r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5fe582397f3003b225cb9058e02c2190
68174a54a8f6c4de9247ccea2dcae3c9b76bdb9f
238a2ef5b61d56353d0a5e97ec3092b8f2792cde7cecf40e1a858f8c129d3a9d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "238A2EF5B61D56353D0A5E97EC3092B8F2792CDE7CECF40E1A858F8C129D3A9D"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17757
Expires: Thu, 26 Jan 2023 14:50:45 GMT
Date: Thu, 26 Jan 2023 09:54:48 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 58ffdcb539c3b250fdf31ed761627fc1
5b55b1522ef84c39b5c42f9bbfbc62b806c1269f
eb783cfa8c8544b0574b345abc0bf3c150979d4efce1a013f17b6cd48076fc63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB783CFA8C8544B0574B345ABC0BF3C150979D4EFCE1A013F17B6CD48076FC63"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5044
Expires: Thu, 26 Jan 2023 11:18:52 GMT
Date: Thu, 26 Jan 2023 09:54:48 GMT
Connection: keep-alive
oxy.st/d/bYRf
301 Moved Permanently 568 B IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (564), with no line terminators
Hash 2761b98db33884ab29711096ab315edb
8cea6e53464aea178b72e06a906205d040f14ca5
9f7a07f69d9b9a5af186a79159ccea18935ab4103128ca967e3f3f8ae45fb3ee
GET /d/bYRf HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: ddos-guard
Date: Thu, 26 Jan 2023 09:54:48 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Location: https://oxy.st/d/bYRf
Content-Type: text/html; charset=utf8
Content-Length: 568
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 26 Jan 2023 09:35:16 GMT
content-type: application/json
age: 1172
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8166
Expires: Thu, 26 Jan 2023 12:10:54 GMT
Date: Thu, 26 Jan 2023 09:54:48 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: pYjjMMlAiaTN3PqZgMJ+qy8WliPwUxu6vqntc862QTnNCF9Y0H7f5ZI0IVWrcJ6JIDhuSykwXk/a9Lpz6KHxqQ==
x-amz-request-id: JMCGQ9F4W35QXX8J
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 26 Jan 2023 09:20:02 GMT
age: 2086
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:54:48 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1e81b62b52a3faab098887eb4210ab9d
dc49da3eb1c072418831266a9caeab9e4c36a33c
c1ee580bd870463fd3c6af25b669969b4ea2093e49ad0f4b626d67e6b6c941eb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C1EE580BD870463FD3C6AF25B669969B4EA2093E49AD0F4B626D67E6B6C941EB"
Last-Modified: Mon, 23 Jan 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13691
Expires: Thu, 26 Jan 2023 13:42:59 GMT
Date: Thu, 26 Jan 2023 09:54:48 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 26 Jan 2023 09:49:01 GMT
age: 347
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
oxy.st/slake/asset/css/bootstrap.min.css
200 OK 20 kB URL HTTP/2 oxy.st/slake/asset/css/bootstrap.min.css
IP
File type ASCII text, with very long lines (65325)
Hash 4588208961b6b7ed6cd974687346348a
52085a4f6c875b6949261704f05050c1727e9c55
95a95b07b4e0d051f83a51b680810572bd1244b42cb6e640d3b29b98f3e92885
GET /slake/asset/css/bootstrap.min.css HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/bYRf
Cookie: __ddg1_=azmlgYmgaOPeeOOeSvo2; PHPSESSID=h1gvoob08lflr7gkk3f6qo23n6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 22 Jan 2023 06:48:10 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-235ed"
age: 356798
content-length: 20483
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
200 OK 591 B URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
IP
File type ASCII text, with very long lines (1266)
Hash 414869f16aa77a65b4928a018f7f1abb
cea521f7a2958a50239526ed6b068f0937527653
afee364ce513c6517247b81cce5eb5eadb1dbbb35e439eb3fa97bbc15fac2cd3
GET /ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:54:48 GMT
content-type: application/javascript; charset=utf-8
content-length: 591
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec1-514"
last-modified: Mon, 04 May 2020 16:11:45 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 7320781
expires: Tue, 16 Jan 2024 09:54:48 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6MVdJ0oIDGN37jpqd%2FZ0gO07IAVjnpQstBqmiBmvfX%2FCNQIRw4YC1wLtacRk%2FEymGKdhjjbPNHnE%2BnY5frNVdneaZeI3bJLjsDsY7fp2lYtpCEeKovc%2BhVrw%2FWYypCj7Z20RpGXJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 78f85e8feebf0afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
oxy.st/slake/cookie.css?ver=6
200 OK 299 B URL HTTP/2 oxy.st/slake/cookie.css?ver=6
IP
Hash 6d5f76f4027c2e9a60d78a83f4b952cd
b4ae6d8509643916be8eff3979acec375867708b
2338311f30dadbc2bffe2bdbfdd100c148e8fe4cb50ca669c7ff602a9c206f94
GET /slake/cookie.css?ver=6 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/bYRf
Cookie: __ddg1_=azmlgYmgaOPeeOOeSvo2; PHPSESSID=h1gvoob08lflr7gkk3f6qo23n6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 25 Jan 2023 20:55:55 GMT
content-type: text/css
last-modified: Mon, 15 Feb 2021 21:38:28 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 299
ddg-cache-status: HIT,HIT
etag: "602ae9d4-224"
age: 46733
X-Firefox-Spdy: h2
oxy.st/slake/asset/css/elements.css?1
200 OK 24 kB URL HTTP/2 oxy.st/slake/asset/css/elements.css?1
IP
File type ASCII text, with very long lines (460), with CRLF line terminators
Hash 82db06ca267ac7fdd878a1df35f41f4e
9dae7f1ae60d7b83dbdada64fd1b4296f8f20051
3847721350fd764d4d21cb4d2e02ab95c4ccdaa9d8ffefeb6f1078bf169ac6fb
GET /slake/asset/css/elements.css?1 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/bYRf
Cookie: __ddg1_=azmlgYmgaOPeeOOeSvo2; PHPSESSID=h1gvoob08lflr7gkk3f6qo23n6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 19 Jan 2023 10:53:34 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 24208
ddg-cache-status: HIT,HIT
etag: W/"5eefbeb2-2fbea"
age: 601274
X-Firefox-Spdy: h2
oxy.st/slake/asset/js/ajax-subscribe.js
200 OK 635 B URL HTTP/2 oxy.st/slake/asset/js/ajax-subscribe.js
IP
File type ASCII text, with CRLF line terminators
Hash 574b8cde44d6b421cd12af0df0cca335
7dbd98f2d7925795343e8b8a3fc0c91ba496f526
035c75b2646589e751a275f3469f1e53b5e9c55cff4f0b3d3cbdfbb248aef9c2
GET /slake/asset/js/ajax-subscribe.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/bYRf
Cookie: __ddg1_=azmlgYmgaOPeeOOeSvo2; PHPSESSID=h1gvoob08lflr7gkk3f6qo23n6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 20 Jan 2023 16:13:47 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
etag: W/"5eefbeb2-595"
access-control-allow-origin: *
content-encoding: gzip
age: 495661
content-length: 635
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 1005c9e99dc8d4390861d6730c7a403b
0e3858ae26a1c01e0160e3b60e400bea202ebd05
4ff7ceb81a3dad4fefd3a15ece4ce13898624c01bf5a0cb4fdd90958978ed6b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:54:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
oxy.st/img/oxy-logo.svg
200 OK 3.2 kB IP
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1126)
Hash 4dbb074be70991a358f914be3c00ad99
5f699e31b76bcb7e69fc4478a04b73b3df0e855a
9531a716a5007ddfc819613ec77f883ba963578d699f824034b4962f8221b8bf
GET /img/oxy-logo.svg HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/bYRf
Cookie: __ddg1_=azmlgYmgaOPeeOOeSvo2; PHPSESSID=h1gvoob08lflr7gkk3f6qo23n6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 17 Jan 2023 13:56:30 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Feb 2021 01:25:02 GMT
vary: Accept-Encoding
etag: W/"602c706e-2019"
access-control-allow-origin: *
content-encoding: gzip
age: 763098
ddg-cache-status: HIT,MISS
content-length: 3204
X-Firefox-Spdy: h2
oxy.st/slake/asset/js/main.js
200 OK 1.8 kB URL HTTP/2 oxy.st/slake/asset/js/main.js
IP
File type ASCII text, with very long lines (368)
Hash 76d3c4da3644ed1684ed54ff59305a5a
3e03f21e8af17de66be1aa22a6f952c000fbcc70
adc0957a4224cf75ae632338e6e52591d0552189b8ba1a4e7f19885405dfc2f8
GET /slake/asset/js/main.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/bYRf
Cookie: __ddg1_=azmlgYmgaOPeeOOeSvo2; PHPSESSID=h1gvoob08lflr7gkk3f6qo23n6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 22 Jan 2023 13:24:04 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
etag: W/"5eefbeb2-2210"
access-control-allow-origin: *
content-encoding: gzip
age: 333044
content-length: 1840
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/slake/asset/js/ajax-mail.js
200 OK 544 B URL HTTP/2 oxy.st/slake/asset/js/ajax-mail.js
IP
File type ASCII text, with CRLF line terminators
Hash 4eb7582278a2e3748b9017bb83307caf
93c419ea8637148be2192bfa8068ed8009e3add7
59ccbe475f369df6e9daf6480deb023a38b4fc29016142e062f76f4218f66abc
GET /slake/asset/js/ajax-mail.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/bYRf
Cookie: __ddg1_=azmlgYmgaOPeeOOeSvo2; PHPSESSID=h1gvoob08lflr7gkk3f6qo23n6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 16 Jan 2023 16:25:29 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-683"
age: 840559
content-length: 544
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/slake/responsive.css?ver=5
200 OK 12 kB URL HTTP/2 oxy.st/slake/responsive.css?ver=5
IP
Hash c9887952027ae1466ab90ba9dcd23ce3
0afb76db6c9644265da1820da0afe7aaef448e53
f16e171dae88fb2e1970604b6152409551d184fb1977a2668dd19f36dc0ab338
GET /slake/responsive.css?ver=5 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/bYRf
Cookie: __ddg1_=azmlgYmgaOPeeOOeSvo2; PHPSESSID=h1gvoob08lflr7gkk3f6qo23n6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 20 Jan 2023 18:15:26 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 22:27:36 GMT
vary: Accept-Encoding
etag: W/"5eefded8-135c7"
access-control-allow-origin: *
content-encoding: gzip
age: 488362
content-length: 11872
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/slake/asset/js/bootstrap.min.js
200 OK 13 kB URL HTTP/2 oxy.st/slake/asset/js/bootstrap.min.js
IP
File type ASCII text, with very long lines (48664)
Hash 061a1656d3064d501413d45bef002938
1fec864435f996d6f5cec2f95b9b24cafef0b182
a7b82b175ee2cb823d904fc89454e91e6e92c91f91c0de1663d54e62bf3cc6e1
GET /slake/asset/js/bootstrap.min.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/bYRf
Cookie: __ddg1_=azmlgYmgaOPeeOOeSvo2; PHPSESSID=h1gvoob08lflr7gkk3f6qo23n6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 25 Jan 2023 17:11:40 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 13046
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-bf30"
age: 60188
X-Firefox-Spdy: h2
oxy.st/css/cloud.css
200 OK 9.2 kB IP
File type ASCII text, with very long lines (14454)
Hash 0517562cc81de376b3c1fee3e8bef414
80df32c8b71549b0253cce1b47fe13d82fc1b604
184ccb46109faef0678ef3a603a551e55d3f9ff74a200ebeaba2c23655e52c8a
GET /css/cloud.css HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/bYRf
Cookie: __ddg1_=azmlgYmgaOPeeOOeSvo2; PHPSESSID=h1gvoob08lflr7gkk3f6qo23n6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 19 Jan 2023 12:30:29 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:25 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 9206
ddg-cache-status: HIT,HIT
etag: W/"5eefbeb1-d024"
age: 595459
X-Firefox-Spdy: h2
oxy.st/slake/style.css?ver=6
200 OK 24 kB URL HTTP/2 oxy.st/slake/style.css?ver=6
IP
Hash cd7b3e4dfecea7028bc1bdeda5a47477
5c37dcaa4ed3c2a4051e4dc1714a342ac0de8365
4d401337713e7f1c9f6588f8f7d79721e531c837b5f2f73c0b3cb372fd8f9b87
GET /slake/style.css?ver=6 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/bYRf
Cookie: __ddg1_=azmlgYmgaOPeeOOeSvo2; PHPSESSID=h1gvoob08lflr7gkk3f6qo23n6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 21 Jan 2023 16:34:50 GMT
content-type: text/css
last-modified: Fri, 18 Dec 2020 20:37:06 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5fdd12f2-2a549"
age: 407998
content-length: 24360
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/slake/asset/slice_white.png
200 OK 6.1 kB URL HTTP/2 oxy.st/slake/asset/slice_white.png
IP
File type PNG image data, 201 x 45, 8-bit/color RGBA, non-interlaced\012- data
Hash 946ed1d2bd247854fa58e938de28ee95
883cda7ee0087e29a32f07b6c8ead3e8df5db738
bfe6c8b9cf34578f573091bb118f86a10b918b7d530b25107648f12158759e85
GET /slake/asset/slice_white.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/bYRf
Cookie: __ddg1_=azmlgYmgaOPeeOOeSvo2; PHPSESSID=h1gvoob08lflr7gkk3f6qo23n6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 21 Jan 2023 14:13:36 GMT
content-type: image/png
content-length: 6078
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
access-control-allow-origin: *
accept-ranges: bytes
etag: "5eefbeb2-17be"
age: 416472
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/images/sprite3.png
200 OK 2.1 kB URL HTTP/2 oxy.st/images/sprite3.png
IP
File type PNG image data, 124 x 49, 8-bit/color RGBA, non-interlaced\012- data
Hash b08166a270b58c28d429bf2f9ffece6c
91dab55cbe8c802a7c56cd9d2ffaee9ccea4a49f
a21a9fa89fb6dd8c8e84907a99b0374abdf641c71c55e0283b7758e8f2a12507
GET /images/sprite3.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/bYRf
Cookie: __ddg1_=azmlgYmgaOPeeOOeSvo2; PHPSESSID=h1gvoob08lflr7gkk3f6qo23n6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 25 Aug 2022 10:28:42 GMT
content-type: image/png
content-length: 2059
last-modified: Sun, 27 Mar 2022 20:43:28 GMT
etag: "6240cc70-80b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 13303566
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js
200 OK 13 kB URL HTTP/2 oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js
IP
File type ASCII text, with very long lines (32001), with CRLF line terminators
Hash 112891904d2ce52d072013c5e993463a
4cca8f66204463d7dc6f9f6819e3ebbd0636f5b1
d58c3c940e6ac6a2587c3d28ef50dd9dc6f20ea23c213ac5ff75419656fd3291
GET /slake/asset/js/jquery.mCustomScrollbar.concat.min.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/bYRf
Cookie: __ddg1_=azmlgYmgaOPeeOOeSvo2; PHPSESSID=h1gvoob08lflr7gkk3f6qo23n6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 16 Jan 2023 22:47:46 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-b1ab"
age: 817622
content-length: 12929
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/slake/asset/js/plugins.js
200 OK 91 kB URL HTTP/2 oxy.st/slake/asset/js/plugins.js
IP
File type Unicode text, UTF-8 text, with very long lines (8320), with CRLF line terminators
Hash f64473f7f0d77763bf319a920044a5fe
085e34089773af2ec9ec67f206d51e9ada6a84fb
d0ce3ff70f038c52fd30f79350f60b4dff5c9bf0f327a1389c83c409a1f8846d
GET /slake/asset/js/plugins.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/bYRf
Cookie: __ddg1_=azmlgYmgaOPeeOOeSvo2; PHPSESSID=h1gvoob08lflr7gkk3f6qo23n6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 25 Jan 2023 05:09:08 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 90933
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-52d51"
age: 103540
X-Firefox-Spdy: h2
oxy.st/slake/asset/css/jquery.mCustomScrollbar.min.css
200 OK 4.0 kB URL HTTP/2 oxy.st/slake/asset/css/jquery.mCustomScrollbar.min.css
IP
File type ASCII text, with very long lines (42894), with no line terminators
Hash a6ffd799664bd950121e2e9f0d9b2667
88af5ed7d6e3ed43ee0ec21fb314e03fb07867f0
de088565a1c5910a1c409bf3ec676c5d0c7c1304a18c744b46771c09fa6bdcad
GET /slake/asset/css/jquery.mCustomScrollbar.min.css HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/bYRf
Cookie: __ddg1_=azmlgYmgaOPeeOOeSvo2; PHPSESSID=h1gvoob08lflr7gkk3f6qo23n6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 20 Jan 2023 02:57:41 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
etag: W/"5eefbeb2-a78e"
access-control-allow-origin: *
content-encoding: gzip
age: 543427
content-length: 3950
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/slake/asset/js/jquery.min.js
200 OK 30 kB URL HTTP/2 oxy.st/slake/asset/js/jquery.min.js
IP
File type ASCII text, with very long lines (65451)
Hash 28198fab85f1ac98f664600f670ba43d
ee0dd46d793071270130c08412258d8c32194a32
81bd52c3dd2417f30deadecbe5412bed404a86e05233b7b7ba6b7e8f682b5b49
GET /slake/asset/js/jquery.min.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/bYRf
Cookie: __ddg1_=azmlgYmgaOPeeOOeSvo2; PHPSESSID=h1gvoob08lflr7gkk3f6qo23n6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 23 Jan 2023 08:38:54 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-1538e"
age: 263754
content-length: 30285
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/images/ltd.svg
200 OK 20 kB IP
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (50102)
Hash d37ece4290313a264b5e235c0dadf2fb
9ae09bed58122b3d3c4914c45e682dce63993e14
e08d9d0fd918211315836b13807379efdf0a22ac163c96f96c5a14d1212781bd
GET /images/ltd.svg HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/bYRf
Cookie: __ddg1_=azmlgYmgaOPeeOOeSvo2; PHPSESSID=h1gvoob08lflr7gkk3f6qo23n6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 25 Jan 2023 05:14:49 GMT
content-type: image/svg+xml
last-modified: Fri, 20 Nov 2020 00:55:29 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 19700
ddg-cache-status: HIT,HIT
etag: W/"5fb71401-c420"
age: 103199
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1e2970e1480a4759282d63bb213051e4
ed5194d4d25dfc199821129be5d74be0ce49197d
18e19ea4c9c262cb9a94f89172eef2604222e779346589d470bf2e95ea295563
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18E19EA4C9C262CB9A94F89172EEF2604222E779346589D470BF2E95EA295563"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4324
Expires: Thu, 26 Jan 2023 11:06:53 GMT
Date: Thu, 26 Jan 2023 09:54:49 GMT
Connection: keep-alive
ocsp.sectigo.com/
200 OK 472 B IP
Hash a49a89d4a52d659818f7937ed1c4e7ea
ef5cc8b0f7c54921ff8ed61cdca0b9d55f7d408f
4c3da9caef852c3725a10d21185cf0d8aaa29fd4a354520fa7079de4716c5e70
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 09:54:49 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 04:59:13 GMT
Expires: Wed, 01 Feb 2023 04:59:12 GMT
Etag: "ef5cc8b0f7c54921ff8ed61cdca0b9d55f7d408f"
Cache-Control: max-age=500062,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78f85e90fe4bb4fa-OSL
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 715f2a2c57230b2e1aedef83c76e0cbc
df5a219b8564a6c8fbe802e574ba625be7f204ca
ca239808557d30d1df2527ae94987866734b640bfd631282414a39eac87b872c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:54:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.adlook.me/js/rlf.js
200 OK 19 kB IP
ASN #199524 G-Core Labs S.A.
File type Unicode text, UTF-8 text, with very long lines (65509), with no line terminators
Hash 4753bd99e680f991e358fcfc5956d348
f7506e35d1e97953351bacf094278a919dd2d5e9
417b57437a57fdbfdbe26fb8e676b6936d868f23f5aa5ca587811aa01ce9d03f
GET /js/rlf.js HTTP/1.1
Host: cdn.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:54:49 GMT
content-type: application/javascript,application/javascript;charset=utf-8
content-length: 19276
content-encoding: gzip
last-modified: Wed, 14 Dec 2022 11:05:17 GMT
etag: "8054b6f2abfd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
cache: HIT
x-cached-since: 2023-01-26T09:46:05+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
oxy.st/slake/asset/img/bg/flake-slider-header.jpg
200 OK 32 kB URL HTTP/2 oxy.st/slake/asset/img/bg/flake-slider-header.jpg
IP
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x824, components 3\012- data
Hash 8e2a0e56ae25b282b437f9d5bd300d96
5d4ba26731ee84ba9bbc5487312162b826ede550
b48a7837a73459a7d6f545cb45a810533d9bf006a54077b2ca3bd62dd6f6315d
GET /slake/asset/img/bg/flake-slider-header.jpg HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/bYRf
Cookie: __ddg1_=azmlgYmgaOPeeOOeSvo2; PHPSESSID=h1gvoob08lflr7gkk3f6qo23n6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 25 Aug 2022 10:28:42 GMT
content-type: image/jpeg
content-length: 31870
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
etag: "5eefbeb2-7c7e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 13303567
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
oxy.st/slake/asset/fonts/themify--fvbane.woff
200 OK 56 kB URL HTTP/2 oxy.st/slake/asset/fonts/themify--fvbane.woff
IP
File type Web Open Font Format, CFF, length 56108, version 1.0\012- data
Hash a1ecc3b826d01251edddf29c3e4e1e97
9394f35bd2addd24666b79bfc36d4f9d247cb01d
0db5c5a1475eb7a3e5028983ea1e642d1b2c00faff6a250a37502b0f3832a4a7
GET /slake/asset/fonts/themify--fvbane.woff HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://oxy.st/slake/asset/css/elements.css?1
Cookie: __ddg1_=azmlgYmgaOPeeOOeSvo2; PHPSESSID=h1gvoob08lflr7gkk3f6qo23n6
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 20 Jan 2023 12:46:09 GMT
content-type: font/woff
content-length: 56108
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
access-control-allow-origin: *
accept-ranges: bytes
etag: "5eefbeb2-db2c"
age: 508120
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash afeb3476c3b5b8e10f11db443b8528af
f419163f1e43fece9e428e088c49c65e145846ed
8f9bbf884ae3cddaf2f3eff5d31abf823004207b33bc925651516c60af1f37a9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:54:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash afeb3476c3b5b8e10f11db443b8528af
f419163f1e43fece9e428e088c49c65e145846ed
8f9bbf884ae3cddaf2f3eff5d31abf823004207b33bc925651516c60af1f37a9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:54:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Jan 2023 07:08:09 GMT
expires: Sat, 20 Jan 2024 07:08:09 GMT
cache-control: public, max-age=31536000
age: 528400
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash 3e7fdf1ab4be9ee80518d0400683f0d3
dd2ec6511ba05e7fb89d32a1ad407db5eaa1520b
eb789178a0b528aad87a5bf0d05aecd45e7623ebaf198820f9310887757e1d5f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:54:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2
200 OK 21 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 21276, version 1.0\012- data
Hash 59c9b83cc112cf7eeb3bf7a5e96b21fe
771790b776b5e1bc3039c337024e400974184208
a8447cdec51e85d9e93971a0d4a53bcf6085d70bf1d201662837d2fb953422c7
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21276
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 23 Jan 2023 16:07:46 GMT
expires: Tue, 23 Jan 2024 16:07:46 GMT
cache-control: public, max-age=31536000
age: 236823
last-modified: Mon, 11 Jul 2022 19:01:17 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
200 OK 1.5 kB URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
IP
Hash 56571782beea165c5b6c416bcabf59e4
17be6931112509601d20bd1e9d542b40807062f5
956a5bfde1290e7c1e0a7acde8057499fe5ba5e6118435622d67c0af21c84cb7
GET /css?family=Montserrat:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 26 Jan 2023 09:54:49 GMT
date: Thu, 26 Jan 2023 09:54:49 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xecqklh8HI2R2yYRLYwXjQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: NfXzARK8fIlDwFAVA2dWxPal1tA=
ocsp.digicert.com/
200 OK 312 B IP
Hash 78c78c20e49cafa32f831ae42efadcde
18cc6aa47c131a028d9142b6ab5df3fb785d40df
4f4246a13210946bf3c993faf8d3c9d7d641da2515c5a13d737e2b5b8ed04f83
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 423
Cache-Control: max-age=100535
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:54:49 GMT
Etag: "63d131f9-138"
Expires: Fri, 27 Jan 2023 13:50:24 GMT
Last-Modified: Wed, 25 Jan 2023 13:43:21 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 312
ocsp.globalsign.com/gseccovsslca2018
200 OK 940 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP
Hash d86ebfb76ff0696384376a7bf552e1d2
8f1f8e2c6fe8a85fec6588c2aa2c00cefb9e89d7
3e7a66180b0a2d13c6e8249c40a11b114ce16a1c432ecf709954043a941015ee
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 09:54:49 GMT
Content-Type: application/ocsp-response
Content-Length: 940
Connection: keep-alive
Expires: Mon, 30 Jan 2023 08:35:12 GMT
ETag: "8f1f8e2c6fe8a85fec6588c2aa2c00cefb9e89d7"
Last-Modified: Thu, 26 Jan 2023 08:35:13 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 542
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78f85e932b33b505-OSL
ocsp.globalsign.com/gseccovsslca2018
200 OK 940 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP
Hash d86ebfb76ff0696384376a7bf552e1d2
8f1f8e2c6fe8a85fec6588c2aa2c00cefb9e89d7
3e7a66180b0a2d13c6e8249c40a11b114ce16a1c432ecf709954043a941015ee
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 09:54:49 GMT
Content-Type: application/ocsp-response
Content-Length: 940
Connection: keep-alive
Expires: Mon, 30 Jan 2023 08:35:12 GMT
ETag: "8f1f8e2c6fe8a85fec6588c2aa2c00cefb9e89d7"
Last-Modified: Thu, 26 Jan 2023 08:35:13 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 542
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78f85e933b49b505-OSL
onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1674726887160
204 No Content 0 B URL HTTP/2 onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1674726887160
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /usync/?pubId=2a897e3f18e6769&cb=1674726887160 HTTP/1.1
Host: onetag-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
cache-control: no-store
strict-transport-security: max-age=15552000
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash ef59aa85c9572bcc65b9073860bf25a8
67f76f3edf37a48f3fc9244d4d76c2abfa1a4a2a
de67a6263dceb38bc328eaf7fc5dee5ce983c954cf3a5c673a1b5ab140990188
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE67A6263DCEB38BC328EAF7FC5DEE5CE983C954CF3A5C673A1B5AB140990188"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15943
Expires: Thu, 26 Jan 2023 14:20:32 GMT
Date: Thu, 26 Jan 2023 09:54:49 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c132df4d1c337552b95551a49cbcdade
2a68a905fc83308c7580be8be22b279e977919c1
f882af3553e0b9ff9f06a1ab4a6c14a907fd4638937bc9a0128b6596a153b301
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F882AF3553E0B9FF9F06A1AB4A6C14A907FD4638937BC9A0128B6596A153B301"
Last-Modified: Wed, 25 Jan 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10302
Expires: Thu, 26 Jan 2023 12:46:31 GMT
Date: Thu, 26 Jan 2023 09:54:49 GMT
Connection: keep-alive
ads.themoneytizer.com/moneybid7_28/build/dist/prebid.js
200 OK 185 kB URL HTTP/2 ads.themoneytizer.com/moneybid7_28/build/dist/prebid.js
IP
ASN #60068 Datacamp Limited
Size 185 kB (185089 bytes)
Hash 3fe380380eea88d0866be4d264b5568b
df20d45c11e7bdf4e43314596c391fdfb78902ca
2b838a13bc59e23f31d418560a3bf1a33badb0cf24b3386140ac42adab623a23
GET /moneybid7_28/build/dist/prebid.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:54:49 GMT
content-type: application/javascript
last-modified: Tue, 17 Jan 2023 14:40:20 GMT
expires: Fri, 27 Jan 2023 05:03:54 GMT
cache-control: max-age=86400, public, no-transform
pragma: public
x-accel-expires: @1674795834
server: CDN77-Turbo
x-77-nzt: AblMCRSxWDL/L0QAAA
x-77-nzt-ray: af585630d14fedf5e94dd26326d3c916
x-cache: HIT
x-age: 17455
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
yastatic.net/islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2
200 OK 45 kB URL HTTP/2 yastatic.net/islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 45100, version 1.0\012- data
Hash e783c489351712fa80a7cb4206cffd02
4d1d924e4cbae116baf57958cea28dedc9e361f4
281e998fb084bbc3243914bfd01a00ef5cdbc847179c43106808821a6e0ae1a5
GET /islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2 HTTP/1.1
Host: yastatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.17.9
date: Thu, 26 Jan 2023 09:54:49 GMT
content-type: application/font-woff2
content-length: 45100
access-control-allow-origin: *
cache-control: public, max-age=31556952
etag: "e783c489351712fa80a7cb4206cffd02"
expires: Fri, 26 Jan 2024 15:40:28 GMT
last-modified: Tue, 22 Jan 2019 17:07:25 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-nginx-request-id: f76c2ffafdaa0e86
accept-ranges: bytes
X-Firefox-Spdy: h2
yastatic.net/islands/_/KRBKbh7904nwfw8-FzDelXRpZ9o.woff2
200 OK 43 kB URL HTTP/2 yastatic.net/islands/_/KRBKbh7904nwfw8-FzDelXRpZ9o.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 43112, version 1.0\012- data
Hash f8883ab9c4a452a0bfe3c5cf9619db86
29104a6e1efdd389f07f0f3e1730de95746967da
427f528f5d190e0e3275d8a1fc40bad36fede3da064b33f29dc8fe6e614ff2f7
GET /islands/_/KRBKbh7904nwfw8-FzDelXRpZ9o.woff2 HTTP/1.1
Host: yastatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.17.9
date: Thu, 26 Jan 2023 09:54:49 GMT
content-type: application/font-woff2
content-length: 43112
access-control-allow-origin: *
cache-control: public, max-age=31556952
etag: "f8883ab9c4a452a0bfe3c5cf9619db86"
expires: Fri, 26 Jan 2024 15:40:29 GMT
last-modified: Tue, 22 Jan 2019 17:04:38 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-nginx-request-id: 0d22575f4d68eb59
accept-ranges: bytes
X-Firefox-Spdy: h2
c.tmyzer.com/c/?s=85433&f=2&fi=99
200 OK 0 B URL HTTP/1.1 c.tmyzer.com/c/?s=85433&f=2&fi=99
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c/?s=85433&f=2&fi=99 HTTP/1.1
Host: c.tmyzer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 26 Jan 2023 09:54:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
X-IPLB-Request-ID: 5B5A2A9A:07C1_36264064:01BB_63D24DE9_ECFB7:9ACD
X-IPLB-Instance: 38442
whereres.com/api/scripts/mSetupWidget?id=363
200 OK 9.0 kB URL HTTP/1.1 whereres.com/api/scripts/mSetupWidget?id=363
IP
ASN #39572 DataWeb Global Group B.V.
File type Unicode text, UTF-8 text, with very long lines (3565)
Hash 9c6d8fe1a69623dcc4c1948506d672af
b400e0ddf00fbbeed8a94c949165659d78714911
a5b9db9230019c2386cbd1bd2b8e193cd202b1f5558cc20a4a52058f79542c09
GET /api/scripts/mSetupWidget?id=363 HTTP/1.1
Host: whereres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Thu, 26 Jan 2023 09:54:49 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.0.27
Content-Encoding: gzip
tag.leadplace.fr/libJsLP.js
200 OK 5.5 kB URL HTTP/1.1 tag.leadplace.fr/libJsLP.js
IP
Hash a0c24f993bc0901cfe62d1e801cb2b45
7eb2bdce06161ae486bc8e7ecd0b5c9c4f7b2984
80fccb00db57a177d26368cda09f8a540cf1aa641b8b6837047e86d3bd8d6333
GET /libJsLP.js HTTP/1.1
Host: tag.leadplace.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 26 Jan 2023 09:54:49 GMT
Content-Type: application/javascript
Content-Length: 5547
Last-Modified: Mon, 18 Oct 2021 12:21:41 GMT
ETag: "616d66d5-15ab"
Accept-Ranges: bytes
X-IPLB-Request-ID: 5B5A2A9A:3C02_91EFC0A6:01BB_63D24DE9_63ABCD35:237B8
X-IPLB-Instance: 30195
spl.zeotap.com/?env=mWeb&eventType=pageview&zdid=1258
200 OK 75 kB URL HTTP/2 spl.zeotap.com/?env=mWeb&eventType=pageview&zdid=1258
IP
File type ASCII text, with no line terminators
Hash a54d3f5aa5db8594b67ad8c8f749aefc
ba2b786494e5175c356d54643c747022a0d3980f
fd5e6525ba6b31bf4c4c993055a7a4d7a50e4d7f60da252ecf6fb89a21d8a360
GET /?env=mWeb&eventType=pageview&zdid=1258 HTTP/1.1
Host: spl.zeotap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:54:49 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://oxy.st
set-cookie: zc=4445b3e1-508e-4068-7333-f49a509f9379; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure
zsc=g%A5%FF%5D%25%21%97%C4_%80n~%B66%03K%CE%A8g%A7G0e%D5%E5%B7%1E%0C%DF%E9%EEU1B%1A%B2%8A2%1C%A6%88+%02%12%21%C6%C4%A7%23%16%97%DE%F9%05%93%FCD%3A%A0%D91%22U%C2%AD%06%F2%FA%ECkRZd%5B%8C%17%1B%87WG%8E2U; Path=/; Domain=.zeotap.com; Max-Age=86400; SameSite=None; Secure
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 78f85e938a89b4e8-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 313 B IP
Hash 04fb584bf5028a3fb1f115ed9f529ace
22f06ccfe863a5c8a695d23de11681dc3d4835e9
c7243dabf66c180561ecc8e8a49ae109768641b51357bff356d0bb5331930b19
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6519
Cache-Control: max-age=100138
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:54:49 GMT
Etag: "63d1189c-139"
Expires: Fri, 27 Jan 2023 13:43:47 GMT
Last-Modified: Wed, 25 Jan 2023 11:55:08 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 313
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d80f05847356c48aad673a796b772afd
8f4ae86bf7a572c5b674a27efccd5120f36b06d0
78dc859ac3ef69b8e258b776230a61a4617865023997d21341a7a664a8fbc55f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "78DC859AC3EF69B8E258B776230A61A4617865023997D21341A7A664A8FBC55F"
Last-Modified: Wed, 25 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6694
Expires: Thu, 26 Jan 2023 11:46:23 GMT
Date: Thu, 26 Jan 2023 09:54:49 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 313 B IP
Hash 04fb584bf5028a3fb1f115ed9f529ace
22f06ccfe863a5c8a695d23de11681dc3d4835e9
c7243dabf66c180561ecc8e8a49ae109768641b51357bff356d0bb5331930b19
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6519
Cache-Control: max-age=100138
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:54:49 GMT
Etag: "63d1189c-139"
Expires: Fri, 27 Jan 2023 13:43:47 GMT
Last-Modified: Wed, 25 Jan 2023 11:55:08 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 313
id5-sync.com/api/config/prebid
200 134 B URL HTTP/1.1 id5-sync.com/api/config/prebid
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 99be75395b3c89cdd6781761e5a85ad2
225a8b587c3545be2581aa9ac2b630b51679d7be
559ffc5fa5eadd77f8bfaaeb793648763e312a17391d8e6bbb7d8d3dec2147e1
POST /api/config/prebid HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 95
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Thu, 26 Jan 2023 09:54:49 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
cdn.adlook.me/u/cds.html
200 OK 1.4 kB IP
ASN #199524 G-Core Labs S.A.
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 092b935eec2ba1199c03c1c856472e77
90d533fb895dda57fd0645cf484a4ecb7a64c344
8719a7a7e474f30d7a1d5dbf2ab97bbd73437c28ef567b410361540ad38c985e
GET /u/cds.html HTTP/1.1
Host: cdn.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:54:49 GMT
content-type: text/html
content-length: 1439
last-modified: Thu, 06 Aug 2020 17:06:57 GMT
etag: "207a2dfe136cd61:0"
x-powered-by: ASP.NET
cache: HIT
x-cached-since: 2023-01-26T09:54:00+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.adlook.me/css/rlf.css?1.4
200 OK 1.6 kB URL HTTP/2 cdn.adlook.me/css/rlf.css?1.4
IP
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (1612), with no line terminators
Hash ebb99a8c16a4ad70389cc2e9306fa4b1
b926dbbe4d67d1a39e3a7b1f4ea992c41388067b
d1b01565ed50bb2012a6d2c9b409fa41752d6c3a30e735f9f7008b7f635a21f1
GET /css/rlf.css?1.4 HTTP/1.1
Host: cdn.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:54:49 GMT
content-type: text/css
content-length: 1612
last-modified: Mon, 11 Oct 2021 12:59:26 GMT
etag: "2fce1cd29fbed71:0"
x-powered-by: ASP.NET
cache: HIT
x-cached-since: 2023-01-26T09:52:08+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
tag.leadplace.fr/wckr.php?ref=https%3A%2F%2Foxy.st%2Fd%2FbYRf&id=MTIZ
200 OK 0 B URL HTTP/1.1 tag.leadplace.fr/wckr.php?ref=https%3A%2F%2Foxy.st%2Fd%2FbYRf&id=MTIZ
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wckr.php?ref=https%3A%2F%2Foxy.st%2Fd%2FbYRf&id=MTIZ HTTP/1.1
Host: tag.leadplace.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Thu, 26 Jan 2023 09:54:49 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
X-IPLB-Request-ID: 5B5A2A9A:3C02_91EFC0A6:01BB_63D24DE9_63ABCD37:237B8
X-IPLB-Instance: 30195
ocsp.sectigo.com/
200 OK 472 B IP
Hash e2d4d6ce7f7429d82966d6d9dc16356b
fcd4edfef113db414c102864a1a4e3a38c23e9c9
97f329ca52876a991e1bd435d8841a0a0f7b657e5c6312390421f236d6cd3b90
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 09:54:49 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 20:45:24 GMT
Expires: Wed, 01 Feb 2023 20:45:23 GMT
Etag: "fcd4edfef113db414c102864a1a4e3a38c23e9c9"
Cache-Control: max-age=556833,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78f85e93da5fb4fa-OSL
p.cpx.to/p/12771/px.js
200 OK 2.0 kB IP
File type ASCII text, with very long lines (1990), with no line terminators
Hash a667f26d4e73b4b5098a9c9637d3d29f
83d9b753da4c51039a689bc67956f7f9997854cc
a559f41c7e0d2f4852afbf1cf44b736b9158e65b01843c05850f6e8d6b6db9b6
GET /p/12771/px.js HTTP/1.1
Host: p.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=2419200, public
Content-Type: application/javascript; charset=UTF-8
Date: Thu, 26 Jan 2023 09:54:49 GMT
Content-Length: 1990
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash d84f383ade441229a3b8c3bdb440dec1
1a3fe5fbdb453238fd1bba1698ab7e42cc964455
00f8082421d59df44b61e96c4cdf71aec562e572fd3fbebfb2f1c5aa5fa22c6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "00F8082421D59DF44B61E96C4CDF71AEC562E572FD3FBEBFB2F1C5AA5FA22C6F"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13693
Expires: Thu, 26 Jan 2023 13:43:02 GMT
Date: Thu, 26 Jan 2023 09:54:49 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 2dd2e633474f1fd63331566569feb36e
7aa1f210a61b59c7ffa80c6599a4280c7e76877d
db47c77d118f487912c2acd33a4ce2340e0131b8b34f3b01a2ee2a5bf387b7ce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DB47C77D118F487912C2ACD33A4CE2340E0131B8B34F3B01A2EE2A5BF387B7CE"
Last-Modified: Thu, 26 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16683
Expires: Thu, 26 Jan 2023 14:32:52 GMT
Date: Thu, 26 Jan 2023 09:54:49 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 492d03b6c1a0e73fb127623d0e1618d3
b162afe517d930681f78a5435e4a698c54b552c5
acc6d55af7b0b68b0dab453548667f030e4d20a239a74af40555a357ef9603eb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ACC6D55AF7B0B68B0DAB453548667F030E4D20A239A74AF40555A357EF9603EB"
Last-Modified: Wed, 25 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7246
Expires: Thu, 26 Jan 2023 11:55:35 GMT
Date: Thu, 26 Jan 2023 09:54:49 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1efa8c61f9db8e0ec1774f0b1baecdea
08ba8067d89579803e286e5b7ae649b8cfc6db2e
5b08ce2e19047ede80f7ea622c2e1785e5ee8fb2400e88682229cd82dfb3c95a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5B08CE2E19047EDE80F7EA622C2E1785E5EE8FB2400E88682229CD82DFB3C95A"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2398
Expires: Thu, 26 Jan 2023 10:34:47 GMT
Date: Thu, 26 Jan 2023 09:54:49 GMT
Connection: keep-alive
lb.eu-1-id5-sync.com/lb/v1
200 33 B URL HTTP/1.1 lb.eu-1-id5-sync.com/lb/v1
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 3cb0ee79540e43a62a096e0309782876
3dd500fda7ede30121bfebee0a023e50cd63c8a8
0a158f0f216ed6eff7dd93cd8207d5b8336593d6ce75fe691e3c63a8f90235e7
GET /lb/v1 HTTP/1.1
Host: lb.eu-1-id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://oxy.st
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Thu, 26 Jan 2023 09:54:49 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bbc742ea25c9aa1717ccfb51dbf7e264
33dadbd57d9e7d10f390b60b61e7fa19122d9699
7cb31ee243b3769d4f841f52e3d7e7df9c4fed10831bd14be9a61ee5762d4d4e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7CB31EE243B3769D4F841F52E3D7E7DF9C4FED10831BD14BE9A61EE5762D4D4E"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18201
Expires: Thu, 26 Jan 2023 14:58:11 GMT
Date: Thu, 26 Jan 2023 09:54:50 GMT
Connection: keep-alive
my.rtmark.net/gid.js?userId=a36460e5ee6443baa3f4ee7d2909fa9c
200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=a36460e5ee6443baa3f4ee7d2909fa9c
IP
File type JSON data\012- , ASCII text
Hash 03d7a2861b7b01aa29bf14e9d09d69ae
f80ff225fa26a7c4769a435a1206bdc30ce40c01
94e61ab9d32649239020bb3463c4703c2a01a1bbe66159c0e95c20187ad33174
GET /gid.js?userId=a36460e5ee6443baa3f4ee7d2909fa9c HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:54:50 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=a36460e5ee6443baa3f4ee7d2909fa9c; expires=Fri, 26 Jan 2024 09:54:50 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 5918ee2a4ef5f02d1fa53aabf4fd4fdf
cf37e57e49e78d2a1aef4f7a726db8acfb7e5965
816ab7195e69d3227538ac599ccf5e3a3499defb95704516c0607270d9352d57
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "816AB7195E69D3227538AC599CCF5E3A3499DEFB95704516C0607270D9352D57"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13635
Expires: Thu, 26 Jan 2023 13:42:05 GMT
Date: Thu, 26 Jan 2023 09:54:50 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 314 B IP
Hash 726f79ed38626e3b7ea4f051cfddd9ce
018c66d36d3db07220b55c1c41b973b3d5cd99aa
4b75473f5c012f09c9ed5303a179cbf3fd526043913687ba1977b223daf73b0b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4351
Cache-Control: max-age=104046
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:54:50 GMT
Etag: "63d13059-13a"
Expires: Fri, 27 Jan 2023 14:48:56 GMT
Last-Modified: Wed, 25 Jan 2023 13:36:25 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 314
dnacdn.net/dna
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:54:49 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=Z1-jnV80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3lXUkJxRDFqTGdkTkpFSGE0NEpIaXVNemhqTkcwTVlKMlRFckpUMW5ibXk; expires=Tue, 20 Feb 2024 09:54:50 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 229662
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
mpraven.org/api/getslugv3?partner_apikey=fc637ad2fa123a2358df5768a2427c14&bl=0&raw=Discover%20new%20possibilities%20for%20%3Cspan%3E%20%242.70%2F5%20days%3C%2Fspan%3E&sourceURL=https%3A%2F%2Floader.oxy.st%2Fget%2F22ba14113b9e308fd949755183ab513b%2Fconfig1.cfg&sourceName=config1.cfg&sourceIntro=&sourceNote=&priority=source&tag=&rnd=43b8ba41f8ea6dc1ed3f22bd037b9c5e&d=0&utm_content=&err=0&b=1&rfr=https%3A%2F%2Foxy.st%2Fd%2FbYRf
200 OK 25 B URL HTTP/1.1 mpraven.org/api/getslugv3?partner_apikey=fc637ad2fa123a2358df5768a2427c14&bl=0&raw=Discover%20new%20possibilities%20for%20%3Cspan%3E%20%242.70%2F5%20days%3C%2Fspan%3E&sourceURL=https%3A%2F%2Floader.oxy.st%2Fget%2F22ba14113b9e308fd949755183ab513b%2Fconfig1.cfg&sourceName=config1.cfg&sourceIntro=&sourceNote=&priority=source&tag=&rnd=43b8ba41f8ea6dc1ed3f22bd037b9c5e&d=0&utm_content=&err=0&b=1&rfr=https%3A%2F%2Foxy.st%2Fd%2FbYRf
IP
ASN #39572 DataWeb Global Group B.V.
Hash 363f411ba212d4d1ccf7856f856145e9
08331057577f273187dd15e7c6f57937835e0aff
c50b40612adfdbf2e228758746fc7927cf440cb9bb5a8280c00d7946632a1943
GET /api/getslugv3?partner_apikey=fc637ad2fa123a2358df5768a2427c14&bl=0&raw=Discover%20new%20possibilities%20for%20%3Cspan%3E%20%242.70%2F5%20days%3C%2Fspan%3E&sourceURL=https%3A%2F%2Floader.oxy.st%2Fget%2F22ba14113b9e308fd949755183ab513b%2Fconfig1.cfg&sourceName=config1.cfg&sourceIntro=&sourceNote=&priority=source&tag=&rnd=43b8ba41f8ea6dc1ed3f22bd037b9c5e&d=0&utm_content=&err=0&b=1&rfr=https%3A%2F%2Foxy.st%2Fd%2FbYRf HTTP/1.1
Host: mpraven.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 26 Jan 2023 09:54:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-SF: isNotBinary
X-Slug: no found
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Content-Encoding: gzip
ibrapush.com/zone?pub=0&zone_id=5630104&is_mobile=false&domain=oxy.st&var=&ymid=&var_3=
200 OK 705 B URL HTTP/2 ibrapush.com/zone?pub=0&zone_id=5630104&is_mobile=false&domain=oxy.st&var=&ymid=&var_3=
IP
File type JSON data\012- , ASCII text, with very long lines (704)
Hash 53fd4fda83983a95b2ce314003de8718
f748134fb9af3caa678b515e2cbc82eff9881bc4
fd13354afb4688df091fa2c30a00d1ec42fb3f9fbadfebcf926f4e5581238def
GET /zone?pub=0&zone_id=5630104&is_mobile=false&domain=oxy.st&var=&ymid=&var_3= HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:54:50 GMT
content-type: application/json; charset=utf-8
content-length: 705
x-trace-id: d53949e4e589968f78754c0446b27f75
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash fa93de4eac1575e97e7c659385c9e4c5
4a7f159e9e55bae746738f409e5342813f5be6db
161676b12b5e45d900caa8ac71073d0aa71ffd3627bb767c02b4cb8ce1f0c110
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 09:54:50 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 23 Jan 2023 07:14:51 GMT
Expires: Mon, 30 Jan 2023 07:14:50 GMT
Etag: "4a7f159e9e55bae746738f409e5342813f5be6db"
Cache-Control: max-age=335399,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78f85e964da4b4fa-OSL
id5-sync.com/g/v2/12.json
200 216 B URL HTTP/1.1 id5-sync.com/g/v2/12.json
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash b830957fdb1ebbcb12cb269496ee4a68
0a87e860f7189f81b3cbda3f7bf44edf8b18e683
16be8eb1c4485ef3b975e3cdc357d566f8a3743b66f99b1278d8385f7d644e8b
POST /g/v2/12.json HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 225
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Thu, 26 Jan 2023 09:54:50 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
s.cpx.to/fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FbYRf&hn_ver=40&fid=a309da7d-9710-4370-b53c-95fef86f22b8
200 OK 652 B URL HTTP/1.1 s.cpx.to/fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FbYRf&hn_ver=40&fid=a309da7d-9710-4370-b53c-95fef86f22b8
IP
File type ASCII text, with very long lines (652), with no line terminators
Hash df9879bf91b6f7f29a080a7bdcd526f5
0e9738890b167a7b3e401953bb04229ea5f05a4e
c11b4d8153ec668f60e68928673e4b9dae95ad01f2c0f2b2c94cbae4d8ad599e
GET /fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FbYRf&hn_ver=40&fid=a309da7d-9710-4370-b53c-95fef86f22b8 HTTP/1.1
Host: s.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 09:54:50 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 652
Connection: keep-alive
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: none
cache-control: no-store, must-revalidate, private, max-age=0
pragma: no-cache
p3p: CP="NOI DEV ADM"
expires: Wed, 18 Jan 2023 18:31:33 UTC
set-cookie: cpSess=8c9a38b33aab2ab; Expires=Fri, 26 Jan 2024 09:54:50 GMT; Domain=.cpx.to; Path=/; Secure; HttpOnly; SameSite=None
ocsp.pki.goog/s/gts1p5/x-QEV4IR2x0
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/x-QEV4IR2x0
IP
Hash 2548bf55e6dc8c38491a8a1d6e304ae4
fcf4f6ffcedde33c92eb3cac70933f09d4d05b53
2577c1a1524f7b5793b8d0db31b456f0c0b2baf7679b04a7265f2971596ab67e
POST /s/gts1p5/x-QEV4IR2x0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:54:50 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e93510af7fbb01ec576cd6667de4decc
bc8ccb22159c837a232324bb3169513be7eb6386
bcfbebd3c569daceed83a680b9e1b76fb3e367426b4baad8bfe3973cd3b39410
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BCFBEBD3C569DACEED83A680B9E1B76FB3E367426B4BAAD8BFE3973CD3B39410"
Last-Modified: Mon, 23 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=346
Expires: Thu, 26 Jan 2023 10:00:36 GMT
Date: Thu, 26 Jan 2023 09:54:50 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/x-QEV4IR2x0
200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/x-QEV4IR2x0
IP
Hash 2548bf55e6dc8c38491a8a1d6e304ae4
fcf4f6ffcedde33c92eb3cac70933f09d4d05b53
2577c1a1524f7b5793b8d0db31b456f0c0b2baf7679b04a7265f2971596ab67e
POST /s/gts1p5/x-QEV4IR2x0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:54:50 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
nanouwho.com/9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FbYRf&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&sah=1002&drf=&hil=1&ist=0&oaid=a36460e5ee6443baa3f4ee7d2909fa9c
204 No Content 0 B URL HTTP/2 nanouwho.com/9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FbYRf&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&sah=1002&drf=&hil=1&ist=0&oaid=a36460e5ee6443baa3f4ee7d2909fa9c
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FbYRf&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&sah=1002&drf=&hil=1&ist=0&oaid=a36460e5ee6443baa3f4ee7d2909fa9c HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 26 Jan 2023 09:54:50 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
ibrapush.com/pfe/current/universal.min.js?v=3.1.413
200 OK 34 kB URL HTTP/2 ibrapush.com/pfe/current/universal.min.js?v=3.1.413
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash 277e0e9fd01b07ce740e49e42fbac401
5fa4545625f79441fbea135f0cf433548d940243
d10cf5b4cc3cd75ecb661e272a263d88396d098815b4ed9b6dfeb9b7ce066ef4
GET /pfe/current/universal.min.js?v=3.1.413 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:54:50 GMT
content-type: application/javascript
last-modified: Tue, 24 Jan 2023 14:31:33 GMT
etag: W/"63cfebc5-18c6c"
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
nanouwho.com/11?rnd=712844980&z=5630103&b=16380033&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=f9VoCsUsDSen2FhRq6yZxrMtkyX2yPxtO3p7wC6qdcuARSlRjDpRCOR6SGWTTPNWocGO-ex7cjAOiguUHlHsD9HTyogrPaKVGqNztgt7m2_iJwXTNBf3y_OptS7wYQsCFl8kvrwX9pt7tWXsPsR1lvQS3qL4zbT_1TepnWZeHalWTvqYYRDCXemadwZ8E_SDzrGOW8B1x2p5x5y8nsY0X4UvDBRYdN_ped9a9RAYBD9gghaRxwCoKjyJ3G4zSek_UzDLJya_ChqwmUnc7MpMgr-JchfLkL3W98vI_X4oLNJ2UtkZ9uwbpERkYF2nXIgPTGTwohWNe__8GSZtLBQaldwJo9ebeEBkmBAu6r4HlGOljtz1WGAQbCQaDbHW_1dNU-2B7sTxlmMg-2AnZUDVXwpYRsqXHPe_cnOjNdN2uuQ0EoDALRUoNTaY6vbwhz9YM9E6t59rFr-HdGexHYEJEeK2aHZyXyFk_eF8rQn52MyYy3RV4lstU9UCilLCHBBID6TPMUtWe7kremJMrsHCScOrtk9RE73UDJeCCx1msVlZgy9mXirm1dzgS7hqSw-rv9jUCTppk7uGdw0u1M2YPx-lNuUuCXjmMfIjCZa4AzUG6kPxum288pL95XNo6CLjhdl6YsKI5jpvO2BgQwkIZuOqmNLp9FFXHpzdkpenfF-UFEvyWDf_M_9FT1nqvhZV5PZshEqyXqMfLzuK&ruid=bed65ca0-29a6-4347-b5ce-b9cbc0429a39&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FbYRf&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&sah=1002&drf=&hil=1&ist=0&ot=154
200 OK 0 B URL HTTP/2 nanouwho.com/11?rnd=712844980&z=5630103&b=16380033&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=f9VoCsUsDSen2FhRq6yZxrMtkyX2yPxtO3p7wC6qdcuARSlRjDpRCOR6SGWTTPNWocGO-ex7cjAOiguUHlHsD9HTyogrPaKVGqNztgt7m2_iJwXTNBf3y_OptS7wYQsCFl8kvrwX9pt7tWXsPsR1lvQS3qL4zbT_1TepnWZeHalWTvqYYRDCXemadwZ8E_SDzrGOW8B1x2p5x5y8nsY0X4UvDBRYdN_ped9a9RAYBD9gghaRxwCoKjyJ3G4zSek_UzDLJya_ChqwmUnc7MpMgr-JchfLkL3W98vI_X4oLNJ2UtkZ9uwbpERkYF2nXIgPTGTwohWNe__8GSZtLBQaldwJo9ebeEBkmBAu6r4HlGOljtz1WGAQbCQaDbHW_1dNU-2B7sTxlmMg-2AnZUDVXwpYRsqXHPe_cnOjNdN2uuQ0EoDALRUoNTaY6vbwhz9YM9E6t59rFr-HdGexHYEJEeK2aHZyXyFk_eF8rQn52MyYy3RV4lstU9UCilLCHBBID6TPMUtWe7kremJMrsHCScOrtk9RE73UDJeCCx1msVlZgy9mXirm1dzgS7hqSw-rv9jUCTppk7uGdw0u1M2YPx-lNuUuCXjmMfIjCZa4AzUG6kPxum288pL95XNo6CLjhdl6YsKI5jpvO2BgQwkIZuOqmNLp9FFXHpzdkpenfF-UFEvyWDf_M_9FT1nqvhZV5PZshEqyXqMfLzuK&ruid=bed65ca0-29a6-4347-b5ce-b9cbc0429a39&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FbYRf&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&sah=1002&drf=&hil=1&ist=0&ot=154
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /11?rnd=712844980&z=5630103&b=16380033&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=f9VoCsUsDSen2FhRq6yZxrMtkyX2yPxtO3p7wC6qdcuARSlRjDpRCOR6SGWTTPNWocGO-ex7cjAOiguUHlHsD9HTyogrPaKVGqNztgt7m2_iJwXTNBf3y_OptS7wYQsCFl8kvrwX9pt7tWXsPsR1lvQS3qL4zbT_1TepnWZeHalWTvqYYRDCXemadwZ8E_SDzrGOW8B1x2p5x5y8nsY0X4UvDBRYdN_ped9a9RAYBD9gghaRxwCoKjyJ3G4zSek_UzDLJya_ChqwmUnc7MpMgr-JchfLkL3W98vI_X4oLNJ2UtkZ9uwbpERkYF2nXIgPTGTwohWNe__8GSZtLBQaldwJo9ebeEBkmBAu6r4HlGOljtz1WGAQbCQaDbHW_1dNU-2B7sTxlmMg-2AnZUDVXwpYRsqXHPe_cnOjNdN2uuQ0EoDALRUoNTaY6vbwhz9YM9E6t59rFr-HdGexHYEJEeK2aHZyXyFk_eF8rQn52MyYy3RV4lstU9UCilLCHBBID6TPMUtWe7kremJMrsHCScOrtk9RE73UDJeCCx1msVlZgy9mXirm1dzgS7hqSw-rv9jUCTppk7uGdw0u1M2YPx-lNuUuCXjmMfIjCZa4AzUG6kPxum288pL95XNo6CLjhdl6YsKI5jpvO2BgQwkIZuOqmNLp9FFXHpzdkpenfF-UFEvyWDf_M_9FT1nqvhZV5PZshEqyXqMfLzuK&ruid=bed65ca0-29a6-4347-b5ce-b9cbc0429a39&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FbYRf&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&sah=1002&drf=&hil=1&ist=0&ot=154 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: scm=1; OAID=a36460e5ee6443baa3f4ee7d2909fa9c; oaidts=1674726890
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:54:50 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 32d5392b1a6883c12b19ded7193616f0
access-control-expose-headers: X-Sc
set-cookie: OAID=a36460e5ee6443baa3f4ee7d2909fa9c; expires=Fri, 26 Jan 2024 09:54:50 GMT; secure; SameSite=None
oaidts=1674726890; expires=Fri, 26 Jan 2024 09:54:50 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
ibrapush.com/custom
200 OK 0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:54:50 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
ibrapush.com/custom
200 OK 39 B IP
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Content-Type: application/json
Origin: https://oxy.st
Content-Length: 355
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:54:50 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 5222e61082e58cb4db845660dfa94632
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.sectigo.com/
200 OK 471 B IP
Hash da6d1131f8c9ad77c09853b9bc65a467
dfcde7da9dc04065f6a3bbd2457ef90c75ed01ba
ea18b3e2c606aeb6128c798d0ce25827e7a630701a73248211b7d448805d2233
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 09:54:50 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 15:49:39 GMT
Expires: Wed, 01 Feb 2023 15:49:38 GMT
Etag: "dfcde7da9dc04065f6a3bbd2457ef90c75ed01ba"
Cache-Control: max-age=539087,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78f85e9a1c49b4fa-OSL
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 891
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Thu, 26 Jan 2023 09:55:17 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://oxy.st
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13260
Expires: Thu, 26 Jan 2023 13:35:50 GMT
Date: Thu, 26 Jan 2023 09:54:50 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13260
Expires: Thu, 26 Jan 2023 13:35:50 GMT
Date: Thu, 26 Jan 2023 09:54:50 GMT
Connection: keep-alive
betotodilea.com/500/5630102?excludes=&oaid=a36460e5ee6443baa3f4ee7d2909fa9c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&pl=https%3A%2F%2Foxy.st%2Fd%2FbYRf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
200 OK 1.4 kB URL HTTP/2 betotodilea.com/500/5630102?excludes=&oaid=a36460e5ee6443baa3f4ee7d2909fa9c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&pl=https%3A%2F%2Foxy.st%2Fd%2FbYRf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
Hash ee10e847c4aaca35564bf454b0e84657
b500c2bdcd301d04419e8bc21562b2e76f727ccd
2f2b529dc5fa9775422837fe1257575c39635b860573bd56709bdb3e5e9645b5
Analyzer Verdict Alert quad9 Sinkholed
GET /500/5630102?excludes=&oaid=a36460e5ee6443baa3f4ee7d2909fa9c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&pl=https%3A%2F%2Foxy.st%2Fd%2FbYRf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: OAID=ac65d36e026e4cc2bf9d0b1654d1a0b0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:54:50 GMT
content-type: application/javascript
x-trace-id: e70f151baa5b293ce028f02f5ee6aee2
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://oxy.st
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=a36460e5ee6443baa3f4ee7d2909fa9c; expires=Fri, 26 Jan 2024 09:54:50 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bd56ce22720c6e6072efdabae64669fd
29194390d12177fe0d88e1bd2fb4436509366a1c
c41996d83d942ca58a13e2d1adfd171cf26a84bc9b7fdbd1ca941eb0269b5404
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41996D83D942CA58A13E2D1ADFD171CF26A84BC9B7FDBD1CA941EB0269B5404"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13260
Expires: Thu, 26 Jan 2023 13:35:50 GMT
Date: Thu, 26 Jan 2023 09:54:50 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
200 OK 5.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ba0a42dadf6a976df148f652e9cc1844
4d825b74865effa4a858ddcad1d0969671facc07
7276a38c9ba6b13a06f24ab8b802f210f98c5541df53fbcd8e879a14d2957d95
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5943
x-amzn-requestid: 6774f4a4-ed83-49df-868f-4517c2af914b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUXxNF2UIAMFlYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a007-75b1e8975c3f4b503e0a1c5b;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:32:55 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KY05WKpINERD5g9o2QLYdsNMSuuy_YKn2Tl7Qkn7YaAOaPTDfLteeA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 21:49:40 GMT
etag: "4d825b74865effa4a858ddcad1d0969671facc07"
content-type: image/jpeg
age: 43510
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c7f25e5-06eb-4d3f-99e2-edacd0739efb.jpeg
200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c7f25e5-06eb-4d3f-99e2-edacd0739efb.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cfe699b31f96add9f1439af1ff1191eb
f77a833a69b69eef4a39e404c102f624e96b52c0
44312979ac13221e5c3328ad590f0f3dc7da00380c07c433382cd81c47b717f8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7c7f25e5-06eb-4d3f-99e2-edacd0739efb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14856
x-amzn-requestid: 2f52d4d7-4158-485e-bbae-1f906c40d1f9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSYg5HvwoAMFxjg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d46b-73d5d7862497852334d9cde2;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 07:04:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 4szanZUhJULoG1K5oNXzvcaoImIduF8NnkTrwCPSpOFpJMaw7rQqEg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 07:22:01 GMT
age: 9169
etag: "f77a833a69b69eef4a39e404c102f624e96b52c0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F409361f2-a546-44d7-82d6-d496f6ee134d.jpeg
200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F409361f2-a546-44d7-82d6-d496f6ee134d.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4cb7be12333fa7ea3353901b4b3215af
4b758cc432874384f330568177eef5a328d7e69a
d6f86c0ddbabd5c4fd7cee72ce4da62ccddd9d29139c9ab033bb1ab8425bae22
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F409361f2-a546-44d7-82d6-d496f6ee134d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11918
x-amzn-requestid: ff47dd24-004f-4cc7-acfb-283b2e751f23
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fEqxwEyWoAMF3gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb580b-1e95f74b0846080f75a757f6;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 03:12:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ntW_cYMwX6UWInGOxxPlwnV1AJh46X-hiLvwggRz9oa1Yno6jyE51g==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 04:37:14 GMT
age: 19056
etag: "4b758cc432874384f330568177eef5a328d7e69a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46a5d7d6-d259-4246-b28c-8e4355fbc747.jpeg
200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46a5d7d6-d259-4246-b28c-8e4355fbc747.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b242645f0cc22e3b12c132e6d03722ac
dec70f83182de58e03bfcb95fc240b7c33f20674
59a2d8c972d27598dfe38637197f90053186c4f68b80a5a90283cb11ddaf8a31
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46a5d7d6-d259-4246-b28c-8e4355fbc747.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6609
x-amzn-requestid: 129067f4-c79b-493d-8863-2eb6c1565ee6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSZABF4IIAMFsig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d533-4908ab6e5c751213084de3c6;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 07:07:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CaxCPk4-9yhypamZa96f4IyujB3AMeGmpcYP1UmJtjp275dwFjVOcw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 07:21:33 GMT
age: 9197
etag: "dec70f83182de58e03bfcb95fc240b7c33f20674"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F05a55fc3-efb4-4124-a48d-b57fc1e9bea4.jpeg
200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F05a55fc3-efb4-4124-a48d-b57fc1e9bea4.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c331b0423afe4c6888533296b5f275bc
766aba1f8bb596a068f4e611161fa54616f506ed
0551882e8ba5962ca2c3a8634574e75f11321d46f9c901430614a9c73eaeae12
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F05a55fc3-efb4-4124-a48d-b57fc1e9bea4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7426
x-amzn-requestid: 1c0f08ae-9b11-4c41-a6e9-819343332f34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPF-fElWIAMFg8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf838f-6cf92e9d28ec0c9727e7419a;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:06:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: A9cyJReV84QegjGfuOcBlZ-T6uefiGXXKnIBXIcn3a1x0kRYQ6XI3A==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 07:34:59 GMT
age: 8391
etag: "766aba1f8bb596a068f4e611161fa54616f506ed"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47770e9d-2bfd-4b8d-8653-017d569d133f.jpeg
200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47770e9d-2bfd-4b8d-8653-017d569d133f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8dcb846958865d2b14b540f26c963847
90c1569a936c7922880a04a5882683b1ac85b86f
253e15cc191946fe8c499b0633e95523689bdee6c06579c2953c640168abd7a9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47770e9d-2bfd-4b8d-8653-017d569d133f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8897
x-amzn-requestid: c5083c36-d494-4251-bfe4-62edcd28293a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSYeyEyEIAMFohw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d45e-3acff5da10ab7def4ec3919d;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 07:03:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EvM9E1_r-vC0mC8nL9Goo4aoMlJjD9mzTehR14xYoWNDAg95vZCqcA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 07:20:58 GMT
age: 9232
etag: "90c1569a936c7922880a04a5882683b1ac85b86f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 279 B IP
Hash d49cf0a2dc8f3dd6b5e4730d50cb1f8a
973d6fd723abbad6bcdde56b95cff0b956aeb3d0
ac3accfa00116f3f8c98e66aeefa227f1575b1279eaea5fee34cc6620af9eb81
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6549
Cache-Control: max-age=147676
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:54:50 GMT
Etag: "63d1d231-117"
Expires: Sat, 28 Jan 2023 02:56:06 GMT
Last-Modified: Thu, 26 Jan 2023 01:06:57 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279
offerimage.com/www/images/7d763937692f59aea0578ffe58c10ee0.jpeg
200 OK 14 kB URL HTTP/2 offerimage.com/www/images/7d763937692f59aea0578ffe58c10ee0.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash 7d763937692f59aea0578ffe58c10ee0
b3a4cc4fd1a0d8319e59057e535b0b19f1a3b35b
2d7300c572db1683cbc8071be4bbaf31b00954193f6f82d453c99a7a58bd7620
GET /www/images/7d763937692f59aea0578ffe58c10ee0.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:54:50 GMT
content-type: image/jpeg
content-length: 13778
cache-control: max-age=86400
cf-bgj: h2pri
etag: "63888441-35d2"
expires: Thu, 26 Jan 2023 20:36:31 GMT
last-modified: Thu, 01 Dec 2022 10:38:57 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 47899
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 78f85e9c1ac3b500-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 19e4588d58d51de33385e9732a761856
3b4531235582139915d57c1259361a6ccc1bc923
dfcf8c58a963c5749d1cd921f9089d8bcd4a11717f3403f04c9865200decb466
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DFCF8C58A963C5749D1CD921F9089D8BCD4A11717F3403F04C9865200DECB466"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11820
Expires: Thu, 26 Jan 2023 13:11:50 GMT
Date: Thu, 26 Jan 2023 09:54:50 GMT
Connection: keep-alive
oxy.st/slake/asset/img/favicon/apple-touch-icon.png
200 OK 2.0 kB URL HTTP/2 oxy.st/slake/asset/img/favicon/apple-touch-icon.png
IP
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 05807c4aceabfb49ab9d66e54618ff53
fddb5a3eb50d1a255989f72f91911dc21e2d5d9b
725d652f8c9ad3d148a0528878b51e2e250d228ab6eaf39111d0664abad359b3
GET /slake/asset/img/favicon/apple-touch-icon.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/bYRf
Cookie: __ddg1_=azmlgYmgaOPeeOOeSvo2; PHPSESSID=h1gvoob08lflr7gkk3f6qo23n6; _pbjs_userid_consent_data=3524755945110770; sharedid=1b9cf2ed-9341-4341-94ec-9d9bc14a31b3; cto_bundle=pnYCyl9DVGk5ekslMkZMMCUyRiUyRmV6ZUdtJTJGYXdCOE41Yks3RUFMUGE1NDlhZlFzWVgxNXY0SDZmVmh5N2MlMkJINTZPSHFReFZsN1YzR3ElMkZjYWlNMzVhOGI3JTJGeGNjNGF6SjZjdUkwRHFHayUyRnZGaVZZJTJCSWpHQSUzRA; cto_bidid=2To9_V9ZUFJCTXhFRUpLbTVNZGlvU2hxc255Q2RMeXlYWDFYdHdaMFZ6allVaTVxUzd1Uko5aXdnajNJNHlYaFc5RXN1Vnh5OCUyQlN3Mk1Wb2Ewa2I1alpRSGtRJTNEJTNE; prefetchAd_5630105=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 25 Aug 2022 10:29:17 GMT
content-type: image/png
content-length: 1994
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
etag: "5eefbeb2-7ca"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 13303534
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
id5-sync.com/i/12/9.gif?gdpr=&gdpr_consent=
200 43 B URL HTTP/1.1 id5-sync.com/i/12/9.gif?gdpr=&gdpr_consent=
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 07fff40b5dd495aca2ac4e1c3fbc60aa
e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
GET /i/12/9.gif?gdpr=&gdpr_consent= HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: cf=; Max-Age=300; Expires=Thu, 26-Jan-2023 09:59:51 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cip=; Max-Age=300; Expires=Thu, 26-Jan-2023 09:59:51 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cnac=; Max-Age=300; Expires=Thu, 26-Jan-2023 09:59:51 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
car=; Max-Age=300; Expires=Thu, 26-Jan-2023 09:59:51 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
gdpr=; Max-Age=300; Expires=Thu, 26-Jan-2023 09:59:51 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
callback=; Max-Age=300; Expires=Thu, 26-Jan-2023 09:59:51 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
content-type: image/gif;charset=UTF-8
transfer-encoding: chunked
date: Thu, 26 Jan 2023 09:54:50 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
oxy.st/images/icon.png
200 OK 7.5 kB IP
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash b63d70eb8c5d379fa68fe0f63e8c4255
232de1f52e52611ae67aab8ebaa143946154a233
100c7773d318b841267dc4ac654366ac19ba903e6cd6551777268f6eb4ed86cd
GET /images/icon.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/bYRf
Cookie: __ddg1_=azmlgYmgaOPeeOOeSvo2; PHPSESSID=h1gvoob08lflr7gkk3f6qo23n6; _pbjs_userid_consent_data=3524755945110770; sharedid=1b9cf2ed-9341-4341-94ec-9d9bc14a31b3; cto_bundle=pnYCyl9DVGk5ekslMkZMMCUyRiUyRmV6ZUdtJTJGYXdCOE41Yks3RUFMUGE1NDlhZlFzWVgxNXY0SDZmVmh5N2MlMkJINTZPSHFReFZsN1YzR3ElMkZjYWlNMzVhOGI3JTJGeGNjNGF6SjZjdUkwRHFHayUyRnZGaVZZJTJCSWpHQSUzRA; cto_bidid=2To9_V9ZUFJCTXhFRUpLbTVNZGlvU2hxc255Q2RMeXlYWDFYdHdaMFZ6allVaTVxUzd1Uko5aXdnajNJNHlYaFc5RXN1Vnh5OCUyQlN3Mk1Wb2Ewa2I1alpRSGtRJTNEJTNE; prefetchAd_5630105=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 20 Jan 2023 10:13:39 GMT
content-type: image/png
content-length: 7531
last-modified: Sun, 21 Jun 2020 20:10:25 GMT
etag: "5eefbeb1-1d6b"
access-control-allow-origin: *
accept-ranges: bytes
age: 517272
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2
d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js
200 OK 26 kB URL HTTP/1.1 d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js
IP
File type ASCII text, with very long lines (16085)
Hash 8703fc9eead243fe2f47380e962d7fa2
3d9f707259112fa9ccdd1e676f00eadcff71906c
b47b4ca26c57e3dceebd7abd067df9622599bed6bfb11b480f92d09a945cd213
GET /a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js HTTP/1.1
Host: d2zur9cc2gf1tx.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 25704
Connection: keep-alive
Accept-Ranges: bytes
Last-Modified: Mon, 18 Feb 2019 16:54:28 GMT
Server: Apache
Date: Thu, 26 Jan 2023 03:45:34 GMT
X-Cache: Hit from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: CiyNipy51Bkc6ZrPH3RyMtj5j4PvuLNQOdd4UmVaEbHBkSggrKnXkQ==
Age: 22179
ced.sascdn.com/tag/1097/smart.js
200 OK 33 kB URL HTTP/1.1 ced.sascdn.com/tag/1097/smart.js
IP
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash ab5d7bcba6f9bbe86e71d3f75061efc8
bf137eb7dc8285e29d986f6b8f3272f6f979bc0e
a973cdadddcd9ba18f6e262f602d39e091090e4a94ac036b3fc4f7428e5b84e6
GET /tag/1097/smart.js HTTP/1.1
Host: ced.sascdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 32964
Cache-Control: public, max-age=7200
Expires: Thu, 26 Jan 2023 11:54:51 GMT
Date: Thu, 26 Jan 2023 09:54:51 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 34c6c87358e04f2487a4fcb466d2ad17
2e99bb20b81b80930471f736676e4dd3a093a9cd
db58d2601ad2308da96f8998b9b5e39c3c48b910c0f141230a757b9985b536fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:54:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash dda854cb90cda40c6a6dbc19eb186eca
0d23775c5af739aac0a41844d09c704ab850a1bd
7c432d209fcf9dde0ca59bf93f76526d98aab474041f19b2d6fe79942ed3a7e2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:54:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-crto-bundle
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:54:50 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-headers: X-CRTO-SID, X-CRTO-IDCPY, X-CRTO-OPTOUT, X-CRTO-BUNDLE
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 596428
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash d97122742133f124ebe9ec5c50ada96f
bbba8c7969d6523f56dfe7d27aa994c009e1a644
fcc9d9d23c2d229605890553ee7a73ceb33523487f652635f982b6ed14b485e9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6192
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:54:51 GMT
Last-Modified: Thu, 26 Jan 2023 08:11:39 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
interstitial-07.com/contents/s/d6/57/d0/b45c722c9203953e7fbb92fc33/01117258015882.jpeg
200 OK 20 kB URL HTTP/2 interstitial-07.com/contents/s/d6/57/d0/b45c722c9203953e7fbb92fc33/01117258015882.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 256x256, components 3\012- data
Hash d657d0b45c722c9203953e7fbb92fc33
e1ff29e4b8f1ea03d163e6a3c8f4d381cae5a3e2
40785963d6afef460b6d58db44d00d3bbed11a81f88e64e6a1b91d317b220d40
GET /contents/s/d6/57/d0/b45c722c9203953e7fbb92fc33/01117258015882.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=5m6UFzXYYi5sfZO&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D2851781965%26z%3D5630103%26b%3D16380033%26c%3D6511541%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3Df9VoCsUsDSen2FhRq6yZxrMtkyX2yPxtO3p7wC6qdcuARSlRjDpRCOR6SGWTTPNWocGO-ex7cjAOiguUHlHsD9HTyogrPaKVGqNztgt7m2_iJwXTNBf3y_OptS7wYQsCFl8kvrwX9pt7tWXsPsR1lvQS3qL4zbT_1TepnWZeHalWTvqYYRDCXemadwZ8E_SDzrGOW8B1x2p5x5y8nsY0X4UvDBRYdN_ped9a9RAYBD9gghaRxwCoKjyJ3G4zSek_UzDLJya_ChqwmUnc7MpMgr-JchfLkL3W98vI_X4oLNJ2UtkZ9uwbpERkYF2nXIgPTGTwohWNe__8GSZtLBQaldwJo9ebeEBkmBAu6r4HlGOljtz1WGAQbCQaDbHW_1dNU-2B7sTxlmMg-2AnZUDVXwpYRsqXHPe_cnOjNdN2uuQ0EoDALRUoNTaY6vbwhz9YM9E6t59rFr-HdGexHYEJEeK2aHZyXyFk_eF8rQn52MyYy3RV4lstU9UCilLCHBBID6TPMUtWe7kremJMrsHCScOrtk9RE73UDJeCCx1msVlZgy9mXirm1dzgS7hqSw-rv9jUCTppk7uGdw0u1M2YPx-lNuUuCXjmMfIjCZa4AzUG6kPxum288pL95XNo6CLjhdl6YsKI5jpvO2BgQwkIZuOqmNLp9FFXHpzdkpenfF-UFEvyWDf_M_9FT1nqvhZV5PZshEqyXqMfLzuK%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3Dbed65ca0-29a6-4347-b5ce-b9cbc0429a39%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FbYRf%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D3%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:54:51 GMT
content-type: image/jpeg
content-length: 19879
last-modified: Wed, 05 Oct 2022 17:04:55 GMT
vary: Accept-Encoding
etag: "633db937-4da7"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash 1531981ef9429a92d7d8b4f1cbfbf422
f8de480a953b7ea586424919c5d7cb0f4850d257
31972e06370f524818209ead030c043155d5271bca62836b9f2ef097607cbc90
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4253
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:54:51 GMT
Last-Modified: Thu, 26 Jan 2023 08:43:58 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471
ocsp.globalsign.com/gsgccr3dvtlsca2020
200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP
Hash f0c61c1d29820684364893ec04cfeed6
0216fa0091f97302456ff3de73cf5660d08590d9
725385d4373d359b0d503191967e65e0ec5c7ea98edd9e4c152bf0cb6ea6e19d
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 09:54:51 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Mon, 30 Jan 2023 06:07:22 GMT
ETag: "0216fa0091f97302456ff3de73cf5660d08590d9"
Last-Modified: Thu, 26 Jan 2023 06:07:23 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2425
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78f85e9d7a36b505-OSL
ocsp2.globalsign.com/gsalphasha2g2
200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP
Hash c3444dd83b3400603c45543d88119e0d
6e989375e61a49deb6d97e98e6cae3640ec2ae55
6cfc7232bc14a66006f7c225a15f69d1e42286e0438f9ced4495773eda62fd5c
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 09:54:51 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Mon, 30 Jan 2023 05:30:26 GMT
ETag: "6e989375e61a49deb6d97e98e6cae3640ec2ae55"
Last-Modified: Thu, 26 Jan 2023 05:30:27 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3427
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78f85e9d8a32b515-OSL
cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=4445b3e1-508e-4068-7333-f49a509f9379&reqId=b43cd968-218b-45d1-6583-d5ccee6cb668&zdid=1258
302 Found 447 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=4445b3e1-508e-4068-7333-f49a509f9379&reqId=b43cd968-218b-45d1-6583-d5ccee6cb668&zdid=1258
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 82a6e1b41d60a26a1da17823495a3ee6
e7dd1023e56099189ee1ee1e8d514d383d680485
ed7f60321dd7257da9dce8c91c7efa0dd457578a489c7835ec9582d4ed2ba04b
GET /pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=4445b3e1-508e-4068-7333-f49a509f9379&reqId=b43cd968-218b-45d1-6583-d5ccee6cb668&zdid=1258 HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=4445b3e1-508e-4068-7333-f49a509f9379&reqId=b43cd968-218b-45d1-6583-d5ccee6cb668&zdid=1258&google_tc=
date: Thu, 26 Jan 2023 09:54:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 447
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 26-Jan-2023 10:09:51 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=a309da7d-9710-4370-b53c-95fef86f22b8
302 Found 341 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=a309da7d-9710-4370-b53c-95fef86f22b8
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 5568005f954721412f0e7c23e09110f2
3e0cb77b991cb5e674a6dfbaea8f23e614655667
3b1d15230beecfd334b2cf2709684967b949dd09cc5d042ba461703e39cc6f21
GET /pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=a309da7d-9710-4370-b53c-95fef86f22b8 HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&fid=a309da7d-9710-4370-b53c-95fef86f22b8&google_tc=
date: Thu, 26 Jan 2023 09:54:51 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 341
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 26-Jan-2023 10:09:51 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
interstitial-07.com/contents/s/9b/2c/29/3f4695bb8f89f5bdc53f2634e2/01175794239723.jpeg
200 OK 63 kB URL HTTP/2 interstitial-07.com/contents/s/9b/2c/29/3f4695bb8f89f5bdc53f2634e2/01175794239723.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 492x328, components 3\012- data
Hash 9b2c293f4695bb8f89f5bdc53f2634e2
fda95c173965012fa72bd0386a0f1e4f0e5220fa
f7090a9b5e00f32721b1d83183b54e836e4237f6d407186327f7835caf3c265a
GET /contents/s/9b/2c/29/3f4695bb8f89f5bdc53f2634e2/01175794239723.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=5m6UFzXYYi5sfZO&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D2851781965%26z%3D5630103%26b%3D16380033%26c%3D6511541%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3Df9VoCsUsDSen2FhRq6yZxrMtkyX2yPxtO3p7wC6qdcuARSlRjDpRCOR6SGWTTPNWocGO-ex7cjAOiguUHlHsD9HTyogrPaKVGqNztgt7m2_iJwXTNBf3y_OptS7wYQsCFl8kvrwX9pt7tWXsPsR1lvQS3qL4zbT_1TepnWZeHalWTvqYYRDCXemadwZ8E_SDzrGOW8B1x2p5x5y8nsY0X4UvDBRYdN_ped9a9RAYBD9gghaRxwCoKjyJ3G4zSek_UzDLJya_ChqwmUnc7MpMgr-JchfLkL3W98vI_X4oLNJ2UtkZ9uwbpERkYF2nXIgPTGTwohWNe__8GSZtLBQaldwJo9ebeEBkmBAu6r4HlGOljtz1WGAQbCQaDbHW_1dNU-2B7sTxlmMg-2AnZUDVXwpYRsqXHPe_cnOjNdN2uuQ0EoDALRUoNTaY6vbwhz9YM9E6t59rFr-HdGexHYEJEeK2aHZyXyFk_eF8rQn52MyYy3RV4lstU9UCilLCHBBID6TPMUtWe7kremJMrsHCScOrtk9RE73UDJeCCx1msVlZgy9mXirm1dzgS7hqSw-rv9jUCTppk7uGdw0u1M2YPx-lNuUuCXjmMfIjCZa4AzUG6kPxum288pL95XNo6CLjhdl6YsKI5jpvO2BgQwkIZuOqmNLp9FFXHpzdkpenfF-UFEvyWDf_M_9FT1nqvhZV5PZshEqyXqMfLzuK%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3Dbed65ca0-29a6-4347-b5ce-b9cbc0429a39%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FbYRf%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D3%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:54:51 GMT
content-type: image/jpeg
content-length: 63121
last-modified: Wed, 05 Oct 2022 17:04:52 GMT
vary: Accept-Encoding
etag: "633db934-f691"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12771%26ref%3D%26url%3Dhttps%253A%252F%252Foxy.st%252Fd%252FbYRf%26hn_ver%3D40%26fid%3Da309da7d-9710-4370-b53c-95fef86f22b8
307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12771%26ref%3D%26url%3Dhttps%253A%252F%252Foxy.st%252Fd%252FbYRf%26hn_ver%3D40%26fid%3Da309da7d-9710-4370-b53c-95fef86f22b8
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12771%26ref%3D%26url%3Dhttps%253A%252F%252Foxy.st%252Fd%252FbYRf%26hn_ver%3D40%26fid%3Da309da7d-9710-4370-b53c-95fef86f22b8 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Thu, 26 Jan 2023 09:54:51 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FbYRf%2526hn_ver%253D40%2526fid%253Da309da7d-9710-4370-b53c-95fef86f22b8
AN-X-Request-Uuid: 457a6db7-a9d9-43bf-83af-1ef34d4e8f0b
Set-Cookie: uuid2=6724535380454003853; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 26-Apr-2023 09:54:51 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
counter.yadro.ru/hit?t52.6;r;s1280*1024*24;uhttps%3A//oxy.st/d/bYRf;hDownload%20file%20config1.cfg%20on%20Oxy.Cloud;0.8047727993616649
200 OK 419 B URL HTTP/1.1 counter.yadro.ru/hit?t52.6;r;s1280*1024*24;uhttps%3A//oxy.st/d/bYRf;hDownload%20file%20config1.cfg%20on%20Oxy.Cloud;0.8047727993616649
IP
ASN #39134 United Network LLC
File type GIF image data, version 87a, 88 x 31\012- data
Hash b414376d09dfe8046c83ac51bdd2dd30
162e89acf7830c353a74ee76f21f9eb3e16dbd4e
a7bfad0910f1f59b7c61f15e01607066960ea1e57aaf76225d760dbc62f2ce10
GET /hit?t52.6;r;s1280*1024*24;uhttps%3A//oxy.st/d/bYRf;hDownload%20file%20config1.cfg%20on%20Oxy.Cloud;0.8047727993616649 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Thu, 26 Jan 2023 09:54:51 GMT
Content-Type: image/gif
Content-Length: 419
Connection: keep-alive
Expires: Tue, 25 Jan 2022 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
200 OK 9.3 kB URL HTTP/2 gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP
Hash 3fd0df69c7c263e49c6da992cd6ca805
341ee902f65740c4bf1d88715b3edc5c698d9439
abd905401fc4f10ca59d16925e7b55e66f2334077c054a8148ad85fce9d70c4c
GET /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
x-crto-bundle: pnYCyl9DVGk5ekslMkZMMCUyRiUyRmV6ZUdtJTJGYXdCOE41Yks3RUFMUGE1NDlhZlFzWVgxNXY0SDZmVmh5N2MlMkJINTZPSHFReFZsN1YzR3ElMkZjYWlNMzVhOGI3JTJGeGNjNGF6SjZjdUkwRHFHayUyRnZGaVZZJTJCSWpHQSUzRA
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:54:50 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 1901036
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1
200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:54:51 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM
200 OK 5.7 kB URL HTTP/2 contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM
IP
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (13426)
Hash 95650c775060912301595dd6152cd93b
aadf8d91492a10f009b2834f4fead16383e454dd
7b04cd6616a65a6098754ccd4ed83c5b7e2bcf58d9a6d5402042b47ae44dd3a7
GET /checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Sat, 28 Jan 2023 09:54:51 GMT
date: Thu, 26 Jan 2023 09:54:51 GMT
content-length: 5745
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a0df2a65a0fc9131ffb4b2059f1053f7
c7be16e530fa09b5e32702beee2202be6369b52f
d76dbd828986a563ce073d1b271e6fa6e3b57ec55b2cd3fba0fc069fa4e33ecf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D76DBD828986A563CE073D1B271E6FA6E3B57EC55B2CD3FBA0FC069FA4E33ECF"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19350
Expires: Thu, 26 Jan 2023 15:17:21 GMT
Date: Thu, 26 Jan 2023 09:54:51 GMT
Connection: keep-alive
unphionetor.com/vctx?t=72747
204 No Content 0 B URL HTTP/2 unphionetor.com/vctx?t=72747
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /vctx?t=72747 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 26 Jan 2023 09:54:51 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 872296d75876b7f63c7de3c362a13b26
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
lg3.media.net/bping.php?vgd_len=486&&vgd_cdv=859&vgd_cage=0&gdpr=1&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1674726891714266779&ugd=4&lf=6&cc=NO&lper=100&wsip=2886781032&r=1674726889024&requrl=https%3A%2F%2Foxy.st%2Fd%2FbYRf&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=50304&vgd_rakh=1674726891122658575&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p02111588619t202301260954&vgd_pgids=1&vgd_uspa=0&hvsid=00001674726889017015326356487983&gdpr=1&vgd_l2type=scs_newfl&vgd_end=1
200 OK 15 B URL HTTP/1.1 lg3.media.net/bping.php?vgd_len=486&&vgd_cdv=859&vgd_cage=0&gdpr=1&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1674726891714266779&ugd=4&lf=6&cc=NO&lper=100&wsip=2886781032&r=1674726889024&requrl=https%3A%2F%2Foxy.st%2Fd%2FbYRf&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=50304&vgd_rakh=1674726891122658575&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p02111588619t202301260954&vgd_pgids=1&vgd_uspa=0&hvsid=00001674726889017015326356487983&gdpr=1&vgd_l2type=scs_newfl&vgd_end=1
IP
File type ASCII text, with no line terminators
Hash 2ba5e95642c652c708881ad3c9d8443f
5bfcc33bb9cc897546c600206b03d1307bd63a94
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
GET /bping.php?vgd_len=486&&vgd_cdv=859&vgd_cage=0&gdpr=1&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1674726891714266779&ugd=4&lf=6&cc=NO&lper=100&wsip=2886781032&r=1674726889024&requrl=https%3A%2F%2Foxy.st%2Fd%2FbYRf&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=50304&vgd_rakh=1674726891122658575&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p02111588619t202301260954&vgd_pgids=1&vgd_uspa=0&hvsid=00001674726889017015326356487983&gdpr=1&vgd_l2type=scs_newfl&vgd_end=1 HTTP/1.1
Host: lg3.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Apache
Content-Length: 15
Content-Type: text/html; charset=UTF-8
ntCoent-Length: 15
Strict-Transport-Security: max-age=21600
Vary: Accept-Encoding
Cache-Control: max-age=11855
Date: Thu, 26 Jan 2023 09:54:51 GMT
Connection: keep-alive
secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FbYRf%2526hn_ver%253D40%2526fid%253Da309da7d-9710-4370-b53c-95fef86f22b8
302 Found 0 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FbYRf%2526hn_ver%253D40%2526fid%253Da309da7d-9710-4370-b53c-95fef86f22b8
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FbYRf%2526hn_ver%253D40%2526fid%253Da309da7d-9710-4370-b53c-95fef86f22b8 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Thu, 26 Jan 2023 09:54:51 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://s.cpx.to/an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FbYRf&hn_ver=40&fid=a309da7d-9710-4370-b53c-95fef86f22b8
AN-X-Request-Uuid: 938cf89e-7193-418f-986e-62efbb69852d
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ocsp.digicert.com/
200 OK 314 B IP
Hash 8c28ccab289e1a009f11aaa1de3cd949
68f21fce3b3fb873d879d116b9478bae398398de
68ed81356c16c1321df181c41b54e20528d41011f6b4cbb05380d450bf9a626d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2971
Cache-Control: max-age=112749
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:54:51 GMT
Etag: "63d157bd-13a"
Expires: Fri, 27 Jan 2023 17:14:00 GMT
Last-Modified: Wed, 25 Jan 2023 16:24:29 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 314
s.cpx.to/ca.png?dsp=dbm&fid=a309da7d-9710-4370-b53c-95fef86f22b8&google_error=3
200 OK 95 B URL HTTP/1.1 s.cpx.to/ca.png?dsp=dbm&fid=a309da7d-9710-4370-b53c-95fef86f22b8&google_error=3
IP
File type PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Hash 9606fa62df0ffe87253f3baf418f0e42
fe8520ab0bf1622350513d685ece5faf70b4e8c1
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
GET /ca.png?dsp=dbm&fid=a309da7d-9710-4370-b53c-95fef86f22b8&google_error=3 HTTP/1.1
Host: s.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Cookie: cpSess=8c9a38b33aab2ab
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 09:54:51 GMT
Content-Type: image/png
Content-Length: 95
Connection: keep-alive
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: none
cache-control: no-store, must-revalidate, private, max-age=0
pragma: no-cache
set-cookie: cpSess=8c9a38b33aab2ab; Expires=Fri, 26 Jan 2024 09:54:51 GMT; Domain=.cpx.to; Path=/; Secure; HttpOnly; SameSite=None
csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1
200 OK 43 B URL HTTP/2 csm.nl.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1 HTTP/1.1
Host: csm.nl.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:54:50 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2
rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js
200 OK 736 B URL HTTP/2 rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js
IP
Hash 9696770237d726dc568147e6ceb23176
6573c5ecc6ce6b45c6f82a8f1ba13390f3eaabe7
d57abc90ef659420578dad1ccaf215e7ee84a475cdde577280981b09176f5235
GET /rules-p-6Fv0cGNfc_bw8.js HTTP/1.1
Host: rules.quantcount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Thu, 13 Oct 2022 22:35:53 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: gzip
date: Thu, 26 Jan 2023 09:36:51 GMT
cache-control: max-age=3600
etag: W/"1f431dc94c1f033d6666f0fe637e2d7b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: G3l1dmS5QF92Zp-G_3a8AxnuK_y2G3HFfesIKolkveO6Oe3XecZWlA==
age: 1081
X-Firefox-Spdy: h2
s.cpx.to/an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FbYRf&hn_ver=40&fid=a309da7d-9710-4370-b53c-95fef86f22b8
200 OK 95 B URL HTTP/1.1 s.cpx.to/an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FbYRf&hn_ver=40&fid=a309da7d-9710-4370-b53c-95fef86f22b8
IP
File type PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Hash 9606fa62df0ffe87253f3baf418f0e42
fe8520ab0bf1622350513d685ece5faf70b4e8c1
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
GET /an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FbYRf&hn_ver=40&fid=a309da7d-9710-4370-b53c-95fef86f22b8 HTTP/1.1
Host: s.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Cookie: cpSess=8c9a38b33aab2ab
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 26 Jan 2023 09:54:51 GMT
Content-Type: image/png
Content-Length: 95
Connection: keep-alive
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: none
cache-control: no-store, must-revalidate, private, max-age=0
pragma: no-cache
set-cookie: cpSess=8c9a38b33aab2ab; Expires=Fri, 26 Jan 2024 09:54:51 GMT; Domain=.cpx.to; Path=/; Secure; HttpOnly; SameSite=None
p3p: CP="NOI DEV ADM"
expires: Thu, 26 Jan 2023 09:54:51 UTC
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Thu, 26 Jan 2023 09:54:51 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 54e45c2609ea90086e3bf1361b31c15b
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FbYRf&nse=5&vi=1674726891714266779&ugd=4&sff=0&pgid=p02111588619t202301260954&nb=1
200 OK 330 B URL HTTP/2 contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FbYRf&nse=5&vi=1674726891714266779&ugd=4&sff=0&pgid=p02111588619t202301260954&nb=1
IP
File type ASCII text, with very long lines (550), with no line terminators
Hash 171514a6bf001c128ca0dae441035a9d
f545ddab977fa1bacd1068098ab65cff1487bf90
e7658872c7bf4d1a512a40343934dc2056732ab7f3e3f6b3e03cf72ece1cf8e5
GET /smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FbYRf&nse=5&vi=1674726891714266779&ugd=4&sff=0&pgid=p02111588619t202301260954&nb=1 HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
content-type: text/javascript
x-sc-h: 21-f7pd
expires: Thu, 26 Jan 2023 09:54:51 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Thu, 26 Jan 2023 09:54:51 GMT
content-length: 330
vary: Accept-Encoding
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
pixel.quantserve.com/pixel;r=1258061388;labels=Categories.technologyandcomputing;rf=0;a=p-6Fv0cGNfc_bw8;url=https%3A%2F%2Foxy.st%2Fd%2FbYRf;uht=2;fpan=1;fpa=P0-658348133-1674726889064;pbc=;ns=0;ce=1;qjs=1;qv=8508733c-20230116145555;cm=;gdpr=0;ref=;d=oxy.st;dst=0;et=1674726889250;tzo=0;ogl=;ses=4f911918-9d9c-4bbf-9211-1c74adbd9240
200 OK 35 B URL HTTP/2 pixel.quantserve.com/pixel;r=1258061388;labels=Categories.technologyandcomputing;rf=0;a=p-6Fv0cGNfc_bw8;url=https%3A%2F%2Foxy.st%2Fd%2FbYRf;uht=2;fpan=1;fpa=P0-658348133-1674726889064;pbc=;ns=0;ce=1;qjs=1;qv=8508733c-20230116145555;cm=;gdpr=0;ref=;d=oxy.st;dst=0;et=1674726889250;tzo=0;ogl=;ses=4f911918-9d9c-4bbf-9211-1c74adbd9240
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 55d25e9dc950d5db4d53a3b195c046c6
75e91ae3e549dab12ed1c9787ade9131aef1c981
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
GET /pixel;r=1258061388;labels=Categories.technologyandcomputing;rf=0;a=p-6Fv0cGNfc_bw8;url=https%3A%2F%2Foxy.st%2Fd%2FbYRf;uht=2;fpan=1;fpa=P0-658348133-1674726889064;pbc=;ns=0;ce=1;qjs=1;qv=8508733c-20230116145555;cm=;gdpr=0;ref=;d=oxy.st;dst=0;et=1674726889250;tzo=0;ogl=;ses=4f911918-9d9c-4bbf-9211-1c74adbd9240 HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:54:51 GMT
content-type: image/gif
content-length: 35
cache-control: private, no-cache, no-store, proxy-revalidate
expires: Fri, 04 Aug 1978 12:00:00 GMT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
pragma: no-cache
set-cookie: mc=63d24deb-7925a-68574-57596; expires=Mon, 26-Feb-2024 09:54:51 GMT; path=/; domain=.quantserve.com
X-Firefox-Spdy: h2
ibrapush.com/custom
200 OK 39 B IP
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Content-Type: application/json
Origin: https://oxy.st
Content-Length: 719
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:54:51 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 014699f5a6eaee997a1b2391bdc51a43
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Da309da7d-9710-4370-b53c-95fef86f22b8
302 Found 355 B URL HTTP/2 image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Da309da7d-9710-4370-b53c-95fef86f22b8
IP
Hash 0f389bb7e53237a0f5b2cac908811a8b
cace3242d1a9539541bb281a38966a75dbbb5ee2
8a5461619815e0b9938723b33415caa2de9e0e8fc42d7a58a2edcd62c2d0f193
GET /AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Da309da7d-9710-4370-b53c-95fef86f22b8 HTTP/1.1
Host: image2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Thu, 26 Jan 2023 09:54:49 GMT
set-cookie: KTPCACOOKIE=true; domain=pubmatic.com; secure; expires=Wed, 26-Apr-2023 09:54:49 GMT; path=/
location: https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Da309da7d-9710-4370-b53c-95fef86f22b8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 313 B IP
Hash c3fa0acd495f7caf6e73cd7d11915aa1
68214131a41d142e3f8cb2fc73fbc9a0d7ab5040
d343cb2efb8921f99f1acef382f5296d9f582fb8ad8d79b80d49e23bd7606a8c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4915
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 26 Jan 2023 09:54:51 GMT
Last-Modified: Thu, 26 Jan 2023 08:32:56 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 313
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash c1f48d76ab26ab81ea51c0e54b0658f6
299bec36fb52baab04f633571872aded9368e461
9ef779bcd2e796b0d76800053bdbdd24156476ebb822e3f46c6485d10d59fce9
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=130080
Date: Thu, 26 Jan 2023 09:54:51 GMT
Etag: "63d1902f-1d7"
Expires: Fri, 27 Jan 2023 22:02:51 GMT
Last-Modified: Wed, 25 Jan 2023 20:25:19 GMT
Server: ECS (nyb/1D10)
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: hEig1d4uXxRp-4MwbSv7ESBqX2VmP14QtP-sQjqVs5OPRX1nB5G9fQ==
Age: 5852
adtrack.adleadevent.com/notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7
200 OK 20 B URL HTTP/1.1 adtrack.adleadevent.com/notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7
IP
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7 HTTP/1.1
Host: adtrack.adleadevent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://oxy.st
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Content-Encoding: gzip
Content-Type: application/x-javascript
Date: Thu, 26 Jan 2023 09:54:51 GMT
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 26 Jan 2023 09:54:51 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Length: 20
Connection: keep-alive
gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st
200 OK 5.6 kB URL HTTP/2 gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st
IP
Hash a1d17fc5218517041fc40e034a27826c
909ba638e9259c6574a11a0b512f117c51eef7ae
9d0a1f0ad466f290c9e39bad0ad631547e646f2aa3f22fc7b40f12c8c4bdc9be
GET /syncframe?origin=rtus&topUrl=oxy.st HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:54:51 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=b8b660c3-1182-46e9-87c4-90c4b8e16729; expires=Tue, 20 Feb 2024 09:54:51 GMT; domain=.criteo.com; path=/; secure; samesite=none
optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 707027
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ads.adlook.me/vast?id=5344&w=1268&h=713&mult=1&rw=0&ref=&loc=https%3A%2F%2Foxy.st%2Fd%2FbYRf&top=&_ts=1674726887680
503 Service Unavailable 27 B URL HTTP/2 ads.adlook.me/vast?id=5344&w=1268&h=713&mult=1&rw=0&ref=&loc=https%3A%2F%2Foxy.st%2Fd%2FbYRf&top=&_ts=1674726887680
IP
ASN #48096 Enterprise Cloud Ltd.
File type ASCII text, with no line terminators
Hash 435b48c70aca2dc80f8b34b5fdeb2789
ffe2c8567607568f939fa1a6f9888639b98b400c
6468ac9f9bca964f3910fc967b80781c1c8634300e36f95ae49056d91a2734bf
GET /vast?id=5344&w=1268&h=713&mult=1&rw=0&ref=&loc=https%3A%2F%2Foxy.st%2Fd%2FbYRf&top=&_ts=1674726887680 HTTP/1.1
Host: ads.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 503 Service Unavailable
content-type: text/html
server: Microsoft-IIS/10.0
date: Thu, 26 Jan 2023 09:54:51 GMT
content-length: 27
X-Firefox-Spdy: h2
unphionetor.com/fv.js?t=72747&cb=881772424
200 OK 2.2 kB URL HTTP/2 unphionetor.com/fv.js?t=72747&cb=881772424
IP
Hash c951fbce2c8adebc068a63ce2bc41fa8
afd501e3f6aeafe11ff4ed9a2a1c62781ceb5b52
937cc63c6f94f8cafc28f6838389966ddfaecc4cd9d702c0c45cf769eb55a436
Analyzer Verdict Alert quad9 Sinkholed
GET /fv.js?t=72747&cb=881772424 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:54:51 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: bf5c6a32b8b592fd5ec60de18c37b0b9
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
betotodilea.com/500/5630102?excludes=16368912&oaid=a36460e5ee6443baa3f4ee7d2909fa9c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FbYRf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
200 OK 0 B URL HTTP/2 betotodilea.com/500/5630102?excludes=16368912&oaid=a36460e5ee6443baa3f4ee7d2909fa9c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FbYRf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /500/5630102?excludes=16368912&oaid=a36460e5ee6443baa3f4ee7d2909fa9c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FbYRf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:54:55 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://oxy.st
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
betotodilea.com/500/5630102?excludes=16368912&oaid=a36460e5ee6443baa3f4ee7d2909fa9c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FbYRf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
200 OK 12 kB URL HTTP/2 betotodilea.com/500/5630102?excludes=16368912&oaid=a36460e5ee6443baa3f4ee7d2909fa9c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FbYRf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
Hash df274a48a071f031c02b068713037242
a90b2c83b06a673e4e4c7148a39486654da6421b
3fa33440a71b3448593d0322444fa60624a69a92256f8b80a03a95b54253cc1c
Analyzer Verdict Alert quad9 Sinkholed
GET /500/5630102?excludes=16368912&oaid=a36460e5ee6443baa3f4ee7d2909fa9c&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FbYRf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: OAID=a36460e5ee6443baa3f4ee7d2909fa9c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:54:55 GMT
content-type: application/javascript
x-trace-id: 88932dec51c86f6843cf0a2d3b4eda40
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://oxy.st
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=a36460e5ee6443baa3f4ee7d2909fa9c; expires=Fri, 26 Jan 2024 09:54:55 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ibrapush.com/custom
200 OK 39 B IP
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Content-Type: application/json
Origin: https://oxy.st
Content-Length: 363
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:54:57 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 11c5ae7031a66b15251466398d49a27b
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ibrapush.com/pfe/current/tag.min.js?z=5630104
200 OK 6.1 kB URL HTTP/2 ibrapush.com/pfe/current/tag.min.js?z=5630104
IP
Hash 13a8ac6735c62f6b5a6691a2dc178916
53d64e4a52d4d9ce7e2f4ff969cb654242adf359
0d2448db84f018a843e27940a6addf2f39e9fb7e72c71a2ff1846ca5369165c1
GET /pfe/current/tag.min.js?z=5630104 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:54:50 GMT
content-type: application/javascript
last-modified: Tue, 24 Jan 2023 14:31:33 GMT
etag: W/"63cfebc5-390a"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
link: <https://my.rtmark.net>; rel=dns-prefetch;, <https://my.rtmark.net>; rel=preconnect
content-encoding: gzip
X-Firefox-Spdy: h2
ads.themoneytizer.com/IIQUniversalID.js
200 OK 0 B URL HTTP/2 ads.themoneytizer.com/IIQUniversalID.js
IP
ASN #60068 Datacamp Limited
GET /IIQUniversalID.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:54:49 GMT
content-type: application/javascript
last-modified: Wed, 12 Oct 2022 18:48:43 GMT
expires: Fri, 27 Jan 2023 05:03:54 GMT
cache-control: max-age=86400, public, no-transform
pragma: public
x-accel-expires: @1674795834
server: CDN77-Turbo
x-77-nzt: AblMCRSU6qj/L0QAAA
x-77-nzt-ray: af585630d14fedf5e94dd263b256a215
x-cache: HIT
x-age: 17455
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
nanouwho.com/1?z=5630103
200 OK 0 B IP
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=5630103 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:54:50 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 097e4a2866a4c0714b472eb374ad0bb8
access-control-expose-headers: X-Sc
x-sc: Fsg2KKWHdTmZJGAZP_MCHc-XWmqmH_wZhFmWJI8Ck0XvUrhb-_0oTOG1d3r4LBr5vx9b0vKbCx74exZIpS2lDdYU2E8=
set-cookie: scm=1; expires=Fri, 26 Jan 2024 09:54:50 GMT; secure; SameSite=None
OAID=226c6cbe9d5c48808cc74a276b940316; expires=Fri, 26 Jan 2024 09:54:50 GMT; secure; SameSite=None
oaidts=1674726890; expires=Fri, 26 Jan 2024 09:54:50 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
nanouwho.com/27/f0e85569ebf902c5568035fe1b0a0004
200 OK 0 B URL HTTP/2 nanouwho.com/27/f0e85569ebf902c5568035fe1b0a0004
IP
Analyzer Verdict Alert quad9 Sinkholed
GET /27/f0e85569ebf902c5568035fe1b0a0004 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Cookie: scm=1; OAID=226c6cbe9d5c48808cc74a276b940316; oaidts=1674726890
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:54:50 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
cache-control: max-age:290304000, public
last-modified: Thu, 26 Jan 2023 04:44:45 GMT
expires: Thu, 25 Feb 2083 04:44:45 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
interstitial-07.com/?l=5m6UFzXYYi5sfZO&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D2851781965%26z%3D5630103%26b%3D16380033%26c%3D6511541%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3Df9VoCsUsDSen2FhRq6yZxrMtkyX2yPxtO3p7wC6qdcuARSlRjDpRCOR6SGWTTPNWocGO-ex7cjAOiguUHlHsD9HTyogrPaKVGqNztgt7m2_iJwXTNBf3y_OptS7wYQsCFl8kvrwX9pt7tWXsPsR1lvQS3qL4zbT_1TepnWZeHalWTvqYYRDCXemadwZ8E_SDzrGOW8B1x2p5x5y8nsY0X4UvDBRYdN_ped9a9RAYBD9gghaRxwCoKjyJ3G4zSek_UzDLJya_ChqwmUnc7MpMgr-JchfLkL3W98vI_X4oLNJ2UtkZ9uwbpERkYF2nXIgPTGTwohWNe__8GSZtLBQaldwJo9ebeEBkmBAu6r4HlGOljtz1WGAQbCQaDbHW_1dNU-2B7sTxlmMg-2AnZUDVXwpYRsqXHPe_cnOjNdN2uuQ0EoDALRUoNTaY6vbwhz9YM9E6t59rFr-HdGexHYEJEeK2aHZyXyFk_eF8rQn52MyYy3RV4lstU9UCilLCHBBID6TPMUtWe7kremJMrsHCScOrtk9RE73UDJeCCx1msVlZgy9mXirm1dzgS7hqSw-rv9jUCTppk7uGdw0u1M2YPx-lNuUuCXjmMfIjCZa4AzUG6kPxum288pL95XNo6CLjhdl6YsKI5jpvO2BgQwkIZuOqmNLp9FFXHpzdkpenfF-UFEvyWDf_M_9FT1nqvhZV5PZshEqyXqMfLzuK%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3Dbed65ca0-29a6-4347-b5ce-b9cbc0429a39%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FbYRf%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D3%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
200 OK 0 B URL HTTP/2 interstitial-07.com/?l=5m6UFzXYYi5sfZO&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D2851781965%26z%3D5630103%26b%3D16380033%26c%3D6511541%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3Df9VoCsUsDSen2FhRq6yZxrMtkyX2yPxtO3p7wC6qdcuARSlRjDpRCOR6SGWTTPNWocGO-ex7cjAOiguUHlHsD9HTyogrPaKVGqNztgt7m2_iJwXTNBf3y_OptS7wYQsCFl8kvrwX9pt7tWXsPsR1lvQS3qL4zbT_1TepnWZeHalWTvqYYRDCXemadwZ8E_SDzrGOW8B1x2p5x5y8nsY0X4UvDBRYdN_ped9a9RAYBD9gghaRxwCoKjyJ3G4zSek_UzDLJya_ChqwmUnc7MpMgr-JchfLkL3W98vI_X4oLNJ2UtkZ9uwbpERkYF2nXIgPTGTwohWNe__8GSZtLBQaldwJo9ebeEBkmBAu6r4HlGOljtz1WGAQbCQaDbHW_1dNU-2B7sTxlmMg-2AnZUDVXwpYRsqXHPe_cnOjNdN2uuQ0EoDALRUoNTaY6vbwhz9YM9E6t59rFr-HdGexHYEJEeK2aHZyXyFk_eF8rQn52MyYy3RV4lstU9UCilLCHBBID6TPMUtWe7kremJMrsHCScOrtk9RE73UDJeCCx1msVlZgy9mXirm1dzgS7hqSw-rv9jUCTppk7uGdw0u1M2YPx-lNuUuCXjmMfIjCZa4AzUG6kPxum288pL95XNo6CLjhdl6YsKI5jpvO2BgQwkIZuOqmNLp9FFXHpzdkpenfF-UFEvyWDf_M_9FT1nqvhZV5PZshEqyXqMfLzuK%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3Dbed65ca0-29a6-4347-b5ce-b9cbc0429a39%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FbYRf%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D3%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
IP
GET /?l=5m6UFzXYYi5sfZO&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D2851781965%26z%3D5630103%26b%3D16380033%26c%3D6511541%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3Df9VoCsUsDSen2FhRq6yZxrMtkyX2yPxtO3p7wC6qdcuARSlRjDpRCOR6SGWTTPNWocGO-ex7cjAOiguUHlHsD9HTyogrPaKVGqNztgt7m2_iJwXTNBf3y_OptS7wYQsCFl8kvrwX9pt7tWXsPsR1lvQS3qL4zbT_1TepnWZeHalWTvqYYRDCXemadwZ8E_SDzrGOW8B1x2p5x5y8nsY0X4UvDBRYdN_ped9a9RAYBD9gghaRxwCoKjyJ3G4zSek_UzDLJya_ChqwmUnc7MpMgr-JchfLkL3W98vI_X4oLNJ2UtkZ9uwbpERkYF2nXIgPTGTwohWNe__8GSZtLBQaldwJo9ebeEBkmBAu6r4HlGOljtz1WGAQbCQaDbHW_1dNU-2B7sTxlmMg-2AnZUDVXwpYRsqXHPe_cnOjNdN2uuQ0EoDALRUoNTaY6vbwhz9YM9E6t59rFr-HdGexHYEJEeK2aHZyXyFk_eF8rQn52MyYy3RV4lstU9UCilLCHBBID6TPMUtWe7kremJMrsHCScOrtk9RE73UDJeCCx1msVlZgy9mXirm1dzgS7hqSw-rv9jUCTppk7uGdw0u1M2YPx-lNuUuCXjmMfIjCZa4AzUG6kPxum288pL95XNo6CLjhdl6YsKI5jpvO2BgQwkIZuOqmNLp9FFXHpzdkpenfF-UFEvyWDf_M_9FT1nqvhZV5PZshEqyXqMfLzuK%26bag%3DmtlVseJPZwq8MrL-yExcig%3D%3D%26ruid%3Dbed65ca0-29a6-4347-b5ce-b9cbc0429a39%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FbYRf%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D3%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:54:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.24
set-cookie: reverse=F-DG5yGJkkhxd1TdXRSahDwq_g8w6dHOkqjsQxbQXbM; expires=Thu, 26-Jan-2023 10:54:50 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2
image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Da309da7d-9710-4370-b53c-95fef86f22b8
200 OK 0 B URL HTTP/2 image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Da309da7d-9710-4370-b53c-95fef86f22b8
IP
GET /AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Da309da7d-9710-4370-b53c-95fef86f22b8 HTTP/1.1
Host: image2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:54:51 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip
X-Firefox-Spdy: h2
spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258
200 OK 0 B URL HTTP/2 spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258
IP
GET /mapper.js?env=mWeb&eventType=pageview&zdid=1258 HTTP/1.1
Host: spl.zeotap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:54:49 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://oxy.st
vary: Origin, Accept-Encoding
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 78f85e92d9b6b4e8-OSL
content-encoding: br
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
200 OK 0 B IP
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:54:50 GMT
content-type: application/javascript
last-modified: Thu, 29 Dec 2022 16:01:28 GMT
etag: W/"63adb9d8-3341"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 1463
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d5JHUXjP6b6Jz9fYUIwqg8Ics%2FOTn4FcZTriWkOXJeM9sJnEqwYBwVlLyldKDZ3fNp3D9184dc6s7prX%2FIEDRk6qj0inWHoyYTGstIhUvz2XyXlGlQrAIWNhBPL1Pg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78f85e98684db51e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
onmarshtompor.com/?rb=fHHtly3ftXik-S7z5An_Tz8cRXRcjQIeDbUv5TWC2L31vxUtzpINCuI_1KAnFsWI-VAw3YQgVDR40ruRPUEXysdGiZQsj5jx78lJsiSJcAYUHpmfO-fzgfVMjjlDeX_tdIvQuJ8NY9sfjkl1T_6GqGxTGf6VXuNSckP5OzirDxrFsCaW7_u6rGaVqP-Ek6Kpr_EfLuhJ7YZZDe3yTOW9uiUd2UqU2ir2&request_ab2=0&zoneid=5630105&js_build=iclick-v1.473.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=3&pl=https%3A%2F%2Foxy.st%2Fd%2FbYRf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.473.0&bs=2433027c-d89d-4a19-9480-746386f61491&userId=a36460e5ee6443baa3f4ee7d2909fa9c&m=link
200 OK 0 B URL HTTP/2 onmarshtompor.com/?rb=fHHtly3ftXik-S7z5An_Tz8cRXRcjQIeDbUv5TWC2L31vxUtzpINCuI_1KAnFsWI-VAw3YQgVDR40ruRPUEXysdGiZQsj5jx78lJsiSJcAYUHpmfO-fzgfVMjjlDeX_tdIvQuJ8NY9sfjkl1T_6GqGxTGf6VXuNSckP5OzirDxrFsCaW7_u6rGaVqP-Ek6Kpr_EfLuhJ7YZZDe3yTOW9uiUd2UqU2ir2&request_ab2=0&zoneid=5630105&js_build=iclick-v1.473.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=3&pl=https%3A%2F%2Foxy.st%2Fd%2FbYRf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.473.0&bs=2433027c-d89d-4a19-9480-746386f61491&userId=a36460e5ee6443baa3f4ee7d2909fa9c&m=link
IP
GET /?rb=fHHtly3ftXik-S7z5An_Tz8cRXRcjQIeDbUv5TWC2L31vxUtzpINCuI_1KAnFsWI-VAw3YQgVDR40ruRPUEXysdGiZQsj5jx78lJsiSJcAYUHpmfO-fzgfVMjjlDeX_tdIvQuJ8NY9sfjkl1T_6GqGxTGf6VXuNSckP5OzirDxrFsCaW7_u6rGaVqP-Ek6Kpr_EfLuhJ7YZZDe3yTOW9uiUd2UqU2ir2&request_ab2=0&zoneid=5630105&js_build=iclick-v1.473.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=3&pl=https%3A%2F%2Foxy.st%2Fd%2FbYRf&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.473.0&bs=2433027c-d89d-4a19-9480-746386f61491&userId=a36460e5ee6443baa3f4ee7d2909fa9c&m=link HTTP/1.1
Host: onmarshtompor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:54:50 GMT
content-type: application/json
x-trace-id: edc148667a21f9e87a34c718deced8c6
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=a36460e5ee6443baa3f4ee7d2909fa9c; expires=Fri, 26 Jan 2024 09:54:50 GMT; path=/; secure; SameSite=None
oaidts=1674726890; expires=Fri, 26 Jan 2024 09:54:50 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Thu, 02 Feb 2023 09:54:50 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
oxy.st/sw.js
200 OK 0 B IP
GET /sw.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/d/bYRf
Connection: keep-alive
Cookie: __ddg1_=azmlgYmgaOPeeOOeSvo2; PHPSESSID=h1gvoob08lflr7gkk3f6qo23n6; _pbjs_userid_consent_data=3524755945110770; sharedid=1b9cf2ed-9341-4341-94ec-9d9bc14a31b3; cto_bundle=pnYCyl9DVGk5ekslMkZMMCUyRiUyRmV6ZUdtJTJGYXdCOE41Yks3RUFMUGE1NDlhZlFzWVgxNXY0SDZmVmh5N2MlMkJINTZPSHFReFZsN1YzR3ElMkZjYWlNMzVhOGI3JTJGeGNjNGF6SjZjdUkwRHFHayUyRnZGaVZZJTJCSWpHQSUzRA; cto_bidid=2To9_V9ZUFJCTXhFRUpLbTVNZGlvU2hxc255Q2RMeXlYWDFYdHdaMFZ6allVaTVxUzd1Uko5aXdnajNJNHlYaFc5RXN1Vnh5OCUyQlN3Mk1Wb2Ewa2I1alpRSGtRJTNEJTNE; prefetchAd_5630105=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 26 Jan 2023 09:54:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
content-encoding: gzip
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
200 OK 0 B URL HTTP/2 gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP
GET /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:54:50 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 715865
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
secure.quantserve.com/quant.js
200 OK 0 B URL HTTP/2 secure.quantserve.com/quant.js
IP
GET /quant.js HTTP/1.1
Host: secure.quantserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:54:51 GMT
content-type: application/javascript
accept-ranges: bytes
cache-control: private, max-age=604800
content-encoding: gzip
etag: "OVi4z6W4qM+KoQEZlRgh5w=="
expires: Thu, 02 Feb 2023 09:54:51 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1
200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1
IP
OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:54:49 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 354400
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1
200 OK 0 B URL HTTP/2 gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1
IP
GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:54:49 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 853977
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
contextual.media.net/dmedianet.js?cid=8CU7BC15F
200 OK 0 B URL HTTP/2 contextual.media.net/dmedianet.js?cid=8CU7BC15F
IP
GET /dmedianet.js?cid=8CU7BC15F HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache
content-type: text/javascript; charset=utf-8
x-mnt-h: 8-16
x-mnt-w: 8-7
etag: "07c83206f44439062ce3e82213bdf949"
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=300
expires: Thu, 26 Jan 2023 09:59:51 GMT
date: Thu, 26 Jan 2023 09:54:51 GMT
X-Firefox-Spdy: h2
gem.gbc.criteo.com/newidsd
200 OK 0 B URL HTTP/2 gem.gbc.criteo.com/newidsd
IP
GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:54:51 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 94999
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ads.themoneytizer.com/moneybile.js
200 OK 0 B URL HTTP/2 ads.themoneytizer.com/moneybile.js
IP
ASN #60068 Datacamp Limited
GET /moneybile.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:54:49 GMT
content-type: application/javascript
last-modified: Fri, 12 Mar 2021 17:07:19 GMT
expires: Fri, 27 Jan 2023 05:03:54 GMT
cache-control: max-age=86400, public, no-transform
pragma: public
x-accel-expires: @1674795834
server: CDN77-Turbo
x-77-nzt: AblMCRSkUNP/L0QAAA
x-77-nzt-ray: af585630d14fedf5e94dd2630343b615
x-cache: HIT
x-age: 17455
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
ads.themoneytizer.com/s/gen.js?type=2
200 OK 0 B URL HTTP/2 ads.themoneytizer.com/s/gen.js?type=2
IP
ASN #60068 Datacamp Limited
GET /s/gen.js?type=2 HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:54:49 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=604800
x-accel-expires: @1675314235
server: CDN77-Turbo
x-77-nzt: AblMCRQZrqP/LkQAAA
x-77-nzt-ray: af585630d14fedf5e94dd263d66d2509
x-cache: HIT
x-age: 17454
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=2
200 OK 0 B URL HTTP/2 ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=2
IP
ASN #60068 Datacamp Limited
GET /s/requestform.js?siteId=85433&formatId=2 HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:54:49 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=604800
x-accel-expires: @1675314387
server: CDN77-Turbo
x-77-nzt: AblMCRRtV73/lkMAAA
x-77-nzt-ray: af585630d14fedf5e94dd26382694809
x-cache: HIT
x-age: 17302
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
inklinkor.com/tag.min.js
200 OK 0 B IP
GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 26 Jan 2023 09:54:49 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 49e9a12587490f60bbfd9a1d1e096c91
cache-control: max-age=86400
last-modified: Mon, 23 Jan 2023 15:51:55 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Fri, 27 Jan 2023 08:29:32 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 5117
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qvpv9Kvv2wj0%2BfqhqREliFq5JUq8WH5plPx7oJ06gIFqQNP8bWxpFiSXmi0dujfpYG6E%2FAEd7fBPJDgpOXN%2BtLuhSpgUzJ%2FS28yIr74pXFwY8emZxFjR68fi9VlJ2owW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 78f85e920da0b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
betotodilea.com/400/5630102
200 OK 0 B URL HTTP/2 betotodilea.com/400/5630102
IP
Analyzer Verdict Alert quad9 Sinkholed
GET /400/5630102 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 26 Jan 2023 09:54:50 GMT
content-type: application/javascript
x-trace-id: 2ad22c06179cc4284c3ba108f3e50893
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=ac65d36e026e4cc2bf9d0b1654d1a0b0; expires=Fri, 26 Jan 2024 09:54:50 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
oxy.st/d/bYRf
200 OK 0 B IP
GET /d/bYRf HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 26 Jan 2023 09:54:48 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: __ddg1_=azmlgYmgaOPeeOOeSvo2; Domain=.oxy.st; HttpOnly; Path=/; Expires=Fri, 26-Jan-2024 09:54:48 GMT
PHPSESSID=h1gvoob08lflr7gkk3f6qo23n6; path=/; domain=.oxy.st
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
185.178.208.137
104.18.32.68
92.223.124.24
185.76.9.26
52.212.11.14
139.45.197.242
142.250.74.131
2.18.172.23
178.250.6.2
88.208.46.156