Report - oxy.st/d/KJtg

Report Overview

Submitted URL
oxy.st/d/KJtg
IP
185.178.208.137
ASN
#57724 Ddos-guard Ltd
Submitted
2023-02-04 19:14:09
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
4
Threat Detection Systems
28

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ads.adlook.me	43352	2018-11-28T13:50:19Z	2023-03-13T08:33:52Z	461 B	380 B	5.200.50.170
betotodilea.com	52465	2021-08-17T09:55:50Z	2023-03-13T05:31:16Z	4.3 kB	3.8 kB	139.45.197.237
fleraprt.com	unknown	2022-01-14T23:55:14Z	2023-03-13T06:33:10Z	470 B	474 B	139.45.195.254
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	7.8 kB	20 kB	23.36.76.226
pixel.quantserve.com	417	2012-05-21T21:45:06Z	2023-03-13T05:28:27Z	693 B	459 B	91.228.74.166
oxy.st	unknown	2020-07-14T20:48:51Z	2023-03-13T12:37:20Z	12 kB	278 kB	185.178.208.137
inklinkor.com	unknown	2022-04-01T13:44:00Z	2023-03-13T06:35:03Z	350 B	26 kB	172.67.211.29
tag.leadplace.fr	28142	2015-07-08T10:10:21Z	2023-03-13T05:20:58Z	861 B	6.1 kB	145.239.192.166
yastatic.net	72282	2014-03-11T08:15:28Z	2023-03-13T05:16:26Z	455 B	46 kB	178.154.131.216
d2zur9cc2gf1tx.cloudfront.net	unknown	2020-12-01T13:47:11Z	2023-03-13T05:21:11Z	404 B	26 kB	143.204.42.129
offerimage.com	304078	2019-06-10T13:11:53Z	2023-03-13T08:06:22Z	834 B	25 kB	104.22.32.172
ag.gbc.criteo.com	5925	2018-12-17T14:17:41Z	2023-03-13T05:53:12Z	386 B	493 B	185.235.84.178
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-13T08:22:43Z	1.0 kB	2.9 kB	172.64.155.188
lb.eu-1-id5-sync.com	unknown	2022-06-06T14:52:22Z	2023-03-13T05:36:40Z	398 B	362 B	162.19.138.82
gum.criteo.com	381	2015-01-22T11:58:57Z	2023-03-13T07:21:44Z	3.1 kB	2.8 kB	178.250.0.157
rules.quantcount.com	877	2018-06-15T17:43:28Z	2023-03-13T05:20:58Z	371 B	1.3 kB	54.230.111.33
unphionetor.com	54035	2022-02-11T13:53:49Z	2023-03-13T05:31:17Z	846 B	3.6 kB	139.45.197.236
cm.g.doubleclick.net	202	2012-05-22T11:58:28Z	2023-03-13T08:33:33Z	1.0 kB	2.6 kB	142.250.74.162
counter.yadro.ru	7275	2014-09-09T20:41:17Z	2023-03-13T07:26:53Z	484 B	726 B	88.212.202.52
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	59 kB	34.120.237.76
c.tmyzer.com	26868	2018-02-26T16:04:41Z	2023-03-13T05:20:58Z	379 B	264 B	54.38.64.100
nanouwho.com	unknown	2022-07-09T22:30:29Z	2023-03-13T05:15:46Z	3.7 kB	3.8 kB	139.45.197.242
tzegilo.com	unknown	2022-01-14T16:27:15Z	2023-03-13T06:33:04Z	348 B	826 B	104.21.89.122
s.cpx.to	2014	2014-10-25T15:31:28Z	2023-03-13T06:08:01Z	1.4 kB	2.6 kB	52.212.11.14
lg3.media.net	3558	2017-08-23T13:25:04Z	2023-03-13T09:02:59Z	850 B	330 B	2.18.172.23
whereres.com	unknown	2022-09-27T19:04:48Z	2023-03-12T21:21:08Z	370 B	9.2 kB	88.208.46.156
id5-sync.com	504	2017-01-25T22:02:34Z	2023-03-13T05:10:36Z	1.2 kB	2.1 kB	162.19.138.117
my.rtmark.net	9054	2015-02-04T10:54:57Z	2023-03-13T05:11:40Z	923 B	1.5 kB	139.45.195.8
ocsp2.globalsign.com	1544	2012-05-23T20:10:04Z	2023-03-13T05:14:17Z	357 B	1.9 kB	104.18.20.226
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-13T08:44:36Z	482 B	22 kB	216.58.207.227
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	35.81.157.247
dnacdn.net	3760	2019-09-02T17:07:45Z	2023-03-13T07:41:37Z	905 B	1.8 kB	178.250.2.146
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	350 B	1.0 kB	54.230.245.118
interstitial-07.com	36198	2017-03-09T01:00:07Z	2023-03-13T05:31:16Z	6.1 kB	55 kB	139.45.197.154
image2.pubmatic.com	873	2012-05-21T15:21:02Z	2023-03-13T05:50:14Z	510 B	554 B	185.64.189.110
p.cpx.to	10368	2015-01-23T02:00:57Z	2023-03-13T07:56:11Z	348 B	2.2 kB	52.18.129.185
ibrapush.com	unknown	2020-04-18T16:40:35Z	2023-03-13T09:49:24Z	3.0 kB	3.8 kB	139.45.197.250
secure.adnxs.com	396	2012-05-22T18:37:37Z	2023-03-13T05:28:06Z	1.2 kB	2.2 kB	185.89.211.132
match.adsrvr.org	349	2012-05-21T10:27:04Z	2023-03-13T05:21:15Z	407 B	352 B	15.197.193.217
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
cdnjs.cloudflare.com	235	2015-04-17T22:46:33Z	2023-03-13T05:09:21Z	418 B	1.6 kB	104.17.25.14
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	2.7 kB	5.6 kB	216.58.211.3
ads.themoneytizer.com	28463	2014-05-26T15:46:02Z	2023-03-13T05:20:58Z	1.9 kB	359 kB	185.76.9.23
bedrapiona.com	34930	2020-05-08T15:43:48Z	2023-03-13T05:31:15Z	401 B	1.1 kB	139.45.197.234
ced.sascdn.com	6332	2012-05-21T08:46:34Z	2023-03-13T08:46:59Z	358 B	33 kB	95.101.10.83
ajax.googleapis.com	12905	2013-08-16T11:51:31Z	2023-03-13T08:37:09Z	382 B	31 kB	142.250.74.42
contextual.media.net	513	2012-05-21T09:20:31Z	2023-03-13T05:53:10Z	1.2 kB	6.7 kB	2.18.172.23
mwzeom.zeotap.com	1406	2017-01-29T20:08:22Z	2023-03-13T05:20:58Z	813 B	559 B	104.22.24.87
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-13T08:14:31Z	463 B	630 B	142.250.74.106
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	3.8 kB	6.9 kB	93.184.220.29
mpraven.org	unknown	2022-09-06T16:22:31Z	2023-03-13T01:02:29Z	778 B	504 B	88.208.5.115
spl.zeotap.com	1638	2017-01-27T16:44:52Z	2023-03-13T05:20:58Z	413 B	734 B	104.22.24.87
cdn.adlook.me	108334	2018-11-26T09:56:10Z	2023-03-12T22:29:34Z	1.2 kB	23 kB	92.223.124.24
ocsp.globalsign.com	2075	2012-07-20T19:46:16Z	2023-03-13T05:09:19Z	1.1 kB	4.7 kB	104.18.21.226
csm.fr.eu.criteo.net	6845	2017-01-30T06:18:06Z	2023-03-13T07:05:22Z	538 B	358 B	178.250.0.162

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-04 19:14:35	medium	Client IP	Internal IP	ET DNS Query for .to TLD
2023-02-04 19:14:35	medium	Client IP	Internal IP	ET DNS Query for .to TLD
2023-02-04 19:14:35	medium	Client IP	Internal IP	ET DNS Query for .to TLD
2023-02-04 19:14:35	medium	Client IP	Internal IP	ET DNS Query for .to TLD

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-02-04	medium	fleraprt.com	Sinkholed
2023-02-04	medium	nanouwho.com	Sinkholed
2023-02-04	medium	betotodilea.com	Sinkholed
2023-02-04	medium	nanouwho.com	Sinkholed
2023-02-04	medium	unphionetor.com	Sinkholed
2023-02-04	medium	unphionetor.com	Sinkholed
2023-02-04	medium	betotodilea.com	Sinkholed
2023-02-04	medium	betotodilea.com	Sinkholed
2023-02-04	medium	betotodilea.com	Sinkholed
2023-02-04	medium	betotodilea.com	Sinkholed
2023-02-04	medium	nanouwho.com	Sinkholed
2023-02-04	medium	nanouwho.com	Sinkholed
2023-02-04	medium	nanouwho.com	Sinkholed
2023-02-04	medium	betotodilea.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (56)

	URL	Size	First Seen	Last Seen
	s.cpx.to/fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FKJtg&hn_ver=40&fid=a878dba8-cb8f-42b1-8257-2ecd836d0671	652 B	2023-03-13	2023-03-13
Pretty URL s.cpx.to/fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FKJtg&hn_ver=40&fid=a878dba8-cb8f-42b1-8257-2ecd836d0671 IP 52.212.11.14 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:58:51 Last Seen2023-03-13 16:58:51 Times Seen1 Hash 3dcba1b855d1207cfda1182e4b2aa440 415dfd350bad522dc0329393b3a48e3babe9ad34 729268631c5929505a046b562e0dd31aa75f827975118537cb0d1ece2a1406b0 Loading...

	nanouwho.com/1?z=5630103	18 kB	2023-03-13	2023-03-13
Pretty URL nanouwho.com/1?z=5630103 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:58:51 Last Seen2023-03-13 16:58:51 Times Seen1 Hash 950b5f6f50f1c116ee4632e44dcea101 9556d0410290cbdc33cb9533ecb1a01ab8a2592e 0f262d756b1b199301b0115ee8003c33fc4e8547dd140682b450ca9e3c375cd1 Loading...

	contextual.media.net/dmedianet.js?cid=8CU7BC15F	149 kB	2023-03-13	2023-03-13
Pretty URL contextual.media.net/dmedianet.js?cid=8CU7BC15F IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:58:51 Last Seen2023-03-13 16:58:51 Times Seen1 Hash ec46c9382cdf44fe28d632093c5c0fc5 6a2f44e4d6e187f570c71475c793efe3a23fcc3c 7afca36223dbc5feaeda077c304a913a8ce5bbdcf1a3bcb2a539915106362a90 Loading...

	oxy.st/slake/asset/js/jquery.min.js	87 kB	2023-03-07	2024-05-10
Pretty URL oxy.st/slake/asset/js/jquery.min.js IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-05-10 13:39:39 Times Seen26529 Hash 4b57cf46dc8cb95c4cca54afc85e9540 05e1ad0cc600a057886deaf237ab6e3d4fcdb5ac a28ccf8a7b50522bdeea0cd83cdeca221c18fc1f9df3ee6b3d3c48d599206855 Loading...

	oxy.st/d/KJtg	212 B	2023-03-13	2023-03-13
Pretty URL oxy.st/d/KJtg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:58:51 Last Seen2023-03-13 16:58:51 Times Seen1 Hash f94f867aeb5e87a49c0cc33061209686 d30309182597100e7e813145a61ea0eb0838f858 196d4236be1433a8b4399853dc4335d99ccc37a1735146402a7153aee0820ead Loading...

	oxy.st/d/KJtg	711 B	2023-03-09	2024-05-03
Pretty URL oxy.st/d/KJtg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 22:57:24 Last Seen2024-05-03 20:06:16 Times Seen9693 Hash 13e6988b26e75ff59bcbc49efbcd731e a69dec8eeeae18fa09688a66572d7329706ec7a4 7f9fb86fa3190bd7ccbd2c4d56b9ed87d71897e299917eaa5dc41ffdbb1f74ab Loading...

	inklinkor.com/tag.min.js	74 kB	2023-03-13	2023-03-13
Pretty URL inklinkor.com/tag.min.js IP 172.67.211.29 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:48:03 Last Seen2023-03-13 18:50:07 Times Seen1 Hash 6e9f73780991bbfe6da844c085308ea2 c6464ba07fa0f6faa6724cbad71650e79065a4e5 88fb124366971f59a00ffbbb7fcf89aea937868789ad776c45e160226d10e021 Loading...

	ads.themoneytizer.com/moneybid7_28/build/dist/prebid.js	591 kB	2023-03-13	2023-03-13
Pretty URL ads.themoneytizer.com/moneybid7_28/build/dist/prebid.js IP 185.76.9.23 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:15:00 Last Seen2023-03-13 18:46:54 Times Seen1 Hash f4757ec231f1aab082fa89dff02d2961 947a54b709165bafa59b16c67a81ab234c02a2e4 5bb06f052a7fa32f471f2e65b09f3a294b6fd633ea7e6989f6fd6b9f799fc995 Loading...

	rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js	1.1 kB	2023-03-08	2023-05-06
Pretty URL rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js IP 54.230.111.33 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:17:06 Last Seen2023-05-06 00:25:32 Times Seen369 Hash 1f431dc94c1f033d6666f0fe637e2d7b 18ee472909d5856fe9684765258c50731efbbdbe 1cc6de1a4f6a561a6aa75d08bae33388b2e8905d01753aa41e4886a466d7c28c Loading...

	gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st#%7B%22uid%22:%7B%22value%22:null,%22origin%22:0%7D,%22lwid%22:%7B%22value%22:null,%22origin%22:0%7D,%22bundle%22:%7B%22value%22:%22Hn_IzV9wJTJCR2VMWVd5aWZxdDBGMGxJb0c2aGhlUDJVRG1jUzZZMnI0N2ZuTUZTaUx2JTJCZTAzZXlxQkNGMjRmZ3pCdSUyRmRuUFNtelVMJTJGa1FvNmZpcVVMeHFwenRuTW1mRSUyQjBhOThESUM2WDVLUkhpbHclM0Q%22,%22origin%22:3%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22value%22:null,%22origin%22:0%7D,%22tld%22:%22oxy.st%22,%22topUrl%22:%22oxy.st%22,%22cw%22:true,%22lsw%22:true,%22origin%22:%22rtus%22,%22rtusCallerId%22:147,%22requestId%22:%220.5479391515051243%22%7D	14 kB	2023-03-07	2023-05-06
Pretty URL gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st#%7B%22uid%22:%7B%22value%22:null,%22origin%22:0%7D,%22lwid%22:%7B%22value%22:null,%22origin%22:0%7D,%22bundle%22:%7B%22value%22:%22Hn_IzV9wJTJCR2VMWVd5aWZxdDBGMGxJb0c2aGhlUDJVRG1jUzZZMnI0N2ZuTUZTaUx2JTJCZTAzZXlxQkNGMjRmZ3pCdSUyRmRuUFNtelVMJTJGa1FvNmZpcVVMeHFwenRuTW1mRSUyQjBhOThESUM2WDVLUkhpbHclM0Q%22,%22origin%22:3%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22value%22:null,%22origin%22:0%7D,%22tld%22:%22oxy.st%22,%22topUrl%22:%22oxy.st%22,%22cw%22:true,%22lsw%22:true,%22origin%22:%22rtus%22,%22rtusCallerId%22:147,%22requestId%22:%220.5479391515051243%22%7D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:51:36 Last Seen2023-05-06 00:14:31 Times Seen2035 Hash 49e65b540d43d40997ce3844d41b2dd0 b7331c5edc086ee2c7731b1b36e937e7c44450a7 f185c1b78d87a007d9492a85c6ce64c06cc851ef9f13ca3caf8aaafe243b0ac2 Loading...

	oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js	46 kB	2023-03-07	2024-05-03
Pretty URL oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:19 Last Seen2024-05-03 20:06:17 Times Seen20022 Hash 9df3cfdcc9b72f1aa24e2e114455ae7a e6ac207cdb6c4591f2d39f2a645f6dbf42534f89 5ab5f19f9bd4a4ddcf14235fc1684eefe7cfbfbc33f0a1fce661b13de43092be Loading...

	oxy.st/d/KJtg	203 B	2023-03-08	2024-05-03
Pretty URL oxy.st/d/KJtg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2024-05-03 20:06:16 Times Seen9807 Hash bff65d72294ae1a1fc014c9e9f776615 cf200b19907d85ad2bcc12a6224d52b0e791cdaf 3d94f0c46ddac793f8834d2727f4f4c38915244512e7a4b42ec10d68106a7660 Loading...

	oxy.st/d/KJtg	255 B	2023-03-09	2024-04-18
Pretty URL oxy.st/d/KJtg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 22:57:24 Last Seen2024-04-18 09:27:26 Times Seen7522 Hash d47a28c42c0b4402186a014830e33c59 c65eca97fa75a6d7910a6511c9c26b7927c91dc2 b45fb4585ee569e83749f3d7dc9e2da394a9d6d463e1e8fc2effebbfb8527dc3 Loading...

	oxy.st/slake/asset/js/ajax-mail.js	1.7 kB	2023-03-08	2024-05-03
Pretty URL oxy.st/slake/asset/js/ajax-mail.js IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2024-05-03 20:06:17 Times Seen19394 Hash 06acf64af6cd1d69540460ddb018c78c 9db22d7b6b6a223abca82e69fc4fba0c987587c2 259ce4dee332f67cc9d86367330efa87617f8c78428774d26dd0528f4942f39c Loading...

	ced.sascdn.com/tag/1097/smart.js	98 kB	2023-03-12	2023-03-13
Pretty URL ced.sascdn.com/tag/1097/smart.js IP 95.101.10.83 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 13:20:48 Last Seen2023-03-13 18:19:33 Times Seen1 Hash 147a33ff54d750b9436ca60581175181 623358022f123f42c2ce51b4b7fae76f6a7a77e1 b52ad46ce393602be0dcc61bf96cf97052d1e2c74f97bb85104a0889f690d4c8 Loading...

	oxy.st/d/KJtg	965 B	2023-03-09	2023-04-01
Pretty URL oxy.st/d/KJtg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 22:57:24 Last Seen2023-04-01 10:27:01 Times Seen23 Hash 1f2af4be15233c94732028f340908a41 6953d65533d246e0ce4d9d98973f68b9e2a0152b 5290521804727a0a6e618b6f9a515c04894358401f6b9356c9e1f48ab9ab7c6e Loading...

	cdn.adlook.me/js/rlf.js	71 kB	2023-03-09	2023-03-29
Pretty URL cdn.adlook.me/js/rlf.js IP 92.223.124.24 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 22:57:24 Last Seen2023-03-29 23:33:16 Times Seen24 Hash 44e861d9732eee28700fd9b91bc53455 edf09e207b8093b2af6ec34c747c854d8f18374d 4a16bb79b3eb9420d0158bf8ebe6e0e544a826154155f26d2f434e90d25e5085 Loading...

	betotodilea.com/400/5630102	84 kB	2023-03-13	2023-03-13
Pretty URL betotodilea.com/400/5630102 IP 139.45.197.237 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:58:51 Last Seen2023-03-13 16:58:51 Times Seen1 Hash 46bc456dd9733313846b93f05331a62a 2301a7a39d7e06c7c83052c2f8a4d0e125cb046d 0b5e29b91f4a8a45ebe869c9e48fc830505cf7afcb093e0bfa44c926ddf91c3a Loading...

	oxy.st/d/KJtg	102 kB	2023-03-13	2023-03-13
Pretty URL oxy.st/d/KJtg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:28:22 Last Seen2023-03-13 18:47:20 Times Seen1 Hash 6486e114fbb50d2a51410d1b815efca9 ed7dbe7163b58dc35aa1187cceee1f75e2fa11b6 d6722782df04c672031e5118f553aa8a562bb13075c989fc5c8d522d10a3c3ea Loading...

	unphionetor.com/fv.js?t=72747&cb=2015082844	5.2 kB	2023-03-07	2024-05-10
Pretty URL unphionetor.com/fv.js?t=72747&cb=2015082844 IP 139.45.197.236 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:56 Last Seen2024-05-10 08:33:21 Times Seen2375 Hash 563d777535ce88943a94a6be86f378c8 8753745424d367275e3fe55a5661fe51b1e1fb72 0f467a48a494f7f63968707dc43785b728d0c17f93c12937c1e5b12798f3a98a Loading...

	tzegilo.com/stattag.js	17 kB	2023-03-13	2023-03-14
Pretty URL tzegilo.com/stattag.js IP 104.21.89.122 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:57:04 Last Seen2023-03-14 07:35:08 Times Seen1 Hash 0576b696d0d93d3d09a14184fd321641 54ae6d8827838d84d082db92a01fe8534c6f3782 a79a9f73119b87e83d5762597cd84b735e443825d2e320e8f55693843ae5bacc Loading...

	nanouwho.com/27/843a9f1226eda0484b879504742bc6d9	410 kB	2023-03-13	2023-03-13
Pretty URL nanouwho.com/27/843a9f1226eda0484b879504742bc6d9 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:57:03 Last Seen2023-03-13 19:00:10 Times Seen1 Hash 9f59babc3c87d9a134b783f8227393a0 e324af09d2caaf44d5552e76c1e6fbbbeb8fc811 f4bf9c2d13f075ae514fd90eae80abbf0be057f62a8650c17fd88586edca6ab0 Loading...

	gum.criteo.com/sync?c=147&r=2&j=criteoCallback	30 kB	2023-03-07	2023-03-26
Pretty URL gum.criteo.com/sync?c=147&r=2&j=criteoCallback IP 178.250.0.157 ASN #44788 Criteo SA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:36:08 Last Seen2023-03-26 04:43:41 Times Seen35 Hash 80bfc02fde42033a0f48537690341313 268ee930484015bbbaf4f221a76d800bfba7f24d 259a03dd0fab544bf8564bacd97ad8562de81c929f00037a463f77fee3445fb0 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js	1.3 kB	2023-03-07	2024-05-10
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:34 Last Seen2024-05-10 15:10:50 Times Seen8753 Hash 4412bf8023109ee9eb1f1f226d391329 c273960aa874a87dd022b5e597887142f1b8e34f d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6 Loading...

	oxy.st/d/KJtg	193 B	2023-03-12	2023-03-13
Pretty URL oxy.st/d/KJtg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 14:58:04 Last Seen2023-03-13 22:55:43 Times Seen1 Hash c6f43beae4de3a12d3b73d59d424abab 572a02205a5f39f98da834572d60b4f2612f4a43 980850e4e7d9aff8c856608a70c975771451b48f2fff4ded566311403d16ec3b Loading...

	spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258	62 kB	2023-03-07	2023-03-26
Pretty URL spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:29 Last Seen2023-03-26 09:14:01 Times Seen2 Hash 2274941132e3cabeb06ba10635e091e1 eae64e2336d41f210e684d766bbc90752b67f25a 52d507688e76dfbe48fce79beb89be7f30101e95e9e06c121c461e30517ab36f Loading...

	tag.leadplace.fr/libJsLP.js	5.5 kB	2023-03-07	2023-12-06
Pretty URL tag.leadplace.fr/libJsLP.js IP 145.239.192.166 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:29 Last Seen2023-12-06 11:11:01 Times Seen14646 Hash a0c24f993bc0901cfe62d1e801cb2b45 7eb2bdce06161ae486bc8e7ecd0b5c9c4f7b2984 80fccb00db57a177d26368cda09f8a540cf1aa641b8b6837047e86d3bd8d6333 Loading...

	cdn.adlook.me/u/cds.html	1.3 kB	2023-03-07	2023-03-29
Pretty URL cdn.adlook.me/u/cds.html IP 92.223.124.24 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:53:41 Last Seen2023-03-29 23:33:16 Times Seen25 Hash b1085e2e3e7908742eebe4b9c54d28e0 dbc685b9fd34b562bf2d8d140ce3f2824108994a 5d37320a43aaf6303b47381532935be8ea870415a8f006a83ffc2e8f1611a715 Loading...

	oxy.st/d/KJtg	102 B	2023-03-13	2023-03-13
Pretty URL oxy.st/d/KJtg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:58:51 Last Seen2023-03-13 16:58:51 Times Seen1 Hash 21901239518f1f69082ada526b20cd48 faf1efb13b2c62b690fbe2589d1117f95a20c0c1 f7a9775cdb745d7879dd10906cdd5b8f7bbefa05bf5465e2f5cbc339206b20a6 Loading...

	oxy.st/slake/asset/js/main.js	8.7 kB	2023-03-08	2024-05-03
Pretty URL oxy.st/slake/asset/js/main.js IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2024-05-03 20:06:16 Times Seen19364 Hash 86fe5c70d7107cc8ab30e192072ac15d 15cd81d73ddec861349d2f1b2d4cf10eaefa9373 b1de65cb0d3a28aeed81012371764b92d0ac30077edb2d768dfdfd8640cfc7c1 Loading...

	oxy.st/d/KJtg	497 B	2023-03-07	2023-04-05
Pretty URL oxy.st/d/KJtg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:32 Last Seen2023-04-05 01:55:46 Times Seen28 Hash a010578715b1a87b2eb9cddffb170a90 a086b82341838ebecf514fac053023fa34b861a4 ccbe2ad7cc0e6e2882a8221b456efd5acc6ea52f922b0c8ffb6e965222df60da Loading...

	oxy.st/slake/asset/js/ajax-subscribe.js	1.4 kB	2023-03-08	2024-05-03
Pretty URL oxy.st/slake/asset/js/ajax-subscribe.js IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2024-05-03 20:06:17 Times Seen19366 Hash b53436c6ec7e681a3edcec13f42ec715 0aa1b02b89e734193d43d6385ebc5939bb666fd0 3b28dd2b4eda9085ee35fb2aae1d706c6d003c2521e4ad62bb2ef2e6969bca83 Loading...

	oxy.st/d/KJtg	183 B	2023-03-08	2023-04-01
Pretty URL oxy.st/d/KJtg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2023-04-01 10:27:01 Times Seen24 Hash dcfcdc72905c80505fc5222e23485031 afc7e2812ad5c3f7eb6954e4f54c6bee6e6f90f6 9518487666010d845d26fe2dd23260f566b305b6b528852a611a798d34d7df12 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js	86 kB	2023-03-07	2024-05-10
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:28 Last Seen2024-05-10 14:24:17 Times Seen22833 Hash d0212568ce69457081dacf84e327fa5c d6702a1af0378b2342f6a0692e77c169f580aed7 266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d Loading...

	interstitial-07.com/?l=iSNWy4rID4OXSxD&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3050147685%26z%3D5630103%26b%3D16336478%26c%3D6497346%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D7L9Kf5k_eGAU-ICCaPePb3cAHX1v9C6uGHaxyqR6jFHhBGFtqwcnerOzODeLRIOHyJibkwod1vajUDDUhVmzLKSFSc262rbAVzUjqktI8nFpaNPTLtLg6OkvqgkV2x0VPgzzx3zRKG8iBK8m8oIsf9CCuwn0RN3RcFUXaERQu6mW1q1D-mbycDiugyy3P02mNB39OhgXPE5m6CXoyFIaPyHFgZiRzgDjxz3izN0Yv84MAtXf6N-3WL5VsCzhp0iCzA9vl7X1RjCeUX3j-mPkVYxa2jn8vocLolEJrx19itAp60D4GpQZP9FYfXy0ldHTTCZ_voXsBpo0ciz3ryBYFXWdlrk7QdvZcw2BQTOOGN7ISHuShexOZmJiPHhk6fqXie4XNXgg1buusKzj8_wf7jL3JPW0255IR_JGCRb4_wi90UVLj2JWe_NQlyQTRo8MywJGEQSplA1w0d9qZQuKZkUnGcpiPPmK1WnKP86-y8u-h0JkT81yZOmzqW0kK9Fn3SI6vmTxGw-Nh7pK5WL8cd_AIICPhfqXWk55AegjufRfsJikzC0W0J0YcL3PSUmgV2t56piO0mbdpQZx6SmISFhwwUjwYQBZh-roqG3Ft7fUFqkGZE_4pY1fnFj-KzR1qKbVBlvOZPeyeldnmpBmV2NDV-juN7La3hjcEtLFACnoX6nkjuiPjLaxcxNNJsZwSZHyL4JsiG8UrMa7nq2UQbseRE96JV-bZv8NOtZqaMVLm8DY%26bag%3Dk61ASqzarAVbT7gseeGtWw%3D%3D%26ruid%3D56234cf8-9a2a-40e4-9b28-d36e33d40786%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKJtg%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0	1.5 kB	2023-03-13	2023-03-13
Pretty URL interstitial-07.com/?l=iSNWy4rID4OXSxD&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3050147685%26z%3D5630103%26b%3D16336478%26c%3D6497346%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D7L9Kf5k_eGAU-ICCaPePb3cAHX1v9C6uGHaxyqR6jFHhBGFtqwcnerOzODeLRIOHyJibkwod1vajUDDUhVmzLKSFSc262rbAVzUjqktI8nFpaNPTLtLg6OkvqgkV2x0VPgzzx3zRKG8iBK8m8oIsf9CCuwn0RN3RcFUXaERQu6mW1q1D-mbycDiugyy3P02mNB39OhgXPE5m6CXoyFIaPyHFgZiRzgDjxz3izN0Yv84MAtXf6N-3WL5VsCzhp0iCzA9vl7X1RjCeUX3j-mPkVYxa2jn8vocLolEJrx19itAp60D4GpQZP9FYfXy0ldHTTCZ_voXsBpo0ciz3ryBYFXWdlrk7QdvZcw2BQTOOGN7ISHuShexOZmJiPHhk6fqXie4XNXgg1buusKzj8_wf7jL3JPW0255IR_JGCRb4_wi90UVLj2JWe_NQlyQTRo8MywJGEQSplA1w0d9qZQuKZkUnGcpiPPmK1WnKP86-y8u-h0JkT81yZOmzqW0kK9Fn3SI6vmTxGw-Nh7pK5WL8cd_AIICPhfqXWk55AegjufRfsJikzC0W0J0YcL3PSUmgV2t56piO0mbdpQZx6SmISFhwwUjwYQBZh-roqG3Ft7fUFqkGZE_4pY1fnFj-KzR1qKbVBlvOZPeyeldnmpBmV2NDV-juN7La3hjcEtLFACnoX6nkjuiPjLaxcxNNJsZwSZHyL4JsiG8UrMa7nq2UQbseRE96JV-bZv8NOtZqaMVLm8DY%26bag%3Dk61ASqzarAVbT7gseeGtWw%3D%3D%26ruid%3D56234cf8-9a2a-40e4-9b28-d36e33d40786%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKJtg%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 IP 139.45.197.154 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:58:51 Last Seen2023-03-13 16:58:51 Times Seen1 Hash 52fcc3c2fd585ee997273a6482b5150f b55b245a4ddc09259d9fb3d4f19bc5d2b6933018 873373a0a79c3d10b090993c7f463ba203c7bb1931328188892df982ea876872 Loading...

	unknown	0 B	2023-03-07	2024-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-10 17:01:10 Times Seen37512695 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	ads.themoneytizer.com/IIQUniversalID.js	53 kB	2023-03-10	2024-05-05
Pretty URL ads.themoneytizer.com/IIQUniversalID.js IP 185.76.9.23 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 09:11:21 Last Seen2024-05-05 19:03:44 Times Seen84 Hash e8f338d8c91c35b946dba69efca7a232 7f05768c9921dea0aad7c93ff354bf33517254e4 7bb23de30daa7e81e2fafc5d2fbcada4b6fefc10c3251661952a341d6864aa8e Loading...

	ads.themoneytizer.com/moneybile.js	39 kB	2023-03-07	2023-11-06
Pretty URL ads.themoneytizer.com/moneybile.js IP 185.76.9.23 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:28 Last Seen2023-11-06 07:20:59 Times Seen1830 Hash efe528f52c3d05d68794f3f0f8146a8e 577c01fdfae7dcc7e7d23009d74422f61b414783 4006e0481f9cfffd3a579c3dcbdad1b6953e844c1e3c76a8d9f86844c98d87a3 Loading...

	contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM	15 kB	2023-03-13	2023-03-14
Pretty URL contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM IP 2.18.172.23 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:58:51 Last Seen2023-03-14 04:14:34 Times Seen1 Hash 935c84fdac1d40c9e6217711905426ab b278fe4f3fa1a7567ff1b1dabf4df4b4bb9eb5bf 07a88e56b50e01170991a8acbd244873f44c044e87dea225efc31b4cb49fea50 Loading...

	contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&nse=5&vi=1675538039389599864&ugd=4&sff=0&pgid=p11460576177t202302041914&nb=1	550 B	2023-03-13	2023-03-13
Pretty URL contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&nse=5&vi=1675538039389599864&ugd=4&sff=0&pgid=p11460576177t202302041914&nb=1 IP 2.18.172.23 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:58:51 Last Seen2023-03-13 16:58:51 Times Seen1 Hash 1afc738b4d9c37569d656674119790cd 365f69bec99cd369410f1a3ee243e489e3294c31 30b1098a015cfae09cecf64237b939945660fc27f2df55a38f76080b66340b09 Loading...

	ibrapush.com/pfe/current/tag.min.js?z=5630104	15 kB	2023-03-13	2023-03-13
Pretty URL ibrapush.com/pfe/current/tag.min.js?z=5630104 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:28:22 Last Seen2023-03-13 18:47:21 Times Seen1 Hash dcb7609ee3c9cdebf9ff27705198646f 6d769ef447e81bbf9b2d36d964826e9d34c1b9a2 96ac715a4b5ef34b6a45ef1e16ca0b269258ec85e4c7cc668875d1cea76ad23f Loading...

	d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js	26 kB	2023-03-07	2023-11-30
Pretty URL d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js IP 143.204.42.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:29 Last Seen2023-11-30 03:07:33 Times Seen15813 Hash 8703fc9eead243fe2f47380e962d7fa2 3d9f707259112fa9ccdd1e676f00eadcff71906c b47b4ca26c57e3dceebd7abd067df9622599bed6bfb11b480f92d09a945cd213 Loading...

	gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st#%7B%22uid%22:%7B%22value%22:null,%22origin%22:0%7D,%22lwid%22:%7B%22value%22:null,%22origin%22:0%7D,%22bundle%22:%7B%22value%22:%22Hn_IzV9wJTJCR2VMWVd5aWZxdDBGMGxJb0c2aGhlUDJVRG1jUzZZMnI0N2ZuTUZTaUx2JTJCZTAzZXlxQkNGMjRmZ3pCdSUyRmRuUFNtelVMJTJGa1FvNmZpcVVMeHFwenRuTW1mRSUyQjBhOThESUM2WDVLUkhpbHclM0Q%22,%22origin%22:3%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22value%22:null,%22origin%22:0%7D,%22tld%22:%22oxy.st%22,%22topUrl%22:%22oxy.st%22,%22cw%22:true,%22lsw%22:true,%22origin%22:%22rtus%22,%22rtusCallerId%22:147,%22requestId%22:%220.5479391515051243%22%7D	418 B	2023-03-07	2023-04-01
Pretty URL gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st#%7B%22uid%22:%7B%22value%22:null,%22origin%22:0%7D,%22lwid%22:%7B%22value%22:null,%22origin%22:0%7D,%22bundle%22:%7B%22value%22:%22Hn_IzV9wJTJCR2VMWVd5aWZxdDBGMGxJb0c2aGhlUDJVRG1jUzZZMnI0N2ZuTUZTaUx2JTJCZTAzZXlxQkNGMjRmZ3pCdSUyRmRuUFNtelVMJTJGa1FvNmZpcVVMeHFwenRuTW1mRSUyQjBhOThESUM2WDVLUkhpbHclM0Q%22,%22origin%22:3%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22value%22:null,%22origin%22:0%7D,%22tld%22:%22oxy.st%22,%22topUrl%22:%22oxy.st%22,%22cw%22:true,%22lsw%22:true,%22origin%22:%22rtus%22,%22rtusCallerId%22:147,%22requestId%22:%220.5479391515051243%22%7D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:51:37 Last Seen2023-04-01 10:34:33 Times Seen447 Hash 755b312976dc0edb23fa08bed999c482 6685710ba04dc63e4122ec3ce89f3adfe479adf4 663197a6a8353d989cdc65d4f3112e425a00839c85a3fde99bbe451a9c604a6f Loading...

	oxy.st/slake/asset/js/plugins.js	339 kB	2023-03-08	2024-05-03
Pretty URL oxy.st/slake/asset/js/plugins.js IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2024-05-03 20:06:17 Times Seen9614 Hash 132e96f62255f4daf2aff234f50912c2 62bbe81f1a3c0babfc39e2c3abf6d5687f3493f6 07174a0088fe0b461713a172e371e448f3d8eef64886d3e2f04a2e178073f6ad Loading...

	ads.themoneytizer.com/s/gen.js?type=2	4.9 kB	2023-03-12	2023-03-13
Pretty URL ads.themoneytizer.com/s/gen.js?type=2 IP 185.76.9.23 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 15:45:41 Last Seen2023-03-13 19:38:17 Times Seen1 Hash 201890094a0bc618e37a4188bd05129c a8bf896da4eb9a532214295db220fe72a9013920 70ee840253a7cb7c07edabed96e9a7cf14e2099c8ee00fc0e1bebd6628d773fe Loading...

	oxy.st/d/KJtg	199 B	2023-03-09	2024-05-03
Pretty URL oxy.st/d/KJtg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 22:57:24 Last Seen2024-05-03 20:06:16 Times Seen9505 Hash c178512b2fa871ed859cc5c78614a90f 3ea9b0941dac51dd0ec23713471efcf88e4fe204 916a18878c3b59bd1b1faf426fd8e58722a759fcd14f5fe3209943b74a5bc952 Loading...

	oxy.st/d/KJtg	193 B	2023-03-08	2024-05-03
Pretty URL oxy.st/d/KJtg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2024-05-03 20:06:16 Times Seen9779 Hash 6ecfa1336326d765e016a88ab498b19f f2c66833233de0ec9d468035e8b78dfc40a78de9 abf0d3ee81363003e4704b84b6662250bd8d3ced4685ef9ed9c9122328ae68e1 Loading...

	p.cpx.to/p/12771/px.js	2.0 kB	2023-03-08	2023-05-09
Pretty URL p.cpx.to/p/12771/px.js IP 52.18.129.185 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:47:35 Last Seen2023-05-09 18:09:53 Times Seen100 Hash a667f26d4e73b4b5098a9c9637d3d29f 83d9b753da4c51039a689bc67956f7f9997854cc a559f41c7e0d2f4852afbf1cf44b736b9158e65b01843c05850f6e8d6b6db9b6 Loading...

	oxy.st/d/KJtg	143 B	2023-03-07	2024-05-10
Pretty URL oxy.st/d/KJtg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:39:10 Last Seen2024-05-10 12:22:28 Times Seen9921 Hash 0e1ffe876425e6a6b54c517119ca9ec2 fe778fd505adb0f26552512e719c838f9df041fe b865ee6df9893808db5cca02720d02220c2c9c0259f249fa010495641dbcdf5e Loading...

	whereres.com/api/scripts/mSetupWidget?id=363	35 kB	2023-03-12	2023-03-14
Pretty URL whereres.com/api/scripts/mSetupWidget?id=363 IP 88.208.46.156 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:08:26 Last Seen2023-03-14 06:50:29 Times Seen1 Hash dc43adec9be7ab048033ee28b0477ad1 63db771d90e9c1018605e140b2490a35da3d77ea 52e0cf3855c906381d0c5c0de9209dd3bf3de9289addf228de0b6e75108b642b Loading...

	secure.quantserve.com/quant.js	26 kB	2023-03-13	2023-03-14
Pretty URL secure.quantserve.com/quant.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:54:25 Last Seen2023-03-14 00:00:09 Times Seen1 Hash bbeae221ba5e592568957a38afe753da f9590fc8632e5f0a320573091ffe67d83a59964f 2a15822e997e4b7b172e4b1e4c1366dd01f10ff936a8971ce15510f207b5d25c Loading...

	oxy.st/d/KJtg	143 B	2023-03-13	2023-03-13
Pretty URL oxy.st/d/KJtg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:58:52 Last Seen2023-03-13 16:58:52 Times Seen1 Hash 2ecd16a28dc9758f09f6e5b08600ee61 f36244d5d3bddfaa4443672222ba0e217fc1924d 60e3e31d82a69c7c2ec606b74669b7ba12cc9bc6a1f4ed28bd33d5548211c04b Loading...

		Size	First Seen	Last Seen
	#1 Eval - 874865d61c773e86cc04fc8dc065ef56	79 B	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 16:58:52 Last Seen2023-03-13 16:58:52 Times Seen1 Hash 874865d61c773e86cc04fc8dc065ef56 df08b4a478fa98fcfc54ab9f1e4aab6a9ae570a1 562d3510eb889953afea650318cae0cf97f4f4c45e5840e5a9129c4b33a26c74 Loading...

		Size	First Seen	Last Seen
	#1 Write - bc89a0d4febbacbf3c5101f09147baae	308 B	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 16:58:52 Last Seen2023-03-13 16:58:52 Times Seen1 Hash bc89a0d4febbacbf3c5101f09147baae dadfc4e9c6499c15f0a810bb28a1ba34e8809b68 987a92e4c7f8a1afec30893c94f5d6a712e342b06766d83afad73d2d13396359 Loading...

	#2 Write - af7b22fa9c6edfed3eb8ae9e6bcc7a5e	319 B	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 16:58:52 Last Seen2023-03-13 16:58:52 Times Seen1 Hash af7b22fa9c6edfed3eb8ae9e6bcc7a5e f12be56d87c976d7404e9cabd689878b3548e76d 0e053163acc8b2f0bc98ba78260f41b63d084e08e426c1ab3513b57b97ebf214 Loading...

	#3 Write - ce6bffe55ce28b1e6ed9b06677acb502	298 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 16:10:53 Last Seen2023-04-30 21:31:06 Times Seen51 Hash ce6bffe55ce28b1e6ed9b06677acb502 73d0b9c700d603484dbe5447e3f95de8ba81b939 3f853347836c2f4e3f50a468fd03c0d34b1376dd0d9de42e26ae76a5f59497dd Loading...

HTTP Transactions (168)

URL IP Response Size

oxy.st/d/KJtg

185.178.208.137

301 Moved Permanently

568 B

URL HTTP/1.1
oxy.st/d/KJtg
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (564), with no line terminators
Size
568 B (568 bytes)
Hash
2761b98db33884ab29711096ab315edb
8cea6e53464aea178b72e06a906205d040f14ca5
9f7a07f69d9b9a5af186a79159ccea18935ab4103128ca967e3f3f8ae45fb3ee

HTTP Headers

GET /d/KJtg HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: ddos-guard
Date: Sat, 04 Feb 2023 19:13:57 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Location: https://oxy.st/d/KJtg
Content-Type: text/html; charset=utf8
Content-Length: 568

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
81713f952b51a865ad9764cde68e3fdb
278c3a9c4bb2a0ffb7375f90d89a1ba6e90a766a
c2eb0d8a24ecb51af28f1c71db4b9a95c568dcf6c94b41ee8c78787a4ebebcef

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2EB0D8A24ECB51AF28F1C71DB4B9A95C568DCF6C94B41EE8C78787A4EBEBCEF"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2183
Expires: Sat, 04 Feb 2023 19:50:20 GMT
Date: Sat, 04 Feb 2023 19:13:57 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12805
Expires: Sat, 04 Feb 2023 22:47:22 GMT
Date: Sat, 04 Feb 2023 19:13:57 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 18:43:38 GMT
content-type: application/json
age: 1819
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20508
Expires: Sun, 05 Feb 2023 00:55:45 GMT
Date: Sat, 04 Feb 2023 19:13:57 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: MjAoqaRJTxLRyUan0Okm0VkXRkeJ/ad50mwPooLP93304S2vubl1+hmiUIQjzPW+zoj619evT0A=
x-amz-request-id: TBAJDEJ1RWMA6VY2
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 18:24:08 GMT
age: 2989
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
14881c592018d5a65f40044e053dda86
8bffa0055a2a28e0d41a3b72212d089ff52de642
1dbe86e7568743f656978b551e29f1250fa92b7162c178093d6ec227f552c066

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DBE86E7568743F656978B551E29F1250FA92B7162C178093D6EC227F552C066"
Last-Modified: Thu, 02 Feb 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10091
Expires: Sat, 04 Feb 2023 22:02:09 GMT
Date: Sat, 04 Feb 2023 19:13:58 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:57 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

oxy.st/slake/asset/css/jquery.mCustomScrollbar.min.css

185.178.208.137

200 OK

4.0 kB

URL HTTP/2
oxy.st/slake/asset/css/jquery.mCustomScrollbar.min.css
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (42894), with no line terminators
Size
4.0 kB (3950 bytes)
Hash
a6ffd799664bd950121e2e9f0d9b2667
88af5ed7d6e3ed43ee0ec21fb314e03fb07867f0
de088565a1c5910a1c409bf3ec676c5d0c7c1304a18c744b46771c09fa6bdcad

HTTP Headers

GET /slake/asset/css/jquery.mCustomScrollbar.min.css HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/KJtg
Cookie: __ddg1_=UrgrRfWOyMYkjQaZWI1X; PHPSESSID=56gr9ed0t17hqg44tbihk05qi6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 30 Jan 2023 02:58:21 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 3950
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-a78e"
age: 490537
X-Firefox-Spdy: h2

oxy.st/d/KJtg

185.178.208.137

200 OK

30 kB

URL HTTP/2
oxy.st/d/KJtg
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (460), with CRLF, LF line terminators
Size
30 kB (29924 bytes)
Hash
e7b2601098741b103920219ce45cd429
c2f1f64444a0e2078ed4f40813d40100a223b096
7e59b14e9c7974355b22cc6dd1ee038fceaf547cf2e558ef52fc3f57fde6ed64

HTTP Headers

GET /d/KJtg HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 19:13:58 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: __ddg1_=UrgrRfWOyMYkjQaZWI1X; Domain=.oxy.st; HttpOnly; Path=/; Expires=Sun, 04-Feb-2024 19:13:58 GMT
PHPSESSID=56gr9ed0t17hqg44tbihk05qi6; path=/; domain=.oxy.st
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js

104.17.25.14

200 OK

591 B

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1266)
Size
591 B (591 bytes)
Hash
414869f16aa77a65b4928a018f7f1abb
cea521f7a2958a50239526ed6b068f0937527653
afee364ce513c6517247b81cce5eb5eadb1dbbb35e439eb3fa97bbc15fac2cd3

HTTP Headers

GET /ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:58 GMT
content-type: application/javascript; charset=utf-8
content-length: 591
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec1-514"
last-modified: Mon, 04 May 2020 16:11:45 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 8131931
expires: Thu, 25 Jan 2024 19:13:58 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3hKiPH3yfo%2Bpa%2FrHHGQgXpv4OMwLdJXXQohrQe1IbgiCz6rFhB%2BSqb1KJ22uAjpbKQAyA%2BkmNipS7h4JU%2BOB4iAvEgTUpv88YE7GWFILodThZg5Qk%2Bh7FkibbTHxjU4uXBrfyfou"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7945ba037dabfac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
98be7fe21d059e46146a43d20c4eea92
1ec58129fea75085588be7b8baec05b0874b5274
7bb2eb5ffcd88a3b6ba7b210bdbcd4469134c9708f06befb6c616beebf8dae46

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

oxy.st/slake/responsive.css?ver=5

185.178.208.137

200 OK

12 kB

URL HTTP/2
oxy.st/slake/responsive.css?ver=5
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text
Size
12 kB (11872 bytes)
Hash
c9887952027ae1466ab90ba9dcd23ce3
0afb76db6c9644265da1820da0afe7aaef448e53
f16e171dae88fb2e1970604b6152409551d184fb1977a2668dd19f36dc0ab338

HTTP Headers

GET /slake/responsive.css?ver=5 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/KJtg
Cookie: __ddg1_=UrgrRfWOyMYkjQaZWI1X; PHPSESSID=56gr9ed0t17hqg44tbihk05qi6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 30 Jan 2023 18:15:32 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 22:27:36 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefded8-135c7"
age: 435506
content-length: 11872
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

oxy.st/slake/style.css?ver=6

185.178.208.137

200 OK

24 kB

URL HTTP/2
oxy.st/slake/style.css?ver=6
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text
Size
24 kB (24360 bytes)
Hash
cd7b3e4dfecea7028bc1bdeda5a47477
5c37dcaa4ed3c2a4051e4dc1714a342ac0de8365
4d401337713e7f1c9f6588f8f7d79721e531c837b5f2f73c0b3cb372fd8f9b87

HTTP Headers

GET /slake/style.css?ver=6 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/KJtg
Cookie: __ddg1_=UrgrRfWOyMYkjQaZWI1X; PHPSESSID=56gr9ed0t17hqg44tbihk05qi6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 31 Jan 2023 16:34:53 GMT
content-type: text/css
last-modified: Fri, 18 Dec 2020 20:37:06 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5fdd12f2-2a549"
age: 355145
content-length: 24360
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

oxy.st/img/oxy-logo.svg

185.178.208.137

200 OK

3.2 kB

URL HTTP/2
oxy.st/img/oxy-logo.svg
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1126)
Size
3.2 kB (3204 bytes)
Hash
4dbb074be70991a358f914be3c00ad99
5f699e31b76bcb7e69fc4478a04b73b3df0e855a
9531a716a5007ddfc819613ec77f883ba963578d699f824034b4962f8221b8bf

HTTP Headers

GET /img/oxy-logo.svg HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/KJtg
Cookie: __ddg1_=UrgrRfWOyMYkjQaZWI1X; PHPSESSID=56gr9ed0t17hqg44tbihk05qi6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 27 Jan 2023 13:56:32 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Feb 2021 01:25:02 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
ddg-cache-status: HIT,HIT
etag: "602c706e-2019"
age: 710246
content-length: 3204
X-Firefox-Spdy: h2

oxy.st/slake/cookie.css?ver=6

185.178.208.137

200 OK

299 B

URL HTTP/2
oxy.st/slake/cookie.css?ver=6
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text
Size
299 B (299 bytes)
Hash
6d5f76f4027c2e9a60d78a83f4b952cd
b4ae6d8509643916be8eff3979acec375867708b
2338311f30dadbc2bffe2bdbfdd100c148e8fe4cb50ca669c7ff602a9c206f94

HTTP Headers

GET /slake/cookie.css?ver=6 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/KJtg
Cookie: __ddg1_=UrgrRfWOyMYkjQaZWI1X; PHPSESSID=56gr9ed0t17hqg44tbihk05qi6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 25 Jan 2023 20:55:55 GMT
content-type: text/css
last-modified: Mon, 15 Feb 2021 21:38:28 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 299
ddg-cache-status: HIT,HIT
etag: "602ae9d4-224"
age: 857883
X-Firefox-Spdy: h2

oxy.st/slake/asset/js/ajax-mail.js

185.178.208.137

200 OK

544 B

URL HTTP/2
oxy.st/slake/asset/js/ajax-mail.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with CRLF line terminators
Size
544 B (544 bytes)
Hash
4eb7582278a2e3748b9017bb83307caf
93c419ea8637148be2192bfa8068ed8009e3add7
59ccbe475f369df6e9daf6480deb023a38b4fc29016142e062f76f4218f66abc

HTTP Headers

GET /slake/asset/js/ajax-mail.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/KJtg
Cookie: __ddg1_=UrgrRfWOyMYkjQaZWI1X; PHPSESSID=56gr9ed0t17hqg44tbihk05qi6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 26 Jan 2023 16:25:47 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 544
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-683"
age: 787691
X-Firefox-Spdy: h2

oxy.st/slake/asset/js/main.js

185.178.208.137

200 OK

1.8 kB

URL HTTP/2
oxy.st/slake/asset/js/main.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (368)
Size
1.8 kB (1840 bytes)
Hash
76d3c4da3644ed1684ed54ff59305a5a
3e03f21e8af17de66be1aa22a6f952c000fbcc70
adc0957a4224cf75ae632338e6e52591d0552189b8ba1a4e7f19885405dfc2f8

HTTP Headers

GET /slake/asset/js/main.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/KJtg
Cookie: __ddg1_=UrgrRfWOyMYkjQaZWI1X; PHPSESSID=56gr9ed0t17hqg44tbihk05qi6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 01 Feb 2023 13:24:46 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 1840
ddg-cache-status: HIT,HIT
etag: W/"5eefbeb2-2210"
age: 280152
X-Firefox-Spdy: h2

oxy.st/css/cloud.css

185.178.208.137

200 OK

9.2 kB

URL HTTP/2
oxy.st/css/cloud.css
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (14454)
Size
9.2 kB (9206 bytes)
Hash
0517562cc81de376b3c1fee3e8bef414
80df32c8b71549b0253cce1b47fe13d82fc1b604
184ccb46109faef0678ef3a603a551e55d3f9ff74a200ebeaba2c23655e52c8a

HTTP Headers

GET /css/cloud.css HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/KJtg
Cookie: __ddg1_=UrgrRfWOyMYkjQaZWI1X; PHPSESSID=56gr9ed0t17hqg44tbihk05qi6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 29 Jan 2023 12:30:59 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:25 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 9206
ddg-cache-status: HIT,HIT
etag: W/"5eefbeb1-d024"
age: 542579
X-Firefox-Spdy: h2

oxy.st/slake/asset/js/ajax-subscribe.js

185.178.208.137

200 OK

635 B

URL HTTP/2
oxy.st/slake/asset/js/ajax-subscribe.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with CRLF line terminators
Size
635 B (635 bytes)
Hash
574b8cde44d6b421cd12af0df0cca335
7dbd98f2d7925795343e8b8a3fc0c91ba496f526
035c75b2646589e751a275f3469f1e53b5e9c55cff4f0b3d3cbdfbb248aef9c2

HTTP Headers

GET /slake/asset/js/ajax-subscribe.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/KJtg
Cookie: __ddg1_=UrgrRfWOyMYkjQaZWI1X; PHPSESSID=56gr9ed0t17hqg44tbihk05qi6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 30 Jan 2023 16:14:08 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 635
ddg-cache-status: HIT,HIT
etag: W/"5eefbeb2-595"
age: 442790
X-Firefox-Spdy: h2

oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js

185.178.208.137

200 OK

13 kB

URL HTTP/2
oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (32001), with CRLF line terminators
Size
13 kB (12929 bytes)
Hash
112891904d2ce52d072013c5e993463a
4cca8f66204463d7dc6f9f6819e3ebbd0636f5b1
d58c3c940e6ac6a2587c3d28ef50dd9dc6f20ea23c213ac5ff75419656fd3291

HTTP Headers

GET /slake/asset/js/jquery.mCustomScrollbar.concat.min.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/KJtg
Cookie: __ddg1_=UrgrRfWOyMYkjQaZWI1X; PHPSESSID=56gr9ed0t17hqg44tbihk05qi6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 26 Jan 2023 22:48:10 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-b1ab"
age: 764748
content-length: 12929
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

oxy.st/slake/asset/css/bootstrap.min.css

185.178.208.137

200 OK

20 kB

URL HTTP/2
oxy.st/slake/asset/css/bootstrap.min.css
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (65325)
Size
20 kB (20483 bytes)
Hash
4588208961b6b7ed6cd974687346348a
52085a4f6c875b6949261704f05050c1727e9c55
95a95b07b4e0d051f83a51b680810572bd1244b42cb6e640d3b29b98f3e92885

HTTP Headers

GET /slake/asset/css/bootstrap.min.css HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/KJtg
Cookie: __ddg1_=UrgrRfWOyMYkjQaZWI1X; PHPSESSID=56gr9ed0t17hqg44tbihk05qi6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 01 Feb 2023 06:48:15 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-235ed"
age: 303943
content-length: 20483
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d1da3983341930b1bb793a0d294c24f5
abb1e9d5eb2dabce6a6821362fc8f09639bc5178
a63fe4be50aad00aff7a4e6899f83933f9d6c20c2de279766ad098a61b580435

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A63FE4BE50AAD00AFF7A4E6899F83933F9D6C20C2DE279766AD098A61B580435"
Last-Modified: Thu, 02 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7062
Expires: Sat, 04 Feb 2023 21:11:40 GMT
Date: Sat, 04 Feb 2023 19:13:58 GMT
Connection: keep-alive

oxy.st/slake/asset/js/bootstrap.min.js

185.178.208.137

200 OK

13 kB

URL HTTP/2
oxy.st/slake/asset/js/bootstrap.min.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (48664)
Size
13 kB (13046 bytes)
Hash
061a1656d3064d501413d45bef002938
1fec864435f996d6f5cec2f95b9b24cafef0b182
a7b82b175ee2cb823d904fc89454e91e6e92c91f91c0de1663d54e62bf3cc6e1

HTTP Headers

GET /slake/asset/js/bootstrap.min.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/KJtg
Cookie: __ddg1_=UrgrRfWOyMYkjQaZWI1X; PHPSESSID=56gr9ed0t17hqg44tbihk05qi6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 17:11:51 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 13046
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-bf30"
age: 7327
X-Firefox-Spdy: h2

oxy.st/slake/asset/slice_white.png

185.178.208.137

200 OK

6.1 kB

URL HTTP/2
oxy.st/slake/asset/slice_white.png
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 201 x 45, 8-bit/color RGBA, non-interlaced\012- data
Size
6.1 kB (6078 bytes)
Hash
946ed1d2bd247854fa58e938de28ee95
883cda7ee0087e29a32f07b6c8ead3e8df5db738
bfe6c8b9cf34578f573091bb118f86a10b918b7d530b25107648f12158759e85

HTTP Headers

GET /slake/asset/slice_white.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/KJtg
Cookie: __ddg1_=UrgrRfWOyMYkjQaZWI1X; PHPSESSID=56gr9ed0t17hqg44tbihk05qi6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 03 Feb 2023 15:01:41 GMT
content-type: image/png
content-length: 6078
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
access-control-allow-origin: *
accept-ranges: bytes
etag: "5eefbeb2-17be"
age: 101537
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

oxy.st/images/ltd.svg

185.178.208.137

200 OK

20 kB

URL HTTP/2
oxy.st/images/ltd.svg
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (50102)
Size
20 kB (19700 bytes)
Hash
d37ece4290313a264b5e235c0dadf2fb
9ae09bed58122b3d3c4914c45e682dce63993e14
e08d9d0fd918211315836b13807379efdf0a22ac163c96f96c5a14d1212781bd

HTTP Headers

GET /images/ltd.svg HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/KJtg
Cookie: __ddg1_=UrgrRfWOyMYkjQaZWI1X; PHPSESSID=56gr9ed0t17hqg44tbihk05qi6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 05:15:45 GMT
content-type: image/svg+xml
last-modified: Fri, 20 Nov 2020 00:55:29 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 19700
ddg-cache-status: HIT,HIT
etag: W/"5fb71401-c420"
age: 50293
X-Firefox-Spdy: h2

oxy.st/images/sprite3.png

185.178.208.137

200 OK

2.1 kB

URL HTTP/2
oxy.st/images/sprite3.png
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 124 x 49, 8-bit/color RGBA, non-interlaced\012- data
Size
2.1 kB (2059 bytes)
Hash
b08166a270b58c28d429bf2f9ffece6c
91dab55cbe8c802a7c56cd9d2ffaee9ccea4a49f
a21a9fa89fb6dd8c8e84907a99b0374abdf641c71c55e0283b7758e8f2a12507

HTTP Headers

GET /images/sprite3.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/KJtg
Cookie: __ddg1_=UrgrRfWOyMYkjQaZWI1X; PHPSESSID=56gr9ed0t17hqg44tbihk05qi6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 25 Aug 2022 10:28:42 GMT
content-type: image/png
content-length: 2059
last-modified: Sun, 27 Mar 2022 20:43:28 GMT
etag: "6240cc70-80b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 14114716
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

whereres.com/api/scripts/mSetupWidget?id=363

88.208.46.156

200 OK

9.0 kB

URL HTTP/1.1
whereres.com/api/scripts/mSetupWidget?id=363
IP
88.208.46.156:0
ASN
#39572 DataWeb Global Group B.V.

File type
Unicode text, UTF-8 text, with very long lines (3565)
Size
9.0 kB (8982 bytes)
Hash
9c6d8fe1a69623dcc4c1948506d672af
b400e0ddf00fbbeed8a94c949165659d78714911
a5b9db9230019c2386cbd1bd2b8e193cd202b1f5558cc20a4a52058f79542c09

HTTP Headers

GET /api/scripts/mSetupWidget?id=363 HTTP/1.1
Host: whereres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: openresty
Date: Sat, 04 Feb 2023 19:13:58 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.0.27
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c181c51a9326d56e60915a792c306c2c
de1cc0ce1384905e65a9fa9575743091d785e528
b74bc74e2920124b3288a980f9a7b59e3450ba63f2333027440cd6ebbdfdbf8d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 18:49:07 GMT
age: 1491
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
d4d7d6d6077079d28cac180985220645
7c5437e1e425dffbeb54341f3a150aa6faf8e951
a1ffdf0f5f534af3046ed92a4f4b99871816f5e4f8a3d60565c021433cadfa51

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 19:13:58 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 04 Feb 2023 16:59:16 GMT
Expires: Sat, 11 Feb 2023 16:59:15 GMT
Etag: "7c5437e1e425dffbeb54341f3a150aa6faf8e951"
Cache-Control: max-age=596116,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7945ba03b95a0afa-OSL

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
3e2378acc8e81d17152f66a71215c2d4
ea42fb0d4bc9e764bbcb1021a866e0e0a056abb2
a1bd3c62c3dc5d93122ff489c07f17744e6ebee05c6d234ceaf8e10f243c352c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3598
Cache-Control: max-age=85610
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:58 GMT
Etag: "63dd4bd2-117"
Expires: Sun, 05 Feb 2023 19:00:48 GMT
Last-Modified: Fri, 03 Feb 2023 18:00:50 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279

cdn.adlook.me/js/rlf.js

92.223.124.24

200 OK

19 kB

URL HTTP/2
cdn.adlook.me/js/rlf.js
IP
92.223.124.24:0
ASN
#199524 G-Core Labs S.A.

File type
Unicode text, UTF-8 text, with very long lines (65509), with no line terminators
Size
19 kB (19276 bytes)
Hash
4753bd99e680f991e358fcfc5956d348
f7506e35d1e97953351bacf094278a919dd2d5e9
417b57437a57fdbfdbe26fb8e676b6936d868f23f5aa5ca587811aa01ce9d03f

HTTP Headers

GET /js/rlf.js HTTP/1.1
Host: cdn.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:58 GMT
content-type: application/javascript,application/javascript;charset=utf-8
content-length: 19276
content-encoding: gzip
last-modified: Wed, 14 Dec 2022 11:05:17 GMT
etag: "8054b6f2abfd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
cache: HIT
x-cached-since: 2023-02-04T19:07:48+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
e9b4fb853d3de194295b1be8e681922d
c52a4ab65808cda62e9f0233d8b03a6146724747
24f005a1ae5c71ab8b285702e2f6391890517c03a455122572aee8599da6e59a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6400
Cache-Control: max-age=149629
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:58 GMT
Etag: "63de3af3-118"
Expires: Mon, 06 Feb 2023 12:47:47 GMT
Last-Modified: Sat, 04 Feb 2023 11:01:07 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 280

ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=2

185.76.9.23

200 OK

50 kB

URL HTTP/2
ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=2
IP
185.76.9.23:0
ASN
#60068 Datacamp Limited

File type
data
Size
50 kB (50370 bytes)
Hash
5f01583edc696c06e429cd23ff63ddc1
ca53fe7224a0fbf91c6c568599bed4e26ac80a85
e2d6eb828ec1b4c030236b27b2aa62291d10a09b6a1922e93461dd1f0b72da65

HTTP Headers

GET /s/requestform.js?siteId=85433&formatId=2 HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:58 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=604800
x-accel-expires: @1676052543
server: CDN77-Turbo
x-77-nzt: AblMCRR1dK3/t2ABAA
x-77-nzt-ray: af585630c3abcfbc76aede6364197015
x-cache: HIT
x-age: 90295
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

oxy.st/slake/asset/fonts/themify--fvbane.woff

185.178.208.137

200 OK

56 kB

URL HTTP/2
oxy.st/slake/asset/fonts/themify--fvbane.woff
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
Web Open Font Format, CFF, length 56108, version 1.0\012- data
Size
56 kB (56108 bytes)
Hash
a1ecc3b826d01251edddf29c3e4e1e97
9394f35bd2addd24666b79bfc36d4f9d247cb01d
0db5c5a1475eb7a3e5028983ea1e642d1b2c00faff6a250a37502b0f3832a4a7

HTTP Headers

GET /slake/asset/fonts/themify--fvbane.woff HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://oxy.st/slake/asset/css/elements.css?1
Cookie: __ddg1_=UrgrRfWOyMYkjQaZWI1X; PHPSESSID=56gr9ed0t17hqg44tbihk05qi6
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 30 Jan 2023 12:52:43 GMT
content-type: font/woff
content-length: 56108
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
access-control-allow-origin: *
accept-ranges: bytes
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-db2c"
age: 454875
X-Firefox-Spdy: h2

inklinkor.com/tag.min.js

172.67.211.29

200 OK

25 kB

URL HTTP/2
inklinkor.com/tag.min.js
IP
172.67.211.29:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
25 kB (25434 bytes)
Hash
d829bd5124cfb58d766ef39f4f8e6a46
ba47280cb53fe6696e74c3b9c60a53f68c9f7fc9
8ef1e378b831026383ce87fb147f7e3f95ed685bb023e1b6e9c06a5af1d7de8f

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:58 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 430b85d49d10dfc8b8b173cfe8aa6a87
cache-control: max-age=86400
last-modified: Fri, 03 Feb 2023 10:48:58 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Sun, 05 Feb 2023 18:40:50 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 1988
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZBrrYQhPP5YaVOXuyJ5Y%2FLnVGMYyXYr5bGRIW%2Fbz0PWAJEwZVOMXMeXISKLKLbypurn7luoKKQjF%2B%2BRlOOUtqRJOmNczQycr8UEm31gg8USfd8l3AFZwrkh%2FbJYM%2Fwmx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7945ba054b4eb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
23287a0337047631e479bb3cbe8b0fcd
15ec24f5ee1990ee456a6fd3bbcbdbe27bf62c99
da05b381eec3589d2689bc5fab2b89eb5d65f9a5652f9254f3353e30a4540034

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ads.themoneytizer.com/moneybid7_28/build/dist/prebid.js

185.76.9.23

200 OK

261 kB

URL HTTP/2
ads.themoneytizer.com/moneybid7_28/build/dist/prebid.js
IP
185.76.9.23:0
ASN
#60068 Datacamp Limited

File type
data
Size
261 kB (260831 bytes)
Hash
88fd1c4e2e5c172065109c3e27b10997
7866548e0fd2e8da8e0bec6e6de3fd445c0bb35e
62cc9f7e0da981e96dfac8f0b2b66e4e90101260c776ba2ffe51c95fa3d2ddf4

HTTP Headers

GET /moneybid7_28/build/dist/prebid.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:58 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 21:13:00 GMT
expires: Sat, 04 Feb 2023 18:08:28 GMT
cache-control: max-age=86400, public, no-transform
pragma: public
x-accel-expires: @1675620509
server: CDN77-Turbo
x-77-nzt: AblMCRQrPET/WQ8AAA
x-77-nzt-ray: af585630c3abcfbc76aede63108b1123
x-cache: HIT
x-age: 3929
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
3e2378acc8e81d17152f66a71215c2d4
ea42fb0d4bc9e764bbcb1021a866e0e0a056abb2
a1bd3c62c3dc5d93122ff489c07f17744e6ebee05c6d234ceaf8e10f243c352c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3598
Cache-Control: max-age=85610
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:58 GMT
Etag: "63dd4bd2-117"
Expires: Sun, 05 Feb 2023 19:00:48 GMT
Last-Modified: Fri, 03 Feb 2023 18:00:50 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5452c58c07ce8d3cade93b323b271c35
581b1e438daeb32a12feaf50f2aab17dcf3e3171
b99ea2af71e697f45db51732f7d3e8d3e50258c9c96e50a772b8c4638577140a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2

216.58.207.227

200 OK

21 kB

URL HTTP/2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 21276, version 1.0\012- data
Size
21 kB (21276 bytes)
Hash
59c9b83cc112cf7eeb3bf7a5e96b21fe
771790b776b5e1bc3039c337024e400974184208
a8447cdec51e85d9e93971a0d4a53bcf6085d70bf1d201662837d2fb953422c7

HTTP Headers

GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21276
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 30 Jan 2023 16:07:46 GMT
expires: Tue, 30 Jan 2024 16:07:46 GMT
cache-control: public, max-age=31536000
age: 443172
last-modified: Mon, 11 Jul 2022 19:01:17 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.adlook.me/u/cds.html

92.223.124.24

200 OK

1.4 kB

URL HTTP/2
cdn.adlook.me/u/cds.html
IP
92.223.124.24:0
ASN
#199524 G-Core Labs S.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
1.4 kB (1439 bytes)
Hash
092b935eec2ba1199c03c1c856472e77
90d533fb895dda57fd0645cf484a4ecb7a64c344
8719a7a7e474f30d7a1d5dbf2ab97bbd73437c28ef567b410361540ad38c985e

HTTP Headers

GET /u/cds.html HTTP/1.1
Host: cdn.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:58 GMT
content-type: text/html
content-length: 1439
last-modified: Thu, 06 Aug 2020 17:06:57 GMT
etag: "207a2dfe136cd61:0"
x-powered-by: ASP.NET
cache: HIT
x-cached-since: 2023-02-04T19:08:07+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.adlook.me/css/rlf.css?1.4

92.223.124.24

200 OK

1.6 kB

URL HTTP/2
cdn.adlook.me/css/rlf.css?1.4
IP
92.223.124.24:0
ASN
#199524 G-Core Labs S.A.

File type
ASCII text, with very long lines (1612), with no line terminators
Size
1.6 kB (1612 bytes)
Hash
ebb99a8c16a4ad70389cc2e9306fa4b1
b926dbbe4d67d1a39e3a7b1f4ea992c41388067b
d1b01565ed50bb2012a6d2c9b409fa41752d6c3a30e735f9f7008b7f635a21f1

HTTP Headers

GET /css/rlf.css?1.4 HTTP/1.1
Host: cdn.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:58 GMT
content-type: text/css
content-length: 1612
last-modified: Mon, 11 Oct 2021 12:59:26 GMT
etag: "2fce1cd29fbed71:0"
x-powered-by: ASP.NET
cache: HIT
x-cached-since: 2023-02-04T19:09:31+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
733547835cd9d804b421736bc47921da
f5eb3d6794e12405f915c8e3cc71b61d7c67e314
45cabc26c476812a02e93282f7cb74b2de67cc84eea8e69cd84c1a51743f1158

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "45CABC26C476812A02E93282F7CB74B2DE67CC84EEA8E69CD84C1A51743F1158"
Last-Modified: Sat, 04 Feb 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4281
Expires: Sat, 04 Feb 2023 20:25:19 GMT
Date: Sat, 04 Feb 2023 19:13:58 GMT
Connection: keep-alive

ads.themoneytizer.com/IIQUniversalID.js

185.76.9.23

200 OK

12 kB

URL HTTP/2
ads.themoneytizer.com/IIQUniversalID.js
IP
185.76.9.23:0
ASN
#60068 Datacamp Limited

File type
ASCII text, with very long lines (52687), with no line terminators
Size
12 kB (12227 bytes)
Hash
8b92c73a7caa0bea29a6977e6383ec5d
1e9830bbc7fabc28fe2df902889b974f57c80714
846d9de97320f255fc3faf023677b7487506c68f7a6c667556c53f04f0657f60

HTTP Headers

GET /IIQUniversalID.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:58 GMT
content-type: application/javascript
last-modified: Wed, 12 Oct 2022 18:48:43 GMT
expires: Sat, 04 Feb 2023 18:08:28 GMT
cache-control: max-age=86400, public, no-transform
pragma: public
x-accel-expires: @1675620509
server: CDN77-Turbo
x-77-nzt: AblMCRT0GJv/WQ8AAA
x-77-nzt-ray: af585630c3abcfbc76aede63ff82921e
x-cache: HIT
x-age: 3929
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9868
Expires: Sat, 04 Feb 2023 21:58:26 GMT
Date: Sat, 04 Feb 2023 19:13:58 GMT
Connection: keep-alive

ads.themoneytizer.com/s/gen.js?type=2

185.76.9.23

200 OK

33 kB

URL HTTP/2
ads.themoneytizer.com/s/gen.js?type=2
IP
185.76.9.23:0
ASN
#60068 Datacamp Limited

File type
data
Size
33 kB (33342 bytes)
Hash
a4779a055d9f989473fbafe9253284e3
26494dc5630d55ed4d60589c2cc3aac8b84d56da
5db900fa931b16eb59bb4f567d0abf217083f821204c2d27f1b46a878d58db71

HTTP Headers

GET /s/gen.js?type=2 HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:58 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=604800
x-accel-expires: @1676052509
server: CDN77-Turbo
x-77-nzt: AblMCRStiMb/2WABAA
x-77-nzt-ray: af585630c3abcfbc76aede63bd729515
x-cache: HIT
x-age: 90329
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
57fdf2746ac19b2c2093149d3ded7b25
06f6dcf2ac2f7a9cebe8c071067727dc5686fca1
ca8f1accae24f6fa5a101d38d72d4d933886080e487dd0ee75d246f2853a4791

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CA8F1ACCAE24F6FA5A101D38D72D4D933886080E487DD0EE75D246F2853A4791"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17260
Expires: Sun, 05 Feb 2023 00:01:38 GMT
Date: Sat, 04 Feb 2023 19:13:58 GMT
Connection: keep-alive

ocsp.globalsign.com/gseccovsslca2018

104.18.21.226

200 OK

939 B

URL HTTP/1.1
ocsp.globalsign.com/gseccovsslca2018
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
939 B (939 bytes)
Hash
7edb2bfac15a62c347447ebf07a5d64e
f5eaf64f05adc8e2f1b8a436a57b96f532017fd3
5fcb743a51ce3316488cf8f6bfc78fced2297814b652adc34744a21cb6f93349

HTTP Headers

POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 19:13:58 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Wed, 08 Feb 2023 16:47:35 GMT
ETag: "f5eaf64f05adc8e2f1b8a436a57b96f532017fd3"
Last-Modified: Sat, 04 Feb 2023 16:47:36 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 586
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7945ba066bfa1bfe-OSL

ocsp.globalsign.com/gseccovsslca2018

104.18.21.226

200 OK

939 B

URL HTTP/1.1
ocsp.globalsign.com/gseccovsslca2018
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
939 B (939 bytes)
Hash
7edb2bfac15a62c347447ebf07a5d64e
f5eaf64f05adc8e2f1b8a436a57b96f532017fd3
5fcb743a51ce3316488cf8f6bfc78fced2297814b652adc34744a21cb6f93349

HTTP Headers

POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 19:13:58 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Wed, 08 Feb 2023 16:47:35 GMT
ETag: "f5eaf64f05adc8e2f1b8a436a57b96f532017fd3"
Last-Modified: Sat, 04 Feb 2023 16:47:36 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 586
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7945ba06783bb4ff-OSL

tag.leadplace.fr/libJsLP.js

145.239.192.166

200 OK

5.5 kB

URL HTTP/1.1
tag.leadplace.fr/libJsLP.js
IP
145.239.192.166:0
ASN
#16276 OVH SAS

File type
ASCII text
Size
5.5 kB (5547 bytes)
Hash
a0c24f993bc0901cfe62d1e801cb2b45
7eb2bdce06161ae486bc8e7ecd0b5c9c4f7b2984
80fccb00db57a177d26368cda09f8a540cf1aa641b8b6837047e86d3bd8d6333

HTTP Headers

GET /libJsLP.js HTTP/1.1
Host: tag.leadplace.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 04 Feb 2023 19:13:58 GMT
Content-Type: application/javascript
Content-Length: 5547
Last-Modified: Thu, 07 Oct 2021 11:26:48 GMT
ETag: "615ed978-15ab"
Accept-Ranges: bytes
X-IPLB-Request-ID: 5B5A2A9A:0BDC_91EFC0A6:01BB_63DEAE76_6B81939A:237B6
X-IPLB-Instance: 30195

c.tmyzer.com/c/?s=85433&f=2&fi=99

54.38.64.100

200 OK

0 B

URL HTTP/1.1
c.tmyzer.com/c/?s=85433&f=2&fi=99
IP
54.38.64.100:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c/?s=85433&f=2&fi=99 HTTP/1.1
Host: c.tmyzer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 19:13:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
X-IPLB-Request-ID: 5B5A2A9A:4006_36264064:01BB_63DEAE76_32FEAE1:14EC5
X-IPLB-Instance: 38432

p.cpx.to/p/12771/px.js

52.18.129.185

200 OK

2.0 kB

URL HTTP/1.1
p.cpx.to/p/12771/px.js
IP
52.18.129.185:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (1990), with no line terminators
Size
2.0 kB (1990 bytes)
Hash
a667f26d4e73b4b5098a9c9637d3d29f
83d9b753da4c51039a689bc67956f7f9997854cc
a559f41c7e0d2f4852afbf1cf44b736b9158e65b01843c05850f6e8d6b6db9b6

HTTP Headers

GET /p/12771/px.js HTTP/1.1
Host: p.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
cache-control: max-age=2419200, public
content-type: application/javascript; charset=UTF-8
date: Sat, 04 Feb 2023 19:13:58 GMT
Content-Length: 1990
Connection: keep-alive

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
23287a0337047631e479bb3cbe8b0fcd
15ec24f5ee1990ee456a6fd3bbcbdbe27bf62c99
da05b381eec3589d2689bc5fab2b89eb5d65f9a5652f9254f3353e30a4540034

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b9a434a103fc84f2e3b2dae96dcbb687
d4b9360dc7d9f577b7a583b8e269062a9db8f525
246430d3a0fdc7b88956e6353cee41c8767433b00abebdb963eb6d54569bba91

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "246430D3A0FDC7B88956E6353CEE41C8767433B00ABEBDB963EB6D54569BBA91"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12277
Expires: Sat, 04 Feb 2023 22:38:35 GMT
Date: Sat, 04 Feb 2023 19:13:58 GMT
Connection: keep-alive

oxy.st/slake/asset/js/plugins.js

185.178.208.137

200 OK

43 kB

URL HTTP/2
oxy.st/slake/asset/js/plugins.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
data
Size
43 kB (43112 bytes)
Hash
f8883ab9c4a452a0bfe3c5cf9619db86
29104a6e1efdd389f07f0f3e1730de95746967da
427f528f5d190e0e3275d8a1fc40bad36fede3da064b33f29dc8fe6e614ff2f7

HTTP Headers

GET /slake/asset/js/plugins.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/KJtg
Cookie: __ddg1_=UrgrRfWOyMYkjQaZWI1X; PHPSESSID=56gr9ed0t17hqg44tbihk05qi6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 05:11:48 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 90933
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-52d51"
age: 50530
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e45e1fab974bf50f5c5821750cf96bb3
c53950778b062bf7edaa11157c463264c30a28fd
f13afdf20beadb7725ddab0fb7f7c6d0d985eb54681fe4cac4916543c02a9018

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F13AFDF20BEADB7725DDAB0FB7F7C6D0D985EB54681FE4CAC4916543C02A9018"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3819
Expires: Sat, 04 Feb 2023 20:17:37 GMT
Date: Sat, 04 Feb 2023 19:13:58 GMT
Connection: keep-alive

yastatic.net/islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2

178.154.131.216

200 OK

45 kB

URL HTTP/2
yastatic.net/islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2
IP
178.154.131.216:0
ASN
#13238 YANDEX LLC

File type
Web Open Font Format (Version 2), TrueType, length 45100, version 1.0\012- data
Size
45 kB (45100 bytes)
Hash
e783c489351712fa80a7cb4206cffd02
4d1d924e4cbae116baf57958cea28dedc9e361f4
281e998fb084bbc3243914bfd01a00ef5cdbc847179c43106808821a6e0ae1a5

HTTP Headers

GET /islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2 HTTP/1.1
Host: yastatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.17.9
date: Sat, 04 Feb 2023 19:13:58 GMT
content-type: application/font-woff2
content-length: 45100
access-control-allow-origin: *
cache-control: public, max-age=31556952
etag: "e783c489351712fa80a7cb4206cffd02"
expires: Mon, 05 Feb 2024 01:02:10 GMT
last-modified: Tue, 22 Jan 2019 17:07:25 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-nginx-request-id: 5c1611198c2ec842
accept-ranges: bytes
X-Firefox-Spdy: h2

tag.leadplace.fr/wckr.php?ref=https%3A%2F%2Foxy.st%2Fd%2FKJtg&id=MTIZ

145.239.192.166

200 OK

0 B

URL HTTP/1.1
tag.leadplace.fr/wckr.php?ref=https%3A%2F%2Foxy.st%2Fd%2FKJtg&id=MTIZ
IP
145.239.192.166:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wckr.php?ref=https%3A%2F%2Foxy.st%2Fd%2FKJtg&id=MTIZ HTTP/1.1
Host: tag.leadplace.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 04 Feb 2023 19:13:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
X-IPLB-Request-ID: 5B5A2A9A:0BDC_91EFC0A6:01BB_63DEAE76_6B8193AC:237B6
X-IPLB-Instance: 30195

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d12cb53144d0964484d5533da0d9224f
a656489348ebb5f6eb71f7f8758d64ea5e9a1f7a
1b458c0e3cebcfb9bb5cfb8fd54cd54b79825bde21f296a4348b0ce342a38585

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1B458C0E3CEBCFB9BB5CFB8FD54CD54B79825BDE21F296A4348B0CE342A38585"
Last-Modified: Sat, 04 Feb 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4173
Expires: Sat, 04 Feb 2023 20:23:31 GMT
Date: Sat, 04 Feb 2023 19:13:58 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
482952c319f6b341719e70726729734d
d562869196fe45ede7cf9d7b83643c020eae68b2
052ed0f05af6fa66b55a1e883536b6fc2743d32d56aa4b7c58f0b8202b67ee9b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5588
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:58 GMT
Last-Modified: Sat, 04 Feb 2023 17:40:50 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 313

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
482952c319f6b341719e70726729734d
d562869196fe45ede7cf9d7b83643c020eae68b2
052ed0f05af6fa66b55a1e883536b6fc2743d32d56aa4b7c58f0b8202b67ee9b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5588
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:58 GMT
Last-Modified: Sat, 04 Feb 2023 17:40:50 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 313

id5-sync.com/api/config/prebid

162.19.138.117

200

134 B

URL HTTP/1.1
id5-sync.com/api/config/prebid
IP
162.19.138.117:0
ASN
#16276 OVH SAS

File type
JSON data\012- , ASCII text, with no line terminators
Size
134 B (134 bytes)
Hash
99be75395b3c89cdd6781761e5a85ad2
225a8b587c3545be2581aa9ac2b630b51679d7be
559ffc5fa5eadd77f8bfaaeb793648763e312a17391d8e6bbb7d8d3dec2147e1

HTTP Headers

POST /api/config/prebid HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 95
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Sat, 04 Feb 2023 19:13:58 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload

mpraven.org/api/getslugv3?partner_apikey=fc637ad2fa123a2358df5768a2427c14&bl=0&raw=Discover%20new%20possibilities%20for%20%3Cspan%3E%20%242.70%2F5%20days%3C%2Fspan%3E&sourceURL=https%3A%2F%2Floader.oxy.st%2Fget%2Fbc5a7f0625263b51a5a340349de27386%2Fbest_cfg.pdr&sourceName=best%20cfg.pdr&sourceIntro=&sourceNote=&priority=source&tag=&rnd=831d4510f13db3dccf906a0c86f61ea0&d=0&utm_content=&err=0&b=1&rfr=https%3A%2F%2Foxy.st%2Fd%2FKJtg

88.208.5.115

200 OK

25 B

URL HTTP/1.1
mpraven.org/api/getslugv3?partner_apikey=fc637ad2fa123a2358df5768a2427c14&bl=0&raw=Discover%20new%20possibilities%20for%20%3Cspan%3E%20%242.70%2F5%20days%3C%2Fspan%3E&sourceURL=https%3A%2F%2Floader.oxy.st%2Fget%2Fbc5a7f0625263b51a5a340349de27386%2Fbest_cfg.pdr&sourceName=best%20cfg.pdr&sourceIntro=&sourceNote=&priority=source&tag=&rnd=831d4510f13db3dccf906a0c86f61ea0&d=0&utm_content=&err=0&b=1&rfr=https%3A%2F%2Foxy.st%2Fd%2FKJtg
IP
88.208.5.115:0
ASN
#39572 DataWeb Global Group B.V.

File type
data
Size
25 B (25 bytes)
Hash
363f411ba212d4d1ccf7856f856145e9
08331057577f273187dd15e7c6f57937835e0aff
c50b40612adfdbf2e228758746fc7927cf440cb9bb5a8280c00d7946632a1943

HTTP Headers

GET /api/getslugv3?partner_apikey=fc637ad2fa123a2358df5768a2427c14&bl=0&raw=Discover%20new%20possibilities%20for%20%3Cspan%3E%20%242.70%2F5%20days%3C%2Fspan%3E&sourceURL=https%3A%2F%2Floader.oxy.st%2Fget%2Fbc5a7f0625263b51a5a340349de27386%2Fbest_cfg.pdr&sourceName=best%20cfg.pdr&sourceIntro=&sourceNote=&priority=source&tag=&rnd=831d4510f13db3dccf906a0c86f61ea0&d=0&utm_content=&err=0&b=1&rfr=https%3A%2F%2Foxy.st%2Fd%2FKJtg HTTP/1.1
Host: mpraven.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 19:13:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-SF: isNotBinary
X-Slug: no found
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Content-Encoding: gzip

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
9b065dd10769b4123608f9a5e4605f6a
99ed1febf2e2e6e51fe64dc9ff0e84bb494a2369
78b576dd0b15b786715efdd4a5d204643f51e27e72593679775be417a3ccfa53

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 19:13:59 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 02 Feb 2023 19:14:54 GMT
Expires: Thu, 09 Feb 2023 19:14:53 GMT
Etag: "99ed1febf2e2e6e51fe64dc9ff0e84bb494a2369"
Cache-Control: max-age=431453,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7945ba07bd280afa-OSL

s.cpx.to/fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FKJtg&hn_ver=40&fid=a878dba8-cb8f-42b1-8257-2ecd836d0671

52.212.11.14

200 OK

652 B

URL HTTP/1.1
s.cpx.to/fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FKJtg&hn_ver=40&fid=a878dba8-cb8f-42b1-8257-2ecd836d0671
IP
52.212.11.14:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (652), with no line terminators
Size
652 B (652 bytes)
Hash
3dcba1b855d1207cfda1182e4b2aa440
415dfd350bad522dc0329393b3a48e3babe9ad34
729268631c5929505a046b562e0dd31aa75f827975118537cb0d1ece2a1406b0

HTTP Headers

GET /fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FKJtg&hn_ver=40&fid=a878dba8-cb8f-42b1-8257-2ecd836d0671 HTTP/1.1
Host: s.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 19:13:59 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 652
Connection: keep-alive
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: none
cache-control: no-store, must-revalidate, private, max-age=0
pragma: no-cache
p3p: CP="NOI DEV ADM"
expires: Mon, 30 Jan 2023 15:31:44 UTC
set-cookie: cpSess=c08c3544d1637fa; Expires=Sun, 04 Feb 2024 19:13:59 GMT; Domain=.cpx.to; Path=/; Secure; HttpOnly; SameSite=None

push.services.mozilla.com/

35.81.157.247

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.81.157.247:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: /tA75LhcbEz2OgTD//8zbw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Fyv2pTmTOUSKU8mmwPZVhL3H3to=

ads.adlook.me/vast?id=5344&w=1268&h=713&mult=1&rw=0&ref=&loc=https%3A%2F%2Foxy.st%2Fd%2FKJtg&top=&_ts=1675538075885

5.200.50.170

200 OK

2 B

URL HTTP/2
ads.adlook.me/vast?id=5344&w=1268&h=713&mult=1&rw=0&ref=&loc=https%3A%2F%2Foxy.st%2Fd%2FKJtg&top=&_ts=1675538075885
IP
5.200.50.170:0
ASN
#48096 Enterprise Cloud Ltd.

File type
JSON data\012- , ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

HTTP Headers

GET /vast?id=5344&w=1268&h=713&mult=1&rw=0&ref=&loc=https%3A%2F%2Foxy.st%2Fd%2FKJtg&top=&_ts=1675538075885 HTTP/1.1
Host: ads.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/json
server: Microsoft-IIS/10.0
set-cookie: adlm_userId=c5b4cb91c1344481850376f72190f0a8; expires=Sat, 03 Feb 2024 21:00:00 GMT; path=/; SameSite=None; secure; samesite=lax
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
date: Sat, 04 Feb 2023 19:13:59 GMT
content-length: 2
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1e920c15af4b35a551102970ec680da2
cf3b341dc52dd33ae5b8e37fb4c132365406f6f5
49de655cc7725f7146a8c35d40ded6d0784ca326c5ccee34672ed2383658ce74

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "49DE655CC7725F7146A8C35D40DED6D0784CA326C5CCEE34672ED2383658CE74"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16315
Expires: Sat, 04 Feb 2023 23:45:54 GMT
Date: Sat, 04 Feb 2023 19:13:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
33df1b5ff9a28d873b66a3748eaf1144
841b800ef212c76ec1996777d992d4fed483aad7
f46fefd0068ec29923011a78094cb69879e38ef1dc6ba4d9c5cfa7462857cddd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F46FEFD0068EC29923011A78094CB69879E38EF1DC6BA4D9C5CFA7462857CDDD"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4486
Expires: Sat, 04 Feb 2023 20:28:45 GMT
Date: Sat, 04 Feb 2023 19:13:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bb0e1ff82ab6199f715e00974b7f6957
74edba6943c202d060b471c30a3c626542bfac84
d982aa0ae1b32ffba27f789ad265b594dfef0bc4c55a0d0489d38b0827e6a7e2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D982AA0AE1B32FFBA27F789AD265B594DFEF0BC4C55A0D0489D38B0827E6A7E2"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2443
Expires: Sat, 04 Feb 2023 19:54:42 GMT
Date: Sat, 04 Feb 2023 19:13:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
84917bf328ca8aa9b9bc8257ede4f634
80046875c806a28c50fe6f2d26f78effbc125f92
c6b15db06b947f77f052fa752c284ca6615e94f2e0e10363e5fbda1772d1c696

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B15DB06B947F77F052FA752C284CA6615E94F2E0E10363E5FBDA1772D1C696"
Last-Modified: Thu, 02 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15144
Expires: Sat, 04 Feb 2023 23:26:23 GMT
Date: Sat, 04 Feb 2023 19:13:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
89cb314fd96ee7eecd69c34d471055fe
0773c53bc7741323d666d69b39a73ec53167ed17
0e0811aec04223315893249a43c4a8b5140c5031651263a427c9885215e4719e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E0811AEC04223315893249A43C4A8B5140C5031651263A427C9885215E4719E"
Last-Modified: Sat, 04 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12585
Expires: Sat, 04 Feb 2023 22:43:44 GMT
Date: Sat, 04 Feb 2023 19:13:59 GMT
Connection: keep-alive

lb.eu-1-id5-sync.com/lb/v1

162.19.138.82

200

33 B

URL HTTP/1.1
lb.eu-1-id5-sync.com/lb/v1
IP
162.19.138.82:0
ASN
#16276 OVH SAS

File type
JSON data\012- , ASCII text, with no line terminators
Size
33 B (33 bytes)
Hash
e4673bb135aafd470d7ffbcbd5fa1618
ca8c2eb801493200b11f8b6be054d2e0ff1040a1
02e0c39ac870f5e016c5fa5fd69627315417d4a91987013d6deb78ae88085755

HTTP Headers

GET /lb/v1 HTTP/1.1
Host: lb.eu-1-id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://oxy.st
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Sat, 04 Feb 2023 19:13:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
2521dc6dc015025c26c7a1b08b3060a1
f5c7abc50c9229a4b198a5c0d5f6dfa8ac528b9f
6671bc387c8011ec55a9d023502189b997adeb18fc2f199747dec7d688f85bd3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4034
Cache-Control: max-age=156589
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:59 GMT
Etag: "63de5f62-139"
Expires: Mon, 06 Feb 2023 14:43:48 GMT
Last-Modified: Sat, 04 Feb 2023 13:36:34 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 313

my.rtmark.net/gid.js?userId=fd535c686ba5466887ece0106c23b628

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js?userId=fd535c686ba5466887ece0106c23b628
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
0495ece893468bc39f8d0352e41364de
41f4b0732e998fb332f6bad8d382f9b8634b447a
ebf3791a002b7517798ce3fce671f75a7d2828d9fb7b260cda3b082aae8b65cd

HTTP Headers

GET /gid.js?userId=fd535c686ba5466887ece0106c23b628 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:59 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=fd535c686ba5466887ece0106c23b628; expires=Sun, 04 Feb 2024 19:13:59 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

dnacdn.net/dna

178.250.2.146

200 OK

0 B

URL HTTP/2
dnacdn.net/dna
IP
178.250.2.146:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:59 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=KZZcJl80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3g1RWlJZFd2MU8lMkYxJTJGeFZIeGF1U1BrVCUyRk9IakJrc0pNbiUyQjQzakNzMXFDdQ; expires=Thu, 29 Feb 2024 19:13:59 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 278949
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

ibrapush.com/zone?pub=0&zone_id=5630104&is_mobile=false&domain=oxy.st&var=&ymid=&var_3=

139.45.197.250

200 OK

705 B

URL HTTP/2
ibrapush.com/zone?pub=0&zone_id=5630104&is_mobile=false&domain=oxy.st&var=&ymid=&var_3=
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with very long lines (704)
Size
705 B (705 bytes)
Hash
53fd4fda83983a95b2ce314003de8718
f748134fb9af3caa678b515e2cbc82eff9881bc4
fd13354afb4688df091fa2c30a00d1ec42fb3f9fbadfebcf926f4e5581238def

HTTP Headers

GET /zone?pub=0&zone_id=5630104&is_mobile=false&domain=oxy.st&var=&ymid=&var_3= HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:59 GMT
content-type: application/json; charset=utf-8
content-length: 705
x-trace-id: 20277562f505137db0412638817c1746
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

id5-sync.com/g/v2/12.json

162.19.138.117

200

216 B

URL HTTP/1.1
id5-sync.com/g/v2/12.json
IP
162.19.138.117:0
ASN
#16276 OVH SAS

File type
JSON data\012- , ASCII text, with no line terminators
Size
216 B (216 bytes)
Hash
3e5ef405f10b8c26a6eaa40ba74a6a6a
a9723f25108f0f8d66100bfee730b6020ceb3152
b73c6b338c44e3020115b53c5acaf39747fae713241589e2a420cbb967eaa1ed

HTTP Headers

POST /g/v2/12.json HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 225
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Sat, 04 Feb 2023 19:13:58 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b24be7158ed895f58053d0383957b5db
e5e458f8ed3fbea3b739439f8bbc6f9e137755ab
13e27a7246e8e8f5c67f505b4e80ce71120ca4dfbcaa234f276b23233705a670

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "13E27A7246E8E8F5C67F505B4E80CE71120CA4DFBCAA234F276B23233705A670"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11282
Expires: Sat, 04 Feb 2023 22:22:01 GMT
Date: Sat, 04 Feb 2023 19:13:59 GMT
Connection: keep-alive

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
761c70aea865f27c277a60a7aa196529
a55e89e7211c22ccbe79c3fbb490ccfc60e81b66
54fcff75930ad3a9bc7b3a74630bd63ebabcaaffd767dcd6beaf7f3160f11c8f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 19:13:59 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 15:49:36 GMT
Expires: Wed, 08 Feb 2023 15:49:35 GMT
Etag: "a55e89e7211c22ccbe79c3fbb490ccfc60e81b66"
Cache-Control: max-age=332735,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7945ba0b48ad0afa-OSL

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f

139.45.195.254

200 OK

12 B

URL HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
139.45.195.254:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1165
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 04 Feb 2023 19:14:03 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://oxy.st
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

nanouwho.com/9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=fd535c686ba5466887ece0106c23b628

139.45.197.242

204 No Content

0 B

URL HTTP/2
nanouwho.com/9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=fd535c686ba5466887ece0106c23b628
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

OPTIONS /9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=fd535c686ba5466887ece0106c23b628 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sat, 04 Feb 2023 19:13:59 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

ibrapush.com/custom

139.45.197.250

200 OK

0 B

URL HTTP/2
ibrapush.com/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:59 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

betotodilea.com/500/5630102?excludes=&oaid=fd535c686ba5466887ece0106c23b628&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/500/5630102?excludes=&oaid=fd535c686ba5466887ece0106c23b628&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

OPTIONS /500/5630102?excludes=&oaid=fd535c686ba5466887ece0106c23b628&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:59 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://oxy.st
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

ibrapush.com/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
ibrapush.com/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Content-Type: application/json
Origin: https://oxy.st
Content-Length: 355
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:59 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 1bd0a30603df6b1703d8eab55682a913
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js

143.204.42.129

200 OK

26 kB

URL HTTP/1.1
d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js
IP
143.204.42.129:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (16085)
Size
26 kB (25704 bytes)
Hash
8703fc9eead243fe2f47380e962d7fa2
3d9f707259112fa9ccdd1e676f00eadcff71906c
b47b4ca26c57e3dceebd7abd067df9622599bed6bfb11b480f92d09a945cd213

HTTP Headers

GET /a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js HTTP/1.1
Host: d2zur9cc2gf1tx.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 25704
Connection: keep-alive
Accept-Ranges: bytes
Last-Modified: Mon, 18 Feb 2019 16:54:28 GMT
Server: Apache
Date: Sat, 04 Feb 2023 07:43:44 GMT
X-Cache: Hit from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 02KKzyYWdFkc7pGXFk4EfeoeILDO-aj0_7j4k3P0CnUrU5ElSZvvpA==
Age: 41421

oxy.st/slake/asset/img/favicon/apple-touch-icon.png

185.178.208.137

200 OK

2.0 kB

URL HTTP/2
oxy.st/slake/asset/img/favicon/apple-touch-icon.png
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
2.0 kB (1994 bytes)
Hash
05807c4aceabfb49ab9d66e54618ff53
fddb5a3eb50d1a255989f72f91911dc21e2d5d9b
725d652f8c9ad3d148a0528878b51e2e250d228ab6eaf39111d0664abad359b3

HTTP Headers

GET /slake/asset/img/favicon/apple-touch-icon.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/KJtg
Cookie: __ddg1_=UrgrRfWOyMYkjQaZWI1X; PHPSESSID=56gr9ed0t17hqg44tbihk05qi6; _pbjs_userid_consent_data=3524755945110770; sharedid=65988b35-4625-4ab1-a0c9-a64aea79a2f0; cto_bundle=Hn_IzV9wJTJCR2VMWVd5aWZxdDBGMGxJb0c2aGhlUDJVRG1jUzZZMnI0N2ZuTUZTaUx2JTJCZTAzZXlxQkNGMjRmZ3pCdSUyRmRuUFNtelVMJTJGa1FvNmZpcVVMeHFwenRuTW1mRSUyQjBhOThESUM2WDVLUkhpbHclM0Q; cto_bidid=1Pzxnl9ncE5ZJTJCcW9qdHRBMGxuRjdHZFl6a3hMNXRnYjdMbEd2S3ZxUTNrOEh0elBzTCUyRkF0bDN6aUhEJTJGNGhaaEszb1hpZ1BiQmElMkZyYXB0WXUlMkJYZEZ4TmMxYUElM0QlM0Q; prefetchAd_5630105=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 25 Aug 2022 10:29:17 GMT
content-type: image/png
content-length: 1994
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
etag: "5eefbeb2-7ca"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 14114682
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

id5-sync.com/i/12/9.gif?gdpr=&gdpr_consent=

162.19.138.117

200

43 B

URL HTTP/1.1
id5-sync.com/i/12/9.gif?gdpr=&gdpr_consent=
IP
162.19.138.117:0
ASN
#16276 OVH SAS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
07fff40b5dd495aca2ac4e1c3fbc60aa
e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

HTTP Headers

GET /i/12/9.gif?gdpr=&gdpr_consent= HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: cf=; Max-Age=300; Expires=Sat, 04-Feb-2023 19:18:59 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cip=; Max-Age=300; Expires=Sat, 04-Feb-2023 19:18:59 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cnac=; Max-Age=300; Expires=Sat, 04-Feb-2023 19:18:59 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
car=; Max-Age=300; Expires=Sat, 04-Feb-2023 19:18:59 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
gdpr=; Max-Age=300; Expires=Sat, 04-Feb-2023 19:18:59 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
callback=; Max-Age=300; Expires=Sat, 04-Feb-2023 19:18:59 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
content-type: image/gif;charset=UTF-8
transfer-encoding: chunked
date: Sat, 04 Feb 2023 19:13:59 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload

oxy.st/images/icon.png

185.178.208.137

200 OK

7.5 kB

URL HTTP/2
oxy.st/images/icon.png
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
7.5 kB (7531 bytes)
Hash
b63d70eb8c5d379fa68fe0f63e8c4255
232de1f52e52611ae67aab8ebaa143946154a233
100c7773d318b841267dc4ac654366ac19ba903e6cd6551777268f6eb4ed86cd

HTTP Headers

GET /images/icon.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/KJtg
Cookie: __ddg1_=UrgrRfWOyMYkjQaZWI1X; PHPSESSID=56gr9ed0t17hqg44tbihk05qi6; _pbjs_userid_consent_data=3524755945110770; sharedid=65988b35-4625-4ab1-a0c9-a64aea79a2f0; cto_bundle=Hn_IzV9wJTJCR2VMWVd5aWZxdDBGMGxJb0c2aGhlUDJVRG1jUzZZMnI0N2ZuTUZTaUx2JTJCZTAzZXlxQkNGMjRmZ3pCdSUyRmRuUFNtelVMJTJGa1FvNmZpcVVMeHFwenRuTW1mRSUyQjBhOThESUM2WDVLUkhpbHclM0Q; cto_bidid=1Pzxnl9ncE5ZJTJCcW9qdHRBMGxuRjdHZFl6a3hMNXRnYjdMbEd2S3ZxUTNrOEh0elBzTCUyRkF0bDN6aUhEJTJGNGhaaEszb1hpZ1BiQmElMkZyYXB0WXUlMkJYZEZ4TmMxYUElM0QlM0Q; prefetchAd_5630105=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 31 Jan 2023 20:46:30 GMT
content-type: image/png
content-length: 7531
last-modified: Sun, 21 Jun 2020 20:10:25 GMT
etag: "5eefbeb1-1d6b"
access-control-allow-origin: *
accept-ranges: bytes
age: 340049
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

ced.sascdn.com/tag/1097/smart.js

95.101.10.83

200 OK

33 kB

URL HTTP/1.1
ced.sascdn.com/tag/1097/smart.js
IP
95.101.10.83:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
33 kB (32964 bytes)
Hash
ab5d7bcba6f9bbe86e71d3f75061efc8
bf137eb7dc8285e29d986f6b8f3272f6f979bc0e
a973cdadddcd9ba18f6e262f602d39e091090e4a94ac036b3fc4f7428e5b84e6

HTTP Headers

GET /tag/1097/smart.js HTTP/1.1
Host: ced.sascdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 32964
Cache-Control: public, max-age=7200
Expires: Sat, 04 Feb 2023 21:13:59 GMT
Date: Sat, 04 Feb 2023 19:13:59 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e979cb943a245cc0be69046eacd6b3cd
dc40d8c60992c3b51288fdfddd00aeba83051359
c0d3aff5a18068419c3cdbff5a86b5c4a2131bee7f10d09b319f32f5c746de03

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4433
Cache-Control: max-age=86809
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:59 GMT
Etag: "63dd4d3f-1d7"
Expires: Sun, 05 Feb 2023 19:20:48 GMT
Last-Modified: Fri, 03 Feb 2023 18:06:55 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
42f7bb86070a306c0902a2947bfd5db1
679751d86f7520d1e5e30b5bc050015450de75a7
ebccfef4e98d659e8e275dd6b2797b1154e42572695aefc916825bc0819e96dd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
42f7bb86070a306c0902a2947bfd5db1
679751d86f7520d1e5e30b5bc050015450de75a7
ebccfef4e98d659e8e275dd6b2797b1154e42572695aefc916825bc0819e96dd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp2.globalsign.com/gsalphasha2g2

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsalphasha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1423 bytes)
Hash
e279a2208529a789e4e4648d6383dc87
e42a53e35051998b1db4f88eb34ceee794dd9250
7d2bb38fe3dc6fa357665973dd1e2f84249e35e0e2c14478b5bb238fecdb28f2

HTTP Headers

POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 19:13:59 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Wed, 08 Feb 2023 17:15:32 GMT
ETag: "e42a53e35051998b1db4f88eb34ceee794dd9250"
Last-Modified: Sat, 04 Feb 2023 17:15:33 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1026
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7945ba0d482a0b31-OSL

gum.criteo.com/sync?c=147&r=2&j=criteoCallback

178.250.0.157

200 OK

0 B

URL HTTP/2
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-crto-bundle
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:59 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-headers: X-CRTO-SID, X-CRTO-IDCPY, X-CRTO-OPTOUT, X-CRTO-BUNDLE
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 526065
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

ocsp.globalsign.com/gsgccr3dvtlsca2020

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsgccr3dvtlsca2020
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1414 bytes)
Hash
781eb0a2732b26c8081539c32a1271eb
e5949ef6bd4c4592abb938c71abe9e0e45604f03
2d9b5915c541b4d244e6150a0f79e063c137866d175f99362960736b2d647d45

HTTP Headers

POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 19:13:59 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Wed, 08 Feb 2023 16:08:36 GMT
ETag: "e5949ef6bd4c4592abb938c71abe9e0e45604f03"
Last-Modified: Sat, 04 Feb 2023 16:08:37 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3219
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7945ba0d7b1e1bfe-OSL

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
27ce914bad3a60d980c23e19ae639690
270acbd8d798698216b3c48f0e09e0a2d8576836
d5ebe8ba92a47d866879d7a7ab736b586ff458f57e81552255eb423d2eb6719a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3196
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:59 GMT
Last-Modified: Sat, 04 Feb 2023 18:20:43 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=a878dba8-cb8f-42b1-8257-2ecd836d0671

142.250.74.162

302 Found

341 B

URL HTTP/2
cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=a878dba8-cb8f-42b1-8257-2ecd836d0671
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
341 B (341 bytes)
Hash
6601ec51f1de2747776226c5213927b0
b2bd530a5f4d6f9e5a54af38e723c95049a784b0
8d176d00a775dcd87c639e6db07a6269eff085d9feded8efded66b2721f1db4b

HTTP Headers

GET /pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=a878dba8-cb8f-42b1-8257-2ecd836d0671 HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&fid=a878dba8-cb8f-42b1-8257-2ecd836d0671&google_tc=
date: Sat, 04 Feb 2023 19:13:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 341
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 04-Feb-2023 19:28:59 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=c96cad81-c99e-42a7-67eb-aff534b59905&reqId=5c3025fa-6f8d-41a9-7b2d-4317043422f8&zdid=1258

142.250.74.162

302 Found

447 B

URL HTTP/2
cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=c96cad81-c99e-42a7-67eb-aff534b59905&reqId=5c3025fa-6f8d-41a9-7b2d-4317043422f8&zdid=1258
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
447 B (447 bytes)
Hash
a32579bf328aaf8194ed7695293ede1a
b0b6e165e97294cdd0726820f0a4c8f2a0eeec89
e825fde3c4d7c1118f40d36e4be4e2f7c6cb77c448308881b71f3d37dfa8251f

HTTP Headers

GET /pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=c96cad81-c99e-42a7-67eb-aff534b59905&reqId=5c3025fa-6f8d-41a9-7b2d-4317043422f8&zdid=1258 HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=c96cad81-c99e-42a7-67eb-aff534b59905&reqId=5c3025fa-6f8d-41a9-7b2d-4317043422f8&zdid=1258&google_tc=
date: Sat, 04 Feb 2023 19:13:59 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 447
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 04-Feb-2023 19:28:59 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

counter.yadro.ru/hit?t52.6;r;s1280*1024*24;uhttps%3A//oxy.st/d/KJtg;hDownload%20file%20best%20cfg.pdr%20on%20Oxy.Cloud;0.8674457372999789

88.212.202.52

200 OK

423 B

URL HTTP/1.1
counter.yadro.ru/hit?t52.6;r;s1280*1024*24;uhttps%3A//oxy.st/d/KJtg;hDownload%20file%20best%20cfg.pdr%20on%20Oxy.Cloud;0.8674457372999789
IP
88.212.202.52:0
ASN
#39134 United Network LLC

File type
GIF image data, version 87a, 88 x 31\012- data
Size
423 B (423 bytes)
Hash
c611b1d80c326f415667f0d9a668e61c
7e0d25abaebfd3dcc498fa0206da66e0c62a048d
5902af7e739ca88a464fba405bdb881d31c3374a3c09e0b8dd756ed0ebfadb0a

HTTP Headers

GET /hit?t52.6;r;s1280*1024*24;uhttps%3A//oxy.st/d/KJtg;hDownload%20file%20best%20cfg.pdr%20on%20Oxy.Cloud;0.8674457372999789 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 04 Feb 2023 19:13:59 GMT
Content-Type: image/gif
Content-Length: 423
Connection: keep-alive
Expires: Thu, 03 Feb 2022 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400

nanouwho.com/11?rnd=4016260122&z=5630103&b=16336478&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=7L9Kf5k_eGAU-ICCaPePb3cAHX1v9C6uGHaxyqR6jFHhBGFtqwcnerOzODeLRIOHyJibkwod1vajUDDUhVmzLKSFSc262rbAVzUjqktI8nFpaNPTLtLg6OkvqgkV2x0VPgzzx3zRKG8iBK8m8oIsf9CCuwn0RN3RcFUXaERQu6mW1q1D-mbycDiugyy3P02mNB39OhgXPE5m6CXoyFIaPyHFgZiRzgDjxz3izN0Yv84MAtXf6N-3WL5VsCzhp0iCzA9vl7X1RjCeUX3j-mPkVYxa2jn8vocLolEJrx19itAp60D4GpQZP9FYfXy0ldHTTCZ_voXsBpo0ciz3ryBYFXWdlrk7QdvZcw2BQTOOGN7ISHuShexOZmJiPHhk6fqXie4XNXgg1buusKzj8_wf7jL3JPW0255IR_JGCRb4_wi90UVLj2JWe_NQlyQTRo8MywJGEQSplA1w0d9qZQuKZkUnGcpiPPmK1WnKP86-y8u-h0JkT81yZOmzqW0kK9Fn3SI6vmTxGw-Nh7pK5WL8cd_AIICPhfqXWk55AegjufRfsJikzC0W0J0YcL3PSUmgV2t56piO0mbdpQZx6SmISFhwwUjwYQBZh-roqG3Ft7fUFqkGZE_4pY1fnFj-KzR1qKbVBlvOZPeyeldnmpBmV2NDV-juN7La3hjcEtLFACnoX6nkjuiPjLaxcxNNJsZwSZHyL4JsiG8UrMa7nq2UQbseRE96JV-bZv8NOtZqaMVLm8DY&ruid=56234cf8-9a2a-40e4-9b28-d36e33d40786&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=214

139.45.197.242

200 OK

0 B

URL HTTP/2
nanouwho.com/11?rnd=4016260122&z=5630103&b=16336478&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=7L9Kf5k_eGAU-ICCaPePb3cAHX1v9C6uGHaxyqR6jFHhBGFtqwcnerOzODeLRIOHyJibkwod1vajUDDUhVmzLKSFSc262rbAVzUjqktI8nFpaNPTLtLg6OkvqgkV2x0VPgzzx3zRKG8iBK8m8oIsf9CCuwn0RN3RcFUXaERQu6mW1q1D-mbycDiugyy3P02mNB39OhgXPE5m6CXoyFIaPyHFgZiRzgDjxz3izN0Yv84MAtXf6N-3WL5VsCzhp0iCzA9vl7X1RjCeUX3j-mPkVYxa2jn8vocLolEJrx19itAp60D4GpQZP9FYfXy0ldHTTCZ_voXsBpo0ciz3ryBYFXWdlrk7QdvZcw2BQTOOGN7ISHuShexOZmJiPHhk6fqXie4XNXgg1buusKzj8_wf7jL3JPW0255IR_JGCRb4_wi90UVLj2JWe_NQlyQTRo8MywJGEQSplA1w0d9qZQuKZkUnGcpiPPmK1WnKP86-y8u-h0JkT81yZOmzqW0kK9Fn3SI6vmTxGw-Nh7pK5WL8cd_AIICPhfqXWk55AegjufRfsJikzC0W0J0YcL3PSUmgV2t56piO0mbdpQZx6SmISFhwwUjwYQBZh-roqG3Ft7fUFqkGZE_4pY1fnFj-KzR1qKbVBlvOZPeyeldnmpBmV2NDV-juN7La3hjcEtLFACnoX6nkjuiPjLaxcxNNJsZwSZHyL4JsiG8UrMa7nq2UQbseRE96JV-bZv8NOtZqaMVLm8DY&ruid=56234cf8-9a2a-40e4-9b28-d36e33d40786&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=214
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /11?rnd=4016260122&z=5630103&b=16336478&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=7L9Kf5k_eGAU-ICCaPePb3cAHX1v9C6uGHaxyqR6jFHhBGFtqwcnerOzODeLRIOHyJibkwod1vajUDDUhVmzLKSFSc262rbAVzUjqktI8nFpaNPTLtLg6OkvqgkV2x0VPgzzx3zRKG8iBK8m8oIsf9CCuwn0RN3RcFUXaERQu6mW1q1D-mbycDiugyy3P02mNB39OhgXPE5m6CXoyFIaPyHFgZiRzgDjxz3izN0Yv84MAtXf6N-3WL5VsCzhp0iCzA9vl7X1RjCeUX3j-mPkVYxa2jn8vocLolEJrx19itAp60D4GpQZP9FYfXy0ldHTTCZ_voXsBpo0ciz3ryBYFXWdlrk7QdvZcw2BQTOOGN7ISHuShexOZmJiPHhk6fqXie4XNXgg1buusKzj8_wf7jL3JPW0255IR_JGCRb4_wi90UVLj2JWe_NQlyQTRo8MywJGEQSplA1w0d9qZQuKZkUnGcpiPPmK1WnKP86-y8u-h0JkT81yZOmzqW0kK9Fn3SI6vmTxGw-Nh7pK5WL8cd_AIICPhfqXWk55AegjufRfsJikzC0W0J0YcL3PSUmgV2t56piO0mbdpQZx6SmISFhwwUjwYQBZh-roqG3Ft7fUFqkGZE_4pY1fnFj-KzR1qKbVBlvOZPeyeldnmpBmV2NDV-juN7La3hjcEtLFACnoX6nkjuiPjLaxcxNNJsZwSZHyL4JsiG8UrMa7nq2UQbseRE96JV-bZv8NOtZqaMVLm8DY&ruid=56234cf8-9a2a-40e4-9b28-d36e33d40786&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=214 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: scm=1; OAID=fd535c686ba5466887ece0106c23b628; oaidts=1675538039
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:59 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 7785ec94aea0f90b4088d12743b8c783
access-control-expose-headers: X-Sc
set-cookie: OAID=fd535c686ba5466887ece0106c23b628; expires=Sun, 04 Feb 2024 19:13:59 GMT; secure; SameSite=None
oaidts=1675538039; expires=Sun, 04 Feb 2024 19:13:59 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12771%26ref%3D%26url%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKJtg%26hn_ver%3D40%26fid%3Da878dba8-cb8f-42b1-8257-2ecd836d0671

185.89.211.132

307 Redirection

0 B

URL HTTP/1.1
secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12771%26ref%3D%26url%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKJtg%26hn_ver%3D40%26fid%3Da878dba8-cb8f-42b1-8257-2ecd836d0671
IP
185.89.211.132:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12771%26ref%3D%26url%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKJtg%26hn_ver%3D40%26fid%3Da878dba8-cb8f-42b1-8257-2ecd836d0671 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Sat, 04 Feb 2023 19:13:59 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FKJtg%2526hn_ver%253D40%2526fid%253Da878dba8-cb8f-42b1-8257-2ecd836d0671
AN-X-Request-Uuid: e735df0f-0274-48d5-a4d9-738d27e445ea
Set-Cookie: uuid2=6562878678037955452; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 05-May-2023 19:13:59 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 961.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com

ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js

142.250.74.42

200 OK

30 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js
IP
142.250.74.42:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (32034)
Size
30 kB (30186 bytes)
Hash
c54aac7ef64c39b4f384e0d5771d3b46
d3e059104378a3844862a5ed12a13f5d423e86b6
3e1b5002dd64d185f806edeefd333348f423584d876cfc966b5c13884c8fe3da

HTTP Headers

GET /ajax/libs/jquery/3.0.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30186
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 20:58:10 GMT
expires: Thu, 01 Feb 2024 20:58:10 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 252949
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1

15.197.193.217

200 OK

70 B

URL HTTP/2
match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1
IP
15.197.193.217:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
70 B (70 bytes)
Hash
58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

HTTP Headers

GET /track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:59 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2

lg3.media.net/bping.php?vgd_len=485&&vgd_cdv=867&vgd_cage=1&gdpr=1&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1675538039389599864&ugd=4&lf=6&cc=NO&lper=100&wsip=170785079&r=1675538076792&requrl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=50304&vgd_rakh=1675538039122594840&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p11460576177t202302041914&vgd_pgids=1&vgd_uspa=0&hvsid=00001675538076786015326356482717&gdpr=1&vgd_l2type=scs_newfl&vgd_end=1

2.18.172.23

200 OK

35 B

URL HTTP/2
lg3.media.net/bping.php?vgd_len=485&&vgd_cdv=867&vgd_cage=1&gdpr=1&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1675538039389599864&ugd=4&lf=6&cc=NO&lper=100&wsip=170785079&r=1675538076792&requrl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=50304&vgd_rakh=1675538039122594840&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p11460576177t202302041914&vgd_pgids=1&vgd_uspa=0&hvsid=00001675538076786015326356482717&gdpr=1&vgd_l2type=scs_newfl&vgd_end=1
IP
2.18.172.23:0
ASN
#16625 AKAMAI-AS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
349909ce1e0bc971d452284590236b09
adfc01f8a9de68b9b27e6f98a68737c162167066
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

HTTP Headers

GET /bping.php?vgd_len=485&&vgd_cdv=867&vgd_cage=1&gdpr=1&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1675538039389599864&ugd=4&lf=6&cc=NO&lper=100&wsip=170785079&r=1675538076792&requrl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=50304&vgd_rakh=1675538039122594840&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p11460576177t202302041914&vgd_pgids=1&vgd_uspa=0&hvsid=00001675538076786015326356482717&gdpr=1&vgd_l2type=scs_newfl&vgd_end=1 HTTP/1.1
Host: lg3.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 35
content-type: image/gif
access-control-allow-origin: *
strict-transport-security: max-age=21600
expires: Sat, 04 Feb 2023 19:13:59 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 04 Feb 2023 19:13:59 GMT
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
5ac5aaa2dd1a2ab697244f3c0fe3b5b5
bb8a9aeb28cc645435760f3a9a57d85e295de419
d42327bb295e41a2b04efa1c2ad6094a3480d0010de10bb32600f4d17fe9f0d4

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM

2.18.172.23

200 OK

5.7 kB

URL HTTP/2
contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM
IP
2.18.172.23:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (13426)
Size
5.7 kB (5745 bytes)
Hash
4271fa3bdb27cf1cd83811c48cb57d65
305177abadecfb775db0356412737456a6a4467c
c31575c819d9479e0fb32db57b279e96358f114edbba41e938b15e134a44d398

HTTP Headers

GET /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Mon, 06 Feb 2023 19:14:00 GMT
date: Sat, 04 Feb 2023 19:14:00 GMT
content-length: 5745
X-Firefox-Spdy: h2

secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FKJtg%2526hn_ver%253D40%2526fid%253Da878dba8-cb8f-42b1-8257-2ecd836d0671

185.89.211.132

302 Found

0 B

URL HTTP/1.1
secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FKJtg%2526hn_ver%253D40%2526fid%253Da878dba8-cb8f-42b1-8257-2ecd836d0671
IP
185.89.211.132:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FKJtg%2526hn_ver%253D40%2526fid%253Da878dba8-cb8f-42b1-8257-2ecd836d0671 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Sat, 04 Feb 2023 19:14:00 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://s.cpx.to/an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FKJtg&hn_ver=40&fid=a878dba8-cb8f-42b1-8257-2ecd836d0671
AN-X-Request-Uuid: 91b00004-5e16-4d88-b7af-3df14ecf6a6b
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 961.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com

pixel.quantserve.com/pixel;r=2060418606;labels=Categories.technologyandcomputing;rf=0;a=p-6Fv0cGNfc_bw8;url=https%3A%2F%2Foxy.st%2Fd%2FKJtg;uht=2;fpan=1;fpa=P0-1768077423-1675538076850;pbc=;ns=0;ce=1;qjs=1;qv=bf501fc4-20230203135208;cm=;gdpr=0;ref=;d=oxy.st;dst=0;et=1675538076888;tzo=0;ogl=;ses=c8af0af5-ffa7-4cfd-af48-eacac22c01b0

91.228.74.166

200 OK

35 B

URL HTTP/2
pixel.quantserve.com/pixel;r=2060418606;labels=Categories.technologyandcomputing;rf=0;a=p-6Fv0cGNfc_bw8;url=https%3A%2F%2Foxy.st%2Fd%2FKJtg;uht=2;fpan=1;fpa=P0-1768077423-1675538076850;pbc=;ns=0;ce=1;qjs=1;qv=bf501fc4-20230203135208;cm=;gdpr=0;ref=;d=oxy.st;dst=0;et=1675538076888;tzo=0;ogl=;ses=c8af0af5-ffa7-4cfd-af48-eacac22c01b0
IP
91.228.74.166:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
55d25e9dc950d5db4d53a3b195c046c6
75e91ae3e549dab12ed1c9787ade9131aef1c981
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

HTTP Headers

GET /pixel;r=2060418606;labels=Categories.technologyandcomputing;rf=0;a=p-6Fv0cGNfc_bw8;url=https%3A%2F%2Foxy.st%2Fd%2FKJtg;uht=2;fpan=1;fpa=P0-1768077423-1675538076850;pbc=;ns=0;ce=1;qjs=1;qv=bf501fc4-20230203135208;cm=;gdpr=0;ref=;d=oxy.st;dst=0;et=1675538076888;tzo=0;ogl=;ses=c8af0af5-ffa7-4cfd-af48-eacac22c01b0 HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:14:00 GMT
content-type: image/gif
content-length: 35
cache-control: private, no-cache, no-store, proxy-revalidate
expires: Fri, 04 Aug 1978 12:00:00 GMT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
pragma: no-cache
set-cookie: mc=63deae78-0f44d-471a7-5dc48; expires=Wed, 06-Mar-2024 19:14:00 GMT; path=/; domain=.quantserve.com
X-Firefox-Spdy: h2

contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&nse=5&vi=1675538039389599864&ugd=4&sff=0&pgid=p11460576177t202302041914&nb=1

2.18.172.23

200 OK

329 B

URL HTTP/2
contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&nse=5&vi=1675538039389599864&ugd=4&sff=0&pgid=p11460576177t202302041914&nb=1
IP
2.18.172.23:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (550), with no line terminators
Size
329 B (329 bytes)
Hash
0767d5002cdc6f09d9fed1405d7f8151
d6ba97c58378f4517e7b20b28994b77b77e6d999
fcd138d13f565bf2637a27df3b8f8ecc3c72b60b613bd7ef04aee058e78d2364

HTTP Headers

GET /smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&nse=5&vi=1675538039389599864&ugd=4&sff=0&pgid=p11460576177t202302041914&nb=1 HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-encoding: gzip
content-type: text/javascript
x-sc-h: 22-2z62
expires: Sat, 04 Feb 2023 19:14:00 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 04 Feb 2023 19:14:00 GMT
content-length: 329
vary: Accept-Encoding
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

s.cpx.to/an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FKJtg&hn_ver=40&fid=a878dba8-cb8f-42b1-8257-2ecd836d0671

52.212.11.14

200 OK

95 B

URL HTTP/1.1
s.cpx.to/an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FKJtg&hn_ver=40&fid=a878dba8-cb8f-42b1-8257-2ecd836d0671
IP
52.212.11.14:0
ASN
#16509 AMAZON-02

File type
PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Size
95 B (95 bytes)
Hash
9606fa62df0ffe87253f3baf418f0e42
fe8520ab0bf1622350513d685ece5faf70b4e8c1
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

HTTP Headers

GET /an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FKJtg&hn_ver=40&fid=a878dba8-cb8f-42b1-8257-2ecd836d0671 HTTP/1.1
Host: s.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Cookie: cpSess=c08c3544d1637fa
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 19:14:00 GMT
Content-Type: image/png
Content-Length: 95
Connection: keep-alive
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: none
cache-control: no-store, must-revalidate, private, max-age=0
pragma: no-cache
set-cookie: cpSess=c08c3544d1637fa; Expires=Sun, 04 Feb 2024 19:14:00 GMT; Domain=.cpx.to; Path=/; Secure; HttpOnly; SameSite=None
p3p: CP="NOI DEV ADM"
expires: Sat, 04 Feb 2023 19:14:00 UTC

mwzeom.zeotap.com/mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=c96cad81-c99e-42a7-67eb-aff534b59905&reqId=5c3025fa-6f8d-41a9-7b2d-4317043422f8&zdid=1258&google_error=3

104.22.24.87

200 OK

95 B

URL HTTP/2
mwzeom.zeotap.com/mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=c96cad81-c99e-42a7-67eb-aff534b59905&reqId=5c3025fa-6f8d-41a9-7b2d-4317043422f8&zdid=1258&google_error=3
IP
104.22.24.87:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Size
95 B (95 bytes)
Hash
71a50dbba44c78128b221b7df7bb51f1
0ec63b140374ba704a58fa0c743cb357683313dd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

HTTP Headers

GET /mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=c96cad81-c99e-42a7-67eb-aff534b59905&reqId=5c3025fa-6f8d-41a9-7b2d-4317043422f8&zdid=1258&google_error=3 HTTP/1.1
Host: mwzeom.zeotap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Cookie: zc=c96cad81-c99e-42a7-67eb-aff534b59905; zsc=%1E2i%DD%9A%3A%93%F3%EDi%27%1F%B9%AF%0E%8D%DB%BBF%88%7B1_N%C4%86_I%A1%17%1Bso%D3U%ED%81e%15%B3%D2%CBu~%24w%F5%F8zq%B3%0F%17%FF%10%9B%13F%E1%5C%13%3D%84%9C%15%BEZ%2A-%04d.%CF%07h%C7Jv%12%A0%EC%C4%D5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:14:00 GMT
content-type: image/png
content-length: 95
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://oxy.st
set-cookie: zc=c96cad81-c99e-42a7-67eb-aff534b59905; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7945ba0e69ddb4ed-OSL
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb234c46f79a7eb51573ee1271230516
182ac648e6084c2d98d5c873c46e123ee312fe70
eba68a89f95251578ddad7b5ceba5853f84144a8382ce5c77d668b8f0d4817ab

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EBA68A89F95251578DDAD7B5CEBA5853F84144A8382CE5C77D668B8F0D4817AB"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12015
Expires: Sat, 04 Feb 2023 22:34:15 GMT
Date: Sat, 04 Feb 2023 19:14:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7810
Expires: Sat, 04 Feb 2023 21:24:10 GMT
Date: Sat, 04 Feb 2023 19:14:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7810
Expires: Sat, 04 Feb 2023 21:24:10 GMT
Date: Sat, 04 Feb 2023 19:14:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7810
Expires: Sat, 04 Feb 2023 21:24:10 GMT
Date: Sat, 04 Feb 2023 19:14:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7810
Expires: Sat, 04 Feb 2023 21:24:10 GMT
Date: Sat, 04 Feb 2023 19:14:00 GMT
Connection: keep-alive

s.cpx.to/ca.png?dsp=dbm&fid=a878dba8-cb8f-42b1-8257-2ecd836d0671&google_error=3

52.212.11.14

200 OK

95 B

URL HTTP/1.1
s.cpx.to/ca.png?dsp=dbm&fid=a878dba8-cb8f-42b1-8257-2ecd836d0671&google_error=3
IP
52.212.11.14:0
ASN
#16509 AMAZON-02

File type
PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Size
95 B (95 bytes)
Hash
9606fa62df0ffe87253f3baf418f0e42
fe8520ab0bf1622350513d685ece5faf70b4e8c1
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

HTTP Headers

GET /ca.png?dsp=dbm&fid=a878dba8-cb8f-42b1-8257-2ecd836d0671&google_error=3 HTTP/1.1
Host: s.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Cookie: cpSess=c08c3544d1637fa
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 19:14:00 GMT
Content-Type: image/png
Content-Length: 95
Connection: keep-alive
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: none
cache-control: no-store, must-revalidate, private, max-age=0
pragma: no-cache
set-cookie: cpSess=c08c3544d1637fa; Expires=Sun, 04 Feb 2024 19:14:00 GMT; Domain=.cpx.to; Path=/; Secure; HttpOnly; SameSite=None

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg

34.120.237.76

200 OK

8.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.2 kB (8211 bytes)
Hash
114e345e134986d7451148fcea31b29d
541e878afee68c8802bb52b0cbbe5a5a0a185392
5030244d4babd1023166f39c935029d789a91ba90aa3a44c6f4c88ddc947b678

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F524a46fd-88eb-4539-9d8b-1ac679ae5990.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8211
x-amzn-requestid: 6a1fd567-b34d-4787-aa05-5b7db3fc51c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fflRBHU4IAMFnsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d61c06-2d1ec3206d2ebeb4780a84b4;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 07:11:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lUloQ6xaRWpnvMRh7kFvFIWhFotmILLZHfD_YK01RmrQ2vmYKVh46w==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 03:08:59 GMT
age: 57901
etag: "541e878afee68c8802bb52b0cbbe5a5a0a185392"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5174 bytes)
Hash
e5b4e4f15da3323c73974c3f1cdb5d74
1f14971d0cf979cc34ff191849dc43d86e8ac463
5893d7e5b2fd9de92829b303c42d0c07ff32b3f6b8705b6f5b4a784315c8808e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5174
x-amzn-requestid: 35630c70-3bad-47b4-94bb-09c873632194
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EFAHIAMFQQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-317b1fbb3bee0f377697bf3d;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OD5cy75AkNMwTIvIool2nKbKgr5Jpo1Plm_X_YPr3rdPbg86_V2fdA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 75819
etag: "1f14971d0cf979cc34ff191849dc43d86e8ac463"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10253 bytes)
Hash
392b61306c346508d3ac4a2f28218f9c
d2de32b52e0d3f4fc6acaf687b3521294b01dc03
018712a4d6734b84ac1777124f97dae4d93b1e5b297a5dcfe0955b52710b8a35

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10253
x-amzn-requestid: a90cb6b3-8a72-4b4b-b4f5-6dafc8c6752a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7GGv5IAMFu8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-3ca59e7c52800a4e44bda8fd;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G8F3Fflod6HB4QFtjpD09xzi-2LKPw_DBJT0PKYKU3bs3pvOwO_LRw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:32 GMT
age: 75808
etag: "d2de32b52e0d3f4fc6acaf687b3521294b01dc03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8527 bytes)
Hash
6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: f95a2821-ae89-4ea9-93b2-43e570285df3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEC3FyboAMFe0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8078-7e2177f11d5715d4092cad2c;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dcFgY5x3Ef0J__7wGn3llTjZ9as5nX1H4HErIT3VlKfeQaQTjymW2g==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:33 GMT
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
age: 75807
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.3 kB (9349 bytes)
Hash
4b5c35cdff2fb0758db780212b0b1f77
edbb557a3bf57128467335685aebbd4831d802f8
e0fa59843073ba8bd171c66610bc1b3d59a1a94c4991e6023507b9453ca0edba

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9349
x-amzn-requestid: ecd1913d-7dbe-4ffd-ba85-0549aab51a06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyayOGPlIAMFQ7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dda4da-6a9b8d146155fa8b6c1c02d6;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 00:20:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jGBEz2d-SXXPBZhwlJgR4w248y-NY2c-18euLre5PULjWUIfhfUmNQ==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 00:20:43 GMT
etag: "edbb557a3bf57128467335685aebbd4831d802f8"
content-type: image/jpeg
age: 67997
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11565 bytes)
Hash
e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lsQxPtozrh2Ty1T-3d-1crDfi8HgVKRafOXb1UFl033bCx3kAzTS7w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:48:04 GMT
age: 77156
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

offerimage.com/www/images/1355aa125a385056845e0ee1d5384e9a.jpeg

104.22.32.172

200 OK

13 kB

URL HTTP/2
offerimage.com/www/images/1355aa125a385056845e0ee1d5384e9a.jpeg
IP
104.22.32.172:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
13 kB (13093 bytes)
Hash
1355aa125a385056845e0ee1d5384e9a
cfa5fd1b2dd6b299c0aecdf19fec3532ce4392ea
248797fff982ee400ab78ff6831182372f9ef8a6916364192ca0f30556577733

HTTP Headers

GET /www/images/1355aa125a385056845e0ee1d5384e9a.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:14:00 GMT
content-type: image/jpeg
content-length: 13093
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6388849b-3325"
expires: Sun, 05 Feb 2023 04:51:45 GMT
last-modified: Thu, 01 Dec 2022 10:40:27 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 51735
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7945ba0fb87b2d8f-ARN
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.118

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.118:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
e3ad96178414ca3060b8066c4891817b
c31bac2d4c13500b322585b337602fa84d6f817d
ffcddc904a1da9a9b492bf0697e7548b52d11c56cbf66d1e5e7bc5171209c554

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=93589
Date: Sat, 04 Feb 2023 19:14:00 GMT
Etag: "63dd6db4-1d7"
Expires: Sun, 05 Feb 2023 21:13:49 GMT
Last-Modified: Fri, 03 Feb 2023 20:25:24 GMT
Server: ECS (nyb/1D12)
X-Cache: Miss from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: LkPE7ApzERBe09gNFfnuwdeWfnwLN0kNWTk_TDLvMSEK_3Jo09H1Tg==
Age: 2905

rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js

54.230.111.33

200 OK

676 B

URL HTTP/2
rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js
IP
54.230.111.33:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (510)
Size
676 B (676 bytes)
Hash
2b39dfde3efbfe33d9a22d0e9a20ac25
bfbc6af0b9a63813e3e98a5946844e67e868f787
4bc842f2d45d4640ac8bc4abf4f74c520775a26308383d37fe91097a0b8f4374

HTTP Headers

GET /rules-p-6Fv0cGNfc_bw8.js HTTP/1.1
Host: rules.quantcount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
date: Sat, 04 Feb 2023 18:40:45 GMT
last-modified: Thu, 13 Oct 2022 22:35:53 GMT
etag: W/"1f431dc94c1f033d6666f0fe637e2d7b"
x-amz-server-side-encryption: AES256
cache-control: max-age=3600
server: AmazonS3
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: BguxUAIaNOKysFfJWpYZ4v41vfT-bPbO6tUU8-mgMz8MKQefbdYHPw==
age: 1996
X-Firefox-Spdy: h2

interstitial-07.com/contents/s/71/23/05/e8fe68574c40b7e25dd26970dc/01534287215884.jpeg

139.45.197.154

200 OK

18 kB

URL HTTP/2
interstitial-07.com/contents/s/71/23/05/e8fe68574c40b7e25dd26970dc/01534287215884.jpeg
IP
139.45.197.154:0
ASN
#9002 RETN Limited

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 256x256, components 3\012- data
Size
18 kB (18020 bytes)
Hash
712305e8fe68574c40b7e25dd26970dc
1f0a0f3102897227b7edfcdae22737511ccd87e0
8d1cdd0256eba854bb29caa4bbd45a7b6e71928b9a2fd878485bd85a85bf6eef

HTTP Headers

GET /contents/s/71/23/05/e8fe68574c40b7e25dd26970dc/01534287215884.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=iSNWy4rID4OXSxD&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3050147685%26z%3D5630103%26b%3D16336478%26c%3D6497346%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D7L9Kf5k_eGAU-ICCaPePb3cAHX1v9C6uGHaxyqR6jFHhBGFtqwcnerOzODeLRIOHyJibkwod1vajUDDUhVmzLKSFSc262rbAVzUjqktI8nFpaNPTLtLg6OkvqgkV2x0VPgzzx3zRKG8iBK8m8oIsf9CCuwn0RN3RcFUXaERQu6mW1q1D-mbycDiugyy3P02mNB39OhgXPE5m6CXoyFIaPyHFgZiRzgDjxz3izN0Yv84MAtXf6N-3WL5VsCzhp0iCzA9vl7X1RjCeUX3j-mPkVYxa2jn8vocLolEJrx19itAp60D4GpQZP9FYfXy0ldHTTCZ_voXsBpo0ciz3ryBYFXWdlrk7QdvZcw2BQTOOGN7ISHuShexOZmJiPHhk6fqXie4XNXgg1buusKzj8_wf7jL3JPW0255IR_JGCRb4_wi90UVLj2JWe_NQlyQTRo8MywJGEQSplA1w0d9qZQuKZkUnGcpiPPmK1WnKP86-y8u-h0JkT81yZOmzqW0kK9Fn3SI6vmTxGw-Nh7pK5WL8cd_AIICPhfqXWk55AegjufRfsJikzC0W0J0YcL3PSUmgV2t56piO0mbdpQZx6SmISFhwwUjwYQBZh-roqG3Ft7fUFqkGZE_4pY1fnFj-KzR1qKbVBlvOZPeyeldnmpBmV2NDV-juN7La3hjcEtLFACnoX6nkjuiPjLaxcxNNJsZwSZHyL4JsiG8UrMa7nq2UQbseRE96JV-bZv8NOtZqaMVLm8DY%26bag%3Dk61ASqzarAVbT7gseeGtWw%3D%3D%26ruid%3D56234cf8-9a2a-40e4-9b28-d36e33d40786%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKJtg%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:14:00 GMT
content-type: image/jpeg
content-length: 18020
last-modified: Wed, 14 Dec 2022 17:37:10 GMT
vary: Accept-Encoding
etag: "639a09c6-4664"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
820ab364ace15fb6026587292ccde36f
143ad84a1bd92d255ae21c8b764e05f7f0868bed
791e50bc873f584e10cef087ea4d95ef2102d6a304a58de7f7e86d351059254e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5271
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:14:00 GMT
Last-Modified: Sat, 04 Feb 2023 17:46:09 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 313

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
62c7c18c130ae1bd18ee5b857648f17a
f1ad5212e235d67a044cc8024c61cf5fd548410e
ed73a22a097c2b5ff9563fbebf5375d3076e71a18e0d51b85973c36c1f029dc5

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ED73A22A097C2B5FF9563FBEBF5375D3076E71A18E0D51B85973C36C1F029DC5"
Last-Modified: Thu, 02 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5381
Expires: Sat, 04 Feb 2023 20:43:41 GMT
Date: Sat, 04 Feb 2023 19:14:00 GMT
Connection: keep-alive

interstitial-07.com/contents/s/8c/73/ef/f26d7b8644a42654870f26bd56/0719004534516.jpeg

139.45.197.154

200 OK

35 kB

URL HTTP/2
interstitial-07.com/contents/s/8c/73/ef/f26d7b8644a42654870f26bd56/0719004534516.jpeg
IP
139.45.197.154:0
ASN
#9002 RETN Limited

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 492x328, components 3\012- data
Size
35 kB (35106 bytes)
Hash
8c73eff26d7b8644a42654870f26bd56
762a5b0e9df2dbd99ab77b4f8f6061fe826072b5
22522e9a52728bbdbe0731b9b1bbca0a0ad89bd55373a4271f2c5bf241239d66

HTTP Headers

GET /contents/s/8c/73/ef/f26d7b8644a42654870f26bd56/0719004534516.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=iSNWy4rID4OXSxD&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3050147685%26z%3D5630103%26b%3D16336478%26c%3D6497346%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D7L9Kf5k_eGAU-ICCaPePb3cAHX1v9C6uGHaxyqR6jFHhBGFtqwcnerOzODeLRIOHyJibkwod1vajUDDUhVmzLKSFSc262rbAVzUjqktI8nFpaNPTLtLg6OkvqgkV2x0VPgzzx3zRKG8iBK8m8oIsf9CCuwn0RN3RcFUXaERQu6mW1q1D-mbycDiugyy3P02mNB39OhgXPE5m6CXoyFIaPyHFgZiRzgDjxz3izN0Yv84MAtXf6N-3WL5VsCzhp0iCzA9vl7X1RjCeUX3j-mPkVYxa2jn8vocLolEJrx19itAp60D4GpQZP9FYfXy0ldHTTCZ_voXsBpo0ciz3ryBYFXWdlrk7QdvZcw2BQTOOGN7ISHuShexOZmJiPHhk6fqXie4XNXgg1buusKzj8_wf7jL3JPW0255IR_JGCRb4_wi90UVLj2JWe_NQlyQTRo8MywJGEQSplA1w0d9qZQuKZkUnGcpiPPmK1WnKP86-y8u-h0JkT81yZOmzqW0kK9Fn3SI6vmTxGw-Nh7pK5WL8cd_AIICPhfqXWk55AegjufRfsJikzC0W0J0YcL3PSUmgV2t56piO0mbdpQZx6SmISFhwwUjwYQBZh-roqG3Ft7fUFqkGZE_4pY1fnFj-KzR1qKbVBlvOZPeyeldnmpBmV2NDV-juN7La3hjcEtLFACnoX6nkjuiPjLaxcxNNJsZwSZHyL4JsiG8UrMa7nq2UQbseRE96JV-bZv8NOtZqaMVLm8DY%26bag%3Dk61ASqzarAVbT7gseeGtWw%3D%3D%26ruid%3D56234cf8-9a2a-40e4-9b28-d36e33d40786%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKJtg%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:14:00 GMT
content-type: image/jpeg
content-length: 35106
last-modified: Wed, 14 Dec 2022 17:37:04 GMT
vary: Accept-Encoding
etag: "639a09c0-8922"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1

178.250.0.162

200 OK

43 B

URL HTTP/2
csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1
IP
178.250.0.162:0
ASN
#44788 Criteo SA

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1 HTTP/1.1
Host: csm.fr.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:59 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

unphionetor.com/fv.js?t=72747&cb=2015082844

139.45.197.236

200 OK

2.2 kB

URL HTTP/2
unphionetor.com/fv.js?t=72747&cb=2015082844
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type
ASCII text, with very long lines (5213), with no line terminators
Size
2.2 kB (2153 bytes)
Hash
0254fb1dad74628b7ad0f97d304fac92
35f7af13a08eb87023ec7df4d3c35c21b2cde79d
47fb6ce428ca80ea69b772e4f66e4e5c622a4005db601746033d04511bd27536

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /fv.js?t=72747&cb=2015082844 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:14:00 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 4e3283f49306b4f38d7a82fe2f8c40fb
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

ibrapush.com/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
ibrapush.com/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Content-Type: application/json
Origin: https://oxy.st
Content-Length: 719
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:14:00 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: a5b8526c5c61c5e6a25da67eb154e804
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sat, 04 Feb 2023 19:14:00 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: fb8fe8452c1f83a3fcf1a7b746eef324
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

312 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
312 B (312 bytes)
Hash
6521d1238a4ed164bc6fe76707f28b96
cb61b728667d4cbaa6b8c237cc3149dd1b1e5347
879378a93eb2c9cb965791e7fd17de8568210fec4c8269f9c19aa28d28c2eec5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4014
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:14:00 GMT
Last-Modified: Sat, 04 Feb 2023 18:07:06 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 312

ocsp.digicert.com/

93.184.220.29

200 OK

312 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
312 B (312 bytes)
Hash
6521d1238a4ed164bc6fe76707f28b96
cb61b728667d4cbaa6b8c237cc3149dd1b1e5347
879378a93eb2c9cb965791e7fd17de8568210fec4c8269f9c19aa28d28c2eec5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4014
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:14:00 GMT
Last-Modified: Sat, 04 Feb 2023 18:07:06 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 312

dnacdn.net/dna

178.250.2.146

200 OK

502 B

URL HTTP/2
dnacdn.net/dna
IP
178.250.2.146:0
ASN
#44788 Criteo SA

File type
data
Size
502 B (502 bytes)
Hash
2522ae770779a6f76e9138d38941630e
f275c20debd659cff6b5d2412aebf6888cb85025
e8c9e6a63235309e532a2181ad3d7b10ff903956d33451cbbb5c27a76c0ec7e5

HTTP Headers

GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=KZZcJl80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3g1RWlJZFd2MU8lMkYxJTJGeFZIeGF1U1BrVCUyRk9IakJrc0pNbiUyQjQzakNzMXFDdQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:59 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=zXo2wl80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3g1RWlJZFd2MU8lMkYxJTJGeFZIeGF1U1BtUm5CcTZEZDFZRmslMkZmMTBwTVRXUUw; expires=Thu, 29 Feb 2024 19:14:00 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 352438
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

betotodilea.com/impression/VzCsWO-qvFYTdR4XH-RFpQCfQG_eHXucDZbV7jC6F5nJlUig1ulzy6DNkPXeCTpyuQa4XSW0Vn6KyWgzcCmYJQlcMe3JQ37tebyYOBQ8lRp03mabkxznXHOnMmyOnee5TtFuUNn_ORQLwpL-hY-5x-JH095C83N9ZhwgVv3VcRQ6AZ4teUPQ0rwS1qsOCS-B9i45PEmYb0Bw5hDYfwy5h2vOjGc43qOB3OhnENg1mAu-7zdYjfZAZNoidknLv0eRpiTTwoj2eHufOtncA1rGc-shOmdLQTQL4a7L7l_89fVL6aYGFWeupx7ukL73Ktrn0PdVIC0BnmzIYUKl-dFG5aJ5axjqKYP9hceUF-IvA8T9Uptz6K6eVJxVyPZ2XSHUnN09rRqI03ENjtkciwXR8QgLkexol5ii_DdFUQGtDURv3oToj4W7AZxjfYADfs2wFddL0jAyYmHwO_8uhm5V6r32RVNZ0KsJiRXeu3PcZBSIyykBdXuQeVf7EGhkaDBfFps6X5FN4WZpar05LJfFxYKV6geKIlb9Oc72IqOGyr-fj7I30rbQGNjqTC56bcGoFjYTou-8kjo=?_z=5630102&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

43 B

URL HTTP/2
betotodilea.com/impression/VzCsWO-qvFYTdR4XH-RFpQCfQG_eHXucDZbV7jC6F5nJlUig1ulzy6DNkPXeCTpyuQa4XSW0Vn6KyWgzcCmYJQlcMe3JQ37tebyYOBQ8lRp03mabkxznXHOnMmyOnee5TtFuUNn_ORQLwpL-hY-5x-JH095C83N9ZhwgVv3VcRQ6AZ4teUPQ0rwS1qsOCS-B9i45PEmYb0Bw5hDYfwy5h2vOjGc43qOB3OhnENg1mAu-7zdYjfZAZNoidknLv0eRpiTTwoj2eHufOtncA1rGc-shOmdLQTQL4a7L7l_89fVL6aYGFWeupx7ukL73Ktrn0PdVIC0BnmzIYUKl-dFG5aJ5axjqKYP9hceUF-IvA8T9Uptz6K6eVJxVyPZ2XSHUnN09rRqI03ENjtkciwXR8QgLkexol5ii_DdFUQGtDURv3oToj4W7AZxjfYADfs2wFddL0jAyYmHwO_8uhm5V6r32RVNZ0KsJiRXeu3PcZBSIyykBdXuQeVf7EGhkaDBfFps6X5FN4WZpar05LJfFxYKV6geKIlb9Oc72IqOGyr-fj7I30rbQGNjqTC56bcGoFjYTou-8kjo=?_z=5630102&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /impression/VzCsWO-qvFYTdR4XH-RFpQCfQG_eHXucDZbV7jC6F5nJlUig1ulzy6DNkPXeCTpyuQa4XSW0Vn6KyWgzcCmYJQlcMe3JQ37tebyYOBQ8lRp03mabkxznXHOnMmyOnee5TtFuUNn_ORQLwpL-hY-5x-JH095C83N9ZhwgVv3VcRQ6AZ4teUPQ0rwS1qsOCS-B9i45PEmYb0Bw5hDYfwy5h2vOjGc43qOB3OhnENg1mAu-7zdYjfZAZNoidknLv0eRpiTTwoj2eHufOtncA1rGc-shOmdLQTQL4a7L7l_89fVL6aYGFWeupx7ukL73Ktrn0PdVIC0BnmzIYUKl-dFG5aJ5axjqKYP9hceUF-IvA8T9Uptz6K6eVJxVyPZ2XSHUnN09rRqI03ENjtkciwXR8QgLkexol5ii_DdFUQGtDURv3oToj4W7AZxjfYADfs2wFddL0jAyYmHwO_8uhm5V6r32RVNZ0KsJiRXeu3PcZBSIyykBdXuQeVf7EGhkaDBfFps6X5FN4WZpar05LJfFxYKV6geKIlb9Oc72IqOGyr-fj7I30rbQGNjqTC56bcGoFjYTou-8kjo=?_z=5630102&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Cookie: OAID=fd535c686ba5466887ece0106c23b628
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:14:04 GMT
content-type: image/gif
content-length: 43
x-trace-id: 99057d799154ee490fd7a2e40193f7f5
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

betotodilea.com/500/5630102?excludes=16368910&oaid=fd535c686ba5466887ece0106c23b628&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/500/5630102?excludes=16368910&oaid=fd535c686ba5466887ece0106c23b628&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

OPTIONS /500/5630102?excludes=16368910&oaid=fd535c686ba5466887ece0106c23b628&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:14:04 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://oxy.st
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

offerimage.com/www/images/c203639f459b6e675afc744dd5393fc6.jpeg

104.22.32.172

200 OK

11 kB

URL HTTP/2
offerimage.com/www/images/c203639f459b6e675afc744dd5393fc6.jpeg
IP
104.22.32.172:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
11 kB (10857 bytes)
Hash
c203639f459b6e675afc744dd5393fc6
c83a0142c1a7f6a07c2dd360243197a27f560932
64b4e386658d3f5764261f576a4673eb506fcad5e38e69ef085723f8dab72263

HTTP Headers

GET /www/images/c203639f459b6e675afc744dd5393fc6.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:14:04 GMT
content-type: image/jpeg
content-length: 10857
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6388849a-2a69"
expires: Sun, 05 Feb 2023 03:18:11 GMT
last-modified: Thu, 01 Dec 2022 10:40:26 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 57353
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7945ba2cec9d2d8f-ARN
X-Firefox-Spdy: h2

ibrapush.com/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
ibrapush.com/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Content-Type: application/json
Origin: https://oxy.st
Content-Length: 363
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:14:06 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 6070cbff2c9a9dcc64c5c0a608d55535
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?pub=0&userId=adf2511cf5f245f7920f2535d3ccbbbc&zoneId=5630104&checkDuplicate=true&ymid=&var=

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js?pub=0&userId=adf2511cf5f245f7920f2535d3ccbbbc&zoneId=5630104&checkDuplicate=true&ymid=&var=
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
0495ece893468bc39f8d0352e41364de
41f4b0732e998fb332f6bad8d382f9b8634b447a
ebf3791a002b7517798ce3fce671f75a7d2828d9fb7b260cda3b082aae8b65cd

HTTP Headers

GET /gid.js?pub=0&userId=adf2511cf5f245f7920f2535d3ccbbbc&zoneId=5630104&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Cookie: ID=fd535c686ba5466887ece0106c23b628
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:14:06 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=fd535c686ba5466887ece0106c23b628; expires=Sun, 04 Feb 2024 19:14:06 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ibrapush.com/pfe/current/tag.min.js?z=5630104

139.45.197.250

200 OK

0 B

URL HTTP/2
ibrapush.com/pfe/current/tag.min.js?z=5630104
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pfe/current/tag.min.js?z=5630104 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:59 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-390a"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
link: <https://my.rtmark.net>; rel=dns-prefetch;, <https://my.rtmark.net>; rel=preconnect
content-encoding: gzip
X-Firefox-Spdy: h2

gum.criteo.com/sync?c=147&r=2&j=criteoCallback

178.250.0.157

200 OK

0 B

URL HTTP/2
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:59 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 826311
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

interstitial-07.com/?l=iSNWy4rID4OXSxD&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3050147685%26z%3D5630103%26b%3D16336478%26c%3D6497346%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D7L9Kf5k_eGAU-ICCaPePb3cAHX1v9C6uGHaxyqR6jFHhBGFtqwcnerOzODeLRIOHyJibkwod1vajUDDUhVmzLKSFSc262rbAVzUjqktI8nFpaNPTLtLg6OkvqgkV2x0VPgzzx3zRKG8iBK8m8oIsf9CCuwn0RN3RcFUXaERQu6mW1q1D-mbycDiugyy3P02mNB39OhgXPE5m6CXoyFIaPyHFgZiRzgDjxz3izN0Yv84MAtXf6N-3WL5VsCzhp0iCzA9vl7X1RjCeUX3j-mPkVYxa2jn8vocLolEJrx19itAp60D4GpQZP9FYfXy0ldHTTCZ_voXsBpo0ciz3ryBYFXWdlrk7QdvZcw2BQTOOGN7ISHuShexOZmJiPHhk6fqXie4XNXgg1buusKzj8_wf7jL3JPW0255IR_JGCRb4_wi90UVLj2JWe_NQlyQTRo8MywJGEQSplA1w0d9qZQuKZkUnGcpiPPmK1WnKP86-y8u-h0JkT81yZOmzqW0kK9Fn3SI6vmTxGw-Nh7pK5WL8cd_AIICPhfqXWk55AegjufRfsJikzC0W0J0YcL3PSUmgV2t56piO0mbdpQZx6SmISFhwwUjwYQBZh-roqG3Ft7fUFqkGZE_4pY1fnFj-KzR1qKbVBlvOZPeyeldnmpBmV2NDV-juN7La3hjcEtLFACnoX6nkjuiPjLaxcxNNJsZwSZHyL4JsiG8UrMa7nq2UQbseRE96JV-bZv8NOtZqaMVLm8DY%26bag%3Dk61ASqzarAVbT7gseeGtWw%3D%3D%26ruid%3D56234cf8-9a2a-40e4-9b28-d36e33d40786%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKJtg%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0

139.45.197.154

200 OK

0 B

URL HTTP/2
interstitial-07.com/?l=iSNWy4rID4OXSxD&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3050147685%26z%3D5630103%26b%3D16336478%26c%3D6497346%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D7L9Kf5k_eGAU-ICCaPePb3cAHX1v9C6uGHaxyqR6jFHhBGFtqwcnerOzODeLRIOHyJibkwod1vajUDDUhVmzLKSFSc262rbAVzUjqktI8nFpaNPTLtLg6OkvqgkV2x0VPgzzx3zRKG8iBK8m8oIsf9CCuwn0RN3RcFUXaERQu6mW1q1D-mbycDiugyy3P02mNB39OhgXPE5m6CXoyFIaPyHFgZiRzgDjxz3izN0Yv84MAtXf6N-3WL5VsCzhp0iCzA9vl7X1RjCeUX3j-mPkVYxa2jn8vocLolEJrx19itAp60D4GpQZP9FYfXy0ldHTTCZ_voXsBpo0ciz3ryBYFXWdlrk7QdvZcw2BQTOOGN7ISHuShexOZmJiPHhk6fqXie4XNXgg1buusKzj8_wf7jL3JPW0255IR_JGCRb4_wi90UVLj2JWe_NQlyQTRo8MywJGEQSplA1w0d9qZQuKZkUnGcpiPPmK1WnKP86-y8u-h0JkT81yZOmzqW0kK9Fn3SI6vmTxGw-Nh7pK5WL8cd_AIICPhfqXWk55AegjufRfsJikzC0W0J0YcL3PSUmgV2t56piO0mbdpQZx6SmISFhwwUjwYQBZh-roqG3Ft7fUFqkGZE_4pY1fnFj-KzR1qKbVBlvOZPeyeldnmpBmV2NDV-juN7La3hjcEtLFACnoX6nkjuiPjLaxcxNNJsZwSZHyL4JsiG8UrMa7nq2UQbseRE96JV-bZv8NOtZqaMVLm8DY%26bag%3Dk61ASqzarAVbT7gseeGtWw%3D%3D%26ruid%3D56234cf8-9a2a-40e4-9b28-d36e33d40786%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKJtg%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
IP
139.45.197.154:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /?l=iSNWy4rID4OXSxD&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3050147685%26z%3D5630103%26b%3D16336478%26c%3D6497346%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3D7L9Kf5k_eGAU-ICCaPePb3cAHX1v9C6uGHaxyqR6jFHhBGFtqwcnerOzODeLRIOHyJibkwod1vajUDDUhVmzLKSFSc262rbAVzUjqktI8nFpaNPTLtLg6OkvqgkV2x0VPgzzx3zRKG8iBK8m8oIsf9CCuwn0RN3RcFUXaERQu6mW1q1D-mbycDiugyy3P02mNB39OhgXPE5m6CXoyFIaPyHFgZiRzgDjxz3izN0Yv84MAtXf6N-3WL5VsCzhp0iCzA9vl7X1RjCeUX3j-mPkVYxa2jn8vocLolEJrx19itAp60D4GpQZP9FYfXy0ldHTTCZ_voXsBpo0ciz3ryBYFXWdlrk7QdvZcw2BQTOOGN7ISHuShexOZmJiPHhk6fqXie4XNXgg1buusKzj8_wf7jL3JPW0255IR_JGCRb4_wi90UVLj2JWe_NQlyQTRo8MywJGEQSplA1w0d9qZQuKZkUnGcpiPPmK1WnKP86-y8u-h0JkT81yZOmzqW0kK9Fn3SI6vmTxGw-Nh7pK5WL8cd_AIICPhfqXWk55AegjufRfsJikzC0W0J0YcL3PSUmgV2t56piO0mbdpQZx6SmISFhwwUjwYQBZh-roqG3Ft7fUFqkGZE_4pY1fnFj-KzR1qKbVBlvOZPeyeldnmpBmV2NDV-juN7La3hjcEtLFACnoX6nkjuiPjLaxcxNNJsZwSZHyL4JsiG8UrMa7nq2UQbseRE96JV-bZv8NOtZqaMVLm8DY%26bag%3Dk61ASqzarAVbT7gseeGtWw%3D%3D%26ruid%3D56234cf8-9a2a-40e4-9b28-d36e33d40786%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FKJtg%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:14:00 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.26
set-cookie: reverse=v5tAVnsUu9QRxblbIaZ4wiH7L2iGLbkyJFerjI825P0; expires=Sat, 04-Feb-2023 20:14:00 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2

gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st

178.250.0.157

200 OK

0 B

URL HTTP/2
gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /syncframe?origin=rtus&topUrl=oxy.st HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:59 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
uid=504960dc-8518-4e42-b6a1-5b31dd26cafb; expires=Thu, 29 Feb 2024 19:14:00 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 753873
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/500/5630102?excludes=16368910&oaid=fd535c686ba5466887ece0106c23b628&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /500/5630102?excludes=16368910&oaid=fd535c686ba5466887ece0106c23b628&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: OAID=fd535c686ba5466887ece0106c23b628
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:14:04 GMT
content-type: application/javascript
x-trace-id: 4ba4fbe63b7ecb9e3c87a7cffcec7844
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://oxy.st
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=fd535c686ba5466887ece0106c23b628; expires=Sun, 04 Feb 2024 19:14:04 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

bedrapiona.com/5/5630105/?oo=1&js_build=iclick-v1.479.0

139.45.197.234

200 OK

0 B

URL HTTP/2
bedrapiona.com/5/5630105/?oo=1&js_build=iclick-v1.479.0
IP
139.45.197.234:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /5/5630105/?oo=1&js_build=iclick-v1.479.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:58 GMT
content-type: application/json
x-trace-id: 2a3988f9eb111590ef35b233fe235c67
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=fd535c686ba5466887ece0106c23b628; expires=Sun, 04 Feb 2024 19:13:58 GMT; path=/; secure; SameSite=None
oaidts=1675538038; expires=Sun, 04 Feb 2024 19:13:58 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

ibrapush.com/pfe/current/universal.min.js?v=3.1.415

139.45.197.250

200 OK

0 B

URL HTTP/2
ibrapush.com/pfe/current/universal.min.js?v=3.1.415
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.415 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:59 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-18c6c"
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Da878dba8-cb8f-42b1-8257-2ecd836d0671

185.64.189.110

302 Found

0 B

URL HTTP/2
image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Da878dba8-cb8f-42b1-8257-2ecd836d0671
IP
185.64.189.110:0
ASN
#62713 AS-PUBMATIC

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Da878dba8-cb8f-42b1-8257-2ecd836d0671 HTTP/1.1
Host: image2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Sat, 04 Feb 2023 19:13:58 GMT
set-cookie: KTPCACOOKIE=true; domain=pubmatic.com; secure; expires=Fri, 05-May-2023 19:13:58 GMT; path=/
location: https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Da878dba8-cb8f-42b1-8257-2ecd836d0671
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
X-Firefox-Spdy: h2

spl.zeotap.com/?env=mWeb&eventType=pageview&zdid=1258

104.22.24.87

200 OK

0 B

URL HTTP/2
spl.zeotap.com/?env=mWeb&eventType=pageview&zdid=1258
IP
104.22.24.87:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /?env=mWeb&eventType=pageview&zdid=1258 HTTP/1.1
Host: spl.zeotap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:58 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://oxy.st
set-cookie: zc=c96cad81-c99e-42a7-67eb-aff534b59905; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure
zsc=%1E2i%DD%9A%3A%93%F3%EDi%27%1F%B9%AF%0E%8D%DB%BBF%88%7B1_N%C4%86_I%A1%17%1Bso%D3U%ED%81e%15%B3%D2%CBu~%24w%F5%F8zq%B3%0F%17%FF%10%9B%13F%E1%5C%13%3D%84%9C%15%BEZ%2A-%04d.%CF%07h%C7Jv%12%A0%EC%C4%D5; Path=/; Domain=.zeotap.com; Max-Age=86400; SameSite=None; Secure
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7945ba065eccb4ed-OSL
content-encoding: br
X-Firefox-Spdy: h2

ads.themoneytizer.com/moneybile.js

185.76.9.23

200 OK

0 B

URL HTTP/2
ads.themoneytizer.com/moneybile.js
IP
185.76.9.23:0
ASN
#60068 Datacamp Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /moneybile.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:58 GMT
content-type: application/javascript
last-modified: Fri, 12 Mar 2021 17:07:19 GMT
expires: Sat, 04 Feb 2023 18:08:28 GMT
cache-control: max-age=86400, public, no-transform
pragma: public
x-accel-expires: @1675620509
server: CDN77-Turbo
x-77-nzt: AblMCRQZQRH/WQ8AAA
x-77-nzt-ray: af585630c3abcfbc76aede639351d920
x-cache: HIT
x-age: 3929
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1

178.250.0.157

200 OK

0 B

URL HTTP/2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:58 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 408875
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1

178.250.0.157

200 OK

0 B

URL HTTP/2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:58 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 796392
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

betotodilea.com/400/5630102

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/400/5630102
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /400/5630102 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:59 GMT
content-type: application/javascript
x-trace-id: bcc5e3268f903acc5894daf23bf1d260
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=7d42d30990c94f24bbf420a280b7b266; expires=Sun, 04 Feb 2024 19:13:59 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

nanouwho.com/1?z=5630103

139.45.197.242

200 OK

0 B

URL HTTP/2
nanouwho.com/1?z=5630103
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /1?z=5630103 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:59 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: d2f9fb23922f3550993117af8e9f2cff
access-control-expose-headers: X-Sc
x-sc: D-hqnXNhD5ljo9ymxOXFCDH7QrVA6f4brGehkib5TRJuIdPemLFM6JeOW8lMJ9lwTBJACgHEmjz1iQILMGZidxmZWVU=
set-cookie: scm=1; expires=Sun, 04 Feb 2024 19:13:59 GMT; secure; SameSite=None
OAID=45ba44545f01491e927fe375a2fb8b9c; expires=Sun, 04 Feb 2024 19:13:59 GMT; secure; SameSite=None
oaidts=1675538039; expires=Sun, 04 Feb 2024 19:13:59 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

tzegilo.com/stattag.js

104.21.89.122

200 OK

0 B

URL HTTP/2
tzegilo.com/stattag.js
IP
104.21.89.122:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:59 GMT
content-type: application/javascript
last-modified: Fri, 03 Feb 2023 16:30:52 GMT
etag: W/"63dd36bc-43b7"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2176
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ei3fnmvnJ6FxKMOu5arJVMsUcdjsbGba2EF%2Bz2QFVFMRSjmX5FnqZNSKVlg0FkuPoIUHYF10jSO37sbyQHTeIOc0zPJ3inrAO0K3ErkuHy37sp1sxCmD%2BesANXyydw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7945ba0a4c3b0b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

oxy.st/sw.js

185.178.208.137

200 OK

0 B

URL HTTP/2
oxy.st/sw.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sw.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/d/KJtg
Connection: keep-alive
Cookie: __ddg1_=UrgrRfWOyMYkjQaZWI1X; PHPSESSID=56gr9ed0t17hqg44tbihk05qi6; _pbjs_userid_consent_data=3524755945110770; sharedid=65988b35-4625-4ab1-a0c9-a64aea79a2f0; cto_bundle=Hn_IzV9wJTJCR2VMWVd5aWZxdDBGMGxJb0c2aGhlUDJVRG1jUzZZMnI0N2ZuTUZTaUx2JTJCZTAzZXlxQkNGMjRmZ3pCdSUyRmRuUFNtelVMJTJGa1FvNmZpcVVMeHFwenRuTW1mRSUyQjBhOThESUM2WDVLUkhpbHclM0Q; cto_bidid=1Pzxnl9ncE5ZJTJCcW9qdHRBMGxuRjdHZFl6a3hMNXRnYjdMbEd2S3ZxUTNrOEh0elBzTCUyRkF0bDN6aUhEJTJGNGhaaEszb1hpZ1BiQmElMkZyYXB0WXUlMkJYZEZ4TmMxYUElM0QlM0Q; prefetchAd_5630105=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 19:13:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
content-encoding: gzip
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

ag.gbc.criteo.com/newidsd

185.235.84.178

200 OK

0 B

URL HTTP/2
ag.gbc.criteo.com/newidsd
IP
185.235.84.178:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:14:00 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 105126
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Montserrat:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Montserrat:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Montserrat:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 Feb 2023 19:13:58 GMT
date: Sat, 04 Feb 2023 19:13:58 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

oxy.st/slake/asset/js/jquery.min.js

185.178.208.137

200 OK

0 B

URL HTTP/2
oxy.st/slake/asset/js/jquery.min.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /slake/asset/js/jquery.min.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/KJtg
Cookie: __ddg1_=UrgrRfWOyMYkjQaZWI1X; PHPSESSID=56gr9ed0t17hqg44tbihk05qi6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 02 Feb 2023 08:41:20 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 30285
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-1538e"
age: 210758
X-Firefox-Spdy: h2

nanouwho.com/27/843a9f1226eda0484b879504742bc6d9

139.45.197.242

200 OK

0 B

URL HTTP/2
nanouwho.com/27/843a9f1226eda0484b879504742bc6d9
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /27/843a9f1226eda0484b879504742bc6d9 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Cookie: scm=1; OAID=45ba44545f01491e927fe375a2fb8b9c; oaidts=1675538039
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:59 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
cache-control: max-age:290304000, public
last-modified: Fri, 03 Feb 2023 06:00:36 GMT
expires: Fri, 05 Mar 2083 06:00:36 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

139.45.197.242

200 OK

0 B

URL HTTP/2
nanouwho.com/9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=fd535c686ba5466887ece0106c23b628
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=fd535c686ba5466887ece0106c23b628 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 144
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: scm=1; OAID=45ba44545f01491e927fe375a2fb8b9c; oaidts=1675538039
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:59 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 5ff28c2caf0a5b923d9501b800bfb78c
access-control-expose-headers: X-Sc
set-cookie: OAID=fd535c686ba5466887ece0106c23b628; expires=Sun, 04 Feb 2024 19:13:59 GMT; secure; SameSite=None
oaidts=1675538039; expires=Sun, 04 Feb 2024 19:13:59 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/500/5630102?excludes=&oaid=fd535c686ba5466887ece0106c23b628&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /500/5630102?excludes=&oaid=fd535c686ba5466887ece0106c23b628&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Foxy.st%2Fd%2FKJtg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: OAID=7d42d30990c94f24bbf420a280b7b266
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:59 GMT
content-type: application/javascript
x-trace-id: 9ffb569ebaa659ffd809c347e9b30fde
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://oxy.st
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=fd535c686ba5466887ece0106c23b628; expires=Sun, 04 Feb 2024 19:13:59 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

gum.criteo.com/sync?c=147&r=2&j=criteoCallback

178.250.0.157

200 OK

0 B

URL HTTP/2
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
x-crto-bundle: Hn_IzV9wJTJCR2VMWVd5aWZxdDBGMGxJb0c2aGhlUDJVRG1jUzZZMnI0N2ZuTUZTaUx2JTJCZTAzZXlxQkNGMjRmZ3pCdSUyRmRuUFNtelVMJTJGa1FvNmZpcVVMeHFwenRuTW1mRSUyQjBhOThESUM2WDVLUkhpbHclM0Q
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:59 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 1435316
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (56)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML