https%3A%2F%2Foxy.st%2Fd%2FKpug&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=50304&vgd_rakh=1674776449100023040&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p01069905250t202301262340&vgd_pgids=1&vgd_uspa=0&hvsid=00001674776449154015326356484433&gdpr=1&vgd_l2type=scs_newfl&vgd_end=1 HTTP/1.1
Host: lg3.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: Apache
content-length: 15
content-type: text/html; charset=UTF-8
ntcoent-length: 15
strict-transport-security: max-age=21600
vary: Accept-Encoding
cache-control: max-age=85912
date: Thu, 26 Jan 2023 23:40:49 GMT
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8832
Expires: Fri, 27 Jan 2023 02:08:01 GMT
Date: Thu, 26 Jan 2023 23:40:49 GMT
Connection: keep-alive

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47dfbf8f-d762-4550-83d7-2992a8c8fe66.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12508 bytes)
Hash
bad60daf652c598a06510ff955137b69
235bf4642e726bb6a303fe1b69238e2e973414cb
d655c5ac17274a30a89c31674e14dc9c1b6bc39bfff94db1c9ff0d8006bb673b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47dfbf8f-d762-4550-83d7-2992a8c8fe66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12508
x-amzn-requestid: 68787c38-72fe-4d8a-9521-aeb9efa56b05
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fBYWyGIHoAMF-LQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ca075e-1ee9488d2dd0437728beac94;Sampled=0
x-amzn-remapped-date: Fri, 20 Jan 2023 03:15:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0lNizMpeWOcOlokaaW-WB7LXRReZwaFfPE38C-SmsS_PbxJPhcRYfw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 15:21:30 GMT
age: 29959
etag: "235bf4642e726bb6a303fe1b69238e2e973414cb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
7b8dcc42710b2f68c0ec782d2b2a3ae3
b865da423aa26e774270b8e3942b6fbe76793133
2da0fcf67d020f7c563946fca7ade89803cbe7cfe484f123640f8a9950b3f2b1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431&google_tc=

142.250.74.130

302 Found

292 B

URL HTTP/2
cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431&google_tc=
IP
142.250.74.130:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
292 B (292 bytes)
Hash
276a8d64df2f1d7bd3da029105cf87c8
4af7bffeeed227c93910b11cda9db002b526ffe2
8712298e861dfb853fa8d3ee626957e5ae464498be20fdafb3e3f70ecaadcd62

HTTP Headers

GET /pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
location: https://s.cpx.to/ca.png?dsp=dbm&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431&google_error=3
date: Thu, 26 Jan 2023 23:40:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 292
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

betotodilea.com/500/5630102?excludes=&oaid=3a033a90860b452280c7637d449e0135&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

1.3 kB

URL HTTP/2
betotodilea.com/500/5630102?excludes=&oaid=3a033a90860b452280c7637d449e0135&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
data
Size
1.3 kB (1302 bytes)
Hash
215c2c220ef9ccf942899d9e3a9b7cb9
e2ada040e9a87a59b2b7755b08c3a01d840bab7c
b031ddc594f93f63a16c1d0813888a828bf70a2fbcc073a2f5895d0ca577753b

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /500/5630102?excludes=&oaid=3a033a90860b452280c7637d449e0135&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: OAID=956311944f4742668bf446e7fe5a6e7e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: application/javascript
x-trace-id: e293396bf77093ef904f815f5025db65
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://oxy.st
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=3a033a90860b452280c7637d449e0135; expires=Fri, 26 Jan 2024 23:40:48 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FKpug%2526hn_ver%253D40%2526fid%253D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431

185.89.210.244

302 Found

0 B

URL HTTP/1.1
secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FKpug%2526hn_ver%253D40%2526fid%253D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431
IP
185.89.210.244:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FKpug%2526hn_ver%253D40%2526fid%253D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Thu, 26 Jan 2023 23:40:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://s.cpx.to/an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FKpug&hn_ver=40&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431
AN-X-Request-Uuid: d248c663-b5ab-4c8e-bf5e-60cddcd8af5d
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 946.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59e67210-efa8-4704-9931-e876d7c8922b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8065 bytes)
Hash
262b43386e404cb3d320c47c4cf792c1
87f304f8583fe6b6e942a9dbcb5efb5ee94987f2
ca0f72005920b2b2f49c387314540f3cd2f3d7808f0365dfb1c491500e8a8714

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59e67210-efa8-4704-9931-e876d7c8922b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8065
x-amzn-requestid: 4a4a6d4c-9c4b-418d-be96-8a0d1de4828a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fBYVuHZsoAMFmWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ca0757-74c21aa22d11c4240019a4b3;Sampled=0
x-amzn-remapped-date: Fri, 20 Jan 2023 03:15:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Ep_QyiLEIxubEC9RgbxdlAVYnQ65fxR22squ9p-9aXfpUVyah_oSow==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 21:47:43 GMT
age: 6786
etag: "87f304f8583fe6b6e942a9dbcb5efb5ee94987f2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5&reqId=1708d551-cbe6-4512-419b-490972e72233&zdid=1258&google_tc=

142.250.74.130

302 Found

437 B

URL HTTP/2
cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5&reqId=1708d551-cbe6-4512-419b-490972e72233&zdid=1258&google_tc=
IP
142.250.74.130:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
437 B (437 bytes)
Hash
e70a344931453420c286f1456d9457fa
7def693e984149b52c09afaba1a506f87c8f7d99
824db47033f23ae4c60903bc9a01867ca99571f59cb93d42656d325573294001

HTTP Headers

GET /pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5&reqId=1708d551-cbe6-4512-419b-490972e72233&zdid=1258&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 302 Found
location: https://mwzeom.zeotap.com/mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5&reqId=1708d551-cbe6-4512-419b-490972e72233&zdid=1258&google_error=3
date: Thu, 26 Jan 2023 23:40:49 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 437
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FKpug&nse=5&vi=1674776449751899929&ugd=4&sff=0&pgid=p01069905250t202301262340&nb=1

2.18.172.23

200 OK

330 B

URL HTTP/2
contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FKpug&nse=5&vi=1674776449751899929&ugd=4&sff=0&pgid=p01069905250t202301262340&nb=1
IP
2.18.172.23:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (550), with no line terminators
Size
330 B (330 bytes)
Hash
43d3287aeab1b4c61eedf3aac031ef87
45773eb3b6b7166b977c76688b1ca5246e43e2e8
9d006af8a292d44af608cbd6387ea3d641f70fc27f1fecd0a7dcaa7047500cad

HTTP Headers

GET /smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FKpug&nse=5&vi=1674776449751899929&ugd=4&sff=0&pgid=p01069905250t202301262340&nb=1 HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-encoding: gzip
content-type: text/javascript
x-sc-h: 22-2gtl
expires: Thu, 26 Jan 2023 23:40:49 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Thu, 26 Jan 2023 23:40:49 GMT
content-length: 330
vary: Accept-Encoding
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

s.cpx.to/ca.png?dsp=dbm&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431&google_error=3

63.32.10.107

200 OK

95 B

URL HTTP/1.1
s.cpx.to/ca.png?dsp=dbm&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431&google_error=3
IP
63.32.10.107:0
ASN
#16509 AMAZON-02

File type
PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Size
95 B (95 bytes)
Hash
9606fa62df0ffe87253f3baf418f0e42
fe8520ab0bf1622350513d685ece5faf70b4e8c1
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

HTTP Headers

GET /ca.png?dsp=dbm&fid=6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431&google_error=3 HTTP/1.1
Host: s.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Cookie: cpSess=8fc71c476d2432c
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 23:40:49 GMT
Content-Type: image/png
Content-Length: 95
Connection: keep-alive
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: none
cache-control: no-store, must-revalidate, private, max-age=0
pragma: no-cache
set-cookie: cpSess=8fc71c476d2432c; Expires=Fri, 26 Jan 2024 23:40:49 GMT; Domain=.cpx.to; Path=/; Secure; HttpOnly; SameSite=None

unphionetor.com/vctx?t=72747

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vctx?t=72747
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /vctx?t=72747 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Thu, 26 Jan 2023 23:40:49 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: d8ae84888bc76c476d2635945c79d8a8
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

mwzeom.zeotap.com/mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5&reqId=1708d551-cbe6-4512-419b-490972e72233&zdid=1258&google_error=3

172.67.13.182

200 OK

95 B

URL HTTP/2
mwzeom.zeotap.com/mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5&reqId=1708d551-cbe6-4512-419b-490972e72233&zdid=1258&google_error=3
IP
172.67.13.182:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Size
95 B (95 bytes)
Hash
71a50dbba44c78128b221b7df7bb51f1
0ec63b140374ba704a58fa0c743cb357683313dd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

HTTP Headers

GET /mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5&reqId=1708d551-cbe6-4512-419b-490972e72233&zdid=1258&google_error=3 HTTP/1.1
Host: mwzeom.zeotap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Cookie: zc=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5; zsc=%22az%09%21%1D%CFL%19%8B%87YN%E5%BB%5C%BE%9A%29%2A9U%28%24%99%D0%A37%D9r%C7%EEy%B1%23%F3J%021%7F%B6%C3%E1%27%5EJs%3C%DF%01%A05%26%8B%05%B6%8D%F0%FD%A2~v%CDM%10%89%BC%7F%F3fV%8Ce%FE%D1%D8%2C%F9%DC%F3.%A9%B3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:49 GMT
content-type: image/png
content-length: 95
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://oxy.st
set-cookie: zc=5889dd3e-0187-42bc-6d9b-760dc4b2f6c5; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 78fd1888fdbdb511-OSL
X-Firefox-Spdy: h2

rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js

54.230.111.4

200 OK

671 B

URL HTTP/2
rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js
IP
54.230.111.4:0
ASN
#16509 AMAZON-02

File type
data
Size
671 B (671 bytes)
Hash
33ce999ffd6810bdb45d8acad8f90ad0
24be76c95bb2c43a3c4e0e09d7d360a93e0a86fb
0b4f9196da2d827f4eddf0e2fcc01b18c1d93c0210f25f477584dfa0bd6f7bed

HTTP Headers

GET /rules-p-6Fv0cGNfc_bw8.js HTTP/1.1
Host: rules.quantcount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
last-modified: Thu, 13 Oct 2022 22:35:53 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: gzip
date: Thu, 26 Jan 2023 23:37:03 GMT
cache-control: max-age=3600
etag: W/"1f431dc94c1f033d6666f0fe637e2d7b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -xweG3YumrjJtbgnw8NALhveBc2VDuyaDOts-SPeVudEKUOrhAlfLg==
age: 226
X-Firefox-Spdy: h2

image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431

185.64.190.80

200 OK

115 B

URL HTTP/2
image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431
IP
185.64.190.80:0
ASN
#62713 AS-PUBMATIC

File type
data
Size
115 B (115 bytes)
Hash
6a691d64c380564e70f6b8395ea6ccdb
cc8c68c02c4c18b5e9b7ca549b629fb2dc71c4b8
65023331d6af9780c5b69cb5ef00593fe3f9b4df6fa743869e30c523befd5514

HTTP Headers

GET /AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431 HTTP/1.1
Host: image2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:49 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip
X-Firefox-Spdy: h2

ibrapush.com/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
ibrapush.com/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Content-Type: application/json
Origin: https://oxy.st
Content-Length: 719
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:49 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: fb73008483fcb973d58eb4f81821d32a
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Thu, 26 Jan 2023 23:40:49 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 2f2efd5f27da3169b27bd03bef37e8b4
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st

178.250.2.146

200 OK

5.5 kB

URL HTTP/2
gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st
IP
178.250.2.146:0
ASN
#44788 Criteo SA

File type
data
Size
5.5 kB (5507 bytes)
Hash
235eea5309d128f686cf2687a77726fc
3c5ad5a4112720c38db65580b0533e21e7cbc33e
deed2cfd36946637177d7a9b756340a3a4a5da34a210395d1a3f2e1b7b6ab8c2

HTTP Headers

GET /syncframe?origin=rtus&topUrl=oxy.st HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
uid=60f94529-70bc-4f48-b860-e1d6e62e1094; expires=Tue, 20 Feb 2024 23:40:49 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 543360
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1&entry=c~Idfs.Rtus.147.Events.SyncframeDropped~1

178.250.2.150

200 OK

43 B

URL HTTP/2
csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1&entry=c~Idfs.Rtus.147.Events.SyncframeDropped~1
IP
178.250.2.150:0
ASN
#44788 Criteo SA

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1&entry=c~Idfs.Rtus.147.Events.SyncframeDropped~1 HTTP/1.1
Host: csm.nl.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:49 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
c3fa0acd495f7caf6e73cd7d11915aa1
68214131a41d142e3f8cb2fc73fbc9a0d7ab5040
d343cb2efb8921f99f1acef382f5296d9f582fb8ad8d79b80d49e23bd7606a8c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1702
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 23:40:49 GMT
Last-Modified: Thu, 26 Jan 2023 23:12:28 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 313

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.110:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
061104e101442552c204bd46f812aa77
6253ce7fe8f353ef2ebb02992fb7909881cd235a
47d0f612ecdebad4e092e345fa39983592a6cf07fce44a00e42516791153371b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 26 Jan 2023 23:40:49 GMT
Last-Modified: Thu, 26 Jan 2023 23:03:57 GMT
Server: ECS (nyb/1D16)
X-Cache: Miss from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: SUu7qq1lGdZsUZFuuVSr6Imd2_cKDohiAvdlxqb9UGQirqMDZKaEJw==
Age: 2212

adtrack.adleadevent.com/notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7

54.154.10.160

200 OK

20 B

URL HTTP/1.1
adtrack.adleadevent.com/notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7
IP
54.154.10.160:0
ASN
#16509 AMAZON-02

File type
data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7 HTTP/1.1
Host: adtrack.adleadevent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://oxy.st
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Content-Encoding: gzip
Content-Type: application/x-javascript
Date: Thu, 26 Jan 2023 23:40:49 GMT
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 26 Jan 2023 23:40:49 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Length: 20
Connection: keep-alive

csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Origin.FromSyncframeBundle~1

178.250.2.150

200 OK

43 B

URL HTTP/2
csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Origin.FromSyncframeBundle~1
IP
178.250.2.150:0
ASN
#44788 Criteo SA

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /iev?entry=c~Idfs.Rtus.147.Origin.FromSyncframeBundle~1 HTTP/1.1
Host: csm.nl.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:49 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

betotodilea.com/impression/pKsUKmfR7yATjrW76IUZzMit9vUm4Cl4J3hI0rJ2VEe9h05fd9B1dG1HS6_yn_B_M3UTMQJU8827NK2C7c5Dco8fCTFH5ewuw3u-Woc14s7YY9WBb3izichJJaX29Ft8rBNAYzw0q7R2q804qlam26xMs_-CYO3gAMhoInAqRM__jwoEF0LbHjUg4bXSZt3gd-fYXAYXykt9Bh--vOuIFlIr62MjlIBAMNhe8JSFIbIJ-BzWRIPAbO2ohBz9K4hV1euNp5Td_bsacO1irSlqAKw4nOhOckjk2gdhSYz6LlUPeGJSvkMC6lWDuTl-KU_P38-aWxbDvh030GkXUnqlTUtmvyDbIKrYLZrr21DfgZ2BnTc-4ytEsUSGPHDjITOTOJjGogpafDcc76jR_YynXHcey8aeehW2RI3IQod5mcYWwjJ_ON2J53in_NbP0KedGvkDZKZN8wsFxFc4g5caNjaowtTVvmsMQkz4bQ==?_z=5630102&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

43 B

URL HTTP/2
betotodilea.com/impression/pKsUKmfR7yATjrW76IUZzMit9vUm4Cl4J3hI0rJ2VEe9h05fd9B1dG1HS6_yn_B_M3UTMQJU8827NK2C7c5Dco8fCTFH5ewuw3u-Woc14s7YY9WBb3izichJJaX29Ft8rBNAYzw0q7R2q804qlam26xMs_-CYO3gAMhoInAqRM__jwoEF0LbHjUg4bXSZt3gd-fYXAYXykt9Bh--vOuIFlIr62MjlIBAMNhe8JSFIbIJ-BzWRIPAbO2ohBz9K4hV1euNp5Td_bsacO1irSlqAKw4nOhOckjk2gdhSYz6LlUPeGJSvkMC6lWDuTl-KU_P38-aWxbDvh030GkXUnqlTUtmvyDbIKrYLZrr21DfgZ2BnTc-4ytEsUSGPHDjITOTOJjGogpafDcc76jR_YynXHcey8aeehW2RI3IQod5mcYWwjJ_ON2J53in_NbP0KedGvkDZKZN8wsFxFc4g5caNjaowtTVvmsMQkz4bQ==?_z=5630102&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /impression/pKsUKmfR7yATjrW76IUZzMit9vUm4Cl4J3hI0rJ2VEe9h05fd9B1dG1HS6_yn_B_M3UTMQJU8827NK2C7c5Dco8fCTFH5ewuw3u-Woc14s7YY9WBb3izichJJaX29Ft8rBNAYzw0q7R2q804qlam26xMs_-CYO3gAMhoInAqRM__jwoEF0LbHjUg4bXSZt3gd-fYXAYXykt9Bh--vOuIFlIr62MjlIBAMNhe8JSFIbIJ-BzWRIPAbO2ohBz9K4hV1euNp5Td_bsacO1irSlqAKw4nOhOckjk2gdhSYz6LlUPeGJSvkMC6lWDuTl-KU_P38-aWxbDvh030GkXUnqlTUtmvyDbIKrYLZrr21DfgZ2BnTc-4ytEsUSGPHDjITOTOJjGogpafDcc76jR_YynXHcey8aeehW2RI3IQod5mcYWwjJ_ON2J53in_NbP0KedGvkDZKZN8wsFxFc4g5caNjaowtTVvmsMQkz4bQ==?_z=5630102&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Cookie: OAID=3a033a90860b452280c7637d449e0135
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:53 GMT
content-type: image/gif
content-length: 43
x-trace-id: 823fa958da8a037495b94d77cd8f7ca0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

betotodilea.com/500/5630102?excludes=16368912&oaid=3a033a90860b452280c7637d449e0135&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/500/5630102?excludes=16368912&oaid=3a033a90860b452280c7637d449e0135&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

OPTIONS /500/5630102?excludes=16368912&oaid=3a033a90860b452280c7637d449e0135&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:53 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://oxy.st
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

139.45.197.237

200 OK

12 kB

URL HTTP/2
betotodilea.com/500/5630102?excludes=16368912&oaid=3a033a90860b452280c7637d449e0135&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
data
Size
12 kB (11781 bytes)
Hash
2479708151f1cff6980ecfc97acccdbb
48c6fe5ec16bd3a04b0d959321d4b3e6a9de6b4c
e72fe8ec4c649557163f5bc4b08fb0ae8fd0ea01c743f62386d1e11f7ed6afeb

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /500/5630102?excludes=16368912&oaid=3a033a90860b452280c7637d449e0135&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: OAID=3a033a90860b452280c7637d449e0135
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:53 GMT
content-type: application/javascript
x-trace-id: 0f85252cbd99e7c5c55acdf493fa702b
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://oxy.st
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=3a033a90860b452280c7637d449e0135; expires=Fri, 26 Jan 2024 23:40:53 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

nanouwho.com/1?z=5630103

139.45.197.242

200 OK

7.1 kB

URL HTTP/2
nanouwho.com/1?z=5630103
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type
data
Size
7.1 kB (7115 bytes)
Hash
ec970814fb9137d44dc01a09bd152121
fd07b55a47a05bcb2272db318483150e11e84008
70cc8faaefdea5b9f367597dcf1e005da807f3ba249c024bc2842946cf07007e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /1?z=5630103 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 1ec2a5030f27f6e1a320e10c37e28dce
access-control-expose-headers: X-Sc
x-sc: VmvIc3DWt8kHh_Sq4mOelLY9DAeBa1EwbB4AXCg99s236XOizAN2PdPDvy8s4Es4s06JlgVf7zxevRvB_526sGUJFL8=
set-cookie: scm=1; expires=Fri, 26 Jan 2024 23:40:48 GMT; secure; SameSite=None
OAID=2ff241ee25cd4d76ad13fca078d1b555; expires=Fri, 26 Jan 2024 23:40:48 GMT; secure; SameSite=None
oaidts=1674776448; expires=Fri, 26 Jan 2024 23:40:48 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

bedrapiona.com/5/5630105/?oo=1&js_build=iclick-v1.473.0

139.45.197.234

200 OK

0 B

URL HTTP/2
bedrapiona.com/5/5630105/?oo=1&js_build=iclick-v1.473.0
IP
139.45.197.234:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /5/5630105/?oo=1&js_build=iclick-v1.473.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: application/json
x-trace-id: 6f795990e9e85d232020dfa9f971b3e0
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=3a033a90860b452280c7637d449e0135; expires=Fri, 26 Jan 2024 23:40:47 GMT; path=/; secure; SameSite=None
oaidts=1674776447; expires=Fri, 26 Jan 2024 23:40:47 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

betotodilea.com/400/5630102

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/400/5630102
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /400/5630102 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: application/javascript
x-trace-id: cadb0c8920ddec4682257e7300e36df4
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=956311944f4742668bf446e7fe5a6e7e; expires=Fri, 26 Jan 2024 23:40:48 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

ibrapush.com/pfe/current/universal.min.js?v=3.1.414

139.45.197.250

200 OK

0 B

URL HTTP/2
ibrapush.com/pfe/current/universal.min.js?v=3.1.414
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.414 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 14:02:57 GMT
etag: W/"63d28811-18c6c"
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

contextual.media.net/dmedianet.js?cid=8CU7BC15F

2.18.172.23

200 OK

0 B

URL HTTP/2
contextual.media.net/dmedianet.js?cid=8CU7BC15F
IP
2.18.172.23:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /dmedianet.js?cid=8CU7BC15F HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Apache
content-type: text/javascript; charset=utf-8
x-mnt-h: 8-16
x-mnt-w: 8-32
etag: "07c83206f44439062ce3e82213bdf949"
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=300
expires: Thu, 26 Jan 2023 23:45:49 GMT
date: Thu, 26 Jan 2023 23:40:49 GMT
X-Firefox-Spdy: h2

secure.quantserve.com/quant.js

91.228.74.200

200 OK

0 B

URL HTTP/2
secure.quantserve.com/quant.js
IP
91.228.74.200:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /quant.js HTTP/1.1
Host: secure.quantserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:49 GMT
content-type: application/javascript
accept-ranges: bytes
cache-control: private, max-age=604800
content-encoding: gzip
etag: "OVi4z6W4qM+KoQEZlRgh5w=="
expires: Thu, 02 Feb 2023 23:40:49 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2

unphionetor.com/fv.js?t=72747&cb=1395196566

139.45.197.236

200 OK

0 B

URL HTTP/2
unphionetor.com/fv.js?t=72747&cb=1395196566
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /fv.js?t=72747&cb=1395196566 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:49 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 0302e143b76f8b7d967b6a48ad9db544
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

oxy.st/d/Kpug

185.178.208.137

200 OK

0 B

URL HTTP/2
oxy.st/d/Kpug
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /d/Kpug HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 26 Jan 2023 23:40:46 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; Domain=.oxy.st; HttpOnly; Path=/; Expires=Fri, 26-Jan-2024 23:40:46 GMT
PHPSESSID=vlfl22q355qsj814ml8i1ua227; path=/; domain=.oxy.st
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

ads.themoneytizer.com/IIQUniversalID.js

185.76.9.16

200 OK

0 B

URL HTTP/2
ads.themoneytizer.com/IIQUniversalID.js
IP
185.76.9.16:0
ASN
#60068 Datacamp Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /IIQUniversalID.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: application/javascript
last-modified: Wed, 12 Oct 2022 18:48:43 GMT
expires: Fri, 27 Jan 2023 05:04:10 GMT
cache-control: max-age=86400, public, no-transform
pragma: public
x-accel-expires: @1674795850
server: CDN77-Turbo
x-77-nzt: AblMCQ0ZahP/tQUBAA
x-77-nzt-ray: c0a4cc28904dcdef7f0fd363ad16861c
x-cache: HIT
x-age: 66997
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

oxy.st/sw.js

185.178.208.137

200 OK

0 B

URL HTTP/2
oxy.st/sw.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sw.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/d/Kpug
Connection: keep-alive
Cookie: __ddg1_=Oo6hR72ETDZQM0udux2l; PHPSESSID=vlfl22q355qsj814ml8i1ua227; _pbjs_userid_consent_data=3524755945110770; sharedid=e33c1931-a382-4eda-ae00-66fc59a66efd; cto_bundle=bBhj1l9hR1ZsUksxdUYxMEpZVzhRRnVkSHpsQXYxNVUzSTdQMXV5QTdranBFRXQyNEVaWGIzZDk1ekgwaE1QaEZCUndoJTJGZ3prZ084TDM3ZERlbVJJakpBNG5vNUJuemhMaUcxWEFIT0huV2d0bG5jJTNE; cto_bidid=mPkR0F9GVUFCa2VHSFRwY01Gb3JwZFNJbHlKaktzamhsN0tBaVp0TjFVQU9pZyUyRnRHVjR0elVKUWVDRHF1U0FJJTJGVUdiWjdlUENRY0Y3WmRINlZpRGdpMFV2bEElM0QlM0Q; prefetchAd_5630105=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
content-encoding: gzip
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

gum.criteo.com/sync?c=147&r=2&j=criteoCallback

178.250.2.146

200 OK

0 B

URL HTTP/2
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP
178.250.2.146:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 554279
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1

178.250.2.146

200 OK

0 B

URL HTTP/2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1
IP
178.250.2.146:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 471283
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

ads.themoneytizer.com/moneybile.js

185.76.9.16

200 OK

0 B

URL HTTP/2
ads.themoneytizer.com/moneybile.js
IP
185.76.9.16:0
ASN
#60068 Datacamp Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /moneybile.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: application/javascript
last-modified: Fri, 12 Mar 2021 17:07:19 GMT
expires: Fri, 27 Jan 2023 05:04:10 GMT
cache-control: max-age=86400, public, no-transform
pragma: public
x-accel-expires: @1674795850
server: CDN77-Turbo
x-77-nzt: AblMCQ0oI3b/tQUBAA
x-77-nzt-ray: c0a4cc28904dcdef7f0fd36399eb9f1c
x-cache: HIT
x-age: 66997
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

ads.themoneytizer.com/moneybid7_28/build/dist/prebid.js

185.76.9.16

200 OK

0 B

URL HTTP/2
ads.themoneytizer.com/moneybid7_28/build/dist/prebid.js
IP
185.76.9.16:0
ASN
#60068 Datacamp Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /moneybid7_28/build/dist/prebid.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: application/javascript
last-modified: Tue, 17 Jan 2023 14:40:20 GMT
expires: Fri, 27 Jan 2023 05:04:12 GMT
cache-control: max-age=86400, public, no-transform
pragma: public
x-accel-expires: @1674795852
server: CDN77-Turbo
x-77-nzt: AblMCQ0TbGb/swUBAA
x-77-nzt-ray: c0a4cc28904dcdef7f0fd36355d06021
x-cache: HIT
x-age: 66995
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1

178.250.2.146

200 OK

0 B

URL HTTP/2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1
IP
178.250.2.146:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 865753
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

ibrapush.com/pfe/current/tag.min.js?z=5630104

139.45.197.250

200 OK

0 B

URL HTTP/2
ibrapush.com/pfe/current/tag.min.js?z=5630104
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pfe/current/tag.min.js?z=5630104 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 14:02:57 GMT
etag: W/"63d28811-390a"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
link: <https://my.rtmark.net>; rel=dns-prefetch;, <https://my.rtmark.net>; rel=preconnect
content-encoding: gzip
X-Firefox-Spdy: h2

nanouwho.com/9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=3a033a90860b452280c7637d449e0135

139.45.197.242

200 OK

0 B

URL HTTP/2
nanouwho.com/9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=3a033a90860b452280c7637d449e0135
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FKpug&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=3a033a90860b452280c7637d449e0135 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 172
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: scm=1; OAID=2ff241ee25cd4d76ad13fca078d1b555; oaidts=1674776448
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 23:40:48 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: f6b156414952df9c2e72df2a3634b609
access-control-expose-headers: X-Sc
set-cookie: OAID=3a033a90860b452280c7637d449e0135; expires=Fri, 26 Jan 2024 23:40:48 GMT; secure; SameSite=None
oaidts=1674776448; expires=Fri, 26 Jan 2024 23:40:48 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

ag.gbc.criteo.com/newidsd

178.250.6.125

200 OK

0 B

URL HTTP/2
ag.gbc.criteo.com/newidsd
IP
178.250.6.125:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:49 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 106035
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

inklinkor.com/tag.min.js

104.21.91.63

200 OK

0 B

URL HTTP/2
inklinkor.com/tag.min.js
IP
104.21.91.63:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 26 Jan 2023 23:40:47 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: ab34261429c490b6e5a5d50fed7613a5
cache-control: max-age=86400
last-modified: Mon, 23 Jan 2023 15:51:55 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Fri, 27 Jan 2023 22:30:06 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 4241
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tsFBbIGI7fUQr1EeuFnoPFU6lEZ6smnYtc8FE03YxtnCOQgB47XpOWMHjihcZQAi7acYAYfBw6oQA61UYH30TV762TWsJrQTeAcwx3es6LFT9daS9MyPRjeJQ%2BbUrWj5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78fd187c396ab4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431

185.64.190.80

302 Found

0 B

URL HTTP/2
image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431
IP
185.64.190.80:0
ASN
#62713 AS-PUBMATIC

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431 HTTP/1.1
Host: image2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Thu, 26 Jan 2023 23:40:49 GMT
set-cookie: KTPCACOOKIE=true; domain=pubmatic.com; secure; expires=Wed, 26-Apr-2023 23:40:49 GMT; path=/
location: https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D6a7ea0ab-7cd8-4c13-82d2-c50c0d1b4431
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (57)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML