Report - oxy.st/d/vKog

Report Overview

Submitted URL
oxy.st/d/vKog
IP
185.178.208.137
ASN
#57724 Ddos-guard Ltd
Submitted
2023-02-04 19:13:53
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
4
Threat Detection Systems
28

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
unphionetor.com	54035	2022-02-11T13:53:49Z	2023-03-13T05:31:17Z	1.3 kB	2.1 kB	139.45.197.236
adtrack.adleadevent.com	30718	2015-02-02T16:16:49Z	2023-03-13T05:20:59Z	465 B	500 B	54.154.10.160
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
gum.criteo.com	381	2015-01-22T11:58:57Z	2023-03-13T07:21:44Z	3.9 kB	31 kB	178.250.0.157
mwzeom.zeotap.com	1406	2017-01-29T20:08:22Z	2023-03-13T05:20:58Z	813 B	559 B	104.22.24.87
pixel.quantserve.com	417	2012-05-21T21:45:06Z	2023-03-13T05:28:27Z	692 B	459 B	91.228.74.168
s.cpx.to	2014	2014-10-25T15:31:28Z	2023-03-13T06:08:01Z	1.4 kB	2.6 kB	52.50.35.7
secure.adnxs.com	396	2012-05-22T18:37:37Z	2023-03-13T05:28:06Z	1.2 kB	2.2 kB	185.89.210.153
betotodilea.com	52465	2021-08-17T09:55:50Z	2023-03-13T05:31:16Z	3.6 kB	25 kB	139.45.197.237
tzegilo.com	unknown	2022-01-14T16:27:15Z	2023-03-13T06:33:04Z	348 B	826 B	104.21.89.122
p.cpx.to	10368	2015-01-23T02:00:57Z	2023-03-13T07:56:11Z	348 B	2.2 kB	18.203.96.189
id5-sync.com	504	2017-01-25T22:02:34Z	2023-03-13T05:10:36Z	1.2 kB	2.1 kB	162.19.138.117
contextual.media.net	513	2012-05-21T09:20:31Z	2023-03-13T05:53:10Z	986 B	1.0 kB	2.18.172.23
dnacdn.net	3760	2019-09-02T17:07:45Z	2023-03-13T07:41:37Z	386 B	624 B	178.250.2.146
counter.yadro.ru	7275	2014-09-09T20:41:17Z	2023-03-13T07:26:53Z	491 B	726 B	88.212.201.204
mpraven.org	unknown	2022-09-06T16:22:31Z	2023-03-13T01:02:29Z	792 B	590 B	88.208.5.115
d2zur9cc2gf1tx.cloudfront.net	unknown	2020-12-01T13:47:11Z	2023-03-13T05:21:11Z	404 B	26 kB	143.204.42.129
offerimage.com	304078	2019-06-10T13:11:53Z	2023-03-13T08:06:22Z	410 B	14 kB	104.22.32.172
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-13T08:22:43Z	1.0 kB	2.9 kB	172.64.155.188
c.tmyzer.com	26868	2018-02-26T16:04:41Z	2023-03-13T05:20:58Z	379 B	264 B	54.38.64.100
my.rtmark.net	9054	2015-02-04T10:54:57Z	2023-03-13T05:11:40Z	923 B	1.5 kB	139.45.195.8
ocsp2.globalsign.com	1544	2012-05-23T20:10:04Z	2023-03-13T05:14:17Z	357 B	1.9 kB	104.18.21.226
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	1.6 kB	28 kB	34.120.237.76
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	350 B	944 B	54.230.245.39
bedrapiona.com	34930	2020-05-08T15:43:48Z	2023-03-13T05:31:15Z	401 B	1.1 kB	139.45.197.234
ads.themoneytizer.com	28463	2014-05-26T15:46:02Z	2023-03-13T05:20:58Z	1.9 kB	2.2 kB	185.76.9.25
tag.leadplace.fr	28142	2015-07-08T10:10:21Z	2023-03-13T05:20:58Z	861 B	6.1 kB	145.239.192.166
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	35.167.56.184
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
spl.zeotap.com	1638	2017-01-27T16:44:52Z	2023-03-13T05:20:58Z	801 B	22 kB	104.22.24.87
ibrapush.com	unknown	2020-04-18T16:40:35Z	2023-03-13T09:49:24Z	3.0 kB	10 kB	139.45.197.250
cm.g.doubleclick.net	202	2012-05-22T11:58:28Z	2023-03-13T08:33:33Z	1.0 kB	2.6 kB	142.250.74.162
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	3.1 kB	6.3 kB	216.58.211.3
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	4.1 kB	7.5 kB	93.184.220.29
ads.adlook.me	43352	2018-11-28T13:50:19Z	2023-03-13T08:33:52Z	461 B	380 B	5.200.50.170
csm.fr.eu.criteo.net	6845	2017-01-30T06:18:06Z	2023-03-13T07:05:22Z	538 B	358 B	178.250.0.162
rules.quantcount.com	877	2018-06-15T17:43:28Z	2023-03-13T05:20:58Z	371 B	650 B	54.230.111.33
cdnjs.cloudflare.com	235	2015-04-17T22:46:33Z	2023-03-13T05:09:21Z	418 B	1.6 kB	104.17.24.14
cdn.adlook.me	108334	2018-11-26T09:56:10Z	2023-03-12T22:29:34Z	1.2 kB	23 kB	92.223.124.24
whereres.com	unknown	2022-09-27T19:04:48Z	2023-03-12T21:21:08Z	370 B	9.2 kB	88.208.46.156
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-13T08:44:36Z	1.5 kB	100 kB	142.250.74.35
ocsp.globalsign.com	2075	2012-07-20T19:46:16Z	2023-03-13T05:09:19Z	720 B	3.3 kB	104.18.21.226
onmarshtompor.com	24517	2020-10-19T14:36:32Z	2023-03-13T06:56:57Z	929 B	35 kB	139.45.197.243
lg3.media.net	3558	2017-08-23T13:25:04Z	2023-03-13T09:02:59Z	850 B	330 B	2.18.172.23
interstitial-07.com	36198	2017-03-09T01:00:07Z	2023-03-13T05:31:16Z	6.1 kB	64 kB	139.45.197.151
oxy.st	unknown	2020-07-14T20:48:51Z	2023-03-10T10:38:26Z	14 kB	458 kB	185.178.208.137
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	7.1 kB	19 kB	23.36.76.249
ag.gbc.criteo.com	5925	2018-12-17T14:17:41Z	2023-03-13T05:53:12Z	386 B	492 B	185.235.84.169
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-13T08:14:31Z	463 B	630 B	142.250.74.138
gem.gbc.criteo.com	6039	2019-01-31T11:05:09Z	2023-03-13T05:34:09Z	387 B	492 B	185.235.84.140
yastatic.net	72282	2014-03-11T08:15:28Z	2023-03-13T05:16:26Z	910 B	90 kB	178.154.131.215
nanouwho.com	unknown	2022-07-09T22:30:29Z	2023-03-13T05:15:46Z	3.7 kB	28 kB	139.45.197.242
image2.pubmatic.com	873	2012-05-21T15:21:02Z	2023-03-13T05:50:14Z	1.0 kB	874 B	185.64.189.110
inklinkor.com	unknown	2022-04-01T13:44:00Z	2023-03-13T06:35:03Z	350 B	27 kB	172.67.211.29
match.adsrvr.org	349	2012-05-21T10:27:04Z	2023-03-13T05:21:15Z	407 B	352 B	35.71.131.137
fleraprt.com	unknown	2022-01-14T23:55:14Z	2023-03-13T06:33:10Z	470 B	474 B	139.45.195.254
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
onetag-sys.com	1840	2015-04-08T13:30:19Z	2023-03-13T05:20:58Z	499 B	113 B	51.89.9.251

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-04 19:14:19	medium	Client IP	Internal IP	ET DNS Query for .to TLD
2023-02-04 19:14:19	medium	Client IP	Internal IP	ET DNS Query for .to TLD
2023-02-04 19:14:20	medium	Client IP	Internal IP	ET DNS Query for .to TLD
2023-02-04 19:14:20	medium	Client IP	Internal IP	ET DNS Query for .to TLD

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-02-04	medium	nanouwho.com	Sinkholed
2023-02-04	medium	nanouwho.com	Sinkholed
2023-02-04	medium	nanouwho.com	Sinkholed
2023-02-04	medium	betotodilea.com	Sinkholed
2023-02-04	medium	nanouwho.com	Sinkholed
2023-02-04	medium	fleraprt.com	Sinkholed
2023-02-04	medium	unphionetor.com	Sinkholed
2023-02-04	medium	unphionetor.com	Sinkholed
2023-02-04	medium	betotodilea.com	Sinkholed
2023-02-04	medium	betotodilea.com	Sinkholed
2023-02-04	medium	betotodilea.com	Sinkholed
2023-02-04	medium	betotodilea.com	Sinkholed
2023-02-04	medium	unphionetor.com	Sinkholed
2023-02-04	medium	nanouwho.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (57)

	URL	Size	First Seen	Last Seen
	d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js	26 kB	2023-03-07	2023-11-30
Pretty URL d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js IP 143.204.42.129 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:29 Last Seen2023-11-30 03:07:33 Times Seen15813 Hash 8703fc9eead243fe2f47380e962d7fa2 3d9f707259112fa9ccdd1e676f00eadcff71906c b47b4ca26c57e3dceebd7abd067df9622599bed6bfb11b480f92d09a945cd213 Loading...

	ads.themoneytizer.com/moneybile.js	39 kB	2023-03-07	2023-11-06
Pretty URL ads.themoneytizer.com/moneybile.js IP 185.76.9.25 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:28 Last Seen2023-11-06 07:20:59 Times Seen1830 Hash efe528f52c3d05d68794f3f0f8146a8e 577c01fdfae7dcc7e7d23009d74422f61b414783 4006e0481f9cfffd3a579c3dcbdad1b6953e844c1e3c76a8d9f86844c98d87a3 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js	86 kB	2023-03-07	2024-05-10
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:28 Last Seen2024-05-10 14:24:17 Times Seen22833 Hash d0212568ce69457081dacf84e327fa5c d6702a1af0378b2342f6a0692e77c169f580aed7 266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d Loading...

	oxy.st/d/vKog	143 B	2023-03-07	2024-05-10
Pretty URL oxy.st/d/vKog IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:39:10 Last Seen2024-05-10 18:07:46 Times Seen9922 Hash 0e1ffe876425e6a6b54c517119ca9ec2 fe778fd505adb0f26552512e719c838f9df041fe b865ee6df9893808db5cca02720d02220c2c9c0259f249fa010495641dbcdf5e Loading...

	inklinkor.com/tag.min.js	74 kB	2023-03-13	2023-03-13
Pretty URL inklinkor.com/tag.min.js IP 172.67.211.29 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:48:03 Last Seen2023-03-13 18:50:07 Times Seen1 Hash 6e9f73780991bbfe6da844c085308ea2 c6464ba07fa0f6faa6724cbad71650e79065a4e5 88fb124366971f59a00ffbbb7fcf89aea937868789ad776c45e160226d10e021 Loading...

	p.cpx.to/p/12771/px.js	2.0 kB	2023-03-08	2023-05-09
Pretty URL p.cpx.to/p/12771/px.js IP 18.203.96.189 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:47:35 Last Seen2023-05-09 18:09:53 Times Seen100 Hash a667f26d4e73b4b5098a9c9637d3d29f 83d9b753da4c51039a689bc67956f7f9997854cc a559f41c7e0d2f4852afbf1cf44b736b9158e65b01843c05850f6e8d6b6db9b6 Loading...

	nanouwho.com/27/843a9f1226eda0484b879504742bc6d9	410 kB	2023-03-13	2023-03-13
Pretty URL nanouwho.com/27/843a9f1226eda0484b879504742bc6d9 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:57:03 Last Seen2023-03-13 19:00:10 Times Seen1 Hash 9f59babc3c87d9a134b783f8227393a0 e324af09d2caaf44d5552e76c1e6fbbbeb8fc811 f4bf9c2d13f075ae514fd90eae80abbf0be057f62a8650c17fd88586edca6ab0 Loading...

	contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FvKog&nse=5&vi=1675538023600134899&ugd=4&sff=0&pgid=p02015665066t202302041914&nb=1	550 B	2023-03-13	2023-03-13
Pretty URL contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FvKog&nse=5&vi=1675538023600134899&ugd=4&sff=0&pgid=p02015665066t202302041914&nb=1 IP 2.18.172.23 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:58:51 Last Seen2023-03-13 16:58:51 Times Seen1 Hash 213c480362efff6919340b34105e67ed 87e7898e60bc67e8d4483846e3d36c39792de4ef fe48405371d97647a500e1ef334be070df839c35cef7146cc1c69c5c9950745f Loading...

	gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st#%7B%22uid%22:%7B%22value%22:null,%22origin%22:0%7D,%22lwid%22:%7B%22value%22:null,%22origin%22:0%7D,%22bundle%22:%7B%22value%22:%22SI6f018lMkJFUjlERFdqT0ljdGx6TE10YnNCUURKcnh4SDZnSTVrdUh2NzdNQ0hRUCUyQndGelBuT01wJTJGMTMxcklQcjlPTkxsMmQwT0VDZmhhZCUyRmJpVWZoUnR3cFZEYkZJVW90UUtwRmR0dFc4a2NSMEJvJTNE%22,%22origin%22:3%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22value%22:null,%22origin%22:0%7D,%22tld%22:%22oxy.st%22,%22topUrl%22:%22oxy.st%22,%22cw%22:true,%22lsw%22:true,%22origin%22:%22rtus%22,%22rtusCallerId%22:147,%22requestId%22:%220.6144861157024651%22%7D	14 kB	2023-03-07	2023-05-06
Pretty URL gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st#%7B%22uid%22:%7B%22value%22:null,%22origin%22:0%7D,%22lwid%22:%7B%22value%22:null,%22origin%22:0%7D,%22bundle%22:%7B%22value%22:%22SI6f018lMkJFUjlERFdqT0ljdGx6TE10YnNCUURKcnh4SDZnSTVrdUh2NzdNQ0hRUCUyQndGelBuT01wJTJGMTMxcklQcjlPTkxsMmQwT0VDZmhhZCUyRmJpVWZoUnR3cFZEYkZJVW90UUtwRmR0dFc4a2NSMEJvJTNE%22,%22origin%22:3%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22value%22:null,%22origin%22:0%7D,%22tld%22:%22oxy.st%22,%22topUrl%22:%22oxy.st%22,%22cw%22:true,%22lsw%22:true,%22origin%22:%22rtus%22,%22rtusCallerId%22:147,%22requestId%22:%220.6144861157024651%22%7D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:51:36 Last Seen2023-05-06 00:14:31 Times Seen2035 Hash 49e65b540d43d40997ce3844d41b2dd0 b7331c5edc086ee2c7731b1b36e937e7c44450a7 f185c1b78d87a007d9492a85c6ce64c06cc851ef9f13ca3caf8aaafe243b0ac2 Loading...

	gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st#%7B%22uid%22:%7B%22value%22:null,%22origin%22:0%7D,%22lwid%22:%7B%22value%22:null,%22origin%22:0%7D,%22bundle%22:%7B%22value%22:%22SI6f018lMkJFUjlERFdqT0ljdGx6TE10YnNCUURKcnh4SDZnSTVrdUh2NzdNQ0hRUCUyQndGelBuT01wJTJGMTMxcklQcjlPTkxsMmQwT0VDZmhhZCUyRmJpVWZoUnR3cFZEYkZJVW90UUtwRmR0dFc4a2NSMEJvJTNE%22,%22origin%22:3%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22value%22:null,%22origin%22:0%7D,%22tld%22:%22oxy.st%22,%22topUrl%22:%22oxy.st%22,%22cw%22:true,%22lsw%22:true,%22origin%22:%22rtus%22,%22rtusCallerId%22:147,%22requestId%22:%220.6144861157024651%22%7D	418 B	2023-03-07	2023-04-01
Pretty URL gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st#%7B%22uid%22:%7B%22value%22:null,%22origin%22:0%7D,%22lwid%22:%7B%22value%22:null,%22origin%22:0%7D,%22bundle%22:%7B%22value%22:%22SI6f018lMkJFUjlERFdqT0ljdGx6TE10YnNCUURKcnh4SDZnSTVrdUh2NzdNQ0hRUCUyQndGelBuT01wJTJGMTMxcklQcjlPTkxsMmQwT0VDZmhhZCUyRmJpVWZoUnR3cFZEYkZJVW90UUtwRmR0dFc4a2NSMEJvJTNE%22,%22origin%22:3%7D,%22optout%22:%7B%22value%22:false,%22origin%22:0%7D,%22sid%22:%7B%22value%22:null,%22origin%22:0%7D,%22tld%22:%22oxy.st%22,%22topUrl%22:%22oxy.st%22,%22cw%22:true,%22lsw%22:true,%22origin%22:%22rtus%22,%22rtusCallerId%22:147,%22requestId%22:%220.6144861157024651%22%7D IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:51:37 Last Seen2023-04-01 10:34:33 Times Seen447 Hash 755b312976dc0edb23fa08bed999c482 6685710ba04dc63e4122ec3ce89f3adfe479adf4 663197a6a8353d989cdc65d4f3112e425a00839c85a3fde99bbe451a9c604a6f Loading...

	oxy.st/d/vKog	193 B	2023-03-08	2024-05-10
Pretty URL oxy.st/d/vKog IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2024-05-10 18:07:46 Times Seen9780 Hash 6ecfa1336326d765e016a88ab498b19f f2c66833233de0ec9d468035e8b78dfc40a78de9 abf0d3ee81363003e4704b84b6662250bd8d3ced4685ef9ed9c9122328ae68e1 Loading...

	ads.themoneytizer.com/moneybid7_28/build/dist/prebid.js	591 kB	2023-03-13	2023-03-13
Pretty URL ads.themoneytizer.com/moneybid7_28/build/dist/prebid.js IP 185.76.9.25 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:15:00 Last Seen2023-03-13 18:46:54 Times Seen1 Hash f4757ec231f1aab082fa89dff02d2961 947a54b709165bafa59b16c67a81ab234c02a2e4 5bb06f052a7fa32f471f2e65b09f3a294b6fd633ea7e6989f6fd6b9f799fc995 Loading...

	cdn.adlook.me/js/rlf.js	71 kB	2023-03-09	2023-03-29
Pretty URL cdn.adlook.me/js/rlf.js IP 92.223.124.24 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 22:57:24 Last Seen2023-03-29 23:33:16 Times Seen24 Hash 44e861d9732eee28700fd9b91bc53455 edf09e207b8093b2af6ec34c747c854d8f18374d 4a16bb79b3eb9420d0158bf8ebe6e0e544a826154155f26d2f434e90d25e5085 Loading...

	betotodilea.com/400/5630102	84 kB	2023-03-13	2023-03-13
Pretty URL betotodilea.com/400/5630102 IP 139.45.197.237 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:58:51 Last Seen2023-03-13 16:58:51 Times Seen1 Hash 5d3a7c76558039a231d5d28f33803f5a 1b09cf65726478e7b9e9645ab9f540d7f0ef5f01 a5ab74682a0a2f10dd0aaa7a3191c32b53382855f22b21cacee8ade3e693601e Loading...

	oxy.st/d/vKog	193 B	2023-03-12	2023-03-13
Pretty URL oxy.st/d/vKog IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 14:58:04 Last Seen2023-03-13 22:55:43 Times Seen1 Hash c6f43beae4de3a12d3b73d59d424abab 572a02205a5f39f98da834572d60b4f2612f4a43 980850e4e7d9aff8c856608a70c975771451b48f2fff4ded566311403d16ec3b Loading...

	ads.themoneytizer.com/s/gen.js?type=2	4.9 kB	2023-03-12	2023-03-13
Pretty URL ads.themoneytizer.com/s/gen.js?type=2 IP 185.76.9.25 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 15:45:41 Last Seen2023-03-13 19:38:17 Times Seen1 Hash 201890094a0bc618e37a4188bd05129c a8bf896da4eb9a532214295db220fe72a9013920 70ee840253a7cb7c07edabed96e9a7cf14e2099c8ee00fc0e1bebd6628d773fe Loading...

	oxy.st/d/vKog	497 B	2023-03-07	2023-04-05
Pretty URL oxy.st/d/vKog IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:32 Last Seen2023-04-05 01:55:46 Times Seen28 Hash a010578715b1a87b2eb9cddffb170a90 a086b82341838ebecf514fac053023fa34b861a4 ccbe2ad7cc0e6e2882a8221b456efd5acc6ea52f922b0c8ffb6e965222df60da Loading...

	spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258	62 kB	2023-03-07	2023-03-26
Pretty URL spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258 IP 104.22.24.87 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:29 Last Seen2023-03-26 09:14:01 Times Seen2 Hash 2274941132e3cabeb06ba10635e091e1 eae64e2336d41f210e684d766bbc90752b67f25a 52d507688e76dfbe48fce79beb89be7f30101e95e9e06c121c461e30517ab36f Loading...

	oxy.st/slake/asset/js/bootstrap.min.js	49 kB	2023-03-07	2024-05-10
Pretty URL oxy.st/slake/asset/js/bootstrap.min.js IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:44 Last Seen2024-05-10 23:52:53 Times Seen139508 Hash 14d449eb8876fa55e1ef3c2cc52b0c17 a9545831803b1359cfeed47e3b4d6bae68e40e99 e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b Loading...

	tag.leadplace.fr/libJsLP.js	5.5 kB	2023-03-07	2023-12-06
Pretty URL tag.leadplace.fr/libJsLP.js IP 145.239.192.166 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:29 Last Seen2023-12-06 11:11:01 Times Seen14646 Hash a0c24f993bc0901cfe62d1e801cb2b45 7eb2bdce06161ae486bc8e7ecd0b5c9c4f7b2984 80fccb00db57a177d26368cda09f8a540cf1aa641b8b6837047e86d3bd8d6333 Loading...

	ibrapush.com/pfe/current/tag.min.js?z=5630104	15 kB	2023-03-13	2023-03-13
Pretty URL ibrapush.com/pfe/current/tag.min.js?z=5630104 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:28:22 Last Seen2023-03-13 18:47:21 Times Seen1 Hash dcb7609ee3c9cdebf9ff27705198646f 6d769ef447e81bbf9b2d36d964826e9d34c1b9a2 96ac715a4b5ef34b6a45ef1e16ca0b269258ec85e4c7cc668875d1cea76ad23f Loading...

	oxy.st/slake/asset/js/main.js	8.7 kB	2023-03-08	2024-05-10
Pretty URL oxy.st/slake/asset/js/main.js IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2024-05-10 18:07:46 Times Seen19366 Hash 86fe5c70d7107cc8ab30e192072ac15d 15cd81d73ddec861349d2f1b2d4cf10eaefa9373 b1de65cb0d3a28aeed81012371764b92d0ac30077edb2d768dfdfd8640cfc7c1 Loading...

	oxy.st/d/vKog	212 B	2023-03-13	2023-03-13
Pretty URL oxy.st/d/vKog IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:58:51 Last Seen2023-03-13 16:58:51 Times Seen1 Hash f94f867aeb5e87a49c0cc33061209686 d30309182597100e7e813145a61ea0eb0838f858 196d4236be1433a8b4399853dc4335d99ccc37a1735146402a7153aee0820ead Loading...

	oxy.st/slake/asset/js/ajax-mail.js	1.7 kB	2023-03-08	2024-05-10
Pretty URL oxy.st/slake/asset/js/ajax-mail.js IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2024-05-10 18:07:46 Times Seen19396 Hash 06acf64af6cd1d69540460ddb018c78c 9db22d7b6b6a223abca82e69fc4fba0c987587c2 259ce4dee332f67cc9d86367330efa87617f8c78428774d26dd0528f4942f39c Loading...

	unphionetor.com/fv.js?t=72747&cb=1435429157	5.2 kB	2023-03-07	2024-05-11
Pretty URL unphionetor.com/fv.js?t=72747&cb=1435429157 IP 139.45.197.236 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:56 Last Seen2024-05-11 00:17:31 Times Seen2378 Hash 563d777535ce88943a94a6be86f378c8 8753745424d367275e3fe55a5661fe51b1e1fb72 0f467a48a494f7f63968707dc43785b728d0c17f93c12937c1e5b12798f3a98a Loading...

	interstitial-07.com/?l=zK3ge3qjcPqt2jk&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3028078003%26z%3D5630103%26b%3D16336477%26c%3D6497346%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DIP3Or6cenRZYwDQ2xcp4kYhfB877jUjvc8kaXVymJ565hWLnprPEyUOKCz6Ybp9PNBdZ7wvYazmXwpYu_bqBQCjMHQTdgGM0RYar6mMg5gC4pYwM5iLv2SYPVR1snc5QkD0QtyT5OgaT_3rkFAyk6VhCBk3av6I8QIDJUzFpxnefm7ILgTgX0RqMcs7Uf1eJwzV5oNHwrsqqorDiCSmlnRJSQtFFM9CXkjrazj0MT90nS8sxAHRVkK4t3dtCKUywebl_mtvqN0WBc8yctgRgrh-aYoOGoJiChvqCaVGy1Cd9c9H9DRWcMfHTUH-Tsz4JxsFFqNw3YMCilHAWv0npfZ7RaYSzKO1yB5oPSAtAUp-4439kvSizIA4ITJg8oEx6IhTakZiA6bYZuS1Q_8rUzXsJT_9gfHfPQoL_Ne4lqADAOdxlHSACF-FEJTJF3EC-BDE2KWYBPFBExr4NW0R4dnd2f_hT7r5SUc6w09Ynnq9OVSrUBCieRAsxMAl5xP4VZR3svbdhYOHxItY7EFEuyOrEtWqDTcLcDIZJx_a6De0TPVYpOl6IvLonkebLsRDc_wfs5BX6k6F6lAb7PsxzvvsiDNoA6-NC0MXPwkoKuEHfUpNxMnjALQbcFyT30Tu3x6_p-IB-amqKuq4EBAVEcXXutiaUZPXuSQ6DK1NWcMy5VKzCw62WM8CtYeDA9Atl_yMFSsiFqwgDmCdfDBj1RFOtcoIV4jqCZVnu5jjkH_8OmKNbR9dCNg%3D%3D%26bag%3Dk61ASqzarAVbT7gseeGtWw%3D%3D%26ruid%3D614e4d89-88b6-4149-9f66-5c81cae9e9d1%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FvKog%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D3%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0	1.5 kB	2023-03-13	2023-03-13
Pretty URL interstitial-07.com/?l=zK3ge3qjcPqt2jk&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3028078003%26z%3D5630103%26b%3D16336477%26c%3D6497346%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DIP3Or6cenRZYwDQ2xcp4kYhfB877jUjvc8kaXVymJ565hWLnprPEyUOKCz6Ybp9PNBdZ7wvYazmXwpYu_bqBQCjMHQTdgGM0RYar6mMg5gC4pYwM5iLv2SYPVR1snc5QkD0QtyT5OgaT_3rkFAyk6VhCBk3av6I8QIDJUzFpxnefm7ILgTgX0RqMcs7Uf1eJwzV5oNHwrsqqorDiCSmlnRJSQtFFM9CXkjrazj0MT90nS8sxAHRVkK4t3dtCKUywebl_mtvqN0WBc8yctgRgrh-aYoOGoJiChvqCaVGy1Cd9c9H9DRWcMfHTUH-Tsz4JxsFFqNw3YMCilHAWv0npfZ7RaYSzKO1yB5oPSAtAUp-4439kvSizIA4ITJg8oEx6IhTakZiA6bYZuS1Q_8rUzXsJT_9gfHfPQoL_Ne4lqADAOdxlHSACF-FEJTJF3EC-BDE2KWYBPFBExr4NW0R4dnd2f_hT7r5SUc6w09Ynnq9OVSrUBCieRAsxMAl5xP4VZR3svbdhYOHxItY7EFEuyOrEtWqDTcLcDIZJx_a6De0TPVYpOl6IvLonkebLsRDc_wfs5BX6k6F6lAb7PsxzvvsiDNoA6-NC0MXPwkoKuEHfUpNxMnjALQbcFyT30Tu3x6_p-IB-amqKuq4EBAVEcXXutiaUZPXuSQ6DK1NWcMy5VKzCw62WM8CtYeDA9Atl_yMFSsiFqwgDmCdfDBj1RFOtcoIV4jqCZVnu5jjkH_8OmKNbR9dCNg%3D%3D%26bag%3Dk61ASqzarAVbT7gseeGtWw%3D%3D%26ruid%3D614e4d89-88b6-4149-9f66-5c81cae9e9d1%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FvKog%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D3%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 IP 139.45.197.151 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:58:51 Last Seen2023-03-13 16:58:51 Times Seen1 Hash cf67c409c4a6df325b9939de9c14636f c954257f62d3f15207c61fb1a07d4ab01c0401ce 7079c21d5b94ac559e2a30369b78695acf4a388d44daa1d4d67ad1e65a475067 Loading...

	gum.criteo.com/sync?c=147&r=2&j=criteoCallback	30 kB	2023-03-07	2023-03-26
Pretty URL gum.criteo.com/sync?c=147&r=2&j=criteoCallback IP 178.250.0.157 ASN #44788 Criteo SA Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:36:08 Last Seen2023-03-26 04:43:41 Times Seen35 Hash 80bfc02fde42033a0f48537690341313 268ee930484015bbbaf4f221a76d800bfba7f24d 259a03dd0fab544bf8564bacd97ad8562de81c929f00037a463f77fee3445fb0 Loading...

	oxy.st/d/vKog	183 B	2023-03-08	2023-04-01
Pretty URL oxy.st/d/vKog IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2023-04-01 10:27:01 Times Seen24 Hash dcfcdc72905c80505fc5222e23485031 afc7e2812ad5c3f7eb6954e4f54c6bee6e6f90f6 9518487666010d845d26fe2dd23260f566b305b6b528852a611a798d34d7df12 Loading...

	contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM	15 kB	2023-03-13	2023-03-14
Pretty URL contextual.media.net/checksync.php?&gdpr=1&usp_status=0&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:58:51 Last Seen2023-03-14 04:14:34 Times Seen1 Hash 935c84fdac1d40c9e6217711905426ab b278fe4f3fa1a7567ff1b1dabf4df4b4bb9eb5bf 07a88e56b50e01170991a8acbd244873f44c044e87dea225efc31b4cb49fea50 Loading...

	cdn.adlook.me/u/cds.html	1.3 kB	2023-03-07	2023-03-29
Pretty URL cdn.adlook.me/u/cds.html IP 92.223.124.24 ASN #199524 G-Core Labs S.A. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:53:41 Last Seen2023-03-29 23:33:16 Times Seen25 Hash b1085e2e3e7908742eebe4b9c54d28e0 dbc685b9fd34b562bf2d8d140ce3f2824108994a 5d37320a43aaf6303b47381532935be8ea870415a8f006a83ffc2e8f1611a715 Loading...

	oxy.st/d/vKog	102 kB	2023-03-13	2023-03-13
Pretty URL oxy.st/d/vKog IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:28:22 Last Seen2023-03-13 18:47:20 Times Seen1 Hash 6486e114fbb50d2a51410d1b815efca9 ed7dbe7163b58dc35aa1187cceee1f75e2fa11b6 d6722782df04c672031e5118f553aa8a562bb13075c989fc5c8d522d10a3c3ea Loading...

	rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js	1.1 kB	2023-03-08	2023-05-06
Pretty URL rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js IP 54.230.111.33 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:17:06 Last Seen2023-05-06 00:25:32 Times Seen369 Hash 1f431dc94c1f033d6666f0fe637e2d7b 18ee472909d5856fe9684765258c50731efbbdbe 1cc6de1a4f6a561a6aa75d08bae33388b2e8905d01753aa41e4886a466d7c28c Loading...

	oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js	46 kB	2023-03-07	2024-05-10
Pretty URL oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:19 Last Seen2024-05-10 18:07:46 Times Seen20024 Hash 9df3cfdcc9b72f1aa24e2e114455ae7a e6ac207cdb6c4591f2d39f2a645f6dbf42534f89 5ab5f19f9bd4a4ddcf14235fc1684eefe7cfbfbc33f0a1fce661b13de43092be Loading...

	oxy.st/slake/asset/js/jquery.min.js	87 kB	2023-03-07	2024-05-10
Pretty URL oxy.st/slake/asset/js/jquery.min.js IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-05-10 23:46:12 Times Seen26538 Hash 4b57cf46dc8cb95c4cca54afc85e9540 05e1ad0cc600a057886deaf237ab6e3d4fcdb5ac a28ccf8a7b50522bdeea0cd83cdeca221c18fc1f9df3ee6b3d3c48d599206855 Loading...

	oxy.st/d/vKog	199 B	2023-03-09	2024-05-10
Pretty URL oxy.st/d/vKog IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 22:57:24 Last Seen2024-05-10 18:07:46 Times Seen9506 Hash c178512b2fa871ed859cc5c78614a90f 3ea9b0941dac51dd0ec23713471efcf88e4fe204 916a18878c3b59bd1b1faf426fd8e58722a759fcd14f5fe3209943b74a5bc952 Loading...

	oxy.st/d/vKog	711 B	2023-03-09	2024-05-10
Pretty URL oxy.st/d/vKog IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 22:57:24 Last Seen2024-05-10 18:07:46 Times Seen9694 Hash 13e6988b26e75ff59bcbc49efbcd731e a69dec8eeeae18fa09688a66572d7329706ec7a4 7f9fb86fa3190bd7ccbd2c4d56b9ed87d71897e299917eaa5dc41ffdbb1f74ab Loading...

	ced.sascdn.com/tag/1097/smart.js	98 kB	2023-03-12	2023-03-13
Pretty URL ced.sascdn.com/tag/1097/smart.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 13:20:48 Last Seen2023-03-13 18:19:33 Times Seen1 Hash 147a33ff54d750b9436ca60581175181 623358022f123f42c2ce51b4b7fae76f6a7a77e1 b52ad46ce393602be0dcc61bf96cf97052d1e2c74f97bb85104a0889f690d4c8 Loading...

	oxy.st/d/vKog	102 B	2023-03-13	2023-03-13
Pretty URL oxy.st/d/vKog IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:58:51 Last Seen2023-03-13 16:58:51 Times Seen1 Hash 12bc8ae71e9f6aaef5afd5fb0c5295c2 ccb2c8218c8dbda4f4411449bc1afeee8f129f6f cb42ba7c1c62fa3257ab9a77c43cf21846a03feaebda074eeada03184b9fe716 Loading...

	oxy.st/slake/asset/js/plugins.js	339 kB	2023-03-08	2024-05-10
Pretty URL oxy.st/slake/asset/js/plugins.js IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2024-05-10 18:07:46 Times Seen9615 Hash 132e96f62255f4daf2aff234f50912c2 62bbe81f1a3c0babfc39e2c3abf6d5687f3493f6 07174a0088fe0b461713a172e371e448f3d8eef64886d3e2f04a2e178073f6ad Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js	1.3 kB	2023-03-07	2024-05-10
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:34 Last Seen2024-05-10 15:10:50 Times Seen8753 Hash 4412bf8023109ee9eb1f1f226d391329 c273960aa874a87dd022b5e597887142f1b8e34f d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6 Loading...

	secure.quantserve.com/quant.js	26 kB	2023-03-13	2023-03-14
Pretty URL secure.quantserve.com/quant.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:54:25 Last Seen2023-03-14 00:00:09 Times Seen1 Hash bbeae221ba5e592568957a38afe753da f9590fc8632e5f0a320573091ffe67d83a59964f 2a15822e997e4b7b172e4b1e4c1366dd01f10ff936a8971ce15510f207b5d25c Loading...

	oxy.st/d/vKog	255 B	2023-03-09	2024-05-10
Pretty URL oxy.st/d/vKog IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 22:57:24 Last Seen2024-05-10 18:07:46 Times Seen7523 Hash d47a28c42c0b4402186a014830e33c59 c65eca97fa75a6d7910a6511c9c26b7927c91dc2 b45fb4585ee569e83749f3d7dc9e2da394a9d6d463e1e8fc2effebbfb8527dc3 Loading...

	oxy.st/slake/asset/js/ajax-subscribe.js	1.4 kB	2023-03-08	2024-05-10
Pretty URL oxy.st/slake/asset/js/ajax-subscribe.js IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2024-05-10 18:07:46 Times Seen19368 Hash b53436c6ec7e681a3edcec13f42ec715 0aa1b02b89e734193d43d6385ebc5939bb666fd0 3b28dd2b4eda9085ee35fb2aae1d706c6d003c2521e4ad62bb2ef2e6969bca83 Loading...

	contextual.media.net/dmedianet.js?cid=8CU7BC15F	149 kB	2023-03-13	2023-03-13
Pretty URL contextual.media.net/dmedianet.js?cid=8CU7BC15F IP 2.18.172.23 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:58:51 Last Seen2023-03-13 16:58:51 Times Seen1 Hash f0bd949a33fcea98eb20e7f471e1a04b c613f92cd2600369c7c7bb4fa535ae0d24b9bd58 cdf1d8b26b0e55060be87c3ba960ddb6ec433879007387f7472c22d41ba02709 Loading...

	oxy.st/d/vKog	203 B	2023-03-08	2024-05-10
Pretty URL oxy.st/d/vKog IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:10:53 Last Seen2024-05-10 18:07:46 Times Seen9808 Hash bff65d72294ae1a1fc014c9e9f776615 cf200b19907d85ad2bcc12a6224d52b0e791cdaf 3d94f0c46ddac793f8834d2727f4f4c38915244512e7a4b42ec10d68106a7660 Loading...

	oxy.st/d/vKog	965 B	2023-03-09	2023-04-01
Pretty URL oxy.st/d/vKog IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 22:57:24 Last Seen2023-04-01 10:27:01 Times Seen23 Hash 1f2af4be15233c94732028f340908a41 6953d65533d246e0ce4d9d98973f68b9e2a0152b 5290521804727a0a6e618b6f9a515c04894358401f6b9356c9e1f48ab9ab7c6e Loading...

	tzegilo.com/stattag.js	17 kB	2023-03-13	2023-03-14
Pretty URL tzegilo.com/stattag.js IP 104.21.89.122 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 15:57:04 Last Seen2023-03-14 07:35:08 Times Seen1 Hash 0576b696d0d93d3d09a14184fd321641 54ae6d8827838d84d082db92a01fe8534c6f3782 a79a9f73119b87e83d5762597cd84b735e443825d2e320e8f55693843ae5bacc Loading...

	ads.themoneytizer.com/IIQUniversalID.js	53 kB	2023-03-10	2024-05-05
Pretty URL ads.themoneytizer.com/IIQUniversalID.js IP 185.76.9.25 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 09:11:21 Last Seen2024-05-05 19:03:44 Times Seen84 Hash e8f338d8c91c35b946dba69efca7a232 7f05768c9921dea0aad7c93ff354bf33517254e4 7bb23de30daa7e81e2fafc5d2fbcada4b6fefc10c3251661952a341d6864aa8e Loading...

	ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=2	135 kB	2023-03-13	2023-03-13
Pretty URL ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=2 IP 185.76.9.25 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:58:51 Last Seen2023-03-13 17:38:04 Times Seen1 Hash 580bdf50feb1819bf43a76d77f5055aa 920c0899499cc85ff3b83fca298e1c8f8d31dfff 3f79fe224e633641b8f3e28958f7aff1f2aaff1c512a32f3b0d6364688979ebc Loading...

	whereres.com/api/scripts/mSetupWidget?id=363	35 kB	2023-03-12	2023-03-14
Pretty URL whereres.com/api/scripts/mSetupWidget?id=363 IP 88.208.46.156 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:08:26 Last Seen2023-03-14 06:50:29 Times Seen1 Hash dc43adec9be7ab048033ee28b0477ad1 63db771d90e9c1018605e140b2490a35da3d77ea 52e0cf3855c906381d0c5c0de9209dd3bf3de9289addf228de0b6e75108b642b Loading...

	oxy.st/d/vKog	143 B	2023-03-13	2023-03-13
Pretty URL oxy.st/d/vKog IP 185.178.208.137 ASN #57724 Ddos-guard Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:58:51 Last Seen2023-03-13 16:58:51 Times Seen1 Hash 722adcd76f02a9f3ff2cfd28165d899e 41bc68ab393389bf96fa4bdde6bdcd9ccbe24e80 4bcb86265dc99f470cec93996cc76cd8181e811353a44119aee255e267a2216f Loading...

	nanouwho.com/1?z=5630103	18 kB	2023-03-13	2023-03-13
Pretty URL nanouwho.com/1?z=5630103 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:58:51 Last Seen2023-03-13 16:58:51 Times Seen1 Hash eb29279c8d8f9ab31ddc80e672734cec 9cd52b97124309347711a82d388a004f92e99f31 989280c7340e59f8d52cada4b5fe64d03fcbf885fd294e7d4eb73e24af7b5b44 Loading...

	s.cpx.to/fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FvKog&hn_ver=40&fid=7366b0de-cc5a-4870-a677-f558ad85e980	652 B	2023-03-13	2023-03-13
Pretty URL s.cpx.to/fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FvKog&hn_ver=40&fid=7366b0de-cc5a-4870-a677-f558ad85e980 IP 52.50.35.7 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:58:51 Last Seen2023-03-13 16:58:51 Times Seen1 Hash 7d5eefdad1e7b46436312393c9aae067 12fa18bcfe8b69d28285e8e45c305f40f2ac7574 0a9992021a37a02929341040793e231b3587788afa9cc7ee66646f1f94968f08 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 5f5e3826782e2faa08b70eb005773f02	79 B	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 16:58:51 Last Seen2023-03-13 16:58:51 Times Seen1 Hash 5f5e3826782e2faa08b70eb005773f02 36c615d5992890e621fef568297116e2b6691560 ee91ba0c3317859f1a92961e6961153c1ab92654c2d9d2e99a74d65d862841de Loading...

		Size	First Seen	Last Seen
	#1 Write - c471acecc70f5d21af18f1aa592fddc0	308 B	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 16:58:51 Last Seen2023-03-13 16:58:51 Times Seen1 Hash c471acecc70f5d21af18f1aa592fddc0 84652178364e991449d685680307ad987e8dae30 2ba897e7b5db91d0a3a2b56667cc4e62f6e8122fb93ad721740b67f03e4ff861 Loading...

	#2 Write - 0d628f4f82363bb44a2d6b12d73ee702	326 B	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 16:58:51 Last Seen2023-03-13 16:58:51 Times Seen1 Hash 0d628f4f82363bb44a2d6b12d73ee702 1e981685e6ff848e4766e82e6c95d3d21a31d3e1 c8e123d38c1568c0aa331dacbaf50559be173f1ef479193297b7437e8aaebd1d Loading...

	#3 Write - ce6bffe55ce28b1e6ed9b06677acb502	298 B	2023-03-08	2023-04-30
Pretty Observations First Seen2023-03-08 16:10:53 Last Seen2023-04-30 21:31:06 Times Seen51 Hash ce6bffe55ce28b1e6ed9b06677acb502 73d0b9c700d603484dbe5447e3f95de8ba81b939 3f853347836c2f4e3f50a468fd03c0d34b1376dd0d9de42e26ae76a5f59497dd Loading...

HTTP Transactions (172)

URL IP Response Size

oxy.st/d/vKog

185.178.208.137

301 Moved Permanently

568 B

URL HTTP/1.1
oxy.st/d/vKog
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (564), with no line terminators
Size
568 B (568 bytes)
Hash
2761b98db33884ab29711096ab315edb
8cea6e53464aea178b72e06a906205d040f14ca5
9f7a07f69d9b9a5af186a79159ccea18935ab4103128ca967e3f3f8ae45fb3ee

HTTP Headers

GET /d/vKog HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: ddos-guard
Date: Sat, 04 Feb 2023 19:13:41 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Location: https://oxy.st/d/vKog
Content-Type: text/html; charset=utf8
Content-Length: 568

r3.o.lencr.org/

23.36.76.249

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
81713f952b51a865ad9764cde68e3fdb
278c3a9c4bb2a0ffb7375f90d89a1ba6e90a766a
c2eb0d8a24ecb51af28f1c71db4b9a95c568dcf6c94b41ee8c78787a4ebebcef

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2EB0D8A24ECB51AF28F1C71DB4B9A95C568DCF6C94B41EE8C78787A4EBEBCEF"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2172
Expires: Sat, 04 Feb 2023 19:49:54 GMT
Date: Sat, 04 Feb 2023 19:13:42 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.249

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12845
Expires: Sat, 04 Feb 2023 22:47:47 GMT
Date: Sat, 04 Feb 2023 19:13:42 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 18:36:15 GMT
content-type: application/json
age: 2247
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.249

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20510
Expires: Sun, 05 Feb 2023 00:55:32 GMT
Date: Sat, 04 Feb 2023 19:13:42 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: zb9PaJafMGcNP4X9Q7DO1eDk39lmg6Glepx1XsuEsyewyft1Widi96WUq0zLCUIEfFBJPvbq32I=
x-amz-request-id: YJQ97TQXWFD9KPX8
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 18:52:56 GMT
age: 1246
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.249

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
14881c592018d5a65f40044e053dda86
8bffa0055a2a28e0d41a3b72212d089ff52de642
1dbe86e7568743f656978b551e29f1250fa92b7162c178093d6ec227f552c066

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1DBE86E7568743F656978B551E29F1250FA92B7162C178093D6EC227F552C066"
Last-Modified: Thu, 02 Feb 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10038
Expires: Sat, 04 Feb 2023 22:01:00 GMT
Date: Sat, 04 Feb 2023 19:13:42 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:42 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js

104.17.24.14

200 OK

591 B

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1266)
Size
591 B (591 bytes)
Hash
414869f16aa77a65b4928a018f7f1abb
cea521f7a2958a50239526ed6b068f0937527653
afee364ce513c6517247b81cce5eb5eadb1dbbb35e439eb3fa97bbc15fac2cd3

HTTP Headers

GET /ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 591
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec1-514"
last-modified: Mon, 04 May 2020 16:11:45 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 8131915
expires: Thu, 25 Jan 2024 19:13:42 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0HNuOV0%2BGvCmQYFC%2Bmi56uUDNddOzZY4sRYVM%2Fi5C78y3xfAMiLsZ35o9TG%2BmoocKjTItWirUNvD69K%2BMR4URGWEzBWYuaJfodoTH7LuGKd1MQScI50%2BvPeTZASwGRDppetVcofN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7945b9a13dc3b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

oxy.st/slake/asset/css/bootstrap.min.css

185.178.208.137

200 OK

20 kB

URL HTTP/2
oxy.st/slake/asset/css/bootstrap.min.css
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (65325)
Size
20 kB (20483 bytes)
Hash
4588208961b6b7ed6cd974687346348a
52085a4f6c875b6949261704f05050c1727e9c55
95a95b07b4e0d051f83a51b680810572bd1244b42cb6e640d3b29b98f3e92885

HTTP Headers

GET /slake/asset/css/bootstrap.min.css HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/vKog
Cookie: __ddg1_=YBL8p34iJl5URvVxhaN7; PHPSESSID=iau4ej3e22uktv7qd6ds8gddf2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 01 Feb 2023 06:48:15 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-235ed"
age: 303927
content-length: 20483
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

oxy.st/slake/asset/css/elements.css?1

185.178.208.137

200 OK

24 kB

URL HTTP/2
oxy.st/slake/asset/css/elements.css?1
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (460), with CRLF line terminators
Size
24 kB (24208 bytes)
Hash
82db06ca267ac7fdd878a1df35f41f4e
9dae7f1ae60d7b83dbdada64fd1b4296f8f20051
3847721350fd764d4d21cb4d2e02ab95c4ccdaa9d8ffefeb6f1078bf169ac6fb

HTTP Headers

GET /slake/asset/css/elements.css?1 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/vKog
Cookie: __ddg1_=YBL8p34iJl5URvVxhaN7; PHPSESSID=iau4ej3e22uktv7qd6ds8gddf2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 29 Jan 2023 10:53:52 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 24208
ddg-cache-status: HIT,HIT
etag: W/"5eefbeb2-2fbea"
age: 548390
X-Firefox-Spdy: h2

oxy.st/images/sprite3.png

185.178.208.137

200 OK

2.1 kB

URL HTTP/2
oxy.st/images/sprite3.png
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 124 x 49, 8-bit/color RGBA, non-interlaced\012- data
Size
2.1 kB (2059 bytes)
Hash
b08166a270b58c28d429bf2f9ffece6c
91dab55cbe8c802a7c56cd9d2ffaee9ccea4a49f
a21a9fa89fb6dd8c8e84907a99b0374abdf641c71c55e0283b7758e8f2a12507

HTTP Headers

GET /images/sprite3.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/vKog
Cookie: __ddg1_=YBL8p34iJl5URvVxhaN7; PHPSESSID=iau4ej3e22uktv7qd6ds8gddf2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 25 Aug 2022 10:28:42 GMT
content-type: image/png
content-length: 2059
last-modified: Sun, 27 Mar 2022 20:43:28 GMT
etag: "6240cc70-80b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 14114700
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js

185.178.208.137

200 OK

13 kB

URL HTTP/2
oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (32001), with CRLF line terminators
Size
13 kB (12929 bytes)
Hash
112891904d2ce52d072013c5e993463a
4cca8f66204463d7dc6f9f6819e3ebbd0636f5b1
d58c3c940e6ac6a2587c3d28ef50dd9dc6f20ea23c213ac5ff75419656fd3291

HTTP Headers

GET /slake/asset/js/jquery.mCustomScrollbar.concat.min.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/vKog
Cookie: __ddg1_=YBL8p34iJl5URvVxhaN7; PHPSESSID=iau4ej3e22uktv7qd6ds8gddf2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 26 Jan 2023 22:48:10 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-b1ab"
age: 764732
content-length: 12929
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

oxy.st/slake/asset/js/main.js

185.178.208.137

200 OK

1.8 kB

URL HTTP/2
oxy.st/slake/asset/js/main.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (368)
Size
1.8 kB (1840 bytes)
Hash
76d3c4da3644ed1684ed54ff59305a5a
3e03f21e8af17de66be1aa22a6f952c000fbcc70
adc0957a4224cf75ae632338e6e52591d0552189b8ba1a4e7f19885405dfc2f8

HTTP Headers

GET /slake/asset/js/main.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/vKog
Cookie: __ddg1_=YBL8p34iJl5URvVxhaN7; PHPSESSID=iau4ej3e22uktv7qd6ds8gddf2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 01 Feb 2023 13:24:46 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 1840
ddg-cache-status: HIT,HIT
etag: W/"5eefbeb2-2210"
age: 280136
X-Firefox-Spdy: h2

oxy.st/slake/asset/js/ajax-subscribe.js

185.178.208.137

200 OK

635 B

URL HTTP/2
oxy.st/slake/asset/js/ajax-subscribe.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with CRLF line terminators
Size
635 B (635 bytes)
Hash
574b8cde44d6b421cd12af0df0cca335
7dbd98f2d7925795343e8b8a3fc0c91ba496f526
035c75b2646589e751a275f3469f1e53b5e9c55cff4f0b3d3cbdfbb248aef9c2

HTTP Headers

GET /slake/asset/js/ajax-subscribe.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/vKog
Cookie: __ddg1_=YBL8p34iJl5URvVxhaN7; PHPSESSID=iau4ej3e22uktv7qd6ds8gddf2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 30 Jan 2023 16:14:08 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 635
ddg-cache-status: HIT,HIT
etag: W/"5eefbeb2-595"
age: 442774
X-Firefox-Spdy: h2

oxy.st/slake/cookie.css?ver=6

185.178.208.137

200 OK

299 B

URL HTTP/2
oxy.st/slake/cookie.css?ver=6
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text
Size
299 B (299 bytes)
Hash
6d5f76f4027c2e9a60d78a83f4b952cd
b4ae6d8509643916be8eff3979acec375867708b
2338311f30dadbc2bffe2bdbfdd100c148e8fe4cb50ca669c7ff602a9c206f94

HTTP Headers

GET /slake/cookie.css?ver=6 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/vKog
Cookie: __ddg1_=YBL8p34iJl5URvVxhaN7; PHPSESSID=iau4ej3e22uktv7qd6ds8gddf2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 25 Jan 2023 20:55:55 GMT
content-type: text/css
last-modified: Mon, 15 Feb 2021 21:38:28 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 299
ddg-cache-status: HIT,HIT
etag: "602ae9d4-224"
age: 857867
X-Firefox-Spdy: h2

oxy.st/slake/asset/css/jquery.mCustomScrollbar.min.css

185.178.208.137

200 OK

4.0 kB

URL HTTP/2
oxy.st/slake/asset/css/jquery.mCustomScrollbar.min.css
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (42894), with no line terminators
Size
4.0 kB (3950 bytes)
Hash
a6ffd799664bd950121e2e9f0d9b2667
88af5ed7d6e3ed43ee0ec21fb314e03fb07867f0
de088565a1c5910a1c409bf3ec676c5d0c7c1304a18c744b46771c09fa6bdcad

HTTP Headers

GET /slake/asset/css/jquery.mCustomScrollbar.min.css HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/vKog
Cookie: __ddg1_=YBL8p34iJl5URvVxhaN7; PHPSESSID=iau4ej3e22uktv7qd6ds8gddf2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 30 Jan 2023 02:58:21 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 3950
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-a78e"
age: 490521
X-Firefox-Spdy: h2

oxy.st/slake/asset/js/ajax-mail.js

185.178.208.137

200 OK

544 B

URL HTTP/2
oxy.st/slake/asset/js/ajax-mail.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with CRLF line terminators
Size
544 B (544 bytes)
Hash
4eb7582278a2e3748b9017bb83307caf
93c419ea8637148be2192bfa8068ed8009e3add7
59ccbe475f369df6e9daf6480deb023a38b4fc29016142e062f76f4218f66abc

HTTP Headers

GET /slake/asset/js/ajax-mail.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/vKog
Cookie: __ddg1_=YBL8p34iJl5URvVxhaN7; PHPSESSID=iau4ej3e22uktv7qd6ds8gddf2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 26 Jan 2023 16:25:47 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 544
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-683"
age: 787675
X-Firefox-Spdy: h2

oxy.st/slake/responsive.css?ver=5

185.178.208.137

200 OK

12 kB

URL HTTP/2
oxy.st/slake/responsive.css?ver=5
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text
Size
12 kB (11872 bytes)
Hash
c9887952027ae1466ab90ba9dcd23ce3
0afb76db6c9644265da1820da0afe7aaef448e53
f16e171dae88fb2e1970604b6152409551d184fb1977a2668dd19f36dc0ab338

HTTP Headers

GET /slake/responsive.css?ver=5 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/vKog
Cookie: __ddg1_=YBL8p34iJl5URvVxhaN7; PHPSESSID=iau4ej3e22uktv7qd6ds8gddf2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 30 Jan 2023 18:15:32 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 22:27:36 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefded8-135c7"
age: 435490
content-length: 11872
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

oxy.st/slake/asset/js/bootstrap.min.js

185.178.208.137

200 OK

13 kB

URL HTTP/2
oxy.st/slake/asset/js/bootstrap.min.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (48664)
Size
13 kB (13046 bytes)
Hash
061a1656d3064d501413d45bef002938
1fec864435f996d6f5cec2f95b9b24cafef0b182
a7b82b175ee2cb823d904fc89454e91e6e92c91f91c0de1663d54e62bf3cc6e1

HTTP Headers

GET /slake/asset/js/bootstrap.min.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/vKog
Cookie: __ddg1_=YBL8p34iJl5URvVxhaN7; PHPSESSID=iau4ej3e22uktv7qd6ds8gddf2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 17:11:51 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 13046
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-bf30"
age: 7311
X-Firefox-Spdy: h2

oxy.st/css/cloud.css

185.178.208.137

200 OK

9.2 kB

URL HTTP/2
oxy.st/css/cloud.css
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (14454)
Size
9.2 kB (9206 bytes)
Hash
0517562cc81de376b3c1fee3e8bef414
80df32c8b71549b0253cce1b47fe13d82fc1b604
184ccb46109faef0678ef3a603a551e55d3f9ff74a200ebeaba2c23655e52c8a

HTTP Headers

GET /css/cloud.css HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/vKog
Cookie: __ddg1_=YBL8p34iJl5URvVxhaN7; PHPSESSID=iau4ej3e22uktv7qd6ds8gddf2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 29 Jan 2023 12:30:59 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:25 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 9206
ddg-cache-status: HIT,HIT
etag: W/"5eefbeb1-d024"
age: 542563
X-Firefox-Spdy: h2

oxy.st/slake/style.css?ver=6

185.178.208.137

200 OK

24 kB

URL HTTP/2
oxy.st/slake/style.css?ver=6
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text
Size
24 kB (24360 bytes)
Hash
cd7b3e4dfecea7028bc1bdeda5a47477
5c37dcaa4ed3c2a4051e4dc1714a342ac0de8365
4d401337713e7f1c9f6588f8f7d79721e531c837b5f2f73c0b3cb372fd8f9b87

HTTP Headers

GET /slake/style.css?ver=6 HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/vKog
Cookie: __ddg1_=YBL8p34iJl5URvVxhaN7; PHPSESSID=iau4ej3e22uktv7qd6ds8gddf2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 31 Jan 2023 16:34:53 GMT
content-type: text/css
last-modified: Fri, 18 Dec 2020 20:37:06 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5fdd12f2-2a549"
age: 355129
content-length: 24360
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

oxy.st/img/oxy-logo.svg

185.178.208.137

200 OK

3.2 kB

URL HTTP/2
oxy.st/img/oxy-logo.svg
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1126)
Size
3.2 kB (3204 bytes)
Hash
4dbb074be70991a358f914be3c00ad99
5f699e31b76bcb7e69fc4478a04b73b3df0e855a
9531a716a5007ddfc819613ec77f883ba963578d699f824034b4962f8221b8bf

HTTP Headers

GET /img/oxy-logo.svg HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/vKog
Cookie: __ddg1_=YBL8p34iJl5URvVxhaN7; PHPSESSID=iau4ej3e22uktv7qd6ds8gddf2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 27 Jan 2023 13:56:32 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Feb 2021 01:25:02 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
ddg-cache-status: HIT,HIT
etag: "602c706e-2019"
age: 710230
content-length: 3204
X-Firefox-Spdy: h2

oxy.st/slake/asset/js/jquery.min.js

185.178.208.137

200 OK

30 kB

URL HTTP/2
oxy.st/slake/asset/js/jquery.min.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
ASCII text, with very long lines (65451)
Size
30 kB (30285 bytes)
Hash
28198fab85f1ac98f664600f670ba43d
ee0dd46d793071270130c08412258d8c32194a32
81bd52c3dd2417f30deadecbe5412bed404a86e05233b7b7ba6b7e8f682b5b49

HTTP Headers

GET /slake/asset/js/jquery.min.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/vKog
Cookie: __ddg1_=YBL8p34iJl5URvVxhaN7; PHPSESSID=iau4ej3e22uktv7qd6ds8gddf2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 02 Feb 2023 08:41:20 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 30285
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-1538e"
age: 210742
X-Firefox-Spdy: h2

oxy.st/images/ltd.svg

185.178.208.137

200 OK

20 kB

URL HTTP/2
oxy.st/images/ltd.svg
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (50102)
Size
20 kB (19700 bytes)
Hash
d37ece4290313a264b5e235c0dadf2fb
9ae09bed58122b3d3c4914c45e682dce63993e14
e08d9d0fd918211315836b13807379efdf0a22ac163c96f96c5a14d1212781bd

HTTP Headers

GET /images/ltd.svg HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/vKog
Cookie: __ddg1_=YBL8p34iJl5URvVxhaN7; PHPSESSID=iau4ej3e22uktv7qd6ds8gddf2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 05:15:45 GMT
content-type: image/svg+xml
last-modified: Fri, 20 Nov 2020 00:55:29 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 19700
ddg-cache-status: HIT,HIT
etag: W/"5fb71401-c420"
age: 50277
X-Firefox-Spdy: h2

oxy.st/slake/asset/slice_white.png

185.178.208.137

200 OK

6.1 kB

URL HTTP/2
oxy.st/slake/asset/slice_white.png
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 201 x 45, 8-bit/color RGBA, non-interlaced\012- data
Size
6.1 kB (6078 bytes)
Hash
946ed1d2bd247854fa58e938de28ee95
883cda7ee0087e29a32f07b6c8ead3e8df5db738
bfe6c8b9cf34578f573091bb118f86a10b918b7d530b25107648f12158759e85

HTTP Headers

GET /slake/asset/slice_white.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/vKog
Cookie: __ddg1_=YBL8p34iJl5URvVxhaN7; PHPSESSID=iau4ej3e22uktv7qd6ds8gddf2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 03 Feb 2023 15:01:41 GMT
content-type: image/png
content-length: 6078
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
access-control-allow-origin: *
accept-ranges: bytes
etag: "5eefbeb2-17be"
age: 101521
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

oxy.st/slake/asset/js/plugins.js

185.178.208.137

200 OK

91 kB

URL HTTP/2
oxy.st/slake/asset/js/plugins.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
Unicode text, UTF-8 text, with very long lines (8320), with CRLF line terminators
Size
91 kB (90933 bytes)
Hash
f64473f7f0d77763bf319a920044a5fe
085e34089773af2ec9ec67f206d51e9ada6a84fb
d0ce3ff70f038c52fd30f79350f60b4dff5c9bf0f327a1389c83c409a1f8846d

HTTP Headers

GET /slake/asset/js/plugins.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/vKog
Cookie: __ddg1_=YBL8p34iJl5URvVxhaN7; PHPSESSID=iau4ej3e22uktv7qd6ds8gddf2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 05:11:48 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
content-length: 90933
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-52d51"
age: 50514
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
98be7fe21d059e46146a43d20c4eea92
1ec58129fea75085588be7b8baec05b0874b5274
7bb2eb5ffcd88a3b6ba7b210bdbcd4469134c9708f06befb6c616beebf8dae46

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 18:49:07 GMT
age: 1475
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.249

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d1da3983341930b1bb793a0d294c24f5
abb1e9d5eb2dabce6a6821362fc8f09639bc5178
a63fe4be50aad00aff7a4e6899f83933f9d6c20c2de279766ad098a61b580435

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A63FE4BE50AAD00AFF7A4E6899F83933F9D6C20C2DE279766AD098A61B580435"
Last-Modified: Thu, 02 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7087
Expires: Sat, 04 Feb 2023 21:11:49 GMT
Date: Sat, 04 Feb 2023 19:13:42 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c181c51a9326d56e60915a792c306c2c
de1cc0ce1384905e65a9fa9575743091d785e528
b74bc74e2920124b3288a980f9a7b59e3450ba63f2333027440cd6ebbdfdbf8d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

oxy.st/slake/asset/img/bg/flake-slider-header.jpg

185.178.208.137

200 OK

32 kB

URL HTTP/2
oxy.st/slake/asset/img/bg/flake-slider-header.jpg
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x824, components 3\012- data
Size
32 kB (31870 bytes)
Hash
8e2a0e56ae25b282b437f9d5bd300d96
5d4ba26731ee84ba9bbc5487312162b826ede550
b48a7837a73459a7d6f545cb45a810533d9bf006a54077b2ca3bd62dd6f6315d

HTTP Headers

GET /slake/asset/img/bg/flake-slider-header.jpg HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/vKog
Cookie: __ddg1_=YBL8p34iJl5URvVxhaN7; PHPSESSID=iau4ej3e22uktv7qd6ds8gddf2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 25 Aug 2022 10:28:42 GMT
content-type: image/jpeg
content-length: 31870
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
etag: "5eefbeb2-7c7e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 14114700
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
3e2378acc8e81d17152f66a71215c2d4
ea42fb0d4bc9e764bbcb1021a866e0e0a056abb2
a1bd3c62c3dc5d93122ff489c07f17744e6ebee05c6d234ceaf8e10f243c352c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3582
Cache-Control: max-age=85610
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:42 GMT
Etag: "63dd4bd2-117"
Expires: Sun, 05 Feb 2023 19:00:32 GMT
Last-Modified: Fri, 03 Feb 2023 18:00:50 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279

whereres.com/api/scripts/mSetupWidget?id=363

88.208.46.156

200 OK

9.0 kB

URL HTTP/1.1
whereres.com/api/scripts/mSetupWidget?id=363
IP
88.208.46.156:0
ASN
#39572 DataWeb Global Group B.V.

File type
Unicode text, UTF-8 text, with very long lines (3565)
Size
9.0 kB (8982 bytes)
Hash
9c6d8fe1a69623dcc4c1948506d672af
b400e0ddf00fbbeed8a94c949165659d78714911
a5b9db9230019c2386cbd1bd2b8e193cd202b1f5558cc20a4a52058f79542c09

HTTP Headers

GET /api/scripts/mSetupWidget?id=363 HTTP/1.1
Host: whereres.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: openresty
Date: Sat, 04 Feb 2023 19:13:42 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.0.27
Content-Encoding: gzip

oxy.st/slake/asset/fonts/themify--fvbane.woff

185.178.208.137

200 OK

56 kB

URL HTTP/2
oxy.st/slake/asset/fonts/themify--fvbane.woff
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
Web Open Font Format, CFF, length 56108, version 1.0\012- data
Size
56 kB (56108 bytes)
Hash
a1ecc3b826d01251edddf29c3e4e1e97
9394f35bd2addd24666b79bfc36d4f9d247cb01d
0db5c5a1475eb7a3e5028983ea1e642d1b2c00faff6a250a37502b0f3832a4a7

HTTP Headers

GET /slake/asset/fonts/themify--fvbane.woff HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://oxy.st/slake/asset/css/elements.css?1
Cookie: __ddg1_=YBL8p34iJl5URvVxhaN7; PHPSESSID=iau4ej3e22uktv7qd6ds8gddf2
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 30 Jan 2023 12:52:43 GMT
content-type: font/woff
content-length: 56108
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
access-control-allow-origin: *
accept-ranges: bytes
ddg-cache-status: HIT,HIT
etag: "5eefbeb2-db2c"
age: 454859
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
23287a0337047631e479bb3cbe8b0fcd
15ec24f5ee1990ee456a6fd3bbcbdbe27bf62c99
da05b381eec3589d2689bc5fab2b89eb5d65f9a5652f9254f3353e30a4540034

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
5452c58c07ce8d3cade93b323b271c35
581b1e438daeb32a12feaf50f2aab17dcf3e3171
b99ea2af71e697f45db51732f7d3e8d3e50258c9c96e50a772b8c4638577140a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
23287a0337047631e479bb3cbe8b0fcd
15ec24f5ee1990ee456a6fd3bbcbdbe27bf62c99
da05b381eec3589d2689bc5fab2b89eb5d65f9a5652f9254f3353e30a4540034

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

142.250.74.35

200 OK

31 kB

URL HTTP/2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Size
31 kB (30928 bytes)
Hash
ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780

HTTP Headers

GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Feb 2023 07:08:09 GMT
expires: Sat, 03 Feb 2024 07:08:09 GMT
cache-control: public, max-age=31536000
age: 129933
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
e9b4fb853d3de194295b1be8e681922d
c52a4ab65808cda62e9f0233d8b03a6146724747
24f005a1ae5c71ab8b285702e2f6391890517c03a455122572aee8599da6e59a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6385
Cache-Control: max-age=149629
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:43 GMT
Etag: "63de3af3-118"
Expires: Mon, 06 Feb 2023 12:47:32 GMT
Last-Modified: Sat, 04 Feb 2023 11:01:07 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 280

fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2

142.250.74.35

200 OK

21 kB

URL HTTP/2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 21276, version 1.0\012- data
Size
21 kB (21276 bytes)
Hash
59c9b83cc112cf7eeb3bf7a5e96b21fe
771790b776b5e1bc3039c337024e400974184208
a8447cdec51e85d9e93971a0d4a53bcf6085d70bf1d201662837d2fb953422c7

HTTP Headers

GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 21276
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 30 Jan 2023 16:07:46 GMT
expires: Tue, 30 Jan 2024 16:07:46 GMT
cache-control: public, max-age=31536000
age: 443157
last-modified: Mon, 11 Jul 2022 19:01:17 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

oxy.st/slake/asset/img/bg/footer-bg.png

185.178.208.137

200 OK

75 kB

URL HTTP/2
oxy.st/slake/asset/img/bg/footer-bg.png
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 1920 x 890, 8-bit/color RGB, non-interlaced\012- data
Size
75 kB (74560 bytes)
Hash
ce2f90b81ee3a43f46c29223ad1d981b
b82b68c892bd7c8b0bf06a883f1bdcd8ca0121e5
7b5c7bc066eb345c6c48189f960ad13fac80add5b5769e2d7a1f59d82a382505

HTTP Headers

GET /slake/asset/img/bg/footer-bg.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/slake/style.css?ver=6
Cookie: __ddg1_=YBL8p34iJl5URvVxhaN7; PHPSESSID=iau4ej3e22uktv7qd6ds8gddf2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 31 Jan 2023 22:29:39 GMT
content-type: image/png
content-length: 74560
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
access-control-allow-origin: *
accept-ranges: bytes
etag: "5eefbeb2-12340"
age: 333844
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
3e2378acc8e81d17152f66a71215c2d4
ea42fb0d4bc9e764bbcb1021a866e0e0a056abb2
a1bd3c62c3dc5d93122ff489c07f17744e6ebee05c6d234ceaf8e10f243c352c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3583
Cache-Control: max-age=85610
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:43 GMT
Etag: "63dd4bd2-117"
Expires: Sun, 05 Feb 2023 19:00:33 GMT
Last-Modified: Fri, 03 Feb 2023 18:00:50 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
d4d7d6d6077079d28cac180985220645
7c5437e1e425dffbeb54341f3a150aa6faf8e951
a1ffdf0f5f534af3046ed92a4f4b99871816f5e4f8a3d60565c021433cadfa51

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 19:13:43 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 04 Feb 2023 16:59:16 GMT
Expires: Sat, 11 Feb 2023 16:59:15 GMT
Etag: "7c5437e1e425dffbeb54341f3a150aa6faf8e951"
Cache-Control: max-age=596132,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7945b9a2c976b529-OSL

ocsp.digicert.com/

93.184.220.29

200 OK

314 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
314 B (314 bytes)
Hash
ad2f6d0fb4666867c9e0a3530f0f66a6
c166f3bd45870c2866b9d825d41de1d4cf5afa1b
ebe47085a1e80be160adad02d7992b7482897321808d69350044e2d32dbc5bce

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 482
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:43 GMT
Last-Modified: Sat, 04 Feb 2023 19:05:41 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 314

ocsp.globalsign.com/gseccovsslca2018

104.18.21.226

200 OK

939 B

URL HTTP/1.1
ocsp.globalsign.com/gseccovsslca2018
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
939 B (939 bytes)
Hash
7edb2bfac15a62c347447ebf07a5d64e
f5eaf64f05adc8e2f1b8a436a57b96f532017fd3
5fcb743a51ce3316488cf8f6bfc78fced2297814b652adc34744a21cb6f93349

HTTP Headers

POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 19:13:43 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Wed, 08 Feb 2023 16:47:35 GMT
ETag: "f5eaf64f05adc8e2f1b8a436a57b96f532017fd3"
Last-Modified: Sat, 04 Feb 2023 16:47:36 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 571
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7945b9a4388cb512-OSL

inklinkor.com/tag.min.js

172.67.211.29

200 OK

26 kB

URL HTTP/2
inklinkor.com/tag.min.js
IP
172.67.211.29:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
26 kB (26059 bytes)
Hash
88d64037d2775723a2037d31bd86bb9f
6ec941d0f1c46bee481a898cbb9cd46954be542b
6808d22052abc5f6a7225ce971c2c429aee126139c61be26a0898f993f56c750

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:42 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 430b85d49d10dfc8b8b173cfe8aa6a87
cache-control: max-age=86400
last-modified: Fri, 03 Feb 2023 10:48:58 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Sun, 05 Feb 2023 18:40:50 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 1972
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GGFVE5vXfSuLsvPrpjrXBxpgFkYPXHKcUyZuX0aD7%2FSwi5yC2uxt7eqdXKJLswbvamjZrdE2MQbkzH8h4r5lCJptS18WF04CFWn%2FS8cLt8ya9aiz7apOEAE9GMnSMmTL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7945b9a37acdb50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
23287a0337047631e479bb3cbe8b0fcd
15ec24f5ee1990ee456a6fd3bbcbdbe27bf62c99
da05b381eec3589d2689bc5fab2b89eb5d65f9a5652f9254f3353e30a4540034

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn.adlook.me/js/rlf.js

92.223.124.24

200 OK

19 kB

URL HTTP/2
cdn.adlook.me/js/rlf.js
IP
92.223.124.24:0
ASN
#199524 G-Core Labs S.A.

File type
Unicode text, UTF-8 text, with very long lines (65509), with no line terminators
Size
19 kB (19276 bytes)
Hash
4753bd99e680f991e358fcfc5956d348
f7506e35d1e97953351bacf094278a919dd2d5e9
417b57437a57fdbfdbe26fb8e676b6936d868f23f5aa5ca587811aa01ce9d03f

HTTP Headers

GET /js/rlf.js HTTP/1.1
Host: cdn.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:43 GMT
content-type: application/javascript,application/javascript;charset=utf-8
content-length: 19276
content-encoding: gzip
last-modified: Wed, 14 Dec 2022 11:05:17 GMT
etag: "8054b6f2abfd91:0"
vary: Accept-Encoding
x-powered-by: ASP.NET
cache: HIT
x-cached-since: 2023-02-04T19:07:48+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.249

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9892
Expires: Sat, 04 Feb 2023 21:58:35 GMT
Date: Sat, 04 Feb 2023 19:13:43 GMT
Connection: keep-alive

onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1675538059773

51.89.9.251

204 No Content

0 B

URL HTTP/2
onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1675538059773
IP
51.89.9.251:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /usync/?pubId=2a897e3f18e6769&cb=1675538059773 HTTP/1.1
Host: onetag-sys.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
cache-control: no-store
strict-transport-security: max-age=15552000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.249

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
57fdf2746ac19b2c2093149d3ded7b25
06f6dcf2ac2f7a9cebe8c071067727dc5686fca1
ca8f1accae24f6fa5a101d38d72d4d933886080e487dd0ee75d246f2853a4791

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CA8F1ACCAE24F6FA5A101D38D72D4D933886080E487DD0EE75D246F2853A4791"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17260
Expires: Sun, 05 Feb 2023 00:01:23 GMT
Date: Sat, 04 Feb 2023 19:13:43 GMT
Connection: keep-alive

spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258

104.22.24.87

200 OK

21 kB

URL HTTP/2
spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258
IP
104.22.24.87:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (50946), with LF, NEL line terminators
Size
21 kB (21127 bytes)
Hash
147644223379f2c8c792d40ffbf30365
a1d6dacbfa400ff9b5e640cd5435140db456d8dd
267ec5e72d40ca53f91779e841db406d72ceb34432ffabae57931fa1be344519

HTTP Headers

GET /mapper.js?env=mWeb&eventType=pageview&zdid=1258 HTTP/1.1
Host: spl.zeotap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:43 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://oxy.st
vary: Origin, Accept-Encoding
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7945b9a3f861b4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2

yastatic.net/islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2

178.154.131.215

200 OK

45 kB

URL HTTP/2
yastatic.net/islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2
IP
178.154.131.215:0
ASN
#13238 YANDEX LLC

File type
Web Open Font Format (Version 2), TrueType, length 45100, version 1.0\012- data
Size
45 kB (45100 bytes)
Hash
e783c489351712fa80a7cb4206cffd02
4d1d924e4cbae116baf57958cea28dedc9e361f4
281e998fb084bbc3243914bfd01a00ef5cdbc847179c43106808821a6e0ae1a5

HTTP Headers

GET /islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2 HTTP/1.1
Host: yastatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.17.9
date: Sat, 04 Feb 2023 19:13:43 GMT
content-type: application/font-woff2
content-length: 45100
access-control-allow-origin: *
cache-control: public, max-age=31556952
etag: "e783c489351712fa80a7cb4206cffd02"
expires: Mon, 05 Feb 2024 01:02:55 GMT
last-modified: Tue, 22 Jan 2019 17:07:25 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-nginx-request-id: eae35d87a169eebf
accept-ranges: bytes
X-Firefox-Spdy: h2

yastatic.net/islands/_/KRBKbh7904nwfw8-FzDelXRpZ9o.woff2

178.154.131.215

200 OK

43 kB

URL HTTP/2
yastatic.net/islands/_/KRBKbh7904nwfw8-FzDelXRpZ9o.woff2
IP
178.154.131.215:0
ASN
#13238 YANDEX LLC

File type
Web Open Font Format (Version 2), TrueType, length 43112, version 1.0\012- data
Size
43 kB (43112 bytes)
Hash
f8883ab9c4a452a0bfe3c5cf9619db86
29104a6e1efdd389f07f0f3e1730de95746967da
427f528f5d190e0e3275d8a1fc40bad36fede3da064b33f29dc8fe6e614ff2f7

HTTP Headers

GET /islands/_/KRBKbh7904nwfw8-FzDelXRpZ9o.woff2 HTTP/1.1
Host: yastatic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.17.9
date: Sat, 04 Feb 2023 19:13:43 GMT
content-type: application/font-woff2
content-length: 43112
access-control-allow-origin: *
cache-control: public, max-age=31556952
etag: "f8883ab9c4a452a0bfe3c5cf9619db86"
expires: Mon, 05 Feb 2024 01:02:55 GMT
last-modified: Tue, 22 Jan 2019 17:04:38 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-nginx-request-id: 5714c2a0a74f3b15
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.adlook.me/u/cds.html

92.223.124.24

200 OK

1.4 kB

URL HTTP/2
cdn.adlook.me/u/cds.html
IP
92.223.124.24:0
ASN
#199524 G-Core Labs S.A.

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
1.4 kB (1439 bytes)
Hash
092b935eec2ba1199c03c1c856472e77
90d533fb895dda57fd0645cf484a4ecb7a64c344
8719a7a7e474f30d7a1d5dbf2ab97bbd73437c28ef567b410361540ad38c985e

HTTP Headers

GET /u/cds.html HTTP/1.1
Host: cdn.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:43 GMT
content-type: text/html
content-length: 1439
last-modified: Thu, 06 Aug 2020 17:06:57 GMT
etag: "207a2dfe136cd61:0"
x-powered-by: ASP.NET
cache: HIT
x-cached-since: 2023-02-04T19:08:07+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.adlook.me/css/rlf.css?1.4

92.223.124.24

200 OK

1.6 kB

URL HTTP/2
cdn.adlook.me/css/rlf.css?1.4
IP
92.223.124.24:0
ASN
#199524 G-Core Labs S.A.

File type
ASCII text, with very long lines (1612), with no line terminators
Size
1.6 kB (1612 bytes)
Hash
ebb99a8c16a4ad70389cc2e9306fa4b1
b926dbbe4d67d1a39e3a7b1f4ea992c41388067b
d1b01565ed50bb2012a6d2c9b409fa41752d6c3a30e735f9f7008b7f635a21f1

HTTP Headers

GET /css/rlf.css?1.4 HTTP/1.1
Host: cdn.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:43 GMT
content-type: text/css
content-length: 1612
last-modified: Mon, 11 Oct 2021 12:59:26 GMT
etag: "2fce1cd29fbed71:0"
x-powered-by: ASP.NET
cache: HIT
x-cached-since: 2023-02-04T19:09:31+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.249

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e45e1fab974bf50f5c5821750cf96bb3
c53950778b062bf7edaa11157c463264c30a28fd
f13afdf20beadb7725ddab0fb7f7c6d0d985eb54681fe4cac4916543c02a9018

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F13AFDF20BEADB7725DDAB0FB7F7C6D0D985EB54681FE4CAC4916543C02A9018"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5067
Expires: Sat, 04 Feb 2023 20:38:10 GMT
Date: Sat, 04 Feb 2023 19:13:43 GMT
Connection: keep-alive

p.cpx.to/p/12771/px.js

18.203.96.189

200 OK

2.0 kB

URL HTTP/1.1
p.cpx.to/p/12771/px.js
IP
18.203.96.189:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (1990), with no line terminators
Size
2.0 kB (1990 bytes)
Hash
a667f26d4e73b4b5098a9c9637d3d29f
83d9b753da4c51039a689bc67956f7f9997854cc
a559f41c7e0d2f4852afbf1cf44b736b9158e65b01843c05850f6e8d6b6db9b6

HTTP Headers

GET /p/12771/px.js HTTP/1.1
Host: p.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
cache-control: max-age=2419200, public
content-type: application/javascript; charset=UTF-8
date: Sat, 04 Feb 2023 19:13:42 GMT
Content-Length: 1990
Connection: keep-alive

c.tmyzer.com/c/?s=85433&f=2&fi=99

54.38.64.100

200 OK

0 B

URL HTTP/1.1
c.tmyzer.com/c/?s=85433&f=2&fi=99
IP
54.38.64.100:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c/?s=85433&f=2&fi=99 HTTP/1.1
Host: c.tmyzer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 19:13:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
X-IPLB-Request-ID: 5B5A2A9A:7F6F_36264064:01BB_63DEAE67_33105D2:22738
X-IPLB-Instance: 41595

tag.leadplace.fr/libJsLP.js

145.239.192.166

200 OK

5.5 kB

URL HTTP/1.1
tag.leadplace.fr/libJsLP.js
IP
145.239.192.166:0
ASN
#16276 OVH SAS

File type
ASCII text
Size
5.5 kB (5547 bytes)
Hash
a0c24f993bc0901cfe62d1e801cb2b45
7eb2bdce06161ae486bc8e7ecd0b5c9c4f7b2984
80fccb00db57a177d26368cda09f8a540cf1aa641b8b6837047e86d3bd8d6333

HTTP Headers

GET /libJsLP.js HTTP/1.1
Host: tag.leadplace.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 04 Feb 2023 19:13:43 GMT
Content-Type: application/javascript
Content-Length: 5547
Last-Modified: Thu, 14 Oct 2021 07:27:52 GMT
ETag: "6167dbf8-15ab"
Accept-Ranges: bytes
X-IPLB-Request-ID: 5B5A2A9A:FB6B_91EFC0A6:01BB_63DEAE67_6B7C884B:237B8
X-IPLB-Instance: 30195

tag.leadplace.fr/wckr.php?ref=https%3A%2F%2Foxy.st%2Fd%2FvKog&id=MTIZ

145.239.192.166

200 OK

0 B

URL HTTP/1.1
tag.leadplace.fr/wckr.php?ref=https%3A%2F%2Foxy.st%2Fd%2FvKog&id=MTIZ
IP
145.239.192.166:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wckr.php?ref=https%3A%2F%2Foxy.st%2Fd%2FvKog&id=MTIZ HTTP/1.1
Host: tag.leadplace.fr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 04 Feb 2023 19:13:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
X-IPLB-Request-ID: 5B5A2A9A:FB6B_91EFC0A6:01BB_63DEAE67_6B7C8853:237B8
X-IPLB-Instance: 30195

r3.o.lencr.org/

23.36.76.249

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
eb0e0c25454e9b4c02a9b0c9d7d6f7d0
bd2267d81c5bd0cbb2db0b5549b9fdc5170a7000
ec5e00a0e1169a333229204bbd0ecfa72e686d2cfafdbd617648a8bfd1549abd

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC5E00A0E1169A333229204BBD0ECFA72E686D2CFAFDBD617648A8BFD1549ABD"
Last-Modified: Sat, 04 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11542
Expires: Sat, 04 Feb 2023 22:26:05 GMT
Date: Sat, 04 Feb 2023 19:13:43 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
482952c319f6b341719e70726729734d
d562869196fe45ede7cf9d7b83643c020eae68b2
052ed0f05af6fa66b55a1e883536b6fc2743d32d56aa4b7c58f0b8202b67ee9b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5573
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:43 GMT
Last-Modified: Sat, 04 Feb 2023 17:40:50 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 313

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
482952c319f6b341719e70726729734d
d562869196fe45ede7cf9d7b83643c020eae68b2
052ed0f05af6fa66b55a1e883536b6fc2743d32d56aa4b7c58f0b8202b67ee9b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5573
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:43 GMT
Last-Modified: Sat, 04 Feb 2023 17:40:50 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 313

id5-sync.com/api/config/prebid

162.19.138.117

200

134 B

URL HTTP/1.1
id5-sync.com/api/config/prebid
IP
162.19.138.117:0
ASN
#16276 OVH SAS

File type
JSON data\012- , ASCII text, with no line terminators
Size
134 B (134 bytes)
Hash
99be75395b3c89cdd6781761e5a85ad2
225a8b587c3545be2581aa9ac2b630b51679d7be
559ffc5fa5eadd77f8bfaaeb793648763e312a17391d8e6bbb7d8d3dec2147e1

HTTP Headers

POST /api/config/prebid HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 95
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Sat, 04 Feb 2023 19:13:42 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload

push.services.mozilla.com/

35.167.56.184

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.167.56.184:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: slqLz2fRvq0c7eeR658JKw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: uvfp/Uj44PwHBW7+E8e6uNRtvhk=

r3.o.lencr.org/

23.36.76.249

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
84917bf328ca8aa9b9bc8257ede4f634
80046875c806a28c50fe6f2d26f78effbc125f92
c6b15db06b947f77f052fa752c284ca6615e94f2e0e10363e5fbda1772d1c696

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B15DB06B947F77F052FA752C284CA6615E94F2E0E10363E5FBDA1772D1C696"
Last-Modified: Thu, 02 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15080
Expires: Sat, 04 Feb 2023 23:25:03 GMT
Date: Sat, 04 Feb 2023 19:13:43 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.249

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f1b35c29fff41cdc81401662e515d42e
357a451f7bda3f4ee9ae5b537d6be9a74af3fdeb
c07de6d901a30b4f2c2956c24540ff65d8ec6a97931bd30bb4f752764d7bba43

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C07DE6D901A30B4F2C2956C24540FF65D8EC6A97931BD30BB4F752764D7BBA43"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20455
Expires: Sun, 05 Feb 2023 00:54:38 GMT
Date: Sat, 04 Feb 2023 19:13:43 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.249

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1e920c15af4b35a551102970ec680da2
cf3b341dc52dd33ae5b8e37fb4c132365406f6f5
49de655cc7725f7146a8c35d40ded6d0784ca326c5ccee34672ed2383658ce74

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "49DE655CC7725F7146A8C35D40DED6D0784CA326C5CCEE34672ED2383658CE74"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11810
Expires: Sat, 04 Feb 2023 22:30:33 GMT
Date: Sat, 04 Feb 2023 19:13:43 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.249

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bb0e1ff82ab6199f715e00974b7f6957
74edba6943c202d060b471c30a3c626542bfac84
d982aa0ae1b32ffba27f789ad265b594dfef0bc4c55a0d0489d38b0827e6a7e2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D982AA0AE1B32FFBA27F789AD265B594DFEF0BC4C55A0D0489D38B0827E6A7E2"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2521
Expires: Sat, 04 Feb 2023 19:55:44 GMT
Date: Sat, 04 Feb 2023 19:13:43 GMT
Connection: keep-alive

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
9b065dd10769b4123608f9a5e4605f6a
99ed1febf2e2e6e51fe64dc9ff0e84bb494a2369
78b576dd0b15b786715efdd4a5d204643f51e27e72593679775be417a3ccfa53

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 19:13:43 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 02 Feb 2023 19:14:54 GMT
Expires: Thu, 09 Feb 2023 19:14:53 GMT
Etag: "99ed1febf2e2e6e51fe64dc9ff0e84bb494a2369"
Cache-Control: max-age=431469,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7945b9a63dd0b529-OSL

r3.o.lencr.org/

23.36.76.249

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
89cb314fd96ee7eecd69c34d471055fe
0773c53bc7741323d666d69b39a73ec53167ed17
0e0811aec04223315893249a43c4a8b5140c5031651263a427c9885215e4719e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E0811AEC04223315893249A43C4A8B5140C5031651263A427C9885215E4719E"
Last-Modified: Sat, 04 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12646
Expires: Sat, 04 Feb 2023 22:44:29 GMT
Date: Sat, 04 Feb 2023 19:13:43 GMT
Connection: keep-alive

my.rtmark.net/gid.js?userId=ef4797d9b3424653b045a69e56dba786

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js?userId=ef4797d9b3424653b045a69e56dba786
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
61334d8358d2bfa5c72cf1983ac059a1
daa5afed2cdfa15ac5e4f65c4732fa01c2a96c3f
5d43b94a0ad1905792ee2b7b445b733f085143bfa312496d00a58733bf448d36

HTTP Headers

GET /gid.js?userId=ef4797d9b3424653b045a69e56dba786 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:43 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=ef4797d9b3424653b045a69e56dba786; expires=Sun, 04 Feb 2024 19:13:43 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

spl.zeotap.com/?env=mWeb&eventType=pageview&zdid=1258

104.22.24.87

200 OK

215 B

URL HTTP/2
spl.zeotap.com/?env=mWeb&eventType=pageview&zdid=1258
IP
104.22.24.87:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
215 B (215 bytes)
Hash
ed41ab9c4e273182d7fb9ad3b3fd161a
617f5905b083d50a21d69bf011aca6ee1a728b86
7a878765de3ee0d7a80dcdeba4fe7d88bb7a6c88f8b003a7a5e8361299bb9451

HTTP Headers

GET /?env=mWeb&eventType=pageview&zdid=1258 HTTP/1.1
Host: spl.zeotap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:43 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://oxy.st
set-cookie: zc=801058f1-b003-4377-6040-daeeb71d5a37; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure
zsc=F%0A2%5DM%EFo%13%3C%E1%13s%9Dx2%B7H9%FD%19%07%93%15%FC-YR%86y%5E%5E%99%9A%9Al%BC%08O%A2%E3%25~%E8%8F%15%99d%95P%E8ST%E7%AB%FF%D8h%BE%BB%EA%89%FA%DDqpD%9E%D6%A6%B6%22%EA%EBz%CB%0E%2B%0F%D5%FAH%BF%BC; Path=/; Domain=.zeotap.com; Max-Age=86400; SameSite=None; Secure
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7945b9a4a924b4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2

s.cpx.to/fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FvKog&hn_ver=40&fid=7366b0de-cc5a-4870-a677-f558ad85e980

52.50.35.7

200 OK

652 B

URL HTTP/1.1
s.cpx.to/fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FvKog&hn_ver=40&fid=7366b0de-cc5a-4870-a677-f558ad85e980
IP
52.50.35.7:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (652), with no line terminators
Size
652 B (652 bytes)
Hash
7d5eefdad1e7b46436312393c9aae067
12fa18bcfe8b69d28285e8e45c305f40f2ac7574
0a9992021a37a02929341040793e231b3587788afa9cc7ee66646f1f94968f08

HTTP Headers

GET /fire.js?pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FvKog&hn_ver=40&fid=7366b0de-cc5a-4870-a677-f558ad85e980 HTTP/1.1
Host: s.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 19:13:43 GMT
Content-Type: application/javascript; charset=UTF-8
Content-Length: 652
Connection: keep-alive
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: none
cache-control: no-store, must-revalidate, private, max-age=0
pragma: no-cache
p3p: CP="NOI DEV ADM"
expires: Mon, 30 Jan 2023 15:31:00 UTC
set-cookie: cpSess=c08c0792ed21fcd; Expires=Sun, 04 Feb 2024 19:13:43 GMT; Domain=.cpx.to; Path=/; Secure; HttpOnly; SameSite=None

r3.o.lencr.org/

23.36.76.249

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b9a434a103fc84f2e3b2dae96dcbb687
d4b9360dc7d9f577b7a583b8e269062a9db8f525
246430d3a0fdc7b88956e6353cee41c8767433b00abebdb963eb6d54569bba91

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "246430D3A0FDC7B88956E6353CEE41C8767433B00ABEBDB963EB6D54569BBA91"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12262
Expires: Sat, 04 Feb 2023 22:38:05 GMT
Date: Sat, 04 Feb 2023 19:13:43 GMT
Connection: keep-alive

ibrapush.com/zone?pub=0&zone_id=5630104&is_mobile=false&domain=oxy.st&var=&ymid=&var_3=

139.45.197.250

200 OK

705 B

URL HTTP/2
ibrapush.com/zone?pub=0&zone_id=5630104&is_mobile=false&domain=oxy.st&var=&ymid=&var_3=
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with very long lines (704)
Size
705 B (705 bytes)
Hash
53fd4fda83983a95b2ce314003de8718
f748134fb9af3caa678b515e2cbc82eff9881bc4
fd13354afb4688df091fa2c30a00d1ec42fb3f9fbadfebcf926f4e5581238def

HTTP Headers

GET /zone?pub=0&zone_id=5630104&is_mobile=false&domain=oxy.st&var=&ymid=&var_3= HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:43 GMT
content-type: application/json; charset=utf-8
content-length: 705
x-trace-id: c9df408bd1d2706220a26c4fa6899a4c
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ads.adlook.me/vast?id=5344&w=1268&h=713&mult=1&rw=0&ref=&loc=https%3A%2F%2Foxy.st%2Fd%2FvKog&top=&_ts=1675538060205

5.200.50.170

200 OK

2 B

URL HTTP/2
ads.adlook.me/vast?id=5344&w=1268&h=713&mult=1&rw=0&ref=&loc=https%3A%2F%2Foxy.st%2Fd%2FvKog&top=&_ts=1675538060205
IP
5.200.50.170:0
ASN
#48096 Enterprise Cloud Ltd.

File type
JSON data\012- , ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

HTTP Headers

GET /vast?id=5344&w=1268&h=713&mult=1&rw=0&ref=&loc=https%3A%2F%2Foxy.st%2Fd%2FvKog&top=&_ts=1675538060205 HTTP/1.1
Host: ads.adlook.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/json
server: Microsoft-IIS/10.0
set-cookie: adlm_userId=3ff6cacc0d8d4964913c807a793c3b98; expires=Sat, 03 Feb 2024 21:00:00 GMT; path=/; SameSite=None; secure; samesite=lax
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
date: Sat, 04 Feb 2023 19:13:43 GMT
content-length: 2
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
2521dc6dc015025c26c7a1b08b3060a1
f5c7abc50c9229a4b198a5c0d5f6dfa8ac528b9f
6671bc387c8011ec55a9d023502189b997adeb18fc2f199747dec7d688f85bd3

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4018
Cache-Control: max-age=156589
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:43 GMT
Etag: "63de5f62-139"
Expires: Mon, 06 Feb 2023 14:43:32 GMT
Last-Modified: Sat, 04 Feb 2023 13:36:34 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 313

dnacdn.net/dna

178.250.2.146

200 OK

0 B

URL HTTP/2
dnacdn.net/dna
IP
178.250.2.146:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /dna HTTP/1.1
Host: dnacdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:43 GMT
server: Kestrel
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
set-cookie: browser_data=FzXBkF80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3hkYWJBMlVQTEl4JTJCYUR5Zm81RDlwVEo5VmVZVzUzTDFlR0NJVG9rRkxBNQ; expires=Thu, 29 Feb 2024 19:13:43 GMT; domain=dnacdn.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 338497
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

ibrapush.com/pfe/current/tag.min.js?z=5630104

139.45.197.250

200 OK

6.2 kB

URL HTTP/2
ibrapush.com/pfe/current/tag.min.js?z=5630104
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
data
Size
6.2 kB (6208 bytes)
Hash
c91b5f4e56b855f882d8f02633ddcec7
3d3660c5e4cbab2d6753d8c142f67c0961d3a4b0
8ee82d553f3ea973ac7679b43208561cd7ffcbd6be2541abca8cf9965658bc24

HTTP Headers

GET /pfe/current/tag.min.js?z=5630104 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:43 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-390a"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
link: <https://my.rtmark.net>; rel=dns-prefetch;, <https://my.rtmark.net>; rel=preconnect
content-encoding: gzip
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.249

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b24be7158ed895f58053d0383957b5db
e5e458f8ed3fbea3b739439f8bbc6f9e137755ab
13e27a7246e8e8f5c67f505b4e80ce71120ca4dfbcaa234f276b23233705a670

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "13E27A7246E8E8F5C67F505B4E80CE71120CA4DFBCAA234F276B23233705A670"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11450
Expires: Sat, 04 Feb 2023 22:24:33 GMT
Date: Sat, 04 Feb 2023 19:13:43 GMT
Connection: keep-alive

mpraven.org/api/getslugv3?partner_apikey=fc637ad2fa123a2358df5768a2427c14&bl=0&raw=Discover%20new%20possibilities%20for%20%3Cspan%3E%20%242.70%2F5%20days%3C%2Fspan%3E&sourceURL=https%3A%2F%2Floader.oxy.st%2Fget%2F75a024c6d3332bc8ad04c14083a64f68%2Fneverlose_crack.exe&sourceName=neverlose%20crack.exe&sourceIntro=&sourceNote=&priority=source&tag=&rnd=ed3385fdf6ce1eef3bd8fa44a573e708&d=0&utm_content=&err=0&b=1&rfr=https%3A%2F%2Foxy.st%2Fd%2FvKog

88.208.5.115

200 OK

120 B

URL HTTP/1.1
mpraven.org/api/getslugv3?partner_apikey=fc637ad2fa123a2358df5768a2427c14&bl=0&raw=Discover%20new%20possibilities%20for%20%3Cspan%3E%20%242.70%2F5%20days%3C%2Fspan%3E&sourceURL=https%3A%2F%2Floader.oxy.st%2Fget%2F75a024c6d3332bc8ad04c14083a64f68%2Fneverlose_crack.exe&sourceName=neverlose%20crack.exe&sourceIntro=&sourceNote=&priority=source&tag=&rnd=ed3385fdf6ce1eef3bd8fa44a573e708&d=0&utm_content=&err=0&b=1&rfr=https%3A%2F%2Foxy.st%2Fd%2FvKog
IP
88.208.5.115:0
ASN
#39572 DataWeb Global Group B.V.

File type
JSON data\012- , ASCII text, with no line terminators
Size
120 B (120 bytes)
Hash
a4a6fb82041913679091600d4783d80e
48b2eed8bb26816169e22f6c560bbd578db902aa
bd79f5ec9ab1bd1e026c2ea3df92f3e43e7d2e6b9ac398382b395ea92e6fcd81

HTTP Headers

GET /api/getslugv3?partner_apikey=fc637ad2fa123a2358df5768a2427c14&bl=0&raw=Discover%20new%20possibilities%20for%20%3Cspan%3E%20%242.70%2F5%20days%3C%2Fspan%3E&sourceURL=https%3A%2F%2Floader.oxy.st%2Fget%2F75a024c6d3332bc8ad04c14083a64f68%2Fneverlose_crack.exe&sourceName=neverlose%20crack.exe&sourceIntro=&sourceNote=&priority=source&tag=&rnd=ed3385fdf6ce1eef3bd8fa44a573e708&d=0&utm_content=&err=0&b=1&rfr=https%3A%2F%2Foxy.st%2Fd%2FvKog HTTP/1.1
Host: mpraven.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 19:13:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-SF: ok
X-Slug: check SF
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Content-Encoding: gzip

oxy.st/images/icon.png

185.178.208.137

200 OK

7.5 kB

URL HTTP/2
oxy.st/images/icon.png
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
7.5 kB (7531 bytes)
Hash
b63d70eb8c5d379fa68fe0f63e8c4255
232de1f52e52611ae67aab8ebaa143946154a233
100c7773d318b841267dc4ac654366ac19ba903e6cd6551777268f6eb4ed86cd

HTTP Headers

GET /images/icon.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/vKog
Cookie: __ddg1_=YBL8p34iJl5URvVxhaN7; PHPSESSID=iau4ej3e22uktv7qd6ds8gddf2; _pbjs_userid_consent_data=3524755945110770; sharedid=61a2fdd9-9e19-42f8-aee9-c4f4f461701c; cto_bundle=SI6f018lMkJFUjlERFdqT0ljdGx6TE10YnNCUURKcnh4SDZnSTVrdUh2NzdNQ0hRUCUyQndGelBuT01wJTJGMTMxcklQcjlPTkxsMmQwT0VDZmhhZCUyRmJpVWZoUnR3cFZEYkZJVW90UUtwRmR0dFc4a2NSMEJvJTNE; cto_bidid=_HaLNl9FM1FBVkpTcWlldEpqejVKdFdGRlBtZ2FOcjVIbUl5UzNRUDBrSndOekdETmE1ZlNhVTMwa1NpZ0ttb2VLYkNuOHJKY25PNzJYZ3NkY0xyYUpZNUIxUSUzRCUzRA; prefetchAd_5630105=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 31 Jan 2023 20:46:30 GMT
content-type: image/png
content-length: 7531
last-modified: Sun, 21 Jun 2020 20:10:25 GMT
etag: "5eefbeb1-1d6b"
access-control-allow-origin: *
accept-ranges: bytes
age: 340033
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

oxy.st/slake/asset/img/favicon/apple-touch-icon.png

185.178.208.137

200 OK

2.0 kB

URL HTTP/2
oxy.st/slake/asset/img/favicon/apple-touch-icon.png
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
2.0 kB (1994 bytes)
Hash
05807c4aceabfb49ab9d66e54618ff53
fddb5a3eb50d1a255989f72f91911dc21e2d5d9b
725d652f8c9ad3d148a0528878b51e2e250d228ab6eaf39111d0664abad359b3

HTTP Headers

GET /slake/asset/img/favicon/apple-touch-icon.png HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/d/vKog
Cookie: __ddg1_=YBL8p34iJl5URvVxhaN7; PHPSESSID=iau4ej3e22uktv7qd6ds8gddf2; _pbjs_userid_consent_data=3524755945110770; sharedid=61a2fdd9-9e19-42f8-aee9-c4f4f461701c; cto_bundle=SI6f018lMkJFUjlERFdqT0ljdGx6TE10YnNCUURKcnh4SDZnSTVrdUh2NzdNQ0hRUCUyQndGelBuT01wJTJGMTMxcklQcjlPTkxsMmQwT0VDZmhhZCUyRmJpVWZoUnR3cFZEYkZJVW90UUtwRmR0dFc4a2NSMEJvJTNE; cto_bidid=_HaLNl9FM1FBVkpTcWlldEpqejVKdFdGRlBtZ2FOcjVIbUl5UzNRUDBrSndOekdETmE1ZlNhVTMwa1NpZ0ttb2VLYkNuOHJKY25PNzJYZ3NkY0xyYUpZNUIxUSUzRCUzRA; prefetchAd_5630105=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 25 Aug 2022 10:29:17 GMT
content-type: image/png
content-length: 1994
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
etag: "5eefbeb2-7ca"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
accept-ranges: bytes
age: 14114666
ddg-cache-status: HIT,HIT
X-Firefox-Spdy: h2

id5-sync.com/i/12/9.gif?gdpr=&gdpr_consent=

162.19.138.117

200

43 B

URL HTTP/1.1
id5-sync.com/i/12/9.gif?gdpr=&gdpr_consent=
IP
162.19.138.117:0
ASN
#16276 OVH SAS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
07fff40b5dd495aca2ac4e1c3fbc60aa
e8ac224ba9ee97e87670ed6f3a2f0128b7af9fe4
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

HTTP Headers

GET /i/12/9.gif?gdpr=&gdpr_consent= HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: cf=; Max-Age=300; Expires=Sat, 04-Feb-2023 19:18:43 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cip=; Max-Age=300; Expires=Sat, 04-Feb-2023 19:18:43 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
cnac=; Max-Age=300; Expires=Sat, 04-Feb-2023 19:18:43 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
car=; Max-Age=300; Expires=Sat, 04-Feb-2023 19:18:43 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
gdpr=; Max-Age=300; Expires=Sat, 04-Feb-2023 19:18:43 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
callback=; Max-Age=300; Expires=Sat, 04-Feb-2023 19:18:43 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
content-type: image/gif;charset=UTF-8
transfer-encoding: chunked
date: Sat, 04 Feb 2023 19:13:43 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload

d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js

143.204.42.129

200 OK

26 kB

URL HTTP/1.1
d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js
IP
143.204.42.129:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (16085)
Size
26 kB (25704 bytes)
Hash
8703fc9eead243fe2f47380e962d7fa2
3d9f707259112fa9ccdd1e676f00eadcff71906c
b47b4ca26c57e3dceebd7abd067df9622599bed6bfb11b480f92d09a945cd213

HTTP Headers

GET /a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js HTTP/1.1
Host: d2zur9cc2gf1tx.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 25704
Connection: keep-alive
Accept-Ranges: bytes
Last-Modified: Mon, 18 Feb 2019 16:54:28 GMT
Server: Apache
Date: Sat, 04 Feb 2023 07:43:44 GMT
X-Cache: Hit from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: jJCz1rlUFcemFLtGxWIkUiWY9hX0bkVe5YB-ATQn3oOXvBfVmlp1Ig==
Age: 41405

onmarshtompor.com/?rb=XY4UMcN8HZ6nkbBPyMBndeeumoipV0fmZIM22tu9Xcbcj1oRpNoIv_sC6ooJueYnl9ojeuVavqB5GdI49qq0c_73nWTdLWW1-DXlw_nCoyuh0_zd2srjD7QUo5UUP3v2V5XXyTf7o5DkYibvOLCAH6QLH7Hcv1ULadezp3FChdAr3y1YOSv6Kp66B_n57WBG8xQjv4ZykYJhmgQlUjyZnfnqDBgjtHsI&request_ab2=0&zoneid=5630105&js_build=iclick-v1.479.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=3&pl=https%3A%2F%2Foxy.st%2Fd%2FvKog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.479.0&bs=88414ba5-a253-41eb-be68-c0a6b5849e96&userId=ef4797d9b3424653b045a69e56dba786&m=link

139.45.197.243

200 OK

34 kB

URL HTTP/2
onmarshtompor.com/?rb=XY4UMcN8HZ6nkbBPyMBndeeumoipV0fmZIM22tu9Xcbcj1oRpNoIv_sC6ooJueYnl9ojeuVavqB5GdI49qq0c_73nWTdLWW1-DXlw_nCoyuh0_zd2srjD7QUo5UUP3v2V5XXyTf7o5DkYibvOLCAH6QLH7Hcv1ULadezp3FChdAr3y1YOSv6Kp66B_n57WBG8xQjv4ZykYJhmgQlUjyZnfnqDBgjtHsI&request_ab2=0&zoneid=5630105&js_build=iclick-v1.479.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=3&pl=https%3A%2F%2Foxy.st%2Fd%2FvKog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.479.0&bs=88414ba5-a253-41eb-be68-c0a6b5849e96&userId=ef4797d9b3424653b045a69e56dba786&m=link
IP
139.45.197.243:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size
34 kB (34359 bytes)
Hash
2056c3f6551ab739e9804aeb6a75079e
c766cece3cc313bb4289cbfc38e1eca24d7fa00c
eabe7c608a54efe9b8e8b02c962c3a3c8dec9f8bc35019629d6190653053264d

HTTP Headers

GET /?rb=XY4UMcN8HZ6nkbBPyMBndeeumoipV0fmZIM22tu9Xcbcj1oRpNoIv_sC6ooJueYnl9ojeuVavqB5GdI49qq0c_73nWTdLWW1-DXlw_nCoyuh0_zd2srjD7QUo5UUP3v2V5XXyTf7o5DkYibvOLCAH6QLH7Hcv1ULadezp3FChdAr3y1YOSv6Kp66B_n57WBG8xQjv4ZykYJhmgQlUjyZnfnqDBgjtHsI&request_ab2=0&zoneid=5630105&js_build=iclick-v1.479.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=3&pl=https%3A%2F%2Foxy.st%2Fd%2FvKog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.479.0&bs=88414ba5-a253-41eb-be68-c0a6b5849e96&userId=ef4797d9b3424653b045a69e56dba786&m=link HTTP/1.1
Host: onmarshtompor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:43 GMT
content-type: application/json
x-trace-id: 9f048f5235bbb8f70e0c003b26640b77
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=ef4797d9b3424653b045a69e56dba786; expires=Sun, 04 Feb 2024 19:13:43 GMT; path=/; secure; SameSite=None
oaidts=1675538023; expires=Sun, 04 Feb 2024 19:13:43 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 11 Feb 2023 19:13:43 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
42f7bb86070a306c0902a2947bfd5db1
679751d86f7520d1e5e30b5bc050015450de75a7
ebccfef4e98d659e8e275dd6b2797b1154e42572695aefc916825bc0819e96dd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
42f7bb86070a306c0902a2947bfd5db1
679751d86f7520d1e5e30b5bc050015450de75a7
ebccfef4e98d659e8e275dd6b2797b1154e42572695aefc916825bc0819e96dd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e979cb943a245cc0be69046eacd6b3cd
dc40d8c60992c3b51288fdfddd00aeba83051359
c0d3aff5a18068419c3cdbff5a86b5c4a2131bee7f10d09b319f32f5c746de03

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4417
Cache-Control: max-age=86809
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:43 GMT
Etag: "63dd4d3f-1d7"
Expires: Sun, 05 Feb 2023 19:20:32 GMT
Last-Modified: Fri, 03 Feb 2023 18:06:55 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
27ce914bad3a60d980c23e19ae639690
270acbd8d798698216b3c48f0e09e0a2d8576836
d5ebe8ba92a47d866879d7a7ab736b586ff458f57e81552255eb423d2eb6719a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3180
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:43 GMT
Last-Modified: Sat, 04 Feb 2023 18:20:43 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

ocsp.globalsign.com/gsgccr3dvtlsca2020

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsgccr3dvtlsca2020
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1414 bytes)
Hash
781eb0a2732b26c8081539c32a1271eb
e5949ef6bd4c4592abb938c71abe9e0e45604f03
2d9b5915c541b4d244e6150a0f79e063c137866d175f99362960736b2d647d45

HTTP Headers

POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 19:13:43 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Wed, 08 Feb 2023 16:08:36 GMT
ETag: "e5949ef6bd4c4592abb938c71abe9e0e45604f03"
Last-Modified: Sat, 04 Feb 2023 16:08:37 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3203
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7945b9a9bf7eb512-OSL

ocsp2.globalsign.com/gsalphasha2g2

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsalphasha2g2
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1423 bytes)
Hash
e279a2208529a789e4e4648d6383dc87
e42a53e35051998b1db4f88eb34ceee794dd9250
7d2bb38fe3dc6fa357665973dd1e2f84249e35e0e2c14478b5bb238fecdb28f2

HTTP Headers

POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 19:13:43 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Wed, 08 Feb 2023 17:15:32 GMT
ETag: "e42a53e35051998b1db4f88eb34ceee794dd9250"
Last-Modified: Sat, 04 Feb 2023 17:15:33 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1010
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7945b9a9bb6db4e8-OSL

cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=7366b0de-cc5a-4870-a677-f558ad85e980

142.250.74.162

302 Found

341 B

URL HTTP/2
cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=7366b0de-cc5a-4870-a677-f558ad85e980
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
341 B (341 bytes)
Hash
96711d220c4b739604a021dd1f8f1791
3a8fae09d9bbda1188e421cd3e338eb1946507d8
f7418990c7f09afeb94ddbfe6169cfeb2ac4cbc20b82a8019657b5b67fa46329

HTTP Headers

GET /pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=7366b0de-cc5a-4870-a677-f558ad85e980 HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm=&dsp=dbm&fid=7366b0de-cc5a-4870-a677-f558ad85e980&google_tc=
date: Sat, 04 Feb 2023 19:13:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 341
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 04-Feb-2023 19:28:43 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=801058f1-b003-4377-6040-daeeb71d5a37&reqId=7d214d92-5c98-4049-466a-efbdfd39d2ed&zdid=1258

142.250.74.162

302 Found

447 B

URL HTTP/2
cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=801058f1-b003-4377-6040-daeeb71d5a37&reqId=7d214d92-5c98-4049-466a-efbdfd39d2ed&zdid=1258
IP
142.250.74.162:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Size
447 B (447 bytes)
Hash
50a245d5e569351e47f75b7e7529342e
e7ae95c8fbb87fa7a169328d594b259710cf16b2
045c5a5841c5eac13c8bc9e3260026b4513bbf53b90dba5a5e03dbf2d88a020b

HTTP Headers

GET /pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=801058f1-b003-4377-6040-daeeb71d5a37&reqId=7d214d92-5c98-4049-466a-efbdfd39d2ed&zdid=1258 HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=801058f1-b003-4377-6040-daeeb71d5a37&reqId=7d214d92-5c98-4049-466a-efbdfd39d2ed&zdid=1258&google_tc=
date: Sat, 04 Feb 2023 19:13:43 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 447
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 04-Feb-2023 19:28:43 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12771%26ref%3D%26url%3Dhttps%253A%252F%252Foxy.st%252Fd%252FvKog%26hn_ver%3D40%26fid%3D7366b0de-cc5a-4870-a677-f558ad85e980

185.89.210.153

307 Redirection

0 B

URL HTTP/1.1
secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12771%26ref%3D%26url%3Dhttps%253A%252F%252Foxy.st%252Fd%252FvKog%26hn_ver%3D40%26fid%3D7366b0de-cc5a-4870-a677-f558ad85e980
IP
185.89.210.153:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12771%26ref%3D%26url%3Dhttps%253A%252F%252Foxy.st%252Fd%252FvKog%26hn_ver%3D40%26fid%3D7366b0de-cc5a-4870-a677-f558ad85e980 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Sat, 04 Feb 2023 19:13:43 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FvKog%2526hn_ver%253D40%2526fid%253D7366b0de-cc5a-4870-a677-f558ad85e980
AN-X-Request-Uuid: e3410a89-030c-4467-a767-0611d4002762
Set-Cookie: uuid2=2166823847641554277; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 05-May-2023 19:13:43 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com

nanouwho.com/9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FvKog&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&sah=1002&drf=&hil=1&ist=0&oaid=ef4797d9b3424653b045a69e56dba786

139.45.197.242

204 No Content

0 B

URL HTTP/2
nanouwho.com/9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FvKog&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&sah=1002&drf=&hil=1&ist=0&oaid=ef4797d9b3424653b045a69e56dba786
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

OPTIONS /9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FvKog&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&sah=1002&drf=&hil=1&ist=0&oaid=ef4797d9b3424653b045a69e56dba786 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sat, 04 Feb 2023 19:13:43 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

counter.yadro.ru/hit?t52.6;r;s1280*1024*24;uhttps%3A//oxy.st/d/vKog;hDownload%20file%20neverlose%20crack.exe%20on%20Oxy.Cloud;0.4733088017360395

88.212.201.204

200 OK

423 B

URL HTTP/1.1
counter.yadro.ru/hit?t52.6;r;s1280*1024*24;uhttps%3A//oxy.st/d/vKog;hDownload%20file%20neverlose%20crack.exe%20on%20Oxy.Cloud;0.4733088017360395
IP
88.212.201.204:0
ASN
#39134 United Network LLC

File type
GIF image data, version 87a, 88 x 31\012- data
Size
423 B (423 bytes)
Hash
c611b1d80c326f415667f0d9a668e61c
7e0d25abaebfd3dcc498fa0206da66e0c62a048d
5902af7e739ca88a464fba405bdb881d31c3374a3c09e0b8dd756ed0ebfadb0a

HTTP Headers

GET /hit?t52.6;r;s1280*1024*24;uhttps%3A//oxy.st/d/vKog;hDownload%20file%20neverlose%20crack.exe%20on%20Oxy.Cloud;0.4733088017360395 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 04 Feb 2023 19:13:43 GMT
Content-Type: image/gif
Content-Length: 423
Connection: keep-alive
Expires: Thu, 03 Feb 2022 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
42f7bb86070a306c0902a2947bfd5db1
679751d86f7520d1e5e30b5bc050015450de75a7
ebccfef4e98d659e8e275dd6b2797b1154e42572695aefc916825bc0819e96dd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1

35.71.131.137

200 OK

70 B

URL HTTP/2
match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1
IP
35.71.131.137:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
70 B (70 bytes)
Hash
58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

HTTP Headers

GET /track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:44 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2

lg3.media.net/bping.php?vgd_len=485&&vgd_cdv=867&vgd_cage=1&gdpr=1&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1675538023600134899&ugd=4&lf=6&cc=NO&lper=100&wsip=170785142&r=1675538060837&requrl=https%3A%2F%2Foxy.st%2Fd%2FvKog&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=50304&vgd_rakh=1675538023112555035&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p02015665066t202302041914&vgd_pgids=1&vgd_uspa=0&hvsid=00001675538060832015326356482586&gdpr=1&vgd_l2type=scs_newfl&vgd_end=1

2.18.172.23

200 OK

35 B

URL HTTP/2
lg3.media.net/bping.php?vgd_len=485&&vgd_cdv=867&vgd_cage=1&gdpr=1&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1675538023600134899&ugd=4&lf=6&cc=NO&lper=100&wsip=170785142&r=1675538060837&requrl=https%3A%2F%2Foxy.st%2Fd%2FvKog&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=50304&vgd_rakh=1675538023112555035&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p02015665066t202302041914&vgd_pgids=1&vgd_uspa=0&hvsid=00001675538060832015326356482586&gdpr=1&vgd_l2type=scs_newfl&vgd_end=1
IP
2.18.172.23:0
ASN
#16625 AKAMAI-AS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
349909ce1e0bc971d452284590236b09
adfc01f8a9de68b9b27e6f98a68737c162167066
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

HTTP Headers

GET /bping.php?vgd_len=485&&vgd_cdv=867&vgd_cage=1&gdpr=1&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1675538023600134899&ugd=4&lf=6&cc=NO&lper=100&wsip=170785142&r=1675538060837&requrl=https%3A%2F%2Foxy.st%2Fd%2FvKog&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=50304&vgd_rakh=1675538023112555035&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p02015665066t202302041914&vgd_pgids=1&vgd_uspa=0&hvsid=00001675538060832015326356482586&gdpr=1&vgd_l2type=scs_newfl&vgd_end=1 HTTP/1.1
Host: lg3.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 35
content-type: image/gif
access-control-allow-origin: *
strict-transport-security: max-age=21600
expires: Sat, 04 Feb 2023 19:13:44 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 04 Feb 2023 19:13:44 GMT
X-Firefox-Spdy: h2

id5-sync.com/g/v2/102.json

162.19.138.117

200

216 B

URL HTTP/1.1
id5-sync.com/g/v2/102.json
IP
162.19.138.117:0
ASN
#16276 OVH SAS

File type
JSON data\012- , ASCII text, with no line terminators
Size
216 B (216 bytes)
Hash
829254aea8997be999378870d3eba0a8
0f1c75d4af7681c2e24eaa5662e323598907ec08
96df1ff80ea1a35721a1aebcc4fc32c631773881cabc283b8053e2fcb3092219

HTTP Headers

POST /g/v2/102.json HTTP/1.1
Host: id5-sync.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 155
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Sat, 04 Feb 2023 19:13:43 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload

gum.criteo.com/sync?c=147&r=2&j=criteoCallback

178.250.0.157

200 OK

0 B

URL HTTP/2
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-crto-bundle
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:43 GMT
server: Kestrel
content-length: 0
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-headers: X-CRTO-SID, X-CRTO-IDCPY, X-CRTO-OPTOUT, X-CRTO-BUNDLE
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 513198
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

ibrapush.com/custom

139.45.197.250

200 OK

0 B

URL HTTP/2
ibrapush.com/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:44 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

139.45.197.242

200 OK

8.5 kB

URL HTTP/2
nanouwho.com/9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FvKog&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&sah=1002&drf=&hil=1&ist=0&oaid=ef4797d9b3424653b045a69e56dba786
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with very long lines (13426)
Size
8.5 kB (8501 bytes)
Hash
f8312e4f2bdfca255be16f721cb7e8c3
0e526c4b58ed5563a4ceea5e0d6bb8cc7d276154
032f2b6e84b7ba8a0370c06c3e6fb5d628e1cbfb0be037acd84acfc53c85ce2b

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /9?z=5630103&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FvKog&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&sah=1002&drf=&hil=1&ist=0&oaid=ef4797d9b3424653b045a69e56dba786 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 158
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: scm=1; OAID=5aab2871a8624cfc8868ee20991b502d; oaidts=1675538023
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:44 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 5839c01ebd09329f903f0f62cb898b50
access-control-expose-headers: X-Sc
set-cookie: OAID=ef4797d9b3424653b045a69e56dba786; expires=Sun, 04 Feb 2024 19:13:44 GMT; secure; SameSite=None
oaidts=1675538023; expires=Sun, 04 Feb 2024 19:13:44 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

ibrapush.com/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
ibrapush.com/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Content-Type: application/json
Origin: https://oxy.st
Content-Length: 355
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:44 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 0d8e854712a9e7299df0728c717c8db5
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FvKog&nse=5&vi=1675538023600134899&ugd=4&sff=0&pgid=p02015665066t202302041914&nb=1

2.18.172.23

200 OK

330 B

URL HTTP/2
contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FvKog&nse=5&vi=1675538023600134899&ugd=4&sff=0&pgid=p02015665066t202302041914&nb=1
IP
2.18.172.23:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (550), with no line terminators
Size
330 B (330 bytes)
Hash
3d99f1928749f033534b1a3beeba987b
5631d6620752623d9be9acfb1169fb45a032220e
4283e0ca958305ae89b6de0d816f5fa7b6fd18947f7f73d7a74bcd44d9717ed7

HTTP Headers

GET /smtr?cb=window._mNDetails.initAd&&gdpr=1&cid=8CU7BC15F&cpcd=AsZK00HS1DbaKD6Sqj_EvA%3D%3D&crid=468178560&size=300x250&cc=NO&https=1&vif=1&requrl=https%3A%2F%2Foxy.st%2Fd%2FvKog&nse=5&vi=1675538023600134899&ugd=4&sff=0&pgid=p02015665066t202302041914&nb=1 HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-encoding: gzip
content-type: text/javascript
x-sc-h: 22-xmgd
expires: Sat, 04 Feb 2023 19:13:44 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 04 Feb 2023 19:13:44 GMT
content-length: 330
vary: Accept-Encoding
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

gum.criteo.com/sync?c=147&r=2&j=criteoCallback

178.250.0.157

200 OK

8.8 kB

URL HTTP/2
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type
C source, ASCII text, with very long lines (29466)
Size
8.8 kB (8806 bytes)
Hash
7481bc2e2bafe0042d9afbdf65196888
b9f54ff581c9072151378f839b436852b6c90d25
f84de7431267ad020c8d5bb72a4a05d9a25d6b0a8dae1d5151db5d70ab334df9

HTTP Headers

GET /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
x-crto-bundle: SI6f018lMkJFUjlERFdqT0ljdGx6TE10YnNCUURKcnh4SDZnSTVrdUh2NzdNQ0hRUCUyQndGelBuT01wJTJGMTMxcklQcjlPTkxsMmQwT0VDZmhhZCUyRmJpVWZoUnR3cFZEYkZJVW90UUtwRmR0dFc4a2NSMEJvJTNE
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:43 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
access-control-allow-credentials: true
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 1471059
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

nanouwho.com/11?rnd=934243323&z=5630103&b=16336477&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=IP3Or6cenRZYwDQ2xcp4kYhfB877jUjvc8kaXVymJ565hWLnprPEyUOKCz6Ybp9PNBdZ7wvYazmXwpYu_bqBQCjMHQTdgGM0RYar6mMg5gC4pYwM5iLv2SYPVR1snc5QkD0QtyT5OgaT_3rkFAyk6VhCBk3av6I8QIDJUzFpxnefm7ILgTgX0RqMcs7Uf1eJwzV5oNHwrsqqorDiCSmlnRJSQtFFM9CXkjrazj0MT90nS8sxAHRVkK4t3dtCKUywebl_mtvqN0WBc8yctgRgrh-aYoOGoJiChvqCaVGy1Cd9c9H9DRWcMfHTUH-Tsz4JxsFFqNw3YMCilHAWv0npfZ7RaYSzKO1yB5oPSAtAUp-4439kvSizIA4ITJg8oEx6IhTakZiA6bYZuS1Q_8rUzXsJT_9gfHfPQoL_Ne4lqADAOdxlHSACF-FEJTJF3EC-BDE2KWYBPFBExr4NW0R4dnd2f_hT7r5SUc6w09Ynnq9OVSrUBCieRAsxMAl5xP4VZR3svbdhYOHxItY7EFEuyOrEtWqDTcLcDIZJx_a6De0TPVYpOl6IvLonkebLsRDc_wfs5BX6k6F6lAb7PsxzvvsiDNoA6-NC0MXPwkoKuEHfUpNxMnjALQbcFyT30Tu3x6_p-IB-amqKuq4EBAVEcXXutiaUZPXuSQ6DK1NWcMy5VKzCw62WM8CtYeDA9Atl_yMFSsiFqwgDmCdfDBj1RFOtcoIV4jqCZVnu5jjkH_8OmKNbR9dCNg==&ruid=614e4d89-88b6-4149-9f66-5c81cae9e9d1&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FvKog&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&sah=1002&drf=&hil=1&ist=0&ot=316

139.45.197.242

200 OK

0 B

URL HTTP/2
nanouwho.com/11?rnd=934243323&z=5630103&b=16336477&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=IP3Or6cenRZYwDQ2xcp4kYhfB877jUjvc8kaXVymJ565hWLnprPEyUOKCz6Ybp9PNBdZ7wvYazmXwpYu_bqBQCjMHQTdgGM0RYar6mMg5gC4pYwM5iLv2SYPVR1snc5QkD0QtyT5OgaT_3rkFAyk6VhCBk3av6I8QIDJUzFpxnefm7ILgTgX0RqMcs7Uf1eJwzV5oNHwrsqqorDiCSmlnRJSQtFFM9CXkjrazj0MT90nS8sxAHRVkK4t3dtCKUywebl_mtvqN0WBc8yctgRgrh-aYoOGoJiChvqCaVGy1Cd9c9H9DRWcMfHTUH-Tsz4JxsFFqNw3YMCilHAWv0npfZ7RaYSzKO1yB5oPSAtAUp-4439kvSizIA4ITJg8oEx6IhTakZiA6bYZuS1Q_8rUzXsJT_9gfHfPQoL_Ne4lqADAOdxlHSACF-FEJTJF3EC-BDE2KWYBPFBExr4NW0R4dnd2f_hT7r5SUc6w09Ynnq9OVSrUBCieRAsxMAl5xP4VZR3svbdhYOHxItY7EFEuyOrEtWqDTcLcDIZJx_a6De0TPVYpOl6IvLonkebLsRDc_wfs5BX6k6F6lAb7PsxzvvsiDNoA6-NC0MXPwkoKuEHfUpNxMnjALQbcFyT30Tu3x6_p-IB-amqKuq4EBAVEcXXutiaUZPXuSQ6DK1NWcMy5VKzCw62WM8CtYeDA9Atl_yMFSsiFqwgDmCdfDBj1RFOtcoIV4jqCZVnu5jjkH_8OmKNbR9dCNg==&ruid=614e4d89-88b6-4149-9f66-5c81cae9e9d1&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FvKog&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&sah=1002&drf=&hil=1&ist=0&ot=316
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /11?rnd=934243323&z=5630103&b=16336477&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=IP3Or6cenRZYwDQ2xcp4kYhfB877jUjvc8kaXVymJ565hWLnprPEyUOKCz6Ybp9PNBdZ7wvYazmXwpYu_bqBQCjMHQTdgGM0RYar6mMg5gC4pYwM5iLv2SYPVR1snc5QkD0QtyT5OgaT_3rkFAyk6VhCBk3av6I8QIDJUzFpxnefm7ILgTgX0RqMcs7Uf1eJwzV5oNHwrsqqorDiCSmlnRJSQtFFM9CXkjrazj0MT90nS8sxAHRVkK4t3dtCKUywebl_mtvqN0WBc8yctgRgrh-aYoOGoJiChvqCaVGy1Cd9c9H9DRWcMfHTUH-Tsz4JxsFFqNw3YMCilHAWv0npfZ7RaYSzKO1yB5oPSAtAUp-4439kvSizIA4ITJg8oEx6IhTakZiA6bYZuS1Q_8rUzXsJT_9gfHfPQoL_Ne4lqADAOdxlHSACF-FEJTJF3EC-BDE2KWYBPFBExr4NW0R4dnd2f_hT7r5SUc6w09Ynnq9OVSrUBCieRAsxMAl5xP4VZR3svbdhYOHxItY7EFEuyOrEtWqDTcLcDIZJx_a6De0TPVYpOl6IvLonkebLsRDc_wfs5BX6k6F6lAb7PsxzvvsiDNoA6-NC0MXPwkoKuEHfUpNxMnjALQbcFyT30Tu3x6_p-IB-amqKuq4EBAVEcXXutiaUZPXuSQ6DK1NWcMy5VKzCw62WM8CtYeDA9Atl_yMFSsiFqwgDmCdfDBj1RFOtcoIV4jqCZVnu5jjkH_8OmKNbR9dCNg==&ruid=614e4d89-88b6-4149-9f66-5c81cae9e9d1&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Foxy.st%2Fd%2FvKog&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&sah=1002&drf=&hil=1&ist=0&ot=316 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: scm=1; OAID=ef4797d9b3424653b045a69e56dba786; oaidts=1675538023
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:44 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 64c69dc1b1d4ffafa6545bb94b408801
access-control-expose-headers: X-Sc
set-cookie: OAID=ef4797d9b3424653b045a69e56dba786; expires=Sun, 04 Feb 2024 19:13:44 GMT; secure; SameSite=None
oaidts=1675538023; expires=Sun, 04 Feb 2024 19:13:44 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.35

200 OK

45 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size
45 kB (44856 bytes)
Hash
565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

HTTP Headers

GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 30 Jan 2023 18:52:41 GMT
expires: Tue, 30 Jan 2024 18:52:41 GMT
cache-control: public, max-age=31536000
age: 433263
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.249

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aa9baec3f514eb9005481fef2f2b7e8b
e092ae025b7d17e4686f201d6d636e254afa0445
372af35d8d9fd0bcefe0120326ef38af60b02425189765ba49c8399eef38f0cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "372AF35D8D9FD0BCEFE0120326EF38AF60B02425189765BA49C8399EEF38F0CB"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3208
Expires: Sat, 04 Feb 2023 20:07:12 GMT
Date: Sat, 04 Feb 2023 19:13:44 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.249

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7948
Expires: Sat, 04 Feb 2023 21:26:12 GMT
Date: Sat, 04 Feb 2023 19:13:44 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.249

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7948
Expires: Sat, 04 Feb 2023 21:26:12 GMT
Date: Sat, 04 Feb 2023 19:13:44 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.249

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7948
Expires: Sat, 04 Feb 2023 21:26:12 GMT
Date: Sat, 04 Feb 2023 19:13:44 GMT
Connection: keep-alive

betotodilea.com/500/5630102?excludes=&oaid=ef4797d9b3424653b045a69e56dba786&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&pl=https%3A%2F%2Foxy.st%2Fd%2FvKog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

10 kB

URL HTTP/2
betotodilea.com/500/5630102?excludes=&oaid=ef4797d9b3424653b045a69e56dba786&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&pl=https%3A%2F%2Foxy.st%2Fd%2FvKog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
data
Size
10 kB (10374 bytes)
Hash
7f46db8858052201ed77612adc92f4a1
e5b29408b3c839f5af167860edfd7021b8b7533e
187131ff18bccd925db10703b8a3fb0e586c64d0aa3f9609dc760fe368176ccd

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /500/5630102?excludes=&oaid=ef4797d9b3424653b045a69e56dba786&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=3&pl=https%3A%2F%2Foxy.st%2Fd%2FvKog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: OAID=349c1f4dc255441c9fb06bb46ae5839d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:44 GMT
content-type: application/javascript
x-trace-id: 998020bb2fee6e9eba708f7a1cac4528
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: https://oxy.st
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=ef4797d9b3424653b045a69e56dba786; expires=Sun, 04 Feb 2024 19:13:44 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5174 bytes)
Hash
e5b4e4f15da3323c73974c3f1cdb5d74
1f14971d0cf979cc34ff191849dc43d86e8ac463
5893d7e5b2fd9de92829b303c42d0c07ff32b3f6b8705b6f5b4a784315c8808e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5174
x-amzn-requestid: 35630c70-3bad-47b4-94bb-09c873632194
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EFAHIAMFQQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-317b1fbb3bee0f377697bf3d;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OD5cy75AkNMwTIvIool2nKbKgr5Jpo1Plm_X_YPr3rdPbg86_V2fdA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:00:26 GMT
age: 76398
etag: "1f14971d0cf979cc34ff191849dc43d86e8ac463"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

gum.criteo.com/sync?c=147&r=2&j=criteoCallback

178.250.0.157

200 OK

19 kB

URL HTTP/2
gum.criteo.com/sync?c=147&r=2&j=criteoCallback
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type
data
Size
19 kB (19059 bytes)
Hash
61f72fb9b8f582cf96ba4790da7578c2
81732ac5b1614c94c0ee7b25eb0c56f37344de68
a5ce674be64916fa2378956d5027e6bfc97bb10f2dcd489318a0de46054b721f

HTTP Headers

GET /sync?c=147&r=2&j=criteoCallback HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:42 GMT
content-type: text/javascript; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 426424
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

nanouwho.com/1?z=5630103

139.45.197.242

200 OK

15 kB

URL HTTP/2
nanouwho.com/1?z=5630103
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type
data
Size
15 kB (15255 bytes)
Hash
0d701f7eebed23d6aa2d2209c14e4e22
5acc6837bed2e3b092f1fa7199956239f9c716a0
e5be90272b0c156eff1c77b77e6d812860e1b648a26fa24d0fec08316f8ad418

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /1?z=5630103 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:43 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 92abbbee4ae6817b0ee2cd296d3cae08
access-control-expose-headers: X-Sc
x-sc: MIKGja8ZuAteo--gFJHtTgFWV0ShcJ9gVveWChKJMCBi12oDR57GoWzYmjBO4qr3U8CsN2ME-OD4yMGxOxSDueYU-f4=
set-cookie: scm=1; expires=Sun, 04 Feb 2024 19:13:43 GMT; secure; SameSite=None
OAID=5aab2871a8624cfc8868ee20991b502d; expires=Sun, 04 Feb 2024 19:13:43 GMT; secure; SameSite=None
oaidts=1675538023; expires=Sun, 04 Feb 2024 19:13:43 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8527 bytes)
Hash
6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: 6a8c6487-6069-47d1-afa1-648626f85439
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyDqqGg5oAMFV-A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd7fdd-0a772cde1e6fba6d7da97435;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:42:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: CHWhIpyzhoPtMUplzh1430Q9FfCM1wkTc_hQsgQk6InM9tYBPGYnNg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:05:44 GMT
age: 76080
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11565 bytes)
Hash
e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lsQxPtozrh2Ty1T-3d-1crDfi8HgVKRafOXb1UFl033bCx3kAzTS7w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 06:20:04 GMT
age: 46420
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FvKog%2526hn_ver%253D40%2526fid%253D7366b0de-cc5a-4870-a677-f558ad85e980

185.89.210.153

302 Found

0 B

URL HTTP/1.1
secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FvKog%2526hn_ver%253D40%2526fid%253D7366b0de-cc5a-4870-a677-f558ad85e980
IP
185.89.210.153:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.cpx.to%252Fan_fire%253Fapp_nexus_uid%253D%2524UID%2526pid%253D12771%2526ref%253D%2526url%253Dhttps%25253A%25252F%25252Foxy.st%25252Fd%25252FvKog%2526hn_ver%253D40%2526fid%253D7366b0de-cc5a-4870-a677-f558ad85e980 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Sat, 04 Feb 2023 19:13:44 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://s.cpx.to/an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FvKog&hn_ver=40&fid=7366b0de-cc5a-4870-a677-f558ad85e980
AN-X-Request-Uuid: f679e6b9-2090-41ad-97d2-78fdcadff1f8
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com

s.cpx.to/ca.png?dsp=dbm&fid=7366b0de-cc5a-4870-a677-f558ad85e980&google_error=3

52.50.35.7

200 OK

95 B

URL HTTP/1.1
s.cpx.to/ca.png?dsp=dbm&fid=7366b0de-cc5a-4870-a677-f558ad85e980&google_error=3
IP
52.50.35.7:0
ASN
#16509 AMAZON-02

File type
PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Size
95 B (95 bytes)
Hash
9606fa62df0ffe87253f3baf418f0e42
fe8520ab0bf1622350513d685ece5faf70b4e8c1
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

HTTP Headers

GET /ca.png?dsp=dbm&fid=7366b0de-cc5a-4870-a677-f558ad85e980&google_error=3 HTTP/1.1
Host: s.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Cookie: cpSess=c08c0792ed21fcd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 19:13:44 GMT
Content-Type: image/png
Content-Length: 95
Connection: keep-alive
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: none
cache-control: no-store, must-revalidate, private, max-age=0
pragma: no-cache
set-cookie: cpSess=c08c0792ed21fcd; Expires=Sun, 04 Feb 2024 19:13:44 GMT; Domain=.cpx.to; Path=/; Secure; HttpOnly; SameSite=None

mwzeom.zeotap.com/mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=801058f1-b003-4377-6040-daeeb71d5a37&reqId=7d214d92-5c98-4049-466a-efbdfd39d2ed&zdid=1258&google_error=3

104.22.24.87

200 OK

95 B

URL HTTP/2
mwzeom.zeotap.com/mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=801058f1-b003-4377-6040-daeeb71d5a37&reqId=7d214d92-5c98-4049-466a-efbdfd39d2ed&zdid=1258&google_error=3
IP
104.22.24.87:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Size
95 B (95 bytes)
Hash
71a50dbba44c78128b221b7df7bb51f1
0ec63b140374ba704a58fa0c743cb357683313dd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

HTTP Headers

GET /mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=801058f1-b003-4377-6040-daeeb71d5a37&reqId=7d214d92-5c98-4049-466a-efbdfd39d2ed&zdid=1258&google_error=3 HTTP/1.1
Host: mwzeom.zeotap.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Cookie: zc=801058f1-b003-4377-6040-daeeb71d5a37; zsc=F%0A2%5DM%EFo%13%3C%E1%13s%9Dx2%B7H9%FD%19%07%93%15%FC-YR%86y%5E%5E%99%9A%9Al%BC%08O%A2%E3%25~%E8%8F%15%99d%95P%E8ST%E7%AB%FF%D8h%BE%BB%EA%89%FA%DDqpD%9E%D6%A6%B6%22%EA%EBz%CB%0E%2B%0F%D5%FAH%BF%BC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:44 GMT
content-type: image/png
content-length: 95
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://oxy.st
set-cookie: zc=801058f1-b003-4377-6040-daeeb71d5a37; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7945b9ad5bd4b4ee-OSL
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

313 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
313 B (313 bytes)
Hash
820ab364ace15fb6026587292ccde36f
143ad84a1bd92d255ae21c8b764e05f7f0868bed
791e50bc873f584e10cef087ea4d95ef2102d6a304a58de7f7e86d351059254e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5255
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:44 GMT
Last-Modified: Sat, 04 Feb 2023 17:46:09 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 313

offerimage.com/www/images/1355aa125a385056845e0ee1d5384e9a.jpeg

104.22.32.172

200 OK

13 kB

URL HTTP/2
offerimage.com/www/images/1355aa125a385056845e0ee1d5384e9a.jpeg
IP
104.22.32.172:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
13 kB (13093 bytes)
Hash
1355aa125a385056845e0ee1d5384e9a
cfa5fd1b2dd6b299c0aecdf19fec3532ce4392ea
248797fff982ee400ab78ff6831182372f9ef8a6916364192ca0f30556577733

HTTP Headers

GET /www/images/1355aa125a385056845e0ee1d5384e9a.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:44 GMT
content-type: image/jpeg
content-length: 13093
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6388849b-3325"
expires: Sun, 05 Feb 2023 04:51:45 GMT
last-modified: Thu, 01 Dec 2022 10:40:27 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 51719
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7945b9adda7815fc-ARN
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
761c70aea865f27c277a60a7aa196529
a55e89e7211c22ccbe79c3fbb490ccfc60e81b66
54fcff75930ad3a9bc7b3a74630bd63ebabcaaffd767dcd6beaf7f3160f11c8f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 19:13:44 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 15:49:36 GMT
Expires: Wed, 08 Feb 2023 15:49:35 GMT
Etag: "a55e89e7211c22ccbe79c3fbb490ccfc60e81b66"
Cache-Control: max-age=332750,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7945b9ab7c47b529-OSL

interstitial-07.com/contents/s/92/b1/fa/3e6ac20bfd9b337a2bdcff8913/01020067798991.jpeg

139.45.197.151

200 OK

19 kB

URL HTTP/2
interstitial-07.com/contents/s/92/b1/fa/3e6ac20bfd9b337a2bdcff8913/01020067798991.jpeg
IP
139.45.197.151:0
ASN
#9002 RETN Limited

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 256x256, components 3\012- data
Size
19 kB (18595 bytes)
Hash
92b1fa3e6ac20bfd9b337a2bdcff8913
8ddd4369abfb4cae5adb19e7766b43a80fb9ebc9
b96dc4eca04e55234134cfe61c671ffa283e810bceeb21dc5af8894a2dc2593a

HTTP Headers

GET /contents/s/92/b1/fa/3e6ac20bfd9b337a2bdcff8913/01020067798991.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=zK3ge3qjcPqt2jk&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3028078003%26z%3D5630103%26b%3D16336477%26c%3D6497346%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DIP3Or6cenRZYwDQ2xcp4kYhfB877jUjvc8kaXVymJ565hWLnprPEyUOKCz6Ybp9PNBdZ7wvYazmXwpYu_bqBQCjMHQTdgGM0RYar6mMg5gC4pYwM5iLv2SYPVR1snc5QkD0QtyT5OgaT_3rkFAyk6VhCBk3av6I8QIDJUzFpxnefm7ILgTgX0RqMcs7Uf1eJwzV5oNHwrsqqorDiCSmlnRJSQtFFM9CXkjrazj0MT90nS8sxAHRVkK4t3dtCKUywebl_mtvqN0WBc8yctgRgrh-aYoOGoJiChvqCaVGy1Cd9c9H9DRWcMfHTUH-Tsz4JxsFFqNw3YMCilHAWv0npfZ7RaYSzKO1yB5oPSAtAUp-4439kvSizIA4ITJg8oEx6IhTakZiA6bYZuS1Q_8rUzXsJT_9gfHfPQoL_Ne4lqADAOdxlHSACF-FEJTJF3EC-BDE2KWYBPFBExr4NW0R4dnd2f_hT7r5SUc6w09Ynnq9OVSrUBCieRAsxMAl5xP4VZR3svbdhYOHxItY7EFEuyOrEtWqDTcLcDIZJx_a6De0TPVYpOl6IvLonkebLsRDc_wfs5BX6k6F6lAb7PsxzvvsiDNoA6-NC0MXPwkoKuEHfUpNxMnjALQbcFyT30Tu3x6_p-IB-amqKuq4EBAVEcXXutiaUZPXuSQ6DK1NWcMy5VKzCw62WM8CtYeDA9Atl_yMFSsiFqwgDmCdfDBj1RFOtcoIV4jqCZVnu5jjkH_8OmKNbR9dCNg%3D%3D%26bag%3Dk61ASqzarAVbT7gseeGtWw%3D%3D%26ruid%3D614e4d89-88b6-4149-9f66-5c81cae9e9d1%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FvKog%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D3%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:44 GMT
content-type: image/jpeg
content-length: 18595
last-modified: Wed, 14 Dec 2022 16:39:14 GMT
vary: Accept-Encoding
etag: "6399fc32-48a3"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1

178.250.0.162

200 OK

43 B

URL HTTP/2
csm.fr.eu.criteo.net/iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1
IP
178.250.0.162:0
ASN
#44788 Criteo SA

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /iev?entry=c~Idfs.Rtus.147.Events.StartInit~1&entry=c~Idfs.Rtus.147.Origin.FromBundle~1&entry=c~Idfs.Rtus.147.Headers.Bundle~1&entry=c~Idfs.Rtus.147.Events.InitiateFetch~1 HTTP/1.1
Host: csm.fr.eu.criteo.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:44 GMT
pragma: no-cache
server: Finatra
expires: 0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
content-length: 43
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.249

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c4455a8901fc5ff61cd711137f563b0f
7cf4e2456c1713cb8f49803d7a580ff47d9c7c9b
7cca83bfdc93cc697cd7a933f55eb23e3a5f038b6ca8ce78b0d1100b233f1396

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7CCA83BFDC93CC697CD7A933F55EB23E3A5F038B6CA8CE78B0D1100B233F1396"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4832
Expires: Sat, 04 Feb 2023 20:34:16 GMT
Date: Sat, 04 Feb 2023 19:13:44 GMT
Connection: keep-alive

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f

139.45.195.254

200 OK

12 B

URL HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
139.45.195.254:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1166
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 04 Feb 2023 19:13:48 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://oxy.st
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

interstitial-07.com/contents/s/23/3d/e7/e93460b01c5e023eb263207fc0/0793907651252.jpeg

139.45.197.151

200 OK

43 kB

URL HTTP/2
interstitial-07.com/contents/s/23/3d/e7/e93460b01c5e023eb263207fc0/0793907651252.jpeg
IP
139.45.197.151:0
ASN
#9002 RETN Limited

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 492x328, components 3\012- data
Size
43 kB (43387 bytes)
Hash
233de7e93460b01c5e023eb263207fc0
c6666b8bf4ef074150b69bff8c382e18c9a40843
b3297291029509cbc0ce08ebfd108961dbc17b7b1be14b3bf0ee21fcf74e1add

HTTP Headers

GET /contents/s/23/3d/e7/e93460b01c5e023eb263207fc0/0793907651252.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=zK3ge3qjcPqt2jk&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3028078003%26z%3D5630103%26b%3D16336477%26c%3D6497346%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DIP3Or6cenRZYwDQ2xcp4kYhfB877jUjvc8kaXVymJ565hWLnprPEyUOKCz6Ybp9PNBdZ7wvYazmXwpYu_bqBQCjMHQTdgGM0RYar6mMg5gC4pYwM5iLv2SYPVR1snc5QkD0QtyT5OgaT_3rkFAyk6VhCBk3av6I8QIDJUzFpxnefm7ILgTgX0RqMcs7Uf1eJwzV5oNHwrsqqorDiCSmlnRJSQtFFM9CXkjrazj0MT90nS8sxAHRVkK4t3dtCKUywebl_mtvqN0WBc8yctgRgrh-aYoOGoJiChvqCaVGy1Cd9c9H9DRWcMfHTUH-Tsz4JxsFFqNw3YMCilHAWv0npfZ7RaYSzKO1yB5oPSAtAUp-4439kvSizIA4ITJg8oEx6IhTakZiA6bYZuS1Q_8rUzXsJT_9gfHfPQoL_Ne4lqADAOdxlHSACF-FEJTJF3EC-BDE2KWYBPFBExr4NW0R4dnd2f_hT7r5SUc6w09Ynnq9OVSrUBCieRAsxMAl5xP4VZR3svbdhYOHxItY7EFEuyOrEtWqDTcLcDIZJx_a6De0TPVYpOl6IvLonkebLsRDc_wfs5BX6k6F6lAb7PsxzvvsiDNoA6-NC0MXPwkoKuEHfUpNxMnjALQbcFyT30Tu3x6_p-IB-amqKuq4EBAVEcXXutiaUZPXuSQ6DK1NWcMy5VKzCw62WM8CtYeDA9Atl_yMFSsiFqwgDmCdfDBj1RFOtcoIV4jqCZVnu5jjkH_8OmKNbR9dCNg%3D%3D%26bag%3Dk61ASqzarAVbT7gseeGtWw%3D%3D%26ruid%3D614e4d89-88b6-4149-9f66-5c81cae9e9d1%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FvKog%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D3%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:44 GMT
content-type: image/jpeg
content-length: 43387
last-modified: Wed, 14 Dec 2022 16:39:07 GMT
vary: Accept-Encoding
etag: "6399fc2b-a97b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

pixel.quantserve.com/pixel;r=657185338;labels=Categories.technologyandcomputing;rf=0;a=p-6Fv0cGNfc_bw8;url=https%3A%2F%2Foxy.st%2Fd%2FvKog;uht=2;fpan=1;fpa=P0-2065110834-1675538060876;pbc=;ns=0;ce=1;qjs=1;qv=bf501fc4-20230203135208;cm=;gdpr=0;ref=;d=oxy.st;dst=0;et=1675538061388;tzo=0;ogl=;ses=36622a20-632b-40c8-b126-d7233bef6c67

91.228.74.168

200 OK

35 B

URL HTTP/2
pixel.quantserve.com/pixel;r=657185338;labels=Categories.technologyandcomputing;rf=0;a=p-6Fv0cGNfc_bw8;url=https%3A%2F%2Foxy.st%2Fd%2FvKog;uht=2;fpan=1;fpa=P0-2065110834-1675538060876;pbc=;ns=0;ce=1;qjs=1;qv=bf501fc4-20230203135208;cm=;gdpr=0;ref=;d=oxy.st;dst=0;et=1675538061388;tzo=0;ogl=;ses=36622a20-632b-40c8-b126-d7233bef6c67
IP
91.228.74.168:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
55d25e9dc950d5db4d53a3b195c046c6
75e91ae3e549dab12ed1c9787ade9131aef1c981
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

HTTP Headers

GET /pixel;r=657185338;labels=Categories.technologyandcomputing;rf=0;a=p-6Fv0cGNfc_bw8;url=https%3A%2F%2Foxy.st%2Fd%2FvKog;uht=2;fpan=1;fpa=P0-2065110834-1675538060876;pbc=;ns=0;ce=1;qjs=1;qv=bf501fc4-20230203135208;cm=;gdpr=0;ref=;d=oxy.st;dst=0;et=1675538061388;tzo=0;ogl=;ses=36622a20-632b-40c8-b126-d7233bef6c67 HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:44 GMT
content-type: image/gif
content-length: 35
cache-control: private, no-cache, no-store, proxy-revalidate
expires: Fri, 04 Aug 1978 12:00:00 GMT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
pragma: no-cache
set-cookie: mc=63deae68-a5798-27673-05e78; expires=Wed, 06-Mar-2024 19:13:44 GMT; path=/; domain=.quantserve.com
X-Firefox-Spdy: h2

s.cpx.to/an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FvKog&hn_ver=40&fid=7366b0de-cc5a-4870-a677-f558ad85e980

52.50.35.7

200 OK

95 B

URL HTTP/1.1
s.cpx.to/an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FvKog&hn_ver=40&fid=7366b0de-cc5a-4870-a677-f558ad85e980
IP
52.50.35.7:0
ASN
#16509 AMAZON-02

File type
PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Size
95 B (95 bytes)
Hash
9606fa62df0ffe87253f3baf418f0e42
fe8520ab0bf1622350513d685ece5faf70b4e8c1
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

HTTP Headers

GET /an_fire?app_nexus_uid=0&pid=12771&ref=&url=https%3A%2F%2Foxy.st%2Fd%2FvKog&hn_ver=40&fid=7366b0de-cc5a-4870-a677-f558ad85e980 HTTP/1.1
Host: s.cpx.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Cookie: cpSess=c08c0792ed21fcd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 19:13:44 GMT
Content-Type: image/png
Content-Length: 95
Connection: keep-alive
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self'
x-permitted-cross-domain-policies: none
cache-control: no-store, must-revalidate, private, max-age=0
pragma: no-cache
set-cookie: cpSess=c08c0792ed21fcd; Expires=Sun, 04 Feb 2024 19:13:44 GMT; Domain=.cpx.to; Path=/; Secure; HttpOnly; SameSite=None
p3p: CP="NOI DEV ADM"
expires: Sat, 04 Feb 2023 19:13:44 UTC

ibrapush.com/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
ibrapush.com/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Content-Type: application/json
Origin: https://oxy.st
Content-Length: 719
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:44 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 979a79d398e2ad7739af27f9103bc63d
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

unphionetor.com/vctx?t=72747

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vctx?t=72747
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /vctx?t=72747 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sat, 04 Feb 2023 19:13:44 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 55678e92752524c25be0aa3342865285
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

312 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
312 B (312 bytes)
Hash
6521d1238a4ed164bc6fe76707f28b96
cb61b728667d4cbaa6b8c237cc3149dd1b1e5347
879378a93eb2c9cb965791e7fd17de8568210fec4c8269f9c19aa28d28c2eec5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3998
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:44 GMT
Last-Modified: Sat, 04 Feb 2023 18:07:06 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 312

unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sat, 04 Feb 2023 19:13:44 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 4abf13c5239d9065d01cec1fd98c3e0a
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

312 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
312 B (312 bytes)
Hash
6521d1238a4ed164bc6fe76707f28b96
cb61b728667d4cbaa6b8c237cc3149dd1b1e5347
879378a93eb2c9cb965791e7fd17de8568210fec4c8269f9c19aa28d28c2eec5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3998
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 19:13:44 GMT
Last-Modified: Sat, 04 Feb 2023 18:07:06 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 312

ocsp.sca1b.amazontrust.com/

54.230.245.39

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.39:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
e3ad96178414ca3060b8066c4891817b
c31bac2d4c13500b322585b337602fa84d6f817d
ffcddc904a1da9a9b492bf0697e7548b52d11c56cbf66d1e5e7bc5171209c554

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 04 Feb 2023 19:13:44 GMT
Last-Modified: Sat, 04 Feb 2023 18:28:00 GMT
Server: ECS (bsa/EB24)
X-Cache: Miss from cloudfront
Via: 1.1 b2b04ca80b95df6bc86478a1bf96b7cc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: NMu6t6kt72NK0WIkC6wPBASikiOw7qFjJs-vWSMso1opMDrUGa-Maw==
Age: 2745

adtrack.adleadevent.com/notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7

54.154.10.160

200 OK

20 B

URL HTTP/1.1
adtrack.adleadevent.com/notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7
IP
54.154.10.160:0
ASN
#16509 AMAZON-02

File type
data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7 HTTP/1.1
Host: adtrack.adleadevent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://oxy.st
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Content-Encoding: gzip
Content-Type: application/x-javascript
Date: Sat, 04 Feb 2023 19:13:44 GMT
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat, 04 Feb 2023 19:13:44 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Length: 20
Connection: keep-alive

gum.criteo.com/sid/json?origin=rtus&domain=oxy.st&sn=FirefoxSyncframe&so=3&topUrl=oxy.st&bundle=SI6f018lMkJFUjlERFdqT0ljdGx6TE10YnNCUURKcnh4SDZnSTVrdUh2NzdNQ0hRUCUyQndGelBuT01wJTJGMTMxcklQcjlPTkxsMmQwT0VDZmhhZCUyRmJpVWZoUnR3cFZEYkZJVW90UUtwRmR0dFc4a2NSMEJvJTNE&info=2Ng_uV80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3hkYWJBMlVQTEl4JTJCYUR5Zm81RDlwU3ZOdHFncDBwTjhpYjdZODNxU1EySg&idsd=1389297974,936302261&cw=1&rtusCallerId=147&lsw=1

178.250.0.157

200 OK

336 B

URL HTTP/2
gum.criteo.com/sid/json?origin=rtus&domain=oxy.st&sn=FirefoxSyncframe&so=3&topUrl=oxy.st&bundle=SI6f018lMkJFUjlERFdqT0ljdGx6TE10YnNCUURKcnh4SDZnSTVrdUh2NzdNQ0hRUCUyQndGelBuT01wJTJGMTMxcklQcjlPTkxsMmQwT0VDZmhhZCUyRmJpVWZoUnR3cFZEYkZJVW90UUtwRmR0dFc4a2NSMEJvJTNE&info=2Ng_uV80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3hkYWJBMlVQTEl4JTJCYUR5Zm81RDlwU3ZOdHFncDBwTjhpYjdZODNxU1EySg&idsd=1389297974,936302261&cw=1&rtusCallerId=147&lsw=1
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type
data
Size
336 B (336 bytes)
Hash
3d85c67635f100a2df5dc46ef28704ad
76e3306d7e3a423e6983da7df21fe0cd7c7c6565
a587688a732a7a29df68eb1e6a04688e4ef886b22ad93ac5f68be9754664ed96

HTTP Headers

GET /sid/json?origin=rtus&domain=oxy.st&sn=FirefoxSyncframe&so=3&topUrl=oxy.st&bundle=SI6f018lMkJFUjlERFdqT0ljdGx6TE10YnNCUURKcnh4SDZnSTVrdUh2NzdNQ0hRUCUyQndGelBuT01wJTJGMTMxcklQcjlPTkxsMmQwT0VDZmhhZCUyRmJpVWZoUnR3cFZEYkZJVW90UUtwRmR0dFc4a2NSMEJvJTNE&info=2Ng_uV80M0RITmhlJTJCZkMwOUJGQlhaMUN2c3hkYWJBMlVQTEl4JTJCYUR5Zm81RDlwU3ZOdHFncDBwTjhpYjdZODNxU1EySg&idsd=1389297974,936302261&cw=1&rtusCallerId=147&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:44 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
server-processing-duration-in-ticks: 971696
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

betotodilea.com/impression/e3wufnP7xoFjh3YAe43_heMPBOQh-5r_4XUY9vJddRMrUpNrT1czhqgyQAaeVi80jdyeDqeafFLRQh41HILrS4A0to4iS3qInvnO3iJ7FJGeOiUPm1ipmTpDowNT6-16eXSiOVfybPPjEkKaHcgE9NKfMjuxk36esOPTY0w2tPkS0x901IMHLL6hC6ufwTQV2VEOrpthsh3YvSeVk4NXKLbw67w_RY3dxhCJAdEe2D2MWYwwrq3Abcd63M-j9ldbOC6dUjTJIAfSU8LBo83YGhAKCrHbwv4AvV6iVLsjzup3oSzB7CKbxXVRkmRz0J7V0OJv2szm3ePK-D_xQu2MDYSTFL07SNclzSVPrJ-uYlVUuTP8mu4IsetQzuRg1Srn7oH710xPwxa61y1JSHmU2prl9fU7Y-tEpxuCEZ_AC6QTeaXeITeeoHeowYOacRatTd4OXZLcB55lDxbEWAVhLyGH_xtYgIk-th7o72gEEb0PrcEk8WiwWhQzZiV4PJp4Uaju6zn2ksrwnf5fY3lVMwEOx8aBM8rXD_FzikdfQzieugOB7D8Axxrhjv_-i7ubwCz8eppseKI=?_z=5630102&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Foxy.st%2Fd%2FvKog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

43 B

URL HTTP/2
betotodilea.com/impression/e3wufnP7xoFjh3YAe43_heMPBOQh-5r_4XUY9vJddRMrUpNrT1czhqgyQAaeVi80jdyeDqeafFLRQh41HILrS4A0to4iS3qInvnO3iJ7FJGeOiUPm1ipmTpDowNT6-16eXSiOVfybPPjEkKaHcgE9NKfMjuxk36esOPTY0w2tPkS0x901IMHLL6hC6ufwTQV2VEOrpthsh3YvSeVk4NXKLbw67w_RY3dxhCJAdEe2D2MWYwwrq3Abcd63M-j9ldbOC6dUjTJIAfSU8LBo83YGhAKCrHbwv4AvV6iVLsjzup3oSzB7CKbxXVRkmRz0J7V0OJv2szm3ePK-D_xQu2MDYSTFL07SNclzSVPrJ-uYlVUuTP8mu4IsetQzuRg1Srn7oH710xPwxa61y1JSHmU2prl9fU7Y-tEpxuCEZ_AC6QTeaXeITeeoHeowYOacRatTd4OXZLcB55lDxbEWAVhLyGH_xtYgIk-th7o72gEEb0PrcEk8WiwWhQzZiV4PJp4Uaju6zn2ksrwnf5fY3lVMwEOx8aBM8rXD_FzikdfQzieugOB7D8Axxrhjv_-i7ubwCz8eppseKI=?_z=5630102&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Foxy.st%2Fd%2FvKog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /impression/e3wufnP7xoFjh3YAe43_heMPBOQh-5r_4XUY9vJddRMrUpNrT1czhqgyQAaeVi80jdyeDqeafFLRQh41HILrS4A0to4iS3qInvnO3iJ7FJGeOiUPm1ipmTpDowNT6-16eXSiOVfybPPjEkKaHcgE9NKfMjuxk36esOPTY0w2tPkS0x901IMHLL6hC6ufwTQV2VEOrpthsh3YvSeVk4NXKLbw67w_RY3dxhCJAdEe2D2MWYwwrq3Abcd63M-j9ldbOC6dUjTJIAfSU8LBo83YGhAKCrHbwv4AvV6iVLsjzup3oSzB7CKbxXVRkmRz0J7V0OJv2szm3ePK-D_xQu2MDYSTFL07SNclzSVPrJ-uYlVUuTP8mu4IsetQzuRg1Srn7oH710xPwxa61y1JSHmU2prl9fU7Y-tEpxuCEZ_AC6QTeaXeITeeoHeowYOacRatTd4OXZLcB55lDxbEWAVhLyGH_xtYgIk-th7o72gEEb0PrcEk8WiwWhQzZiV4PJp4Uaju6zn2ksrwnf5fY3lVMwEOx8aBM8rXD_FzikdfQzieugOB7D8Axxrhjv_-i7ubwCz8eppseKI=?_z=5630102&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=6&pl=https%3A%2F%2Foxy.st%2Fd%2FvKog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Cookie: OAID=ef4797d9b3424653b045a69e56dba786
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:48 GMT
content-type: image/gif
content-length: 43
x-trace-id: 87a7c83988fdd4b31ac17d009c4ef8a0
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

betotodilea.com/500/5630102?excludes=16368910&oaid=ef4797d9b3424653b045a69e56dba786&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FvKog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/500/5630102?excludes=16368910&oaid=ef4797d9b3424653b045a69e56dba786&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FvKog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

OPTIONS /500/5630102?excludes=16368910&oaid=ef4797d9b3424653b045a69e56dba786&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FvKog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:49 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://oxy.st
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

139.45.197.237

200 OK

12 kB

URL HTTP/2
betotodilea.com/500/5630102?excludes=16368910&oaid=ef4797d9b3424653b045a69e56dba786&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FvKog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type
data
Size
12 kB (11830 bytes)
Hash
533369435e08bc5be6265ad40c72c8ab
26fc3a8facdaae129da081e7afec683da97132e6
1c6c2b00f4effdde376d033e821ccdb6ba19bc005bb719819a48bcee6253dfae

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /500/5630102?excludes=16368910&oaid=ef4797d9b3424653b045a69e56dba786&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=7&pl=https%3A%2F%2Foxy.st%2Fd%2FvKog&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Cookie: OAID=ef4797d9b3424653b045a69e56dba786
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:49 GMT
content-type: application/javascript
x-trace-id: 16c3b034fc59525a2afaae4d144f9bb2
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: https://oxy.st
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=ef4797d9b3424653b045a69e56dba786; expires=Sun, 04 Feb 2024 19:13:49 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

ibrapush.com/custom

139.45.197.250

200 OK

39 B

URL HTTP/2
ibrapush.com/custom
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Content-Type: application/json
Origin: https://oxy.st
Content-Length: 363
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:51 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 9c120127512e0acdd837806ab43153ab
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?pub=0&userId=7491fd7f8be14376ad0b03e88d12fe47&zoneId=5630104&checkDuplicate=true&ymid=&var=

139.45.195.8

200 OK

65 B

URL HTTP/2
my.rtmark.net/gid.js?pub=0&userId=7491fd7f8be14376ad0b03e88d12fe47&zoneId=5630104&checkDuplicate=true&ymid=&var=
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
61334d8358d2bfa5c72cf1983ac059a1
daa5afed2cdfa15ac5e4f65c4732fa01c2a96c3f
5d43b94a0ad1905792ee2b7b445b733f085143bfa312496d00a58733bf448d36

HTTP Headers

GET /gid.js?pub=0&userId=7491fd7f8be14376ad0b03e88d12fe47&zoneId=5630104&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Cookie: ID=ef4797d9b3424653b045a69e56dba786
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:51 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://oxy.st
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=ef4797d9b3424653b045a69e56dba786; expires=Sun, 04 Feb 2024 19:13:51 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

bedrapiona.com/5/5630105/?oo=1&js_build=iclick-v1.479.0

139.45.197.234

200 OK

0 B

URL HTTP/2
bedrapiona.com/5/5630105/?oo=1&js_build=iclick-v1.479.0
IP
139.45.197.234:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /5/5630105/?oo=1&js_build=iclick-v1.479.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:43 GMT
content-type: application/json
x-trace-id: 52c45410aa546e2745549fcf45c4b70c
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=ef4797d9b3424653b045a69e56dba786; expires=Sun, 04 Feb 2024 19:13:43 GMT; path=/; secure; SameSite=None
oaidts=1675538023; expires=Sun, 04 Feb 2024 19:13:43 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

contextual.media.net/dmedianet.js?cid=8CU7BC15F

2.18.172.23

200 OK

0 B

URL HTTP/2
contextual.media.net/dmedianet.js?cid=8CU7BC15F
IP
2.18.172.23:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /dmedianet.js?cid=8CU7BC15F HTTP/1.1
Host: contextual.media.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Apache
content-type: text/javascript; charset=utf-8
x-mnt-h: 22-pz6p
x-mnt-w: 22-krbh
etag: "c1560bfbbd3234ebc025679925a32bf1"
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=300
expires: Sat, 04 Feb 2023 19:18:43 GMT
date: Sat, 04 Feb 2023 19:13:43 GMT
X-Firefox-Spdy: h2

image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D7366b0de-cc5a-4870-a677-f558ad85e980

185.64.189.110

302 Found

0 B

URL HTTP/2
image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D7366b0de-cc5a-4870-a677-f558ad85e980
IP
185.64.189.110:0
ASN
#62713 AS-PUBMATIC

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D7366b0de-cc5a-4870-a677-f558ad85e980 HTTP/1.1
Host: image2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Sat, 04 Feb 2023 19:13:43 GMT
set-cookie: KTPCACOOKIE=true; domain=pubmatic.com; secure; expires=Fri, 05-May-2023 19:13:43 GMT; path=/
location: https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D7366b0de-cc5a-4870-a677-f558ad85e980
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
X-Firefox-Spdy: h2

oxy.st/sw.js

185.178.208.137

200 OK

0 B

URL HTTP/2
oxy.st/sw.js
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sw.js HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/d/vKog
Connection: keep-alive
Cookie: __ddg1_=YBL8p34iJl5URvVxhaN7; PHPSESSID=iau4ej3e22uktv7qd6ds8gddf2; _pbjs_userid_consent_data=3524755945110770; sharedid=61a2fdd9-9e19-42f8-aee9-c4f4f461701c; cto_bundle=SI6f018lMkJFUjlERFdqT0ljdGx6TE10YnNCUURKcnh4SDZnSTVrdUh2NzdNQ0hRUCUyQndGelBuT01wJTJGMTMxcklQcjlPTkxsMmQwT0VDZmhhZCUyRmJpVWZoUnR3cFZEYkZJVW90UUtwRmR0dFc4a2NSMEJvJTNE; cto_bidid=_HaLNl9FM1FBVkpTcWlldEpqejVKdFdGRlBtZ2FOcjVIbUl5UzNRUDBrSndOekdETmE1ZlNhVTMwa1NpZ0ttb2VLYkNuOHJKY25PNzJYZ3NkY0xyYUpZNUIxUSUzRCUzRA; prefetchAd_5630105=true; session_depth=oxy.st%3D1%7C468178560%3D1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 19:13:44 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
content-encoding: gzip
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2

interstitial-07.com/?l=zK3ge3qjcPqt2jk&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3028078003%26z%3D5630103%26b%3D16336477%26c%3D6497346%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DIP3Or6cenRZYwDQ2xcp4kYhfB877jUjvc8kaXVymJ565hWLnprPEyUOKCz6Ybp9PNBdZ7wvYazmXwpYu_bqBQCjMHQTdgGM0RYar6mMg5gC4pYwM5iLv2SYPVR1snc5QkD0QtyT5OgaT_3rkFAyk6VhCBk3av6I8QIDJUzFpxnefm7ILgTgX0RqMcs7Uf1eJwzV5oNHwrsqqorDiCSmlnRJSQtFFM9CXkjrazj0MT90nS8sxAHRVkK4t3dtCKUywebl_mtvqN0WBc8yctgRgrh-aYoOGoJiChvqCaVGy1Cd9c9H9DRWcMfHTUH-Tsz4JxsFFqNw3YMCilHAWv0npfZ7RaYSzKO1yB5oPSAtAUp-4439kvSizIA4ITJg8oEx6IhTakZiA6bYZuS1Q_8rUzXsJT_9gfHfPQoL_Ne4lqADAOdxlHSACF-FEJTJF3EC-BDE2KWYBPFBExr4NW0R4dnd2f_hT7r5SUc6w09Ynnq9OVSrUBCieRAsxMAl5xP4VZR3svbdhYOHxItY7EFEuyOrEtWqDTcLcDIZJx_a6De0TPVYpOl6IvLonkebLsRDc_wfs5BX6k6F6lAb7PsxzvvsiDNoA6-NC0MXPwkoKuEHfUpNxMnjALQbcFyT30Tu3x6_p-IB-amqKuq4EBAVEcXXutiaUZPXuSQ6DK1NWcMy5VKzCw62WM8CtYeDA9Atl_yMFSsiFqwgDmCdfDBj1RFOtcoIV4jqCZVnu5jjkH_8OmKNbR9dCNg%3D%3D%26bag%3Dk61ASqzarAVbT7gseeGtWw%3D%3D%26ruid%3D614e4d89-88b6-4149-9f66-5c81cae9e9d1%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FvKog%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D3%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0

139.45.197.151

200 OK

0 B

URL HTTP/2
interstitial-07.com/?l=zK3ge3qjcPqt2jk&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3028078003%26z%3D5630103%26b%3D16336477%26c%3D6497346%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DIP3Or6cenRZYwDQ2xcp4kYhfB877jUjvc8kaXVymJ565hWLnprPEyUOKCz6Ybp9PNBdZ7wvYazmXwpYu_bqBQCjMHQTdgGM0RYar6mMg5gC4pYwM5iLv2SYPVR1snc5QkD0QtyT5OgaT_3rkFAyk6VhCBk3av6I8QIDJUzFpxnefm7ILgTgX0RqMcs7Uf1eJwzV5oNHwrsqqorDiCSmlnRJSQtFFM9CXkjrazj0MT90nS8sxAHRVkK4t3dtCKUywebl_mtvqN0WBc8yctgRgrh-aYoOGoJiChvqCaVGy1Cd9c9H9DRWcMfHTUH-Tsz4JxsFFqNw3YMCilHAWv0npfZ7RaYSzKO1yB5oPSAtAUp-4439kvSizIA4ITJg8oEx6IhTakZiA6bYZuS1Q_8rUzXsJT_9gfHfPQoL_Ne4lqADAOdxlHSACF-FEJTJF3EC-BDE2KWYBPFBExr4NW0R4dnd2f_hT7r5SUc6w09Ynnq9OVSrUBCieRAsxMAl5xP4VZR3svbdhYOHxItY7EFEuyOrEtWqDTcLcDIZJx_a6De0TPVYpOl6IvLonkebLsRDc_wfs5BX6k6F6lAb7PsxzvvsiDNoA6-NC0MXPwkoKuEHfUpNxMnjALQbcFyT30Tu3x6_p-IB-amqKuq4EBAVEcXXutiaUZPXuSQ6DK1NWcMy5VKzCw62WM8CtYeDA9Atl_yMFSsiFqwgDmCdfDBj1RFOtcoIV4jqCZVnu5jjkH_8OmKNbR9dCNg%3D%3D%26bag%3Dk61ASqzarAVbT7gseeGtWw%3D%3D%26ruid%3D614e4d89-88b6-4149-9f66-5c81cae9e9d1%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FvKog%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D3%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
IP
139.45.197.151:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /?l=zK3ge3qjcPqt2jk&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fnanouwho.com%2F12%3Frnd%3D3028078003%26z%3D5630103%26b%3D16336477%26c%3D6497346%26var%3D%26d%3Dhttps%253A%252F%252Fsingelstodate.com%252Fbase.php%253Fc%253D1499%2526key%253D078e8e1696ef5f705a04995394169693%2526zoneid%253D%257Bzoneid%257D%2526cost%253D%257Bcost%257D%2526subid%253D%2524%257BSUBID%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DIP3Or6cenRZYwDQ2xcp4kYhfB877jUjvc8kaXVymJ565hWLnprPEyUOKCz6Ybp9PNBdZ7wvYazmXwpYu_bqBQCjMHQTdgGM0RYar6mMg5gC4pYwM5iLv2SYPVR1snc5QkD0QtyT5OgaT_3rkFAyk6VhCBk3av6I8QIDJUzFpxnefm7ILgTgX0RqMcs7Uf1eJwzV5oNHwrsqqorDiCSmlnRJSQtFFM9CXkjrazj0MT90nS8sxAHRVkK4t3dtCKUywebl_mtvqN0WBc8yctgRgrh-aYoOGoJiChvqCaVGy1Cd9c9H9DRWcMfHTUH-Tsz4JxsFFqNw3YMCilHAWv0npfZ7RaYSzKO1yB5oPSAtAUp-4439kvSizIA4ITJg8oEx6IhTakZiA6bYZuS1Q_8rUzXsJT_9gfHfPQoL_Ne4lqADAOdxlHSACF-FEJTJF3EC-BDE2KWYBPFBExr4NW0R4dnd2f_hT7r5SUc6w09Ynnq9OVSrUBCieRAsxMAl5xP4VZR3svbdhYOHxItY7EFEuyOrEtWqDTcLcDIZJx_a6De0TPVYpOl6IvLonkebLsRDc_wfs5BX6k6F6lAb7PsxzvvsiDNoA6-NC0MXPwkoKuEHfUpNxMnjALQbcFyT30Tu3x6_p-IB-amqKuq4EBAVEcXXutiaUZPXuSQ6DK1NWcMy5VKzCw62WM8CtYeDA9Atl_yMFSsiFqwgDmCdfDBj1RFOtcoIV4jqCZVnu5jjkH_8OmKNbR9dCNg%3D%3D%26bag%3Dk61ASqzarAVbT7gseeGtWw%3D%3D%26ruid%3D614e4d89-88b6-4149-9f66-5c81cae9e9d1%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Foxy.st%252Fd%252FvKog%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D3%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:44 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.27
set-cookie: reverse=0dXe4-e4mORcJ9ePfcMztvcV6ccZk36eorRhmnsCC9M; expires=Sat, 04-Feb-2023 20:13:44 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2

oxy.st/d/vKog

185.178.208.137

200 OK

0 B

URL HTTP/2
oxy.st/d/vKog
IP
185.178.208.137:0
ASN
#57724 Ddos-guard Ltd

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /d/vKog HTTP/1.1
Host: oxy.st
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 04 Feb 2023 19:13:42 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: __ddg1_=YBL8p34iJl5URvVxhaN7; Domain=.oxy.st; HttpOnly; Path=/; Expires=Sun, 04-Feb-2024 19:13:42 GMT
PHPSESSID=iau4ej3e22uktv7qd6ds8gddf2; path=/; domain=.oxy.st
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

ads.themoneytizer.com/s/gen.js?type=2

185.76.9.25

200 OK

0 B

URL HTTP/2
ads.themoneytizer.com/s/gen.js?type=2
IP
185.76.9.25:0
ASN
#60068 Datacamp Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /s/gen.js?type=2 HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:42 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=604800
x-accel-expires: @1676052509
server: CDN77-Turbo
x-77-nzt: AblMCRSdo/X/yWABAA
x-77-nzt-ray: af5856301aa7191866aede630cb13f32
x-cache: HIT
x-age: 90313
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

ads.themoneytizer.com/IIQUniversalID.js

185.76.9.25

200 OK

0 B

URL HTTP/2
ads.themoneytizer.com/IIQUniversalID.js
IP
185.76.9.25:0
ASN
#60068 Datacamp Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /IIQUniversalID.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:42 GMT
content-type: application/javascript
last-modified: Wed, 12 Oct 2022 18:48:43 GMT
expires: Sat, 04 Feb 2023 18:08:28 GMT
cache-control: max-age=86400, public, no-transform
pragma: public
x-accel-expires: @1675620509
server: CDN77-Turbo
x-77-nzt: AblMCRTReaz/SQ8AAA
x-77-nzt-ray: af5856301aa7191866aede63cdf8f539
x-cache: HIT
x-age: 3913
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st

178.250.0.157

200 OK

0 B

URL HTTP/2
gum.criteo.com/syncframe?origin=rtus&topUrl=oxy.st
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /syncframe?origin=rtus&topUrl=oxy.st HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:44 GMT
content-type: text/html; charset=utf-8
server: Kestrel
cache-control: private, max-age=3600
set-cookie: uid=933d2e52-e9bc-45ed-a19e-3a427d580acb; expires=Thu, 29 Feb 2024 19:13:44 GMT; domain=.criteo.com; path=/; secure; samesite=none
optout=0; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=.criteo.com; path=/
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 732237
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

gem.gbc.criteo.com/newidsd

185.235.84.140

200 OK

0 B

URL HTTP/2
gem.gbc.criteo.com/newidsd
IP
185.235.84.140:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /newidsd HTTP/1.1
Host: gem.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:44 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 61085
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D7366b0de-cc5a-4870-a677-f558ad85e980

185.64.189.110

200 OK

0 B

URL HTTP/2
image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D7366b0de-cc5a-4870-a677-f558ad85e980
IP
185.64.189.110:0
ASN
#62713 AS-PUBMATIC

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3D7366b0de-cc5a-4870-a677-f558ad85e980 HTTP/1.1
Host: image2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:43 GMT
content-type: text/html; charset=utf-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip
X-Firefox-Spdy: h2

ag.gbc.criteo.com/newidsd

185.235.84.169

200 OK

0 B

URL HTTP/2
ag.gbc.criteo.com/newidsd
IP
185.235.84.169:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /newidsd HTTP/1.1
Host: ag.gbc.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gum.criteo.com/
Origin: https://gum.criteo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:44 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://gum.criteo.com
server-processing-duration-in-ticks: 87234
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=2

185.76.9.25

200 OK

0 B

URL HTTP/2
ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=2
IP
185.76.9.25:0
ASN
#60068 Datacamp Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /s/requestform.js?siteId=85433&formatId=2 HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:42 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=604800
x-accel-expires: @1676052543
server: CDN77-Turbo
x-77-nzt: AblMCRRPafb/p2ABAA
x-77-nzt-ray: af5856301aa7191866aede6316ba7f32
x-cache: HIT
x-age: 90279
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js

54.230.111.33

200 OK

0 B

URL HTTP/2
rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js
IP
54.230.111.33:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /rules-p-6Fv0cGNfc_bw8.js HTTP/1.1
Host: rules.quantcount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
date: Sat, 04 Feb 2023 18:40:45 GMT
last-modified: Thu, 13 Oct 2022 22:35:53 GMT
etag: W/"1f431dc94c1f033d6666f0fe637e2d7b"
x-amz-server-side-encryption: AES256
cache-control: max-age=3600
server: AmazonS3
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: aumXFK4A25NimRWwHcSYa2ssmlthYdBkfOo0KnxyfYFXbOIAQe4lHQ==
age: 1980
X-Firefox-Spdy: h2

ibrapush.com/pfe/current/universal.min.js?v=3.1.415

139.45.197.250

200 OK

0 B

URL HTTP/2
ibrapush.com/pfe/current/universal.min.js?v=3.1.415
IP
139.45.197.250:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.415 HTTP/1.1
Host: ibrapush.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:43 GMT
content-type: application/javascript
last-modified: Fri, 27 Jan 2023 11:03:52 GMT
etag: W/"63d3af98-18c6c"
access-control-allow-origin: https://oxy.st
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

betotodilea.com/400/5630102

139.45.197.237

200 OK

0 B

URL HTTP/2
betotodilea.com/400/5630102
IP
139.45.197.237:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /400/5630102 HTTP/1.1
Host: betotodilea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:43 GMT
content-type: application/javascript
x-trace-id: 6b82f6915f78d55f60398efb16ab0ef0
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=349c1f4dc255441c9fb06bb46ae5839d; expires=Sun, 04 Feb 2024 19:13:43 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

tzegilo.com/stattag.js

104.21.89.122

200 OK

0 B

URL HTTP/2
tzegilo.com/stattag.js
IP
104.21.89.122:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:43 GMT
content-type: application/javascript
last-modified: Fri, 03 Feb 2023 16:30:52 GMT
etag: W/"63dd36bc-43b7"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2160
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ocN9Cgu1BLjgCegeRyTZJ3QfZEMmTM%2BgWc2HotGrOAjJsvb9R4g1uaS1d35repzGLbi3jb228TuyS6rvrRhUKNXBPA9yJ4ZhnESyyLq4%2BbJ0lDYRsY2i4I2m31BpHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7945b9a8bd28fac4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

unphionetor.com/fv.js?t=72747&cb=1435429157

139.45.197.236

200 OK

0 B

URL HTTP/2
unphionetor.com/fv.js?t=72747&cb=1435429157
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /fv.js?t=72747&cb=1435429157 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:44 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: eea51fee73cc4605598a37b2f65fef0a
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

ads.themoneytizer.com/moneybid7_28/build/dist/prebid.js

185.76.9.25

200 OK

0 B

URL HTTP/2
ads.themoneytizer.com/moneybid7_28/build/dist/prebid.js
IP
185.76.9.25:0
ASN
#60068 Datacamp Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /moneybid7_28/build/dist/prebid.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:42 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 21:13:00 GMT
expires: Sat, 04 Feb 2023 18:08:28 GMT
cache-control: max-age=86400, public, no-transform
pragma: public
x-accel-expires: @1675620509
server: CDN77-Turbo
x-77-nzt: AblMCRQQggD/SQ8AAA
x-77-nzt-ray: af5856301aa7191866aede63592abf3a
x-cache: HIT
x-age: 3913
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

nanouwho.com/27/843a9f1226eda0484b879504742bc6d9

139.45.197.242

200 OK

0 B

URL HTTP/2
nanouwho.com/27/843a9f1226eda0484b879504742bc6d9
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /27/843a9f1226eda0484b879504742bc6d9 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Cookie: scm=1; OAID=5aab2871a8624cfc8868ee20991b502d; oaidts=1675538023
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 19:13:43 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
cache-control: max-age:290304000, public
last-modified: Fri, 03 Feb 2023 06:00:36 GMT
expires: Fri, 05 Mar 2083 06:00:36 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1

178.250.0.157

200 OK

0 B

URL HTTP/2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://oxy.st/
Origin: https://oxy.st
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:43 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 622436
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Montserrat:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i

142.250.74.138

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Montserrat:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
IP
142.250.74.138:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Montserrat:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 04 Feb 2023 19:13:42 GMT
date: Sat, 04 Feb 2023 19:13:42 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ads.themoneytizer.com/moneybile.js

185.76.9.25

200 OK

0 B

URL HTTP/2
ads.themoneytizer.com/moneybile.js
IP
185.76.9.25:0
ASN
#60068 Datacamp Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /moneybile.js HTTP/1.1
Host: ads.themoneytizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:42 GMT
content-type: application/javascript
last-modified: Fri, 12 Mar 2021 17:07:19 GMT
expires: Sat, 04 Feb 2023 18:08:28 GMT
cache-control: max-age=86400, public, no-transform
pragma: public
x-accel-expires: @1675620509
server: CDN77-Turbo
x-77-nzt: AblMCRS0kgD/SQ8AAA
x-77-nzt-ray: af5856301aa7191866aede63a5303d3a
x-cache: HIT
x-age: 3913
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1

178.250.0.157

200 OK

0 B

URL HTTP/2
gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1
IP
178.250.0.157:0
ASN
#44788 Criteo SA

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1 HTTP/1.1
Host: gum.criteo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://oxy.st
Connection: keep-alive
Referer: https://oxy.st/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 04 Feb 2023 19:13:43 GMT
content-type: application/json; charset=utf-8
server: Kestrel
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://oxy.st
server-processing-duration-in-ticks: 1356570
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (57)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML