Report - oxy.name/d/uJvg

Report Overview

Submitted URL
oxy.name/d/uJvg
IP
172.67.218.114
ASN
#13335 CLOUDFLARENET
Submitted
2023-02-06 16:55:25
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
4
Threat Detection Systems
26

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	52.37.14.141
ag.gbc.criteo.com	5925	2018-12-17T14:17:41Z	2023-03-13T05:53:12Z	386 B	492 B	178.250.6.131
gem.gbc.criteo.com	6039	2019-01-31T11:05:09Z	2023-03-13T05:34:09Z	387 B	492 B	185.235.84.43
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-13T08:22:43Z	680 B	1.9 kB	172.64.155.188
tzegilo.com	unknown	2022-01-14T16:27:15Z	2023-03-13T06:33:04Z	348 B	41 kB	104.21.89.122
interstitial-07.com	36198	2017-03-09T01:00:07Z	2023-03-13T05:31:16Z	3.8 kB	23 kB	139.45.197.153
ajax.googleapis.com	12905	2013-08-16T11:51:31Z	2023-03-13T08:37:09Z	382 B	31 kB	142.250.74.170
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	350 B	944 B	143.204.42.165
id5-sync.com	504	2017-01-25T22:02:34Z	2023-03-13T05:10:36Z	1.2 kB	2.1 kB	162.19.138.117
ads.adlook.me	43352	2018-11-28T13:50:19Z	2023-03-13T08:33:52Z	461 B	380 B	5.200.43.243
betotodilea.com	52465	2021-08-17T09:55:50Z	2023-03-13T05:31:16Z	3.6 kB	35 kB	139.45.197.237
fleraprt.com	unknown	2022-01-14T23:55:14Z	2023-03-13T06:33:10Z	470 B	474 B	139.45.195.254
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-13T08:44:36Z	962 B	54 kB	142.250.74.35
spl.zeotap.com	1638	2017-01-27T16:44:52Z	2023-03-13T05:20:58Z	801 B	1.6 kB	104.22.24.87
nanouwho.com	unknown	2022-07-09T22:30:29Z	2023-03-13T05:15:46Z	3.8 kB	14 kB	139.45.197.242
inklinkor.com	unknown	2022-04-01T13:44:00Z	2023-03-13T06:35:03Z	350 B	1.1 kB	172.67.211.29
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
whereres.com	unknown	2022-09-27T19:04:48Z	2023-03-12T21:21:08Z	370 B	9.2 kB	88.208.46.156
ocsp.globalsign.com	2075	2012-07-20T19:46:16Z	2023-03-13T05:09:19Z	1.1 kB	4.7 kB	104.18.20.226
cm.g.doubleclick.net	202	2012-05-22T11:58:28Z	2023-03-13T08:33:33Z	455 B	1.2 kB	142.250.74.2
offerimage.com	304078	2019-06-10T13:11:53Z	2023-03-13T08:06:22Z	834 B	20 kB	104.22.33.172
yastatic.net	72282	2014-03-11T08:15:28Z	2023-03-13T05:16:26Z	910 B	90 kB	178.154.131.216
s.cpx.to	2014	2014-10-25T15:31:28Z	2023-03-13T06:08:01Z	1.4 kB	2.6 kB	52.31.36.28
ocsp2.globalsign.com	1544	2012-05-23T20:10:04Z	2023-03-13T05:14:17Z	357 B	1.9 kB	104.18.21.226
contextual.media.net	513	2012-05-21T09:20:31Z	2023-03-13T05:53:10Z	1.2 kB	6.7 kB	23.38.200.22
csm.fr.eu.criteo.net	6845	2017-01-30T06:18:06Z	2023-03-13T07:05:22Z	538 B	358 B	178.250.0.162
unphionetor.com	54035	2022-02-11T13:53:49Z	2023-03-13T05:31:17Z	878 B	1.4 kB	139.45.197.236
bedrapiona.com	34930	2020-05-08T15:43:48Z	2023-03-13T05:31:15Z	401 B	1.1 kB	139.45.197.234
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	5.1 kB	8.9 kB	93.184.220.29
cdnjs.cloudflare.com	235	2015-04-17T22:46:33Z	2023-03-13T05:09:21Z	418 B	1.6 kB	104.17.25.14
gum.criteo.com	381	2015-01-22T11:58:57Z	2023-03-13T07:21:44Z	2.7 kB	53 kB	178.250.0.157
pixel.quantserve.com	417	2012-05-21T21:45:06Z	2023-03-13T05:28:27Z	693 B	459 B	91.228.74.168
cdn.adlook.me	108334	2018-11-26T09:56:10Z	2023-03-12T22:29:34Z	1.2 kB	23 kB	92.223.126.57
d2zur9cc2gf1tx.cloudfront.net	unknown	2020-12-01T13:47:11Z	2023-03-13T05:21:11Z	404 B	26 kB	143.204.42.129
onetag-sys.com	1840	2015-04-08T13:30:19Z	2023-03-13T05:20:58Z	499 B	113 B	51.89.9.254
ads.themoneytizer.com	28463	2014-05-26T15:46:02Z	2023-03-13T05:20:58Z	1.9 kB	19 kB	185.76.9.25
c.tmyzer.com	26868	2018-02-26T16:04:41Z	2023-03-13T05:20:58Z	379 B	264 B	54.38.64.100
p.cpx.to	10368	2015-01-23T02:00:57Z	2023-03-13T07:56:11Z	348 B	2.2 kB	18.203.96.189
dnacdn.net	3760	2019-09-02T17:07:45Z	2023-03-13T07:41:37Z	899 B	1.3 kB	178.250.2.146
lb.eu-1-id5-sync.com	unknown	2022-06-06T14:52:22Z	2023-03-13T05:36:40Z	398 B	362 B	141.95.98.65
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	2.7 kB	5.6 kB	142.250.74.131
image2.pubmatic.com	873	2012-05-21T15:21:02Z	2023-03-13T05:50:14Z	1.0 kB	31 kB	185.64.190.80
my.rtmark.net	9054	2015-02-04T10:54:57Z	2023-03-13T05:11:40Z	517 B	735 B	139.45.195.8
mpraven.org	unknown	2022-09-06T16:22:31Z	2023-03-13T01:02:29Z	790 B	591 B	88.208.5.115
secure.adnxs.com	396	2012-05-22T18:37:37Z	2023-03-13T05:28:06Z	1.2 kB	2.2 kB	185.89.210.141
rules.quantcount.com	877	2018-06-15T17:43:28Z	2023-03-13T05:20:58Z	371 B	1.3 kB	54.230.111.4
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	7.1 kB	19 kB	23.36.77.32
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
ibrapush.com	unknown	2020-04-18T16:40:35Z	2023-03-13T09:49:24Z	2.2 kB	87 kB	139.45.197.250
oxy.st	unknown	2020-07-14T20:48:51Z	2023-03-13T12:37:20Z	13 kB	313 kB	185.178.208.137
mwzeom.zeotap.com	1406	2017-01-29T20:08:22Z	2023-03-13T05:20:58Z	821 B	559 B	104.22.24.87
oxy.name	unknown	2015-12-28T01:51:51Z	2023-03-10T17:23:50Z	790 B	1.3 kB	104.21.70.24
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
tag.leadplace.fr	28142	2015-07-08T10:10:21Z	2023-03-13T05:20:58Z	861 B	6.1 kB	145.239.192.166
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	58 kB	34.120.237.76
onmarshtompor.com	24517	2020-10-19T14:36:32Z	2023-03-13T06:56:57Z	929 B	970 B	139.45.197.243

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-06 16:56:01	medium	Client IP	Internal IP	ET DNS Query for .to TLD
2023-02-06 16:56:01	medium	Client IP	Internal IP	ET DNS Query for .to TLD
2023-02-06 16:56:01	medium	Client IP	Internal IP	ET DNS Query for .to TLD
2023-02-06 16:56:01	medium	Client IP	Internal IP	ET DNS Query for .to TLD

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-02-06	medium	nanouwho.com	Sinkholed
2023-02-06	medium	betotodilea.com	Sinkholed
2023-02-06	medium	nanouwho.com	Sinkholed
2023-02-06	medium	nanouwho.com	Sinkholed
2023-02-06	medium	nanouwho.com	Sinkholed
2023-02-06	medium	fleraprt.com	Sinkholed
2023-02-06	medium	unphionetor.com	Sinkholed
2023-02-06	medium	unphionetor.com	Sinkholed
2023-02-06	medium	betotodilea.com	Sinkholed
2023-02-06	medium	betotodilea.com	Sinkholed
2023-02-06	medium	nanouwho.com	Sinkholed
2023-02-06	medium	betotodilea.com	Sinkholed
2023-02-06	medium	betotodilea.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (53)

	URL	Size	First Seen	Last Seen
	ibrapush.com/pfe/current/tag.min.js?z=5630104	15 kB	2023-03-13	2023-03-13
Pretty URL ibrapush.com/pfe/current/tag.min.js?z=5630104 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:28:22 Last Seen2023-03-13 18:47:21 Times Seen1 Hash dcb7609ee3c9cdebf9ff27705198646f 6d769ef447e81bbf9b2d36d964826e9d34c1b9a2 96ac715a4b5ef34b6a45ef1e16ca0b269258ec85e4c7cc668875d1cea76ad23f Loading...

	rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js	1.1 kB	2023-03-08	2023-05-06
Pretty URL rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js IP 54.230.111.4 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:17:06 Last Seen2023-05-06 00:25:32 Times Seen369 Hash 1f431dc94c1f033d6666f0fe637e2d7b 18ee472909d5856fe9684765258c50731efbbdbe 1cc6de1a4f6a561a6aa75d08bae33388b2e8905d01753aa41e4886a466d7c28c Loading...

	oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js	46 kB	2023-03-07	2024-04-20
Pretty URL oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:19 Last Seen2024-04-20 19:02:09 Times Seen19988 Hash 9df3cfdcc9b72f1aa24e2e114455ae7a e6ac207cdb6c4591f2d39f2a645f6dbf42534f89 5ab5f19f9bd4a4ddcf14235fc1684eefe7cfbfbc33f0a1fce661b13de43092be Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js	1.3 kB	2023-03-07	2024-04-23
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:34 Last Seen2024-04-23 00:56:01 Times Seen8261 Hash 4412bf8023109ee9eb1f1f226d391329 c273960aa874a87dd022b5e597887142f1b8e34f d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6 Loading...

	oxy.st/d/uJvg	711 B	2023-03-09	2024-04-20
Pretty URL oxy.st/d/uJvg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 22:57:24 Last Seen2024-04-20 19:02:09 Times Seen9677 Hash 13e6988b26e75ff59bcbc49efbcd731e a69dec8eeeae18fa09688a66572d7329706ec7a4 7f9fb86fa3190bd7ccbd2c4d56b9ed87d71897e299917eaa5dc41ffdbb1f74ab Loading...

	oxy.st/d/uJvg	255 B	2023-03-09	2024-04-18
Pretty URL oxy.st/d/uJvg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 22:57:24 Last Seen2024-04-18 09:27:26 Times Seen7522 Hash d47a28c42c0b4402186a014830e33c59 c65eca97fa75a6d7910a6511c9c26b7927c91dc2 b45fb4585ee569e83749f3d7dc9e2da394a9d6d463e1e8fc2effebbfb8527dc3 Loading...

	ads.themoneytizer.com/IIQUniversalID.js	53 kB	2023-03-10	2024-04-19
Pretty URL ads.themoneytizer.com/IIQUniversalID.js IP 185.76.9.25 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 09:11:21 Last Seen2024-04-19 15:08:44 Times Seen81 Hash e8f338d8c91c35b946dba69efca7a232 7f05768c9921dea0aad7c93ff354bf33517254e4 7bb23de30daa7e81e2fafc5d2fbcada4b6fefc10c3251661952a341d6864aa8e Loading...

	oxy.st/d/uJvg	143 B	2023-03-07	2024-04-22
Pretty URL oxy.st/d/uJvg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:39:10 Last Seen2024-04-22 02:02:22 Times Seen9903 Hash 0e1ffe876425e6a6b54c517119ca9ec2 fe778fd505adb0f26552512e719c838f9df041fe b865ee6df9893808db5cca02720d02220c2c9c0259f249fa010495641dbcdf5e Loading...

	oxy.st/d/uJvg	193 B	2023-03-12	2023-03-13
Pretty URL oxy.st/d/uJvg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 14:58:04 Last Seen2023-03-13 22:55:43 Times Seen1 Hash c6f43beae4de3a12d3b73d59d424abab 572a02205a5f39f98da834572d60b4f2612f4a43 980850e4e7d9aff8c856608a70c975771451b48f2fff4ded566311403d16ec3b Loading...

	ced.sascdn.com/tag/1097/smart.js	99 kB	2023-03-13	2023-03-14
Pretty URL ced.sascdn.com/tag/1097/smart.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:30:17 Last Seen2023-03-14 13:44:04 Times Seen1 Hash 45645cc76a04795b4eee6130dcf57dc1 b1c8c76606daaa158553f18a7d791422630f61a3 876626ded6c9d01e8764f738775f4c00a85312a5a63959ef7547cc6d1af5c506 Loading...

	oxy.st/d/uJvg	102 B	2023-03-13	2023-03-13
Pretty URL oxy.st/d/uJvg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:30:17 Last Seen2023-03-13 18:30:17 Times Seen1 Hash 7f72f69881dd7551dc4a5d6933805f36 33fa0b4afc0d65059d6ac4074208e54b5d7b5716 a2308f1a4bfd04ba52d0b4442c9e9ee1e137f1281f3cb886db8166b55b2394eb Loading...

	gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st#%7B%22uid%22:%7B%22value%22:null,%22origin%22:0%7D,%22lwid%22:%7B%22value%22:null,%22origin%22:0%7D,%22bundle%22:%7B%22value%22:%22RfzxYl9mYXpDbzRpRFZxU0dRQ0FUdkM4OFVrT2hZUU81bXd5N2x0TGtWQWcyMDBnWnBqMkJ0dnh4RVBvM0dVWTl1eVBJJTJCJTJGJTJGbGlxSzdHcUdnM01XbkFYZXhIUU51SzdaJTJCdmN4JTJGQ2I2VFI1ZjhyU28lM0Q%22,%22origin%22:3%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22value%22:null,%22origin%22:0%7D,%22tld%22:%22oxy.st%22,%22topUrl%22:%22oxy.st%22,%22cw%22:true,%22lsw%22:true,%22origin%22:%22rtus%22,%22rtusCallerId%22:147,%22requestId%22:%220.6825593551917242%22%7D	14 kB	2023-03-07	2023-05-06
Pretty URL gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st#%7B%22uid%22:%7B%22value%22:null,%22origin%22:0%7D,%22lwid%22:%7B%22value%22:null,%22origin%22:0%7D,%22bundle%22:%7B%22value%22:%22RfzxYl9mYXpDbzRpRFZxU0dRQ0FUdkM4OFVrT2hZUU81bXd5N2x0TGtWQWcyMDBnWnBqMkJ0dnh4RVBvM0dVWTl1eVBJJTJCJTJGJTJGbGlxSzdHcUdnM01XbkFYZXhIUU51SzdaJTJCdmN4JTJGQ2I2VFI1ZjhyU28lM0Q%22,%22origin%22:3%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22value%22:null,%22origin%22:0%7D,%22tld%22:%22oxy.st%22,%22topUrl%22:%22oxy.st%22,%22cw%22:true,%22lsw%22:true,%22origin%22:%22rtus%22,%22rtusCallerId%22:147,%22requestId%22:%220.6825593551917242%22%7D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:51:36 Last Seen2023-05-06 00:14:31 Times Seen2035 Hash 49e65b540d43d40997ce3844d41b2dd0 b7331c5edc086ee2c7731b1b36e937e7c44450a7 f185c1b78d87a007d9492a85c6ce64c06cc851ef9f13ca3caf8aaafe243b0ac2 Loading...

	oxy.st/slake/asset/js/main.js	8.7 kB	2023-03-08	2024-04-20
Pretty URL oxy.st/slake/asset/js/main.js IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2024-04-20 19:02:09 Times Seen19332 Hash 86fe5c70d7107cc8ab30e192072ac15d 15cd81d73ddec861349d2f1b2d4cf10eaefa9373 b1de65cb0d3a28aeed81012371764b92d0ac30077edb2d768dfdfd8640cfc7c1 Loading...

	oxy.st/d/uJvg	199 B	2023-03-09	2024-04-20
Pretty URL oxy.st/d/uJvg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 22:57:24 Last Seen2024-04-20 19:02:08 Times Seen9489 Hash c178512b2fa871ed859cc5c78614a90f 3ea9b0941dac51dd0ec23713471efcf88e4fe204 916a18878c3b59bd1b1faf426fd8e58722a759fcd14f5fe3209943b74a5bc952 Loading...

	p.cpx.to/p/12771/px.js	2.0 kB	2023-03-08	2023-05-09
Pretty URL p.cpx.to/p/12771/px.js IP 18.203.96.189 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:47:35 Last Seen2023-05-09 18:09:53 Times Seen100 Hash a667f26d4e73b4b5098a9c9637d3d29f 83d9b753da4c51039a689bc67956f7f9997854cc a559f41c7e0d2f4852afbf1cf44b736b9158e65b01843c05850f6e8d6b6db9b6 Loading...

	oxy.st/d/uJvg	102 kB	2023-03-13	2023-03-13
Pretty URL oxy.st/d/uJvg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:28:22 Last Seen2023-03-13 18:47:20 Times Seen1 Hash 6486e114fbb50d2a51410d1b815efca9 ed7dbe7163b58dc35aa1187cceee1f75e2fa11b6 d6722782df04c672031e5118f553aa8a562bb13075c989fc5c8d522d10a3c3ea Loading...

	oxy.st/d/uJvg	183 B	2023-03-08	2023-04-01
Pretty URL oxy.st/d/uJvg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2023-04-01 10:27:01 Times Seen24 Hash dcfcdc72905c80505fc5222e23485031 afc7e2812ad5c3f7eb6954e4f54c6bee6e6f90f6 9518487666010d845d26fe2dd23260f566b305b6b528852a611a798d34d7df12 Loading...

	contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&nse=5&vi=1675702516391807945&ugd=4&sff=0&pgid=p01609846086t202302061656&nb=1	550 B	2023-03-13	2023-03-13
Pretty URL contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&nse=5&vi=1675702516391807945&ugd=4&sff=0&pgid=p01609846086t202302061656&nb=1 IP 23.38.200.22 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:30:17 Last Seen2023-03-13 18:30:17 Times Seen1 Hash 31bc5cac140aa1f46ea3ede47332fe4e 258b07f66c9be7e7728e95877559b3918c7cc209 2cded6dc0517eba6a687b3466e6cf96c11df16f79ce2c5a418971710df03ecbc Loading...

	gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st#%7B%22uid%22:%7B%22value%22:null,%22origin%22:0%7D,%22lwid%22:%7B%22value%22:null,%22origin%22:0%7D,%22bundle%22:%7B%22value%22:%22RfzxYl9mYXpDbzRpRFZxU0dRQ0FUdkM4OFVrT2hZUU81bXd5N2x0TGtWQWcyMDBnWnBqMkJ0dnh4RVBvM0dVWTl1eVBJJTJCJTJGJTJGbGlxSzdHcUdnM01XbkFYZXhIUU51SzdaJTJCdmN4JTJGQ2I2VFI1ZjhyU28lM0Q%22,%22origin%22:3%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22value%22:null,%22origin%22:0%7D,%22tld%22:%22oxy.st%22,%22topUrl%22:%22oxy.st%22,%22cw%22:true,%22lsw%22:true,%22origin%22:%22rtus%22,%22rtusCallerId%22:147,%22requestId%22:%220.6825593551917242%22%7D	418 B	2023-03-07	2023-04-01
Pretty URL gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st#%7B%22uid%22:%7B%22value%22:null,%22origin%22:0%7D,%22lwid%22:%7B%22value%22:null,%22origin%22:0%7D,%22bundle%22:%7B%22value%22:%22RfzxYl9mYXpDbzRpRFZxU0dRQ0FUdkM4OFVrT2hZUU81bXd5N2x0TGtWQWcyMDBnWnBqMkJ0dnh4RVBvM0dVWTl1eVBJJTJCJTJGJTJGbGlxSzdHcUdnM01XbkFYZXhIUU51SzdaJTJCdmN4JTJGQ2I2VFI1ZjhyU28lM0Q%22,%22origin%22:3%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22value%22:null,%22origin%22:0%7D,%22tld%22:%22oxy.st%22,%22topUrl%22:%22oxy.st%22,%22cw%22:true,%22lsw%22:true,%22origin%22:%22rtus%22,%22rtusCallerId%22:147,%22requestId%22:%220.6825593551917242%22%7D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:51:37 Last Seen2023-04-01 10:34:33 Times Seen447 Hash 755b312976dc0edb23fa08bed999c482 6685710ba04dc63e4122ec3ce89f3adfe479adf4 663197a6a8353d989cdc65d4f3112e425a00839c85a3fde99bbe451a9c604a6f Loading...

	whereres.com/api/scripts/mSetupWidget?id=363	35 kB	2023-03-12	2023-03-14
Pretty URL whereres.com/api/scripts/mSetupWidget?id=363 IP 88.208.46.156 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:08:26 Last Seen2023-03-14 06:50:29 Times Seen1 Hash dc43adec9be7ab048033ee28b0477ad1 63db771d90e9c1018605e140b2490a35da3d77ea 52e0cf3855c906381d0c5c0de9209dd3bf3de9289addf228de0b6e75108b642b Loading...

	spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258	62 kB	2023-03-07	2023-03-26
Pretty URL spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258 IP 104.22.24.87 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:29 Last Seen2023-03-26 09:14:01 Times Seen2 Hash 2274941132e3cabeb06ba10635e091e1 eae64e2336d41f210e684d766bbc90752b67f25a 52d507688e76dfbe48fce79beb89be7f30101e95e9e06c121c461e30517ab36f Loading...

	nanouwho.com/27/843a9f1226eda0484b879504742bc6d9	410 kB	2023-03-13	2023-03-13
Pretty URL nanouwho.com/27/843a9f1226eda0484b879504742bc6d9 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:57:03 Last Seen2023-03-13 19:00:10 Times Seen1 Hash 9f59babc3c87d9a134b783f8227393a0 e324af09d2caaf44d5552e76c1e6fbbbeb8fc811 f4bf9c2d13f075ae514fd90eae80abbf0be057f62a8650c17fd88586edca6ab0 Loading...

	gum.criteo.com/sync?c=147&r=2&j=criteoCallback	30 kB	2023-03-07	2023-03-26
Pretty URL gum.criteo.com/sync?c=147&r=2&j=criteoCallback IP 178.250.0.157 ASN #44788 Criteo SA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:36:08 Last Seen2023-03-26 04:43:41 Times Seen35 Hash 80bfc02fde42033a0f48537690341313 268ee930484015bbbaf4f221a76d800bfba7f24d 259a03dd0fab544bf8564bacd97ad8562de81c929f00037a463f77fee3445fb0 Loading...

	d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js	26 kB	2023-03-07	2023-11-30
Pretty URL d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js IP 143.204.42.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:29 Last Seen2023-11-30 03:07:33 Times Seen15813 Hash 8703fc9eead243fe2f47380e962d7fa2 3d9f707259112fa9ccdd1e676f00eadcff71906c b47b4ca26c57e3dceebd7abd067df9622599bed6bfb11b480f92d09a945cd213 Loading...

	oxy.st/slake/asset/js/bootstrap.min.js	49 kB	2023-03-07	2024-04-23
Pretty URL oxy.st/slake/asset/js/bootstrap.min.js IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-04-23 08:20:17 Times Seen136293 Hash 14d449eb8876fa55e1ef3c2cc52b0c17 a9545831803b1359cfeed47e3b4d6bae68e40e99 e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b Loading...

	unknown	0 B	2023-03-07	2024-04-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-23 08:50:24 Times Seen37018115 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	oxy.st/slake/asset/js/ajax-subscribe.js	1.4 kB	2023-03-08	2024-04-20
Pretty URL oxy.st/slake/asset/js/ajax-subscribe.js IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2024-04-20 19:02:09 Times Seen19335 Hash b53436c6ec7e681a3edcec13f42ec715 0aa1b02b89e734193d43d6385ebc5939bb666fd0 3b28dd2b4eda9085ee35fb2aae1d706c6d003c2521e4ad62bb2ef2e6969bca83 Loading...

	s.cpx.to/fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FuJvg&hn_ver=40&fid=d350e2fe-ce49-4936-a6bb-4291a645443f	652 B	2023-03-13	2023-03-13
Pretty URL s.cpx.to/fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FuJvg&hn_ver=40&fid=d350e2fe-ce49-4936-a6bb-4291a645443f IP 52.31.36.28 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:30:17 Last Seen2023-03-13 18:30:17 Times Seen1 Hash 6f23dd0194a1b978e4ad534ee1b25af3 c41365b38e351bed303f55dd52bebd9b96d73950 cc88f2859260a4df7e5d6350b24b4ec6eec2bb3f206ed05275158dae1ec50188 Loading...

	tzegilo.com/stattag.js	17 kB	2023-03-13	2023-03-14
Pretty URL tzegilo.com/stattag.js IP 104.21.89.122 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:57:04 Last Seen2023-03-14 07:35:08 Times Seen1 Hash 0576b696d0d93d3d09a14184fd321641 54ae6d8827838d84d082db92a01fe8534c6f3782 a79a9f73119b87e83d5762597cd84b735e443825d2e320e8f55693843ae5bacc Loading...

	oxy.st/d/uJvg	212 B	2023-03-13	2023-03-13
Pretty URL oxy.st/d/uJvg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:30:17 Last Seen2023-03-13 18:30:17 Times Seen1 Hash aa36ba96aa2dedcd7d864b1f3f3cfc3a 2707bdf5604c29f80c69acea889588769f3faaeb 852d144663a471c3c409988061e6be91b52c7cef6e4fa24555bc0220cec13cf8 Loading...

	oxy.st/slake/asset/js/ajax-mail.js	1.7 kB	2023-03-08	2024-04-20
Pretty URL oxy.st/slake/asset/js/ajax-mail.js IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2024-04-20 19:02:09 Times Seen19362 Hash 06acf64af6cd1d69540460ddb018c78c 9db22d7b6b6a223abca82e69fc4fba0c987587c2 259ce4dee332f67cc9d86367330efa87617f8c78428774d26dd0528f4942f39c Loading...

	interstitial-07.com/?l=UwklZTCC7U4f8LU&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D2776184308%26z%3D5630103%26b%3D15901695%26c%3D6368614%26var%3D%26d%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DkFOvybLfhVI%2526t%253D6s%26cln%3D1%26btp%3D7%26rb%3DAAqO98XFOKqZxTenSEpaMCx5Ws5cjeb_ySlmABi_9eLp52D3WHy6WGLEUZQd93xA0uctphCoJ5XuNyJBwy-d3jn1bDA6w9vdWnXne63Sivi2NCWfGhFvy_SLuiMR77JzSF8l2xpUDS5q1CRX_2xh8hkN-QlQLVVWnf_v1B5ijbyxAKW29X-_lsL1i8MFuAX2l6ybeX7fZzmoPX6MS8zo_xPoDV6oLl7r7f9-NRLKLVk0beZaAYaiQTivIpEWL5ASVfOdg1O7uMS3QBECkqz7RsACjS6VYvKYCgA7kG26lLG9F5XgATAsC9--DtLh5_BaiPaDCNkFbD8qToHqS1KVPUOXInw_7mC3Zd4vHre0PtsdlHou_aMIqe0W5FlI3R111-H53bejyKxeiwsppTJmNzaZjv2_QHel-MW0T-MYptuzBhlx5-QOCKwZRlUbK7dXxBs6eND7ZpIJQ6lntQINQ1kscuVgnMkj2JnZIcaOS_TQlgADYQlBPdPjIIxaxgALFIE49cleKsLGZeLvqyWLOKldg3WuhIAM-7Y9q0W-v9D1msGh03HUC-rmdc5T44c8hwQxbTBIBVbI6uKfkpr4QAQpJIUGU3AdWU_6yI3snNCDXybQVTKnpLTn4aFTEsvlot29KJvNn1tCdA3szWpTplGxdb-aWEYPFKlbc4GXeWmrm7qom0PDtWZ4G3z7N6JGWrgfMGJ_wJ2JAOl6Pt7zl9v164w1b2PZyNEiujaC_uKnMuc66xr0BZIgoXvovpIqZ-fRoUbndi_GfM6yJLzRIajVL_5x1AdhcTJQ2zRHJR8%3D%26bag%3DFWuOy7mVj9dFk3oo3jPRgA%3D%3D%26ruid%3D482ef5de-5a04-4f8a-b9e0-0d18f11d3812%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FuJvg%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0	1.5 kB	2023-03-13	2023-03-13
Pretty URL interstitial-07.com/?l=UwklZTCC7U4f8LU&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D2776184308%26z%3D5630103%26b%3D15901695%26c%3D6368614%26var%3D%26d%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DkFOvybLfhVI%2526t%253D6s%26cln%3D1%26btp%3D7%26rb%3DAAqO98XFOKqZxTenSEpaMCx5Ws5cjeb_ySlmABi_9eLp52D3WHy6WGLEUZQd93xA0uctphCoJ5XuNyJBwy-d3jn1bDA6w9vdWnXne63Sivi2NCWfGhFvy_SLuiMR77JzSF8l2xpUDS5q1CRX_2xh8hkN-QlQLVVWnf_v1B5ijbyxAKW29X-_lsL1i8MFuAX2l6ybeX7fZzmoPX6MS8zo_xPoDV6oLl7r7f9-NRLKLVk0beZaAYaiQTivIpEWL5ASVfOdg1O7uMS3QBECkqz7RsACjS6VYvKYCgA7kG26lLG9F5XgATAsC9--DtLh5_BaiPaDCNkFbD8qToHqS1KVPUOXInw_7mC3Zd4vHre0PtsdlHou_aMIqe0W5FlI3R111-H53bejyKxeiwsppTJmNzaZjv2_QHel-MW0T-MYptuzBhlx5-QOCKwZRlUbK7dXxBs6eND7ZpIJQ6lntQINQ1kscuVgnMkj2JnZIcaOS_TQlgADYQlBPdPjIIxaxgALFIE49cleKsLGZeLvqyWLOKldg3WuhIAM-7Y9q0W-v9D1msGh03HUC-rmdc5T44c8hwQxbTBIBVbI6uKfkpr4QAQpJIUGU3AdWU_6yI3snNCDXybQVTKnpLTn4aFTEsvlot29KJvNn1tCdA3szWpTplGxdb-aWEYPFKlbc4GXeWmrm7qom0PDtWZ4G3z7N6JGWrgfMGJ_wJ2JAOl6Pt7zl9v164w1b2PZyNEiujaC_uKnMuc66xr0BZIgoXvovpIqZ-fRoUbndi_GfM6yJLzRIajVL_5x1AdhcTJQ2zRHJR8%3D%26bag%3DFWuOy7mVj9dFk3oo3jPRgA%3D%3D%26ruid%3D482ef5de-5a04-4f8a-b9e0-0d18f11d3812%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FuJvg%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 IP 139.45.197.153 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:30:17 Last Seen2023-03-13 18:30:17 Times Seen1 Hash 36636d9bc76517880c9472606473bcad 10f299e01947520c9be41620e43a1f32e64484e5 3712ef4fc97ed1f2f1172506f2c1303b3ebf27fbba4d3e31dc405eea65781750 Loading...

	tag.leadplace.fr/libJsLP.js	5.5 kB	2023-03-07	2023-12-06
Pretty URL tag.leadplace.fr/libJsLP.js IP 145.239.192.166 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:29 Last Seen2023-12-06 11:11:01 Times Seen14646 Hash a0c24f993bc0901cfe62d1e801cb2b45 7eb2bdce06161ae486bc8e7ecd0b5c9c4f7b2984 80fccb00db57a177d26368cda09f8a540cf1aa641b8b6837047e86d3bd8d6333 Loading...

	betotodilea.com/400/5630102	84 kB	2023-03-13	2023-03-13
Pretty URL betotodilea.com/400/5630102 IP 139.45.197.237 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:30:17 Last Seen2023-03-13 18:30:17 Times Seen1 Hash cbe03734189b8f476f3819a91c4136cf 8cf68add72732105c1327dd8bd69b682d1fb806b f79f26c335ac1acb5ecc22c8ccad66f2f8a2b2f09792307ba0d1dbb49eb88d86 Loading...

	secure.quantserve.com/quant.js	26 kB	2023-03-13	2023-03-14
Pretty URL secure.quantserve.com/quant.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:54:25 Last Seen2023-03-14 00:00:09 Times Seen1 Hash bbeae221ba5e592568957a38afe753da f9590fc8632e5f0a320573091ffe67d83a59964f 2a15822e997e4b7b172e4b1e4c1366dd01f10ff936a8971ce15510f207b5d25c Loading...

	oxy.st/d/uJvg	203 B	2023-03-08	2024-04-20
Pretty URL oxy.st/d/uJvg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2024-04-20 19:02:08 Times Seen9791 Hash bff65d72294ae1a1fc014c9e9f776615 cf200b19907d85ad2bcc12a6224d52b0e791cdaf 3d94f0c46ddac793f8834d2727f4f4c38915244512e7a4b42ec10d68106a7660 Loading...

	ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=2	135 kB	2023-03-13	2023-03-13
Pretty URL ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=2 IP 185.76.9.25 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:30:17 Last Seen2023-03-13 18:30:17 Times Seen1 Hash e5a3993ddb971b32a54d79ff03214704 579eff1afd76b19fc7f00a991dcaa99a0b71d1f0 3f902aaf4caa616fc9c67cc0cd1123bfa68e386de76f32a82e7f1b717c63fb87 Loading...

	oxy.st/d/uJvg	497 B	2023-03-07	2023-04-05
Pretty URL oxy.st/d/uJvg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:32 Last Seen2023-04-05 01:55:46 Times Seen28 Hash a010578715b1a87b2eb9cddffb170a90 a086b82341838ebecf514fac053023fa34b861a4 ccbe2ad7cc0e6e2882a8221b456efd5acc6ea52f922b0c8ffb6e965222df60da Loading...

	cdn.adlook.me/js/rlf.js	71 kB	2023-03-09	2023-03-29
Pretty URL cdn.adlook.me/js/rlf.js IP 92.223.126.57 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 22:57:24 Last Seen2023-03-29 23:33:16 Times Seen24 Hash 44e861d9732eee28700fd9b91bc53455 edf09e207b8093b2af6ec34c747c854d8f18374d 4a16bb79b3eb9420d0158bf8ebe6e0e544a826154155f26d2f434e90d25e5085 Loading...

	ads.themoneytizer.com/moneybile.js	39 kB	2023-03-07	2023-11-06
Pretty URL ads.themoneytizer.com/moneybile.js IP 185.76.9.25 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:28 Last Seen2023-11-06 07:20:59 Times Seen1830 Hash efe528f52c3d05d68794f3f0f8146a8e 577c01fdfae7dcc7e7d23009d74422f61b414783 4006e0481f9cfffd3a579c3dcbdad1b6953e844c1e3c76a8d9f86844c98d87a3 Loading...

	contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM	15 kB	2023-03-13	2023-03-14
Pretty URL contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM IP 23.38.200.22 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:30:17 Last Seen2023-03-14 04:17:59 Times Seen1 Hash fd2a89764d09c35c83a049fe61c73c85 3623b7246540b53c3839530d5ccd19179f2e6bd1 d1f8124d040304fc7d76dbbe5ca8d5775d8fb210990f67dbb3b37618dc82a4ba Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js	86 kB	2023-03-07	2024-04-23
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:28 Last Seen2024-04-23 08:21:02 Times Seen22684 Hash d0212568ce69457081dacf84e327fa5c d6702a1af0378b2342f6a0692e77c169f580aed7 266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d Loading...

	oxy.st/d/uJvg	143 B	2023-03-13	2023-03-13
Pretty URL oxy.st/d/uJvg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:30:17 Last Seen2023-03-13 18:30:17 Times Seen1 Hash 23e70f5bad2e1a83d246aa6d65f4de9f d2145e16d7890234beb8e5e23afc599a4a1a2c8f aef01ad88bf6f0cef1db30870ada2cc7f51b37da545fe84eb84b8666f6815542 Loading...

	unphionetor.com/fv.js?t=72747&cb=987059851	5.2 kB	2023-03-07	2024-04-19
Pretty URL unphionetor.com/fv.js?t=72747&cb=987059851 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:56 Last Seen2024-04-19 12:42:09 Times Seen2354 Hash 563d777535ce88943a94a6be86f378c8 8753745424d367275e3fe55a5661fe51b1e1fb72 0f467a48a494f7f63968707dc43785b728d0c17f93c12937c1e5b12798f3a98a Loading...

	ads.themoneytizer.com/s/gen.js?type=2	4.9 kB	2023-03-12	2023-03-13
Pretty URL ads.themoneytizer.com/s/gen.js?type=2 IP 185.76.9.25 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 15:45:41 Last Seen2023-03-13 19:38:17 Times Seen1 Hash 201890094a0bc618e37a4188bd05129c a8bf896da4eb9a532214295db220fe72a9013920 70ee840253a7cb7c07edabed96e9a7cf14e2099c8ee00fc0e1bebd6628d773fe Loading...

	oxy.st/d/uJvg	193 B	2023-03-08	2024-04-20
Pretty URL oxy.st/d/uJvg IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2024-04-20 19:02:09 Times Seen9763 Hash 6ecfa1336326d765e016a88ab498b19f f2c66833233de0ec9d468035e8b78dfc40a78de9 abf0d3ee81363003e4704b84b6662250bd8d3ced4685ef9ed9c9122328ae68e1 Loading...

	inklinkor.com/tag.min.js	74 kB	2023-03-13	2023-03-13
Pretty URL inklinkor.com/tag.min.js IP 172.67.211.29 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:30:17 Last Seen2023-03-13 20:16:57 Times Seen1 Hash 1ad71e63ae1f75e2fb8b6c88e6b773d0 b265d824a991eb1eac2e176dc7be4b06dfda5136 976c850ea45f5b66b189249d6b96cfd966dd9fe80ae9e3c58759a3c9dff815da Loading...

	cdn.adlook.me/u/cds.html	1.3 kB	2023-03-07	2023-03-29
Pretty URL cdn.adlook.me/u/cds.html IP 92.223.126.57 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:53:41 Last Seen2023-03-29 23:33:16 Times Seen25 Hash b1085e2e3e7908742eebe4b9c54d28e0 dbc685b9fd34b562bf2d8d140ce3f2824108994a 5d37320a43aaf6303b47381532935be8ea870415a8f006a83ffc2e8f1611a715 Loading...

	nanouwho.com/1?z=5630103	18 kB	2023-03-13	2023-03-13
Pretty URL nanouwho.com/1?z=5630103 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 18:30:17 Last Seen2023-03-13 18:30:17 Times Seen1 Hash dd95506292dd09d4492f719a25d70a2a 2caa50695f0c4b441739c4eb299fc80a70ffc2b0 0e9cfd24390bc8217321c19433c1a193e6fd2fab3f2225b99f7964372702cbad Loading...

		Size	First Seen	Last Seen
	#1 Eval - 75ddd599a5e62a89754cbe319b81b7f5	79 B	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 18:30:17 Last Seen2023-03-13 18:30:17 Times Seen1 Hash 75ddd599a5e62a89754cbe319b81b7f5 093500e8ed964e0607c9c238eb94af0acaad1559 7a48d554d3e91a620c3a2364fce8d739e41139eb726cedb356b47713ae63f431 Loading...

		Size	First Seen	Last Seen
	#1 Write - 246449c88d416abdaa1927e6b3e46c0d	325 B	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 18:30:17 Last Seen2023-03-13 18:30:17 Times Seen1 Hash 246449c88d416abdaa1927e6b3e46c0d a53a4e199f87e7e146e82820fad16e7fe1aac3a8 c4b7caa3fa5350912fb06f909de8a5a11f6ff8dcfd5b7a049ab6021ec5626df8 Loading...

	#2 Write - ce6bffe55ce28b1e6ed9b06677acb502	298 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 16:10:53 Last Seen2023-04-30 21:31:06 Times Seen51 Hash ce6bffe55ce28b1e6ed9b06677acb502 73d0b9c700d603484dbe5447e3f95de8ba81b939 3f853347836c2f4e3f50a468fd03c0d34b1376dd0d9de42e26ae76a5f59497dd Loading...

	#3 Write - 34e213d373313c5f046b3a0451824476	308 B	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 18:30:17 Last Seen2023-03-13 18:30:17 Times Seen1 Hash 34e213d373313c5f046b3a0451824476 df85ed319bde0725fa5b755a015967a37a572194 e3fa2edd7ca5e72f19add026472eab8a91ddc4778b95e08fbed1a9d4c2088f49 Loading...

HTTP Transactions (167)

URL IP Response Size

oxy.name/d/uJvg

104.21.70.24

301 Moved Permanently

0 B

URL HTTP/1.1
oxy.name/d/uJvg
IP
104.21.70.24:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /d/uJvg HTTP/1.1
Host: oxy.name
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Mon, 06 Feb 2023 16:55:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://oxy.name/d/uJvg
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GNDJATouw9k4T2wwhxx5086WgtgzD1vc3tZQN0MXvxxIrXwV2DipuSDQ3U6Ds5IVADlds3iTa9h9KDsIjpULFEA8n8%2BjFiYMisuVXGtJm%2FPJdTkNCSMUpDNeNg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 795569895fe9b517-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3860
Expires: Mon, 06 Feb 2023 17:59:34 GMT
Date: Mon, 06 Feb 2023 16:55:14 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
507011ccb9124dcd57e84a90a0965cc4
1a6575d0ac979c7184490cc9836ac4812ad2afd1
01626c18e1e68507aa33ef7448dbc3311901ab6f29adc2f51d449409b0680dce

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01626C18E1E68507AA33EF7448DBC3311901AB6F29ADC2F51D449409B0680DCE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14914
Expires: Mon, 06 Feb 2023 21:03:48 GMT
Date: Mon, 06 Feb 2023 16:55:14 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11568
Expires: Mon, 06 Feb 2023 20:08:02 GMT
Date: Mon, 06 Feb 2023 16:55:14 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Backoff, Alert, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 06 Feb 2023 16:36:28 GMT
content-type: application/json
age: 1126
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: IoVooqZs6s9zzzEYg2V/tcgShlOB2Rf2GkF+yM/1lwVQUGQuA506YpMHB02suYRWBaAUCFu9Plo=
x-amz-request-id: 4F3JY8M3MSYKE2X3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 06 Feb 2023 16:25:00 GMT
age: 1814
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
4973f8c023de3bf3d1be7a961e7bbf4f
7f50e0d299c956e5dbb6bdee1fdce86a38fd74cd
d64140ef1fa2d676d064df31ca435508607d62bf5129b461d648145ea6a2352b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5106
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:55:14 GMT
Last-Modified: Mon, 06 Feb 2023 15:30:08 GMT
Server: ECS (amb/6BB9)
X-Cache: HIT
Content-Length: 279

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 16:55:14 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
4973f8c023de3bf3d1be7a961e7bbf4f
7f50e0d299c956e5dbb6bdee1fdce86a38fd74cd
d64140ef1fa2d676d064df31ca435508607d62bf5129b461d648145ea6a2352b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5106
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:55:14 GMT
Last-Modified: Mon, 06 Feb 2023 15:30:08 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4b9ac60a29e2963d4341e8a9c73dc844
3814b4d5be71c10c21baa17b9da05db83c4cd823
8dde93dba8f75934ceeb8b8c8944fe545b229776ec6aa8f315a1bc0bfbe3e3a6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8DDE93DBA8F75934CEEB8B8C8944FE545B229776EC6AA8F315A1BC0BFBE3E3A6"
Last-Modified: Sun, 05 Feb 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16696
Expires: Mon, 06 Feb 2023 21:33:30 GMT
Date: Mon, 06 Feb 2023 16:55:14 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Retry-After, Content-Length, Content-Type, ETag, Cache-Control, Alert, Pragma, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 06 Feb 2023 16:07:20 GMT
age: 2874
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

oxy.st/slake/asset/css/jquery.mCustomScrollbar.min.css

185.178.208.137

200 OK

4.0 kB

URL HTTP/2
oxy.st/slake/asset/css/jquery.mCustomScrollbar.min.css
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (42894), with no line terminators
Size
4.0 kB (3950 bytes)
Hash
a6ffd799664bd950121e2e9f0d9b2667
88af5ed7d6e3ed43ee0ec21fb314e03fb07867f0
de088565a1c5910a1c409bf3ec676c5d0c7c1304a18c744b46771c09fa6bdcad

HTTP Headers

GET /slake/asset/css/jquery.mCustomScrollbar.min.css HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/uJvg
Cookie: __ddg1_=64KSKIV6k1qjDYHyRsfl; PHPSESSID=n0loce6qv7tuq82nuv0o9d4dt6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 30 Jan 2023 02:58:21 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 3950
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-a78e"
age: 655014
X-Firefox-Spdy: h2

oxy.st/slake/asset/css/bootstrap.min.css

185.178.208.137

200 OK

20 kB

URL HTTP/2
oxy.st/slake/asset/css/bootstrap.min.css
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (65325)
Size
20 kB (20483 bytes)
Hash
4588208961b6b7ed6cd974687346348a
52085a4f6c875b6949261704f05050c1727e9c55
95a95b07b4e0d051f83a51b680810572bd1244b42cb6e640d3b29b98f3e92885

HTTP Headers

GET /slake/asset/css/bootstrap.min.css HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/uJvg
Cookie: __ddg1_=64KSKIV6k1qjDYHyRsfl; PHPSESSID=n0loce6qv7tuq82nuv0o9d4dt6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 01 Feb 2023 06:48:15 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-235ed"
age: 468420
content-length: 20483
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
370e74ead61664d84985db7a9087c0e4
7c55daf6c9231e1586a0c9d48375766e7f02405f
ddc18509904868cb8e31ad5cbbd27245fc163eaac44d40a7e95fb795c6e248db

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3203
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:55:15 GMT
Last-Modified: Mon, 06 Feb 2023 16:01:52 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279

oxy.st/slake/asset/css/elements.css?1

185.178.208.137

200 OK

24 kB

URL HTTP/2
oxy.st/slake/asset/css/elements.css?1
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (460), with CRLF line terminators
Size
24 kB (24208 bytes)
Hash
82db06ca267ac7fdd878a1df35f41f4e
9dae7f1ae60d7b83dbdada64fd1b4296f8f20051
3847721350fd764d4d21cb4d2e02ab95c4ccdaa9d8ffefeb6f1078bf169ac6fb

HTTP Headers

GET /slake/asset/css/elements.css?1 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/uJvg
Cookie: __ddg1_=64KSKIV6k1qjDYHyRsfl; PHPSESSID=n0loce6qv7tuq82nuv0o9d4dt6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 29 Jan 2023 10:53:52 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 24208
ddg-cache-status: HIT,HIT
etag: W/"5eefbeb2-2fbea"
age: 712883
X-Firefox-Spdy: h2

oxy.st/slake/cookie.css?ver=6

185.178.208.137

200 OK

299 B

URL HTTP/2
oxy.st/slake/cookie.css?ver=6
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text
Size
299 B (299 bytes)
Hash
6d5f76f4027c2e9a60d78a83f4b952cd
b4ae6d8509643916be8eff3979acec375867708b
2338311f30dadbc2bffe2bdbfdd100c148e8fe4cb50ca669c7ff602a9c206f94

HTTP Headers

GET /slake/cookie.css?ver=6 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/uJvg
Cookie: __ddg1_=64KSKIV6k1qjDYHyRsfl; PHPSESSID=n0loce6qv7tuq82nuv0o9d4dt6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 20:56:12 GMT
content-type: text/css
last-modified: Mon, 15 Feb 2021 21:38:28 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 299
ddg-cache-status: HIT,HIT
etag: "602ae9d4-224"
age: 158343
X-Firefox-Spdy: h2

oxy.st/img/oxy-logo.svg

185.178.208.137

200 OK

3.2 kB

URL HTTP/2
oxy.st/img/oxy-logo.svg
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1126)
Size
3.2 kB (3204 bytes)
Hash
4dbb074be70991a358f914be3c00ad99
5f699e31b76bcb7e69fc4478a04b73b3df0e855a
9531a716a5007ddfc819613ec77f883ba963578d699f824034b4962f8221b8bf

HTTP Headers

GET /img/oxy-logo.svg HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/uJvg
Cookie: __ddg1_=64KSKIV6k1qjDYHyRsfl; PHPSESSID=n0loce6qv7tuq82nuv0o9d4dt6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 06 Feb 2023 13:56:35 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Feb 2021 01:25:02 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
ddg-cache-status: HIT,HIT
etag: "602c706e-2019"
age: 10720
content-length: 3204
X-Firefox-Spdy: h2

oxy.st/css/cloud.css

185.178.208.137

200 OK

9.2 kB

URL HTTP/2
oxy.st/css/cloud.css
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (14454)
Size
9.2 kB (9206 bytes)
Hash
0517562cc81de376b3c1fee3e8bef414
80df32c8b71549b0253cce1b47fe13d82fc1b604
184ccb46109faef0678ef3a603a551e55d3f9ff74a200ebeaba2c23655e52c8a

HTTP Headers

GET /css/cloud.css HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/uJvg
Cookie: __ddg1_=64KSKIV6k1qjDYHyRsfl; PHPSESSID=n0loce6qv7tuq82nuv0o9d4dt6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 29 Jan 2023 12:30:59 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:25 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 9206
ddg-cache-status: HIT,HIT
etag: W/"5eefbeb1-d024"
age: 707056
X-Firefox-Spdy: h2

oxy.st/slake/asset/slice_white.png

185.178.208.137

200 OK

6.1 kB

URL HTTP/2
oxy.st/slake/asset/slice_white.png
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 201 x 45, 8-bit/color RGBA, non-interlaced\012- data
Size
6.1 kB (6078 bytes)
Hash
946ed1d2bd247854fa58e938de28ee95
883cda7ee0087e29a32f07b6c8ead3e8df5db738
bfe6c8b9cf34578f573091bb118f86a10b918b7d530b25107648f12158759e85

HTTP Headers

GET /slake/asset/slice_white.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/uJvg
Cookie: __ddg1_=64KSKIV6k1qjDYHyRsfl; PHPSESSID=n0loce6qv7tuq82nuv0o9d4dt6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 03 Feb 2023 15:01:41 GMT
content-type: image/png
content-length: 6078
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
access-control-allow-origin: *
accept-ranges: bytes
etag: "5eefbeb2-17be"
age: 266014
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

oxy.st/slake/asset/js/main.js

185.178.208.137

200 OK

1.8 kB

URL HTTP/2
oxy.st/slake/asset/js/main.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (368)
Size
1.8 kB (1840 bytes)
Hash
76d3c4da3644ed1684ed54ff59305a5a
3e03f21e8af17de66be1aa22a6f952c000fbcc70
adc0957a4224cf75ae632338e6e52591d0552189b8ba1a4e7f19885405dfc2f8

HTTP Headers

GET /slake/asset/js/main.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/uJvg
Cookie: __ddg1_=64KSKIV6k1qjDYHyRsfl; PHPSESSID=n0loce6qv7tuq82nuv0o9d4dt6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 01 Feb 2023 13:24:46 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 1840
ddg-cache-status: HIT,HIT
etag: W/"5eefbeb2-2210"
age: 444629
X-Firefox-Spdy: h2

oxy.st/slake/asset/js/ajax-subscribe.js

185.178.208.137

200 OK

635 B

URL HTTP/2
oxy.st/slake/asset/js/ajax-subscribe.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with CRLF line terminators
Size
635 B (635 bytes)
Hash
574b8cde44d6b421cd12af0df0cca335
7dbd98f2d7925795343e8b8a3fc0c91ba496f526
035c75b2646589e751a275f3469f1e53b5e9c55cff4f0b3d3cbdfbb248aef9c2

HTTP Headers

GET /slake/asset/js/ajax-subscribe.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/uJvg
Cookie: __ddg1_=64KSKIV6k1qjDYHyRsfl; PHPSESSID=n0loce6qv7tuq82nuv0o9d4dt6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 30 Jan 2023 16:14:08 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 635
ddg-cache-status: HIT,HIT
etag: W/"5eefbeb2-595"
age: 607267
X-Firefox-Spdy: h2

oxy.st/images/sprite3.png

185.178.208.137

200 OK

2.1 kB

URL HTTP/2
oxy.st/images/sprite3.png
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 124 x 49, 8-bit/color RGBA, non-interlaced\012- data
Size
2.1 kB (2059 bytes)
Hash
b08166a270b58c28d429bf2f9ffece6c
91dab55cbe8c802a7c56cd9d2ffaee9ccea4a49f
a21a9fa89fb6dd8c8e84907a99b0374abdf641c71c55e0283b7758e8f2a12507

HTTP Headers

GET /images/sprite3.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/uJvg
Cookie: __ddg1_=64KSKIV6k1qjDYHyRsfl; PHPSESSID=n0loce6qv7tuq82nuv0o9d4dt6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 25 Aug 2022 10:28:42 GMT
content-type: image/png
content-length: 2059
last-modified: Sun, 27 Mar 2022 20:43:28 GMT
etag: "6240cc70-80b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 14279193
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

oxy.st/slake/asset/js/ajax-mail.js

185.178.208.137

200 OK

544 B

URL HTTP/2
oxy.st/slake/asset/js/ajax-mail.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with CRLF line terminators
Size
544 B (544 bytes)
Hash
4eb7582278a2e3748b9017bb83307caf
93c419ea8637148be2192bfa8068ed8009e3add7
59ccbe475f369df6e9daf6480deb023a38b4fc29016142e062f76f4218f66abc

HTTP Headers

GET /slake/asset/js/ajax-mail.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/uJvg
Cookie: __ddg1_=64KSKIV6k1qjDYHyRsfl; PHPSESSID=n0loce6qv7tuq82nuv0o9d4dt6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 05 Feb 2023 16:25:59 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 544
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-683"
age: 88156
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10673
Expires: Mon, 06 Feb 2023 19:53:08 GMT
Date: Mon, 06 Feb 2023 16:55:15 GMT
Connection: keep-alive

cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js

104.17.25.14

200 OK

591 B

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1266)
Size
591 B (591 bytes)
Hash
414869f16aa77a65b4928a018f7f1abb
cea521f7a2958a50239526ed6b068f0937527653
afee364ce513c6517247b81cce5eb5eadb1dbbb35e439eb3fa97bbc15fac2cd3

HTTP Headers

GET /ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:55:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 591
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec1-514"
last-modified: Mon, 04 May 2020 16:11:45 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 8296408
expires: Sat, 27 Jan 2024 16:55:15 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fXNwEpKH4zEXEj5zGSqp30Fc1jAO9Xbx%2BPk1jMEnqHko4l35UpBWK3GUMPp3IxJC4KfU7DN2WxXMjPKdl77ksHZrIwLsqEYgpqGln84ZCoyYPOLZ4R1DAOl%2FyXs1RCN%2BGsPoSy6l"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7955698f3de3b4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
26a15a1b880ec1026360b696b1c27074
fd35f80a1cf599da2a8e68a44477465a580440a5
a6d5caec988319523c120bc435a4ff0200b7ead114db10db19a09caeace978f7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:55:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

oxy.st/slake/asset/js/bootstrap.min.js

185.178.208.137

200 OK

13 kB

URL HTTP/2
oxy.st/slake/asset/js/bootstrap.min.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (48664)
Size
13 kB (13046 bytes)
Hash
061a1656d3064d501413d45bef002938
1fec864435f996d6f5cec2f95b9b24cafef0b182
a7b82b175ee2cb823d904fc89454e91e6e92c91f91c0de1663d54e62bf3cc6e1

HTTP Headers

GET /slake/asset/js/bootstrap.min.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/uJvg
Cookie: __ddg1_=64KSKIV6k1qjDYHyRsfl; PHPSESSID=n0loce6qv7tuq82nuv0o9d4dt6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 17:11:51 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 13046
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-bf30"
age: 171804
X-Firefox-Spdy: h2

oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js

185.178.208.137

200 OK

13 kB

URL HTTP/2
oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (32001), with CRLF line terminators
Size
13 kB (12929 bytes)
Hash
112891904d2ce52d072013c5e993463a
4cca8f66204463d7dc6f9f6819e3ebbd0636f5b1
d58c3c940e6ac6a2587c3d28ef50dd9dc6f20ea23c213ac5ff75419656fd3291

HTTP Headers

GET /slake/asset/js/jquery.mCustomScrollbar.concat.min.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/uJvg
Cookie: __ddg1_=64KSKIV6k1qjDYHyRsfl; PHPSESSID=n0loce6qv7tuq82nuv0o9d4dt6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 05 Feb 2023 22:48:32 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 12929
ddg-cache-status: HIT,HIT
etag: W/"5eefbeb2-b1ab"
age: 65203
X-Firefox-Spdy: h2

oxy.st/slake/responsive.css?ver=5

185.178.208.137

200 OK

12 kB

URL HTTP/2
oxy.st/slake/responsive.css?ver=5
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text
Size
12 kB (11872 bytes)
Hash
c9887952027ae1466ab90ba9dcd23ce3
0afb76db6c9644265da1820da0afe7aaef448e53
f16e171dae88fb2e1970604b6152409551d184fb1977a2668dd19f36dc0ab338

HTTP Headers

GET /slake/responsive.css?ver=5 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/uJvg
Cookie: __ddg1_=64KSKIV6k1qjDYHyRsfl; PHPSESSID=n0loce6qv7tuq82nuv0o9d4dt6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 30 Jan 2023 18:15:32 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 22:27:36 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefded8-135c7"
age: 599983
content-length: 11872
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

oxy.st/slake/style.css?ver=6

185.178.208.137

200 OK

24 kB

URL HTTP/2
oxy.st/slake/style.css?ver=6
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text
Size
24 kB (24360 bytes)
Hash
cd7b3e4dfecea7028bc1bdeda5a47477
5c37dcaa4ed3c2a4051e4dc1714a342ac0de8365
4d401337713e7f1c9f6588f8f7d79721e531c837b5f2f73c0b3cb372fd8f9b87

HTTP Headers

GET /slake/style.css?ver=6 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/uJvg
Cookie: __ddg1_=64KSKIV6k1qjDYHyRsfl; PHPSESSID=n0loce6qv7tuq82nuv0o9d4dt6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 31 Jan 2023 16:34:53 GMT
content-type: text/css
last-modified: Fri, 18 Dec 2020 20:37:06 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5fdd12f2-2a549"
age: 519622
content-length: 24360
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

oxy.st/slake/asset/js/jquery.min.js

185.178.208.137

200 OK

30 kB

URL HTTP/2
oxy.st/slake/asset/js/jquery.min.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (65451)
Size
30 kB (30285 bytes)
Hash
28198fab85f1ac98f664600f670ba43d
ee0dd46d793071270130c08412258d8c32194a32
81bd52c3dd2417f30deadecbe5412bed404a86e05233b7b7ba6b7e8f682b5b49

HTTP Headers

GET /slake/asset/js/jquery.min.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/uJvg
Cookie: __ddg1_=64KSKIV6k1qjDYHyRsfl; PHPSESSID=n0loce6qv7tuq82nuv0o9d4dt6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 02 Feb 2023 08:41:20 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 30285
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-1538e"
age: 375235
X-Firefox-Spdy: h2

oxy.st/slake/asset/js/plugins.js

185.178.208.137

200 OK

91 kB

URL HTTP/2
oxy.st/slake/asset/js/plugins.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
Unicode text, UTF-8 text, with very long lines (8320), with CRLF line terminators
Size
91 kB (90933 bytes)
Hash
f64473f7f0d77763bf319a920044a5fe
085e34089773af2ec9ec67f206d51e9ada6a84fb
d0ce3ff70f038c52fd30f79350f60b4dff5c9bf0f327a1389c83c409a1f8846d

HTTP Headers

GET /slake/asset/js/plugins.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/uJvg
Cookie: __ddg1_=64KSKIV6k1qjDYHyRsfl; PHPSESSID=n0loce6qv7tuq82nuv0o9d4dt6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 05:11:48 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 90933
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-52d51"
age: 215007
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
31a7f67514e55b69a8825f7295176165
0b9ce923c0b1c31753eea0b18fe529f2c6d204d9
8f581b0cea9ae98d318dd1945e65a2d5d081624c1a9712e825e47228bc3e270c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8F581B0CEA9AE98D318DD1945E65A2D5D081624C1A9712E825E47228BC3E270C"
Last-Modified: Sat, 04 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17462
Expires: Mon, 06 Feb 2023 21:46:17 GMT
Date: Mon, 06 Feb 2023 16:55:15 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
370e74ead61664d84985db7a9087c0e4
7c55daf6c9231e1586a0c9d48375766e7f02405f
ddc18509904868cb8e31ad5cbbd27245fc163eaac44d40a7e95fb795c6e248db

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3203
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:55:15 GMT
Last-Modified: Mon, 06 Feb 2023 16:01:52 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279

whereres.com/api/scripts/mSetupWidget?id=363

88.208.46.156

200 OK

9.0 kB

URL HTTP/1.1
whereres.com/api/scripts/mSetupWidget?id=363
IP
88.208.46.156:0
ASN
#39572 DataWeb Global Group B.V.

File type
Unicode text, UTF-8 text, with very long lines (3565)
Size
9.0 kB (8982 bytes)
Hash
9c6d8fe1a69623dcc4c1948506d672af
b400e0ddf00fbbeed8a94c949165659d78714911
a5b9db9230019c2386cbd1bd2b8e193cd202b1f5558cc20a4a52058f79542c09

HTTP Headers

GET /api/scripts/mSetupWidget?id=363 HTTP/1.1
Host: whereres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: openresty
Date: Mon, 06 Feb 2023 16:55:15 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.0.27
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
ad2d72821808ee5f77c0598fed0f8bd1
adcd92881d1c5ac3cca4687dc6347369240f4726
c7ce86611bf0b0063c0bcb2c6a6a4b85fe6be2d89e382b8907e8bbb2e1e5962d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:55:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

oxy.st/slake/asset/img/bg/flake-slider-header.jpg

185.178.208.137

200 OK

32 kB

URL HTTP/2
oxy.st/slake/asset/img/bg/flake-slider-header.jpg
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x824, components 3\012- data
Size
32 kB (31870 bytes)
Hash
8e2a0e56ae25b282b437f9d5bd300d96
5d4ba26731ee84ba9bbc5487312162b826ede550
b48a7837a73459a7d6f545cb45a810533d9bf006a54077b2ca3bd62dd6f6315d

HTTP Headers

GET /slake/asset/img/bg/flake-slider-header.jpg HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/uJvg
Cookie: __ddg1_=64KSKIV6k1qjDYHyRsfl; PHPSESSID=n0loce6qv7tuq82nuv0o9d4dt6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 25 Aug 2022 10:28:42 GMT
content-type: image/jpeg
content-length: 31870
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
etag: "5eefbeb2-7c7e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 14279193
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
d4d7d6d6077079d28cac180985220645
7c5437e1e425dffbeb54341f3a150aa6faf8e951
a1ffdf0f5f534af3046ed92a4f4b99871816f5e4f8a3d60565c021433cadfa51

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 16:55:15 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 04 Feb 2023 16:59:16 GMT
Expires: Sat, 11 Feb 2023 16:59:15 GMT
Etag: "7c5437e1e425dffbeb54341f3a150aa6faf8e951"
Cache-Control: max-age=431639,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 795569906ef1b511-OSL

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
b06e93ce2a229694e2fc3f9dded7df14
6ee40469326838566b461c23cda197751fb365d6
39fda774240ea128e03c757916348c805d0daeb1ad19babe4da81739d8d53ab9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2223
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:55:15 GMT
Last-Modified: Mon, 06 Feb 2023 16:18:12 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279

oxy.st/slake/asset/fonts/themify--fvbane.woff

185.178.208.137

200 OK

471 B

URL HTTP/2
oxy.st/slake/asset/fonts/themify--fvbane.woff
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
data
Size
471 B (471 bytes)
Hash
836bc62dbb011b6180fc7209d0061736
74e6f18561a7006a3afb6ab03559eec239ce4b36
90b197384670fdb210d364f91b423fd383d25838e38a494158a8185bef0061f0

HTTP Headers

GET /slake/asset/fonts/themify--fvbane.woff HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://oxy.st/slake/asset/css/elements.css?1
Cookie: __ddg1_=64KSKIV6k1qjDYHyRsfl; PHPSESSID=n0loce6qv7tuq82nuv0o9d4dt6
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 30 Jan 2023 12:52:43 GMT
content-type: font/woff
content-length: 56108
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
access-control-allow-origin: *
accept-ranges: bytes
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-db2c"
age: 619352
X-Firefox-Spdy: h2

cdn.adlook.me/js/rlf.js

92.223.126.57

200 OK

19 kB

URL HTTP/2
cdn.adlook.me/js/rlf.js
IP
92.223.126.57:0
ASN
#199524 G-Core Labs S.A.

File type
Unicode text, UTF-8 text, with very long lines (65509), with no line terminators
Size
19 kB (19276 bytes)
Hash
4753bd99e680f991e358fcfc5956d348
f7506e35d1e97953351bacf094278a919dd2d5e9
417b57437a57fdbfdbe26fb8e676b6936d868f23f5aa5ca587811aa01ce9d03f

HTTP Headers

GET /js/rlf.js HTTP/1.1
Host: cdn.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 16:55:15 GMT
content-type: application/javascript,application/javascript;charset=utf-8
content-length: 19276
content-encoding: gzip
last-modified: Wed, 14 Dec 2022 11:05:17 GMT
etag: "8054b6f2abfd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
cache: HIT
x-cached-since: 2023-02-06T16:53:33+00:00
x-id: am3-up-gc95
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
836bc62dbb011b6180fc7209d0061736
74e6f18561a7006a3afb6ab03559eec239ce4b36
90b197384670fdb210d364f91b423fd383d25838e38a494158a8185bef0061f0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:55:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
836bc62dbb011b6180fc7209d0061736
74e6f18561a7006a3afb6ab03559eec239ce4b36
90b197384670fdb210d364f91b423fd383d25838e38a494158a8185bef0061f0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:55:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2

142.250.74.35

200 OK

21 kB

URL HTTP/2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 21276, version 1.0\012- data
Size
21 kB (21276 bytes)
Hash
59c9b83cc112cf7eeb3bf7a5e96b21fe
771790b776b5e1bc3039c337024e400974184208
a8447cdec51e85d9e93971a0d4a53bcf6085d70bf1d201662837d2fb953422c7

HTTP Headers

GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21276
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 Feb 2023 16:07:46 GMT
expires: Tue, 06 Feb 2024 16:07:46 GMT
cache-control: public, max-age=31536000
age: 2849
last-modified: Mon, 11 Jul 2022 19:01:17 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

142.250.74.35

200 OK

31 kB

URL HTTP/2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Size
31 kB (30928 bytes)
Hash
ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780

HTTP Headers

GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Feb 2023 07:08:09 GMT
expires: Sat, 03 Feb 2024 07:08:09 GMT
cache-control: public, max-age=31536000
age: 294426
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

push.services.mozilla.com/

52.37.14.141

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.37.14.141:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: fZuXgBir505HbXUNfUT9xQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: zfvR3lMAlyxJJFtznRWKisrNV8I=

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
6e4b2ecab61a43413b0703ab509f8819
2cc7ad7859ec5570fc3845a6b4367b57de931426
b2b0a5f67d732f23d64a330c38c3b08101331d6bd1f907a5d98499aa1ff6099d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5866
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:55:15 GMT
Last-Modified: Mon, 06 Feb 2023 15:17:29 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279

cdn.adlook.me/u/cds.html

92.223.126.57

200 OK

1.4 kB

URL HTTP/2
cdn.adlook.me/u/cds.html
IP
92.223.126.57:0
ASN
#199524 G-Core Labs S.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
1.4 kB (1439 bytes)
Hash
092b935eec2ba1199c03c1c856472e77
90d533fb895dda57fd0645cf484a4ecb7a64c344
8719a7a7e474f30d7a1d5dbf2ab97bbd73437c28ef567b410361540ad38c985e

HTTP Headers

GET /u/cds.html HTTP/1.1
Host: cdn.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 16:55:15 GMT
content-type: text/html
content-length: 1439
last-modified: Thu, 06 Aug 2020 17:06:57 GMT
etag: "207a2dfe136cd61:0"
x-powered-by: ASP.NET
cache: HIT
x-cached-since: 2023-02-06T16:53:49+00:00
x-id: am3-up-gc95
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.adlook.me/css/rlf.css?1.4

92.223.126.57

200 OK

1.6 kB

URL HTTP/2
cdn.adlook.me/css/rlf.css?1.4
IP
92.223.126.57:0
ASN
#199524 G-Core Labs S.A.

File type
ASCII text, with very long lines (1612), with no line terminators
Size
1.6 kB (1612 bytes)
Hash
ebb99a8c16a4ad70389cc2e9306fa4b1
b926dbbe4d67d1a39e3a7b1f4ea992c41388067b
d1b01565ed50bb2012a6d2c9b409fa41752d6c3a30e735f9f7008b7f635a21f1

HTTP Headers

GET /css/rlf.css?1.4 HTTP/1.1
Host: cdn.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 16:55:15 GMT
content-type: text/css
content-length: 1612
last-modified: Mon, 11 Oct 2021 12:59:26 GMT
etag: "2fce1cd29fbed71:0"
x-powered-by: ASP.NET
cache: HIT
x-cached-since: 2023-02-06T16:52:46+00:00
x-id: am3-up-gc95
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

314 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
314 B (314 bytes)
Hash
1393f3369c63a5533a1cdfab4669cb17
42bfb679ab7ab59210bb5dce2eb4133f80749d67
ef2ac694aa2c696809f281691672ac128fcf12f5106c7e79cd18e5f9135a1b43

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4443
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:55:15 GMT
Last-Modified: Mon, 06 Feb 2023 15:41:12 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 314

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3b0c933d059049a9d63dfd5bf194cdad
1116f2f77351192d4c25f5b5299dd2af99563532
ecb207edf56ba3ab9474d2da4c75961b7cb7f2dd6e8122bd83a385e9fe07f020

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ECB207EDF56BA3AB9474D2DA4C75961B7CB7F2DD6E8122BD83A385E9FE07F020"
Last-Modified: Sat, 04 Feb 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18972
Expires: Mon, 06 Feb 2023 22:11:27 GMT
Date: Mon, 06 Feb 2023 16:55:15 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
b06e93ce2a229694e2fc3f9dded7df14
6ee40469326838566b461c23cda197751fb365d6
39fda774240ea128e03c757916348c805d0daeb1ad19babe4da81739d8d53ab9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2223
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:55:15 GMT
Last-Modified: Mon, 06 Feb 2023 16:18:12 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279

ocsp.globalsign.com/gseccovsslca2018

104.18.20.226

200 OK

939 B

URL HTTP/1.1
ocsp.globalsign.com/gseccovsslca2018
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
939 B (939 bytes)
Hash
4181a5e2e664591e898939df958062c9
b59c58b7c047eef284ed44ce7ce82a0415357bbb
e0161f6b428d902ed831422abb9d3d6a5c1376457980f217a61ef3c7add26f94

HTTP Headers

POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 16:55:15 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Fri, 10 Feb 2023 13:34:44 GMT
ETag: "b59c58b7c047eef284ed44ce7ce82a0415357bbb"
Last-Modified: Mon, 06 Feb 2023 13:34:45 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1935
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79556992296db4f3-OSL

ocsp.globalsign.com/gseccovsslca2018

104.18.20.226

200 OK

939 B

URL HTTP/1.1
ocsp.globalsign.com/gseccovsslca2018
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
939 B (939 bytes)
Hash
4181a5e2e664591e898939df958062c9
b59c58b7c047eef284ed44ce7ce82a0415357bbb
e0161f6b428d902ed831422abb9d3d6a5c1376457980f217a61ef3c7add26f94

HTTP Headers

POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 16:55:15 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Fri, 10 Feb 2023 13:34:44 GMT
ETag: "b59c58b7c047eef284ed44ce7ce82a0415357bbb"
Last-Modified: Mon, 06 Feb 2023 13:34:45 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1935
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 795569922901b4fa-OSL

onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1675702561120

51.89.9.254

204 No Content

0 B

URL HTTP/2
onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1675702561120
IP
51.89.9.254:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /usync/?pubId=2a897e3f18e6769&cb=1675702561120 HTTP/1.1
Host: onetag-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
cache-control: no-store
strict-transport-security: max-age=15552000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0a8ea253ef61b5c330b3285f9a94e6ae
0cf9a1c66c83f505c7195774996b107c145f5884
8b6bca0cd9c9adcb16bba03349e8fcbfcd645719c82c95f0111095b731842402

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:55:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tag.leadplace.fr/libJsLP.js

145.239.192.166

200 OK

5.5 kB

URL HTTP/1.1
tag.leadplace.fr/libJsLP.js
IP
145.239.192.166:0
ASN
#16276 OVH SAS

File type
ASCII text
Size
5.5 kB (5547 bytes)
Hash
a0c24f993bc0901cfe62d1e801cb2b45
7eb2bdce06161ae486bc8e7ecd0b5c9c4f7b2984
80fccb00db57a177d26368cda09f8a540cf1aa641b8b6837047e86d3bd8d6333

HTTP Headers

GET /libJsLP.js HTTP/1.1
Host: tag.leadplace.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 06 Feb 2023 16:55:15 GMT
Content-Type: application/javascript
Content-Length: 5547
Last-Modified: Mon, 18 Oct 2021 12:21:41 GMT
ETag: "616d66d5-15ab"
Accept-Ranges: bytes
X-IPLB-Request-ID: 5B5A2A9A:2174_91EFC0A6:01BB_63E130F3_6D1592FC:6041
X-IPLB-Instance: 30196

c.tmyzer.com/c/?s=85433&f=2&fi=99

54.38.64.100

200 OK

0 B

URL HTTP/1.1
c.tmyzer.com/c/?s=85433&f=2&fi=99
IP
54.38.64.100:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c/?s=85433&f=2&fi=99 HTTP/1.1
Host: c.tmyzer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 06 Feb 2023 16:55:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
X-IPLB-Request-ID: 5B5A2A9A:C3BC_36264064:01BB_63E130F3_47366AD:2C9BA
X-IPLB-Instance: 20686

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
57fdf2746ac19b2c2093149d3ded7b25
06f6dcf2ac2f7a9cebe8c071067727dc5686fca1
ca8f1accae24f6fa5a101d38d72d4d933886080e487dd0ee75d246f2853a4791

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CA8F1ACCAE24F6FA5A101D38D72D4D933886080E487DD0EE75D246F2853A4791"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8400
Expires: Mon, 06 Feb 2023 19:15:15 GMT
Date: Mon, 06 Feb 2023 16:55:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a0bcd6c2199a23e5a3b86a56d75da469
2b3aac0b965885f98d84d5a57c61c60b08c97b55
64fa5d2e37bb811886492d5f42d7df5ba30b586d990b804b6b571b5742cb4cd5

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "64FA5D2E37BB811886492D5F42D7DF5BA30B586D990B804B6B571B5742CB4CD5"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11153
Expires: Mon, 06 Feb 2023 20:01:08 GMT
Date: Mon, 06 Feb 2023 16:55:15 GMT
Connection: keep-alive

yastatic.net/islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2

178.154.131.216

200 OK

45 kB

URL HTTP/2
yastatic.net/islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2
IP
178.154.131.216:0
ASN
#13238 YANDEX LLC

File type
Web Open Font Format (Version 2), TrueType, length 45100, version 1.0\012- data
Size
45 kB (45100 bytes)
Hash
e783c489351712fa80a7cb4206cffd02
4d1d924e4cbae116baf57958cea28dedc9e361f4
281e998fb084bbc3243914bfd01a00ef5cdbc847179c43106808821a6e0ae1a5

HTTP Headers

GET /islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2 HTTP/1.1
Host: yastatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.17.9
date: Mon, 06 Feb 2023 16:55:15 GMT
content-type: application/font-woff2
content-length: 45100
access-control-allow-origin: *
cache-control: public, max-age=31556952
etag: "e783c489351712fa80a7cb4206cffd02"
expires: Tue, 06 Feb 2024 22:43:57 GMT
last-modified: Tue, 22 Jan 2019 17:07:25 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-nginx-request-id: 315ad54bb18a8040
accept-ranges: bytes
X-Firefox-Spdy: h2

yastatic.net/islands/_/KRBKbh7904nwfw8-FzDelXRpZ9o.woff2

178.154.131.216

200 OK

43 kB

URL HTTP/2
yastatic.net/islands/_/KRBKbh7904nwfw8-FzDelXRpZ9o.woff2
IP
178.154.131.216:0
ASN
#13238 YANDEX LLC

File type
Web Open Font Format (Version 2), TrueType, length 43112, version 1.0\012- data
Size
43 kB (43112 bytes)
Hash
f8883ab9c4a452a0bfe3c5cf9619db86
29104a6e1efdd389f07f0f3e1730de95746967da
427f528f5d190e0e3275d8a1fc40bad36fede3da064b33f29dc8fe6e614ff2f7

HTTP Headers

GET /islands/_/KRBKbh7904nwfw8-FzDelXRpZ9o.woff2 HTTP/1.1
Host: yastatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.17.9
date: Mon, 06 Feb 2023 16:55:15 GMT
content-type: application/font-woff2
content-length: 43112
access-control-allow-origin: *
cache-control: public, max-age=31556952
etag: "f8883ab9c4a452a0bfe3c5cf9619db86"
expires: Tue, 06 Feb 2024 22:43:14 GMT
last-modified: Tue, 22 Jan 2019 17:04:38 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-nginx-request-id: de97a645be107550
accept-ranges: bytes
X-Firefox-Spdy: h2

p.cpx.to/p/12771/px.js

18.203.96.189

200 OK

2.0 kB

URL HTTP/1.1
p.cpx.to/p/12771/px.js
IP
18.203.96.189:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (1990), with no line terminators
Size
2.0 kB (1990 bytes)
Hash
a667f26d4e73b4b5098a9c9637d3d29f
83d9b753da4c51039a689bc67956f7f9997854cc
a559f41c7e0d2f4852afbf1cf44b736b9158e65b01843c05850f6e8d6b6db9b6

HTTP Headers

GET /p/12771/px.js HTTP/1.1
Host: p.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
cache-control: max-age=2419200, public
content-type: application/javascript; charset=UTF-8
date: Mon, 06 Feb 2023 16:55:15 GMT
Content-Length: 1990
Connection: keep-alive

tag.leadplace.fr/wckr.php?ref=https%3A%2F%2Foxy.st%2Fd%2FuJvg&id=MTIZ

145.239.192.166

200 OK

0 B

URL HTTP/1.1
tag.leadplace.fr/wckr.php?ref=https%3A%2F%2Foxy.st%2Fd%2FuJvg&id=MTIZ
IP
145.239.192.166:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wckr.php?ref=https%3A%2F%2Foxy.st%2Fd%2FuJvg&id=MTIZ HTTP/1.1
Host: tag.leadplace.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 06 Feb 2023 16:55:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
X-IPLB-Request-ID: 5B5A2A9A:2174_91EFC0A6:01BB_63E130F3_6D159303:6041
X-IPLB-Instance: 30196

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d12cb53144d0964484d5533da0d9224f
a656489348ebb5f6eb71f7f8758d64ea5e9a1f7a
1b458c0e3cebcfb9bb5cfb8fd54cd54b79825bde21f296a4348b0ce342a38585

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1B458C0E3CEBCFB9BB5CFB8FD54CD54B79825BDE21F296A4348B0CE342A38585"
Last-Modified: Sat, 04 Feb 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2735
Expires: Mon, 06 Feb 2023 17:40:50 GMT
Date: Mon, 06 Feb 2023 16:55:15 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
3b643538a5ffef8b92daec722cd042c0
d416e3a25a9f651d00dbce0768cbdc0f24532cd7
6804376276640b4c372f5a01dd4b5b2dff44edb49369f88da7fa23d8f4e1afed

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4957
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:55:15 GMT
Last-Modified: Mon, 06 Feb 2023 15:32:38 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 313

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
3b643538a5ffef8b92daec722cd042c0
d416e3a25a9f651d00dbce0768cbdc0f24532cd7
6804376276640b4c372f5a01dd4b5b2dff44edb49369f88da7fa23d8f4e1afed

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4057
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:55:15 GMT
Last-Modified: Mon, 06 Feb 2023 15:47:38 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 313

id5-sync.com/api/config/prebid

162.19.138.117

200

134 B

URL HTTP/1.1
id5-sync.com/api/config/prebid
IP
162.19.138.117:0
ASN
#16276 OVH SAS

File type
JSON data\012- , ASCII text, with no line terminators
Size
134 B (134 bytes)
Hash
99be75395b3c89cdd6781761e5a85ad2
225a8b587c3545be2581aa9ac2b630b51679d7be
559ffc5fa5eadd77f8bfaaeb793648763e312a17391d8e6bbb7d8d3dec2147e1

HTTP Headers

POST /api/config/prebid HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 95
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Mon, 06 Feb 2023 16:55:14 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload

mpraven.org/api/getslugv3?partner_apikey=fc637ad2fa123a2358df5768a2427c14&bl=0&raw=Discover%20new%20possibilities%20for%20%3Cspan%3E%20%242.70%2F5%20days%3C%2Fspan%3E&sourceURL=https%3A%2F%2Floader.oxy.st%2Fget%2F0043b7752dc5e8e04963a1a7b94e2ff6%2FCrack_DeadCode.rar&sourceName=Crack%20DeadCode.rar&sourceIntro=&sourceNote=&priority=source&tag=&rnd=7ce263fb1ad1215bf569b22a9675f6f3&d=0&utm_content=&err=0&b=1&rfr=https%3A%2F%2Foxy.st%2Fd%2FuJvg

88.208.5.115

200 OK

121 B

URL HTTP/1.1
mpraven.org/api/getslugv3?partner_apikey=fc637ad2fa123a2358df5768a2427c14&bl=0&raw=Discover%20new%20possibilities%20for%20%3Cspan%3E%20%242.70%2F5%20days%3C%2Fspan%3E&sourceURL=https%3A%2F%2Floader.oxy.st%2Fget%2F0043b7752dc5e8e04963a1a7b94e2ff6%2FCrack_DeadCode.rar&sourceName=Crack%20DeadCode.rar&sourceIntro=&sourceNote=&priority=source&tag=&rnd=7ce263fb1ad1215bf569b22a9675f6f3&d=0&utm_content=&err=0&b=1&rfr=https%3A%2F%2Foxy.st%2Fd%2FuJvg
IP
88.208.5.115:0
ASN
#39572 DataWeb Global Group B.V.

File type
JSON data\012- , ASCII text, with no line terminators
Size
121 B (121 bytes)
Hash
29eef4ad0d20ae347e0c48af32578d8a
38a855a9e4b78ef0e3803e3a1513bfb91fdfb36a
2cef899a44d5dee115209dec6eb36e3d0e619c79fab4fc69acba62a419993692

HTTP Headers

GET /api/getslugv3?partner_apikey=fc637ad2fa123a2358df5768a2427c14&bl=0&raw=Discover%20new%20possibilities%20for%20%3Cspan%3E%20%242.70%2F5%20days%3C%2Fspan%3E&sourceURL=https%3A%2F%2Floader.oxy.st%2Fget%2F0043b7752dc5e8e04963a1a7b94e2ff6%2FCrack_DeadCode.rar&sourceName=Crack%20DeadCode.rar&sourceIntro=&sourceNote=&priority=source&tag=&rnd=7ce263fb1ad1215bf569b22a9675f6f3&d=0&utm_content=&err=0&b=1&rfr=https%3A%2F%2Foxy.st%2Fd%2FuJvg HTTP/1.1
Host: mpraven.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 06 Feb 2023 16:55:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-SF: ok
X-Slug: check SF
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Content-Encoding: gzip

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8f240a1bede030f10216bc47bb22f304
9adeb6c0847eb3744f82011e850d2cb6f962db24
8145e60b081de707bf1bd7bad4d402c487db164f149a1367f70545178122efac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8145E60B081DE707BF1BD7BAD4D402C487DB164F149A1367F70545178122EFAC"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1692
Expires: Mon, 06 Feb 2023 17:23:27 GMT
Date: Mon, 06 Feb 2023 16:55:15 GMT
Connection: keep-alive

spl.zeotap.com/?env=mWeb&eventType=pageview&zdid=1258

104.22.24.87

200 OK

497 B

URL HTTP/2
spl.zeotap.com/?env=mWeb&eventType=pageview&zdid=1258
IP
104.22.24.87:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
497 B (497 bytes)
Hash
3f67c1d5109f79244388020a286e5df5
fadf284ce6ae484ee8062d752a65f0338d50c823
463a38d741059b9966b03eb57278c971d1b649e95e56a1a9562697600d39cd17

HTTP Headers

GET /?env=mWeb&eventType=pageview&zdid=1258 HTTP/1.1
Host: spl.zeotap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:55:15 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://oxy.st
set-cookie: zc=70c1c649-4968-4d7d-491e-24d79d8e25d2; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure
zsc=%5Bg%F7%84%D1%25w%A4H%00%A4%ED%9E%F6%7Bg%0CbJ%E9YI%8F%B6%C9%5Cu%DD%81%A7%81%0B%3B%F4%B5Nr%80%09f%81%7C%89%8B%07%ED%BA1%EAV%EB%0C%12%05%AD%F7%0C%1CI%D8CY%DEx%EB%F7%A1%1CAa%24O%BF%DF%D1%09%21%00%17%BD_%FF%3D; Path=/; Domain=.zeotap.com; Max-Age=86400; SameSite=None; Secure
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 795569938979b529-OSL
content-encoding: br
X-Firefox-Spdy: h2

gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1

178.250.0.157

200 OK

45 kB

URL HTTP/2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type
data
Size
45 kB (45239 bytes)
Hash
7c76508b96a35fe3191e1c6ab5ff1666
96b749edb3e2b82ff61c4613fc624586ac87a99f
d9dbf91d234841c7cc4e25d50342bb96892aa4723a1630dff9035b1d4867d46d

HTTP Headers

GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:55:15 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 943946
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
89cb314fd96ee7eecd69c34d471055fe
0773c53bc7741323d666d69b39a73ec53167ed17
0e0811aec04223315893249a43c4a8b5140c5031651263a427c9885215e4719e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E0811AEC04223315893249A43C4A8B5140C5031651263A427C9885215E4719E"
Last-Modified: Sat, 04 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3752
Expires: Mon, 06 Feb 2023 17:57:47 GMT
Date: Mon, 06 Feb 2023 16:55:15 GMT
Connection: keep-alive

dnacdn.net/dna

178.250.2.146

200 OK

0 B

URL HTTP/2
dnacdn.net/dna
IP
178.250.2.146:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:55:15 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=XxPAMF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czFxdSUyRjlZaUpJbHolMkZya1UwQW4zeUk2SEIybUoxYnZMOXN6QVhDbzdGZlp4; expires=Sat, 02 Mar 2024 16:55:15 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 261624
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

lb.eu-1-id5-sync.com/lb/v1

141.95.98.65

200

33 B

URL HTTP/1.1
lb.eu-1-id5-sync.com/lb/v1
IP
141.95.98.65:0
ASN
#16276 OVH SAS

File type
JSON data\012- , ASCII text, with no line terminators
Size
33 B (33 bytes)
Hash
251241ccd05bcb31d21e3ec3dfc7ebe0
fb189485880927b5a34f9d775d3a6d0677d27ed7
37573f7d5a7595a451db941b1801587223c6b49d74c94b964c22441830ded3f9

HTTP Headers

GET /lb/v1 HTTP/1.1
Host: lb.eu-1-id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://oxy.st
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Mon, 06 Feb 2023 16:55:15 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
aa3bb534a98dcc20f798620720f026ba
977debc5fc772308b1b33d67211fb0f867575461
50a6e2a06202704fbad7e337ccc9034017f64c196c406225d9875349c3257172

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 16:55:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 06 Feb 2023 07:14:51 GMT
Expires: Mon, 13 Feb 2023 07:14:50 GMT
Etag: "977debc5fc772308b1b33d67211fb0f867575461"
Cache-Control: max-age=569373,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 795569943d19b511-OSL

s.cpx.to/fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FuJvg&hn_ver=40&fid=d350e2fe-ce49-4936-a6bb-4291a645443f

52.31.36.28

200 OK

652 B

URL HTTP/1.1
s.cpx.to/fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FuJvg&hn_ver=40&fid=d350e2fe-ce49-4936-a6bb-4291a645443f
IP
52.31.36.28:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (652), with no line terminators
Size
652 B (652 bytes)
Hash
6f23dd0194a1b978e4ad534ee1b25af3
c41365b38e351bed303f55dd52bebd9b96d73950
cc88f2859260a4df7e5d6350b24b4ec6eec2bb3f206ed05275158dae1ec50188

HTTP Headers

GET /fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FuJvg&hn_ver=40&fid=d350e2fe-ce49-4936-a6bb-4291a645443f HTTP/1.1
Host: s.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 16:55:16 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 652
Connection: keep-alive
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: none
cache-control: no-store, must-revalidate, private, max-age=0
pragma: no-cache
p3p: CP="NOI DEV ADM"
expires: Mon, 30 Jan 2023 11:25:31 UTC
set-cookie: cpSess=cb140cbac40007e; Expires=Tue, 06 Feb 2024 16:55:16 GMT; Domain=.cpx.to; Path=/; Secure; HttpOnly; SameSite=None

ads.adlook.me/vast?id=5344&w=1268&h=713&mult=1&rw=0&ref=&loc=https%3A%2F%2Foxy.st%2Fd%2FuJvg&top=&_ts=1675702561599

5.200.43.243

200 OK

2 B

URL HTTP/2
ads.adlook.me/vast?id=5344&w=1268&h=713&mult=1&rw=0&ref=&loc=https%3A%2F%2Foxy.st%2Fd%2FuJvg&top=&_ts=1675702561599
IP
5.200.43.243:0
ASN
#48096 Enterprise Cloud Ltd.

File type
JSON data\012- , ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

HTTP Headers

GET /vast?id=5344&w=1268&h=713&mult=1&rw=0&ref=&loc=https%3A%2F%2Foxy.st%2Fd%2FuJvg&top=&_ts=1675702561599 HTTP/1.1
Host: ads.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/json
server: Microsoft-IIS/10.0
set-cookie: adlm_userId=c00379b345a54d6ea612d48ce29002d9; expires=Mon, 05 Feb 2024 21:00:00 GMT; path=/; SameSite=None; secure; samesite=lax
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
date: Mon, 06 Feb 2023 16:55:15 GMT
content-length: 2
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
33df1b5ff9a28d873b66a3748eaf1144
841b800ef212c76ec1996777d992d4fed483aad7
f46fefd0068ec29923011a78094cb69879e38ef1dc6ba4d9c5cfa7462857cddd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F46FEFD0068EC29923011A78094CB69879E38EF1DC6BA4D9C5CFA7462857CDDD"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7628
Expires: Mon, 06 Feb 2023 19:02:24 GMT
Date: Mon, 06 Feb 2023 16:55:16 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f8d699ffe3b1f12a3150dd92f9e17d11
0e76135a7ba2f06714221aeca75731c93342d331
121ac8cb3bf6cac815569a04ac37a4905eb081589664aa39d44be04dd2e31717

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "121AC8CB3BF6CAC815569A04AC37A4905EB081589664AA39D44BE04DD2E31717"
Last-Modified: Sun, 05 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7561
Expires: Mon, 06 Feb 2023 19:01:17 GMT
Date: Mon, 06 Feb 2023 16:55:16 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5a74f72e043a3f4543d35980dc559ab7
3b7507ab296bf46cafd79c813baad0fc88b5ab43
e8ee0d750cd6cd78c101c759499c41d0c8aefc49bcf90abfa6fb2e90f881de3f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E8EE0D750CD6CD78C101C759499C41D0C8AEFC49BCF90ABFA6FB2E90F881DE3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5883
Expires: Mon, 06 Feb 2023 18:33:19 GMT
Date: Mon, 06 Feb 2023 16:55:16 GMT
Connection: keep-alive

id5-sync.com/g/v2/12.json

162.19.138.117

200

215 B

URL HTTP/1.1
id5-sync.com/g/v2/12.json
IP
162.19.138.117:0
ASN
#16276 OVH SAS

File type
JSON data\012- , ASCII text, with no line terminators
Size
215 B (215 bytes)
Hash
9cb5f84307ecf70e57eebdfc74987f6b
acc0f39bfdffb2247efc9805dba00d904af6f53c
bbf2364323b9ccc126477239fe0cea8d0a46e77556c29ec56bcbede17bd8574e

HTTP Headers

POST /g/v2/12.json HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 225
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Mon, 06 Feb 2023 16:55:15 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3f42c0d1cd34dd1d6e27d8d13e2034fa
aee1e48ed0450d58d165714bec4be7307eede096
8c057825608d7e340ab1b69839c5a73316162b0afbea1f759c2d6acb6e3f9035

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8C057825608D7E340AB1B69839C5A73316162B0AFBEA1F759C2D6ACB6E3F9035"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2352
Expires: Mon, 06 Feb 2023 17:34:28 GMT
Date: Mon, 06 Feb 2023 16:55:16 GMT
Connection: keep-alive

ads.themoneytizer.com/moneybile.js

185.76.9.25

200 OK

17 kB

URL HTTP/2
ads.themoneytizer.com/moneybile.js
IP
185.76.9.25:0
ASN
#60068 Datacamp Limited

File type
data
Size
17 kB (16566 bytes)
Hash
2f56f19cbb41426d78d0b1abea3cf950
fa4137e1c4a22202c5413ca1d891fb0ee3a0f8b2
6419f8ac64baa5c22118fe539267b2fa7d44321fe44b663dc7383e7246d507d9

HTTP Headers

GET /moneybile.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:55:15 GMT
content-type: application/javascript
last-modified: Fri, 12 Mar 2021 17:07:19 GMT
expires: Tue, 07 Feb 2023 05:02:29 GMT
cache-control: max-age=86400, public, no-transform
pragma: public
x-accel-expires: @1675746149
server: CDN77-Turbo
x-77-nzt: AblMCRTANMv/DqcAAA
x-77-nzt-ray: af585630afabec98f330e1638e040e15
x-cache: HIT
x-age: 42766
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

ibrapush.com/zone?pub=0&zone_id=5630104&is_mobile=false&domain=oxy.st&var=&ymid=&var_3=

139.45.197.250

200 OK

705 B

URL HTTP/2
ibrapush.com/zone?pub=0&zone_id=5630104&is_mobile=false&domain=oxy.st&var=&ymid=&var_3=
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with very long lines (704)
Size
705 B (705 bytes)
Hash
53fd4fda83983a95b2ce314003de8718
f748134fb9af3caa678b515e2cbc82eff9881bc4
fd13354afb4688df091fa2c30a00d1ec42fb3f9fbadfebcf926f4e5581238def

HTTP Headers

GET /zone?pub=0&zone_id=5630104&is_mobile=false&domain=oxy.st&var=&ymid=&var_3= HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 16:55:16 GMT
content-type: application/json; charset=utf-8
content-length: 705
x-trace-id: 3c72862fae40f3c99f6a3065dce8080b
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

oxy.st/slake/asset/img/favicon/apple-touch-icon.png

185.178.208.137

200 OK

2.0 kB

URL HTTP/2
oxy.st/slake/asset/img/favicon/apple-touch-icon.png
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
2.0 kB (1994 bytes)
Hash
05807c4aceabfb49ab9d66e54618ff53
fddb5a3eb50d1a255989f72f91911dc21e2d5d9b
725d652f8c9ad3d148a0528878b51e2e250d228ab6eaf39111d0664abad359b3

HTTP Headers

GET /slake/asset/img/favicon/apple-touch-icon.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/uJvg
Cookie: __ddg1_=64KSKIV6k1qjDYHyRsfl; PHPSESSID=n0loce6qv7tuq82nuv0o9d4dt6; _pbjs_userid_consent_data=3524755945110770; sharedid=4d822a3b-d30a-4387-83ef-f8be13f9751e; cto_bundle=RfzxYl9mYXpDbzRpRFZxU0dRQ0FUdkM4OFVrT2hZUU81bXd5N2x0TGtWQWcyMDBnWnBqMkJ0dnh4RVBvM0dVWTl1eVBJJTJCJTJGJTJGbGlxSzdHcUdnM01XbkFYZXhIUU51SzdaJTJCdmN4JTJGQ2I2VFI1ZjhyU28lM0Q; cto_bidid=pDPBjF9ZMnZHY2tGeDJERmxDaHFTWmslMkZBQnM3NFJMWjFFcjBKUlZ2bGh6cSUyQm5HUnNRNjhJdDlaZWdKYU01NEpGJTJCekNiM0hma2lwekZ6dk54ZE5ja0twNFlwQSUzRCUzRA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 25 Aug 2022 10:29:17 GMT
content-type: image/png
content-length: 1994
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
etag: "5eefbeb2-7ca"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 14279159
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

oxy.st/images/icon.png

185.178.208.137

200 OK

7.5 kB

URL HTTP/2
oxy.st/images/icon.png
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
7.5 kB (7531 bytes)
Hash
b63d70eb8c5d379fa68fe0f63e8c4255
232de1f52e52611ae67aab8ebaa143946154a233
100c7773d318b841267dc4ac654366ac19ba903e6cd6551777268f6eb4ed86cd

HTTP Headers

GET /images/icon.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/uJvg
Cookie: __ddg1_=64KSKIV6k1qjDYHyRsfl; PHPSESSID=n0loce6qv7tuq82nuv0o9d4dt6; _pbjs_userid_consent_data=3524755945110770; sharedid=4d822a3b-d30a-4387-83ef-f8be13f9751e; cto_bundle=RfzxYl9mYXpDbzRpRFZxU0dRQ0FUdkM4OFVrT2hZUU81bXd5N2x0TGtWQWcyMDBnWnBqMkJ0dnh4RVBvM0dVWTl1eVBJJTJCJTJGJTJGbGlxSzdHcUdnM01XbkFYZXhIUU51SzdaJTJCdmN4JTJGQ2I2VFI1ZjhyU28lM0Q; cto_bidid=pDPBjF9ZMnZHY2tGeDJERmxDaHFTWmslMkZBQnM3NFJMWjFFcjBKUlZ2bGh6cSUyQm5HUnNRNjhJdDlaZWdKYU01NEpGJTJCekNiM0hma2lwekZ6dk54ZE5ja0twNFlwQSUzRCUzRA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 31 Jan 2023 20:46:30 GMT
content-type: image/png
content-length: 7531
last-modified: Sun, 21 Jun 2020 20:10:25 GMT
etag: "5eefbeb1-1d6b"
access-control-allow-origin: *
accept-ranges: bytes
age: 504526
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

id5-sync.com/i/12/9.gif?gdpr=&gdpr_consent=

162.19.138.117

200

43 B

URL HTTP/1.1
id5-sync.com/i/12/9.gif?gdpr=&gdpr_consent=
IP
162.19.138.117:0
ASN
#16276 OVH SAS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
07fff40b5dd495aca2ac4e1c3fbc60aa
e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

HTTP Headers

GET /i/12/9.gif?gdpr=&gdpr_consent= HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: cf=; Max-Age=300; Expires=Mon, 06-Feb-2023 17:00:16 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cip=; Max-Age=300; Expires=Mon, 06-Feb-2023 17:00:16 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cnac=; Max-Age=300; Expires=Mon, 06-Feb-2023 17:00:16 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
car=; Max-Age=300; Expires=Mon, 06-Feb-2023 17:00:16 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
gdpr=; Max-Age=300; Expires=Mon, 06-Feb-2023 17:00:16 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
callback=; Max-Age=300; Expires=Mon, 06-Feb-2023 17:00:16 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
content-type: image/gif;charset=UTF-8
transfer-encoding: chunked
date: Mon, 06 Feb 2023 16:55:15 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload

tzegilo.com/stattag.js

104.21.89.122

200 OK

40 kB

URL HTTP/2
tzegilo.com/stattag.js
IP
104.21.89.122:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (17335), with no line terminators
Size
40 kB (39949 bytes)
Hash
4d9791135aa3a96ccbcf4bffa7f7c353
e040ab1b7b3a9dc5092af296bf1843a7e6010091
b7917907a4e81ed753a24ab3df9753c452e845878237132bce1861564d95e33e

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:55:16 GMT
content-type: application/javascript
last-modified: Fri, 03 Feb 2023 16:30:52 GMT
etag: W/"63dd36bc-43b7"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 1020
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FDH1w4Fya2HMs07EAIBk7kEOfN9hGCK50aewthTd8z6VVGW68xTfe8TpXHXANo0%2F2pTuLlg%2BXFFvmkYyP3fdk7fTbthcoxJ5TAlcEcoRCr4lJqFyQM8gkkT3BZ8Opw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79556997588b0b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js

143.204.42.129

200 OK

26 kB

URL HTTP/1.1
d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js
IP
143.204.42.129:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (16085)
Size
26 kB (25704 bytes)
Hash
8703fc9eead243fe2f47380e962d7fa2
3d9f707259112fa9ccdd1e676f00eadcff71906c
b47b4ca26c57e3dceebd7abd067df9622599bed6bfb11b480f92d09a945cd213

HTTP Headers

GET /a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js HTTP/1.1
Host: d2zur9cc2gf1tx.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 25704
Connection: keep-alive
Accept-Ranges: bytes
Last-Modified: Mon, 18 Feb 2019 16:54:28 GMT
Server: Apache
Date: Mon, 06 Feb 2023 07:43:45 GMT
X-Cache: Hit from cloudfront
Via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 08yI5A-BjGxP-mSqcc6Pt3VPTBqHiba_nnhzFo8z3MgBo7BakUdIow==
Age: 33098

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
7afb8eb5dcbd727fb69c14bfabe20e72
d4b1cc1973e4200a371f0aa8c5ec8232d780a77b
ca0a46edfe267973b60ff163d696fe7c0e862e56ee3f90f098bf309f276c987f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:55:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
262283a921f231669fd41486228a6e9a
4b96dcb2cd03f53280d2ecf5ccb249b0b32e6e97
13b8cc87c28e0113401d88f89971eb966afde870a3e4be2602ff34942e81862d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:55:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
1195dd6a2166c4b6c4f45510e64cbd2c
1600d859c9c6e74468bbd3d30b86a666ff307116
d0603547733c0617e521f5f0c1766800d3541f1afc470b8f8c94ca58d34df1c1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 486
Cache-Control: max-age=91193
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:55:16 GMT
Etag: "63dff047-1d7"
Expires: Tue, 07 Feb 2023 18:15:09 GMT
Last-Modified: Sun, 05 Feb 2023 18:07:03 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=d350e2fe-ce49-4936-a6bb-4291a645443f

142.250.74.2

302 Found

341 B

URL HTTP/2
cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=d350e2fe-ce49-4936-a6bb-4291a645443f
IP
142.250.74.2:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
341 B (341 bytes)
Hash
c1ab12b12f276063d7eec65729437513
61033eee2920cef18b33f94dacb4cefbd55eed1e
5a2e04b56ed317d04b6f412d451c7eae3028efcefdaa68a67cca4aafe7c47326

HTTP Headers

GET /pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=d350e2fe-ce49-4936-a6bb-4291a645443f HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&fid=d350e2fe-ce49-4936-a6bb-4291a645443f&google_tc=
date: Mon, 06 Feb 2023 16:55:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 341
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Mon, 06-Feb-2023 17:10:16 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
42a0bd8919ea05b0f344ed1eda7e8572
770dc507181b58116ba5c72a988ed47a2f42adb7
51cc9a349e3092d68a48cc630b6b322788c5b5b3747ba6ba4d863910c6c7ee9b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6217
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:55:16 GMT
Last-Modified: Mon, 06 Feb 2023 15:11:39 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

ocsp.globalsign.com/gsgccr3dvtlsca2020

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsgccr3dvtlsca2020
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1414 bytes)
Hash
5eb45fd3bd0d656135f07dc9f7deb36d
21c9967f873887347a15576026ffcf480627d385
43a7825dd0aba6e525bca62922212d09b8dcee22782a347e2bc751c5841672d4

HTTP Headers

POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 16:55:16 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Fri, 10 Feb 2023 15:53:44 GMT
ETag: "21c9967f873887347a15576026ffcf480627d385"
Last-Modified: Mon, 06 Feb 2023 15:53:45 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2021
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 795569982ae0b4f3-OSL

nanouwho.com/1?z=5630103

139.45.197.242

200 OK

7.5 kB

URL HTTP/2
nanouwho.com/1?z=5630103
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type
data
Size
7.5 kB (7492 bytes)
Hash
b65a39df4dcd4a8b8aa470928ad963ff
14437fe131e740252645330aa46ff70c709a6add
081505584a09d2afd121a42f7c3e8347cfaba5545a538358511f2dbe58dd8e15

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /1?z=5630103 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 16:55:16 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 85a4492d51d2f79d403706c7fdcb0cec
access-control-expose-headers: X-Sc
x-sc: E8f6X8FVVYXqARde-zlH8O8TGtSuSeBidQC5L28CKaTwZilRkhCjs64kczUqJKSFkavXwkEXfx9LYRNut_DpCst1HHk=
set-cookie: scm=1; expires=Tue, 06 Feb 2024 16:55:16 GMT; secure; SameSite=None
OAID=c8cea61f923a402c87757ad58fa0441e; expires=Tue, 06 Feb 2024 16:55:16 GMT; secure; SameSite=None
oaidts=1675702516; expires=Tue, 06 Feb 2024 16:55:16 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

gum.criteo.com/sync?c=147&r=2&j=criteoCallback

178.250.0.157

200 OK

0 B

URL HTTP/2
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-crto-bundle
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:55:15 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-headers: X-CRTO-SID, X-CRTO-IDCPY, X-CRTO-OPTOUT, X-CRTO-BUNDLE
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 898128
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

ocsp2.globalsign.com/gsalphasha2g2

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsalphasha2g2
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1423 bytes)
Hash
63df4b795fff8665cd47c2b210260a65
27889334b4d8fef44287136801d94349acb358a3
41fecd851371596e78aceb930d2a904c3d54f50a4d262c1b39cdff56f3ff40ae

HTTP Headers

POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 16:55:16 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Fri, 10 Feb 2023 14:20:37 GMT
ETag: "27889334b4d8fef44287136801d94349acb358a3"
Last-Modified: Mon, 06 Feb 2023 14:20:38 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2782
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 795569984ebfb4eb-OSL

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
262283a921f231669fd41486228a6e9a
4b96dcb2cd03f53280d2ecf5ccb249b0b32e6e97
13b8cc87c28e0113401d88f89971eb966afde870a3e4be2602ff34942e81862d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:55:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

betotodilea.com/400/5630102

139.45.197.237

200 OK

32 kB

URL HTTP/2
betotodilea.com/400/5630102
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
data
Size
32 kB (32173 bytes)
Hash
f8a587ba84a108a8714c61905f2b667e
3fccb1a1111ab36f298a3cbb9bc63ba98c7a1d10
c1a6b55fa0785589078c638932615d64d357f97a926fb5d38e512250d321c9fa

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /400/5630102 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 16:55:16 GMT
content-type: application/javascript
x-trace-id: d4155761a8d1e34a09dd7e6a57deaf27
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=76744f26958d4aaf87fd21d72debf608; expires=Tue, 06 Feb 2024 16:55:16 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12771%26ref%3D%26url%3Dhttps%253A%252F%252Foxy.st%252Fd%252FuJvg%26hn_ver%3D40%26fid%3Dd350e2fe-ce49-4936-a6bb-4291a645443f

185.89.210.141

307 Redirection

0 B

URL HTTP/1.1
secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12771%26ref%3D%26url%3Dhttps%253A%252F%252Foxy.st%252Fd%252FuJvg%26hn_ver%3D40%26fid%3Dd350e2fe-ce49-4936-a6bb-4291a645443f
IP
185.89.210.141:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12771%26ref%3D%26url%3Dhttps%253A%252F%252Foxy.st%252Fd%252FuJvg%26hn_ver%3D40%26fid%3Dd350e2fe-ce49-4936-a6bb-4291a645443f HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Mon, 06 Feb 2023 16:55:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FuJvg%2526hn_ver%253D40%2526fid%253Dd350e2fe-ce49-4936-a6bb-4291a645443f
AN-X-Request-Uuid: e6bcb075-1dec-4301-8749-4cce5dd9ff97
Set-Cookie: uuid2=9009607446906427826; SameSite=None; Path=/; Max-Age=7776000; Expires=Sun, 07-May-2023 16:55:16 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com

rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js

54.230.111.4

200 OK

671 B

URL HTTP/2
rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js
IP
54.230.111.4:0
ASN
#16509 AMAZON-02

File type
data
Size
671 B (671 bytes)
Hash
5a6add104317b86ee67f3772f82a6f71
6c421d0e0214a46d469cea71855107c9517a2229
a72d6448bad9eb8603330f3651098eb591d598ae26f040da42eb7f5e3bc72f1b

HTTP Headers

GET /rules-p-6Fv0cGNfc_bw8.js HTTP/1.1
Host: rules.quantcount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
date: Mon, 06 Feb 2023 16:41:32 GMT
last-modified: Thu, 13 Oct 2022 22:35:53 GMT
etag: W/"1f431dc94c1f033d6666f0fe637e2d7b"
x-amz-server-side-encryption: AES256
cache-control: max-age=3600
server: AmazonS3
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -1bfOlAuPiQjW0EuOBynqpI58038jIsvvhyZeIP_9fy2E0pBoz30Og==
age: 824
X-Firefox-Spdy: h2

pixel.quantserve.com/pixel;r=1614997165;labels=Categories.technologyandcomputing;rf=0;a=p-6Fv0cGNfc_bw8;url=https%3A%2F%2Foxy.st%2Fd%2FuJvg;uht=2;fpan=1;fpa=P0-2081009822-1675702562393;pbc=;ns=0;ce=1;qjs=1;qv=bf501fc4-20230203135208;cm=;gdpr=0;ref=;d=oxy.st;dst=0;et=1675702562442;tzo=0;ogl=;ses=5de83f78-c843-4054-bc6b-182d3cbce4ea

91.228.74.168

200 OK

35 B

URL HTTP/2
pixel.quantserve.com/pixel;r=1614997165;labels=Categories.technologyandcomputing;rf=0;a=p-6Fv0cGNfc_bw8;url=https%3A%2F%2Foxy.st%2Fd%2FuJvg;uht=2;fpan=1;fpa=P0-2081009822-1675702562393;pbc=;ns=0;ce=1;qjs=1;qv=bf501fc4-20230203135208;cm=;gdpr=0;ref=;d=oxy.st;dst=0;et=1675702562442;tzo=0;ogl=;ses=5de83f78-c843-4054-bc6b-182d3cbce4ea
IP
91.228.74.168:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
55d25e9dc950d5db4d53a3b195c046c6
75e91ae3e549dab12ed1c9787ade9131aef1c981
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

HTTP Headers

GET /pixel;r=1614997165;labels=Categories.technologyandcomputing;rf=0;a=p-6Fv0cGNfc_bw8;url=https%3A%2F%2Foxy.st%2Fd%2FuJvg;uht=2;fpan=1;fpa=P0-2081009822-1675702562393;pbc=;ns=0;ce=1;qjs=1;qv=bf501fc4-20230203135208;cm=;gdpr=0;ref=;d=oxy.st;dst=0;et=1675702562442;tzo=0;ogl=;ses=5de83f78-c843-4054-bc6b-182d3cbce4ea HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:55:16 GMT
content-type: image/gif
content-length: 35
cache-control: private, no-cache, no-store, proxy-revalidate
expires: Fri, 04 Aug 1978 12:00:00 GMT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
pragma: no-cache
set-cookie: mc=63e130f4-a51cd-0b6b3-1ecc3; expires=Fri, 08-Mar-2024 16:55:16 GMT; path=/; domain=.quantserve.com
X-Firefox-Spdy: h2

contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM

23.38.200.22

200 OK

5.7 kB

URL HTTP/2
contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM
IP
23.38.200.22:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (13426)
Size
5.7 kB (5746 bytes)
Hash
bf19ca918607dd6c94d72d4f73ba83df
8f860309c01915f0bd1e082c1294ab177c5f4999
0bd3530918145469d93d16d5ed233cff822007fb98ed1ada03bf2ae7b646ed67

HTTP Headers

GET /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Wed, 08 Feb 2023 16:55:16 GMT
date: Mon, 06 Feb 2023 16:55:16 GMT
content-length: 5746
X-Firefox-Spdy: h2

secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FuJvg%2526hn_ver%253D40%2526fid%253Dd350e2fe-ce49-4936-a6bb-4291a645443f

185.89.210.141

302 Found

0 B

URL HTTP/1.1
secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FuJvg%2526hn_ver%253D40%2526fid%253Dd350e2fe-ce49-4936-a6bb-4291a645443f
IP
185.89.210.141:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FuJvg%2526hn_ver%253D40%2526fid%253Dd350e2fe-ce49-4936-a6bb-4291a645443f HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Mon, 06 Feb 2023 16:55:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://s.cpx.to/an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FuJvg&hn_ver=40&fid=d350e2fe-ce49-4936-a6bb-4291a645443f
AN-X-Request-Uuid: 0679be4d-5feb-40af-b334-46ff1a386942
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 950.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com

nanouwho.com/9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=610741eba56d44628f0aa976530c3f2a

139.45.197.242

204 No Content

0 B

URL HTTP/2
nanouwho.com/9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=610741eba56d44628f0aa976530c3f2a
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

OPTIONS /9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=610741eba56d44628f0aa976530c3f2a HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Mon, 06 Feb 2023 16:55:16 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

139.45.197.242

200 OK

3.2 kB

URL HTTP/2
nanouwho.com/9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=610741eba56d44628f0aa976530c3f2a
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type
data
Size
3.2 kB (3246 bytes)
Hash
1a830b55658d55c4566746ed0590e504
c28e93e5b68efe9023f6157948d1921c019581fd
c3e4e762da26492eefa2eb4de16b7f91ef6e841ecabdedcd6721f8f4d1cb0bc0

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=610741eba56d44628f0aa976530c3f2a HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 156
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: scm=1; OAID=c8cea61f923a402c87757ad58fa0441e; oaidts=1675702516
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 16:55:16 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: b5802fe681aebbae2ff3f4448dac6cda
access-control-expose-headers: X-Sc
set-cookie: OAID=610741eba56d44628f0aa976530c3f2a; expires=Tue, 06 Feb 2024 16:55:16 GMT; secure; SameSite=None
oaidts=1675702516; expires=Tue, 06 Feb 2024 16:55:16 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6859
Expires: Mon, 06 Feb 2023 18:49:35 GMT
Date: Mon, 06 Feb 2023 16:55:16 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6859
Expires: Mon, 06 Feb 2023 18:49:35 GMT
Date: Mon, 06 Feb 2023 16:55:16 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6859
Expires: Mon, 06 Feb 2023 18:49:35 GMT
Date: Mon, 06 Feb 2023 16:55:16 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg

34.120.237.76

200 OK

9.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.8 kB (9808 bytes)
Hash
ccc8078cc937b7de0b299bcee1496f1b
395f04af71767acc9516387c8b07bde08968fdfe
cf959fc4a72d80dcab20c235bec6d21eadaab87efa7a8969744cd228628ba050

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9808
x-amzn-requestid: 75cc8041-19f5-4994-96b6-b14d3c90ec6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiSFZAIAMF65g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-355d272c345c8c37595b4bb2;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: T7YlRZ936VEDkBvo2YKrS3GbyEh1xzC8W-50KiODzFjTnQb-hvkKpw==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:03 GMT
age: 68713
etag: "395f04af71767acc9516387c8b07bde08968fdfe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&nse=5&vi=1675702516391807945&ugd=4&sff=0&pgid=p01609846086t202302061656&nb=1

23.38.200.22

200 OK

330 B

URL HTTP/2
contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&nse=5&vi=1675702516391807945&ugd=4&sff=0&pgid=p01609846086t202302061656&nb=1
IP
23.38.200.22:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (550), with no line terminators
Size
330 B (330 bytes)
Hash
118bcc30f9ff25a3fce7c29b39fa9d7c
852f59eafdfc2d21c2ab0b2f98aefabce69774d9
4a62b667a20fbc2066c25e5eefe04cf02b3af88ba5e605c4d019f8d0d80e4868

HTTP Headers

GET /smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&nse=5&vi=1675702516391807945&ugd=4&sff=0&pgid=p01609846086t202302061656&nb=1 HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-encoding: gzip
content-type: text/javascript
x-sc-h: 21-kgwh
expires: Mon, 06 Feb 2023 16:55:16 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 06 Feb 2023 16:55:16 GMT
content-length: 330
vary: Accept-Encoding
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F085f1306-f595-4e1a-8162-7d3d1f959ac3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.1 kB (9108 bytes)
Hash
7dbe304b5138a360ff07a9842bcf6a7f
00572f7667e322c9ef34bc35b7998c1c172dd34c
d63c58d6c96e23c61b92272de8c2aab01f4cf85f3420cc434c05447d355b1c77

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F085f1306-f595-4e1a-8162-7d3d1f959ac3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9108
x-amzn-requestid: 47a7d6da-229b-4fcc-a2c0-823f9c5e4224
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f0QLAGXgoAMFv6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63de60ac-5b8ee53114e58a056306067f;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 13:42:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 6oyg-X-GTV3HeKzW4a6Sa99JNjWcZFnE8okoqeAtp6ZgkTKCDtSoAw==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:46:53 GMT
age: 68903
etag: "00572f7667e322c9ef34bc35b7998c1c172dd34c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d1adf44-5bff-4d36-99c4-8dd0dc2e5ac2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.8 kB (9779 bytes)
Hash
352e4166a431e781e56cc7f169c7f8ca
866b76c34076cf2e18c6a071336fcf4f581f3c4d
75ba13b601f4b00c5b091eb29e7f6739ffee3e127bd6d3c4b35cc967bb6d354a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d1adf44-5bff-4d36-99c4-8dd0dc2e5ac2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9779
x-amzn-requestid: 101b984b-9c04-4d07-b1fe-3d888f4bcd49
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ftcNRFV_oAMF2_w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dba721-72679ba0378015034e17b8ca;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 12:05:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FRZf4nkQyttwihy5BBbuHzT9lYQvBPqcOTdT5esu46vqMTvXAi5aQw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 18:39:44 GMT
age: 80132
etag: "866b76c34076cf2e18c6a071336fcf4f581f3c4d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5aedadb2-31f3-4d54-b851-5dd3a166179d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.9 kB (3943 bytes)
Hash
d6107217bc206ebf204dfcf832cffc04
4f370e81106ef09ce9294eaa074ff6922197ded0
2cc25b8ddf56ceb274bd147d4e54f3fc386a97f984aa3a7bcc19f083fe68b94f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5aedadb2-31f3-4d54-b851-5dd3a166179d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3943
x-amzn-requestid: 918fd8d6-0118-4548-9380-e3078577a876
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzWBtEdKoAMFwnw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63de03a4-6d8ffde860d89fbc513a20f9;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 07:05:08 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ZRVPNp0hKlSBXYjgbVfF8MGqNMHCKF2T4fAqflvZz8z-Uy9bKR9HhA==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Mon, 06 Feb 2023 07:18:54 GMT
age: 34582
etag: "4f370e81106ef09ce9294eaa074ff6922197ded0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f78f981-25b3-46b1-a96b-baa8e001cc8e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8649 bytes)
Hash
ad2298793399bf73c51c7d60952065c1
816bd4c36ceea2c46489ae72fde0b4a94c7c4bef
dc540d64e5e0835c7007e89ca3b5dd620b43a87e13309f323f3843a5f908a199

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f78f981-25b3-46b1-a96b-baa8e001cc8e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8649
x-amzn-requestid: f85f3c9d-95c1-4db6-af5f-595070fe46c3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiRHzboAMFQCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-6eed72bf20887cac6dc1a56a;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tNp3KhwtaSjchn-VAo1VellQ63I1W9uIbkQ_84Y7z_4z--vGfz8PGA==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:53:56 GMT
age: 68480
etag: "816bd4c36ceea2c46489ae72fde0b4a94c7c4bef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F731dc7de-ce12-4639-9ceb-3218584c3d56.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10514 bytes)
Hash
9046d887fd45a0940e31a74173d17798
1ff698b9cf660165e846dfc4770f29852aedce45
0c7b0e1250aa7718b7b35b80a1442f62e94ace1fb578fb781ec8204ee96386d0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F731dc7de-ce12-4639-9ceb-3218584c3d56.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10514
x-amzn-requestid: ac2a383b-833d-4dae-9bd9-43dc3d9e373d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiPEIyoAMFqUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-436bb6816b269ce45b9f8600;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: RYNzle5-l5dOMPWb2Bmu_T5aIJw9NX2FKuJsej8hzpYZcgD6coH9SA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:09 GMT
age: 68707
etag: "1ff698b9cf660165e846dfc4770f29852aedce45"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Dd350e2fe-ce49-4936-a6bb-4291a645443f

185.64.190.80

200 OK

20 B

URL HTTP/2
image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Dd350e2fe-ce49-4936-a6bb-4291a645443f
IP
185.64.190.80:0
ASN
#62713 AS-PUBMATIC

File type
data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Dd350e2fe-ce49-4936-a6bb-4291a645443f HTTP/1.1
Host: image2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 16:55:16 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
556f5c7a9f240b687e6d8cab038146f7
09d07a0951991372674b19cc77f9e92d7a651bd3
67b80a1039965b4122197b7c6d7fc5d1c89c408ce27cd1ffaa8ec7d42fcdf0a5

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "67B80A1039965B4122197B7C6D7FC5D1C89C408CE27CD1FFAA8EC7D42FCDF0A5"
Last-Modified: Sun, 05 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3430
Expires: Mon, 06 Feb 2023 17:52:26 GMT
Date: Mon, 06 Feb 2023 16:55:16 GMT
Connection: keep-alive

ibrapush.com/custom

139.45.197.250

200 OK

0 B

URL HTTP/2
ibrapush.com/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 16:55:16 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

ibrapush.com/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
ibrapush.com/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Content-Type: application/json
Origin: https://oxy.st
Content-Length: 355
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 16:55:16 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: b89005b3cd9aee903038af13f70bbddb
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

nanouwho.com/11?rnd=3944702588&z=5630103&b=15901695&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=AAqO98XFOKqZxTenSEpaMCx5Ws5cjeb_ySlmABi_9eLp52D3WHy6WGLEUZQd93xA0uctphCoJ5XuNyJBwy-d3jn1bDA6w9vdWnXne63Sivi2NCWfGhFvy_SLuiMR77JzSF8l2xpUDS5q1CRX_2xh8hkN-QlQLVVWnf_v1B5ijbyxAKW29X-_lsL1i8MFuAX2l6ybeX7fZzmoPX6MS8zo_xPoDV6oLl7r7f9-NRLKLVk0beZaAYaiQTivIpEWL5ASVfOdg1O7uMS3QBECkqz7RsACjS6VYvKYCgA7kG26lLG9F5XgATAsC9--DtLh5_BaiPaDCNkFbD8qToHqS1KVPUOXInw_7mC3Zd4vHre0PtsdlHou_aMIqe0W5FlI3R111-H53bejyKxeiwsppTJmNzaZjv2_QHel-MW0T-MYptuzBhlx5-QOCKwZRlUbK7dXxBs6eND7ZpIJQ6lntQINQ1kscuVgnMkj2JnZIcaOS_TQlgADYQlBPdPjIIxaxgALFIE49cleKsLGZeLvqyWLOKldg3WuhIAM-7Y9q0W-v9D1msGh03HUC-rmdc5T44c8hwQxbTBIBVbI6uKfkpr4QAQpJIUGU3AdWU_6yI3snNCDXybQVTKnpLTn4aFTEsvlot29KJvNn1tCdA3szWpTplGxdb-aWEYPFKlbc4GXeWmrm7qom0PDtWZ4G3z7N6JGWrgfMGJ_wJ2JAOl6Pt7zl9v164w1b2PZyNEiujaC_uKnMuc66xr0BZIgoXvovpIqZ-fRoUbndi_GfM6yJLzRIajVL_5x1AdhcTJQ2zRHJR8=&ruid=482ef5de-5a04-4f8a-b9e0-0d18f11d3812&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=217

139.45.197.242

200 OK

0 B

URL HTTP/2
nanouwho.com/11?rnd=3944702588&z=5630103&b=15901695&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=AAqO98XFOKqZxTenSEpaMCx5Ws5cjeb_ySlmABi_9eLp52D3WHy6WGLEUZQd93xA0uctphCoJ5XuNyJBwy-d3jn1bDA6w9vdWnXne63Sivi2NCWfGhFvy_SLuiMR77JzSF8l2xpUDS5q1CRX_2xh8hkN-QlQLVVWnf_v1B5ijbyxAKW29X-_lsL1i8MFuAX2l6ybeX7fZzmoPX6MS8zo_xPoDV6oLl7r7f9-NRLKLVk0beZaAYaiQTivIpEWL5ASVfOdg1O7uMS3QBECkqz7RsACjS6VYvKYCgA7kG26lLG9F5XgATAsC9--DtLh5_BaiPaDCNkFbD8qToHqS1KVPUOXInw_7mC3Zd4vHre0PtsdlHou_aMIqe0W5FlI3R111-H53bejyKxeiwsppTJmNzaZjv2_QHel-MW0T-MYptuzBhlx5-QOCKwZRlUbK7dXxBs6eND7ZpIJQ6lntQINQ1kscuVgnMkj2JnZIcaOS_TQlgADYQlBPdPjIIxaxgALFIE49cleKsLGZeLvqyWLOKldg3WuhIAM-7Y9q0W-v9D1msGh03HUC-rmdc5T44c8hwQxbTBIBVbI6uKfkpr4QAQpJIUGU3AdWU_6yI3snNCDXybQVTKnpLTn4aFTEsvlot29KJvNn1tCdA3szWpTplGxdb-aWEYPFKlbc4GXeWmrm7qom0PDtWZ4G3z7N6JGWrgfMGJ_wJ2JAOl6Pt7zl9v164w1b2PZyNEiujaC_uKnMuc66xr0BZIgoXvovpIqZ-fRoUbndi_GfM6yJLzRIajVL_5x1AdhcTJQ2zRHJR8=&ruid=482ef5de-5a04-4f8a-b9e0-0d18f11d3812&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=217
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /11?rnd=3944702588&z=5630103&b=15901695&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=AAqO98XFOKqZxTenSEpaMCx5Ws5cjeb_ySlmABi_9eLp52D3WHy6WGLEUZQd93xA0uctphCoJ5XuNyJBwy-d3jn1bDA6w9vdWnXne63Sivi2NCWfGhFvy_SLuiMR77JzSF8l2xpUDS5q1CRX_2xh8hkN-QlQLVVWnf_v1B5ijbyxAKW29X-_lsL1i8MFuAX2l6ybeX7fZzmoPX6MS8zo_xPoDV6oLl7r7f9-NRLKLVk0beZaAYaiQTivIpEWL5ASVfOdg1O7uMS3QBECkqz7RsACjS6VYvKYCgA7kG26lLG9F5XgATAsC9--DtLh5_BaiPaDCNkFbD8qToHqS1KVPUOXInw_7mC3Zd4vHre0PtsdlHou_aMIqe0W5FlI3R111-H53bejyKxeiwsppTJmNzaZjv2_QHel-MW0T-MYptuzBhlx5-QOCKwZRlUbK7dXxBs6eND7ZpIJQ6lntQINQ1kscuVgnMkj2JnZIcaOS_TQlgADYQlBPdPjIIxaxgALFIE49cleKsLGZeLvqyWLOKldg3WuhIAM-7Y9q0W-v9D1msGh03HUC-rmdc5T44c8hwQxbTBIBVbI6uKfkpr4QAQpJIUGU3AdWU_6yI3snNCDXybQVTKnpLTn4aFTEsvlot29KJvNn1tCdA3szWpTplGxdb-aWEYPFKlbc4GXeWmrm7qom0PDtWZ4G3z7N6JGWrgfMGJ_wJ2JAOl6Pt7zl9v164w1b2PZyNEiujaC_uKnMuc66xr0BZIgoXvovpIqZ-fRoUbndi_GfM6yJLzRIajVL_5x1AdhcTJQ2zRHJR8=&ruid=482ef5de-5a04-4f8a-b9e0-0d18f11d3812&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=217 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: scm=1; OAID=610741eba56d44628f0aa976530c3f2a; oaidts=1675702516
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 16:55:16 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: bd6ef8ba7ce3f4c943699882d5c32531
access-control-expose-headers: X-Sc
set-cookie: OAID=610741eba56d44628f0aa976530c3f2a; expires=Tue, 06 Feb 2024 16:55:16 GMT; secure; SameSite=None
oaidts=1675702516; expires=Tue, 06 Feb 2024 16:55:16 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

oxy.st/sw.js

185.178.208.137

200 OK

6.1 kB

URL HTTP/2
oxy.st/sw.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
data
Size
6.1 kB (6086 bytes)
Hash
237de09759576083c4199e7fadd2b841
3b00d236c348cabe6a4f267c978998e2f7e87c56
8c91caa79ff01e30164e1e5328814a7c222e5f0bce4401deb5d8f768853b6a9f

HTTP Headers

GET /sw.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/d/uJvg
Connection: keep-alive
Cookie: __ddg1_=64KSKIV6k1qjDYHyRsfl; PHPSESSID=n0loce6qv7tuq82nuv0o9d4dt6; _pbjs_userid_consent_data=3524755945110770; sharedid=4d822a3b-d30a-4387-83ef-f8be13f9751e; cto_bundle=RfzxYl9mYXpDbzRpRFZxU0dRQ0FUdkM4OFVrT2hZUU81bXd5N2x0TGtWQWcyMDBnWnBqMkJ0dnh4RVBvM0dVWTl1eVBJJTJCJTJGJTJGbGlxSzdHcUdnM01XbkFYZXhIUU51SzdaJTJCdmN4JTJGQ2I2VFI1ZjhyU28lM0Q; cto_bidid=pDPBjF9ZMnZHY2tGeDJERmxDaHFTWmslMkZBQnM3NFJMWjFFcjBKUlZ2bGh6cSUyQm5HUnNRNjhJdDlaZWdKYU01NEpGJTJCekNiM0hma2lwekZ6dk54ZE5ja0twNFlwQSUzRCUzRA; session_depth=oxy.st%3D1%7C468178560%3D1; __qca=P0-2081009822-1675702562393; prefetchAd_5630105=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 06 Feb 2023 16:55:16 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
content-encoding: gzip
age: 3
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

offerimage.com/www/images/facbd5ed10ea4e916de93cf7ffe71319.jpeg

104.22.33.172

200 OK

6.6 kB

URL HTTP/2
offerimage.com/www/images/facbd5ed10ea4e916de93cf7ffe71319.jpeg
IP
104.22.33.172:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
6.6 kB (6625 bytes)
Hash
facbd5ed10ea4e916de93cf7ffe71319
7cfc8229da911a526eaa8299a7323e420fabbf4f
35c73459f8de06b2c35212407706860af9932efc722becd7d9167425c2681147

HTTP Headers

GET /www/images/facbd5ed10ea4e916de93cf7ffe71319.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:55:17 GMT
content-type: image/jpeg
content-length: 6625
cache-control: max-age=86400
cf-bgj: h2pri
etag: "61a82669-19e1"
expires: Mon, 06 Feb 2023 22:11:23 GMT
last-modified: Thu, 02 Dec 2021 01:50:33 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 67434
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7955699c3b6f2d63-ARN
X-Firefox-Spdy: h2

ibrapush.com/pfe/current/universal.min.js?v=3.1.415

139.45.197.250

200 OK

84 kB

URL HTTP/2
ibrapush.com/pfe/current/universal.min.js?v=3.1.415
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
data
Size
84 kB (83891 bytes)
Hash
062ad7f927febeb8b20c7a6d38457490
426bb37078d32cc80a6a919e94a66a24ad25579d
30ac6a720c9519b136ae9707f25f0370c64ff591374765bc168caab522ce082c

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.415 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 16:55:16 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-18c6c"
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

interstitial-07.com/contents/s/50/da/0f/5fb955b021768e45f755f3c1db/01057113345053.png

139.45.197.153

200 OK

16 kB

URL HTTP/2
interstitial-07.com/contents/s/50/da/0f/5fb955b021768e45f755f3c1db/01057113345053.png
IP
139.45.197.153:0
ASN
#9002 RETN Limited

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced\012- data
Size
16 kB (16240 bytes)
Hash
50da0f5fb955b021768e45f755f3c1db
8a9a208aba5928923a8ba1555b7e59ce6122d894
6ca878bbfd79a882d118d75a1bd152b14bb45997d69c2bca43548ccd8bd4ac9d

HTTP Headers

GET /contents/s/50/da/0f/5fb955b021768e45f755f3c1db/01057113345053.png HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=UwklZTCC7U4f8LU&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D2776184308%26z%3D5630103%26b%3D15901695%26c%3D6368614%26var%3D%26d%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DkFOvybLfhVI%2526t%253D6s%26cln%3D1%26btp%3D7%26rb%3DAAqO98XFOKqZxTenSEpaMCx5Ws5cjeb_ySlmABi_9eLp52D3WHy6WGLEUZQd93xA0uctphCoJ5XuNyJBwy-d3jn1bDA6w9vdWnXne63Sivi2NCWfGhFvy_SLuiMR77JzSF8l2xpUDS5q1CRX_2xh8hkN-QlQLVVWnf_v1B5ijbyxAKW29X-_lsL1i8MFuAX2l6ybeX7fZzmoPX6MS8zo_xPoDV6oLl7r7f9-NRLKLVk0beZaAYaiQTivIpEWL5ASVfOdg1O7uMS3QBECkqz7RsACjS6VYvKYCgA7kG26lLG9F5XgATAsC9--DtLh5_BaiPaDCNkFbD8qToHqS1KVPUOXInw_7mC3Zd4vHre0PtsdlHou_aMIqe0W5FlI3R111-H53bejyKxeiwsppTJmNzaZjv2_QHel-MW0T-MYptuzBhlx5-QOCKwZRlUbK7dXxBs6eND7ZpIJQ6lntQINQ1kscuVgnMkj2JnZIcaOS_TQlgADYQlBPdPjIIxaxgALFIE49cleKsLGZeLvqyWLOKldg3WuhIAM-7Y9q0W-v9D1msGh03HUC-rmdc5T44c8hwQxbTBIBVbI6uKfkpr4QAQpJIUGU3AdWU_6yI3snNCDXybQVTKnpLTn4aFTEsvlot29KJvNn1tCdA3szWpTplGxdb-aWEYPFKlbc4GXeWmrm7qom0PDtWZ4G3z7N6JGWrgfMGJ_wJ2JAOl6Pt7zl9v164w1b2PZyNEiujaC_uKnMuc66xr0BZIgoXvovpIqZ-fRoUbndi_GfM6yJLzRIajVL_5x1AdhcTJQ2zRHJR8%3D%26bag%3DFWuOy7mVj9dFk3oo3jPRgA%3D%3D%26ruid%3D482ef5de-5a04-4f8a-b9e0-0d18f11d3812%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FuJvg%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 16:55:17 GMT
content-type: image/png
content-length: 16240
last-modified: Mon, 28 Nov 2022 18:30:04 GMT
vary: Accept-Encoding
etag: "6384fe2c-3f70"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f

139.45.195.254

200 OK

12 B

URL HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
139.45.195.254:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1165
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Mon, 06 Feb 2023 16:55:21 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://oxy.st
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c4455a8901fc5ff61cd711137f563b0f
7cf4e2456c1713cb8f49803d7a580ff47d9c7c9b
7cca83bfdc93cc697cd7a933f55eb23e3a5f038b6ca8ce78b0d1100b233f1396

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7CCA83BFDC93CC697CD7A933F55EB23E3A5F038B6CA8CE78B0D1100B233F1396"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12811
Expires: Mon, 06 Feb 2023 20:28:48 GMT
Date: Mon, 06 Feb 2023 16:55:17 GMT
Connection: keep-alive

image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Dd350e2fe-ce49-4936-a6bb-4291a645443f

185.64.190.80

302 Found

30 kB

URL HTTP/2
image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Dd350e2fe-ce49-4936-a6bb-4291a645443f
IP
185.64.190.80:0
ASN
#62713 AS-PUBMATIC

File type
data
Size
30 kB (29819 bytes)
Hash
9a6149cb68c11e28eac8fba0f655cb2f
76ad833b8cad806dfc077a3d2567ed5d00f1b622
9502fac4b704f8bed893f296d1ce4cd0dc412c39ee5dc6ca72fddc31c0ef18bc

HTTP Headers

GET /AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Dd350e2fe-ce49-4936-a6bb-4291a645443f HTTP/1.1
Host: image2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Mon, 06 Feb 2023 16:55:15 GMT
set-cookie: KTPCACOOKIE=true; domain=pubmatic.com; secure; expires=Sun, 07-May-2023 16:55:15 GMT; path=/
location: https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Dd350e2fe-ce49-4936-a6bb-4291a645443f
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
X-Firefox-Spdy: h2

s.cpx.to/ca.png?dsp=dbm&fid=d350e2fe-ce49-4936-a6bb-4291a645443f&google_error=3

52.31.36.28

200 OK

95 B

URL HTTP/1.1
s.cpx.to/ca.png?dsp=dbm&fid=d350e2fe-ce49-4936-a6bb-4291a645443f&google_error=3
IP
52.31.36.28:0
ASN
#16509 AMAZON-02

File type
PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Size
95 B (95 bytes)
Hash
9606fa62df0ffe87253f3baf418f0e42
fe8520ab0bf1622350513d685ece5faf70b4e8c1
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

HTTP Headers

GET /ca.png?dsp=dbm&fid=d350e2fe-ce49-4936-a6bb-4291a645443f&google_error=3 HTTP/1.1
Host: s.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Cookie: cpSess=cb140cbac40007e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 16:55:17 GMT
Content-Type: image/png
Content-Length: 95
Connection: keep-alive
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: none
cache-control: no-store, must-revalidate, private, max-age=0
pragma: no-cache
set-cookie: cpSess=cb140cbac40007e; Expires=Tue, 06 Feb 2024 16:55:17 GMT; Domain=.cpx.to; Path=/; Secure; HttpOnly; SameSite=None

mwzeom.zeotap.com/mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=70c1c649-4968-4d7d-491e-24d79d8e25d2&reqId=fa151979-d430-42d3-76ac-6cb5ebb09651&zdid=1258&google_error=3

104.22.24.87

200 OK

95 B

URL HTTP/2
mwzeom.zeotap.com/mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=70c1c649-4968-4d7d-491e-24d79d8e25d2&reqId=fa151979-d430-42d3-76ac-6cb5ebb09651&zdid=1258&google_error=3
IP
104.22.24.87:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Size
95 B (95 bytes)
Hash
71a50dbba44c78128b221b7df7bb51f1
0ec63b140374ba704a58fa0c743cb357683313dd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

HTTP Headers

GET /mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=70c1c649-4968-4d7d-491e-24d79d8e25d2&reqId=fa151979-d430-42d3-76ac-6cb5ebb09651&zdid=1258&google_error=3 HTTP/1.1
Host: mwzeom.zeotap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Cookie: zc=70c1c649-4968-4d7d-491e-24d79d8e25d2; zsc=%5Bg%F7%84%D1%25w%A4H%00%A4%ED%9E%F6%7Bg%0CbJ%E9YI%8F%B6%C9%5Cu%DD%81%A7%81%0B%3B%F4%B5Nr%80%09f%81%7C%89%8B%07%ED%BA1%EAV%EB%0C%12%05%AD%F7%0C%1CI%D8CY%DEx%EB%F7%A1%1CAa%24O%BF%DF%D1%09%21%00%17%BD_%FF%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:55:17 GMT
content-type: image/png
content-length: 95
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://oxy.st
set-cookie: zc=70c1c649-4968-4d7d-491e-24d79d8e25d2; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7955699cc813b529-OSL
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js

142.250.74.170

200 OK

30 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js
IP
142.250.74.170:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (32034)
Size
30 kB (30186 bytes)
Hash
c54aac7ef64c39b4f384e0d5771d3b46
d3e059104378a3844862a5ed12a13f5d423e86b6
3e1b5002dd64d185f806edeefd333348f423584d876cfc966b5c13884c8fe3da

HTTP Headers

GET /ajax/libs/jquery/3.0.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30186
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 Feb 2023 18:53:23 GMT
expires: Sun, 04 Feb 2024 18:53:23 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 165714
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

s.cpx.to/an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FuJvg&hn_ver=40&fid=d350e2fe-ce49-4936-a6bb-4291a645443f

52.31.36.28

200 OK

95 B

URL HTTP/1.1
s.cpx.to/an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FuJvg&hn_ver=40&fid=d350e2fe-ce49-4936-a6bb-4291a645443f
IP
52.31.36.28:0
ASN
#16509 AMAZON-02

File type
PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Size
95 B (95 bytes)
Hash
9606fa62df0ffe87253f3baf418f0e42
fe8520ab0bf1622350513d685ece5faf70b4e8c1
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

HTTP Headers

GET /an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FuJvg&hn_ver=40&fid=d350e2fe-ce49-4936-a6bb-4291a645443f HTTP/1.1
Host: s.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Cookie: cpSess=cb140cbac40007e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 16:55:17 GMT
Content-Type: image/png
Content-Length: 95
Connection: keep-alive
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: none
cache-control: no-store, must-revalidate, private, max-age=0
pragma: no-cache
set-cookie: cpSess=cb140cbac40007e; Expires=Tue, 06 Feb 2024 16:55:17 GMT; Domain=.cpx.to; Path=/; Secure; HttpOnly; SameSite=None
p3p: CP="NOI DEV ADM"
expires: Mon, 06 Feb 2023 16:55:17 UTC

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
4441b9d8d453666fb7a35db1fe5817d2
e1ebb53e3773b4f1bd72181b0d13f8fcaa32f206
e26b6fb3a5d27e21e6c2353ed0f7bc5d94f879d5cc0cf798ec26d340a43d66df

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4824
Cache-Control: max-age=109930
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:55:17 GMT
Etag: "63e02887-139"
Expires: Tue, 07 Feb 2023 23:27:27 GMT
Last-Modified: Sun, 05 Feb 2023 22:07:03 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 313

csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1

178.250.0.162

200 OK

43 B

URL HTTP/2
csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1
IP
178.250.0.162:0
ASN
#44788 Criteo SA

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1 HTTP/1.1
Host: csm.fr.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:55:16 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

unphionetor.com/vctx?t=72747

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vctx?t=72747
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /vctx?t=72747 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Mon, 06 Feb 2023 16:55:17 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 26688f4a12020b6261ca5cee357b2c44
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ibrapush.com/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
ibrapush.com/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Content-Type: application/json
Origin: https://oxy.st
Content-Length: 699
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 16:55:17 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 2da00b0708e51956354ef9ef26189ff4
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Mon, 06 Feb 2023 16:55:17 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 476a8228ab8d8549cb8eb047af036a58
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

312 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
312 B (312 bytes)
Hash
92b631f7b55d843abd5dc7d324fce950
b3b95b87af1a860eaa2838893a4dae9437d2a1d8
8e86b9dd457844961a5e97c418053d33e41622d1bc9c8ffaef3bd5760b23f652

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3419
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:55:17 GMT
Last-Modified: Mon, 06 Feb 2023 15:58:19 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 312

ocsp.digicert.com/

93.184.220.29

200 OK

312 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
312 B (312 bytes)
Hash
92b631f7b55d843abd5dc7d324fce950
b3b95b87af1a860eaa2838893a4dae9437d2a1d8
8e86b9dd457844961a5e97c418053d33e41622d1bc9c8ffaef3bd5760b23f652

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3419
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:55:17 GMT
Last-Modified: Mon, 06 Feb 2023 15:58:19 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 312

interstitial-07.com/?l=UwklZTCC7U4f8LU&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D2776184308%26z%3D5630103%26b%3D15901695%26c%3D6368614%26var%3D%26d%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DkFOvybLfhVI%2526t%253D6s%26cln%3D1%26btp%3D7%26rb%3DAAqO98XFOKqZxTenSEpaMCx5Ws5cjeb_ySlmABi_9eLp52D3WHy6WGLEUZQd93xA0uctphCoJ5XuNyJBwy-d3jn1bDA6w9vdWnXne63Sivi2NCWfGhFvy_SLuiMR77JzSF8l2xpUDS5q1CRX_2xh8hkN-QlQLVVWnf_v1B5ijbyxAKW29X-_lsL1i8MFuAX2l6ybeX7fZzmoPX6MS8zo_xPoDV6oLl7r7f9-NRLKLVk0beZaAYaiQTivIpEWL5ASVfOdg1O7uMS3QBECkqz7RsACjS6VYvKYCgA7kG26lLG9F5XgATAsC9--DtLh5_BaiPaDCNkFbD8qToHqS1KVPUOXInw_7mC3Zd4vHre0PtsdlHou_aMIqe0W5FlI3R111-H53bejyKxeiwsppTJmNzaZjv2_QHel-MW0T-MYptuzBhlx5-QOCKwZRlUbK7dXxBs6eND7ZpIJQ6lntQINQ1kscuVgnMkj2JnZIcaOS_TQlgADYQlBPdPjIIxaxgALFIE49cleKsLGZeLvqyWLOKldg3WuhIAM-7Y9q0W-v9D1msGh03HUC-rmdc5T44c8hwQxbTBIBVbI6uKfkpr4QAQpJIUGU3AdWU_6yI3snNCDXybQVTKnpLTn4aFTEsvlot29KJvNn1tCdA3szWpTplGxdb-aWEYPFKlbc4GXeWmrm7qom0PDtWZ4G3z7N6JGWrgfMGJ_wJ2JAOl6Pt7zl9v164w1b2PZyNEiujaC_uKnMuc66xr0BZIgoXvovpIqZ-fRoUbndi_GfM6yJLzRIajVL_5x1AdhcTJQ2zRHJR8%3D%26bag%3DFWuOy7mVj9dFk3oo3jPRgA%3D%3D%26ruid%3D482ef5de-5a04-4f8a-b9e0-0d18f11d3812%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FuJvg%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0

139.45.197.153

200 OK

5.2 kB

URL HTTP/2
interstitial-07.com/?l=UwklZTCC7U4f8LU&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D2776184308%26z%3D5630103%26b%3D15901695%26c%3D6368614%26var%3D%26d%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DkFOvybLfhVI%2526t%253D6s%26cln%3D1%26btp%3D7%26rb%3DAAqO98XFOKqZxTenSEpaMCx5Ws5cjeb_ySlmABi_9eLp52D3WHy6WGLEUZQd93xA0uctphCoJ5XuNyJBwy-d3jn1bDA6w9vdWnXne63Sivi2NCWfGhFvy_SLuiMR77JzSF8l2xpUDS5q1CRX_2xh8hkN-QlQLVVWnf_v1B5ijbyxAKW29X-_lsL1i8MFuAX2l6ybeX7fZzmoPX6MS8zo_xPoDV6oLl7r7f9-NRLKLVk0beZaAYaiQTivIpEWL5ASVfOdg1O7uMS3QBECkqz7RsACjS6VYvKYCgA7kG26lLG9F5XgATAsC9--DtLh5_BaiPaDCNkFbD8qToHqS1KVPUOXInw_7mC3Zd4vHre0PtsdlHou_aMIqe0W5FlI3R111-H53bejyKxeiwsppTJmNzaZjv2_QHel-MW0T-MYptuzBhlx5-QOCKwZRlUbK7dXxBs6eND7ZpIJQ6lntQINQ1kscuVgnMkj2JnZIcaOS_TQlgADYQlBPdPjIIxaxgALFIE49cleKsLGZeLvqyWLOKldg3WuhIAM-7Y9q0W-v9D1msGh03HUC-rmdc5T44c8hwQxbTBIBVbI6uKfkpr4QAQpJIUGU3AdWU_6yI3snNCDXybQVTKnpLTn4aFTEsvlot29KJvNn1tCdA3szWpTplGxdb-aWEYPFKlbc4GXeWmrm7qom0PDtWZ4G3z7N6JGWrgfMGJ_wJ2JAOl6Pt7zl9v164w1b2PZyNEiujaC_uKnMuc66xr0BZIgoXvovpIqZ-fRoUbndi_GfM6yJLzRIajVL_5x1AdhcTJQ2zRHJR8%3D%26bag%3DFWuOy7mVj9dFk3oo3jPRgA%3D%3D%26ruid%3D482ef5de-5a04-4f8a-b9e0-0d18f11d3812%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FuJvg%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
IP
139.45.197.153:0
ASN
#9002 RETN Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1504)
Size
5.2 kB (5192 bytes)
Hash
409902819df3f9b470a2b1c9fbfaac43
f39347bb5da460042ae7cf3eed6b1bf2310c653f
28c4f11f26ebd11e856089cabf18dfc5431e52efeb7ddfa4a2f88d15f3eb2f7e

HTTP Headers

GET /?l=UwklZTCC7U4f8LU&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D2776184308%26z%3D5630103%26b%3D15901695%26c%3D6368614%26var%3D%26d%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DkFOvybLfhVI%2526t%253D6s%26cln%3D1%26btp%3D7%26rb%3DAAqO98XFOKqZxTenSEpaMCx5Ws5cjeb_ySlmABi_9eLp52D3WHy6WGLEUZQd93xA0uctphCoJ5XuNyJBwy-d3jn1bDA6w9vdWnXne63Sivi2NCWfGhFvy_SLuiMR77JzSF8l2xpUDS5q1CRX_2xh8hkN-QlQLVVWnf_v1B5ijbyxAKW29X-_lsL1i8MFuAX2l6ybeX7fZzmoPX6MS8zo_xPoDV6oLl7r7f9-NRLKLVk0beZaAYaiQTivIpEWL5ASVfOdg1O7uMS3QBECkqz7RsACjS6VYvKYCgA7kG26lLG9F5XgATAsC9--DtLh5_BaiPaDCNkFbD8qToHqS1KVPUOXInw_7mC3Zd4vHre0PtsdlHou_aMIqe0W5FlI3R111-H53bejyKxeiwsppTJmNzaZjv2_QHel-MW0T-MYptuzBhlx5-QOCKwZRlUbK7dXxBs6eND7ZpIJQ6lntQINQ1kscuVgnMkj2JnZIcaOS_TQlgADYQlBPdPjIIxaxgALFIE49cleKsLGZeLvqyWLOKldg3WuhIAM-7Y9q0W-v9D1msGh03HUC-rmdc5T44c8hwQxbTBIBVbI6uKfkpr4QAQpJIUGU3AdWU_6yI3snNCDXybQVTKnpLTn4aFTEsvlot29KJvNn1tCdA3szWpTplGxdb-aWEYPFKlbc4GXeWmrm7qom0PDtWZ4G3z7N6JGWrgfMGJ_wJ2JAOl6Pt7zl9v164w1b2PZyNEiujaC_uKnMuc66xr0BZIgoXvovpIqZ-fRoUbndi_GfM6yJLzRIajVL_5x1AdhcTJQ2zRHJR8%3D%26bag%3DFWuOy7mVj9dFk3oo3jPRgA%3D%3D%26ruid%3D482ef5de-5a04-4f8a-b9e0-0d18f11d3812%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FuJvg%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 16:55:17 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.27
set-cookie: reverse=RoJMMcq2I9jcTU3Xy1XHPYnQGd8ZOr3a5tMNN-TijkE; expires=Mon, 06-Feb-2023 17:55:17 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.165

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.165:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
46c85fe6372e2b84e585ef8cd7a1d76b
522d347db0f1276b8072cc13d23d63f2500e23f4
8b187f37a661c2fd7371c8ef1262628e37718b9df0d27ebe0cb84c6525f0da2a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 06 Feb 2023 16:55:17 GMT
Last-Modified: Mon, 06 Feb 2023 15:15:57 GMT
Server: ECS (nyb/1D0A)
X-Cache: Miss from cloudfront
Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: zvItIYWj_sXcZ8iY0Q0FtElq0G2Dv9C_bc7wJVUF6Wwj5cSk1ltMTw==
Age: 5960

gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st

178.250.0.157

200 OK

5.1 kB

URL HTTP/2
gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (13465)
Size
5.1 kB (5089 bytes)
Hash
b2a234c32de48365eec3396255c3c7ba
83fb699f0d4b58c850f8c8de3563df1021cbf1c9
a9af7ed025af9611e8629d7b4cfad97bbb4389fe4b93490e16cf283a04c47175

HTTP Headers

GET /syncframe?origin=rtus&topUrl=oxy.st HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:55:17 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
uid=5c6d4438-fa77-423f-80d8-63d36e07935e; expires=Sat, 02 Mar 2024 16:55:16 GMT; domain=.criteo.com; path=/; secure; samesite=none
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 509736
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

betotodilea.com/impression/QYHxKxWr81BdOJZHyCxqXPKrsxjhAwDGn_CboTbvrTPA28ayDI_aKplyfweq_mpVR6saaBQN3ovQLRxRjQA_p6mlnAgRTknBuHIaaJX9cjOqOdwkdlFlTv2jEWHpcyKZLp6C1PlKMvsG7n9aOPi_7B1cLixV4uik5OsMRUrJ5PE40JZleF5uGKw2NSeUMsTDxX7_fNvAy-3CI0VF9AtBLs9kvY8IAdhUSYauX8d7kKhE-R6_iJa1f6vMvXLia7pO5w9t4N1esreJKYsO1GyWvxygFk61y5jUc-6NlEHd_m3UFhHka1Fx97niZlnU86WIt4EKbwGQsPQfYyK1MczfYfBUjSeds8puJA54Im4dB3jxQwNiJAQkfJvAtBj_Ypptr98GX-5wz-uegpbd3biucJkerxYcPvLe_yxDBFmtXJah3wVdifSMVzntN_wbemXMeLk7yYUE2UP15fz8_kJyipZquk9id4yYuiqDRx0LRrEeLnnld2DfUxRMTBacejuFHD-OlHytSIEir2o_XBh0yTjM7RFKtx1eetFQaAT9l4FpRH-w-88eavtWsx45uNzCP0bVEtHRpuE=?_z=5630102&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

43 B

URL HTTP/2
betotodilea.com/impression/QYHxKxWr81BdOJZHyCxqXPKrsxjhAwDGn_CboTbvrTPA28ayDI_aKplyfweq_mpVR6saaBQN3ovQLRxRjQA_p6mlnAgRTknBuHIaaJX9cjOqOdwkdlFlTv2jEWHpcyKZLp6C1PlKMvsG7n9aOPi_7B1cLixV4uik5OsMRUrJ5PE40JZleF5uGKw2NSeUMsTDxX7_fNvAy-3CI0VF9AtBLs9kvY8IAdhUSYauX8d7kKhE-R6_iJa1f6vMvXLia7pO5w9t4N1esreJKYsO1GyWvxygFk61y5jUc-6NlEHd_m3UFhHka1Fx97niZlnU86WIt4EKbwGQsPQfYyK1MczfYfBUjSeds8puJA54Im4dB3jxQwNiJAQkfJvAtBj_Ypptr98GX-5wz-uegpbd3biucJkerxYcPvLe_yxDBFmtXJah3wVdifSMVzntN_wbemXMeLk7yYUE2UP15fz8_kJyipZquk9id4yYuiqDRx0LRrEeLnnld2DfUxRMTBacejuFHD-OlHytSIEir2o_XBh0yTjM7RFKtx1eetFQaAT9l4FpRH-w-88eavtWsx45uNzCP0bVEtHRpuE=?_z=5630102&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /impression/QYHxKxWr81BdOJZHyCxqXPKrsxjhAwDGn_CboTbvrTPA28ayDI_aKplyfweq_mpVR6saaBQN3ovQLRxRjQA_p6mlnAgRTknBuHIaaJX9cjOqOdwkdlFlTv2jEWHpcyKZLp6C1PlKMvsG7n9aOPi_7B1cLixV4uik5OsMRUrJ5PE40JZleF5uGKw2NSeUMsTDxX7_fNvAy-3CI0VF9AtBLs9kvY8IAdhUSYauX8d7kKhE-R6_iJa1f6vMvXLia7pO5w9t4N1esreJKYsO1GyWvxygFk61y5jUc-6NlEHd_m3UFhHka1Fx97niZlnU86WIt4EKbwGQsPQfYyK1MczfYfBUjSeds8puJA54Im4dB3jxQwNiJAQkfJvAtBj_Ypptr98GX-5wz-uegpbd3biucJkerxYcPvLe_yxDBFmtXJah3wVdifSMVzntN_wbemXMeLk7yYUE2UP15fz8_kJyipZquk9id4yYuiqDRx0LRrEeLnnld2DfUxRMTBacejuFHD-OlHytSIEir2o_XBh0yTjM7RFKtx1eetFQaAT9l4FpRH-w-88eavtWsx45uNzCP0bVEtHRpuE=?_z=5630102&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Cookie: OAID=610741eba56d44628f0aa976530c3f2a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 16:55:21 GMT
content-type: image/gif
content-length: 43
x-trace-id: 021264ed7d7bd3e85aeebd5e7840585d
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

betotodilea.com/500/5630102?excludes=16649883&oaid=610741eba56d44628f0aa976530c3f2a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/500/5630102?excludes=16649883&oaid=610741eba56d44628f0aa976530c3f2a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

OPTIONS /500/5630102?excludes=16649883&oaid=610741eba56d44628f0aa976530c3f2a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 16:55:21 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://oxy.st
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

offerimage.com/www/images/7ae3bb465199b4533b41ae141967b103.jpeg

104.22.33.172

200 OK

13 kB

URL HTTP/2
offerimage.com/www/images/7ae3bb465199b4533b41ae141967b103.jpeg
IP
104.22.33.172:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 192x192, components 3\012- data
Size
13 kB (12923 bytes)
Hash
7ae3bb465199b4533b41ae141967b103
3c7d9a07b2ffa315958d62de32ac171081e314a7
a47d25afdb0e2570c1adf15fd9ede3f1eef9a285e4240ff92daf02c765a68d74

HTTP Headers

GET /www/images/7ae3bb465199b4533b41ae141967b103.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:55:21 GMT
content-type: image/jpeg
content-length: 12923
cache-control: max-age=86400
cf-bgj: h2pri
etag: "62ede6d7-327b"
expires: Tue, 07 Feb 2023 07:12:46 GMT
last-modified: Sat, 06 Aug 2022 03:58:15 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 34955
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 795569b91baf2d63-ARN
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?pub=0&userId=48f9c7c4eb74440fa840e8e23c743c10&zoneId=5630104&checkDuplicate=true&ymid=&var=

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js?pub=0&userId=48f9c7c4eb74440fa840e8e23c743c10&zoneId=5630104&checkDuplicate=true&ymid=&var=
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
9a2174cc35e2abce8230d1d897de78b6
bf995b5d20000029779933146732d0aff7e9e9f8
752b602ff76df14ff3f282ec60c52963ee79d355459ec2eafe5eb76aea524b0e

HTTP Headers

GET /gid.js?pub=0&userId=48f9c7c4eb74440fa840e8e23c743c10&zoneId=5630104&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Cookie: ID=610741eba56d44628f0aa976530c3f2a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 16:55:23 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=610741eba56d44628f0aa976530c3f2a; expires=Tue, 06 Feb 2024 16:55:23 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

nanouwho.com/27/843a9f1226eda0484b879504742bc6d9

139.45.197.242

200 OK

0 B

URL HTTP/2
nanouwho.com/27/843a9f1226eda0484b879504742bc6d9
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /27/843a9f1226eda0484b879504742bc6d9 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Cookie: scm=1; OAID=c8cea61f923a402c87757ad58fa0441e; oaidts=1675702516
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 16:55:16 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
cache-control: max-age:290304000, public
last-modified: Fri, 03 Feb 2023 06:00:36 GMT
expires: Fri, 05 Mar 2083 06:00:36 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

ads.themoneytizer.com/s/gen.js?type=2

185.76.9.25

200 OK

0 B

URL HTTP/2
ads.themoneytizer.com/s/gen.js?type=2
IP
185.76.9.25:0
ASN
#60068 Datacamp Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /s/gen.js?type=2 HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:55:15 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=604800
x-accel-expires: @1676264547
server: CDN77-Turbo
x-77-nzt: AblMCRS/0Zr/EKcAAA
x-77-nzt-ray: af585630afabec98f330e1634830de0e
x-cache: HIT
x-age: 42768
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

ads.themoneytizer.com/moneybid7_28/build/dist/prebid.js

185.76.9.25

200 OK

0 B

URL HTTP/2
ads.themoneytizer.com/moneybid7_28/build/dist/prebid.js
IP
185.76.9.25:0
ASN
#60068 Datacamp Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /moneybid7_28/build/dist/prebid.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:55:15 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 21:13:00 GMT
expires: Tue, 07 Feb 2023 05:02:27 GMT
cache-control: max-age=86400, public, no-transform
pragma: public
x-accel-expires: @1675746147
server: CDN77-Turbo
x-77-nzt: AblMCRSgl1b/EKcAAA
x-77-nzt-ray: af585630afabec98f330e16301f9b115
x-cache: HIT
x-age: 42768
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

bedrapiona.com/5/5630105/?oo=1&js_build=iclick-v1.482.0

139.45.197.234

200 OK

0 B

URL HTTP/2
bedrapiona.com/5/5630105/?oo=1&js_build=iclick-v1.482.0
IP
139.45.197.234:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /5/5630105/?oo=1&js_build=iclick-v1.482.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 16:55:15 GMT
content-type: application/json
x-trace-id: 72b77d0e82ea72f51f31d80cc78e1121
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=610741eba56d44628f0aa976530c3f2a; expires=Tue, 06 Feb 2024 16:55:15 GMT; path=/; secure; SameSite=None
oaidts=1675702515; expires=Tue, 06 Feb 2024 16:55:15 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

gem.gbc.criteo.com/newidsd

185.235.84.43

200 OK

0 B

URL HTTP/2
gem.gbc.criteo.com/newidsd
IP
185.235.84.43:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:55:16 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 91993
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

onmarshtompor.com/?rb=KqDoT_4tq2U_w0lKSul8OsCX-WRGKVSH_NCmfj6reZjsL-x1t3ip2BxVaHJl9eR9mpKLlBR2Hq7T-c9UM6IpHlmkl4Wyu6d4b_SDcF-3q4NczfTpcOow-ezoqxGFnbbn7i_hpqEeP0DK5UoDu5Bd-_nZujUxXAdrleRxCdKLOD1XeiGKVsFhT4wToscjX_1TQxM56jTCquhXD6TpBE6chcpLZCKRBRmN&request_ab2=0&zoneid=5630105&js_build=iclick-v1.482.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=3&pl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.482.0&bs=bf647006-a3e2-4ecf-87da-cf771a91b071&userId=610741eba56d44628f0aa976530c3f2a&m=link

139.45.197.243

200 OK

0 B

URL HTTP/2
onmarshtompor.com/?rb=KqDoT_4tq2U_w0lKSul8OsCX-WRGKVSH_NCmfj6reZjsL-x1t3ip2BxVaHJl9eR9mpKLlBR2Hq7T-c9UM6IpHlmkl4Wyu6d4b_SDcF-3q4NczfTpcOow-ezoqxGFnbbn7i_hpqEeP0DK5UoDu5Bd-_nZujUxXAdrleRxCdKLOD1XeiGKVsFhT4wToscjX_1TQxM56jTCquhXD6TpBE6chcpLZCKRBRmN&request_ab2=0&zoneid=5630105&js_build=iclick-v1.482.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=3&pl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.482.0&bs=bf647006-a3e2-4ecf-87da-cf771a91b071&userId=610741eba56d44628f0aa976530c3f2a&m=link
IP
139.45.197.243:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /?rb=KqDoT_4tq2U_w0lKSul8OsCX-WRGKVSH_NCmfj6reZjsL-x1t3ip2BxVaHJl9eR9mpKLlBR2Hq7T-c9UM6IpHlmkl4Wyu6d4b_SDcF-3q4NczfTpcOow-ezoqxGFnbbn7i_hpqEeP0DK5UoDu5Bd-_nZujUxXAdrleRxCdKLOD1XeiGKVsFhT4wToscjX_1TQxM56jTCquhXD6TpBE6chcpLZCKRBRmN&request_ab2=0&zoneid=5630105&js_build=iclick-v1.482.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=3&pl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.482.0&bs=bf647006-a3e2-4ecf-87da-cf771a91b071&userId=610741eba56d44628f0aa976530c3f2a&m=link HTTP/1.1
Host: onmarshtompor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 16:55:16 GMT
content-type: application/json
x-trace-id: 62e5ba73018cbc3e254b78e477043e43
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=610741eba56d44628f0aa976530c3f2a; expires=Tue, 06 Feb 2024 16:55:16 GMT; path=/; secure; SameSite=None
oaidts=1675702516; expires=Tue, 06 Feb 2024 16:55:16 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Mon, 13 Feb 2023 16:55:16 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

inklinkor.com/tag.min.js

172.67.211.29

200 OK

0 B

URL HTTP/2
inklinkor.com/tag.min.js
IP
172.67.211.29:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:55:15 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 82eb3d50c50bd0b74367a0230463f2be
cache-control: max-age=86400
last-modified: Mon, 06 Feb 2023 12:50:14 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 07 Feb 2023 16:42:58 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 737
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9%2BWhifyIoX5efbxe380q6%2FltXIwwaO7OlaPpkZF8BMTpca7Oomy5%2FRHM60ivG2izB9lZFWwPacHNUoZD2KHWRWhck3T4%2B3U6HPZ1WYNjHlUOEedI9lidDLB%2BgN2qDGQX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 795569911ce3b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258

104.22.24.87

200 OK

0 B

URL HTTP/2
spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258
IP
104.22.24.87:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /mapper.js?env=mWeb&eventType=pageview&zdid=1258 HTTP/1.1
Host: spl.zeotap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:55:15 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://oxy.st
vary: Origin, Accept-Encoding
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 795569922eeab529-OSL
content-encoding: br
X-Firefox-Spdy: h2

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/500/5630102?excludes=16649883&oaid=610741eba56d44628f0aa976530c3f2a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /500/5630102?excludes=16649883&oaid=610741eba56d44628f0aa976530c3f2a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: OAID=610741eba56d44628f0aa976530c3f2a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 16:55:21 GMT
content-type: application/javascript
x-trace-id: e5a2b3727d7e065994643e9680044226
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://oxy.st
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=610741eba56d44628f0aa976530c3f2a; expires=Tue, 06 Feb 2024 16:55:21 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

oxy.st/images/ltd.svg

185.178.208.137

200 OK

0 B

URL HTTP/2
oxy.st/images/ltd.svg
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/ltd.svg HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/uJvg
Cookie: __ddg1_=64KSKIV6k1qjDYHyRsfl; PHPSESSID=n0loce6qv7tuq82nuv0o9d4dt6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 05:15:45 GMT
content-type: image/svg+xml
last-modified: Fri, 20 Nov 2020 00:55:29 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 19700
ddg-cache-status: HIT,HIT
etag: W/"5fb71401-c420"
age: 214770
X-Firefox-Spdy: h2

ag.gbc.criteo.com/newidsd

178.250.6.131

200 OK

0 B

URL HTTP/2
ag.gbc.criteo.com/newidsd
IP
178.250.6.131:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:55:17 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 55313
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=2

185.76.9.25

200 OK

0 B

URL HTTP/2
ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=2
IP
185.76.9.25:0
ASN
#60068 Datacamp Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /s/requestform.js?siteId=85433&formatId=2 HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:55:15 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=604800
x-accel-expires: @1676264592
server: CDN77-Turbo
x-77-nzt: AblMCRSC9rv/46YAAA
x-77-nzt-ray: af585630afabec98f330e163bc63ed0e
x-cache: HIT
x-age: 42723
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

ads.themoneytizer.com/IIQUniversalID.js

185.76.9.25

200 OK

0 B

URL HTTP/2
ads.themoneytizer.com/IIQUniversalID.js
IP
185.76.9.25:0
ASN
#60068 Datacamp Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /IIQUniversalID.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:55:15 GMT
content-type: application/javascript
last-modified: Wed, 12 Oct 2022 18:48:43 GMT
expires: Tue, 07 Feb 2023 05:02:29 GMT
cache-control: max-age=86400, public, no-transform
pragma: public
x-accel-expires: @1675746149
server: CDN77-Turbo
x-77-nzt: AblMCRTQTbv/DqcAAA
x-77-nzt-ray: af585630afabec98f330e1639337fb14
x-cache: HIT
x-age: 42766
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

gum.criteo.com/sync?c=147&r=2&j=criteoCallback

178.250.0.157

200 OK

0 B

URL HTTP/2
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
x-crto-bundle: RfzxYl9mYXpDbzRpRFZxU0dRQ0FUdkM4OFVrT2hZUU81bXd5N2x0TGtWQWcyMDBnWnBqMkJ0dnh4RVBvM0dVWTl1eVBJJTJCJTJGJTJGbGlxSzdHcUdnM01XbkFYZXhIUU51SzdaJTJCdmN4JTJGQ2I2VFI1ZjhyU28lM0Q
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:55:16 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 3226759
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1

178.250.0.157

200 OK

0 B

URL HTTP/2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:55:15 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 255489
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

betotodilea.com/500/5630102?excludes=&oaid=610741eba56d44628f0aa976530c3f2a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&pl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/500/5630102?excludes=&oaid=610741eba56d44628f0aa976530c3f2a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&pl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /500/5630102?excludes=&oaid=610741eba56d44628f0aa976530c3f2a&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&pl=https%3A%2F%2Foxy.st%2Fd%2FuJvg&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: OAID=76744f26958d4aaf87fd21d72debf608
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 16:55:16 GMT
content-type: application/javascript
x-trace-id: 38a3096da553fdd58ec63f85db8a7d7f
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://oxy.st
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=610741eba56d44628f0aa976530c3f2a; expires=Tue, 06 Feb 2024 16:55:16 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

dnacdn.net/dna

178.250.2.146

200 OK

0 B

URL HTTP/2
dnacdn.net/dna
IP
178.250.2.146:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=XxPAMF80M0RITmhlJTJCZkMwOUJGQlhaMUN2czFxdSUyRjlZaUpJbHolMkZya1UwQW4zeUk2SEIybUoxYnZMOXN6QVhDbzdGZlp4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:55:17 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=0jkdOl80M0RITmhlJTJCZkMwOUJGQlhaMUN2czFxdSUyRjlZaUpJbHolMkZya1UwQW4zeUk1JTJCWDllcSUyQkdFUGpOenVSeFlFNm9tWA; expires=Sat, 02 Mar 2024 16:55:17 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 201637
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

oxy.name/d/uJvg

172.67.218.114

301 Moved Permanently

0 B

URL HTTP/2
oxy.name/d/uJvg
IP
172.67.218.114:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /d/uJvg HTTP/1.1
Host: oxy.name
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 301 Moved Permanently
date: Mon, 06 Feb 2023 16:55:14 GMT
content-type: text/html; charset=UTF-8
location: https://oxy.st/d/uJvg
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NvAFev23Xmuyjhd%2BdfCibj%2BQLFCdrpDGPK2iHEvs17DzktGgSokC%2B8RZT7hTrGyv8cz0yJledFicYqgCda0sKb3aZ%2FQ381aCfIsCPdQK%2B9BLePX9pYtXEUf%2BMw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7955698b9b46b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

oxy.st/d/uJvg

185.178.208.137

200 OK

0 B

URL HTTP/2
oxy.st/d/uJvg
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /d/uJvg HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 06 Feb 2023 16:55:14 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: __ddg1_=64KSKIV6k1qjDYHyRsfl; Domain=.oxy.st; HttpOnly; Path=/; Expires=Tue, 06-Feb-2024 16:55:14 GMT
PHPSESSID=n0loce6qv7tuq82nuv0o9d4dt6; path=/; domain=.oxy.st
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (53)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML