download.oxy.st/d/yvPf/2/c8711980fa285d1d428cf84f60663a75
185.178.208.137301 Moved Permanently 568 B URL HTTP/1.1 download.oxy.st/d/yvPf/2/c8711980fa285d1d428cf84f60663a75
IP 185.178.208.137:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (564), with no line terminators
Hash 2761b98db33884ab29711096ab315edb
8cea6e53464aea178b72e06a906205d040f14ca5
9f7a07f69d9b9a5af186a79159ccea18935ab4103128ca967e3f3f8ae45fb3ee
GET /d/yvPf/2/c8711980fa285d1d428cf84f60663a75 HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: ddos-guard
Date: Wed, 08 Feb 2023 22:12:10 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Location: https://download.oxy.st/d/yvPf/2/c8711980fa285d1d428cf84f60663a75
Content-Type: text/html; charset=utf8
Content-Length: 568
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b7407cc102d62a5acd5e61f8a79bed36
c2f4890a62454e514962b55b7fc14228339c8e90
be282de92da261128a7c8471f3067466aa9930fd0ab2a2cdda8cd2d6ce2bbd74
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE282DE92DA261128A7C8471F3067466AA9930FD0AB2A2CDDA8CD2D6CE2BBD74"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17774
Expires: Thu, 09 Feb 2023 03:08:24 GMT
Date: Wed, 08 Feb 2023 22:12:10 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14130
Expires: Thu, 09 Feb 2023 02:07:40 GMT
Date: Wed, 08 Feb 2023 22:12:10 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 21:34:13 GMT
content-type: application/json
age: 2277
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13380
Expires: Thu, 09 Feb 2023 01:55:10 GMT
Date: Wed, 08 Feb 2023 22:12:10 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: yHirCzDNevTsxCw9MuBSCqG0p9uqtF0TwywwakYqsOpkpXgTZqa8ktmkmgDFuEq4mNLfXZBV5rY=
x-amz-request-id: 2KDPBNEGR57EJ1TJ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 21:46:07 GMT
age: 1563
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:12:10 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b79ea27e773b0d1fad03fe83c1b1977c
c1f8045656d7b3d916f55dbbb1ea7b5b91935e09
8fa9a878919bd3cd3ca4383e863257fe5ba61ff97807a6672f23c6f4202022bd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8FA9A878919BD3CD3CA4383E863257FE5BA61FF97807A6672F23C6F4202022BD"
Last-Modified: Tue, 07 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19266
Expires: Thu, 09 Feb 2023 03:33:16 GMT
Date: Wed, 08 Feb 2023 22:12:10 GMT
Connection: keep-alive
download.oxy.st/d/yvPf/2/c8711980fa285d1d428cf84f60663a75
185.178.208.137302 Found 329 B URL HTTP/2 download.oxy.st/d/yvPf/2/c8711980fa285d1d428cf84f60663a75
IP 185.178.208.137:0
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /d/yvPf/2/c8711980fa285d1d428cf84f60663a75 HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 08 Feb 2023 22:12:10 GMT
content-type: text/html; charset=UTF-8
set-cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; Domain=.oxy.st; HttpOnly; Path=/; Expires=Thu, 08-Feb-2024 22:12:10 GMT
PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0; path=/; domain=.oxy.st
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
location: /d/yvPf
access-control-allow-origin: *
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2
download.oxy.st/slake/asset/css/jquery.mCustomScrollbar.min.css
185.178.208.137200 OK 4.0 kB URL HTTP/2 download.oxy.st/slake/asset/css/jquery.mCustomScrollbar.min.css
IP 185.178.208.137:0
File type ASCII text, with very long lines (42894), with no line terminators
Hash a6ffd799664bd950121e2e9f0d9b2667
88af5ed7d6e3ed43ee0ec21fb314e03fb07867f0
de088565a1c5910a1c409bf3ec676c5d0c7c1304a18c744b46771c09fa6bdcad
GET /slake/asset/css/jquery.mCustomScrollbar.min.css HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/d/yvPf
Cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 15:04:03 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 3950
ddg-cache-status: HIT,HIT
etag: W/"5eefbeb2-a78e"
age: 371288
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2469
Expires: Wed, 08 Feb 2023 22:53:20 GMT
Date: Wed, 08 Feb 2023 22:12:11 GMT
Connection: keep-alive
download.oxy.st/slake/asset/css/elements.css?1
185.178.208.137200 OK 24 kB URL HTTP/2 download.oxy.st/slake/asset/css/elements.css?1
IP 185.178.208.137:0
File type ASCII text, with very long lines (460), with CRLF line terminators
Hash 82db06ca267ac7fdd878a1df35f41f4e
9dae7f1ae60d7b83dbdada64fd1b4296f8f20051
3847721350fd764d4d21cb4d2e02ab95c4ccdaa9d8ffefeb6f1078bf169ac6fb
GET /slake/asset/css/elements.css?1 HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/d/yvPf
Cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 14:50:47 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 24208
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-2fbea"
age: 372084
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b8ad5b23aac490c2e9ccbac5a9dbcc6b
ef73076be963061b44563356cb33201e401f65e8
92d2469a14b9fe0eb637029f9f2782228441a65c44feb1a37b73ccc606e2b55d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2988
Cache-Control: max-age=169361
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:12:11 GMT
Etag: "63e40520-117"
Expires: Fri, 10 Feb 2023 21:14:52 GMT
Last-Modified: Wed, 08 Feb 2023 20:25:04 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279
download.oxy.st/slake/style.css?ver=6
185.178.208.137200 OK 24 kB URL HTTP/2 download.oxy.st/slake/style.css?ver=6
IP 185.178.208.137:0
Hash cd7b3e4dfecea7028bc1bdeda5a47477
5c37dcaa4ed3c2a4051e4dc1714a342ac0de8365
4d401337713e7f1c9f6588f8f7d79721e531c837b5f2f73c0b3cb372fd8f9b87
GET /slake/style.css?ver=6 HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/d/yvPf
Cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 15:04:03 GMT
content-type: text/css
last-modified: Fri, 18 Dec 2020 20:37:06 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 24360
ddg-cache-status: HIT,HIT
etag: W/"5fdd12f2-2a549"
age: 371288
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 0333fa3e34f17f01e9829bd8ee662c23
be4c7a8599038facc49c73d6d14451023bc919e7
8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:12:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
download.oxy.st/slake/cookie.css?ver=6
185.178.208.137200 OK 299 B URL HTTP/2 download.oxy.st/slake/cookie.css?ver=6
IP 185.178.208.137:0
Hash 6d5f76f4027c2e9a60d78a83f4b952cd
b4ae6d8509643916be8eff3979acec375867708b
2338311f30dadbc2bffe2bdbfdd100c148e8fe4cb50ca669c7ff602a9c206f94
GET /slake/cookie.css?ver=6 HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/d/yvPf
Cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 11:14:36 GMT
content-type: text/css
last-modified: Mon, 15 Feb 2021 21:38:28 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
ddg-cache-status: HIT,HIT
etag: W/"602ae9d4-224"
age: 385055
content-length: 299
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
104.17.24.14200 OK 591 B URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (1266)
Hash 414869f16aa77a65b4928a018f7f1abb
cea521f7a2958a50239526ed6b068f0937527653
afee364ce513c6517247b81cce5eb5eadb1dbbb35e439eb3fa97bbc15fac2cd3
GET /ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://download.oxy.st
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:12:11 GMT
content-type: application/javascript; charset=utf-8
content-length: 591
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec1-514"
last-modified: Mon, 04 May 2020 16:11:45 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 8488224
expires: Mon, 29 Jan 2024 22:12:11 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mY5ZWZj2Fmx6WJ0R75elv%2F8lfkhtHyqiQiOeu8ZTCQFTEfNBZ0hrwpSDn40Hfv%2BqdFzjWA1Hg9N07ee0NkV%2BH1M5lVgAqNAibT2x8A34mxiYFPhrKB6wBbg%2F2VmCEnn0mvy7KQMY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7967b491c82efac0-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
download.oxy.st/img/oxy-logo.svg
185.178.208.137200 OK 3.2 kB URL HTTP/2 download.oxy.st/img/oxy-logo.svg
IP 185.178.208.137:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1126)
Hash 4dbb074be70991a358f914be3c00ad99
5f699e31b76bcb7e69fc4478a04b73b3df0e855a
9531a716a5007ddfc819613ec77f883ba963578d699f824034b4962f8221b8bf
GET /img/oxy-logo.svg HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/d/yvPf
Cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 30 Jan 2023 10:11:42 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Feb 2021 01:25:02 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "602c706e-2019"
age: 820829
content-length: 3204
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
download.oxy.st/slake/responsive.css?ver=5
185.178.208.137200 OK 12 kB URL HTTP/2 download.oxy.st/slake/responsive.css?ver=5
IP 185.178.208.137:0
Hash c9887952027ae1466ab90ba9dcd23ce3
0afb76db6c9644265da1820da0afe7aaef448e53
f16e171dae88fb2e1970604b6152409551d184fb1977a2668dd19f36dc0ab338
GET /slake/responsive.css?ver=5 HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/d/yvPf
Cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 15:04:03 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 22:27:36 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 11872
ddg-cache-status: HIT,HIT
etag: "5eefded8-135c7"
age: 371288
X-Firefox-Spdy: h2
download.oxy.st/css/cloud.css
185.178.208.137200 OK 9.2 kB URL HTTP/2 download.oxy.st/css/cloud.css
IP 185.178.208.137:0
File type ASCII text, with very long lines (14454)
Hash 0517562cc81de376b3c1fee3e8bef414
80df32c8b71549b0253cce1b47fe13d82fc1b604
184ccb46109faef0678ef3a603a551e55d3f9ff74a200ebeaba2c23655e52c8a
GET /css/cloud.css HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/d/yvPf
Cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 08 Feb 2023 12:34:11 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:25 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 9206
ddg-cache-status: HIT,HIT
etag: "5eefbeb1-d024"
age: 34680
X-Firefox-Spdy: h2
download.oxy.st/slake/asset/css/bootstrap.min.css
185.178.208.137200 OK 20 kB URL HTTP/2 download.oxy.st/slake/asset/css/bootstrap.min.css
IP 185.178.208.137:0
File type ASCII text, with very long lines (65325)
Hash 4588208961b6b7ed6cd974687346348a
52085a4f6c875b6949261704f05050c1727e9c55
95a95b07b4e0d051f83a51b680810572bd1244b42cb6e640d3b29b98f3e92885
GET /slake/asset/css/bootstrap.min.css HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/d/yvPf
Cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 14:05:40 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 20483
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-235ed"
age: 374791
X-Firefox-Spdy: h2
download.oxy.st/slake/asset/slice_white.png
185.178.208.137200 OK 6.1 kB URL HTTP/2 download.oxy.st/slake/asset/slice_white.png
IP 185.178.208.137:0
File type PNG image data, 201 x 45, 8-bit/color RGBA, non-interlaced\012- data
Hash 946ed1d2bd247854fa58e938de28ee95
883cda7ee0087e29a32f07b6c8ead3e8df5db738
bfe6c8b9cf34578f573091bb118f86a10b918b7d530b25107648f12158759e85
GET /slake/asset/slice_white.png HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/d/yvPf
Cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 03 Feb 2023 15:02:00 GMT
content-type: image/png
content-length: 6078
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
access-control-allow-origin: *
accept-ranges: bytes
etag: "5eefbeb2-17be"
age: 457811
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
download.oxy.st/slake/asset/js/main.js
185.178.208.137200 OK 1.8 kB URL HTTP/2 download.oxy.st/slake/asset/js/main.js
IP 185.178.208.137:0
File type ASCII text, with very long lines (368)
Hash 76d3c4da3644ed1684ed54ff59305a5a
3e03f21e8af17de66be1aa22a6f952c000fbcc70
adc0957a4224cf75ae632338e6e52591d0552189b8ba1a4e7f19885405dfc2f8
GET /slake/asset/js/main.js HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/d/yvPf
Cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 07 Feb 2023 16:21:50 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 1840
ddg-cache-status: HIT,HIT
etag: W/"5eefbeb2-2210"
age: 107421
X-Firefox-Spdy: h2
download.oxy.st/images/sprite3.png
185.178.208.137200 OK 2.1 kB URL HTTP/2 download.oxy.st/images/sprite3.png
IP 185.178.208.137:0
File type PNG image data, 124 x 49, 8-bit/color RGBA, non-interlaced\012- data
Hash b08166a270b58c28d429bf2f9ffece6c
91dab55cbe8c802a7c56cd9d2ffaee9ccea4a49f
a21a9fa89fb6dd8c8e84907a99b0374abdf641c71c55e0283b7758e8f2a12507
GET /images/sprite3.png HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/d/yvPf
Cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 07 Feb 2023 19:18:27 GMT
content-type: image/png
content-length: 2059
last-modified: Sun, 27 Mar 2022 20:43:28 GMT
access-control-allow-origin: *
accept-ranges: bytes
ddg-cache-status: HIT,HIT
etag: "6240cc70-80b"
age: 96824
X-Firefox-Spdy: h2
download.oxy.st/slake/asset/js/ajax-mail.js
185.178.208.137200 OK 544 B URL HTTP/2 download.oxy.st/slake/asset/js/ajax-mail.js
IP 185.178.208.137:0
File type ASCII text, with CRLF line terminators
Hash 4eb7582278a2e3748b9017bb83307caf
93c419ea8637148be2192bfa8068ed8009e3add7
59ccbe475f369df6e9daf6480deb023a38b4fc29016142e062f76f4218f66abc
GET /slake/asset/js/ajax-mail.js HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/d/yvPf
Cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 11:09:33 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-683"
age: 385358
content-length: 544
X-Firefox-Spdy: h2
download.oxy.st/slake/asset/js/ajax-subscribe.js
185.178.208.137200 OK 635 B URL HTTP/2 download.oxy.st/slake/asset/js/ajax-subscribe.js
IP 185.178.208.137:0
File type ASCII text, with CRLF line terminators
Hash 574b8cde44d6b421cd12af0df0cca335
7dbd98f2d7925795343e8b8a3fc0c91ba496f526
035c75b2646589e751a275f3469f1e53b5e9c55cff4f0b3d3cbdfbb248aef9c2
GET /slake/asset/js/ajax-subscribe.js HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/d/yvPf
Cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 11:09:33 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
ddg-cache-status: HIT,HIT
etag: W/"5eefbeb2-595"
age: 385358
content-length: 635
X-Firefox-Spdy: h2
download.oxy.st/slake/asset/js/bootstrap.min.js
185.178.208.137200 OK 13 kB URL HTTP/2 download.oxy.st/slake/asset/js/bootstrap.min.js
IP 185.178.208.137:0
File type ASCII text, with very long lines (48664)
Hash 061a1656d3064d501413d45bef002938
1fec864435f996d6f5cec2f95b9b24cafef0b182
a7b82b175ee2cb823d904fc89454e91e6e92c91f91c0de1663d54e62bf3cc6e1
GET /slake/asset/js/bootstrap.min.js HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/d/yvPf
Cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 05 Feb 2023 15:51:05 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
etag: W/"5eefbeb2-bf30"
access-control-allow-origin: *
content-encoding: gzip
age: 282066
content-length: 13046
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
download.oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js
185.178.208.137200 OK 13 kB URL HTTP/2 download.oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js
IP 185.178.208.137:0
File type ASCII text, with very long lines (32001), with CRLF line terminators
Hash 112891904d2ce52d072013c5e993463a
4cca8f66204463d7dc6f9f6819e3ebbd0636f5b1
d58c3c940e6ac6a2587c3d28ef50dd9dc6f20ea23c213ac5ff75419656fd3291
GET /slake/asset/js/jquery.mCustomScrollbar.concat.min.js HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/d/yvPf
Cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 31 Jan 2023 23:03:56 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
etag: W/"5eefbeb2-b1ab"
access-control-allow-origin: *
content-encoding: gzip
age: 688096
content-length: 12929
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
download.oxy.st/slake/asset/js/jquery.min.js
185.178.208.137200 OK 30 kB URL HTTP/2 download.oxy.st/slake/asset/js/jquery.min.js
IP 185.178.208.137:0
File type ASCII text, with very long lines (65451)
Hash 28198fab85f1ac98f664600f670ba43d
ee0dd46d793071270130c08412258d8c32194a32
81bd52c3dd2417f30deadecbe5412bed404a86e05233b7b7ba6b7e8f682b5b49
GET /slake/asset/js/jquery.min.js HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/d/yvPf
Cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 01 Feb 2023 07:30:17 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 30285
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-1538e"
age: 657714
X-Firefox-Spdy: h2
download.oxy.st/images/ltd.svg
185.178.208.137200 OK 20 kB URL HTTP/2 download.oxy.st/images/ltd.svg
IP 185.178.208.137:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (50102)
Hash d37ece4290313a264b5e235c0dadf2fb
9ae09bed58122b3d3c4914c45e682dce63993e14
e08d9d0fd918211315836b13807379efdf0a22ac163c96f96c5a14d1212781bd
GET /images/ltd.svg HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/d/yvPf
Cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 31 Jan 2023 22:14:05 GMT
content-type: image/svg+xml
last-modified: Fri, 20 Nov 2020 00:55:29 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 19700
ddg-cache-status: HIT,HIT
etag: "5fb71401-c420"
age: 691086
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash b8ad5b23aac490c2e9ccbac5a9dbcc6b
ef73076be963061b44563356cb33201e401f65e8
92d2469a14b9fe0eb637029f9f2782228441a65c44feb1a37b73ccc606e2b55d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2988
Cache-Control: max-age=169361
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:12:11 GMT
Etag: "63e40520-117"
Expires: Fri, 10 Feb 2023 21:14:52 GMT
Last-Modified: Wed, 08 Feb 2023 20:25:04 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 0333fa3e34f17f01e9829bd8ee662c23
be4c7a8599038facc49c73d6d14451023bc919e7
8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:12:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 1acb10f2d928fc12b6dc86e08f69c6e8
d825c8a501f070bdbc9c2338b345b32109b50d76
6f88e6d99b738f86acd708c2e16de71a57543087520947db23a9d2581207df68
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4133
Cache-Control: max-age=161853
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:12:11 GMT
Etag: "63e3e353-116"
Expires: Fri, 10 Feb 2023 19:09:44 GMT
Last-Modified: Wed, 08 Feb 2023 18:00:51 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 278
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash bc87c517a242638d0f4d1239dc42f3b5
0787c5fc41c56c8fc0e919df5fa6f995f3add681
ffd2d6dcc9eb8de03ca1d322dffdb29bc10a1d887cd425debcd6a9e682917182
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:12:11 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 04:59:12 GMT
Expires: Wed, 15 Feb 2023 04:59:11 GMT
Etag: "0787c5fc41c56c8fc0e919df5fa6f995f3add681"
Cache-Control: max-age=542219,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7967b4930ec4b509-OSL
download.oxy.st/slake/asset/img/bg/flake-slider-header.jpg
185.178.208.137200 OK 32 kB URL HTTP/2 download.oxy.st/slake/asset/img/bg/flake-slider-header.jpg
IP 185.178.208.137:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x824, components 3\012- data
Hash 8e2a0e56ae25b282b437f9d5bd300d96
5d4ba26731ee84ba9bbc5487312162b826ede550
b48a7837a73459a7d6f545cb45a810533d9bf006a54077b2ca3bd62dd6f6315d
GET /slake/asset/img/bg/flake-slider-header.jpg HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/d/yvPf
Cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 02 Feb 2023 10:08:57 GMT
content-type: image/jpeg
content-length: 31870
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
access-control-allow-origin: *
accept-ranges: bytes
etag: "5eefbeb2-7c7e"
age: 561794
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
download.oxy.st/slake/asset/fonts/themify--fvbane.woff
185.178.208.137200 OK 56 kB URL HTTP/2 download.oxy.st/slake/asset/fonts/themify--fvbane.woff
IP 185.178.208.137:0
File type Web Open Font Format, CFF, length 56108, version 1.0\012- data
Hash a1ecc3b826d01251edddf29c3e4e1e97
9394f35bd2addd24666b79bfc36d4f9d247cb01d
0db5c5a1475eb7a3e5028983ea1e642d1b2c00faff6a250a37502b0f3832a4a7
GET /slake/asset/fonts/themify--fvbane.woff HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://download.oxy.st/slake/asset/css/elements.css?1
Cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 30 Jan 2023 11:54:45 GMT
content-type: font/woff
content-length: 56108
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
etag: "5eefbeb2-db2c"
access-control-allow-origin: *
accept-ranges: bytes
age: 814647
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 6be728d7452575cca3126147cbeff312
eba5640777f43c8bc67d6d2ac95c030e4bf62df1
5301d3eacf8d5beeee78c0e70c03727413bd10322a6df95c35245c32508acf63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5301D3EACF8D5BEEEE78C0E70C03727413BD10322A6DF95C35245C32508ACF63"
Last-Modified: Tue, 07 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1947
Expires: Wed, 08 Feb 2023 22:44:38 GMT
Date: Wed, 08 Feb 2023 22:12:11 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:12:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.adlook.me/js/rlf.js
92.223.126.57200 OK 19 kB IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
File type Unicode text, UTF-8 text, with very long lines (65509), with no line terminators
Hash 4753bd99e680f991e358fcfc5956d348
f7506e35d1e97953351bacf094278a919dd2d5e9
417b57437a57fdbfdbe26fb8e676b6936d868f23f5aa5ca587811aa01ce9d03f
GET /js/rlf.js HTTP/1.1
Host: cdn.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:12:11 GMT
content-type: application/javascript,application/javascript;charset=utf-8
content-length: 19276
content-encoding: gzip
last-modified: Wed, 14 Dec 2022 11:05:17 GMT
etag: "8054b6f2abfd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
cache: HIT
x-cached-since: 2023-02-08T22:06:59+00:00
x-id: am3-up-gc95
accept-ranges: bytes
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.81.123.193101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.81.123.193:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: IQE2W9y1pcyA8GiwP2JNOw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FC83IOWVjPbhghwliW1Gw9HTPa0=
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:12:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:12:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 1acb10f2d928fc12b6dc86e08f69c6e8
d825c8a501f070bdbc9c2338b345b32109b50d76
6f88e6d99b738f86acd708c2e16de71a57543087520947db23a9d2581207df68
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4133
Cache-Control: max-age=161853
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:12:11 GMT
Etag: "63e3e353-116"
Expires: Fri, 10 Feb 2023 19:09:44 GMT
Last-Modified: Wed, 08 Feb 2023 18:00:51 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 278
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2
142.250.74.35200 OK 21 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 21276, version 1.0\012- data
Hash 59c9b83cc112cf7eeb3bf7a5e96b21fe
771790b776b5e1bc3039c337024e400974184208
a8447cdec51e85d9e93971a0d4a53bcf6085d70bf1d201662837d2fb953422c7
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://download.oxy.st
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21276
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 Feb 2023 16:07:46 GMT
expires: Tue, 06 Feb 2024 16:07:46 GMT
cache-control: public, max-age=31536000
age: 194665
last-modified: Mon, 11 Jul 2022 19:01:17 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 8a30a6ae2cef598dfd5bd3b074d3f2ee
64309464184784c3c55065c480ae8336c779a922
71880971b5e8fc6e2397258d1ec74d64d042f6e802abfaba6314ed1001a59984
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4355
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:12:11 GMT
Last-Modified: Wed, 08 Feb 2023 20:59:36 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279
whereres.com/api/scripts/mSetupWidget?id=363
88.208.46.156200 OK 9.0 kB URL HTTP/1.1 whereres.com/api/scripts/mSetupWidget?id=363
IP 88.208.46.156:0
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (3565)
Hash 9c6d8fe1a69623dcc4c1948506d672af
b400e0ddf00fbbeed8a94c949165659d78714911
a5b9db9230019c2386cbd1bd2b8e193cd202b1f5558cc20a4a52058f79542c09
GET /api/scripts/mSetupWidget?id=363 HTTP/1.1
Host: whereres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 08 Feb 2023 22:12:11 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.0.27
Content-Encoding: gzip
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
142.250.74.35200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://download.oxy.st
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Feb 2023 07:08:09 GMT
expires: Sat, 03 Feb 2024 07:08:09 GMT
cache-control: public, max-age=31536000
age: 486242
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash f889f88135a58ae1a45385a264c5e817
c469d7e8cf84a01eda8e58b96643f0f0047900c4
5f590eec65b4a1c21ebccfdadfb977deeae3e5ecc8d1cc008cb064a0f68d5717
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4370
Cache-Control: max-age=146637
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:12:11 GMT
Etag: "63e3a6f6-139"
Expires: Fri, 10 Feb 2023 14:56:08 GMT
Last-Modified: Wed, 08 Feb 2023 13:43:18 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 313
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash 27d218500c529e36f2357ce7df6bc917
d48387ced0a8e419f05509b55dc11d7ff49fb9f3
ef1c3c6d260553c6826890ee9971bf3dbd91c496e9e33f249d84926173f9f8b4
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:12:11 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Sun, 12 Feb 2023 19:59:22 GMT
ETag: "d48387ced0a8e419f05509b55dc11d7ff49fb9f3"
Last-Modified: Wed, 08 Feb 2023 19:59:23 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2326
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7967b4947ac4fac0-OSL
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash 27d218500c529e36f2357ce7df6bc917
d48387ced0a8e419f05509b55dc11d7ff49fb9f3
ef1c3c6d260553c6826890ee9971bf3dbd91c496e9e33f249d84926173f9f8b4
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:12:11 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Sun, 12 Feb 2023 19:59:22 GMT
ETag: "d48387ced0a8e419f05509b55dc11d7ff49fb9f3"
Last-Modified: Wed, 08 Feb 2023 19:59:23 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2326
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7967b4948ad4fac0-OSL
download.oxy.st/slake/asset/img/bg/footer-bg.png
185.178.208.137200 OK 75 kB URL HTTP/2 download.oxy.st/slake/asset/img/bg/footer-bg.png
IP 185.178.208.137:0
File type PNG image data, 1920 x 890, 8-bit/color RGB, non-interlaced\012- data
Hash ce2f90b81ee3a43f46c29223ad1d981b
b82b68c892bd7c8b0bf06a883f1bdcd8ca0121e5
7b5c7bc066eb345c6c48189f960ad13fac80add5b5769e2d7a1f59d82a382505
GET /slake/asset/img/bg/footer-bg.png HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/slake/style.css?ver=6
Cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 01 Feb 2023 15:39:30 GMT
content-type: image/png
content-length: 74560
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
access-control-allow-origin: *
accept-ranges: bytes
etag: "5eefbeb2-12340"
age: 628361
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:12:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1675894387651
51.89.9.254204 No Content 0 B URL HTTP/2 onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1675894387651
IP 51.89.9.254:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /usync/?pubId=2a897e3f18e6769&cb=1675894387651 HTTP/1.1
Host: onetag-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
cache-control: no-store
strict-transport-security: max-age=15552000
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f55b5de2cbb8ea55ca6050eac7d60709
ea272902464e9037b143f5c6c0253ddc81a27a78
f815579266f5cc67502efd0d6db662a628185132945ab67fac4ebceda2506bee
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F815579266F5CC67502EFD0D6DB662A628185132945AB67FAC4EBCEDA2506BEE"
Last-Modified: Mon, 06 Feb 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=286
Expires: Wed, 08 Feb 2023 22:16:57 GMT
Date: Wed, 08 Feb 2023 22:12:11 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7f32addc23634c5f55fdd92c9f6d11e8
76f1d272abe4599e132cdcda6211703574d34024
646dcc0838b646cf96a628ecf41b2a7ef50657868d2679c692984f82d046c9d3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "646DCC0838B646CF96A628ECF41B2A7EF50657868D2679C692984F82D046C9D3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17458
Expires: Thu, 09 Feb 2023 03:03:09 GMT
Date: Wed, 08 Feb 2023 22:12:11 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash cd7ba8a5698924d1e2b8d4c626f03ddd
0a10aa0a67b9a5f07702a62f6447b71ca4442b82
2b8e027cab3c2e411876035f60d516d55c8f2afd4c5c7df1849a6eac4c6435bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2B8E027CAB3C2E411876035F60D516D55C8F2AFD4C5C7DF1849A6EAC4C6435BC"
Last-Modified: Wed, 08 Feb 2023 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12851
Expires: Thu, 09 Feb 2023 01:46:22 GMT
Date: Wed, 08 Feb 2023 22:12:11 GMT
Connection: keep-alive
yastatic.net/islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2
178.154.131.217200 OK 45 kB URL HTTP/2 yastatic.net/islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2
IP 178.154.131.217:0
File type Web Open Font Format (Version 2), TrueType, length 45100, version 1.0\012- data
Hash e783c489351712fa80a7cb4206cffd02
4d1d924e4cbae116baf57958cea28dedc9e361f4
281e998fb084bbc3243914bfd01a00ef5cdbc847179c43106808821a6e0ae1a5
GET /islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2 HTTP/1.1
Host: yastatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://download.oxy.st
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.17.9
date: Wed, 08 Feb 2023 22:12:11 GMT
content-type: application/font-woff2
content-length: 45100
access-control-allow-origin: *
cache-control: public, max-age=31556952
etag: "e783c489351712fa80a7cb4206cffd02"
expires: Fri, 09 Feb 2024 04:00:28 GMT
last-modified: Tue, 22 Jan 2019 17:07:25 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-nginx-request-id: 0614cd21dd9ce1dc
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.adlook.me/u/cds.html
92.223.126.57200 OK 1.4 kB IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 092b935eec2ba1199c03c1c856472e77
90d533fb895dda57fd0645cf484a4ecb7a64c344
8719a7a7e474f30d7a1d5dbf2ab97bbd73437c28ef567b410361540ad38c985e
GET /u/cds.html HTTP/1.1
Host: cdn.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:12:11 GMT
content-type: text/html
content-length: 1439
last-modified: Thu, 06 Aug 2020 17:06:57 GMT
etag: "207a2dfe136cd61:0"
x-powered-by: ASP.NET
cache: HIT
x-cached-since: 2023-02-08T22:07:43+00:00
x-id: am3-up-gc95
accept-ranges: bytes
X-Firefox-Spdy: h2
yastatic.net/islands/_/KRBKbh7904nwfw8-FzDelXRpZ9o.woff2
178.154.131.217200 OK 43 kB URL HTTP/2 yastatic.net/islands/_/KRBKbh7904nwfw8-FzDelXRpZ9o.woff2
IP 178.154.131.217:0
File type Web Open Font Format (Version 2), TrueType, length 43112, version 1.0\012- data
Hash f8883ab9c4a452a0bfe3c5cf9619db86
29104a6e1efdd389f07f0f3e1730de95746967da
427f528f5d190e0e3275d8a1fc40bad36fede3da064b33f29dc8fe6e614ff2f7
GET /islands/_/KRBKbh7904nwfw8-FzDelXRpZ9o.woff2 HTTP/1.1
Host: yastatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://download.oxy.st
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.17.9
date: Wed, 08 Feb 2023 22:12:11 GMT
content-type: application/font-woff2
content-length: 43112
access-control-allow-origin: *
cache-control: public, max-age=31556952
etag: "f8883ab9c4a452a0bfe3c5cf9619db86"
expires: Fri, 09 Feb 2024 03:57:51 GMT
last-modified: Tue, 22 Jan 2019 17:04:38 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-nginx-request-id: 104f3f89f61a0a6d
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.adlook.me/css/rlf.css?1.4
92.223.126.57200 OK 1.6 kB URL HTTP/2 cdn.adlook.me/css/rlf.css?1.4
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (1612), with no line terminators
Hash ebb99a8c16a4ad70389cc2e9306fa4b1
b926dbbe4d67d1a39e3a7b1f4ea992c41388067b
d1b01565ed50bb2012a6d2c9b409fa41752d6c3a30e735f9f7008b7f635a21f1
GET /css/rlf.css?1.4 HTTP/1.1
Host: cdn.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:12:11 GMT
content-type: text/css
content-length: 1612
last-modified: Mon, 11 Oct 2021 12:59:26 GMT
etag: "2fce1cd29fbed71:0"
x-powered-by: ASP.NET
cache: HIT
x-cached-since: 2023-02-08T22:04:41+00:00
x-id: am3-up-gc95
accept-ranges: bytes
X-Firefox-Spdy: h2
p.cpx.to/p/12771/px.js
18.203.96.189200 OK 2.0 kB IP 18.203.96.189:0
File type ASCII text, with very long lines (1990), with no line terminators
Hash a667f26d4e73b4b5098a9c9637d3d29f
83d9b753da4c51039a689bc67956f7f9997854cc
a559f41c7e0d2f4852afbf1cf44b736b9158e65b01843c05850f6e8d6b6db9b6
GET /p/12771/px.js HTTP/1.1
Host: p.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
cache-control: max-age=2419200, public
content-type: application/javascript; charset=UTF-8
date: Wed, 08 Feb 2023 22:12:11 GMT
Content-Length: 1990
Connection: keep-alive
c.tmyzer.com/c/?s=85433&f=2&fi=99
54.38.64.100200 OK 0 B URL HTTP/1.1 c.tmyzer.com/c/?s=85433&f=2&fi=99
IP 54.38.64.100:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c/?s=85433&f=2&fi=99 HTTP/1.1
Host: c.tmyzer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://download.oxy.st
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 22:12:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
X-IPLB-Request-ID: 5B5A2A9A:E6CB_36264064:01BB_63E41E3B_5F3D312:23B5E
X-IPLB-Instance: 24858
tag.leadplace.fr/libJsLP.js
145.239.193.51200 OK 5.5 kB URL HTTP/1.1 tag.leadplace.fr/libJsLP.js
IP 145.239.193.51:0
Hash a0c24f993bc0901cfe62d1e801cb2b45
7eb2bdce06161ae486bc8e7ecd0b5c9c4f7b2984
80fccb00db57a177d26368cda09f8a540cf1aa641b8b6837047e86d3bd8d6333
GET /libJsLP.js HTTP/1.1
Host: tag.leadplace.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 08 Feb 2023 22:12:11 GMT
Content-Type: application/javascript
Content-Length: 5547
Last-Modified: Mon, 18 Oct 2021 12:21:41 GMT
ETag: "616d66d5-15ab"
Accept-Ranges: bytes
X-IPLB-Request-ID: 5B5A2A9A:0EDF_91EFC133:01BB_63E41E3B_6EABF8DC:10556
X-IPLB-Instance: 29923
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b67850e3b3e13edebbd556f007617b39
f87b768ae3edea0649975ffe2dde53507cf7ef9e
5d2f919c5deae902674f2fec6fde833cd1286566566f9c70c2779edd789d08fb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D2F919C5DEAE902674F2FEC6FDE833CD1286566566F9C70C2779EDD789D08FB"
Last-Modified: Tue, 07 Feb 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16156
Expires: Thu, 09 Feb 2023 02:41:27 GMT
Date: Wed, 08 Feb 2023 22:12:11 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 8e109baddb22b573a373457259aac9ac
f5f95ff6171d3cb8b274fa8c1eb361a98faaf423
f6d6b1beb6eb4837871a5b74c2f74ef9d1fc27b9f86b4eeba62c43cebf8914a3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5327
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:12:11 GMT
Last-Modified: Wed, 08 Feb 2023 20:43:24 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 314
ocsp.digicert.com/
93.184.220.29200 OK 314 B IP 93.184.220.29:0
Hash 8e109baddb22b573a373457259aac9ac
f5f95ff6171d3cb8b274fa8c1eb361a98faaf423
f6d6b1beb6eb4837871a5b74c2f74ef9d1fc27b9f86b4eeba62c43cebf8914a3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5327
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:12:11 GMT
Last-Modified: Wed, 08 Feb 2023 20:43:24 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 314
id5-sync.com/api/config/prebid
162.19.138.118200 134 B URL HTTP/1.1 id5-sync.com/api/config/prebid
IP 162.19.138.118:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99be75395b3c89cdd6781761e5a85ad2
225a8b587c3545be2581aa9ac2b630b51679d7be
559ffc5fa5eadd77f8bfaaeb793648763e312a17391d8e6bbb7d8d3dec2147e1
POST /api/config/prebid HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 95
Origin: https://download.oxy.st
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://download.oxy.st
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Wed, 08 Feb 2023 22:12:11 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
tag.leadplace.fr/wckr.php?ref=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&id=MTIZ
145.239.193.51200 OK 0 B URL HTTP/1.1 tag.leadplace.fr/wckr.php?ref=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&id=MTIZ
IP 145.239.193.51:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wckr.php?ref=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&id=MTIZ HTTP/1.1
Host: tag.leadplace.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 08 Feb 2023 22:12:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
X-IPLB-Request-ID: 5B5A2A9A:0EDF_91EFC133:01BB_63E41E3B_6EABF8E7:10556
X-IPLB-Instance: 29923
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 9e3f9b56da1a35405f7a7626152dc4a6
b15efd9a0ad69b761c9269b196ed2d077f3ea804
5ec2e71db4e55997f9da77f19617acd56e0c75244323bdf3399390b1c00303e1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EC2E71DB4E55997F9DA77F19617ACD56E0C75244323BDF3399390B1C00303E1"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12862
Expires: Thu, 09 Feb 2023 01:46:33 GMT
Date: Wed, 08 Feb 2023 22:12:11 GMT
Connection: keep-alive
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fdownload.oxy.st%2F&domain=download.oxy.st&cw=1&lsw=1
178.250.0.157200 OK 853 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fdownload.oxy.st%2F&domain=download.oxy.st&cw=1&lsw=1
IP 178.250.0.157:0
Hash 52d4938d9e1dd2f2d85ecde0124ec670
b511a76e1b1c80cecf8db55cd94798bdf6c4c713
4c97db6916da12aa74bbca9e0d0ef68d6ad6e5baa69dbe1fa5206a8f27ad9cf8
GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Fdownload.oxy.st%2F&domain=download.oxy.st&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://download.oxy.st
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:12:11 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://download.oxy.st
server-processing-duration-in-ticks: 1031228
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
s.cpx.to/fire.js?pid=12771&ref=&url=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&hn_ver=40&fid=d3df43df-b983-4bfe-a83a-bbcc6a4c3322
63.32.219.30200 OK 661 B URL HTTP/1.1 s.cpx.to/fire.js?pid=12771&ref=&url=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&hn_ver=40&fid=d3df43df-b983-4bfe-a83a-bbcc6a4c3322
IP 63.32.219.30:0
File type ASCII text, with very long lines (661), with no line terminators
Hash 8d58b5e34d8847a71ee626c4bf7842b2
0456e6181a5aeeff8151b64417f06d4db3ec186d
ea5a97a6be92b79c4d7cfd453b20e52cf691bc4c9f8f749fdda4acc60f2f21b2
GET /fire.js?pid=12771&ref=&url=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&hn_ver=40&fid=d3df43df-b983-4bfe-a83a-bbcc6a4c3322 HTTP/1.1
Host: s.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:12:11 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 661
Connection: keep-alive
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: none
cache-control: no-store, must-revalidate, private, max-age=0
pragma: no-cache
p3p: CP="NOI DEV ADM"
expires: Mon, 30 Jan 2023 15:29:25 UTC
set-cookie: cpSess=d75d1a4a605768d; Expires=Thu, 08 Feb 2024 22:12:11 GMT; Domain=.cpx.to; Path=/; Secure; HttpOnly; SameSite=None
ads.adlook.me/vast?id=5344&w=1268&h=713&mult=1&rw=0&ref=&loc=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&top=&_ts=1675894388067
212.116.120.34200 OK 2 B URL HTTP/2 ads.adlook.me/vast?id=5344&w=1268&h=713&mult=1&rw=0&ref=&loc=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&top=&_ts=1675894388067
IP 212.116.120.34:0
ASN #48096 Enterprise Cloud Ltd.
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /vast?id=5344&w=1268&h=713&mult=1&rw=0&ref=&loc=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&top=&_ts=1675894388067 HTTP/1.1
Host: ads.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://download.oxy.st
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
server: Microsoft-IIS/10.0
set-cookie: adlm_userId=199da223a41d4a3ea4d42eb813084233; expires=Thu, 08 Feb 2024 21:00:00 GMT; path=/; SameSite=None; secure; samesite=lax
access-control-allow-origin: https://download.oxy.st
access-control-allow-credentials: true
date: Wed, 08 Feb 2023 22:12:11 GMT
content-length: 2
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 9c14e228f19415f2af825294ff401241
dabb4fa3c22980b27aa873fd8aa429366655c95e
df9ed274a8026ea08f348145695717b6f8a11fa8f3c14e60b30b4cd60f7e2fde
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF9ED274A8026EA08F348145695717B6F8A11FA8F3C14E60B30B4CD60F7E2FDE"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5259
Expires: Wed, 08 Feb 2023 23:39:50 GMT
Date: Wed, 08 Feb 2023 22:12:11 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f4007f5a7f8ae8f8f2a5512aeab92424
331c535bf6b89049136868d10ce149a14271a990
1fd8100e7ed65cfaa69fff725cae7b4d08b8ff29e70ec836193486dd02d86e6c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1FD8100E7ED65CFAA69FFF725CAE7B4D08B8FF29E70EC836193486DD02D86E6C"
Last-Modified: Tue, 07 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13082
Expires: Thu, 09 Feb 2023 01:50:14 GMT
Date: Wed, 08 Feb 2023 22:12:12 GMT
Connection: keep-alive
mpraven.org/api/getslugv3?partner_apikey=fc637ad2fa123a2358df5768a2427c14&bl=0&raw=Discover%20new%20possibilities%20for%20%3Cspan%3E%20%242.70%2F5%20days%3C%2Fspan%3E&sourceURL=https%3A%2F%2Floader.oxy.st%2Fget%2F5884d751f177858378cd729afe2bd82e%2FWexsideCrack_1.zip&sourceName=WexsideCrack%20(1).zip&sourceIntro=&sourceNote=&priority=source&tag=&rnd=5a03dd2c0c735cf5ed592a66bf7bfe68&d=0&utm_content=&err=0&b=1&rfr=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf
88.208.5.115200 OK 123 B URL HTTP/1.1 mpraven.org/api/getslugv3?partner_apikey=fc637ad2fa123a2358df5768a2427c14&bl=0&raw=Discover%20new%20possibilities%20for%20%3Cspan%3E%20%242.70%2F5%20days%3C%2Fspan%3E&sourceURL=https%3A%2F%2Floader.oxy.st%2Fget%2F5884d751f177858378cd729afe2bd82e%2FWexsideCrack_1.zip&sourceName=WexsideCrack%20(1).zip&sourceIntro=&sourceNote=&priority=source&tag=&rnd=5a03dd2c0c735cf5ed592a66bf7bfe68&d=0&utm_content=&err=0&b=1&rfr=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf
IP 88.208.5.115:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash efb61405f4c5a85fb52f61f358cf4cf0
fa27c3415f436fba7e38c79ad327d5809f875260
cdddfce64d8b8ef10f035600f0102ebf497f74560544d56d8a4c09799fc998d2
GET /api/getslugv3?partner_apikey=fc637ad2fa123a2358df5768a2427c14&bl=0&raw=Discover%20new%20possibilities%20for%20%3Cspan%3E%20%242.70%2F5%20days%3C%2Fspan%3E&sourceURL=https%3A%2F%2Floader.oxy.st%2Fget%2F5884d751f177858378cd729afe2bd82e%2FWexsideCrack_1.zip&sourceName=WexsideCrack%20(1).zip&sourceIntro=&sourceNote=&priority=source&tag=&rnd=5a03dd2c0c735cf5ed592a66bf7bfe68&d=0&utm_content=&err=0&b=1&rfr=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf HTTP/1.1
Host: mpraven.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://download.oxy.st
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 22:12:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-SF: ok
X-Slug: check SF
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Content-Encoding: gzip
my.rtmark.net/gid.js?userId=4cd5874d8fdd4d729cb4eaf2837e6ce5
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=4cd5874d8fdd4d729cb4eaf2837e6ce5
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 94adccf92a7aadc98cd39abc2f539953
8591cb944bfd7fad2bc835018eb4ed59e5a72930
ff134895c369c5350d2c2eed1a3205576ebc818779a38c8c70fb2674611ec01f
GET /gid.js?userId=4cd5874d8fdd4d729cb4eaf2837e6ce5 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://download.oxy.st
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:12:12 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://download.oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=4cd5874d8fdd4d729cb4eaf2837e6ce5; expires=Thu, 08 Feb 2024 22:12:12 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash b39e9b23d29a98eff34416a616ba37f5
bdc9129409a52c7da406b0a0bf6067b936a446dc
2329a603d135a67a020b3f1f94be7ffb9ad0b3afbd4a33a6e85d9ef1d053f4cd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2329A603D135A67A020B3F1F94BE7FFB9AD0B3AFBD4A33A6E85D9EF1D053F4CD"
Last-Modified: Tue, 07 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13273
Expires: Thu, 09 Feb 2023 01:53:25 GMT
Date: Wed, 08 Feb 2023 22:12:12 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 0fc3e2be9a02b14fdb24e92d26da8838
d55b2ea7ea9d97de65bd0833926173f205591b6e
55958bd04c967f293dd41c5f4cd5fc52eaaad9738af71c0910fad08b11996c24
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3707
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:12:12 GMT
Last-Modified: Wed, 08 Feb 2023 21:10:25 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 313
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 233dd4c0e5587716dc0d454da5b8dace
e9c9b60a118eb2d85d48533329518ca9657c034a
0a886317a16976863a8b574b177145c7ad3d9ec1a775a4a7fc5a77209930e632
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0A886317A16976863A8B574B177145C7AD3D9EC1A775A4A7FC5A77209930E632"
Last-Modified: Tue, 07 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17867
Expires: Thu, 09 Feb 2023 03:09:59 GMT
Date: Wed, 08 Feb 2023 22:12:12 GMT
Connection: keep-alive
lb.eu-1-id5-sync.com/lb/v1
162.19.138.83200 33 B URL HTTP/1.1 lb.eu-1-id5-sync.com/lb/v1
IP 162.19.138.83:0
File type JSON data\012- , ASCII text, with no line terminators
Hash f0dcd72bde7fde523c90a7229e8965eb
6f8bcdc318d23cc4d7214a40c859d6ec983a9bd7
f1e173f4d80eb1a8303d0717ade7e9af14df280c9eeb78095bd176fa8ad7f642
GET /lb/v1 HTTP/1.1
Host: lb.eu-1-id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://download.oxy.st
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://download.oxy.st
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Wed, 08 Feb 2023 22:12:11 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 13360298b923fd906b4b624b0da766e6
7fed574e837cf690e6e472b7d0503d45ca1dc4c4
e6e705083473540b524a734b8d3dc3382e35d1dfd682ca3a05e1ed53dbb1866b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E6E705083473540B524A734B8D3DC3382E35D1DFD682CA3A05E1ED53DBB1866B"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1141
Expires: Wed, 08 Feb 2023 22:31:13 GMT
Date: Wed, 08 Feb 2023 22:12:12 GMT
Connection: keep-alive
dnacdn.net/dna
178.250.0.157200 OK 0 B IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://download.oxy.st
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:12:11 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=yUE6DF80M0RITmhlJTJCZkMwOUJGQlhaMUN2cyUyQnF2bnIyajRhVEhxZTByVFglMkZYcWt1SGklMkJkRDdiTnI0cUxTdGtzZmFpMnU; expires=Mon, 04 Mar 2024 22:12:12 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://download.oxy.st
server-processing-duration-in-ticks: 132608
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.35200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://download.oxy.st
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 Feb 2023 18:52:41 GMT
expires: Tue, 06 Feb 2024 18:52:41 GMT
cache-control: public, max-age=31536000
age: 184771
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ibrapush.com/zone?pub=0&zone_id=5630104&is_mobile=false&domain=download.oxy.st&var=&ymid=&var_3=
139.45.197.250200 OK 705 B URL HTTP/2 ibrapush.com/zone?pub=0&zone_id=5630104&is_mobile=false&domain=download.oxy.st&var=&ymid=&var_3=
IP 139.45.197.250:0
File type JSON data\012- , ASCII text, with very long lines (704)
Hash 6c06cc9928faf120d82dadd02fa95693
9c125bf7e60bf9a24b1930f7ac07eb0f8b4c6dd3
52169d99021252e7886267012e55ea205545579fa875b3a36b6263e0da841f8e
GET /zone?pub=0&zone_id=5630104&is_mobile=false&domain=download.oxy.st&var=&ymid=&var_3= HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.oxy.st/
Origin: https://download.oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:12:12 GMT
content-type: application/json; charset=utf-8
content-length: 705
x-trace-id: d3d3f40e238573997b33471aa4b112d2
access-control-allow-origin: https://download.oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash c5164e65394d3992a5c0cb200ed7eb7d
4c0c637eaafd0c7199df68ce9ef47280c923657e
312e3529b379099b027cd28ad47aba6c68f9a87bc72ba27677c47dcb9b7365b3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "312E3529B379099B027CD28AD47ABA6C68F9A87BC72BA27677C47DCB9B7365B3"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2323
Expires: Wed, 08 Feb 2023 22:50:55 GMT
Date: Wed, 08 Feb 2023 22:12:12 GMT
Connection: keep-alive
id5-sync.com/g/v2/12.json
162.19.138.118200 216 B URL HTTP/1.1 id5-sync.com/g/v2/12.json
IP 162.19.138.118:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 21fd551572d2ed6a95a15c6865582003
565c4060676719ee73f24c489143e7e8253045ff
b65ba5fa0cd5d7121e49fe88f78bebee7a62da180b14956d451922447e4fe150
POST /g/v2/12.json HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 287
Origin: https://download.oxy.st
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://download.oxy.st
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Wed, 08 Feb 2023 22:12:11 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
tzegilo.com/stattag.js
172.64.104.21200 OK 6.7 kB IP 172.64.104.21:0
File type ASCII text, with very long lines (17335), with no line terminators
Hash a13bb28ed011c2b5fd0da3614fe159fd
33c2b209d249b8e86dcc13403788d891e9784f5c
435e1429b53f09b82577d8bccf74abe833a1d68d6d19f44ccf0af9b0182abc25
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:12:12 GMT
content-type: application/javascript
last-modified: Fri, 03 Feb 2023 16:30:52 GMT
etag: W/"63dd36bc-43b7"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 5754
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wemfNvhLFgQXSJBS4Z%2F%2BMfKXDxCWNghad414LVo9Yc7rqwzhkC44rVc06Fw60VQ22%2BuN4y10v%2F4IS6%2FZy093C%2BMnxxBcFuu0Y9p4UZt4NxxB9TOXWNoAHwiWa86N2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967b498f8378880-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ibrapush.com/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://download.oxy.st/
Origin: https://download.oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:12:12 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://download.oxy.st
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
ibrapush.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.oxy.st/
Content-Type: application/json
Origin: https://download.oxy.st
Content-Length: 373
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:12:12 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: a377abba7f5dd1280c0df91470017e5e
access-control-allow-origin: https://download.oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
betotodilea.com/500/5630102?excludes=&oaid=4cd5874d8fdd4d729cb4eaf2837e6ce5&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 betotodilea.com/500/5630102?excludes=&oaid=4cd5874d8fdd4d729cb4eaf2837e6ce5&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/5630102?excludes=&oaid=4cd5874d8fdd4d729cb4eaf2837e6ce5&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://download.oxy.st/
Origin: https://download.oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:12:12 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://download.oxy.st
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
nanouwho.com/11?rnd=278334686&z=5630103&b=16466421&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=cnMKrVBFrsJT_udqbxR0q_jECGIij1NFai7Ez-U6xnOcC-8s1m7epUsUo5O8FAumHMAaFh63j33uzoOVkH_Pa9LIs4NFJvN3mMyo-_R8gANn41JDgYfFMI5uwk8UACSiwr5QK_Hl5Ul9mebGAb2j3Gn7lr61ZHP5lJcNI_yr-pOKEP5V3tbuLl-BP6zOiBDXytbO9XluKwOXKo0EjaFJMu8X1DeokSP93FOfAd23zVZr3wnyBiHiq-lHruDV51MuNJLAYiN-CX8oe8ng3dYMTHeQUQG-V8xSw7wY0hNM39WMQL8Tcv6wyrXoFkW2oSfSMcKUwd3O92XDquk865uRdf_ujfCK9yP_iJcAQP1m554YfoHKnTwZjTXPkA0fJoYCKoF8CCWbYz9oLJAShx9UoYIekGiICTs36yCPdngmAJIWON5CKt9m4VYy3T_YWa7N8yjRazx7siNTl5sttSPYZYC__Sl0ibcMZfpZTF_xiIxaKmdleBjuKiRXbJKBqwGR97NFE-w82Eqk3YWrzMPjMvFY4Ar_fOgw7__UOxtslfkoYVLpyW9UHG9E2fhkPp8maoBfS-Jkg0qNtuJ3veb20N5y4jPrMPbzhcP7EJ5rBvuCzBkyjx4p3ncPoq9gUKcGZzzPtN9NFvqaopkwAx50QbvjhDTeJk0UsqcRJ6pcsYlZeOCthHYUhI-xlVuZygq-rGQhsfj5kzL0UGEiZhYc1-30nNvotltyjvp23X3_rOjg5zyogtCUaHf5PtKZDHqGWedFxO77h0w=&ruid=244287db-e1d4-4d25-966f-6b160ce8254f&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=170
139.45.197.242200 OK 0 B URL HTTP/2 nanouwho.com/11?rnd=278334686&z=5630103&b=16466421&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=cnMKrVBFrsJT_udqbxR0q_jECGIij1NFai7Ez-U6xnOcC-8s1m7epUsUo5O8FAumHMAaFh63j33uzoOVkH_Pa9LIs4NFJvN3mMyo-_R8gANn41JDgYfFMI5uwk8UACSiwr5QK_Hl5Ul9mebGAb2j3Gn7lr61ZHP5lJcNI_yr-pOKEP5V3tbuLl-BP6zOiBDXytbO9XluKwOXKo0EjaFJMu8X1DeokSP93FOfAd23zVZr3wnyBiHiq-lHruDV51MuNJLAYiN-CX8oe8ng3dYMTHeQUQG-V8xSw7wY0hNM39WMQL8Tcv6wyrXoFkW2oSfSMcKUwd3O92XDquk865uRdf_ujfCK9yP_iJcAQP1m554YfoHKnTwZjTXPkA0fJoYCKoF8CCWbYz9oLJAShx9UoYIekGiICTs36yCPdngmAJIWON5CKt9m4VYy3T_YWa7N8yjRazx7siNTl5sttSPYZYC__Sl0ibcMZfpZTF_xiIxaKmdleBjuKiRXbJKBqwGR97NFE-w82Eqk3YWrzMPjMvFY4Ar_fOgw7__UOxtslfkoYVLpyW9UHG9E2fhkPp8maoBfS-Jkg0qNtuJ3veb20N5y4jPrMPbzhcP7EJ5rBvuCzBkyjx4p3ncPoq9gUKcGZzzPtN9NFvqaopkwAx50QbvjhDTeJk0UsqcRJ6pcsYlZeOCthHYUhI-xlVuZygq-rGQhsfj5kzL0UGEiZhYc1-30nNvotltyjvp23X3_rOjg5zyogtCUaHf5PtKZDHqGWedFxO77h0w=&ruid=244287db-e1d4-4d25-966f-6b160ce8254f&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=170
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /11?rnd=278334686&z=5630103&b=16466421&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=cnMKrVBFrsJT_udqbxR0q_jECGIij1NFai7Ez-U6xnOcC-8s1m7epUsUo5O8FAumHMAaFh63j33uzoOVkH_Pa9LIs4NFJvN3mMyo-_R8gANn41JDgYfFMI5uwk8UACSiwr5QK_Hl5Ul9mebGAb2j3Gn7lr61ZHP5lJcNI_yr-pOKEP5V3tbuLl-BP6zOiBDXytbO9XluKwOXKo0EjaFJMu8X1DeokSP93FOfAd23zVZr3wnyBiHiq-lHruDV51MuNJLAYiN-CX8oe8ng3dYMTHeQUQG-V8xSw7wY0hNM39WMQL8Tcv6wyrXoFkW2oSfSMcKUwd3O92XDquk865uRdf_ujfCK9yP_iJcAQP1m554YfoHKnTwZjTXPkA0fJoYCKoF8CCWbYz9oLJAShx9UoYIekGiICTs36yCPdngmAJIWON5CKt9m4VYy3T_YWa7N8yjRazx7siNTl5sttSPYZYC__Sl0ibcMZfpZTF_xiIxaKmdleBjuKiRXbJKBqwGR97NFE-w82Eqk3YWrzMPjMvFY4Ar_fOgw7__UOxtslfkoYVLpyW9UHG9E2fhkPp8maoBfS-Jkg0qNtuJ3veb20N5y4jPrMPbzhcP7EJ5rBvuCzBkyjx4p3ncPoq9gUKcGZzzPtN9NFvqaopkwAx50QbvjhDTeJk0UsqcRJ6pcsYlZeOCthHYUhI-xlVuZygq-rGQhsfj5kzL0UGEiZhYc1-30nNvotltyjvp23X3_rOjg5zyogtCUaHf5PtKZDHqGWedFxO77h0w=&ruid=244287db-e1d4-4d25-966f-6b160ce8254f&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&ot=170 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://download.oxy.st
Connection: keep-alive
Referer: https://download.oxy.st/
Cookie: scm=1; OAID=4cd5874d8fdd4d729cb4eaf2837e6ce5; oaidts=1675894332
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:12:12 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://download.oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 306d75d17292baa5592afd6c3f69c213
access-control-expose-headers: X-Sc
set-cookie: OAID=4cd5874d8fdd4d729cb4eaf2837e6ce5; expires=Thu, 08 Feb 2024 22:12:12 GMT; secure; SameSite=None
oaidts=1675894332; expires=Thu, 08 Feb 2024 22:12:12 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
nanouwho.com/121?rnd=2394881015&z=5630103&b=16466421&c=6538593&var=&d=https%3A%2F%2Fmediasama.com%2Fstarharem%2F01%2Fs%2Findex_rt.html&cln={CELL_NUMBER}&btp=7&rb=cnMKrVBFrsJT_udqbxR0q_jECGIij1NFai7Ez-U6xnOcC-8s1m7epUsUo5O8FAumHMAaFh63j33uzoOVkH_Pa9LIs4NFJvN3mMyo-_R8gANn41JDgYfFMI5uwk8UACSiwr5QK_Hl5Ul9mebGAb2j3Gn7lr61ZHP5lJcNI_yr-pOKEP5V3tbuLl-BP6zOiBDXytbO9XluKwOXKo0EjaFJMu8X1DeokSP93FOfAd23zVZr3wnyBiHiq-lHruDV51MuNJLAYiN-CX8oe8ng3dYMTHeQUQG-V8xSw7wY0hNM39WMQL8Tcv6wyrXoFkW2oSfSMcKUwd3O92XDquk865uRdf_ujfCK9yP_iJcAQP1m554YfoHKnTwZjTXPkA0fJoYCKoF8CCWbYz9oLJAShx9UoYIekGiICTs36yCPdngmAJIWON5CKt9m4VYy3T_YWa7N8yjRazx7siNTl5sttSPYZYC__Sl0ibcMZfpZTF_xiIxaKmdleBjuKiRXbJKBqwGR97NFE-w82Eqk3YWrzMPjMvFY4Ar_fOgw7__UOxtslfkoYVLpyW9UHG9E2fhkPp8maoBfS-Jkg0qNtuJ3veb20N5y4jPrMPbzhcP7EJ5rBvuCzBkyjx4p3ncPoq9gUKcGZzzPtN9NFvqaopkwAx50QbvjhDTeJk0UsqcRJ6pcsYlZeOCthHYUhI-xlVuZygq-rGQhsfj5kzL0UGEiZhYc1-30nNvotltyjvp23X3_rOjg5zyogtCUaHf5PtKZDHqGWedFxO77h0w=&bag=wyLK4bud9T-KLxZeyEKJiG4GTbs6IM1Q&ruid=244287db-e1d4-4d25-966f-6b160ce8254f
139.45.197.242302 Found 0 B URL HTTP/2 nanouwho.com/121?rnd=2394881015&z=5630103&b=16466421&c=6538593&var=&d=https%3A%2F%2Fmediasama.com%2Fstarharem%2F01%2Fs%2Findex_rt.html&cln={CELL_NUMBER}&btp=7&rb=cnMKrVBFrsJT_udqbxR0q_jECGIij1NFai7Ez-U6xnOcC-8s1m7epUsUo5O8FAumHMAaFh63j33uzoOVkH_Pa9LIs4NFJvN3mMyo-_R8gANn41JDgYfFMI5uwk8UACSiwr5QK_Hl5Ul9mebGAb2j3Gn7lr61ZHP5lJcNI_yr-pOKEP5V3tbuLl-BP6zOiBDXytbO9XluKwOXKo0EjaFJMu8X1DeokSP93FOfAd23zVZr3wnyBiHiq-lHruDV51MuNJLAYiN-CX8oe8ng3dYMTHeQUQG-V8xSw7wY0hNM39WMQL8Tcv6wyrXoFkW2oSfSMcKUwd3O92XDquk865uRdf_ujfCK9yP_iJcAQP1m554YfoHKnTwZjTXPkA0fJoYCKoF8CCWbYz9oLJAShx9UoYIekGiICTs36yCPdngmAJIWON5CKt9m4VYy3T_YWa7N8yjRazx7siNTl5sttSPYZYC__Sl0ibcMZfpZTF_xiIxaKmdleBjuKiRXbJKBqwGR97NFE-w82Eqk3YWrzMPjMvFY4Ar_fOgw7__UOxtslfkoYVLpyW9UHG9E2fhkPp8maoBfS-Jkg0qNtuJ3veb20N5y4jPrMPbzhcP7EJ5rBvuCzBkyjx4p3ncPoq9gUKcGZzzPtN9NFvqaopkwAx50QbvjhDTeJk0UsqcRJ6pcsYlZeOCthHYUhI-xlVuZygq-rGQhsfj5kzL0UGEiZhYc1-30nNvotltyjvp23X3_rOjg5zyogtCUaHf5PtKZDHqGWedFxO77h0w=&bag=wyLK4bud9T-KLxZeyEKJiG4GTbs6IM1Q&ruid=244287db-e1d4-4d25-966f-6b160ce8254f
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /121?rnd=2394881015&z=5630103&b=16466421&c=6538593&var=&d=https%3A%2F%2Fmediasama.com%2Fstarharem%2F01%2Fs%2Findex_rt.html&cln={CELL_NUMBER}&btp=7&rb=cnMKrVBFrsJT_udqbxR0q_jECGIij1NFai7Ez-U6xnOcC-8s1m7epUsUo5O8FAumHMAaFh63j33uzoOVkH_Pa9LIs4NFJvN3mMyo-_R8gANn41JDgYfFMI5uwk8UACSiwr5QK_Hl5Ul9mebGAb2j3Gn7lr61ZHP5lJcNI_yr-pOKEP5V3tbuLl-BP6zOiBDXytbO9XluKwOXKo0EjaFJMu8X1DeokSP93FOfAd23zVZr3wnyBiHiq-lHruDV51MuNJLAYiN-CX8oe8ng3dYMTHeQUQG-V8xSw7wY0hNM39WMQL8Tcv6wyrXoFkW2oSfSMcKUwd3O92XDquk865uRdf_ujfCK9yP_iJcAQP1m554YfoHKnTwZjTXPkA0fJoYCKoF8CCWbYz9oLJAShx9UoYIekGiICTs36yCPdngmAJIWON5CKt9m4VYy3T_YWa7N8yjRazx7siNTl5sttSPYZYC__Sl0ibcMZfpZTF_xiIxaKmdleBjuKiRXbJKBqwGR97NFE-w82Eqk3YWrzMPjMvFY4Ar_fOgw7__UOxtslfkoYVLpyW9UHG9E2fhkPp8maoBfS-Jkg0qNtuJ3veb20N5y4jPrMPbzhcP7EJ5rBvuCzBkyjx4p3ncPoq9gUKcGZzzPtN9NFvqaopkwAx50QbvjhDTeJk0UsqcRJ6pcsYlZeOCthHYUhI-xlVuZygq-rGQhsfj5kzL0UGEiZhYc1-30nNvotltyjvp23X3_rOjg5zyogtCUaHf5PtKZDHqGWedFxO77h0w=&bag=wyLK4bud9T-KLxZeyEKJiG4GTbs6IM1Q&ruid=244287db-e1d4-4d25-966f-6b160ce8254f HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: scm=1; OAID=4cd5874d8fdd4d729cb4eaf2837e6ce5; oaidts=1675894332
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Wed, 08 Feb 2023 22:12:12 GMT
content-length: 0
location: https://mediasama.com/starharem/01/s/index_rt.html
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 2846c288484f60b2cce211bef142440f
access-control-expose-headers: X-Sc
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18209
Expires: Thu, 09 Feb 2023 03:15:41 GMT
Date: Wed, 08 Feb 2023 22:12:12 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18209
Expires: Thu, 09 Feb 2023 03:15:41 GMT
Date: Wed, 08 Feb 2023 22:12:12 GMT
Connection: keep-alive
betotodilea.com/500/5630102?excludes=&oaid=4cd5874d8fdd4d729cb4eaf2837e6ce5&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 1.6 kB URL HTTP/2 betotodilea.com/500/5630102?excludes=&oaid=4cd5874d8fdd4d729cb4eaf2837e6ce5&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash ea8b6f53177e114fd1108b88df660c25
9ec3e8a9cdeebcabebecb10bd540144bff4fee32
225f178fb102844199b5aa33d203ddb7c7553ce4eb220467df2ff8abeb9dc2d8
Analyzer Verdict Alert quad9 Sinkholed
GET /500/5630102?excludes=&oaid=4cd5874d8fdd4d729cb4eaf2837e6ce5&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&pl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://download.oxy.st
Connection: keep-alive
Referer: https://download.oxy.st/
Cookie: OAID=240561fdc29f43e1a4a5f13447e8ac0a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:12:12 GMT
content-type: application/javascript
x-trace-id: 04913e82daa00428f24f91a5383a3088
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: https://download.oxy.st
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=4cd5874d8fdd4d729cb4eaf2837e6ce5; expires=Thu, 08 Feb 2024 22:12:12 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18209
Expires: Thu, 09 Feb 2023 03:15:41 GMT
Date: Wed, 08 Feb 2023 22:12:12 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5708e132-62b1-4b5b-aa88-fe22e522eb0e.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5708e132-62b1-4b5b-aa88-fe22e522eb0e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4b327816bc2c6fd7291c75c693685d54
771070be61d0724b1c90ca86ea34c804bd7e501a
d45188239cacc7b228bc75ccc95afb48914aaa434c418cd5b786533e8b9cb983
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5708e132-62b1-4b5b-aa88-fe22e522eb0e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6838
x-amzn-requestid: 54fc5ae9-d37a-46cf-97e0-d05de1417cfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7QEsCoAMFY1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-40de6212468fcd0e78a93708;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KUNhk8O0jpb6OyjCo5RGruuV5633xiM-PBeb6c0BaJI8uFQ7Aflj2g==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:53:58 GMT
age: 1094
etag: "771070be61d0724b1c90ca86ea34c804bd7e501a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc93fe33d-3033-473c-8315-95eb00ba319e.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc93fe33d-3033-473c-8315-95eb00ba319e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ed10868ea9554510e43f77dfb8c43877
df0d86c2c53bdec7b8935912e42dc7f82f87aa61
751e95e7dd20802cc4e0b6f208bf5559b0b73efd3ca22a9abafd86cf83ab6420
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc93fe33d-3033-473c-8315-95eb00ba319e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12401
x-amzn-requestid: 7bfa8a84-c348-4f55-8e8e-befcdd24f026
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OjPG-eIAMFccA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c47a-06eedb3c7396825f77360755;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:36:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lXTMw2s8GxQtwjucvNYZeHL-i8ECHbdGThUV5_vn2mKEhArswcO3VA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:43:09 GMT
age: 1743
etag: "df0d86c2c53bdec7b8935912e42dc7f82f87aa61"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f728fd1-646b-418a-ab1a-194a7bf42969.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f728fd1-646b-418a-ab1a-194a7bf42969.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c8f31c82179856e39ee5fc43d7f0b685
5b37f807a19ffc80c0b9334e6d24d5bb717496ce
c099c91c6f2125a8a89ee6e9dc0e37e2c2c9914adadb2c8b77795063baa62037
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7f728fd1-646b-418a-ab1a-194a7bf42969.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6805
x-amzn-requestid: 9f067f0c-2991-41ae-8dd0-5719a5438abc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_PHwEn4IAMFvFg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c564-730d01807c13643373d64897;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:40:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: eSU1CSydRTodwnN5DNTXbYD3d3kYFCHiCvPRq5DZTTDSTH2L-GV_1g==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:19:17 GMT
age: 85975
etag: "5b37f807a19ffc80c0b9334e6d24d5bb717496ce"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash aa6c416b3a87ded887c9dcf7c51e5dd0
45f4ef9e68591c00669043abe96959bead8f17ae
9e10394b387916e40c44d4e02fbc1ea72214d870df189ce16d24015de00682bf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe56753b9-ced9-4038-88f6-9ea3a7bc9f04.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11205
x-amzn-requestid: abdf9c40-a2b7-49ae-bea1-ff5abfcea781
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fvszZFOZoAMFkNg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc8e7b-6e508da05ff6f33e691de130;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 04:33:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hLrbI5Acy2RBlg7VqGE2b83zuqgt-bx0kD0nlH8uYaJ8tii2FqMLfw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 14:35:48 GMT
age: 27384
etag: "45f4ef9e68591c00669043abe96959bead8f17ae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
download.oxy.st/sw.js
185.178.208.137200 OK 12 kB IP 185.178.208.137:0
Hash a40c17da28af5dc688945e2cc17aea14
90c443cbc8c704e27b48bba20f950c1c4a55bb20
4774c20670bcb304282c0e42762999e4522c7a46fcc35b02ca14ec71939cb945
GET /sw.js HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.oxy.st/d/yvPf
Connection: keep-alive
Cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0; _pbjs_userid_consent_data=3524755945110770; sharedid=c9439ed0-096d-486f-8513-d6af464e3353; cto_bundle=A-nmGF9WUnd0RFhDS2pwVSUyRm10WmRtZHJsVmxsRkF6aHp3ckI1SHVEJTJGWDJwYTlqM04xT2VPQUFmYWdZTEs3TzZCTFF4R2FnRFNIYzg5V2FhWklVSTFuWWNkUHF6UCUyQlVINzhnUm45NVYzR1B2Z3NoVSUzRA; cto_bidid=PNsKll9lZjF0RFVRVVZVZ0prVzQlMkJDTGVjbWtkSFVSMW9XbUFZZzdQNTY3Q3Q1cVZZTGtmTUtTVUdnN0wyUUNmRzRrVWJ4U0hLc2JKU2pIMDI1NUF2Q281azNBJTNEJTNE; prefetchAd_5630105=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 08 Feb 2023 22:12:12 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
content-encoding: gzip
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5abcabc9-1cda-4d86-8630-67943159604b.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5abcabc9-1cda-4d86-8630-67943159604b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4bb0e725719ac378134b01b6473a6581
a8a1780c88e8ae219048bed28ecfbd8019d9af35
187d4e83edc0af857334f84bd6853234193d4654d06c43367f39b4e125defe08
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5abcabc9-1cda-4d86-8630-67943159604b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6679
x-amzn-requestid: 97c19ad5-c127-4dc1-b529-1eca84645316
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f59MzHgloAMFwow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e0a8b8-79d6b8d31b69153d4929b7b7;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 07:14:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x_tr-xummuF51PvAM4y3DgvLWuJOwxgquKO8baQfcoN6ta5M3ll7ug==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 06:25:01 GMT
age: 56831
etag: "a8a1780c88e8ae219048bed28ecfbd8019d9af35"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 667969b00f8c8fc38286f03336a390be
5641c7d8ed2215217ca1ce9455e6f1d3f2da86ca
3e00b0f485380682196fe468f05cc6cecccd5163a2644807067fbc108ee98b9e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3E00B0F485380682196FE468F05CC6CECCCD5163A2644807067FBC108EE98B9E"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4104
Expires: Wed, 08 Feb 2023 23:20:36 GMT
Date: Wed, 08 Feb 2023 22:12:12 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 31b43452695cd13fe96bc1d9972b319b
b31e47802e563f5260e243a7a06f1275a0dd1308
88127788e8947cc1d3664b8ca9ca8a549c4a1aad32a74110cec2a3d05e579705
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3556
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:12:12 GMT
Last-Modified: Wed, 08 Feb 2023 21:12:56 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 280
offerimage.com/www/images/1355aa125a385056845e0ee1d5384e9a.jpeg
104.22.32.172200 OK 13 kB URL HTTP/2 offerimage.com/www/images/1355aa125a385056845e0ee1d5384e9a.jpeg
IP 104.22.32.172:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 1355aa125a385056845e0ee1d5384e9a
cfa5fd1b2dd6b299c0aecdf19fec3532ce4392ea
248797fff982ee400ab78ff6831182372f9ef8a6916364192ca0f30556577733
GET /www/images/1355aa125a385056845e0ee1d5384e9a.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:12:12 GMT
content-type: image/jpeg
content-length: 13093
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6388849b-3325"
expires: Thu, 09 Feb 2023 04:58:38 GMT
last-modified: Thu, 01 Dec 2022 10:40:27 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 62014
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967b49c888e2d7b-ARN
X-Firefox-Spdy: h2
ced.sascdn.com/tag/1097/smart.js
95.101.11.123200 OK 33 kB URL HTTP/1.1 ced.sascdn.com/tag/1097/smart.js
IP 95.101.11.123:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash a97933c723f113f0dd3d2002e84d93a2
094b9f92278e5666edf0188782d3ac6c6ac6166e
bbf457cf59f2a71418ba0c89105917395c3d627dd6087db9dd5202f3969035b7
GET /tag/1097/smart.js HTTP/1.1
Host: ced.sascdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 33218
Cache-Control: public, max-age=7200
Expires: Thu, 09 Feb 2023 00:12:13 GMT
Date: Wed, 08 Feb 2023 22:12:13 GMT
Connection: keep-alive
download.oxy.st/slake/asset/img/favicon/apple-touch-icon.png
185.178.208.137200 OK 2.0 kB URL HTTP/2 download.oxy.st/slake/asset/img/favicon/apple-touch-icon.png
IP 185.178.208.137:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 05807c4aceabfb49ab9d66e54618ff53
fddb5a3eb50d1a255989f72f91911dc21e2d5d9b
725d652f8c9ad3d148a0528878b51e2e250d228ab6eaf39111d0664abad359b3
GET /slake/asset/img/favicon/apple-touch-icon.png HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/d/yvPf
Cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0; _pbjs_userid_consent_data=3524755945110770; sharedid=c9439ed0-096d-486f-8513-d6af464e3353; cto_bundle=A-nmGF9WUnd0RFhDS2pwVSUyRm10WmRtZHJsVmxsRkF6aHp3ckI1SHVEJTJGWDJwYTlqM04xT2VPQUFmYWdZTEs3TzZCTFF4R2FnRFNIYzg5V2FhWklVSTFuWWNkUHF6UCUyQlVINzhnUm45NVYzR1B2Z3NoVSUzRA; cto_bidid=PNsKll9lZjF0RFVRVVZVZ0prVzQlMkJDTGVjbWtkSFVSMW9XbUFZZzdQNTY3Q3Q1cVZZTGtmTUtTVUdnN0wyUUNmRzRrVWJ4U0hLc2JKU2pIMDI1NUF2Q281azNBJTNEJTNE; prefetchAd_5630105=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 07 Feb 2023 19:18:29 GMT
content-type: image/png
content-length: 1994
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
access-control-allow-origin: *
accept-ranges: bytes
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-7ca"
age: 96824
X-Firefox-Spdy: h2
id5-sync.com/i/12/9.gif?gdpr=&gdpr_consent=
162.19.138.118200 43 B URL HTTP/1.1 id5-sync.com/i/12/9.gif?gdpr=&gdpr_consent=
IP 162.19.138.118:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 07fff40b5dd495aca2ac4e1c3fbc60aa
e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
GET /i/12/9.gif?gdpr=&gdpr_consent= HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: cf=; Max-Age=300; Expires=Wed, 08-Feb-2023 22:17:13 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cip=; Max-Age=300; Expires=Wed, 08-Feb-2023 22:17:13 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cnac=; Max-Age=300; Expires=Wed, 08-Feb-2023 22:17:13 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
car=; Max-Age=300; Expires=Wed, 08-Feb-2023 22:17:13 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
gdpr=; Max-Age=300; Expires=Wed, 08-Feb-2023 22:17:13 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
callback=; Max-Age=300; Expires=Wed, 08-Feb-2023 22:17:13 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
content-type: image/gif;charset=UTF-8
transfer-encoding: chunked
date: Wed, 08 Feb 2023 22:12:12 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
download.oxy.st/images/icon.png
185.178.208.137200 OK 7.5 kB URL HTTP/2 download.oxy.st/images/icon.png
IP 185.178.208.137:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash b63d70eb8c5d379fa68fe0f63e8c4255
232de1f52e52611ae67aab8ebaa143946154a233
100c7773d318b841267dc4ac654366ac19ba903e6cd6551777268f6eb4ed86cd
GET /images/icon.png HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/d/yvPf
Cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0; _pbjs_userid_consent_data=3524755945110770; sharedid=c9439ed0-096d-486f-8513-d6af464e3353; cto_bundle=A-nmGF9WUnd0RFhDS2pwVSUyRm10WmRtZHJsVmxsRkF6aHp3ckI1SHVEJTJGWDJwYTlqM04xT2VPQUFmYWdZTEs3TzZCTFF4R2FnRFNIYzg5V2FhWklVSTFuWWNkUHF6UCUyQlVINzhnUm45NVYzR1B2Z3NoVSUzRA; cto_bidid=PNsKll9lZjF0RFVRVVZVZ0prVzQlMkJDTGVjbWtkSFVSMW9XbUFZZzdQNTY3Q3Q1cVZZTGtmTUtTVUdnN0wyUUNmRzRrVWJ4U0hLc2JKU2pIMDI1NUF2Q281azNBJTNEJTNE; prefetchAd_5630105=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 01 Feb 2023 08:49:02 GMT
content-type: image/png
content-length: 7531
last-modified: Sun, 21 Jun 2020 20:10:25 GMT
access-control-allow-origin: *
accept-ranges: bytes
ddg-cache-status: HIT,HIT
etag: "5eefbeb1-1d6b"
age: 652991
X-Firefox-Spdy: h2
d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js
54.230.245.166200 OK 26 kB URL HTTP/1.1 d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js
IP 54.230.245.166:0
File type ASCII text, with very long lines (16085)
Hash 8703fc9eead243fe2f47380e962d7fa2
3d9f707259112fa9ccdd1e676f00eadcff71906c
b47b4ca26c57e3dceebd7abd067df9622599bed6bfb11b480f92d09a945cd213
GET /a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js HTTP/1.1
Host: d2zur9cc2gf1tx.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 25704
Connection: keep-alive
Accept-Ranges: bytes
Last-Modified: Mon, 18 Feb 2019 16:54:28 GMT
Server: Apache
Date: Wed, 08 Feb 2023 07:43:40 GMT
X-Cache: Hit from cloudfront
Via: 1.1 07d5d44815808d5d5a6f43984a987698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 1VdLecXppZgVXlc--RD2qO06rDNWjdkQyutHbKdgPA6R_VUqoY8X6Q==
Age: 52114
mediasama.com/starharem/01/s/index_rt.html
149.56.38.113200 OK 1.5 kB URL HTTP/1.1 mediasama.com/starharem/01/s/index_rt.html
IP 149.56.38.113:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 30597b59f3cb1eadf603fcfb21952340
baca3a552764959edd4fc56947acc9a4f33822de
6ac92da5b37d94c53f231a18bb88be006ae20f1724a63151a97ed918d86cb25d
GET /starharem/01/s/index_rt.html HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:12:13 GMT
Server: Apache
Last-Modified: Wed, 20 Jul 2022 09:11:51 GMT
ETag: "17a0-5e438fdce23c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1525
Content-Type: text/html
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 50ca5deab68ba881743e691a693819f1
fd6b74d17a961f751a8edf09fcfaab273f0a7408
139c5ed1fd10f67669a5de174c5ffb02411f96463217781882c9d22b050a02d8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:12:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 67226199464b18c839cd5cfa96cae88b
fb6a62c5e2ede15470740e30ee9df37fd1d774b2
7a24ad381f2b14f7285d5bc2074b79fd97fba5c564629e928f3fc8467aafefa3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3536
Cache-Control: max-age=161624
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:12:13 GMT
Etag: "63e3e4c5-1d7"
Expires: Fri, 10 Feb 2023 19:05:57 GMT
Last-Modified: Wed, 08 Feb 2023 18:07:01 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d09192b0325fc351f837998af0ec0859
9a2e9bd3eafa7a522727e29908c1576e7d256a87
def6f8c8083625ad72cb4a4e93336979b5ab7d0181031f639c3abc3f5b63ef99
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6464
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:12:13 GMT
Last-Modified: Wed, 08 Feb 2023 20:24:29 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.21.226:0
Hash a052c6202097931eb074a1cdea5ce017
701304e9ba5f97454d84128d79ce29e324cf9c5f
8c8486f2565c6ceafe940d3f2c3128a4e512ab9459a2918ea350fea958778768
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:12:13 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Sun, 12 Feb 2023 19:20:56 GMT
ETag: "701304e9ba5f97454d84128d79ce29e324cf9c5f"
Last-Modified: Wed, 08 Feb 2023 19:20:57 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2950
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7967b49dea4cfac0-OSL
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash e55c78916e20ff8e3ce7369eaadb218a
52f39bbae31031003c95246e28ea851b571ebc5c
67efd0d4a7b6576b7e06c7f5b5ed3bd81a6bbba087733535eb2dcbc3c7de8176
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:12:13 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Sun, 12 Feb 2023 17:23:37 GMT
ETag: "52f39bbae31031003c95246e28ea851b571ebc5c"
Last-Modified: Wed, 08 Feb 2023 17:23:38 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3033
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7967b49def98b4f3-OSL
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP 178.250.0.157:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-crto-bundle
Referer: https://download.oxy.st/
Origin: https://download.oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:12:12 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-headers: X-CRTO-SID, X-CRTO-IDCPY, X-CRTO-OPTOUT, X-CRTO-BUNDLE
access-control-allow-origin: https://download.oxy.st
server-processing-duration-in-ticks: 466807
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=d3df43df-b983-4bfe-a83a-bbcc6a4c3322
216.58.211.2302 Found 341 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=d3df43df-b983-4bfe-a83a-bbcc6a4c3322
IP 216.58.211.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 507df1a15cc0135e32b5e28e6c020848
f1a4abf21722429e4e9f9a6c5758cdf2127fc79d
ea1d4b86134ab1232503ccc3104a8c4c1f0cd24ae4034345baeb94a3b12f18f6
GET /pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=d3df43df-b983-4bfe-a83a-bbcc6a4c3322 HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&fid=d3df43df-b983-4bfe-a83a-bbcc6a4c3322&google_tc=
date: Wed, 08 Feb 2023 22:12:13 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 341
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 08-Feb-2023 22:27:13 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12771%26ref%3D%26url%3Dhttps%253A%252F%252Fdownload.oxy.st%252Fd%252FyvPf%26hn_ver%3D40%26fid%3Dd3df43df-b983-4bfe-a83a-bbcc6a4c3322
37.252.171.53307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12771%26ref%3D%26url%3Dhttps%253A%252F%252Fdownload.oxy.st%252Fd%252FyvPf%26hn_ver%3D40%26fid%3Dd3df43df-b983-4bfe-a83a-bbcc6a4c3322
IP 37.252.171.53:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12771%26ref%3D%26url%3Dhttps%253A%252F%252Fdownload.oxy.st%252Fd%252FyvPf%26hn_ver%3D40%26fid%3Dd3df43df-b983-4bfe-a83a-bbcc6a4c3322 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Wed, 08 Feb 2023 22:12:13 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Fdownload.oxy.st%25252Fd%25252FyvPf%2526hn_ver%253D40%2526fid%253Dd3df43df-b983-4bfe-a83a-bbcc6a4c3322
AN-X-Request-Uuid: ca762722-c297-4c33-aff7-173dbf79ea5c
Set-Cookie: uuid2=705728747500012562; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 09-May-2023 22:12:13 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
counter.yadro.ru/hit?t52.6;r;s1280*1024*24;uhttps%3A//download.oxy.st/d/yvPf;hDownload%20file%20WexsideCrack%20%281%29.zip%20on%20Oxy.Cloud;0.9726354922210853
88.212.202.52200 OK 362 B URL HTTP/1.1 counter.yadro.ru/hit?t52.6;r;s1280*1024*24;uhttps%3A//download.oxy.st/d/yvPf;hDownload%20file%20WexsideCrack%20%281%29.zip%20on%20Oxy.Cloud;0.9726354922210853
IP 88.212.202.52:0
ASN #39134 United Network LLC
File type GIF image data, version 87a, 88 x 31\012- data
Hash 7b25b20ac31706e7ca86a5ffd09c75d5
830c6230d01396292aa9c76f9579e3fd0ff8d000
a73d6739819ba98621e4bdb24bc2fbc2c88583479558b9878e5b986d3b59341d
GET /hit?t52.6;r;s1280*1024*24;uhttps%3A//download.oxy.st/d/yvPf;hDownload%20file%20WexsideCrack%20%281%29.zip%20on%20Oxy.Cloud;0.9726354922210853 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 08 Feb 2023 22:12:13 GMT
Content-Type: image/gif
Content-Length: 362
Connection: keep-alive
Expires: Tue, 08 Feb 2022 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=e0867bc2-0792-49b8-7d75-595d6a473f6e&reqId=1624b691-3f40-40b9-5693-dee81f50177a&zdid=1258
216.58.211.2302 Found 447 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=e0867bc2-0792-49b8-7d75-595d6a473f6e&reqId=1624b691-3f40-40b9-5693-dee81f50177a&zdid=1258
IP 216.58.211.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 19a7c7945171adbdb8088a105a334cef
9e4a4a21f6c3b07746dce3442c715717c88e0240
b9ceaa9c72ec32c727c6dfad5d529599ff76a083d49cb74ef679716967a60dd3
GET /pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=e0867bc2-0792-49b8-7d75-595d6a473f6e&reqId=1624b691-3f40-40b9-5693-dee81f50177a&zdid=1258 HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=e0867bc2-0792-49b8-7d75-595d6a473f6e&reqId=1624b691-3f40-40b9-5693-dee81f50177a&zdid=1258&google_tc=
date: Wed, 08 Feb 2023 22:12:13 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 447
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 08-Feb-2023 22:27:13 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash 50ca5deab68ba881743e691a693819f1
fd6b74d17a961f751a8edf09fcfaab273f0a7408
139c5ed1fd10f67669a5de174c5ffb02411f96463217781882c9d22b050a02d8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:12:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1
15.197.193.217200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1
IP 15.197.193.217:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:12:13 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM
2.18.172.23200 OK 5.7 kB URL HTTP/2 contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM
IP 2.18.172.23:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (13426)
Hash bf19ca918607dd6c94d72d4f73ba83df
8f860309c01915f0bd1e082c1294ab177c5f4999
0bd3530918145469d93d16d5ed233cff822007fb98ed1ada03bf2ae7b646ed67
GET /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=146125
expires: Fri, 10 Feb 2023 14:47:38 GMT
date: Wed, 08 Feb 2023 22:12:13 GMT
content-length: 5746
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
142.250.74.138200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP 142.250.74.138:0
File type ASCII text, with very long lines (65451)
Hash 0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 19:19:40 GMT
expires: Wed, 07 Feb 2024 19:19:40 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 96753
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
mediasama.com/starharem/01/s/styles.css
149.56.38.113200 OK 2.4 kB URL HTTP/1.1 mediasama.com/starharem/01/s/styles.css
IP 149.56.38.113:0
File type ASCII text, with very long lines (420)
Hash 8e7117f5f47cb6cde0a8e8eb38b16dbb
617fd3f0d3f420ee1967a20fb0b0af4ac34eca03
794f8aa66b6afcf9b7d9bfe5952860436dcfee6bf82e4368af6bc838ce89be98
GET /starharem/01/s/styles.css HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:12:13 GMT
Server: Apache
Last-Modified: Thu, 07 Apr 2022 08:02:29 GMT
ETag: "2638-5dc0be6400e82-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2406
Content-Type: text/css
lg3.media.net/bping.php?vgd_len=493&&vgd_cdv=870&vgd_cage=0&gdpr=1&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1675894333493497303&ugd=4&lf=6&cc=NO&lper=100&wsip=170785058&r=1675894389355&requrl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=50304&vgd_rakh=1675894333177326088&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p0733295009t202302082213&vgd_pgids=1&vgd_uspa=0&hvsid=00001675894389345015326356488073&gdpr=1&vgd_l2type=scs_newfl&vgd_end=1
23.38.200.22200 OK 35 B URL HTTP/1.1 lg3.media.net/bping.php?vgd_len=493&&vgd_cdv=870&vgd_cage=0&gdpr=1&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1675894333493497303&ugd=4&lf=6&cc=NO&lper=100&wsip=170785058&r=1675894389355&requrl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=50304&vgd_rakh=1675894333177326088&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p0733295009t202302082213&vgd_pgids=1&vgd_uspa=0&hvsid=00001675894389345015326356488073&gdpr=1&vgd_l2type=scs_newfl&vgd_end=1
IP 23.38.200.22:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 349909ce1e0bc971d452284590236b09
adfc01f8a9de68b9b27e6f98a68737c162167066
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
GET /bping.php?vgd_len=493&&vgd_cdv=870&vgd_cage=0&gdpr=1&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1675894333493497303&ugd=4&lf=6&cc=NO&lper=100&wsip=170785058&r=1675894389355&requrl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=50304&vgd_rakh=1675894333177326088&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p0733295009t202302082213&vgd_pgids=1&vgd_uspa=0&hvsid=00001675894389345015326356488073&gdpr=1&vgd_l2type=scs_newfl&vgd_end=1 HTTP/1.1
Host: lg3.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Length: 35
Content-Type: image/gif
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=21600
Expires: Wed, 08 Feb 2023 22:12:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 08 Feb 2023 22:12:13 GMT
Connection: keep-alive
mediasama.com/starharem/01/s/js/main.js
149.56.38.113200 OK 549 B URL HTTP/1.1 mediasama.com/starharem/01/s/js/main.js
IP 149.56.38.113:0
Hash d8fa8e233a4db9fbce0c20d9a57a06fe
2366b2969771aa164bfdca6b5baf916806f6758a
f496e19ead804367daa801860cd95a7ec6854965a7c5cf2c49dda71532c19932
GET /starharem/01/s/js/main.js HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:12:13 GMT
Server: Apache
Last-Modified: Thu, 07 Apr 2022 08:02:50 GMT
ETag: "516-5dc0be78000b5-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 549
Content-Type: application/javascript
secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Fdownload.oxy.st%25252Fd%25252FyvPf%2526hn_ver%253D40%2526fid%253Dd3df43df-b983-4bfe-a83a-bbcc6a4c3322
37.252.171.53302 Found 0 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Fdownload.oxy.st%25252Fd%25252FyvPf%2526hn_ver%253D40%2526fid%253Dd3df43df-b983-4bfe-a83a-bbcc6a4c3322
IP 37.252.171.53:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Fdownload.oxy.st%25252Fd%25252FyvPf%2526hn_ver%253D40%2526fid%253Dd3df43df-b983-4bfe-a83a-bbcc6a4c3322 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.oxy.st/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Wed, 08 Feb 2023 22:12:13 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://s.cpx.to/an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&hn_ver=40&fid=d3df43df-b983-4bfe-a83a-bbcc6a4c3322
AN-X-Request-Uuid: aa46dc8f-b574-48a4-a371-6b24041b68b0
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash ba8280a44e5cca2706d6fb4cc1b63e00
b02884c54a886e1c67fb686496d7f585ac4da1c1
a527caf4c3b2ce7295e54fe42e81a7c8e5c80d26506fce05bf1220d95cee22cf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4926
Cache-Control: max-age=91003
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:12:13 GMT
Etag: "63e2cb7a-139"
Expires: Thu, 09 Feb 2023 23:28:56 GMT
Last-Modified: Tue, 07 Feb 2023 22:06:50 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 313
csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1
178.250.0.162200 OK 43 B URL HTTP/2 csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1
IP 178.250.0.162:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1 HTTP/1.1
Host: csm.fr.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:12:13 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash 5b1b993523163323b6a569da7eb55c47
f0e6b63b23125aab1eb608664e58ecddfefb7dd8
ec0a03bcaa80fc111a90f16589e849b4e9ee9a89b084cc5caa30103361edff24
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:12:13 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 08 Feb 2023 15:49:38 GMT
Expires: Wed, 15 Feb 2023 15:49:37 GMT
Etag: "f0e6b63b23125aab1eb608664e58ecddfefb7dd8"
Cache-Control: max-age=581243,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7967b49aca22b509-OSL
pixel.quantserve.com/pixel;r=1349092968;labels=Categories.technologyandcomputing;rf=0;a=p-6Fv0cGNfc_bw8;url=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf;uht=2;fpan=1;fpa=P0-385993408-1675894389401;pbc=;ns=0;ce=1;qjs=1;qv=bf501fc4-20230203135208;cm=;gdpr=0;ref=;d=oxy.st;dst=0;et=1675894389620;tzo=0;ogl=;ses=f470b14f-01c4-44de-b66f-076f94211ba8
91.228.74.251200 OK 35 B URL HTTP/2 pixel.quantserve.com/pixel;r=1349092968;labels=Categories.technologyandcomputing;rf=0;a=p-6Fv0cGNfc_bw8;url=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf;uht=2;fpan=1;fpa=P0-385993408-1675894389401;pbc=;ns=0;ce=1;qjs=1;qv=bf501fc4-20230203135208;cm=;gdpr=0;ref=;d=oxy.st;dst=0;et=1675894389620;tzo=0;ogl=;ses=f470b14f-01c4-44de-b66f-076f94211ba8
IP 91.228.74.251:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 55d25e9dc950d5db4d53a3b195c046c6
75e91ae3e549dab12ed1c9787ade9131aef1c981
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
GET /pixel;r=1349092968;labels=Categories.technologyandcomputing;rf=0;a=p-6Fv0cGNfc_bw8;url=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf;uht=2;fpan=1;fpa=P0-385993408-1675894389401;pbc=;ns=0;ce=1;qjs=1;qv=bf501fc4-20230203135208;cm=;gdpr=0;ref=;d=oxy.st;dst=0;et=1675894389620;tzo=0;ogl=;ses=f470b14f-01c4-44de-b66f-076f94211ba8 HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:12:13 GMT
content-type: image/gif
content-length: 35
cache-control: private, no-cache, no-store, proxy-revalidate
expires: Fri, 04 Aug 1978 12:00:00 GMT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
pragma: no-cache
set-cookie: mc=63e41e3d-7ac98-1f6df-8105d; expires=Sun, 10-Mar-2024 22:12:13 GMT; path=/; domain=.quantserve.com
X-Firefox-Spdy: h2
image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Dd3df43df-b983-4bfe-a83a-bbcc6a4c3322
185.64.189.110302 Found 137 B URL HTTP/2 image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Dd3df43df-b983-4bfe-a83a-bbcc6a4c3322
IP 185.64.189.110:0
Hash bbe2324dbdca1d5d070aac82805aaec5
fbc20a230bb5851f791743f2c9e90672d091b698
fde3b4ba116e639bc679f7caab4b537f28eb783e5e59888c019cf9489b94e22d
GET /AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Dd3df43df-b983-4bfe-a83a-bbcc6a4c3322 HTTP/1.1
Host: image2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Wed, 08 Feb 2023 22:12:12 GMT
set-cookie: KTPCACOOKIE=true; domain=pubmatic.com; secure; expires=Tue, 09-May-2023 22:12:12 GMT; path=/
location: https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Dd3df43df-b983-4bfe-a83a-bbcc6a4c3322
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
X-Firefox-Spdy: h2
contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&nse=5&vi=1675894333493497303&ugd=4&sff=0&pgid=p0733295009t202302082213&nb=1
2.18.172.23200 OK 329 B URL HTTP/2 contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&nse=5&vi=1675894333493497303&ugd=4&sff=0&pgid=p0733295009t202302082213&nb=1
IP 2.18.172.23:0
File type ASCII text, with very long lines (550), with no line terminators
Hash e983f1f4d1ae32f0be77331c96e64c38
aa11abce55c65af6c8155339c955c2edd2b13c1b
6191142b42ebb1c4bcf78d88d8d6c20460513c850d8a8bb5613a425fc1cff28a
GET /smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&nse=5&vi=1675894333493497303&ugd=4&sff=0&pgid=p0733295009t202302082213&nb=1 HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
content-type: text/javascript
x-sc-h: 21-n2pr
expires: Wed, 08 Feb 2023 22:12:13 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 08 Feb 2023 22:12:13 GMT
content-length: 329
vary: Accept-Encoding
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
betotodilea.com/400/5630102
139.45.197.237200 OK 32 kB URL HTTP/2 betotodilea.com/400/5630102
IP 139.45.197.237:0
Hash 33153f0d0658f7d13a782ae6ea1c8e35
a61a0b16aa300a9a21653a022f99d3f215ec2443
8cf5fd436aff9949e876f1b035958e17d374ac5720afdea5cb15d499020ef217
Analyzer Verdict Alert quad9 Sinkholed
GET /400/5630102 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:12:12 GMT
content-type: application/javascript
x-trace-id: babf4bc51de98ac3ad1d9ff5d9f8ed31
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=240561fdc29f43e1a4a5f13447e8ac0a; expires=Thu, 08 Feb 2024 22:12:12 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
mwzeom.zeotap.com/mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=e0867bc2-0792-49b8-7d75-595d6a473f6e&reqId=1624b691-3f40-40b9-5693-dee81f50177a&zdid=1258&google_error=3
104.22.24.87200 OK 95 B URL HTTP/2 mwzeom.zeotap.com/mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=e0867bc2-0792-49b8-7d75-595d6a473f6e&reqId=1624b691-3f40-40b9-5693-dee81f50177a&zdid=1258&google_error=3
IP 104.22.24.87:0
File type PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Hash 71a50dbba44c78128b221b7df7bb51f1
0ec63b140374ba704a58fa0c743cb357683313dd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
GET /mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=e0867bc2-0792-49b8-7d75-595d6a473f6e&reqId=1624b691-3f40-40b9-5693-dee81f50177a&zdid=1258&google_error=3 HTTP/1.1
Host: mwzeom.zeotap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.oxy.st/
Connection: keep-alive
Cookie: zc=e0867bc2-0792-49b8-7d75-595d6a473f6e; zsc=%60%08%A4%0Dj%D7%3B%AB%C4%8A%24%E3%EA%241%D6%DF%E8%26BP%EF%D9%83%B8%C2%B0%BB%B8%E9%1E1%806%FA%FD%12%19f%90%FEE%FA%A9%ACZ%16%BEX%E2%B19%FD%D6%90%CEn%01%97%22%89%9D%9D%1Co%23%A2b%AC%07%14%FB%17%97%F7%EE%D4%81%153%06%3E%C1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:12:13 GMT
content-type: image/png
content-length: 95
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://download.oxy.st
set-cookie: zc=e0867bc2-0792-49b8-7d75-595d6a473f6e; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7967b4a088a3b4f9-OSL
X-Firefox-Spdy: h2
s.cpx.to/an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&hn_ver=40&fid=d3df43df-b983-4bfe-a83a-bbcc6a4c3322
63.32.219.30200 OK 95 B URL HTTP/1.1 s.cpx.to/an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&hn_ver=40&fid=d3df43df-b983-4bfe-a83a-bbcc6a4c3322
IP 63.32.219.30:0
File type PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Hash 9606fa62df0ffe87253f3baf418f0e42
fe8520ab0bf1622350513d685ece5faf70b4e8c1
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
GET /an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&hn_ver=40&fid=d3df43df-b983-4bfe-a83a-bbcc6a4c3322 HTTP/1.1
Host: s.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.oxy.st/
Connection: keep-alive
Cookie: cpSess=d75d1a4a605768d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:12:13 GMT
Content-Type: image/png
Content-Length: 95
Connection: keep-alive
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: none
cache-control: no-store, must-revalidate, private, max-age=0
pragma: no-cache
set-cookie: cpSess=d75d1a4a605768d; Expires=Thu, 08 Feb 2024 22:12:13 GMT; Domain=.cpx.to; Path=/; Secure; HttpOnly; SameSite=None
p3p: CP="NOI DEV ADM"
expires: Wed, 08 Feb 2023 22:12:13 UTC
nanouwho.com/15?rnd=2888495753&z=5630103&var=&rb=cnMKrVBFrsJT_udqbxR0q_jECGIij1NFai7Ez-U6xnOcC-8s1m7epUsUo5O8FAumHMAaFh63j33uzoOVkH_Pa9LIs4NFJvN3mMyo-_R8gANn41JDgYfFMI5uwk8UACSiwr5QK_Hl5Ul9mebGAb2j3Gn7lr61ZHP5lJcNI_yr-pOKEP5V3tbuLl-BP6zOiBDXytbO9XluKwOXKo0EjaFJMu8X1DeokSP93FOfAd23zVZr3wnyBiHiq-lHruDV51MuNJLAYiN-CX8oe8ng3dYMTHeQUQG-V8xSw7wY0hNM39WMQL8Tcv6wyrXoFkW2oSfSMcKUwd3O92XDquk865uRdf_ujfCK9yP_iJcAQP1m554YfoHKnTwZjTXPkA0fJoYCKoF8CCWbYz9oLJAShx9UoYIekGiICTs36yCPdngmAJIWON5CKt9m4VYy3T_YWa7N8yjRazx7siNTl5sttSPYZYC__Sl0ibcMZfpZTF_xiIxaKmdleBjuKiRXbJKBqwGR97NFE-w82Eqk3YWrzMPjMvFY4Ar_fOgw7__UOxtslfkoYVLpyW9UHG9E2fhkPp8maoBfS-Jkg0qNtuJ3veb20N5y4jPrMPbzhcP7EJ5rBvuCzBkyjx4p3ncPoq9gUKcGZzzPtN9NFvqaopkwAx50QbvjhDTeJk0UsqcRJ6pcsYlZeOCthHYUhI-xlVuZygq-rGQhsfj5kzL0UGEiZhYc1-30nNvotltyjvp23X3_rOjg5zyogtCUaHf5PtKZDHqGWedFxO77h0w=&ruid=244287db-e1d4-4d25-966f-6b160ce8254f&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A1.207%2C%22location%22%3A%22https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D
139.45.197.242204 No Content 0 B URL HTTP/2 nanouwho.com/15?rnd=2888495753&z=5630103&var=&rb=cnMKrVBFrsJT_udqbxR0q_jECGIij1NFai7Ez-U6xnOcC-8s1m7epUsUo5O8FAumHMAaFh63j33uzoOVkH_Pa9LIs4NFJvN3mMyo-_R8gANn41JDgYfFMI5uwk8UACSiwr5QK_Hl5Ul9mebGAb2j3Gn7lr61ZHP5lJcNI_yr-pOKEP5V3tbuLl-BP6zOiBDXytbO9XluKwOXKo0EjaFJMu8X1DeokSP93FOfAd23zVZr3wnyBiHiq-lHruDV51MuNJLAYiN-CX8oe8ng3dYMTHeQUQG-V8xSw7wY0hNM39WMQL8Tcv6wyrXoFkW2oSfSMcKUwd3O92XDquk865uRdf_ujfCK9yP_iJcAQP1m554YfoHKnTwZjTXPkA0fJoYCKoF8CCWbYz9oLJAShx9UoYIekGiICTs36yCPdngmAJIWON5CKt9m4VYy3T_YWa7N8yjRazx7siNTl5sttSPYZYC__Sl0ibcMZfpZTF_xiIxaKmdleBjuKiRXbJKBqwGR97NFE-w82Eqk3YWrzMPjMvFY4Ar_fOgw7__UOxtslfkoYVLpyW9UHG9E2fhkPp8maoBfS-Jkg0qNtuJ3veb20N5y4jPrMPbzhcP7EJ5rBvuCzBkyjx4p3ncPoq9gUKcGZzzPtN9NFvqaopkwAx50QbvjhDTeJk0UsqcRJ6pcsYlZeOCthHYUhI-xlVuZygq-rGQhsfj5kzL0UGEiZhYc1-30nNvotltyjvp23X3_rOjg5zyogtCUaHf5PtKZDHqGWedFxO77h0w=&ruid=244287db-e1d4-4d25-966f-6b160ce8254f&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A1.207%2C%22location%22%3A%22https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /15?rnd=2888495753&z=5630103&var=&rb=cnMKrVBFrsJT_udqbxR0q_jECGIij1NFai7Ez-U6xnOcC-8s1m7epUsUo5O8FAumHMAaFh63j33uzoOVkH_Pa9LIs4NFJvN3mMyo-_R8gANn41JDgYfFMI5uwk8UACSiwr5QK_Hl5Ul9mebGAb2j3Gn7lr61ZHP5lJcNI_yr-pOKEP5V3tbuLl-BP6zOiBDXytbO9XluKwOXKo0EjaFJMu8X1DeokSP93FOfAd23zVZr3wnyBiHiq-lHruDV51MuNJLAYiN-CX8oe8ng3dYMTHeQUQG-V8xSw7wY0hNM39WMQL8Tcv6wyrXoFkW2oSfSMcKUwd3O92XDquk865uRdf_ujfCK9yP_iJcAQP1m554YfoHKnTwZjTXPkA0fJoYCKoF8CCWbYz9oLJAShx9UoYIekGiICTs36yCPdngmAJIWON5CKt9m4VYy3T_YWa7N8yjRazx7siNTl5sttSPYZYC__Sl0ibcMZfpZTF_xiIxaKmdleBjuKiRXbJKBqwGR97NFE-w82Eqk3YWrzMPjMvFY4Ar_fOgw7__UOxtslfkoYVLpyW9UHG9E2fhkPp8maoBfS-Jkg0qNtuJ3veb20N5y4jPrMPbzhcP7EJ5rBvuCzBkyjx4p3ncPoq9gUKcGZzzPtN9NFvqaopkwAx50QbvjhDTeJk0UsqcRJ6pcsYlZeOCthHYUhI-xlVuZygq-rGQhsfj5kzL0UGEiZhYc1-30nNvotltyjvp23X3_rOjg5zyogtCUaHf5PtKZDHqGWedFxO77h0w=&ruid=244287db-e1d4-4d25-966f-6b160ce8254f&uci=%7B%22path%22%3A%7B%22count%22%3A0%2C%22totalLength%22%3A0%2C%22pathHistogram%22%3A%7B%224%22%3A0%2C%228%22%3A0%2C%2216%22%3A0%2C%2232%22%3A0%2C%2264%22%3A0%2C%22128%22%3A0%2C%22256%22%3A0%2C%22512%22%3A0%2C%221024%22%3A0%7D%7D%2C%22durationOnCreate%22%3A1.207%2C%22location%22%3A%22https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf%22%2C%22isSelenium%22%3Afalse%2C%22isPhantom%22%3Afalse%2C%22isTouch%22%3Afalse%2C%22pluginCount%22%3A0%2C%22wdov%22%3A0%2C%22isIONS%22%3Atrue%7D HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://download.oxy.st
Connection: keep-alive
Referer: https://download.oxy.st/
Cookie: scm=1; OAID=4cd5874d8fdd4d729cb4eaf2837e6ce5; oaidts=1675894332
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 08 Feb 2023 22:12:13 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://download.oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: cd970aaf08214a5fa7054ffd0eeef10d
access-control-expose-headers: X-Sc
set-cookie: OAID=4cd5874d8fdd4d729cb4eaf2837e6ce5; expires=Thu, 08 Feb 2024 22:12:13 GMT; secure; SameSite=None
oaidts=1675894332; expires=Thu, 08 Feb 2024 22:12:13 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 3c77c37b3286287da02d8b5a1770ed0e
8ff88ee70aef7d3572c1015a2f23670ff1526164
54c5848c1db5ebcb9bbe27c44525ce306b3e121102f8cc92acdf56a033db4343
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 08 Feb 2023 22:12:13 GMT
Last-Modified: Wed, 08 Feb 2023 20:35:54 GMT
Server: ECS (bsa/EB21)
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: foCX3eSYQLhM9BN35mhfqBb6anjRG4M1TbB6QonePIMZKwinthYc-w==
Age: 5779
adtrack.adleadevent.com/notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7
108.128.16.246200 OK 20 B URL HTTP/1.1 adtrack.adleadevent.com/notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7
IP 108.128.16.246:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7 HTTP/1.1
Host: adtrack.adleadevent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://download.oxy.st
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://download.oxy.st
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Content-Encoding: gzip
Content-Type: application/x-javascript
Date: Wed, 08 Feb 2023 22:12:13 GMT
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Last-Modified: Wed, 08 Feb 2023 22:12:13 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Length: 20
Connection: keep-alive
mediasama.com/starharem/01/s/audio/btn_1.mp3
149.56.38.113206 Partial Content 20 kB URL HTTP/1.1 mediasama.com/starharem/01/s/audio/btn_1.mp3
IP 149.56.38.113:0
File type Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 192 kbps, 44.1 kHz, JntStereo\012- data
Hash d857acaef2cdf5ec88ea6128c1ceb7b3
5f67419243f34232a4da8cb1a1eaecfc192ff1a7
df83bc888086ae84b5d532a39023b0db17e8f3ccd3ffdcd6f35c8d4f39558d24
GET /starharem/01/s/audio/btn_1.mp3 HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 206 Partial Content
Date: Wed, 08 Feb 2023 22:12:13 GMT
Server: Apache
Last-Modified: Thu, 07 Apr 2022 08:02:31 GMT
ETag: "4f61-5dc0be65fcb81"
Accept-Ranges: bytes
Content-Length: 20321
Content-Range: bytes 0-20320/20321
Content-Type: audio/mpeg
mediasama.com/starharem/01/s/img/2.jpg
149.56.38.113200 OK 369 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/2.jpg
IP 149.56.38.113:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 369 kB (369239 bytes)
Hash b7d3bd4ae3d5f8477e040e6410517866
2b255c9583c47e5da4069d9c055d3430a0c1e03a
7bb68d5a9a92a500956397e156beb117a0ef605b6747800cacf9c9440b6fc7e4
GET /starharem/01/s/img/2.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:12:13 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:41 GMT
ETag: "5a257-5dc622e1424eb"
Accept-Ranges: bytes
Content-Length: 369239
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/1.jpg
149.56.38.113200 OK 397 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/1.jpg
IP 149.56.38.113:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 397 kB (397097 bytes)
Hash 43c140ec16ce96d582782ea93eeaa4fe
3390bf8e8708620fc0a851455e4729cb4f0248a2
3e176a04debe08dd522e7f0fbc9f7530880a92fb9845afd7391bbaa764a4ad55
GET /starharem/01/s/img/1.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:12:13 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:39 GMT
ETag: "60f29-5dc622dfac0e8"
Accept-Ranges: bytes
Content-Length: 397097
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/7.jpg
149.56.38.113200 OK 327 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/7.jpg
IP 149.56.38.113:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 327 kB (326553 bytes)
Hash c67c9fb0268eea7d188c4c9bc54a0bf4
216b83374ba6f011041b31dd381f22e99ea7a8c1
95ae6eba3fad2ff05cadc95b27fc79a198a9e873371ab5fb7bb97c1661cd4654
GET /starharem/01/s/img/7.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:12:13 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:45 GMT
ETag: "4fb99-5dc622e5033f2"
Accept-Ranges: bytes
Content-Length: 326553
Content-Type: image/jpeg
image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Dd3df43df-b983-4bfe-a83a-bbcc6a4c3322
185.64.189.110200 OK 342 kB URL HTTP/2 image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Dd3df43df-b983-4bfe-a83a-bbcc6a4c3322
IP 185.64.189.110:0
Size 342 kB (341693 bytes)
Hash c4bff23090cd883cbc24f2fcd2f2baf9
3ca4b835e5664204c8676cfcbdcb968ad0ff7660
ca752818d9d3f4308da8f17d9325a882a89d6e2c11c79c5197d08e84437ff09e
GET /AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Dd3df43df-b983-4bfe-a83a-bbcc6a4c3322 HTTP/1.1
Host: image2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.oxy.st/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:12:11 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip
X-Firefox-Spdy: h2
mediasama.com/starharem/01/s/img/3.jpg
149.56.38.113200 OK 375 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/3.jpg
IP 149.56.38.113:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 375 kB (375159 bytes)
Hash 84c5f704120f28ad7bcde2ebab7442a0
fd2745300ba7ad59ff8044c7e9f76b1326ddd120
6227de9cf2198a85639d3808c134b85dc1e6a5ee5ee5709189c5e58d1b91b7c2
GET /starharem/01/s/img/3.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:12:13 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:41 GMT
ETag: "5b977-5dc622e17edac"
Accept-Ranges: bytes
Content-Length: 375159
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/4.jpg
149.56.38.113200 OK 325 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/4.jpg
IP 149.56.38.113:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 325 kB (325446 bytes)
Hash ec18d276822ab5772f3458da7dbedfbc
f7a38f944aaba3e6b848f496bf4b8fee50b58161
da6b7082767f0ddffbec031c7f84b859c7a1f20624445bb26aa93895b75d7c09
GET /starharem/01/s/img/4.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:12:13 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:43 GMT
ETag: "4f746-5dc622e2da82e"
Accept-Ranges: bytes
Content-Length: 325446
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/8.jpg
149.56.38.113200 OK 682 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/8.jpg
IP 149.56.38.113:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 0-3584, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 211035008.000000\012- data
Size 682 kB (682050 bytes)
Hash cedcd46e956dee6a28f87198962b0477
7b38f1de654971e436983fb6a34a71540ba526c9
08c08ef6f1ed9da65259719bbcc97e9aec700d3b486a9f0a741cb5800be34db5
GET /starharem/01/s/img/8.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:12:14 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:47 GMT
ETag: "a6842-5dc622e757ed6"
Accept-Ranges: bytes
Content-Length: 682050
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/10.jpg
149.56.38.113200 OK 237 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/10.jpg
IP 149.56.38.113:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 237 kB (236974 bytes)
Hash e0046cc1f34ff0701ec4874a0a8c5d43
c6a46db14dfc50d67307a9855f4dd2688d576a01
8589d73053f4bb258d888488403564bdcc94fb2d87c7388f943bf06fb85865a1
GET /starharem/01/s/img/10.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:12:14 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:39 GMT
ETag: "39dae-5dc622df755e8"
Accept-Ranges: bytes
Content-Length: 236974
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/6.jpg
149.56.38.113200 OK 261 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/6.jpg
IP 149.56.38.113:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 261 kB (261364 bytes)
Hash 4b7cf78d93f3f009f850bedb6829d7f6
cc55cad898df47a2f089946aee9398fea7fa2ae6
44d0a6f8e7f7fe0354c05417445137070431686d671c51e9f3d3869867f2448f
GET /starharem/01/s/img/6.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:12:13 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:44 GMT
ETag: "3fcf4-5dc622e471bd1"
Accept-Ranges: bytes
Content-Length: 261364
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/5.jpg
149.56.38.113200 OK 461 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/5.jpg
IP 149.56.38.113:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=1080, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], baseline, precision 8, 1920x1080, components 3\012- data
Size 461 kB (461412 bytes)
Hash 42ad3cffde2e4081df94ded8a30a1dc5
7b064f0fcb96e5b5c498c0c03bcbb9ab15e999b0
be788428faee6157125228734e5510d4f49212766eff23a1a1b178e456f153d1
GET /starharem/01/s/img/5.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:12:13 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 14:58:43 GMT
ETag: "70a64-5dc622e35f52f"
Accept-Ranges: bytes
Content-Length: 461412
Content-Type: image/jpeg
mediasama.com/starharem/01/s/img/11.jpg
149.56.38.113200 OK 403 kB URL HTTP/1.1 mediasama.com/starharem/01/s/img/11.jpg
IP 149.56.38.113:0
File type JPEG image data, baseline, precision 8, 1920x1080, components 3\012- data
Size 403 kB (402740 bytes)
Hash c10654a068f849e614885c983ac9ab02
8d69da78045560f1c2de7bafc47b2c8a12e86424
3a864743d27da3ef1cea10d293532f84f9d564a98b34afef2a8f4b380472dfc2
GET /starharem/01/s/img/11.jpg HTTP/1.1
Host: mediasama.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediasama.com/starharem/01/s/index_rt.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 22:12:14 GMT
Server: Apache
Last-Modified: Mon, 11 Apr 2022 09:18:06 GMT
ETag: "62534-5dc5d6c134c3d"
Accept-Ranges: bytes
Content-Length: 402740
Content-Type: image/jpeg
ibrapush.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.oxy.st/
Content-Type: application/json
Origin: https://download.oxy.st
Content-Length: 737
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:12:14 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: ac18f85e5608694462d7bac759f94a75
access-control-allow-origin: https://download.oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 9c0e95ec1969d04cbbe1a963f9556eac
6d9f7db5133272b8f78348469f8a007a74c64933
8eaba7c4d361e9320711b8d55b568074f3246cea376dd382c4ff8940ed57c438
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3771
Cache-Control: max-age=112551
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:12:14 GMT
Etag: "63e3242a-139"
Expires: Fri, 10 Feb 2023 05:28:05 GMT
Last-Modified: Wed, 08 Feb 2023 04:25:14 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 313
ocsp.digicert.com/
93.184.220.29200 OK 313 B IP 93.184.220.29:0
Hash 9c0e95ec1969d04cbbe1a963f9556eac
6d9f7db5133272b8f78348469f8a007a74c64933
8eaba7c4d361e9320711b8d55b568074f3246cea376dd382c4ff8940ed57c438
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3771
Cache-Control: max-age=112551
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 22:12:14 GMT
Etag: "63e3242a-139"
Expires: Fri, 10 Feb 2023 05:28:05 GMT
Last-Modified: Wed, 08 Feb 2023 04:25:14 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 313
ag.gbc.criteo.com/newidsd
185.235.84.79200 OK 82 B URL HTTP/2 ag.gbc.criteo.com/newidsd
IP 185.235.84.79:0
Hash 6124dfb85282703fa8c0c2a79dfd6a59
03a933e4dde1a4edaeb30d12978d6be2a014d396
44e6d8d04ed17f78bbea45b3053746e5813ecfda89246c434e55141ab7f9be94
GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:12:13 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 91987
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/syncframe?origin=rtus&topUrl=download.oxy.st
178.250.0.157200 OK 5.5 kB URL HTTP/2 gum.criteo.com/syncframe?origin=rtus&topUrl=download.oxy.st
IP 178.250.0.157:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (13465)
Hash 30cafcb3c73fbd3c2cb953cff3513db8
11e28d81e87946f66c4826e4155f0232351eded5
71fe9b1e84ea0d2b17ec76af0205db58da37b1b78b6ae847781523e11bedd6ad
GET /syncframe?origin=rtus&topUrl=download.oxy.st HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:12:13 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=28edf0cf-03cf-4967-9c64-fa85de55e7a7; expires=Mon, 04 Mar 2024 22:12:13 GMT; domain=.criteo.com; path=/; secure; samesite=none
optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 648938
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
betotodilea.com/impression/4YE8pKisDYqNzcM8YXlI_9G8qNS_58URADNwNo-pWwze8DLN9ztQbC7xylLA0ukPG_sKxtjLmBidMD0-_DkSjrRwtVBK8Bcz4t7Dqbi189fDv80k0aVU0Cl6AhJQtj8QeZC9tIK8W9EBwoRt0Ba7VUnpu8tDExUtoD8-_jSsYBf9ERkxIGaPlTATQT2DJfjLNtZsoA1tO34HAkAPYd-IbCI7-1-1Za40RHkq3VBMnKVcFPgshlGP20CkwO_eY-T_aQNK0mpIFVob-0SOAV34JgOqhfweJkSn-oT9frhVqFaZsWOKRSGMSu7LGThsJxMoTqNFeg-hQ6AwiWHtiGlr57cAi_QRqei7iyZOTRQdBiDxZEtB8VzSFdifFD_oo3VMpcClbBax9FyN7Ic6aMWC5OHQ4ITnmJNL21FXmo50furGCMe1aY3tt7Z4FZePS2Q0IjnlS9A3pGLgwRpOMuJd1EZgTYGOCPlowlpaaHMCN2O9_x3ruliMtsF-U2YPOXLsvN0UMhANY8tIrj8jDohRSkFtnfV5OHL_zunYS_fVXJaJZuONeHM45hHsUdu6APh7k2y9kfWEuL9vXuIGMVCvNQ==?_z=5630102&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 43 B URL HTTP/2 betotodilea.com/impression/4YE8pKisDYqNzcM8YXlI_9G8qNS_58URADNwNo-pWwze8DLN9ztQbC7xylLA0ukPG_sKxtjLmBidMD0-_DkSjrRwtVBK8Bcz4t7Dqbi189fDv80k0aVU0Cl6AhJQtj8QeZC9tIK8W9EBwoRt0Ba7VUnpu8tDExUtoD8-_jSsYBf9ERkxIGaPlTATQT2DJfjLNtZsoA1tO34HAkAPYd-IbCI7-1-1Za40RHkq3VBMnKVcFPgshlGP20CkwO_eY-T_aQNK0mpIFVob-0SOAV34JgOqhfweJkSn-oT9frhVqFaZsWOKRSGMSu7LGThsJxMoTqNFeg-hQ6AwiWHtiGlr57cAi_QRqei7iyZOTRQdBiDxZEtB8VzSFdifFD_oo3VMpcClbBax9FyN7Ic6aMWC5OHQ4ITnmJNL21FXmo50furGCMe1aY3tt7Z4FZePS2Q0IjnlS9A3pGLgwRpOMuJd1EZgTYGOCPlowlpaaHMCN2O9_x3ruliMtsF-U2YPOXLsvN0UMhANY8tIrj8jDohRSkFtnfV5OHL_zunYS_fVXJaJZuONeHM45hHsUdu6APh7k2y9kfWEuL9vXuIGMVCvNQ==?_z=5630102&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert quad9 Sinkholed
GET /impression/4YE8pKisDYqNzcM8YXlI_9G8qNS_58URADNwNo-pWwze8DLN9ztQbC7xylLA0ukPG_sKxtjLmBidMD0-_DkSjrRwtVBK8Bcz4t7Dqbi189fDv80k0aVU0Cl6AhJQtj8QeZC9tIK8W9EBwoRt0Ba7VUnpu8tDExUtoD8-_jSsYBf9ERkxIGaPlTATQT2DJfjLNtZsoA1tO34HAkAPYd-IbCI7-1-1Za40RHkq3VBMnKVcFPgshlGP20CkwO_eY-T_aQNK0mpIFVob-0SOAV34JgOqhfweJkSn-oT9frhVqFaZsWOKRSGMSu7LGThsJxMoTqNFeg-hQ6AwiWHtiGlr57cAi_QRqei7iyZOTRQdBiDxZEtB8VzSFdifFD_oo3VMpcClbBax9FyN7Ic6aMWC5OHQ4ITnmJNL21FXmo50furGCMe1aY3tt7Z4FZePS2Q0IjnlS9A3pGLgwRpOMuJd1EZgTYGOCPlowlpaaHMCN2O9_x3ruliMtsF-U2YPOXLsvN0UMhANY8tIrj8jDohRSkFtnfV5OHL_zunYS_fVXJaJZuONeHM45hHsUdu6APh7k2y9kfWEuL9vXuIGMVCvNQ==?_z=5630102&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Cookie: OAID=4cd5874d8fdd4d729cb4eaf2837e6ce5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:12:17 GMT
content-type: image/gif
content-length: 43
x-trace-id: f89ae593f813bc03bf58f1dded6cf911
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
betotodilea.com/500/5630102?excludes=16368910&oaid=4cd5874d8fdd4d729cb4eaf2837e6ce5&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 betotodilea.com/500/5630102?excludes=16368910&oaid=4cd5874d8fdd4d729cb4eaf2837e6ce5&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/5630102?excludes=16368910&oaid=4cd5874d8fdd4d729cb4eaf2837e6ce5&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://download.oxy.st/
Origin: https://download.oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:12:17 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://download.oxy.st
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
betotodilea.com/500/5630102?excludes=16368910&oaid=4cd5874d8fdd4d729cb4eaf2837e6ce5&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
139.45.197.237200 OK 15 kB URL HTTP/2 betotodilea.com/500/5630102?excludes=16368910&oaid=4cd5874d8fdd4d729cb4eaf2837e6ce5&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP 139.45.197.237:0
Hash 6f95efb4cfbee48e0b3ef5e89f6c7904
d7bec19ff61132e91f3ef294a692b9b43a4eda6b
21131bd94f319ee65721bb2ec931ab714807872b8f09f4789f4a73d5c84ebfa1
Analyzer Verdict Alert quad9 Sinkholed
GET /500/5630102?excludes=16368910&oaid=4cd5874d8fdd4d729cb4eaf2837e6ce5&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://download.oxy.st
Connection: keep-alive
Referer: https://download.oxy.st/
Cookie: OAID=4cd5874d8fdd4d729cb4eaf2837e6ce5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:12:17 GMT
content-type: application/javascript
x-trace-id: dbce5653dd262ab9f31898e7b6487281
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://download.oxy.st
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=4cd5874d8fdd4d729cb4eaf2837e6ce5; expires=Thu, 08 Feb 2024 22:12:17 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ibrapush.com/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:0
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.oxy.st/
Content-Type: application/json
Origin: https://download.oxy.st
Content-Length: 381
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:12:19 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: ec4c89968a644907edfe1502df308486
access-control-allow-origin: https://download.oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=ab9f57e4b4024dc39d607824aeb388ec&zoneId=5630104&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?pub=0&userId=ab9f57e4b4024dc39d607824aeb388ec&zoneId=5630104&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 94adccf92a7aadc98cd39abc2f539953
8591cb944bfd7fad2bc835018eb4ed59e5a72930
ff134895c369c5350d2c2eed1a3205576ebc818779a38c8c70fb2674611ec01f
GET /gid.js?pub=0&userId=ab9f57e4b4024dc39d607824aeb388ec&zoneId=5630104&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.oxy.st/
Origin: https://download.oxy.st
Connection: keep-alive
Cookie: ID=4cd5874d8fdd4d729cb4eaf2837e6ce5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:12:19 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://download.oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=4cd5874d8fdd4d729cb4eaf2837e6ce5; expires=Thu, 08 Feb 2024 22:12:19 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
IP 142.250.74.106:0
GET /css?family=Montserrat:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 Feb 2023 22:12:11 GMT
date: Wed, 08 Feb 2023 22:12:11 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ads.themoneytizer.com/moneybid7_35/build/dist/prebid.js
185.76.9.26200 OK 0 B URL HTTP/2 ads.themoneytizer.com/moneybid7_35/build/dist/prebid.js
IP 185.76.9.26:0
ASN #60068 Datacamp Limited
GET /moneybid7_35/build/dist/prebid.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:12:11 GMT
content-type: application/javascript
last-modified: Mon, 06 Feb 2023 22:21:08 GMT
expires: Thu, 09 Feb 2023 16:04:31 GMT
cache-control: max-age=86400, public, no-transform
pragma: public
x-accel-expires: @1675958671
server: CDN77-Turbo
x-77-nzt: AblMCRTAZY3/LFYAAA
x-77-nzt-ray: af585630e56f6cf33b1ee4633edcbc1a
x-cache: HIT
x-age: 22060
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258
104.22.24.87200 OK 0 B URL HTTP/2 spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258
IP 104.22.24.87:0
GET /mapper.js?env=mWeb&eventType=pageview&zdid=1258 HTTP/1.1
Host: spl.zeotap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:12:11 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://download.oxy.st
vary: Origin, Accept-Encoding
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7967b4946b68b4f9-OSL
content-encoding: br
X-Firefox-Spdy: h2
ibrapush.com/pfe/current/tag.min.js?z=5630104
139.45.197.250200 OK 0 B URL HTTP/2 ibrapush.com/pfe/current/tag.min.js?z=5630104
IP 139.45.197.250:0
GET /pfe/current/tag.min.js?z=5630104 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:12:12 GMT
content-type: application/javascript
last-modified: Tue, 07 Feb 2023 14:32:42 GMT
etag: W/"63e2610a-390a"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
link: <https://my.rtmark.net>; rel=dns-prefetch;, <https://my.rtmark.net>; rel=preconnect
content-encoding: gzip
X-Firefox-Spdy: h2
ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=2
185.76.9.26200 OK 0 B URL HTTP/2 ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=2
IP 185.76.9.26:0
ASN #60068 Datacamp Limited
GET /s/requestform.js?siteId=85433&formatId=2 HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:12:11 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=604800
x-accel-expires: @1676477098
server: CDN77-Turbo
x-77-nzt: AblMCRRmlU3/EVYAAA
x-77-nzt-ray: af585630e56f6cf33b1ee4635b710315
x-cache: HIT
x-age: 22033
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
ibrapush.com/pfe/current/universal.min.js?v=3.1.418
139.45.197.250200 OK 0 B URL HTTP/2 ibrapush.com/pfe/current/universal.min.js?v=3.1.418
IP 139.45.197.250:0
GET /pfe/current/universal.min.js?v=3.1.418 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.oxy.st/
Origin: https://download.oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:12:12 GMT
content-type: application/javascript
last-modified: Tue, 07 Feb 2023 14:32:42 GMT
etag: W/"63e2610a-19082"
access-control-allow-origin: https://download.oxy.st
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
nanouwho.com/9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=4cd5874d8fdd4d729cb4eaf2837e6ce5
139.45.197.242200 OK 0 B URL HTTP/2 nanouwho.com/9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=4cd5874d8fdd4d729cb4eaf2837e6ce5
IP 139.45.197.242:0
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FyvPf&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=2&sah=1002&drf=&hil=1&ist=0&oaid=4cd5874d8fdd4d729cb4eaf2837e6ce5 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 160
Origin: https://download.oxy.st
Connection: keep-alive
Referer: https://download.oxy.st/
Cookie: scm=1; OAID=a4bd4c1a73244b608bcadbb6902688a2; oaidts=1675894332
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:12:12 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://download.oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 0fddf2c2fe28323f71689da750efe310
access-control-expose-headers: X-Sc
set-cookie: OAID=4cd5874d8fdd4d729cb4eaf2837e6ce5; expires=Thu, 08 Feb 2024 22:12:12 GMT; secure; SameSite=None
oaidts=1675894332; expires=Thu, 08 Feb 2024 22:12:12 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
download.oxy.st/slake/asset/js/plugins.js
185.178.208.137200 OK 0 B URL HTTP/2 download.oxy.st/slake/asset/js/plugins.js
IP 185.178.208.137:0
GET /slake/asset/js/plugins.js HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/d/yvPf
Cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 08 Feb 2023 13:02:17 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 90933
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-52d51"
age: 32994
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP 178.250.0.157:0
GET /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:12:12 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 781174
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
inklinkor.com/tag.min.js
104.21.91.63200 OK 0 B IP 104.21.91.63:0
GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:12:11 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: fb82cf337c291799d3a55f74af818192
cache-control: max-age=86400
last-modified: Wed, 08 Feb 2023 13:52:33 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Thu, 09 Feb 2023 20:44:58 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 5233
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OtcGZS6RyRwx0PFbJY2dfIkLURIr31fq2VP00kBx%2B%2FDX%2FEbcmQChFui7YfGk50KIzksWs%2FtnjVFQIJFhh2wt1ix2ykD5DyrAXX38bii5tfLbWpvLRy6hFFOPM8%2B6DL%2Bk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7967b4935f1bb4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
nanouwho.com/1?z=5630103
139.45.197.242200 OK 0 B IP 139.45.197.242:0
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=5630103 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:12:12 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 2981eeff636e8a0bc9b3cade1c24e4ce
access-control-expose-headers: X-Sc
x-sc: YqEibUP8-3gbMqBDgkTMDaAn2dFPzphxtH8PK0i_1EoeqylxlUy0bAfC2rVyFmj-_f9qAqbJ5WYSECFOCkYv3j80Lwg=
set-cookie: scm=1; expires=Thu, 08 Feb 2024 22:12:12 GMT; secure; SameSite=None
OAID=a4bd4c1a73244b608bcadbb6902688a2; expires=Thu, 08 Feb 2024 22:12:12 GMT; secure; SameSite=None
oaidts=1675894332; expires=Thu, 08 Feb 2024 22:12:12 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
secure.quantserve.com/quant.js
91.228.74.251200 OK 0 B URL HTTP/2 secure.quantserve.com/quant.js
IP 91.228.74.251:0
GET /quant.js HTTP/1.1
Host: secure.quantserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:12:13 GMT
content-type: application/javascript
accept-ranges: bytes
cache-control: private, max-age=604800
content-encoding: gzip
etag: "u+riIbpeWSVolXo4r+dT2g=="
expires: Wed, 15 Feb 2023 22:12:13 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
download.oxy.st/d/yvPf
185.178.208.137200 OK 0 B IP 185.178.208.137:0
GET /d/yvPf HTTP/1.1
Host: download.oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ddg1_=WAwOtcUCwj1qYiQ5CuIx; PHPSESSID=a3cpcb8pustunp14rnuq3d8kb0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 08 Feb 2023 22:12:10 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
ads.themoneytizer.com/s/gen.js?type=2
185.76.9.26200 OK 0 B URL HTTP/2 ads.themoneytizer.com/s/gen.js?type=2
IP 185.76.9.26:0
ASN #60068 Datacamp Limited
GET /s/gen.js?type=2 HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:12:11 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=604800
x-accel-expires: @1676477071
server: CDN77-Turbo
x-77-nzt: AblMCRQMj5//LFYAAA
x-77-nzt-ray: af585630e56f6cf33b1ee4635bc52015
x-cache: HIT
x-age: 22060
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
ads.themoneytizer.com/moneybile.js
185.76.9.26200 OK 0 B URL HTTP/2 ads.themoneytizer.com/moneybile.js
IP 185.76.9.26:0
ASN #60068 Datacamp Limited
GET /moneybile.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:12:11 GMT
content-type: application/javascript
last-modified: Fri, 12 Mar 2021 17:07:19 GMT
expires: Thu, 09 Feb 2023 16:04:31 GMT
cache-control: max-age=86400, public, no-transform
pragma: public
x-accel-expires: @1675958671
server: CDN77-Turbo
x-77-nzt: AblMCRQiYyf/LFYAAA
x-77-nzt-ray: af585630e56f6cf33b1ee46334e20d1a
x-cache: HIT
x-age: 22060
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
nanouwho.com/27/90f7f588ad5892e2821c323c80d6c1b6
139.45.197.242200 OK 0 B URL HTTP/2 nanouwho.com/27/90f7f588ad5892e2821c323c80d6c1b6
IP 139.45.197.242:0
Analyzer Verdict Alert quad9 Sinkholed
GET /27/90f7f588ad5892e2821c323c80d6c1b6 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Cookie: scm=1; OAID=a4bd4c1a73244b608bcadbb6902688a2; oaidts=1675894332
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 22:12:12 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
cache-control: max-age:290304000, public
last-modified: Wed, 08 Feb 2023 07:51:08 GMT
expires: Wed, 10 Mar 2083 07:51:08 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
contextual.media.net/dmedianet.js?cid=8CU7BC15F
2.18.172.23200 OK 0 B URL HTTP/2 contextual.media.net/dmedianet.js?cid=8CU7BC15F
IP 2.18.172.23:0
GET /dmedianet.js?cid=8CU7BC15F HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
content-type: text/javascript; charset=utf-8
x-mnt-h: 21-188d
x-mnt-w: 22-pmnp
etag: "896dad7627e9b8066b3c8baa00ade3c3"
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=300
expires: Wed, 08 Feb 2023 22:17:13 GMT
date: Wed, 08 Feb 2023 22:12:13 GMT
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
178.250.0.157200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP 178.250.0.157:0
GET /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://download.oxy.st/
x-crto-bundle: A-nmGF9WUnd0RFhDS2pwVSUyRm10WmRtZHJsVmxsRkF6aHp3ckI1SHVEJTJGWDJwYTlqM04xT2VPQUFmYWdZTEs3TzZCTFF4R2FnRFNIYzg5V2FhWklVSTFuWWNkUHF6UCUyQlVINzhnUm45NVYzR1B2Z3NoVSUzRA
Origin: https://download.oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 22:12:12 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-origin: https://download.oxy.st
server-processing-duration-in-ticks: 1718569
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js
54.230.111.33200 OK 0 B URL HTTP/2 rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js
IP 54.230.111.33:0
GET /rules-p-6Fv0cGNfc_bw8.js HTTP/1.1
Host: rules.quantcount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://download.oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Wed, 08 Feb 2023 21:42:32 GMT
last-modified: Thu, 13 Oct 2022 22:35:53 GMT
etag: W/"1f431dc94c1f033d6666f0fe637e2d7b"
x-amz-server-side-encryption: AES256
cache-control: max-age=3600
server: AmazonS3
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4rcBf41C86KxLgQuHkzuP2rBDfYUmzQd2cImFkeDQlfZmXvm0QUWmg==
age: 1782
X-Firefox-Spdy: h2