oxy.st/d/gOog
301 Moved Permanently 568 B IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (564), with no line terminators
Hash 2761b98db33884ab29711096ab315edb
8cea6e53464aea178b72e06a906205d040f14ca5
9f7a07f69d9b9a5af186a79159ccea18935ab4103128ca967e3f3f8ae45fb3ee
GET /d/gOog HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: ddos-guard
Date: Wed, 25 Jan 2023 10:59:29 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Location: https://oxy.st/d/gOog
Content-Type: text/html; charset=utf8
Content-Length: 568
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5fe582397f3003b225cb9058e02c2190
68174a54a8f6c4de9247ccea2dcae3c9b76bdb9f
238a2ef5b61d56353d0a5e97ec3092b8f2792cde7cecf40e1a858f8c129d3a9d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "238A2EF5B61D56353D0A5E97EC3092B8F2792CDE7CECF40E1A858F8C129D3A9D"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2859
Expires: Wed, 25 Jan 2023 11:47:09 GMT
Date: Wed, 25 Jan 2023 10:59:30 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 04512fea22644dc0d22c3f3a665f6645
0e213646abfc6d9560ba562362fd9e9115be8354
124d9534f75506b8e8c7535ee7295ac4e6cf5a8249a0edac6940839e56043181
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "124D9534F75506B8E8C7535EE7295AC4E6CF5A8249A0EDAC6940839E56043181"
Last-Modified: Mon, 23 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15423
Expires: Wed, 25 Jan 2023 15:16:33 GMT
Date: Wed, 25 Jan 2023 10:59:30 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 25 Jan 2023 10:35:12 GMT
content-type: application/json
age: 1458
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6cd4f1da1215c7473500807c185f2449
b14db0c67cf1f5faf85648ed8f94baf2dd03808b
9750518efd869da5ff74ba65a196445bd4340c909157cc1a420f62c1d07224a0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9750518EFD869DA5FF74BA65A196445BD4340C909157CC1A420F62C1D07224A0"
Last-Modified: Mon, 23 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5425
Expires: Wed, 25 Jan 2023 12:29:55 GMT
Date: Wed, 25 Jan 2023 10:59:30 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: n3EPIYopQRZZjB3+RDx/siqVopoOdaCeCTEt8owuPNwiZBosxFMcxVaS+Ftjsyp1+5SjEzl2guM=
x-amz-request-id: NG285E7G3T036E15
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 25 Jan 2023 10:19:38 GMT
age: 2392
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:59:30 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f76b8950a42b636924dcc67ebd600673
b9f1beb1d0014251614d4d64473ed5a082ba105e
84d2fd9403bddf7853c5560e594234824bc7d4b22a98fa9da7742664b008d4bf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "84D2FD9403BDDF7853C5560E594234824BC7D4B22A98FA9DA7742664B008D4BF"
Last-Modified: Mon, 23 Jan 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4480
Expires: Wed, 25 Jan 2023 12:14:10 GMT
Date: Wed, 25 Jan 2023 10:59:30 GMT
Connection: keep-alive
oxy.st/slake/asset/css/jquery.mCustomScrollbar.min.css
200 OK 4.0 kB URL HTTP/2 oxy.st/slake/asset/css/jquery.mCustomScrollbar.min.css
IP
File type ASCII text, with very long lines (42894), with no line terminators
Hash a6ffd799664bd950121e2e9f0d9b2667
88af5ed7d6e3ed43ee0ec21fb314e03fb07867f0
de088565a1c5910a1c409bf3ec676c5d0c7c1304a18c744b46771c09fa6bdcad
GET /slake/asset/css/jquery.mCustomScrollbar.min.css HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/gOog
Cookie: __ddg1_=5o32YGSxdjpR9B5MXBUR; PHPSESSID=tcqu9dsm9ntsm3arj92b49ngq0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 20 Jan 2023 02:57:41 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
etag: W/"5eefbeb2-a78e"
access-control-allow-origin: *
content-encoding: gzip
age: 460909
content-length: 3950
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/slake/cookie.css?ver=6
200 OK 299 B URL HTTP/2 oxy.st/slake/cookie.css?ver=6
IP
Hash 6d5f76f4027c2e9a60d78a83f4b952cd
b4ae6d8509643916be8eff3979acec375867708b
2338311f30dadbc2bffe2bdbfdd100c148e8fe4cb50ca669c7ff602a9c206f94
GET /slake/cookie.css?ver=6 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/gOog
Cookie: __ddg1_=5o32YGSxdjpR9B5MXBUR; PHPSESSID=tcqu9dsm9ntsm3arj92b49ngq0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 15 Jan 2023 20:53:50 GMT
content-type: text/css
last-modified: Mon, 15 Feb 2021 21:38:28 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "602ae9d4-224"
age: 828340
content-length: 299
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
200 OK 591 B URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
IP
File type ASCII text, with very long lines (1266)
Hash 414869f16aa77a65b4928a018f7f1abb
cea521f7a2958a50239526ed6b068f0937527653
afee364ce513c6517247b81cce5eb5eadb1dbbb35e439eb3fa97bbc15fac2cd3
GET /ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:30 GMT
content-type: application/javascript; charset=utf-8
content-length: 591
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec1-514"
last-modified: Mon, 04 May 2020 16:11:45 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 7238263
expires: Mon, 15 Jan 2024 10:59:30 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P7PBDsj7FCwAk3xjKOkF9LG71cBSKGmvH07aCuFpAz3eMSDScUheYS7W2acDlgNPPSpTkAORLZ%2FAiUKZKZM5L2bogWXtXNy2wtFEXVHU1HSFAj6eevka7AtAKwpgWMd5DWg8xhUw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 78f07ff528f10b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
oxy.st/slake/asset/css/elements.css?1
200 OK 24 kB URL HTTP/2 oxy.st/slake/asset/css/elements.css?1
IP
File type ASCII text, with very long lines (460), with CRLF line terminators
Hash 82db06ca267ac7fdd878a1df35f41f4e
9dae7f1ae60d7b83dbdada64fd1b4296f8f20051
3847721350fd764d4d21cb4d2e02ab95c4ccdaa9d8ffefeb6f1078bf169ac6fb
GET /slake/asset/css/elements.css?1 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/gOog
Cookie: __ddg1_=5o32YGSxdjpR9B5MXBUR; PHPSESSID=tcqu9dsm9ntsm3arj92b49ngq0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 19 Jan 2023 10:53:34 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 24208
ddg-cache-status: HIT,HIT
etag: W/"5eefbeb2-2fbea"
age: 518756
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 1005c9e99dc8d4390861d6730c7a403b
0e3858ae26a1c01e0160e3b60e400bea202ebd05
4ff7ceb81a3dad4fefd3a15ece4ce13898624c01bf5a0cb4fdd90958978ed6b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 10:59:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
oxy.st/slake/responsive.css?ver=5
200 OK 12 kB URL HTTP/2 oxy.st/slake/responsive.css?ver=5
IP
Hash c9887952027ae1466ab90ba9dcd23ce3
0afb76db6c9644265da1820da0afe7aaef448e53
f16e171dae88fb2e1970604b6152409551d184fb1977a2668dd19f36dc0ab338
GET /slake/responsive.css?ver=5 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/gOog
Cookie: __ddg1_=5o32YGSxdjpR9B5MXBUR; PHPSESSID=tcqu9dsm9ntsm3arj92b49ngq0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 20 Jan 2023 18:15:26 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 22:27:36 GMT
vary: Accept-Encoding
etag: W/"5eefded8-135c7"
access-control-allow-origin: *
content-encoding: gzip
age: 405844
content-length: 11872
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/slake/style.css?ver=6
200 OK 24 kB URL HTTP/2 oxy.st/slake/style.css?ver=6
IP
Hash cd7b3e4dfecea7028bc1bdeda5a47477
5c37dcaa4ed3c2a4051e4dc1714a342ac0de8365
4d401337713e7f1c9f6588f8f7d79721e531c837b5f2f73c0b3cb372fd8f9b87
GET /slake/style.css?ver=6 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/gOog
Cookie: __ddg1_=5o32YGSxdjpR9B5MXBUR; PHPSESSID=tcqu9dsm9ntsm3arj92b49ngq0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 21 Jan 2023 16:34:50 GMT
content-type: text/css
last-modified: Fri, 18 Dec 2020 20:37:06 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5fdd12f2-2a549"
age: 325480
content-length: 24360
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/img/oxy-logo.svg
200 OK 3.2 kB IP
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1126)
Hash 4dbb074be70991a358f914be3c00ad99
5f699e31b76bcb7e69fc4478a04b73b3df0e855a
9531a716a5007ddfc819613ec77f883ba963578d699f824034b4962f8221b8bf
GET /img/oxy-logo.svg HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/gOog
Cookie: __ddg1_=5o32YGSxdjpR9B5MXBUR; PHPSESSID=tcqu9dsm9ntsm3arj92b49ngq0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 17 Jan 2023 13:56:30 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Feb 2021 01:25:02 GMT
vary: Accept-Encoding
etag: W/"602c706e-2019"
access-control-allow-origin: *
content-encoding: gzip
age: 680580
ddg-cache-status: HIT,MISS
content-length: 3204
X-Firefox-Spdy: h2
oxy.st/slake/asset/js/ajax-subscribe.js
200 OK 635 B URL HTTP/2 oxy.st/slake/asset/js/ajax-subscribe.js
IP
File type ASCII text, with CRLF line terminators
Hash 574b8cde44d6b421cd12af0df0cca335
7dbd98f2d7925795343e8b8a3fc0c91ba496f526
035c75b2646589e751a275f3469f1e53b5e9c55cff4f0b3d3cbdfbb248aef9c2
GET /slake/asset/js/ajax-subscribe.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/gOog
Cookie: __ddg1_=5o32YGSxdjpR9B5MXBUR; PHPSESSID=tcqu9dsm9ntsm3arj92b49ngq0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 20 Jan 2023 16:13:47 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
etag: W/"5eefbeb2-595"
access-control-allow-origin: *
content-encoding: gzip
age: 413143
content-length: 635
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/slake/asset/js/main.js
200 OK 1.8 kB URL HTTP/2 oxy.st/slake/asset/js/main.js
IP
File type ASCII text, with very long lines (368)
Hash 76d3c4da3644ed1684ed54ff59305a5a
3e03f21e8af17de66be1aa22a6f952c000fbcc70
adc0957a4224cf75ae632338e6e52591d0552189b8ba1a4e7f19885405dfc2f8
GET /slake/asset/js/main.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/gOog
Cookie: __ddg1_=5o32YGSxdjpR9B5MXBUR; PHPSESSID=tcqu9dsm9ntsm3arj92b49ngq0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 22 Jan 2023 13:24:04 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
etag: W/"5eefbeb2-2210"
access-control-allow-origin: *
content-encoding: gzip
age: 250526
content-length: 1840
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/slake/asset/js/bootstrap.min.js
200 OK 13 kB URL HTTP/2 oxy.st/slake/asset/js/bootstrap.min.js
IP
File type ASCII text, with very long lines (48664)
Hash 061a1656d3064d501413d45bef002938
1fec864435f996d6f5cec2f95b9b24cafef0b182
a7b82b175ee2cb823d904fc89454e91e6e92c91f91c0de1663d54e62bf3cc6e1
GET /slake/asset/js/bootstrap.min.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/gOog
Cookie: __ddg1_=5o32YGSxdjpR9B5MXBUR; PHPSESSID=tcqu9dsm9ntsm3arj92b49ngq0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 15 Jan 2023 17:11:16 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 13046
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-bf30"
age: 841694
X-Firefox-Spdy: h2
oxy.st/css/cloud.css
200 OK 9.2 kB IP
File type ASCII text, with very long lines (14454)
Hash 0517562cc81de376b3c1fee3e8bef414
80df32c8b71549b0253cce1b47fe13d82fc1b604
184ccb46109faef0678ef3a603a551e55d3f9ff74a200ebeaba2c23655e52c8a
GET /css/cloud.css HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/gOog
Cookie: __ddg1_=5o32YGSxdjpR9B5MXBUR; PHPSESSID=tcqu9dsm9ntsm3arj92b49ngq0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 19 Jan 2023 12:30:29 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:25 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 9206
ddg-cache-status: HIT,HIT
etag: W/"5eefbeb1-d024"
age: 512941
X-Firefox-Spdy: h2
oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js
200 OK 13 kB URL HTTP/2 oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js
IP
File type ASCII text, with very long lines (32001), with CRLF line terminators
Hash 112891904d2ce52d072013c5e993463a
4cca8f66204463d7dc6f9f6819e3ebbd0636f5b1
d58c3c940e6ac6a2587c3d28ef50dd9dc6f20ea23c213ac5ff75419656fd3291
GET /slake/asset/js/jquery.mCustomScrollbar.concat.min.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/gOog
Cookie: __ddg1_=5o32YGSxdjpR9B5MXBUR; PHPSESSID=tcqu9dsm9ntsm3arj92b49ngq0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 16 Jan 2023 22:47:46 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-b1ab"
age: 735104
content-length: 12929
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/slake/asset/css/bootstrap.min.css
200 OK 20 kB URL HTTP/2 oxy.st/slake/asset/css/bootstrap.min.css
IP
File type ASCII text, with very long lines (65325)
Hash 4588208961b6b7ed6cd974687346348a
52085a4f6c875b6949261704f05050c1727e9c55
95a95b07b4e0d051f83a51b680810572bd1244b42cb6e640d3b29b98f3e92885
GET /slake/asset/css/bootstrap.min.css HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/gOog
Cookie: __ddg1_=5o32YGSxdjpR9B5MXBUR; PHPSESSID=tcqu9dsm9ntsm3arj92b49ngq0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 22 Jan 2023 06:48:10 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-235ed"
age: 274280
content-length: 20483
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/slake/asset/js/jquery.min.js
200 OK 30 kB URL HTTP/2 oxy.st/slake/asset/js/jquery.min.js
IP
File type ASCII text, with very long lines (65451)
Hash 28198fab85f1ac98f664600f670ba43d
ee0dd46d793071270130c08412258d8c32194a32
81bd52c3dd2417f30deadecbe5412bed404a86e05233b7b7ba6b7e8f682b5b49
GET /slake/asset/js/jquery.min.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/gOog
Cookie: __ddg1_=5o32YGSxdjpR9B5MXBUR; PHPSESSID=tcqu9dsm9ntsm3arj92b49ngq0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 23 Jan 2023 08:38:54 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-1538e"
age: 181236
content-length: 30285
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/images/sprite3.png
200 OK 2.1 kB URL HTTP/2 oxy.st/images/sprite3.png
IP
File type PNG image data, 124 x 49, 8-bit/color RGBA, non-interlaced\012- data
Hash b08166a270b58c28d429bf2f9ffece6c
91dab55cbe8c802a7c56cd9d2ffaee9ccea4a49f
a21a9fa89fb6dd8c8e84907a99b0374abdf641c71c55e0283b7758e8f2a12507
GET /images/sprite3.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/gOog
Cookie: __ddg1_=5o32YGSxdjpR9B5MXBUR; PHPSESSID=tcqu9dsm9ntsm3arj92b49ngq0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 25 Aug 2022 10:28:42 GMT
content-type: image/png
content-length: 2059
last-modified: Sun, 27 Mar 2022 20:43:28 GMT
etag: "6240cc70-80b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 13221048
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/images/ltd.svg
200 OK 20 kB IP
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (50102)
Hash d37ece4290313a264b5e235c0dadf2fb
9ae09bed58122b3d3c4914c45e682dce63993e14
e08d9d0fd918211315836b13807379efdf0a22ac163c96f96c5a14d1212781bd
GET /images/ltd.svg HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/gOog
Cookie: __ddg1_=5o32YGSxdjpR9B5MXBUR; PHPSESSID=tcqu9dsm9ntsm3arj92b49ngq0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 25 Jan 2023 05:14:49 GMT
content-type: image/svg+xml
last-modified: Fri, 20 Nov 2020 00:55:29 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 19700
ddg-cache-status: HIT,HIT
etag: W/"5fb71401-c420"
age: 20681
X-Firefox-Spdy: h2
oxy.st/slake/asset/slice_white.png
200 OK 6.1 kB URL HTTP/2 oxy.st/slake/asset/slice_white.png
IP
File type PNG image data, 201 x 45, 8-bit/color RGBA, non-interlaced\012- data
Hash 946ed1d2bd247854fa58e938de28ee95
883cda7ee0087e29a32f07b6c8ead3e8df5db738
bfe6c8b9cf34578f573091bb118f86a10b918b7d530b25107648f12158759e85
GET /slake/asset/slice_white.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/gOog
Cookie: __ddg1_=5o32YGSxdjpR9B5MXBUR; PHPSESSID=tcqu9dsm9ntsm3arj92b49ngq0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 21 Jan 2023 14:13:36 GMT
content-type: image/png
content-length: 6078
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
access-control-allow-origin: *
accept-ranges: bytes
etag: "5eefbeb2-17be"
age: 333954
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/slake/asset/js/ajax-mail.js
200 OK 544 B URL HTTP/2 oxy.st/slake/asset/js/ajax-mail.js
IP
File type ASCII text, with CRLF line terminators
Hash 4eb7582278a2e3748b9017bb83307caf
93c419ea8637148be2192bfa8068ed8009e3add7
59ccbe475f369df6e9daf6480deb023a38b4fc29016142e062f76f4218f66abc
GET /slake/asset/js/ajax-mail.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/gOog
Cookie: __ddg1_=5o32YGSxdjpR9B5MXBUR; PHPSESSID=tcqu9dsm9ntsm3arj92b49ngq0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 16 Jan 2023 16:25:29 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-683"
age: 758041
content-length: 544
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/slake/asset/js/plugins.js
200 OK 91 kB URL HTTP/2 oxy.st/slake/asset/js/plugins.js
IP
File type Unicode text, UTF-8 text, with very long lines (8320), with CRLF line terminators
Hash f64473f7f0d77763bf319a920044a5fe
085e34089773af2ec9ec67f206d51e9ada6a84fb
d0ce3ff70f038c52fd30f79350f60b4dff5c9bf0f327a1389c83c409a1f8846d
GET /slake/asset/js/plugins.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/gOog
Cookie: __ddg1_=5o32YGSxdjpR9B5MXBUR; PHPSESSID=tcqu9dsm9ntsm3arj92b49ngq0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 25 Jan 2023 05:09:08 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 90933
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-52d51"
age: 21022
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 1005c9e99dc8d4390861d6730c7a403b
0e3858ae26a1c01e0160e3b60e400bea202ebd05
4ff7ceb81a3dad4fefd3a15ece4ce13898624c01bf5a0cb4fdd90958978ed6b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 10:59:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5189893a7f9d4ad178ce301383325fe5
433fe0049838f69e87c67d1bd59a1fc74b46fe49
8c6d3d407fba8c25209be7c7f1c00eb138613e9d714cd6dae02d9f73bb0ab7f8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8C6D3D407FBA8C25209BE7C7F1C00EB138613E9D714CD6DAE02D9F73BB0AB7F8"
Last-Modified: Mon, 23 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12020
Expires: Wed, 25 Jan 2023 14:19:50 GMT
Date: Wed, 25 Jan 2023 10:59:30 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 25 Jan 2023 10:48:59 GMT
age: 631
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c398b6b39d11d25b8ae9bc5cd94a1c98
640aa8c399ced71d0c2a9f5a90fbaf091b01d642
a6f07f7c6a4746acc25457c726701df33120628dfb578bc4982448d8efee5855
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A6F07F7C6A4746ACC25457C726701DF33120628DFB578BC4982448D8EFEE5855"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9063
Expires: Wed, 25 Jan 2023 13:30:33 GMT
Date: Wed, 25 Jan 2023 10:59:30 GMT
Connection: keep-alive
whereres.com/api/scripts/mSetupWidget?id=363
200 OK 9.0 kB URL HTTP/1.1 whereres.com/api/scripts/mSetupWidget?id=363
IP
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (3565)
Hash 9c6d8fe1a69623dcc4c1948506d672af
b400e0ddf00fbbeed8a94c949165659d78714911
a5b9db9230019c2386cbd1bd2b8e193cd202b1f5558cc20a4a52058f79542c09
GET /api/scripts/mSetupWidget?id=363 HTTP/1.1
Host: whereres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 25 Jan 2023 10:59:30 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.0.27
Content-Encoding: gzip
oxy.st/slake/asset/img/bg/flake-slider-header.jpg
200 OK 32 kB URL HTTP/2 oxy.st/slake/asset/img/bg/flake-slider-header.jpg
IP
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x824, components 3\012- data
Hash 8e2a0e56ae25b282b437f9d5bd300d96
5d4ba26731ee84ba9bbc5487312162b826ede550
b48a7837a73459a7d6f545cb45a810533d9bf006a54077b2ca3bd62dd6f6315d
GET /slake/asset/img/bg/flake-slider-header.jpg HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/gOog
Cookie: __ddg1_=5o32YGSxdjpR9B5MXBUR; PHPSESSID=tcqu9dsm9ntsm3arj92b49ngq0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 25 Aug 2022 10:28:42 GMT
content-type: image/jpeg
content-length: 31870
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
etag: "5eefbeb2-7c7e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 13221048
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 472 B IP
Hash a49a89d4a52d659818f7937ed1c4e7ea
ef5cc8b0f7c54921ff8ed61cdca0b9d55f7d408f
4c3da9caef852c3725a10d21185cf0d8aaa29fd4a354520fa7079de4716c5e70
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 25 Jan 2023 10:59:31 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 04:59:13 GMT
Expires: Wed, 01 Feb 2023 04:59:12 GMT
Etag: "ef5cc8b0f7c54921ff8ed61cdca0b9d55f7d408f"
Cache-Control: max-age=582580,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78f07ff6987bb50c-OSL
oxy.st/slake/asset/fonts/themify--fvbane.woff
200 OK 56 kB URL HTTP/2 oxy.st/slake/asset/fonts/themify--fvbane.woff
IP
File type Web Open Font Format, CFF, length 56108, version 1.0\012- data
Hash a1ecc3b826d01251edddf29c3e4e1e97
9394f35bd2addd24666b79bfc36d4f9d247cb01d
0db5c5a1475eb7a3e5028983ea1e642d1b2c00faff6a250a37502b0f3832a4a7
GET /slake/asset/fonts/themify--fvbane.woff HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://oxy.st/slake/asset/css/elements.css?1
Cookie: __ddg1_=5o32YGSxdjpR9B5MXBUR; PHPSESSID=tcqu9dsm9ntsm3arj92b49ngq0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 20 Jan 2023 12:46:09 GMT
content-type: font/woff
content-length: 56108
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
access-control-allow-origin: *
accept-ranges: bytes
etag: "5eefbeb2-db2c"
age: 425602
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
cdn.adlook.me/js/rlf.js
200 OK 19 kB IP
ASN #199524 G-Core Labs S.A.
File type Unicode text, UTF-8 text, with very long lines (65509), with no line terminators
Hash 4753bd99e680f991e358fcfc5956d348
f7506e35d1e97953351bacf094278a919dd2d5e9
417b57437a57fdbfdbe26fb8e676b6936d868f23f5aa5ca587811aa01ce9d03f
GET /js/rlf.js HTTP/1.1
Host: cdn.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:59:31 GMT
content-type: application/javascript,application/javascript;charset=utf-8
content-length: 19276
content-encoding: gzip
last-modified: Wed, 14 Dec 2022 11:05:17 GMT
etag: "8054b6f2abfd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
cache: HIT
x-cached-since: 2023-01-25T10:52:14+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
ads.themoneytizer.com/moneybid7_28/build/dist/prebid.js
200 OK 185 kB URL HTTP/2 ads.themoneytizer.com/moneybid7_28/build/dist/prebid.js
IP
ASN #60068 Datacamp Limited
Size 185 kB (185089 bytes)
Hash df393b22e56a68b2ed60fdbaa1e02888
c981725001d8a5cda8de15547a21875917a04935
120cd521a6c9623bc70d3016f0f8cacd96129a38eb3cc2c630123c6f2836683e
GET /moneybid7_28/build/dist/prebid.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:30 GMT
content-type: application/javascript
last-modified: Tue, 17 Jan 2023 14:40:20 GMT
expires: Thu, 26 Jan 2023 05:03:52 GMT
cache-control: max-age=86400, public, no-transform
pragma: public
x-accel-expires: @1674709432
server: CDN77-Turbo
x-77-nzt: AblMCRTH6aD/WlMAAA
x-77-nzt-ray: af5856304f620c11920bd1631631973a
x-cache: HIT
x-age: 21338
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 3e7fdf1ab4be9ee80518d0400683f0d3
dd2ec6511ba05e7fb89d32a1ad407db5eaa1520b
eb789178a0b528aad87a5bf0d05aecd45e7623ebaf198820f9310887757e1d5f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 10:59:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ads.themoneytizer.com/moneybile.js
200 OK 47 kB URL HTTP/2 ads.themoneytizer.com/moneybile.js
IP
ASN #60068 Datacamp Limited
Hash aab53ca74c7bc30ea1edd31f8b8af17c
86051386cf4b899fabf7d5e2f04edc484e8f3d7b
ab8277ba5d71afb959caca1cf4dd0ea020b657351466c43e30d7e602c0c5a915
GET /moneybile.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:30 GMT
content-type: application/javascript
last-modified: Fri, 12 Mar 2021 17:07:19 GMT
expires: Thu, 26 Jan 2023 05:03:52 GMT
cache-control: max-age=86400, public, no-transform
pragma: public
x-accel-expires: @1674709432
server: CDN77-Turbo
x-77-nzt: AblMCRRGNwH/WlMAAA
x-77-nzt-ray: af5856304f620c11920bd1634fcc473a
x-cache: HIT
x-age: 21338
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 313 B IP
Hash fd08f8a0325d494f57d93d8a9c9acf16
50ccf411bbbbe53ba5ad2dd24ad554036b6e7cc5
bdda54e082fda2c4b149eb0d181ba5be91f5a832149432100e96d1d6b6971b84
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4699
Cache-Control: max-age=100927
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 10:59:31 GMT
Etag: "63cfe077-139"
Expires: Thu, 26 Jan 2023 15:01:38 GMT
Last-Modified: Tue, 24 Jan 2023 13:43:19 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 313
ads.themoneytizer.com/IIQUniversalID.js
200 OK 34 kB URL HTTP/2 ads.themoneytizer.com/IIQUniversalID.js
IP
ASN #60068 Datacamp Limited
Hash b4728ea8189eda5788fa3fa520aebacd
154ea4aec49b690299de7eafd20f587926e33e57
d3bc1b70bcf2a1d3779eb58180f9dae0552da8b55e2d307e2d0f765d6a983488
GET /IIQUniversalID.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:30 GMT
content-type: application/javascript
last-modified: Wed, 12 Oct 2022 18:48:43 GMT
expires: Thu, 26 Jan 2023 05:03:52 GMT
cache-control: max-age=86400, public, no-transform
pragma: public
x-accel-expires: @1674709432
server: CDN77-Turbo
x-77-nzt: AblMCRQxRy7/WlMAAA
x-77-nzt-ray: af5856304f620c11920bd16352cf273a
x-cache: HIT
x-age: 21338
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP
Hash 86ee3cbbac0733735653b92d6a6ec7da
b4014d83b4e23dc4ecb587f3ff72fe4dd9d5cab0
53e7ce07f161d5c3fd0a8902494b6d31d8a9c544b3ac4c958d7adcf0bfa937ed
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 25 Jan 2023 10:59:31 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Sun, 29 Jan 2023 09:26:25 GMT
ETag: "b4014d83b4e23dc4ecb587f3ff72fe4dd9d5cab0"
Last-Modified: Wed, 25 Jan 2023 09:26:26 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1121
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78f07ff7ea0e0b69-OSL
ocsp.globalsign.com/gseccovsslca2018
200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP
Hash 86ee3cbbac0733735653b92d6a6ec7da
b4014d83b4e23dc4ecb587f3ff72fe4dd9d5cab0
53e7ce07f161d5c3fd0a8902494b6d31d8a9c544b3ac4c958d7adcf0bfa937ed
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 25 Jan 2023 10:59:31 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Sun, 29 Jan 2023 09:26:25 GMT
ETag: "b4014d83b4e23dc4ecb587f3ff72fe4dd9d5cab0"
Last-Modified: Wed, 25 Jan 2023 09:26:26 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1121
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78f07ff7e9bc1bfe-OSL
onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1674644369076
204 No Content 0 B URL HTTP/2 onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1674644369076
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /usync/?pubId=2a897e3f18e6769&cb=1674644369076 HTTP/1.1
Host: onetag-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
cache-control: no-store
strict-transport-security: max-age=15552000
X-Firefox-Spdy: h2
c.tmyzer.com/c/?s=85433&f=2&fi=99
200 OK 0 B URL HTTP/1.1 c.tmyzer.com/c/?s=85433&f=2&fi=99
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c/?s=85433&f=2&fi=99 HTTP/1.1
Host: c.tmyzer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Jan 2023 10:59:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
X-IPLB-Request-ID: 5B5A2A9A:D13E_36264064:01BB_63D10B93_A5F0A:2C31F
X-IPLB-Instance: 41595
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 3e7fdf1ab4be9ee80518d0400683f0d3
dd2ec6511ba05e7fb89d32a1ad407db5eaa1520b
eb789178a0b528aad87a5bf0d05aecd45e7623ebaf198820f9310887757e1d5f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 10:59:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Montserrat:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
200 OK 1.5 kB URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
IP
Hash db62d587a65885f1471e60466053146e
0ce7f2a4aaa4c5dd92b69f6e468c44c05971c3a8
ce9a31bce58c117d555269a0907e05621db921b43f12841ccdd1d0ba6c29eb1d
GET /css?family=Montserrat:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 25 Jan 2023 10:59:30 GMT
date: Wed, 25 Jan 2023 10:59:30 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tag.leadplace.fr/libJsLP.js
200 OK 5.5 kB URL HTTP/1.1 tag.leadplace.fr/libJsLP.js
IP
Hash a0c24f993bc0901cfe62d1e801cb2b45
7eb2bdce06161ae486bc8e7ecd0b5c9c4f7b2984
80fccb00db57a177d26368cda09f8a540cf1aa641b8b6837047e86d3bd8d6333
GET /libJsLP.js HTTP/1.1
Host: tag.leadplace.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 25 Jan 2023 10:59:31 GMT
Content-Type: application/javascript
Content-Length: 5547
Last-Modified: Thu, 14 Oct 2021 07:27:52 GMT
ETag: "6167dbf8-15ab"
Accept-Ranges: bytes
X-IPLB-Request-ID: 5B5A2A9A:5532_91EFC133:01BB_63D10B93_62A3F311:10554
X-IPLB-Instance: 29923
oxy.st/slake/asset/img/bg/footer-bg.png
200 OK 75 kB URL HTTP/2 oxy.st/slake/asset/img/bg/footer-bg.png
IP
File type PNG image data, 1920 x 890, 8-bit/color RGB, non-interlaced\012- data
Hash ce2f90b81ee3a43f46c29223ad1d981b
b82b68c892bd7c8b0bf06a883f1bdcd8ca0121e5
7b5c7bc066eb345c6c48189f960ad13fac80add5b5769e2d7a1f59d82a382505
GET /slake/asset/img/bg/footer-bg.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/slake/style.css?ver=6
Cookie: __ddg1_=5o32YGSxdjpR9B5MXBUR; PHPSESSID=tcqu9dsm9ntsm3arj92b49ngq0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 21 Jan 2023 22:29:33 GMT
content-type: image/png
content-length: 74560
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
access-control-allow-origin: *
accept-ranges: bytes
etag: "5eefbeb2-12340"
age: 304198
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
yastatic.net/islands/_/KRBKbh7904nwfw8-FzDelXRpZ9o.woff2
200 OK 43 kB URL HTTP/2 yastatic.net/islands/_/KRBKbh7904nwfw8-FzDelXRpZ9o.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 43112, version 1.0\012- data
Hash f8883ab9c4a452a0bfe3c5cf9619db86
29104a6e1efdd389f07f0f3e1730de95746967da
427f528f5d190e0e3275d8a1fc40bad36fede3da064b33f29dc8fe6e614ff2f7
GET /islands/_/KRBKbh7904nwfw8-FzDelXRpZ9o.woff2 HTTP/1.1
Host: yastatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.17.9
date: Wed, 25 Jan 2023 10:59:31 GMT
content-type: application/font-woff2
content-length: 43112
access-control-allow-origin: *
cache-control: public, max-age=31556952
etag: "f8883ab9c4a452a0bfe3c5cf9619db86"
expires: Thu, 25 Jan 2024 16:47:11 GMT
last-modified: Tue, 22 Jan 2019 17:04:38 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-nginx-request-id: 7a0d84799d22d62d
accept-ranges: bytes
X-Firefox-Spdy: h2
p.cpx.to/p/12771/px.js
200 OK 2.0 kB IP
File type ASCII text, with very long lines (1990), with no line terminators
Hash a667f26d4e73b4b5098a9c9637d3d29f
83d9b753da4c51039a689bc67956f7f9997854cc
a559f41c7e0d2f4852afbf1cf44b736b9158e65b01843c05850f6e8d6b6db9b6
GET /p/12771/px.js HTTP/1.1
Host: p.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2419200, public
Content-Type: application/javascript; charset=UTF-8
Date: Wed, 25 Jan 2023 10:59:30 GMT
Content-Length: 1990
Connection: keep-alive
yastatic.net/islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2
200 OK 45 kB URL HTTP/2 yastatic.net/islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 45100, version 1.0\012- data
Hash e783c489351712fa80a7cb4206cffd02
4d1d924e4cbae116baf57958cea28dedc9e361f4
281e998fb084bbc3243914bfd01a00ef5cdbc847179c43106808821a6e0ae1a5
GET /islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2 HTTP/1.1
Host: yastatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.17.9
date: Wed, 25 Jan 2023 10:59:31 GMT
content-type: application/font-woff2
content-length: 45100
access-control-allow-origin: *
cache-control: public, max-age=31556952
etag: "e783c489351712fa80a7cb4206cffd02"
expires: Thu, 25 Jan 2024 16:47:11 GMT
last-modified: Tue, 22 Jan 2019 17:07:25 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-nginx-request-id: cd3c6f59a1c2636c
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.adlook.me/u/cds.html
200 OK 1.4 kB IP
ASN #199524 G-Core Labs S.A.
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 092b935eec2ba1199c03c1c856472e77
90d533fb895dda57fd0645cf484a4ecb7a64c344
8719a7a7e474f30d7a1d5dbf2ab97bbd73437c28ef567b410361540ad38c985e
GET /u/cds.html HTTP/1.1
Host: cdn.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:59:31 GMT
content-type: text/html
content-length: 1439
last-modified: Thu, 06 Aug 2020 17:06:57 GMT
etag: "207a2dfe136cd61:0"
x-powered-by: ASP.NET
cache: HIT
x-cached-since: 2023-01-25T10:51:34+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.adlook.me/css/rlf.css?1.4
200 OK 1.6 kB URL HTTP/2 cdn.adlook.me/css/rlf.css?1.4
IP
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (1612), with no line terminators
Hash ebb99a8c16a4ad70389cc2e9306fa4b1
b926dbbe4d67d1a39e3a7b1f4ea992c41388067b
d1b01565ed50bb2012a6d2c9b409fa41752d6c3a30e735f9f7008b7f635a21f1
GET /css/rlf.css?1.4 HTTP/1.1
Host: cdn.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:59:31 GMT
content-type: text/css
content-length: 1612
last-modified: Mon, 11 Oct 2021 12:59:26 GMT
etag: "2fce1cd29fbed71:0"
x-powered-by: ASP.NET
cache: HIT
x-cached-since: 2023-01-25T10:57:54+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1Oxbtaj53aRwm6fnuAOa3Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: EvdgRyyieQmlHbf05trlJh8CMVE=
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ef59aa85c9572bcc65b9073860bf25a8
67f76f3edf37a48f3fc9244d4d76c2abfa1a4a2a
de67a6263dceb38bc328eaf7fc5dee5ce983c954cf3a5c673a1b5ab140990188
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE67A6263DCEB38BC328EAF7FC5DEE5CE983C954CF3A5C673A1B5AB140990188"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13913
Expires: Wed, 25 Jan 2023 14:51:24 GMT
Date: Wed, 25 Jan 2023 10:59:31 GMT
Connection: keep-alive
spl.zeotap.com/?env=mWeb&eventType=pageview&zdid=1258
200 OK 499 B URL HTTP/2 spl.zeotap.com/?env=mWeb&eventType=pageview&zdid=1258
IP
File type ASCII text, with no line terminators
Hash fccf28f0243f5acf1e07d3b9766e7ab3
73228caa0043ea18c7c3a38c3dd72bf92d3747af
c20405334c20572c3ee69ce9dd9fa362fabb82ff81df3b9c7b48702ecae25a9f
GET /?env=mWeb&eventType=pageview&zdid=1258 HTTP/1.1
Host: spl.zeotap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:31 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://oxy.st
set-cookie: zc=ff27a925-adec-4724-79f7-fca3b9beea04; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure
zsc=%DC%5B%3B%0E%A1%D4%1D%29%C0%29%FE9%C1%BC%AF%D6%3D%2C%B5%BF%83u%E3%01%F2%DD%8E%A3%9BD%90%F8H%8D%D4%7CE%27%E3y%22D%C5%0F%A5%00%C0%CF%B0%A3%8Bb%CC%91E%0E+%2Amalg%23%95%CD%EF%7CP4%E6%B9%8C%F1%DE%B1%92%40%F5%01%91g%BA%CA; Path=/; Domain=.zeotap.com; Max-Age=86400; SameSite=None; Secure
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 78f07ff8e86eb500-OSL
content-encoding: br
X-Firefox-Spdy: h2
tag.leadplace.fr/wckr.php?ref=https%3A%2F%2Foxy.st%2Fd%2FgOog&id=MTIZ
200 OK 0 B URL HTTP/1.1 tag.leadplace.fr/wckr.php?ref=https%3A%2F%2Foxy.st%2Fd%2FgOog&id=MTIZ
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wckr.php?ref=https%3A%2F%2Foxy.st%2Fd%2FgOog&id=MTIZ HTTP/1.1
Host: tag.leadplace.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 25 Jan 2023 10:59:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
X-IPLB-Request-ID: 5B5A2A9A:5532_91EFC133:01BB_63D10B93_62A3F315:10554
X-IPLB-Instance: 29923
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 4dc3694f7e66bc7f448dfc4804ecd4af
6c91511502a4fe38eeb3fff63507a47cab093c86
e43867e73dff01e58b19d648c692cc1dbeae7ccebf742eb56eb3d03ffde88b94
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E43867E73DFF01E58B19D648C692CC1DBEAE7CCEBF742EB56EB3D03FFDE88B94"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13919
Expires: Wed, 25 Jan 2023 14:51:30 GMT
Date: Wed, 25 Jan 2023 10:59:31 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 313 B IP
Hash e6ce0209150d452e06362c199f75e86b
e5c950e9611a5a05949ce97c47bc150702d7481a
690938ab6b821578c23682c25271d89d947a0bafd755f86406febb816604effc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3211
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 10:59:31 GMT
Last-Modified: Wed, 25 Jan 2023 10:06:00 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 313
id5-sync.com/api/config/prebid
200 134 B URL HTTP/1.1 id5-sync.com/api/config/prebid
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 99be75395b3c89cdd6781761e5a85ad2
225a8b587c3545be2581aa9ac2b630b51679d7be
559ffc5fa5eadd77f8bfaaeb793648763e312a17391d8e6bbb7d8d3dec2147e1
POST /api/config/prebid HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 95
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Wed, 25 Jan 2023 10:59:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
ads.adlook.me/vast?id=5344&w=1268&h=713&mult=1&rw=0&ref=&loc=https%3A%2F%2Foxy.st%2Fd%2FgOog&top=&_ts=1674644369548
200 OK 2 B URL HTTP/2 ads.adlook.me/vast?id=5344&w=1268&h=713&mult=1&rw=0&ref=&loc=https%3A%2F%2Foxy.st%2Fd%2FgOog&top=&_ts=1674644369548
IP
ASN #48096 Enterprise Cloud Ltd.
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /vast?id=5344&w=1268&h=713&mult=1&rw=0&ref=&loc=https%3A%2F%2Foxy.st%2Fd%2FgOog&top=&_ts=1674644369548 HTTP/1.1
Host: ads.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
server: Microsoft-IIS/10.0
set-cookie: adlm_userId=372d989d42fe4254ac0f670b4e3ac0d7; expires=Wed, 24 Jan 2024 21:00:00 GMT; path=/; SameSite=None; secure; samesite=lax
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
date: Wed, 25 Jan 2023 10:59:30 GMT
content-length: 2
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1
200 OK 885 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1
IP
Hash ca6772248a5de946c392d3f39d94801a
c8a67d5e1c15c9dd6d7f4224a86f91f2a1d693e4
40125b707bd08dbf81f312b384ecf5679eb7ae6c5d5737d6fcae40572b7c77e1
GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:30 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 1232438
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 11de04dc61bf459876e9ea287cecfbb0
5ee792c7fdb81bf12e9b15d6d95a601c26e0bdcc
2e1f309d96dbdb8f816eb13fba0641c57f19e0e19b66283e653a1b936e909141
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2E1F309D96DBDB8F816EB13FBA0641C57F19E0E19B66283E653A1B936E909141"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9885
Expires: Wed, 25 Jan 2023 13:44:16 GMT
Date: Wed, 25 Jan 2023 10:59:31 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash eb83c696e9cf04bc985fbe0a2d7ccbf6
ca27fde790c7b4fc89adbefa9165b3d6f5ba54df
b8da33047320390697729823305b188b899a5cd172f10433cc44c6be0488af75
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B8DA33047320390697729823305B188B899A5CD172F10433CC44C6BE0488AF75"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14735
Expires: Wed, 25 Jan 2023 15:05:06 GMT
Date: Wed, 25 Jan 2023 10:59:31 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f0a4098f041b32de6aeac7e8919dfb93
d3dd3d384e3bc4454b58f48c878261b5d165c2bd
1a2e07af32d611f5b897d8f26ba1ba7008bdbb7814bc749dc3f6992167ed6d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1A2E07AF32D611F5B897D8F26BA1BA7008BDBB7814BC749DC3F6992167ED6D64"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15389
Expires: Wed, 25 Jan 2023 15:16:00 GMT
Date: Wed, 25 Jan 2023 10:59:31 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 6e43ee9eeb8cc021c2a91923abf29682
b3f1acd6ba4f5cb56f313b9e3888b86bfe95b85e
09e1b232bef87ca3305a9da2489f07ba072a7ed196efa166407ad3df829059f7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "09E1B232BEF87CA3305A9DA2489F07BA072A7ED196EFA166407AD3DF829059F7"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15500
Expires: Wed, 25 Jan 2023 15:17:51 GMT
Date: Wed, 25 Jan 2023 10:59:31 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1efa8c61f9db8e0ec1774f0b1baecdea
08ba8067d89579803e286e5b7ae649b8cfc6db2e
5b08ce2e19047ede80f7ea622c2e1785e5ee8fb2400e88682229cd82dfb3c95a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5B08CE2E19047EDE80F7EA622C2E1785E5EE8FB2400E88682229CD82DFB3C95A"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13600
Expires: Wed, 25 Jan 2023 14:46:11 GMT
Date: Wed, 25 Jan 2023 10:59:31 GMT
Connection: keep-alive
lb.eu-1-id5-sync.com/lb/v1
200 33 B URL HTTP/1.1 lb.eu-1-id5-sync.com/lb/v1
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 46371b4933ee718e40efe6572bc91942
590e111e3a8e4d7cab3b3239f8e3ede97e8f7827
bc2a678250d07e459c6d579001341542d5d96bcde55a5fcadebb4892742aee9c
GET /lb/v1 HTTP/1.1
Host: lb.eu-1-id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://oxy.st
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Wed, 25 Jan 2023 10:59:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
my.rtmark.net/gid.js?userId=3873b35cde67482dbfa893115d3f969d
200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=3873b35cde67482dbfa893115d3f969d
IP
File type JSON data\012- , ASCII text
Hash f8752de6f2e8589f97f561aed051c369
2847dc2ccd6888c98820c010077bc6582905adb5
d63b13684bacb29d9b520db9510fedb76c5e30c96ed72dc9ad13570fdf506c62
GET /gid.js?userId=3873b35cde67482dbfa893115d3f969d HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:59:31 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=3873b35cde67482dbfa893115d3f969d; expires=Thu, 25 Jan 2024 10:59:31 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 313 B IP
Hash 2032d44278d362185b47b966fcb45a73
5786a913f3556b7a761fd788aad9f35b83a54fe9
aa7b64b36d5141a052ed036564980de40d8579f2dbd82c552d109fb76c219d6e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1982
Cache-Control: max-age=97801
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 10:59:31 GMT
Etag: "63cfdede-139"
Expires: Thu, 26 Jan 2023 14:09:32 GMT
Last-Modified: Tue, 24 Jan 2023 13:36:30 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 313
mpraven.org/api/getslugv3?partner_apikey=fc637ad2fa123a2358df5768a2427c14&bl=0&raw=Discover%20new%20possibilities%20for%20%3Cspan%3E%20%242.70%2F5%20days%3C%2Fspan%3E&sourceURL=https%3A%2F%2Floader.oxy.st%2Fget%2Fa937efc19c35dca861ae06bb208a88ea%2F4xSoulles6Packev1.zip&sourceName=%C2%A74xSoulles%C2%A76Pack%C2%A7e%5Bv.zip&sourceIntro=&sourceNote=&priority=source&tag=&rnd=553afb77c96b9eb88c1c86c4933c8fcc&d=0&utm_content=&err=0&b=1&rfr=https%3A%2F%2Foxy.st%2Fd%2FgOog
200 OK 133 B URL HTTP/1.1 mpraven.org/api/getslugv3?partner_apikey=fc637ad2fa123a2358df5768a2427c14&bl=0&raw=Discover%20new%20possibilities%20for%20%3Cspan%3E%20%242.70%2F5%20days%3C%2Fspan%3E&sourceURL=https%3A%2F%2Floader.oxy.st%2Fget%2Fa937efc19c35dca861ae06bb208a88ea%2F4xSoulles6Packev1.zip&sourceName=%C2%A74xSoulles%C2%A76Pack%C2%A7e%5Bv.zip&sourceIntro=&sourceNote=&priority=source&tag=&rnd=553afb77c96b9eb88c1c86c4933c8fcc&d=0&utm_content=&err=0&b=1&rfr=https%3A%2F%2Foxy.st%2Fd%2FgOog
IP
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash 72fc37117cdc7bc0a6fa0ffccfc2d275
2ec43a2ff5c8cc3c79b415538e0ebc474e6b6932
23dfec71d3346be9958d9ffd00e94a031656dff473b1c98c9950f5d8e186fbab
GET /api/getslugv3?partner_apikey=fc637ad2fa123a2358df5768a2427c14&bl=0&raw=Discover%20new%20possibilities%20for%20%3Cspan%3E%20%242.70%2F5%20days%3C%2Fspan%3E&sourceURL=https%3A%2F%2Floader.oxy.st%2Fget%2Fa937efc19c35dca861ae06bb208a88ea%2F4xSoulles6Packev1.zip&sourceName=%C2%A74xSoulles%C2%A76Pack%C2%A7e%5Bv.zip&sourceIntro=&sourceNote=&priority=source&tag=&rnd=553afb77c96b9eb88c1c86c4933c8fcc&d=0&utm_content=&err=0&b=1&rfr=https%3A%2F%2Foxy.st%2Fd%2FgOog HTTP/1.1
Host: mpraven.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Jan 2023 10:59:31 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-SF: ok
X-Slug: check SF
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Content-Encoding: gzip
dnacdn.net/dna
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:30 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=1OBdKV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czlHRSUyQlZWT3E1OU5wNkhlUU9EQUV3V3VxZVpKczUzM0hzU202VGVVa2tSYw; expires=Mon, 19 Feb 2024 10:59:31 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 304162
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ibrapush.com/zone?pub=0&zone_id=5630104&is_mobile=false&domain=oxy.st&var=&ymid=&var_3=
200 OK 705 B URL HTTP/2 ibrapush.com/zone?pub=0&zone_id=5630104&is_mobile=false&domain=oxy.st&var=&ymid=&var_3=
IP
File type JSON data\012- , ASCII text, with very long lines (704)
Hash 53fd4fda83983a95b2ce314003de8718
f748134fb9af3caa678b515e2cbc82eff9881bc4
fd13354afb4688df091fa2c30a00d1ec42fb3f9fbadfebcf926f4e5581238def
GET /zone?pub=0&zone_id=5630104&is_mobile=false&domain=oxy.st&var=&ymid=&var_3= HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:59:31 GMT
content-type: application/json; charset=utf-8
content-length: 705
x-trace-id: 56764847f085e38f03d6a9f836bf6898
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash fa93de4eac1575e97e7c659385c9e4c5
4a7f159e9e55bae746738f409e5342813f5be6db
161676b12b5e45d900caa8ac71073d0aa71ffd3627bb767c02b4cb8ce1f0c110
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 25 Jan 2023 10:59:31 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 23 Jan 2023 07:14:51 GMT
Expires: Mon, 30 Jan 2023 07:14:50 GMT
Etag: "4a7f159e9e55bae746738f409e5342813f5be6db"
Cache-Control: max-age=417918,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78f07ff9acdcb50c-OSL
betotodilea.com/400/5630102
200 OK 32 kB URL HTTP/2 betotodilea.com/400/5630102
IP
Hash b956402dc0b0896e8e3e864be47f5b59
002e532ce3f48353db8d585454219aa193210404
59086c4a663066f0d097fee233211e94e4d2e16301fee905f8c28341bba4ad0f
GET /400/5630102 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:59:31 GMT
content-type: application/javascript
x-trace-id: a53bc4cc9492cddfd64a782c2abd7a9d
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=655734cf693942e49013c5cf23b9101e; expires=Thu, 25 Jan 2024 10:59:31 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 23 Jan 2023 18:52:41 GMT
expires: Tue, 23 Jan 2024 18:52:41 GMT
cache-control: public, max-age=31536000
age: 144410
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
s.cpx.to/fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FgOog&hn_ver=40&fid=32d93b6d-9b0c-4b31-abd2-5712e36a21a2
200 OK 652 B URL HTTP/1.1 s.cpx.to/fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FgOog&hn_ver=40&fid=32d93b6d-9b0c-4b31-abd2-5712e36a21a2
IP
File type ASCII text, with very long lines (652), with no line terminators
Hash cea663b868a03fa3be90b84d47ffd052
8099b6397b40bc8849aa830c47a5e7e1021cd5f6
d714f8c83aa47b6900532f003a37ee7d936d576013cd40b8a4d660e91bae371e
GET /fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FgOog&hn_ver=40&fid=32d93b6d-9b0c-4b31-abd2-5712e36a21a2 HTTP/1.1
Host: s.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 25 Jan 2023 10:59:31 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 652
Connection: keep-alive
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: none
cache-control: no-store, must-revalidate, private, max-age=0
pragma: no-cache
p3p: CP="NOI DEV ADM"
expires: Wed, 18 Jan 2023 19:16:50 UTC
set-cookie: cpSess=875215224c74f56; Expires=Thu, 25 Jan 2024 10:59:31 GMT; Domain=.cpx.to; Path=/; Secure; HttpOnly; SameSite=None
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cfd17cd0673e02c422ee30439b224c91
76d8fd06c643ef05e4ee54f7f2b4113b472115f5
cf2c45045b5be62241a6531e1321db719eee27112864b6698b5fb5cbc287656a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CF2C45045B5BE62241A6531E1321DB719EEE27112864B6698B5FB5CBC287656A"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4339
Expires: Wed, 25 Jan 2023 12:11:51 GMT
Date: Wed, 25 Jan 2023 10:59:32 GMT
Connection: keep-alive
ibrapush.com/pfe/current/tag.min.js?z=5630104
200 OK 6.0 kB URL HTTP/2 ibrapush.com/pfe/current/tag.min.js?z=5630104
IP
File type C source, ASCII text, with very long lines (14602), with no line terminators
Hash 1d369ecbbcc1f97ba7ca11d86194cc6b
771966b26652f1714c275a238e8d8c3d50e90a5a
35855b217ce4540c5979a69ca4f8fb35c025cb9033be22013b625b91c047c98c
GET /pfe/current/tag.min.js?z=5630104 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:59:31 GMT
content-type: application/javascript
last-modified: Tue, 24 Jan 2023 14:31:33 GMT
etag: W/"63cfebc5-390a"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
link: <https://my.rtmark.net>; rel=dns-prefetch;, <https://my.rtmark.net>; rel=preconnect
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/x-QEV4IR2x0
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/x-QEV4IR2x0
IP
Hash 07208ef6356bca44bde2c3acdd03a4bb
cb9c589dccb28bb1e0739a4e5e0d5d48ea43fff9
3f0c1ea3b6ea0203b439077ab495c5fce415d640da8839a67789268bf3286d98
POST /s/gts1p5/x-QEV4IR2x0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 10:59:32 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
nanouwho.com/11?rnd=2847960612&z=5630103&b=16380032&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=U9PfThtZ9Ssd0_26-ceJf48LQbjyLsPVejfq3UiMEZPR2VWDEMZ98Y1VLmRPHFGfoiXG54GTcrO2kE3RCkbB2k2YkzyfcA5sRO0fPEac9tCpPbsuG768A_-kwbl0gcv8bvtnmgLaVHmmhEQR56DtIHJjLzRovayQ-ro_MpqI9TjZpFRSAUtF6r9u1mA6DrHY2trDg2syTbf07RXD64imRhnXVeSyS8tycJXQ6ExsXPnUm8V65yo2NSCrYCWszcql_LJgBFhu0oHGCRVDtFKmzN6fBK_nr35N1rYhutHEChxANkCywqf-mSwf0UmA7t2wa34iS_mnBsoMEamhMBX5tpCg1-eVWzbLzlc4fMIs2YP-eismOwjHYB42kTZF-L4-ONJriPpGLTxGSZ6efDEUDoe8DLdFw2GvFzJ4wY7YErC7fE9Hd3NbygHkQbe7Q27rb6j06RXMCL8QApmnOnXJMxLMgId7uXPEHSd4JdnY4Or60iA3e1VKxtDmnejZ40z6yrCAhk3abA3-IMNkWJ-oZFkpOxogkO4oJDUFb-uY46cWZDaWpbYQpU0Ul9CTk6Y9irlJvtD5iPUFEpcYuhqYD9jM9CiWJAG3F3TcVBOY81RqUwduYOUlXL6z4CzpBNGDvDsbu2xHD26O6M0l4XsSJeA8WuGPxi3ST5gBrgyR9crIC-voGlE9vHs94JURxmyOz8ki2OC82J0O3SFJBKvAag==&ruid=468f29aa-88ec-4fc9-9b0f-83a6b7199070&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FgOog&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=169
200 OK 0 B URL HTTP/2 nanouwho.com/11?rnd=2847960612&z=5630103&b=16380032&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=U9PfThtZ9Ssd0_26-ceJf48LQbjyLsPVejfq3UiMEZPR2VWDEMZ98Y1VLmRPHFGfoiXG54GTcrO2kE3RCkbB2k2YkzyfcA5sRO0fPEac9tCpPbsuG768A_-kwbl0gcv8bvtnmgLaVHmmhEQR56DtIHJjLzRovayQ-ro_MpqI9TjZpFRSAUtF6r9u1mA6DrHY2trDg2syTbf07RXD64imRhnXVeSyS8tycJXQ6ExsXPnUm8V65yo2NSCrYCWszcql_LJgBFhu0oHGCRVDtFKmzN6fBK_nr35N1rYhutHEChxANkCywqf-mSwf0UmA7t2wa34iS_mnBsoMEamhMBX5tpCg1-eVWzbLzlc4fMIs2YP-eismOwjHYB42kTZF-L4-ONJriPpGLTxGSZ6efDEUDoe8DLdFw2GvFzJ4wY7YErC7fE9Hd3NbygHkQbe7Q27rb6j06RXMCL8QApmnOnXJMxLMgId7uXPEHSd4JdnY4Or60iA3e1VKxtDmnejZ40z6yrCAhk3abA3-IMNkWJ-oZFkpOxogkO4oJDUFb-uY46cWZDaWpbYQpU0Ul9CTk6Y9irlJvtD5iPUFEpcYuhqYD9jM9CiWJAG3F3TcVBOY81RqUwduYOUlXL6z4CzpBNGDvDsbu2xHD26O6M0l4XsSJeA8WuGPxi3ST5gBrgyR9crIC-voGlE9vHs94JURxmyOz8ki2OC82J0O3SFJBKvAag==&ruid=468f29aa-88ec-4fc9-9b0f-83a6b7199070&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FgOog&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=169
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /11?rnd=2847960612&z=5630103&b=16380032&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=U9PfThtZ9Ssd0_26-ceJf48LQbjyLsPVejfq3UiMEZPR2VWDEMZ98Y1VLmRPHFGfoiXG54GTcrO2kE3RCkbB2k2YkzyfcA5sRO0fPEac9tCpPbsuG768A_-kwbl0gcv8bvtnmgLaVHmmhEQR56DtIHJjLzRovayQ-ro_MpqI9TjZpFRSAUtF6r9u1mA6DrHY2trDg2syTbf07RXD64imRhnXVeSyS8tycJXQ6ExsXPnUm8V65yo2NSCrYCWszcql_LJgBFhu0oHGCRVDtFKmzN6fBK_nr35N1rYhutHEChxANkCywqf-mSwf0UmA7t2wa34iS_mnBsoMEamhMBX5tpCg1-eVWzbLzlc4fMIs2YP-eismOwjHYB42kTZF-L4-ONJriPpGLTxGSZ6efDEUDoe8DLdFw2GvFzJ4wY7YErC7fE9Hd3NbygHkQbe7Q27rb6j06RXMCL8QApmnOnXJMxLMgId7uXPEHSd4JdnY4Or60iA3e1VKxtDmnejZ40z6yrCAhk3abA3-IMNkWJ-oZFkpOxogkO4oJDUFb-uY46cWZDaWpbYQpU0Ul9CTk6Y9irlJvtD5iPUFEpcYuhqYD9jM9CiWJAG3F3TcVBOY81RqUwduYOUlXL6z4CzpBNGDvDsbu2xHD26O6M0l4XsSJeA8WuGPxi3ST5gBrgyR9crIC-voGlE9vHs94JURxmyOz8ki2OC82J0O3SFJBKvAag==&ruid=468f29aa-88ec-4fc9-9b0f-83a6b7199070&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FgOog&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=169 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: scm=1; OAID=3873b35cde67482dbfa893115d3f969d; oaidts=1674644371
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:59:32 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 81942cbab13a6fc7e8886f7737491d98
access-control-expose-headers: X-Sc
set-cookie: OAID=3873b35cde67482dbfa893115d3f969d; expires=Thu, 25 Jan 2024 10:59:32 GMT; secure; SameSite=None
oaidts=1674644371; expires=Thu, 25 Jan 2024 10:59:32 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
ibrapush.com/custom
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:59:32 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
ibrapush.com/custom
200 OK 39 B IP
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Content-Type: application/json
Origin: https://oxy.st
Content-Length: 355
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:59:32 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 62827682df8d1996a77e751db99467d9
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e8f1a03b5b269e29eb6dd983583acd5f
2c2dfdd086b51641cca2b9bf38cd9d1d81dc7794
c757caca0367f08dae489f6d45332f78d184271fd004cb0c47008dcd6943d16e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C757CACA0367F08DAE489F6D45332F78D184271FD004CB0C47008DCD6943D16E"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8115
Expires: Wed, 25 Jan 2023 13:14:47 GMT
Date: Wed, 25 Jan 2023 10:59:32 GMT
Connection: keep-alive
ocsp.sectigo.com/
200 OK 471 B IP
Hash dc4ecda5368b52c2e2e0f855c3069d54
094d4c4753e9411e78bba8e036dfe4d578a3136e
6543817b84fb50bf50d47656d95e228b120961571cde07e3aae7f5f60b788920
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 25 Jan 2023 10:59:32 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 22 Jan 2023 03:49:36 GMT
Expires: Sun, 29 Jan 2023 03:49:35 GMT
Etag: "094d4c4753e9411e78bba8e036dfe4d578a3136e"
Cache-Control: max-age=319202,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78f07ffdeb02b50c-OSL
nanouwho.com/27/7032fd23f7825e75f6f79a3de91ed077
200 OK 131 kB URL HTTP/2 nanouwho.com/27/7032fd23f7825e75f6f79a3de91ed077
IP
File type ASCII text, with very long lines (65523)
Size 131 kB (131408 bytes)
Hash f28994a0e01dfee84e1a5fd9280d0cf9
bd35d262e226da1d6eb19480568aad9ad3774d30
d6252e18c05a85de36fdfa3d68281aeae63fb4304bc3e6873b1204a8190263cc
Analyzer Verdict Alert quad9 Sinkholed
GET /27/7032fd23f7825e75f6f79a3de91ed077 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Cookie: scm=1; OAID=68769a122aa347eb9bb2fbcce2ed0b03; oaidts=1674644371
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:59:31 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
cache-control: max-age:290304000, public
last-modified: Tue, 24 Jan 2023 07:37:20 GMT
expires: Tue, 23 Feb 2083 07:37:20 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 892
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Wed, 25 Jan 2023 10:59:58 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://oxy.st
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
nanouwho.com/9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FgOog&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=3873b35cde67482dbfa893115d3f969d
200 OK 4.7 kB URL HTTP/2 nanouwho.com/9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FgOog&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=3873b35cde67482dbfa893115d3f969d
IP
Hash fc362579e97bbeb8a3ab3c9ee0301102
530703432130c4fbdc296dec37fe83b38249d3df
7405df34a4e014f7a8c9dd66f005c2a4bdc3b3181c5f306ec503c9aefd7814f0
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FgOog&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=3873b35cde67482dbfa893115d3f969d HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 178
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: scm=1; OAID=68769a122aa347eb9bb2fbcce2ed0b03; oaidts=1674644371
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:59:32 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 5a91b6b00da4497b929091c2e3033796
access-control-expose-headers: X-Sc
set-cookie: OAID=3873b35cde67482dbfa893115d3f969d; expires=Thu, 25 Jan 2024 10:59:32 GMT; secure; SameSite=None
oaidts=1674644371; expires=Thu, 25 Jan 2024 10:59:32 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
id5-sync.com/i/12/9.gif?gdpr=&gdpr_consent=
200 43 B URL HTTP/1.1 id5-sync.com/i/12/9.gif?gdpr=&gdpr_consent=
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 07fff40b5dd495aca2ac4e1c3fbc60aa
e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
GET /i/12/9.gif?gdpr=&gdpr_consent= HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: cf=; Max-Age=300; Expires=Wed, 25-Jan-2023 11:04:32 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cip=; Max-Age=300; Expires=Wed, 25-Jan-2023 11:04:32 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cnac=; Max-Age=300; Expires=Wed, 25-Jan-2023 11:04:32 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
car=; Max-Age=300; Expires=Wed, 25-Jan-2023 11:04:32 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
gdpr=; Max-Age=300; Expires=Wed, 25-Jan-2023 11:04:32 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
callback=; Max-Age=300; Expires=Wed, 25-Jan-2023 11:04:32 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
content-type: image/gif;charset=UTF-8
transfer-encoding: chunked
date: Wed, 25 Jan 2023 10:59:31 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
oxy.st/images/icon.png
200 OK 7.5 kB IP
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash b63d70eb8c5d379fa68fe0f63e8c4255
232de1f52e52611ae67aab8ebaa143946154a233
100c7773d318b841267dc4ac654366ac19ba903e6cd6551777268f6eb4ed86cd
GET /images/icon.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/gOog
Cookie: __ddg1_=5o32YGSxdjpR9B5MXBUR; PHPSESSID=tcqu9dsm9ntsm3arj92b49ngq0; _pbjs_userid_consent_data=3524755945110770; sharedid=d3b2e35d-aa82-4217-b61c-41ee3f039009; cto_bundle=NxTMfF9ZRkRMQyUyRm5LSkRDOTZPWjZZdGROaiUyRlA3dDF0MDZqNWVQYSUyRjJOaW1PM0ZBWGptRXE3TlRUQThSVTVyZ0pkb3hSSFdhYldWeWUwQ1hManpOU1c2Yk5DQlIwU1FUUDJBWm5rTyUyRmg5ck1EZjhNJTNE; cto_bidid=xuufPl8xRHB0dTJBUXFuRXgyUUFWdXQ1VERDRVk1T2pSWUdXTlJvaG5Zd2hoa0ZhdDFQdk93bE9zSFklMkJ3aWglMkZ0QW9paVZYSVFjZUp5NzNUN3lBYXEzN2V0d3clM0QlM0Q; prefetchAd_5630105=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 20 Jan 2023 10:13:39 GMT
content-type: image/png
content-length: 7531
last-modified: Sun, 21 Jun 2020 20:10:25 GMT
etag: "5eefbeb1-1d6b"
access-control-allow-origin: *
accept-ranges: bytes
age: 434753
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js
200 OK 26 kB URL HTTP/1.1 d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js
IP
File type ASCII text, with very long lines (16085)
Hash 8703fc9eead243fe2f47380e962d7fa2
3d9f707259112fa9ccdd1e676f00eadcff71906c
b47b4ca26c57e3dceebd7abd067df9622599bed6bfb11b480f92d09a945cd213
GET /a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js HTTP/1.1
Host: d2zur9cc2gf1tx.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 25704
Connection: keep-alive
Accept-Ranges: bytes
Last-Modified: Mon, 18 Feb 2019 16:54:28 GMT
Server: Apache
Date: Wed, 25 Jan 2023 03:45:22 GMT
X-Cache: Hit from cloudfront
Via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: jVOVAez0P-lo2IJLeFpgbTQNwD-he0edPplY5E_1O-YhEAZmE7g5eg==
Age: 26059
interstitial-07.com/?l=CYAdIzp5Ctv64CJ&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D4102191462%26z%3D5630103%26b%3D16380032%26c%3D6511541%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DU9PfThtZ9Ssd0_26-ceJf48LQbjyLsPVejfq3UiMEZPR2VWDEMZ98Y1VLmRPHFGfoiXG54GTcrO2kE3RCkbB2k2YkzyfcA5sRO0fPEac9tCpPbsuG768A_-kwbl0gcv8bvtnmgLaVHmmhEQR56DtIHJjLzRovayQ-ro_MpqI9TjZpFRSAUtF6r9u1mA6DrHY2trDg2syTbf07RXD64imRhnXVeSyS8tycJXQ6ExsXPnUm8V65yo2NSCrYCWszcql_LJgBFhu0oHGCRVDtFKmzN6fBK_nr35N1rYhutHEChxANkCywqf-mSwf0UmA7t2wa34iS_mnBsoMEamhMBX5tpCg1-eVWzbLzlc4fMIs2YP-eismOwjHYB42kTZF-L4-ONJriPpGLTxGSZ6efDEUDoe8DLdFw2GvFzJ4wY7YErC7fE9Hd3NbygHkQbe7Q27rb6j06RXMCL8QApmnOnXJMxLMgId7uXPEHSd4JdnY4Or60iA3e1VKxtDmnejZ40z6yrCAhk3abA3-IMNkWJ-oZFkpOxogkO4oJDUFb-uY46cWZDaWpbYQpU0Ul9CTk6Y9irlJvtD5iPUFEpcYuhqYD9jM9CiWJAG3F3TcVBOY81RqUwduYOUlXL6z4CzpBNGDvDsbu2xHD26O6M0l4XsSJeA8WuGPxi3ST5gBrgyR9crIC-voGlE9vHs94JURxmyOz8ki2OC82J0O3SFJBKvAag%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D468f29aa-88ec-4fc9-9b0f-83a6b7199070%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FgOog%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
200 OK 36 kB URL HTTP/2 interstitial-07.com/?l=CYAdIzp5Ctv64CJ&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D4102191462%26z%3D5630103%26b%3D16380032%26c%3D6511541%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DU9PfThtZ9Ssd0_26-ceJf48LQbjyLsPVejfq3UiMEZPR2VWDEMZ98Y1VLmRPHFGfoiXG54GTcrO2kE3RCkbB2k2YkzyfcA5sRO0fPEac9tCpPbsuG768A_-kwbl0gcv8bvtnmgLaVHmmhEQR56DtIHJjLzRovayQ-ro_MpqI9TjZpFRSAUtF6r9u1mA6DrHY2trDg2syTbf07RXD64imRhnXVeSyS8tycJXQ6ExsXPnUm8V65yo2NSCrYCWszcql_LJgBFhu0oHGCRVDtFKmzN6fBK_nr35N1rYhutHEChxANkCywqf-mSwf0UmA7t2wa34iS_mnBsoMEamhMBX5tpCg1-eVWzbLzlc4fMIs2YP-eismOwjHYB42kTZF-L4-ONJriPpGLTxGSZ6efDEUDoe8DLdFw2GvFzJ4wY7YErC7fE9Hd3NbygHkQbe7Q27rb6j06RXMCL8QApmnOnXJMxLMgId7uXPEHSd4JdnY4Or60iA3e1VKxtDmnejZ40z6yrCAhk3abA3-IMNkWJ-oZFkpOxogkO4oJDUFb-uY46cWZDaWpbYQpU0Ul9CTk6Y9irlJvtD5iPUFEpcYuhqYD9jM9CiWJAG3F3TcVBOY81RqUwduYOUlXL6z4CzpBNGDvDsbu2xHD26O6M0l4XsSJeA8WuGPxi3ST5gBrgyR9crIC-voGlE9vHs94JURxmyOz8ki2OC82J0O3SFJBKvAag%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D468f29aa-88ec-4fc9-9b0f-83a6b7199070%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FgOog%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1545)
Hash 0f36b064a5658bea420334acd17a8a3d
ccde21f253a4cf5ebd05d89fd7bfd0720a085896
b70251345f1759a58a155a4e85775e6449d3c5255eb83dff7d7abc5c30d0d96e
GET /?l=CYAdIzp5Ctv64CJ&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D4102191462%26z%3D5630103%26b%3D16380032%26c%3D6511541%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DU9PfThtZ9Ssd0_26-ceJf48LQbjyLsPVejfq3UiMEZPR2VWDEMZ98Y1VLmRPHFGfoiXG54GTcrO2kE3RCkbB2k2YkzyfcA5sRO0fPEac9tCpPbsuG768A_-kwbl0gcv8bvtnmgLaVHmmhEQR56DtIHJjLzRovayQ-ro_MpqI9TjZpFRSAUtF6r9u1mA6DrHY2trDg2syTbf07RXD64imRhnXVeSyS8tycJXQ6ExsXPnUm8V65yo2NSCrYCWszcql_LJgBFhu0oHGCRVDtFKmzN6fBK_nr35N1rYhutHEChxANkCywqf-mSwf0UmA7t2wa34iS_mnBsoMEamhMBX5tpCg1-eVWzbLzlc4fMIs2YP-eismOwjHYB42kTZF-L4-ONJriPpGLTxGSZ6efDEUDoe8DLdFw2GvFzJ4wY7YErC7fE9Hd3NbygHkQbe7Q27rb6j06RXMCL8QApmnOnXJMxLMgId7uXPEHSd4JdnY4Or60iA3e1VKxtDmnejZ40z6yrCAhk3abA3-IMNkWJ-oZFkpOxogkO4oJDUFb-uY46cWZDaWpbYQpU0Ul9CTk6Y9irlJvtD5iPUFEpcYuhqYD9jM9CiWJAG3F3TcVBOY81RqUwduYOUlXL6z4CzpBNGDvDsbu2xHD26O6M0l4XsSJeA8WuGPxi3ST5gBrgyR9crIC-voGlE9vHs94JURxmyOz8ki2OC82J0O3SFJBKvAag%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D468f29aa-88ec-4fc9-9b0f-83a6b7199070%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FgOog%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:59:32 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.27
set-cookie: reverse=ivInIJBdA5nA76dOjRrX1o80EqujlqnWSI7mk5S_8R8; expires=Wed, 25-Jan-2023 11:59:32 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2
interstitial-07.com/contents/s/22/ad/c9/ea5795ef560f8d389248e030cf/0305753960206.jpeg
200 OK 21 kB URL HTTP/2 interstitial-07.com/contents/s/22/ad/c9/ea5795ef560f8d389248e030cf/0305753960206.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 256x256, components 3\012- data
Hash 22adc9ea5795ef560f8d389248e030cf
0ad28b6b561c56650ad3a9e5f4cce7600df548dd
4260ab929da6233410a80d6333d9c33007a23c65ecbb20f72aafbb72ee0ecd2e
GET /contents/s/22/ad/c9/ea5795ef560f8d389248e030cf/0305753960206.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=CYAdIzp5Ctv64CJ&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D4102191462%26z%3D5630103%26b%3D16380032%26c%3D6511541%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DU9PfThtZ9Ssd0_26-ceJf48LQbjyLsPVejfq3UiMEZPR2VWDEMZ98Y1VLmRPHFGfoiXG54GTcrO2kE3RCkbB2k2YkzyfcA5sRO0fPEac9tCpPbsuG768A_-kwbl0gcv8bvtnmgLaVHmmhEQR56DtIHJjLzRovayQ-ro_MpqI9TjZpFRSAUtF6r9u1mA6DrHY2trDg2syTbf07RXD64imRhnXVeSyS8tycJXQ6ExsXPnUm8V65yo2NSCrYCWszcql_LJgBFhu0oHGCRVDtFKmzN6fBK_nr35N1rYhutHEChxANkCywqf-mSwf0UmA7t2wa34iS_mnBsoMEamhMBX5tpCg1-eVWzbLzlc4fMIs2YP-eismOwjHYB42kTZF-L4-ONJriPpGLTxGSZ6efDEUDoe8DLdFw2GvFzJ4wY7YErC7fE9Hd3NbygHkQbe7Q27rb6j06RXMCL8QApmnOnXJMxLMgId7uXPEHSd4JdnY4Or60iA3e1VKxtDmnejZ40z6yrCAhk3abA3-IMNkWJ-oZFkpOxogkO4oJDUFb-uY46cWZDaWpbYQpU0Ul9CTk6Y9irlJvtD5iPUFEpcYuhqYD9jM9CiWJAG3F3TcVBOY81RqUwduYOUlXL6z4CzpBNGDvDsbu2xHD26O6M0l4XsSJeA8WuGPxi3ST5gBrgyR9crIC-voGlE9vHs94JURxmyOz8ki2OC82J0O3SFJBKvAag%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D468f29aa-88ec-4fc9-9b0f-83a6b7199070%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FgOog%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:59:32 GMT
content-type: image/jpeg
content-length: 20759
last-modified: Wed, 14 Dec 2022 16:39:34 GMT
vary: Accept-Encoding
etag: "6399fc46-5117"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 34c6c87358e04f2487a4fcb466d2ad17
2e99bb20b81b80930471f736676e4dd3a093a9cd
db58d2601ad2308da96f8998b9b5e39c3c48b910c0f141230a757b9985b536fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 10:59:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 34c6c87358e04f2487a4fcb466d2ad17
2e99bb20b81b80930471f736676e4dd3a093a9cd
db58d2601ad2308da96f8998b9b5e39c3c48b910c0f141230a757b9985b536fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 10:59:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-crto-bundle
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:32 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-headers: X-CRTO-SID, X-CRTO-IDCPY, X-CRTO-OPTOUT, X-CRTO-BUNDLE
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 438979
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash ba774ffafa28f12cf141d58176d9671b
45d598f5a07be384facb0e4e4490f39e6806425f
f58ed33e177349f5a5f429eeb37e3d425187a59debb4206fcc281450dab6b3c1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3476
Cache-Control: max-age=115519
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 10:59:32 GMT
Etag: "63d01e3f-1d7"
Expires: Thu, 26 Jan 2023 19:04:51 GMT
Last-Modified: Tue, 24 Jan 2023 18:06:55 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
interstitial-07.com/contents/s/4d/4d/44/8b8d067fbb8dd5bd371f76aa3f/0124434927299.jpeg
200 OK 48 kB URL HTTP/2 interstitial-07.com/contents/s/4d/4d/44/8b8d067fbb8dd5bd371f76aa3f/0124434927299.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 492x328, components 3\012- data
Hash 4d4d448b8d067fbb8dd5bd371f76aa3f
ac126e854681a30faeeec1b07871640015003743
2d544292185300921204a178010fef7d3a94d27e6f8358ef09be4cada4187a5e
GET /contents/s/4d/4d/44/8b8d067fbb8dd5bd371f76aa3f/0124434927299.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=CYAdIzp5Ctv64CJ&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D4102191462%26z%3D5630103%26b%3D16380032%26c%3D6511541%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DU9PfThtZ9Ssd0_26-ceJf48LQbjyLsPVejfq3UiMEZPR2VWDEMZ98Y1VLmRPHFGfoiXG54GTcrO2kE3RCkbB2k2YkzyfcA5sRO0fPEac9tCpPbsuG768A_-kwbl0gcv8bvtnmgLaVHmmhEQR56DtIHJjLzRovayQ-ro_MpqI9TjZpFRSAUtF6r9u1mA6DrHY2trDg2syTbf07RXD64imRhnXVeSyS8tycJXQ6ExsXPnUm8V65yo2NSCrYCWszcql_LJgBFhu0oHGCRVDtFKmzN6fBK_nr35N1rYhutHEChxANkCywqf-mSwf0UmA7t2wa34iS_mnBsoMEamhMBX5tpCg1-eVWzbLzlc4fMIs2YP-eismOwjHYB42kTZF-L4-ONJriPpGLTxGSZ6efDEUDoe8DLdFw2GvFzJ4wY7YErC7fE9Hd3NbygHkQbe7Q27rb6j06RXMCL8QApmnOnXJMxLMgId7uXPEHSd4JdnY4Or60iA3e1VKxtDmnejZ40z6yrCAhk3abA3-IMNkWJ-oZFkpOxogkO4oJDUFb-uY46cWZDaWpbYQpU0Ul9CTk6Y9irlJvtD5iPUFEpcYuhqYD9jM9CiWJAG3F3TcVBOY81RqUwduYOUlXL6z4CzpBNGDvDsbu2xHD26O6M0l4XsSJeA8WuGPxi3ST5gBrgyR9crIC-voGlE9vHs94JURxmyOz8ki2OC82J0O3SFJBKvAag%3D%3D%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3D468f29aa-88ec-4fc9-9b0f-83a6b7199070%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FgOog%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D2%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:59:32 GMT
content-type: image/jpeg
content-length: 48518
last-modified: Wed, 14 Dec 2022 16:39:29 GMT
vary: Accept-Encoding
etag: "6399fc41-bd86"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 1531981ef9429a92d7d8b4f1cbfbf422
f8de480a953b7ea586424919c5d7cb0f4850d257
31972e06370f524818209ead030c043155d5271bca62836b9f2ef097607cbc90
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1199
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 10:59:32 GMT
Last-Modified: Wed, 25 Jan 2023 10:39:34 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
ocsp.globalsign.com/gsgccr3dvtlsca2020
200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP
Hash 10049343eb9290476d86461e5f0a304e
6ef5f16200d3b9341a6e7e4d01978a37855de54c
8a2d553826c375a065dfa0465d8e545c590dd4176d3a5b1294eb1c3a8d4b9632
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 25 Jan 2023 10:59:32 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Sun, 29 Jan 2023 09:05:51 GMT
ETag: "6ef5f16200d3b9341a6e7e4d01978a37855de54c"
Last-Modified: Wed, 25 Jan 2023 09:05:52 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2744
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78f080005a2f0b69-OSL
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash dc657ca11062c12e6a82fe26f0bd49ec
22f46ad26de558c130630e331e890f2d99fbd73f
c5b94400964e1279c9ac8a67018aaa1fb05c1cfe9b0b5e54dd1ea78511b472de
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5B94400964E1279C9AC8A67018AAA1FB05C1CFE9B0B5E54DD1EA78511B472DE"
Last-Modified: Mon, 23 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1135
Expires: Wed, 25 Jan 2023 11:18:27 GMT
Date: Wed, 25 Jan 2023 10:59:32 GMT
Connection: keep-alive
ocsp2.globalsign.com/gsalphasha2g2
200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP
Hash 934c5ef85018260d237aae5ae28dcc79
8c447b7f26ee8a9d1a54deccb9d58af5e968d549
8ca06347ccbffe5fd017d7c0bbfeb4322343ef617cdd1447cc3e60ac09e71587
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 25 Jan 2023 10:59:32 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Sun, 29 Jan 2023 07:16:14 GMT
ETag: "8c447b7f26ee8a9d1a54deccb9d58af5e968d549"
Last-Modified: Wed, 25 Jan 2023 07:16:15 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 366
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78f080005d26b4f1-OSL
cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=32d93b6d-9b0c-4b31-abd2-5712e36a21a2
302 Found 341 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=32d93b6d-9b0c-4b31-abd2-5712e36a21a2
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 76a5c24ef977fc3352f2e0dc5d85072f
54db84f8338147ab3e7a8a1a70abcd322411d579
3db6e321b1d0b80c555afc4eab08e5b1c88036cd1304c69ebd5f94d2f7829eb4
GET /pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=32d93b6d-9b0c-4b31-abd2-5712e36a21a2 HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&fid=32d93b6d-9b0c-4b31-abd2-5712e36a21a2&google_tc=
date: Wed, 25 Jan 2023 10:59:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 341
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 25-Jan-2023 11:14:32 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12771%26ref%3D%26url%3Dhttps%253A%252F%252Foxy.st%252Fd%252FgOog%26hn_ver%3D40%26fid%3D32d93b6d-9b0c-4b31-abd2-5712e36a21a2
307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12771%26ref%3D%26url%3Dhttps%253A%252F%252Foxy.st%252Fd%252FgOog%26hn_ver%3D40%26fid%3D32d93b6d-9b0c-4b31-abd2-5712e36a21a2
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12771%26ref%3D%26url%3Dhttps%253A%252F%252Foxy.st%252Fd%252FgOog%26hn_ver%3D40%26fid%3D32d93b6d-9b0c-4b31-abd2-5712e36a21a2 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Wed, 25 Jan 2023 10:59:32 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FgOog%2526hn_ver%253D40%2526fid%253D32d93b6d-9b0c-4b31-abd2-5712e36a21a2
AN-X-Request-Uuid: 0c8cdd5c-b934-4257-865d-59dfaa5fa404
Set-Cookie: uuid2=6129448790261571716; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 25-Apr-2023 10:59:32 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=ff27a925-adec-4724-79f7-fca3b9beea04&reqId=89816a58-8a88-4125-40a7-5985c5473fd6&zdid=1258
302 Found 447 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=ff27a925-adec-4724-79f7-fca3b9beea04&reqId=89816a58-8a88-4125-40a7-5985c5473fd6&zdid=1258
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash c29e9c74f447ec34ff1fa356aa954edb
cecb7dc8a18a9d4642c2f8d11bebde25ee9a872d
04e4374d9016b5cbccc098bab8a8dd9a904b85663e51e8ac809ce8c50873d1d9
GET /pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=ff27a925-adec-4724-79f7-fca3b9beea04&reqId=89816a58-8a88-4125-40a7-5985c5473fd6&zdid=1258 HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=ff27a925-adec-4724-79f7-fca3b9beea04&reqId=89816a58-8a88-4125-40a7-5985c5473fd6&zdid=1258&google_tc=
date: Wed, 25 Jan 2023 10:59:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 447
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 25-Jan-2023 11:14:32 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
counter.yadro.ru/hit?t52.6;r;s1280*1024*24;uhttps%3A//oxy.st/d/gOog;hDownload%20file%20%A74xSoulles%A76Pack%A7e%5Bv1%5D.zip%20on%20Oxy.Cloud;0.11511560729480375
200 OK 422 B URL HTTP/1.1 counter.yadro.ru/hit?t52.6;r;s1280*1024*24;uhttps%3A//oxy.st/d/gOog;hDownload%20file%20%A74xSoulles%A76Pack%A7e%5Bv1%5D.zip%20on%20Oxy.Cloud;0.11511560729480375
IP
ASN #39134 United Network LLC
File type GIF image data, version 87a, 88 x 31\012- data
Hash 8388ecc12288b2fed88b7bb42ed34b6c
11f3ee166a7e070d74f6ec5d752a7d3f2fa42cd2
444fa10daffab12882bb04f64651e828bb884c9053b4f5a69e03aae9b365db62
GET /hit?t52.6;r;s1280*1024*24;uhttps%3A//oxy.st/d/gOog;hDownload%20file%20%A74xSoulles%A76Pack%A7e%5Bv1%5D.zip%20on%20Oxy.Cloud;0.11511560729480375 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 25 Jan 2023 10:59:32 GMT
Content-Type: image/gif
Content-Length: 422
Connection: keep-alive
Expires: Mon, 24 Jan 2022 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
200 OK 9.3 kB URL HTTP/2 gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP
Hash 0eabeb3daa6d2ea554846ad49920b998
5ff7beb6c4d90cf170829639ed80d1cf8a91a6ce
9193737ebca37d2d4572d1337a4c0d93a1656f0e36920e9d1b76ffd608d844ec
GET /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
x-crto-bundle: NxTMfF9ZRkRMQyUyRm5LSkRDOTZPWjZZdGROaiUyRlA3dDF0MDZqNWVQYSUyRjJOaW1PM0ZBWGptRXE3TlRUQThSVTVyZ0pkb3hSSFdhYldWeWUwQ1hManpOU1c2Yk5DQlIwU1FUUDJBWm5rTyUyRmg5ck1EZjhNJTNE
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:32 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 1601245
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1
200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:32 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM
200 OK 5.7 kB URL HTTP/2 contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (13426)
Hash 83d30f2b1dfed5dafbf7fdf798314df9
4cf8ccc03144139164b40eefb1817765488f22cd
5a7f4f57be738e010f04d3a91087b0a37414db53b63053d497338b6561b64947
GET /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Fri, 27 Jan 2023 10:59:32 GMT
date: Wed, 25 Jan 2023 10:59:32 GMT
content-length: 5745
X-Firefox-Spdy: h2
lg3.media.net/bping.php?vgd_len=485&&vgd_cdv=856&vgd_cage=0&gdpr=1&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1674644372404168492&ugd=4&lf=6&cc=NO&lper=100&wsip=2886781032&r=1674644370665&requrl=https%3A%2F%2Foxy.st%2Fd%2FgOog&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=50304&vgd_rakh=1674644372126872650&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p0841292358t202301251059&vgd_pgids=1&vgd_uspa=0&hvsid=00001674644370659015326356486724&gdpr=1&vgd_l2type=scs_newfl&vgd_end=1
200 OK 15 B URL HTTP/2 lg3.media.net/bping.php?vgd_len=485&&vgd_cdv=856&vgd_cage=0&gdpr=1&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1674644372404168492&ugd=4&lf=6&cc=NO&lper=100&wsip=2886781032&r=1674644370665&requrl=https%3A%2F%2Foxy.st%2Fd%2FgOog&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=50304&vgd_rakh=1674644372126872650&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p0841292358t202301251059&vgd_pgids=1&vgd_uspa=0&hvsid=00001674644370659015326356486724&gdpr=1&vgd_l2type=scs_newfl&vgd_end=1
IP
File type ASCII text, with no line terminators
Hash 2ba5e95642c652c708881ad3c9d8443f
5bfcc33bb9cc897546c600206b03d1307bd63a94
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
GET /bping.php?vgd_len=485&&vgd_cdv=856&vgd_cage=0&gdpr=1&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1674644372404168492&ugd=4&lf=6&cc=NO&lper=100&wsip=2886781032&r=1674644370665&requrl=https%3A%2F%2Foxy.st%2Fd%2FgOog&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=50304&vgd_rakh=1674644372126872650&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p0841292358t202301251059&vgd_pgids=1&vgd_uspa=0&hvsid=00001674644370659015326356486724&gdpr=1&vgd_l2type=scs_newfl&vgd_end=1 HTTP/1.1
Host: lg3.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Apache
content-length: 15
content-type: text/html; charset=UTF-8
ntcoent-length: 15
strict-transport-security: max-age=21600
vary: Accept-Encoding
cache-control: max-age=16384
date: Wed, 25 Jan 2023 10:59:32 GMT
X-Firefox-Spdy: h2
secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FgOog%2526hn_ver%253D40%2526fid%253D32d93b6d-9b0c-4b31-abd2-5712e36a21a2
302 Found 0 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FgOog%2526hn_ver%253D40%2526fid%253D32d93b6d-9b0c-4b31-abd2-5712e36a21a2
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FgOog%2526hn_ver%253D40%2526fid%253D32d93b6d-9b0c-4b31-abd2-5712e36a21a2 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Wed, 25 Jan 2023 10:59:32 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://s.cpx.to/an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FgOog&hn_ver=40&fid=32d93b6d-9b0c-4b31-abd2-5712e36a21a2
AN-X-Request-Uuid: e5613d2b-5e80-40fd-b0cb-b50e97465105
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
unphionetor.com/vctx?t=72747
204 No Content 0 B URL HTTP/2 unphionetor.com/vctx?t=72747
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /vctx?t=72747 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 25 Jan 2023 10:59:32 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: e8aa9e942cc5daf780128ce052080cfb
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D32d93b6d-9b0c-4b31-abd2-5712e36a21a2
200 OK 115 B URL HTTP/2 image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D32d93b6d-9b0c-4b31-abd2-5712e36a21a2
IP
Hash 6a691d64c380564e70f6b8395ea6ccdb
cc8c68c02c4c18b5e9b7ca549b629fb2dc71c4b8
65023331d6af9780c5b69cb5ef00593fe3f9b4df6fa743869e30c523befd5514
GET /AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D32d93b6d-9b0c-4b31-abd2-5712e36a21a2 HTTP/1.1
Host: image2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:59:32 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip
X-Firefox-Spdy: h2
contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FgOog&nse=5&vi=1674644372404168492&ugd=4&sff=0&pgid=p0841292358t202301251059&nb=1
200 OK 329 B URL HTTP/2 contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FgOog&nse=5&vi=1674644372404168492&ugd=4&sff=0&pgid=p0841292358t202301251059&nb=1
IP
File type ASCII text, with very long lines (550), with no line terminators
Hash cfdcfac14d1d8223afd3da15bb278419
d8985fb8e8104f044f1c2db191cd968139e8e4e2
8d03f0b2c2d43d380ff410611eed607a3c6aa8ddab12ae126cae763c78413d1c
GET /smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FgOog&nse=5&vi=1674644372404168492&ugd=4&sff=0&pgid=p0841292358t202301251059&nb=1 HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
content-type: text/javascript
x-sc-h: 21-qj27
expires: Wed, 25 Jan 2023 10:59:32 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 25 Jan 2023 10:59:32 GMT
content-length: 329
vary: Accept-Encoding
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mwzeom.zeotap.com/mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=ff27a925-adec-4724-79f7-fca3b9beea04&reqId=89816a58-8a88-4125-40a7-5985c5473fd6&zdid=1258&google_error=3
200 OK 95 B URL HTTP/2 mwzeom.zeotap.com/mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=ff27a925-adec-4724-79f7-fca3b9beea04&reqId=89816a58-8a88-4125-40a7-5985c5473fd6&zdid=1258&google_error=3
IP
File type PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Hash 71a50dbba44c78128b221b7df7bb51f1
0ec63b140374ba704a58fa0c743cb357683313dd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
GET /mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=ff27a925-adec-4724-79f7-fca3b9beea04&reqId=89816a58-8a88-4125-40a7-5985c5473fd6&zdid=1258&google_error=3 HTTP/1.1
Host: mwzeom.zeotap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Cookie: zc=ff27a925-adec-4724-79f7-fca3b9beea04; zsc=%DC%5B%3B%0E%A1%D4%1D%29%C0%29%FE9%C1%BC%AF%D6%3D%2C%B5%BF%83u%E3%01%F2%DD%8E%A3%9BD%90%F8H%8D%D4%7CE%27%E3y%22D%C5%0F%A5%00%C0%CF%B0%A3%8Bb%CC%91E%0E+%2Amalg%23%95%CD%EF%7CP4%E6%B9%8C%F1%DE%B1%92%40%F5%01%91g%BA%CA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:32 GMT
content-type: image/png
content-length: 95
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://oxy.st
set-cookie: zc=ff27a925-adec-4724-79f7-fca3b9beea04; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 78f080013d6fb500-OSL
X-Firefox-Spdy: h2
s.cpx.to/an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FgOog&hn_ver=40&fid=32d93b6d-9b0c-4b31-abd2-5712e36a21a2
200 OK 95 B URL HTTP/1.1 s.cpx.to/an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FgOog&hn_ver=40&fid=32d93b6d-9b0c-4b31-abd2-5712e36a21a2
IP
File type PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Hash 9606fa62df0ffe87253f3baf418f0e42
fe8520ab0bf1622350513d685ece5faf70b4e8c1
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
GET /an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FgOog&hn_ver=40&fid=32d93b6d-9b0c-4b31-abd2-5712e36a21a2 HTTP/1.1
Host: s.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Cookie: cpSess=875215224c74f56
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 25 Jan 2023 10:59:32 GMT
Content-Type: image/png
Content-Length: 95
Connection: keep-alive
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: none
cache-control: no-store, must-revalidate, private, max-age=0
pragma: no-cache
set-cookie: cpSess=875215224c74f56; Expires=Thu, 25 Jan 2024 10:59:32 GMT; Domain=.cpx.to; Path=/; Secure; HttpOnly; SameSite=None
p3p: CP="NOI DEV ADM"
expires: Wed, 25 Jan 2023 10:59:32 UTC
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 176ab888cb4eeee86431993b3ef960e2
0eb79ca64f0f6b29837d1d7dfe12d38a3d5c3822
47984ce01d5a6281b9f2841cb119d3623e0d4202602f354628469e9158a2d6fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47984CE01D5A6281B9F2841CB119D3623E0D4202602F354628469E9158A2D6FA"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16513
Expires: Wed, 25 Jan 2023 15:34:45 GMT
Date: Wed, 25 Jan 2023 10:59:32 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 176ab888cb4eeee86431993b3ef960e2
0eb79ca64f0f6b29837d1d7dfe12d38a3d5c3822
47984ce01d5a6281b9f2841cb119d3623e0d4202602f354628469e9158a2d6fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47984CE01D5A6281B9F2841CB119D3623E0D4202602F354628469E9158A2D6FA"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16513
Expires: Wed, 25 Jan 2023 15:34:45 GMT
Date: Wed, 25 Jan 2023 10:59:32 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 176ab888cb4eeee86431993b3ef960e2
0eb79ca64f0f6b29837d1d7dfe12d38a3d5c3822
47984ce01d5a6281b9f2841cb119d3623e0d4202602f354628469e9158a2d6fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47984CE01D5A6281B9F2841CB119D3623E0D4202602F354628469E9158A2D6FA"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16513
Expires: Wed, 25 Jan 2023 15:34:45 GMT
Date: Wed, 25 Jan 2023 10:59:32 GMT
Connection: keep-alive
ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js
200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js
IP
File type ASCII text, with very long lines (32034)
Hash c54aac7ef64c39b4f384e0d5771d3b46
d3e059104378a3844862a5ed12a13f5d423e86b6
3e1b5002dd64d185f806edeefd333348f423584d876cfc966b5c13884c8fe3da
GET /ajax/libs/jquery/3.0.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30186
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 18 Jan 2023 22:06:35 GMT
expires: Thu, 18 Jan 2024 22:06:35 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 564777
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 176ab888cb4eeee86431993b3ef960e2
0eb79ca64f0f6b29837d1d7dfe12d38a3d5c3822
47984ce01d5a6281b9f2841cb119d3623e0d4202602f354628469e9158a2d6fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47984CE01D5A6281B9F2841CB119D3623E0D4202602F354628469E9158A2D6FA"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16513
Expires: Wed, 25 Jan 2023 15:34:45 GMT
Date: Wed, 25 Jan 2023 10:59:32 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 176ab888cb4eeee86431993b3ef960e2
0eb79ca64f0f6b29837d1d7dfe12d38a3d5c3822
47984ce01d5a6281b9f2841cb119d3623e0d4202602f354628469e9158a2d6fa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47984CE01D5A6281B9F2841CB119D3623E0D4202602F354628469E9158A2D6FA"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16513
Expires: Wed, 25 Jan 2023 15:34:45 GMT
Date: Wed, 25 Jan 2023 10:59:32 GMT
Connection: keep-alive
image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D32d93b6d-9b0c-4b31-abd2-5712e36a21a2
302 Found 8.8 kB URL HTTP/2 image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D32d93b6d-9b0c-4b31-abd2-5712e36a21a2
IP
Hash 7f4a8e3188cf16ab407fae12e98fa3eb
5c6d7c0be793be095baf7db27fee94e574c58efd
f97c8ff926a396b7d54063b7ccce812c54c12a3091c874cb70ee0371932093be
GET /AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D32d93b6d-9b0c-4b31-abd2-5712e36a21a2 HTTP/1.1
Host: image2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Wed, 25 Jan 2023 10:59:32 GMT
set-cookie: KTPCACOOKIE=true; domain=pubmatic.com; secure; expires=Tue, 25-Apr-2023 10:59:32 GMT; path=/
location: https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D32d93b6d-9b0c-4b31-abd2-5712e36a21a2
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7da858f1-3099-4d35-9bf6-fae2a155404c.jpeg
200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7da858f1-3099-4d35-9bf6-fae2a155404c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 05ff19472d4870833d7c6b495099a86c
6ad7424d14301c62a93ea71843238d2ff0699a02
1f2c62b3be1147d1ed12d1e28caa86c97684d5c5da87ebe3a709ce01cd878abb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7da858f1-3099-4d35-9bf6-fae2a155404c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8676
x-amzn-requestid: eaa1dff1-44ea-47ff-b211-1dd709d9b259
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLP5IGAHIAMFm9w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cdf9d3-3ccb4f9322744f546fff8a9a;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 03:06:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3ImH7pi4LZOZo6IqNquoa5C97jI9U0LdwbEKSDU1Cf4R9pITWYhyAw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 04:04:43 GMT
age: 24889
etag: "6ad7424d14301c62a93ea71843238d2ff0699a02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js
200 OK 8.9 kB URL HTTP/2 rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js
IP
Hash 39f94ec86c9ba68e336165dbfbd1cc64
12fdec2d7f3ff9227646e10f69659344d4da35a3
50417f9f20f55cbea397b9cd5c9f20731f0246a53a9a61c86de755a66878ea46
GET /rules-p-6Fv0cGNfc_bw8.js HTTP/1.1
Host: rules.quantcount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Wed, 25 Jan 2023 10:36:27 GMT
last-modified: Thu, 13 Oct 2022 22:35:53 GMT
etag: W/"1f431dc94c1f033d6666f0fe637e2d7b"
x-amz-server-side-encryption: AES256
cache-control: max-age=3600
server: AmazonS3
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Bls60Iy6PrnCwWrD704KPannQrF9IUxayKx5bpGRdXTT6SYPboSQdg==
age: 1386
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59be5df3-0d3c-4611-9b91-9ce5041a7a57.jpeg
200 OK 3.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59be5df3-0d3c-4611-9b91-9ce5041a7a57.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dbbcba4403c1ea4e45ff47894d66e984
8555e8d6a38b78829a7dd2f10eb99bdbb254d89a
c9acd732889f9a58b085ceee3ceb8040fedb1e85ddb9f5b933960472c2f8d147
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59be5df3-0d3c-4611-9b91-9ce5041a7a57.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3109
x-amzn-requestid: 89df621b-47d8-4127-8e4f-8e57f3244419
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fKV9hFNKIAMFtlg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cd9d23-0b4c0b5d2bf8c22b2ada0e9c;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 20:31:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: B62xY4rlFNdJGd5ethwkCIwQTsegDVJy6s7OptIr1g_E8GvwttW2sQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 10:03:05 GMT
age: 3387
etag: "8555e8d6a38b78829a7dd2f10eb99bdbb254d89a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09ccbe5e-77b1-4d6d-98f5-a477f3861d8c.jpeg
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09ccbe5e-77b1-4d6d-98f5-a477f3861d8c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7458f7a9b2070055df6f1d496794e43e
0f5d2a6d846f4f8f85dd7e8089e643cacc57d8a9
373097662c419eef9f4a19ce9f3bcead70f6eafbf0acf44806685eece43ce251
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09ccbe5e-77b1-4d6d-98f5-a477f3861d8c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12758
x-amzn-requestid: c3540562-8c62-4957-9528-7ae952daebaa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e9gf1E87oAMFpsQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c87acb-49fd3f78275937e24d23fca3;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 23:03:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: c5YOTqrEv9RLv_lKsrC377yost8auxYRPLubBFGjIWtnbueiGMJYGw==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 07:33:54 GMT
age: 12338
etag: "0f5d2a6d846f4f8f85dd7e8089e643cacc57d8a9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d0e7609-9fe9-4d8e-8e5d-d900bbac3bcf.webp
200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d0e7609-9fe9-4d8e-8e5d-d900bbac3bcf.webp
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 946d8485d39fbe598dc6af86e735061d
4934319819697b4c89466949cd4ef93bb8b9c8b2
7bd130762bfaa189b24e3620e4a54b8e0cc7046ea2d917c37d11a8f248803840
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d0e7609-9fe9-4d8e-8e5d-d900bbac3bcf.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9343
x-amzn-requestid: 5786e270-1aae-45e2-b406-ad9ce4e90c20
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHH8hEcBIAMFyjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5383-3b3fb6220035b4e34db73fee;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:05:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ffDYSL3N0ZZ2vGX3d94Evnu0SeEkLWwv4HRHdyUYXQ19MstDR4jROA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 09:04:06 GMT
age: 6926
etag: "4934319819697b4c89466949cd4ef93bb8b9c8b2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash 91a583b63b5d4f57de87198ee87ff542
13f349404ffebaa2c9058c4358954b44b386ca96
cdee7be7510ecb8ef783be3da3cc2ed2cc3f7cf8c95aa190179fed3ae9b2a415
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6135
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 10:59:32 GMT
Last-Modified: Wed, 25 Jan 2023 09:17:17 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 279
pixel.quantserve.com/pixel;r=1012728355;labels=Categories.technologyandcomputing;rf=0;a=p-6Fv0cGNfc_bw8;url=https%3A%2F%2Foxy.st%2Fd%2FgOog;uht=2;fpan=1;fpa=P0-497381562-1674644370718;pbc=;ns=0;ce=1;qjs=1;qv=8508733c-20230116145555;cm=;gdpr=0;ref=;d=oxy.st;dst=0;et=1674644370827;tzo=0;ogl=;ses=4c4fe0a8-08a6-4160-a150-52228c0b0d82
200 OK 35 B URL HTTP/2 pixel.quantserve.com/pixel;r=1012728355;labels=Categories.technologyandcomputing;rf=0;a=p-6Fv0cGNfc_bw8;url=https%3A%2F%2Foxy.st%2Fd%2FgOog;uht=2;fpan=1;fpa=P0-497381562-1674644370718;pbc=;ns=0;ce=1;qjs=1;qv=8508733c-20230116145555;cm=;gdpr=0;ref=;d=oxy.st;dst=0;et=1674644370827;tzo=0;ogl=;ses=4c4fe0a8-08a6-4160-a150-52228c0b0d82
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 55d25e9dc950d5db4d53a3b195c046c6
75e91ae3e549dab12ed1c9787ade9131aef1c981
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
GET /pixel;r=1012728355;labels=Categories.technologyandcomputing;rf=0;a=p-6Fv0cGNfc_bw8;url=https%3A%2F%2Foxy.st%2Fd%2FgOog;uht=2;fpan=1;fpa=P0-497381562-1674644370718;pbc=;ns=0;ce=1;qjs=1;qv=8508733c-20230116145555;cm=;gdpr=0;ref=;d=oxy.st;dst=0;et=1674644370827;tzo=0;ogl=;ses=4c4fe0a8-08a6-4160-a150-52228c0b0d82 HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:32 GMT
content-type: image/gif
content-length: 35
cache-control: private, no-cache, no-store, proxy-revalidate
expires: Fri, 04 Aug 1978 12:00:00 GMT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
pragma: no-cache
set-cookie: mc=63d10b94-c01bf-de7f5-6d236; expires=Sun, 25-Feb-2024 10:59:32 GMT; path=/; domain=.quantserve.com
X-Firefox-Spdy: h2
offerimage.com/www/images/9335927aa55358f9e473734330fb9539.jpeg
200 OK 10 kB URL HTTP/2 offerimage.com/www/images/9335927aa55358f9e473734330fb9539.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 9335927aa55358f9e473734330fb9539
d87c926a2600c379853761f28ec1018a8d8bb698
87cc7ff81b2bc4fb8ddda33156a7d21101bf2c167fb323b62877491a015e5d3e
GET /www/images/9335927aa55358f9e473734330fb9539.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:32 GMT
content-type: image/jpeg
content-length: 10001
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6239a2ff-2711"
expires: Thu, 26 Jan 2023 09:20:09 GMT
last-modified: Tue, 22 Mar 2022 10:20:47 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 5959
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 78f0800218ef169d-ARN
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 313 B IP
Hash c0bd1f845468cafeea4d2c16c3105552
54729c6597b109b34883ce474b9a6f1494cadb81
ccf6d44d700830da806bafac8aad1900b13a335ae02f61e369f0bb23678d0f5b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2511
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 10:59:32 GMT
Last-Modified: Wed, 25 Jan 2023 10:17:41 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 313
csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1
200 OK 43 B URL HTTP/2 csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1 HTTP/1.1
Host: csm.nl.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:32 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 25 Jan 2023 10:59:32 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: b87d28e847f7f80be73df99680e78203
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ibrapush.com/custom
200 OK 39 B IP
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Content-Type: application/json
Origin: https://oxy.st
Content-Length: 719
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:59:32 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: e598a0c2da170c02af5b9dcbad3b9190
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 312 B IP
Hash 9f38e81402b85a781d93c6559c1c993c
6bd11dca368a57e95cb36886c55001c8c78eec3a
2bca6182492871cb4bea756b30ac91803ccbe2a44ee43aeb3d919b2c8773e8d1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1654
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 10:59:33 GMT
Last-Modified: Wed, 25 Jan 2023 10:31:59 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 312
ocsp.digicert.com/
200 OK 312 B IP
Hash 9f38e81402b85a781d93c6559c1c993c
6bd11dca368a57e95cb36886c55001c8c78eec3a
2bca6182492871cb4bea756b30ac91803ccbe2a44ee43aeb3d919b2c8773e8d1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1654
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 25 Jan 2023 10:59:33 GMT
Last-Modified: Wed, 25 Jan 2023 10:31:59 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 312
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash 9be2ec225cee85c809b0b1195a011d16
1a975c9cba9915a0b88ab8544694c8e47d97186b
a9d557e8a7c7d405a519f9117627b5ff2c4a88846522bf5a7ad39dcbd6b68136
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 25 Jan 2023 10:59:33 GMT
Last-Modified: Wed, 25 Jan 2023 10:09:13 GMT
Server: ECS (nyb/1D1E)
X-Cache: Miss from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 1WDe3mGI22I-Lm1LzCrF9PxA5vleAVw86bOi-_8YI1YWdN-mKbPqpQ==
Age: 3020
adtrack.adleadevent.com/notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7
200 OK 20 B URL HTTP/1.1 adtrack.adleadevent.com/notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7
IP
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7 HTTP/1.1
Host: adtrack.adleadevent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://oxy.st
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Content-Encoding: gzip
Content-Type: application/x-javascript
Date: Wed, 25 Jan 2023 10:59:33 GMT
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Last-Modified: Wed, 25 Jan 2023 10:59:33 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Length: 20
Connection: keep-alive
csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.147.Origin.FromSyncframeBundle~1
200 OK 43 B URL HTTP/2 csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.147.Origin.FromSyncframeBundle~1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /iev?entry=c~Idfs.Rtus.147.Events.SyncframeDropped~1&entry=c~Idfs.Rtus.147.Origin.FromSyncframeBundle~1 HTTP/1.1
Host: csm.nl.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:32 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
betotodilea.com/impression/OWPBghdIuqrNyk_HKJ6uYw6C-hJBl2CCCUklle0HRis54xvxU5Y2y7wSt3RIs5C3QFmMJAeyJfZoM0CXGknbH5u5tkUsnDOhQtR27AWjClYEy1xsoXp0-9dPd9u0LM1mqEFT9TxvhYuTcdnRJEnuNSVu_8IZPFjIbvvf9nOslJFAfyErGLez3DJh1hUT6XId_dsgQkvUAl3Bj-zCmy7emMarBets_VvHsm7NiFgqs_4276jXL1cQ6GLDD-vNBgr90KFr9kZGNl_i7Hp2yTekPF2og8HALXbIAoOLBKg1nWwG6xPlcvJ7_k6Y9FO-1ZKWCoueXMnwjdLCk6dFD6CyI3BHXOXKAzfzgv4SFt5-rm3svwILRg4r1sSHrolGR5GdEkNbiluL6K3G5_W3DnP6BRmE-O6mkAkayUlJ6TanG9YtSKlulvWz5AiFCyISMUnu_QVN68MgSHzKhgVNviVLeeN3ky75Pf6HrXaqMYaZ37aIc0aT-p5Kwog7Q18Y_drE7H9T0-QiCwppp0IazN8NZCyLw6WuLCib7Qr_4gzl6JM=?_z=5630102&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Foxy.st%2Fd%2FgOog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
200 OK 43 B URL HTTP/2 betotodilea.com/impression/OWPBghdIuqrNyk_HKJ6uYw6C-hJBl2CCCUklle0HRis54xvxU5Y2y7wSt3RIs5C3QFmMJAeyJfZoM0CXGknbH5u5tkUsnDOhQtR27AWjClYEy1xsoXp0-9dPd9u0LM1mqEFT9TxvhYuTcdnRJEnuNSVu_8IZPFjIbvvf9nOslJFAfyErGLez3DJh1hUT6XId_dsgQkvUAl3Bj-zCmy7emMarBets_VvHsm7NiFgqs_4276jXL1cQ6GLDD-vNBgr90KFr9kZGNl_i7Hp2yTekPF2og8HALXbIAoOLBKg1nWwG6xPlcvJ7_k6Y9FO-1ZKWCoueXMnwjdLCk6dFD6CyI3BHXOXKAzfzgv4SFt5-rm3svwILRg4r1sSHrolGR5GdEkNbiluL6K3G5_W3DnP6BRmE-O6mkAkayUlJ6TanG9YtSKlulvWz5AiFCyISMUnu_QVN68MgSHzKhgVNviVLeeN3ky75Pf6HrXaqMYaZ37aIc0aT-p5Kwog7Q18Y_drE7H9T0-QiCwppp0IazN8NZCyLw6WuLCib7Qr_4gzl6JM=?_z=5630102&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Foxy.st%2Fd%2FgOog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /impression/OWPBghdIuqrNyk_HKJ6uYw6C-hJBl2CCCUklle0HRis54xvxU5Y2y7wSt3RIs5C3QFmMJAeyJfZoM0CXGknbH5u5tkUsnDOhQtR27AWjClYEy1xsoXp0-9dPd9u0LM1mqEFT9TxvhYuTcdnRJEnuNSVu_8IZPFjIbvvf9nOslJFAfyErGLez3DJh1hUT6XId_dsgQkvUAl3Bj-zCmy7emMarBets_VvHsm7NiFgqs_4276jXL1cQ6GLDD-vNBgr90KFr9kZGNl_i7Hp2yTekPF2og8HALXbIAoOLBKg1nWwG6xPlcvJ7_k6Y9FO-1ZKWCoueXMnwjdLCk6dFD6CyI3BHXOXKAzfzgv4SFt5-rm3svwILRg4r1sSHrolGR5GdEkNbiluL6K3G5_W3DnP6BRmE-O6mkAkayUlJ6TanG9YtSKlulvWz5AiFCyISMUnu_QVN68MgSHzKhgVNviVLeeN3ky75Pf6HrXaqMYaZ37aIc0aT-p5Kwog7Q18Y_drE7H9T0-QiCwppp0IazN8NZCyLw6WuLCib7Qr_4gzl6JM=?_z=5630102&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Foxy.st%2Fd%2FgOog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Cookie: OAID=3873b35cde67482dbfa893115d3f969d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:59:36 GMT
content-type: image/gif
content-length: 43
x-trace-id: 1d654014a1f0540c9849d5bf6a1bcea4
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
betotodilea.com/500/5630102?excludes=16495107&oaid=3873b35cde67482dbfa893115d3f969d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FgOog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
200 OK 0 B URL HTTP/2 betotodilea.com/500/5630102?excludes=16495107&oaid=3873b35cde67482dbfa893115d3f969d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FgOog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/5630102?excludes=16495107&oaid=3873b35cde67482dbfa893115d3f969d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FgOog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:59:37 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://oxy.st
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
betotodilea.com/500/5630102?excludes=16495107&oaid=3873b35cde67482dbfa893115d3f969d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FgOog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
200 OK 9.7 kB URL HTTP/2 betotodilea.com/500/5630102?excludes=16495107&oaid=3873b35cde67482dbfa893115d3f969d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FgOog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
Hash 5a91d5f242c23088a28b6f463ee03bf6
2e0aeeffaadd445b58de2c3936aa74eec91ef048
cdc92a4dffd7b8ccfbb8ab0f0e74b24fdc42e4fb77743a85d6e2fa66b85e3701
GET /500/5630102?excludes=16495107&oaid=3873b35cde67482dbfa893115d3f969d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FgOog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: OAID=3873b35cde67482dbfa893115d3f969d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:59:37 GMT
content-type: application/javascript
x-trace-id: 4beb47f0583bab672e166b36be7264d6
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://oxy.st
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=3873b35cde67482dbfa893115d3f969d; expires=Thu, 25 Jan 2024 10:59:37 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st
200 OK 5.1 kB URL HTTP/2 gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st
IP
Hash 77920c4ff1ee7714268b6927bca88824
67d3d59f8e076b636a48ff99d5c1d4e68404ee94
64c5a47c2cd2a1ab2705755ccc94cd9a1226e2f9da90b69f4c361cf600523003
GET /syncframe?origin=rtus&topUrl=oxy.st HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:32 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=45f13f77-371b-495c-9e73-d33fda6f9fc8; expires=Mon, 19 Feb 2024 10:59:32 GMT; domain=.criteo.com; path=/; secure; samesite=none
optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 801130
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1
200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1
IP
OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:30 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 511057
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
inklinkor.com/tag.min.js
200 OK 0 B IP
GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:31 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 9e8f04184919ab8fe80258fbea0b0ab8
cache-control: max-age=86400
last-modified: Mon, 23 Jan 2023 15:51:55 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Thu, 26 Jan 2023 10:27:48 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 1903
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ky9yP9yQmcnquld%2Fy1pN7HuW1UpdF%2B766rr3woFRaS%2BvxWk9zHN72gCnivjhtWXCl4%2BWuiOM6Tqy3fgzCKdNudbUKrvi5l8PMaLWJbjcaGDhTpDviWvJT9oecBHYKayY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78f07ff71acbb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:32 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 84941
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
dnacdn.net/dna
200 OK 0 B IP
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Cookie: browser_data=1OBdKV80M0RITmhlJTJCZkMwOUJGQlhaMUN2czlHRSUyQlZWT3E1OU5wNkhlUU9EQUV3V3VxZVpKczUzM0hzU202VGVVa2tSYw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:32 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=DJEm9180M0RITmhlJTJCZkMwOUJGQlhaMUN2czlHRSUyQlZWT3E1OU5wNkhlUU9EQUV3V0V5UzF0cnZ1WE9sbVQyM3hQNGhGeQ; expires=Mon, 19 Feb 2024 10:59:33 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 298298
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
oxy.st/d/gOog
200 OK 0 B IP
GET /d/gOog HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 25 Jan 2023 10:59:30 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: __ddg1_=5o32YGSxdjpR9B5MXBUR; Domain=.oxy.st; HttpOnly; Path=/; Expires=Thu, 25-Jan-2024 10:59:30 GMT
PHPSESSID=tcqu9dsm9ntsm3arj92b49ngq0; path=/; domain=.oxy.st
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258
200 OK 0 B URL HTTP/2 spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258
IP
GET /mapper.js?env=mWeb&eventType=pageview&zdid=1258 HTTP/1.1
Host: spl.zeotap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:31 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://oxy.st
vary: Origin, Accept-Encoding
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 78f07ff71da6b500-OSL
content-encoding: br
X-Firefox-Spdy: h2
bedrapiona.com/5/5630105/?oo=1&js_build=iclick-v1.473.0
200 OK 0 B URL HTTP/2 bedrapiona.com/5/5630105/?oo=1&js_build=iclick-v1.473.0
IP
GET /5/5630105/?oo=1&js_build=iclick-v1.473.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:59:31 GMT
content-type: application/json
x-trace-id: 8ce70a6ec2e11b1d2621b01e5605707e
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=3873b35cde67482dbfa893115d3f969d; expires=Thu, 25 Jan 2024 10:59:31 GMT; path=/; secure; SameSite=None
oaidts=1674644371; expires=Thu, 25 Jan 2024 10:59:31 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
secure.quantserve.com/quant.js
200 OK 0 B URL HTTP/2 secure.quantserve.com/quant.js
IP
GET /quant.js HTTP/1.1
Host: secure.quantserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:32 GMT
content-type: application/javascript
accept-ranges: bytes
cache-control: private, max-age=604800
content-encoding: gzip
etag: "OVi4z6W4qM+KoQEZlRgh5w=="
expires: Wed, 01 Feb 2023 10:59:32 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP
GET /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:32 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 659950
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=2
200 OK 0 B URL HTTP/2 ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=2
IP
ASN #60068 Datacamp Limited
GET /s/requestform.js?siteId=85433&formatId=2 HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:30 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=604800
x-accel-expires: @1675227903
server: CDN77-Turbo
x-77-nzt: AblMCRSwpsH/E1MAAA
x-77-nzt-ray: af5856304f620c11920bd163c3e63634
x-cache: HIT
x-age: 21267
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
nanouwho.com/1?z=5630103
200 OK 0 B IP
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=5630103 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:59:31 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 0ad0bf0053911f77da327582a36dd671
access-control-expose-headers: X-Sc
x-sc: XkEe7waSX8B-KJlkAWeg3_1Gd1uss1w-Y9Q-5WJ5qNrX0zrYLAlqT43LXziraS2Fn60mJES8nu-oqbC4YctgzaTbauE=
set-cookie: scm=1; expires=Thu, 25 Jan 2024 10:59:31 GMT; secure; SameSite=None
OAID=68769a122aa347eb9bb2fbcce2ed0b03; expires=Thu, 25 Jan 2024 10:59:31 GMT; secure; SameSite=None
oaidts=1674644371; expires=Thu, 25 Jan 2024 10:59:31 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
oxy.st/sw.js
200 OK 0 B IP
GET /sw.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/d/gOog
Connection: keep-alive
Cookie: __ddg1_=5o32YGSxdjpR9B5MXBUR; PHPSESSID=tcqu9dsm9ntsm3arj92b49ngq0; _pbjs_userid_consent_data=3524755945110770; sharedid=d3b2e35d-aa82-4217-b61c-41ee3f039009; cto_bundle=NxTMfF9ZRkRMQyUyRm5LSkRDOTZPWjZZdGROaiUyRlA3dDF0MDZqNWVQYSUyRjJOaW1PM0ZBWGptRXE3TlRUQThSVTVyZ0pkb3hSSFdhYldWeWUwQ1hManpOU1c2Yk5DQlIwU1FUUDJBWm5rTyUyRmg5ck1EZjhNJTNE; cto_bidid=xuufPl8xRHB0dTJBUXFuRXgyUUFWdXQ1VERDRVk1T2pSWUdXTlJvaG5Zd2hoa0ZhdDFQdk93bE9zSFklMkJ3aWglMkZ0QW9paVZYSVFjZUp5NzNUN3lBYXEzN2V0d3clM0QlM0Q; prefetchAd_5630105=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 25 Jan 2023 10:59:32 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
content-encoding: gzip
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
betotodilea.com/500/5630102?excludes=&oaid=3873b35cde67482dbfa893115d3f969d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Foxy.st%2Fd%2FgOog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
200 OK 0 B URL HTTP/2 betotodilea.com/500/5630102?excludes=&oaid=3873b35cde67482dbfa893115d3f969d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Foxy.st%2Fd%2FgOog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
GET /500/5630102?excludes=&oaid=3873b35cde67482dbfa893115d3f969d&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Foxy.st%2Fd%2FgOog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: OAID=655734cf693942e49013c5cf23b9101e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:59:32 GMT
content-type: application/javascript
x-trace-id: c35b8b992de44e9a6056c1a1c5b62b70
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://oxy.st
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=3873b35cde67482dbfa893115d3f969d; expires=Thu, 25 Jan 2024 10:59:32 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=rtus&domain=oxy.st&sn=FirefoxSyncframe&so=3&topUrl=oxy.st&bundle=NxTMfF9ZRkRMQyUyRm5LSkRDOTZPWjZZdGROaiUyRlA3dDF0MDZqNWVQYSUyRjJOaW1PM0ZBWGptRXE3TlRUQThSVTVyZ0pkb3hSSFdhYldWeWUwQ1hManpOU1c2Yk5DQlIwU1FUUDJBWm5rTyUyRmg5ck1EZjhNJTNE&info=DJEm9180M0RITmhlJTJCZkMwOUJGQlhaMUN2czlHRSUyQlZWT3E1OU5wNkhlUU9EQUV3V0V5UzF0cnZ1WE9sbVQyM3hQNGhGeQ&idsd=674233582,-1557086577&cw=1&rtusCallerId=147&lsw=1
200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=rtus&domain=oxy.st&sn=FirefoxSyncframe&so=3&topUrl=oxy.st&bundle=NxTMfF9ZRkRMQyUyRm5LSkRDOTZPWjZZdGROaiUyRlA3dDF0MDZqNWVQYSUyRjJOaW1PM0ZBWGptRXE3TlRUQThSVTVyZ0pkb3hSSFdhYldWeWUwQ1hManpOU1c2Yk5DQlIwU1FUUDJBWm5rTyUyRmg5ck1EZjhNJTNE&info=DJEm9180M0RITmhlJTJCZkMwOUJGQlhaMUN2czlHRSUyQlZWT3E1OU5wNkhlUU9EQUV3V0V5UzF0cnZ1WE9sbVQyM3hQNGhGeQ&idsd=674233582,-1557086577&cw=1&rtusCallerId=147&lsw=1
IP
GET /sid/json?origin=rtus&domain=oxy.st&sn=FirefoxSyncframe&so=3&topUrl=oxy.st&bundle=NxTMfF9ZRkRMQyUyRm5LSkRDOTZPWjZZdGROaiUyRlA3dDF0MDZqNWVQYSUyRjJOaW1PM0ZBWGptRXE3TlRUQThSVTVyZ0pkb3hSSFdhYldWeWUwQ1hManpOU1c2Yk5DQlIwU1FUUDJBWm5rTyUyRmg5ck1EZjhNJTNE&info=DJEm9180M0RITmhlJTJCZkMwOUJGQlhaMUN2czlHRSUyQlZWT3E1OU5wNkhlUU9EQUV3V0V5UzF0cnZ1WE9sbVQyM3hQNGhGeQ&idsd=674233582,-1557086577&cw=1&rtusCallerId=147&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:32 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 1189818
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ads.themoneytizer.com/s/gen.js?type=2
200 OK 0 B URL HTTP/2 ads.themoneytizer.com/s/gen.js?type=2
IP
ASN #60068 Datacamp Limited
GET /s/gen.js?type=2 HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:30 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=604800
x-accel-expires: @1675227834
server: CDN77-Turbo
x-77-nzt: AblMCRRubH7/WFMAAA
x-77-nzt-ray: af5856304f620c11920bd1636d6c2e34
x-cache: HIT
x-age: 21336
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
contextual.media.net/dmedianet.js?cid=8CU7BC15F
200 OK 0 B URL HTTP/2 contextual.media.net/dmedianet.js?cid=8CU7BC15F
IP
GET /dmedianet.js?cid=8CU7BC15F HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
content-type: text/javascript; charset=utf-8
x-mnt-h: 8-16
x-mnt-w: 8-7
etag: "6322f0a9325d2a0e3e96c6a401d2fa12"
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=300
expires: Wed, 25 Jan 2023 11:04:32 GMT
date: Wed, 25 Jan 2023 10:59:32 GMT
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
200 OK 0 B IP
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 25 Jan 2023 10:59:31 GMT
content-type: application/javascript
last-modified: Thu, 29 Dec 2022 16:01:28 GMT
etag: W/"63adb9d8-3341"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 5547
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M7yMfBQiUWfILdy26KAGDVG3C28%2BHL%2B5Usm3DgmXB7oNaOySZgzc6ntrLeVPWrHeiUUDgMkja6OZ0m6l7F0j6KlUuohPE8YfkfASP%2BKSFhJD6ZB%2Bqj2qwGUVlblbMg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78f07ffce8f7b4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unphionetor.com/fv.js?t=72747&cb=233242500
200 OK 0 B URL HTTP/2 unphionetor.com/fv.js?t=72747&cb=233242500
IP
Analyzer Verdict Alert quad9 Sinkholed
GET /fv.js?t=72747&cb=233242500 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:59:32 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 46b1438c4cf1f0cad77f398b7fc05584
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
185.178.208.137
104.22.32.172
139.45.197.242
37.252.171.53
108.128.16.246
145.239.193.51
23.38.200.22
54.230.111.4
185.76.9.24
88.208.46.156
188.114.98.234