r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11964
Expires: Sat, 28 Jan 2023 22:16:56 GMT
Date: Sat, 28 Jan 2023 18:57:32 GMT
Connection: keep-alive
neexulro.net/-1APBO/3TYuU?rndad=^
104.21.0.99301 Moved Permanently 0 B URL HTTP/1.1 neexulro.net/-1APBO/3TYuU?rndad=^
IP 104.21.0.99:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /-1APBO/3TYuU?rndad=^ HTTP/1.1
Host: neexulro.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 28 Jan 2023 18:57:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: FLYSESSID=d6n7aoov9i2v5ltl25ljdckj8c; path=/; HttpOnly; SameSite=Lax
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-powered-by: adfly
strict-transport-security: max-age=0
location: http://oaxyteek.net/-123055CJSE/-1APBO?rndad=1532635802-1674932252
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vyb5t8JFM6T4iVQPnzubP5c85YYsmZzWgWmSYmUOhPOhQK%2B43rR7pOJ6CwsYVM1upqwjgouQ7HvAxVNnq3faYtUYbqC%2BGfZZcBbEs%2B0wk%2FREr6ES3Neuc%2FKsdvb6HXc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 790bf44dba28b509-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3eb88dea4fe00db1182370e72683c3ab
ca520abf1e91bfd2aef40c6a1270a911071e8922
d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14422
Expires: Sat, 28 Jan 2023 22:57:54 GMT
Date: Sat, 28 Jan 2023 18:57:32 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 18:35:31 GMT
content-type: application/json
age: 1321
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3154
Expires: Sat, 28 Jan 2023 19:50:06 GMT
Date: Sat, 28 Jan 2023 18:57:32 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: bFFv+1BVQ6Snet7sbQ4EoxtE7tzSiF5iL4pHh1GE4VlENSlHEO/p6tFKykuSqLhY5EzDYcnQapk=
x-amz-request-id: 0GFD5GD38D0YGTZQ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 18:50:01 GMT
age: 451
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 18:57:32 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
oaxyteek.net/-123055CJSE/-1APBO?rndad=1532635802-1674932252
172.67.157.221302 Found 0 B URL HTTP/1.1 oaxyteek.net/-123055CJSE/-1APBO?rndad=1532635802-1674932252
IP 172.67.157.221:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /-123055CJSE/-1APBO?rndad=1532635802-1674932252 HTTP/1.1
Host: oaxyteek.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Sat, 28 Jan 2023 18:57:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
set-cookie: FLYSESSID=r14iks39e4d458ou7ai6j91lg2; path=/; HttpOnly; SameSite=Lax
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-powered-by: adfly
strict-transport-security: max-age=0
location: /not-found.php
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gSqiYxbBCvDaj5D74vHqgkIc4eePVI9kym5HnfJpBbmmIhUa7TD%2FtM9%2Fs0g3z0B5yDWiN5luhMj6%2F6xy0sq9bpt6pPNecYHTQ86tgdRBsCIO%2BIBTvd4c3mTo2cwOzLU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 790bf44fcbc4b500-OSL
alt-svc: h2=":443"; ma=60
oaxyteek.net/not-found.php
172.67.157.221404 Not Found 3.2 kB URL HTTP/1.1 oaxyteek.net/not-found.php
IP 172.67.157.221:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (6710)
Hash 6ac395b523796e2401042d46434a3c66
79a04a140d22d8de9885664ab8087327376538e4
ac3331105691e1b3ef2e5aee51010c4a816188806c9fdb4c9fd2f227c3748da8
NIDS Severity Alert suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
GET /not-found.php HTTP/1.1
Host: oaxyteek.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: FLYSESSID=r14iks39e4d458ou7ai6j91lg2
Upgrade-Insecure-Requests: 1
HTTP/1.1 404 Not Found
Date: Sat, 28 Jan 2023 18:57:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-powered-by: PHP/7.3.27
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xVTTGGbMa9U%2FR9YbIVwFIyliZdqzP5n8NFMFmMQxpjJWVRnv4Dn3HQ4i0GElRfz43hVImqYiMK%2Bv082sVp3PfN7fvawa9kxCLD8Q89J4p3BtWTeVCjTGY1EaSUjMQwQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 790bf451ae18b500-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash bab8a4c1e6bb2e6c9cc00222eef1235d
1a5dd108e9f9aaf33bc048b0097a9f510d295cad
fd182297a143655a9142e3ee5bbafefd76ca974094f43fb695611f6876f3ab63
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 18:57:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 36147c185553851c38547798733a9fb2
912ec40237eae2ed558d09103c86c41f87896eca
a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 18:57:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 18:41:40 GMT
age: 952
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-5NL9VFJ
142.250.74.40200 OK 41 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5NL9VFJ
IP 142.250.74.40:0
File type ASCII text, with very long lines (1759)
Hash fe4173fa0e91d1c909be3f3b17912a1e
bd0b3d0e21815af7d52edff6cb7afadf4feb7cee
d6e7bd61148a5b885a29f92a795c1967c7443092006bfd27f45dad604ee45fd8
GET /gtm.js?id=GTM-5NL9VFJ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://oaxyteek.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 28 Jan 2023 18:57:32 GMT
expires: Sat, 28 Jan 2023 18:57:32 GMT
cache-control: private, max-age=900
last-modified: Sat, 28 Jan 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 40980
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 36147c185553851c38547798733a9fb2
912ec40237eae2ed558d09103c86c41f87896eca
a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 18:57:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 9373365e5382d8135ed37acb13d23bd8
65f7057b6f24005e9175c0b4d67273bc9a2138d3
bef54e0f9d58fe31d13c93b0dee78b8e62ef24dd48c65a887133c79e2cbaf44c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=166911
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 18:57:32 GMT
Etag: "63d5591b-116"
Expires: Mon, 30 Jan 2023 17:19:23 GMT
Last-Modified: Sat, 28 Jan 2023 17:19:23 GMT
Server: nginx
Content-Length: 278
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12813
Expires: Sat, 28 Jan 2023 22:31:05 GMT
Date: Sat, 28 Jan 2023 18:57:32 GMT
Connection: keep-alive
cdn.ay.gy/static/image/header_gradient.jpg
188.114.97.1200 OK 8.9 kB URL HTTP/2 cdn.ay.gy/static/image/header_gradient.jpg
IP 188.114.97.1:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1250x370, components 3\012- data
Hash fb59af58265bb1390fb680a13aa401bd
bd8ea333c27936aa02250d4e5258d71c3faf5d14
31046d9e08a11c69776b85464fbb52bd99e83950b368c556a280cbad09e164b4
GET /static/image/header_gradient.jpg HTTP/1.1
Host: cdn.ay.gy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.ay.gy/static/css/static.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 18:57:32 GMT
content-type: image/jpeg
content-length: 8872
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:17:00 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: "22a8-5faa60e6-8ea5f64bb41938f5;;;"
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 2432
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FEvFs9W3sTwpXqLs8XpzJgyp%2BFR%2BsiwZEnFG632cvEz8vmAn5c7nb%2FAaYam2awzeFqBbgYY2B65S46Gr7%2Bljt25rE5%2FxPrHSMKNjEuM%2FwReEnNHrTjAQAfWt4cA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790bf454d98f0b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.ay.gy/static/css/static.css
188.114.97.1200 OK 11 kB URL HTTP/2 cdn.ay.gy/static/css/static.css
IP 188.114.97.1:0
File type ASCII text, with no line terminators
Hash bdcf3c0b22d873574ea9502de5e87792
feef2d201f0b49ab3ab70ac579f4dc1794d4ef7b
cf8f518298c7dab2b3a9fea040c5312ce80f86ba02d352f557f36cb9106e368d
GET /static/css/static.css HTTP/1.1
Host: cdn.ay.gy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://oaxyteek.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 18:57:32 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=420
cache-control: public, max-age=604800
etag: W/"1a4-5faa60e6-959389537b65d2c0;gz"
expires: Sat, 04 Feb 2023 18:34:40 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 1372
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QPZ%2B47n1GoigD%2FVG9X1yOG9%2BWJpC71Xt%2FmHa1MQl2CzvpYTWGnx9o%2FVdJR3Hv65uf2CNdCn3uawoUy9kMlXzmrA3ZJZ3l43exm1bVuLC3fz3EGJ65U%2BLToYb7r4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790bf454b94e0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fbcdn2.com/script/compatibility.js
104.16.218.20200 OK 4.9 kB URL HTTP/1.1 fbcdn2.com/script/compatibility.js
IP 104.16.218.20:0
File type ASCII text, with very long lines (14461), with no line terminators
Hash dfc1ef193e722034b53ecdad122950eb
0bc2035e46a7ebc8e22f06f7f4d8e6aa646c7f19
35c379bfbbac999a2ca7542c1ce9c3796f5e51ca5896b06e84fb8ddf41e0870d
GET /script/compatibility.js HTTP/1.1
Host: fbcdn2.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://oaxyteek.net/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 18:57:32 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-GUploader-UploadID: ADPycdu6SV7GZH7FqQnppnmMyP-I_uS9-WTSFBst6U-Axe1UNPYkmFJrjBPFv5QNcGeOmX1RcfMnh8Op_LSNNoqamKZ3iQ
x-goog-generation: 1655802523449377
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 14461
x-goog-hash: crc32c=COVK0Q==, md5=lGu5GSoU5trQNansgXjwcw==
x-goog-storage-class: MULTI_REGIONAL
Access-Control-Allow-Origin: *
Expires: Sat, 28 Jan 2023 22:57:32 GMT
Cache-Control: public, max-age=14400
Last-Modified: Tue, 21 Jun 2022 09:08:43 GMT
ETag: W/"946bb9192a14e6dad035a9ec8178f073"
CF-Cache-Status: HIT
Age: 33
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790bf4551b67b51d-OSL
Content-Encoding: gzip
d1nmxiiewlx627.cloudfront.net/?ixmnd=709056
54.230.245.135200 OK 36 kB URL HTTP/1.1 d1nmxiiewlx627.cloudfront.net/?ixmnd=709056
IP 54.230.245.135:0
File type Unicode text, UTF-8 text, with very long lines (15481)
Hash 5d717f6744d7366bcae877708c954211
6a19b5689d37a178b4bca16d29305140334aaad5
1840e9db4e155e5139fa5473f04a8b805f9110dbc7b3bb61271614550e0c3c03
Analyzer Verdict Alert fortinet Malware
GET /?ixmnd=709056 HTTP/1.1
Host: d1nmxiiewlx627.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://oaxyteek.net/
HTTP/1.1 200 OK
Content-Length: 36020
Connection: keep-alive
Date: Sat, 28 Jan 2023 18:57:33 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Pr1DPrZbRRRrEYsFWTTHzSuc4ZYd37Nlou94naA_zEg4sLrjOiTAIg==
push.services.mozilla.com/
35.163.1.35101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.163.1.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: nSwZzZU1T1H6KocvwsELgQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XQwQOW/I1VDpCtQzdcbdElsOzE0=
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 43a42dffd26cd02d992e866e14d8d857
4c5d34b358edebcc30a1157117496a56e9a7b620
2d68e9fb9547820c5a9d9338d3b4f9cb7ef1f29241c9ba7fd616034f6659efc8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "2D68E9FB9547820C5A9D9338D3B4F9CB7EF1F29241C9BA7FD616034F6659EFC8"
Last-Modified: Thu, 26 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7602
Expires: Sat, 28 Jan 2023 21:04:15 GMT
Date: Sat, 28 Jan 2023 18:57:33 GMT
Connection: keep-alive
onclickgenius.com/script/suurl.php?r=2984815&cbrandom=0.3030055022928151&cbiframe=0&cbWidth=1280&cbHeight=939&cbtitle=AdF.ly%20-%20Not%20Found&cbref=&cbdescription=&cbkeywords=&cbcdn=fbcdn2.com
35.190.71.96200 OK 1.5 kB URL HTTP/1.1 onclickgenius.com/script/suurl.php?r=2984815&cbrandom=0.3030055022928151&cbiframe=0&cbWidth=1280&cbHeight=939&cbtitle=AdF.ly%20-%20Not%20Found&cbref=&cbdescription=&cbkeywords=&cbcdn=fbcdn2.com
IP 35.190.71.96:0
File type ASCII text, with very long lines (5584)
Hash a1be62f4c98a0a4258e1196554587ab5
993ddd38f09632e972bb7ccc25382fbae5c16f16
4f5476dc25af46901abeeb1637cf8898044e1019146de8231d34daaf9c39d66b
GET /script/suurl.php?r=2984815&cbrandom=0.3030055022928151&cbiframe=0&cbWidth=1280&cbHeight=939&cbtitle=AdF.ly%20-%20Not%20Found&cbref=&cbdescription=&cbkeywords=&cbcdn=fbcdn2.com HTTP/1.1
Host: onclickgenius.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://oaxyteek.net/
HTTP/1.1 200 OK
Server: openresty
Date: Sat, 28 Jan 2023 18:57:33 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 google
hethisisath.xyz/MmkyZmpTC1ELVVNUUEAfQAUPQ1h0TAAgDgMHXx4DWwxFChIEWwVICV4GRwIMQAZcEkRcDEZDWHQ4UVUoQz5qMzt6HmNDWHQ6VQUwdgRgJTsCBVMEL3w/dQ4BAC5FKCR4PkFQIGcsdCAvAgJ8NyxHOXBWXmYqAjYsAlhTABJZOnoBW1k8Sj8PcT5gIzxgLH0pWlohZA5eQi5aDiR6LXsrLXA4Yi0oCi11Ix1BL3dSDnA6fwUiSh5+AC9RWGAzOEI8dyArYwAGBSJgOHQqDWg+YwoFAShkPCllBFogMmcrYgcAVj5jCgVHIXBXLWoHSiEnZD9rBzsDL2AjRwsYfFcwcT5bFS5kAn8UC3c/dT4GQh5nIyxzLWYRPXUrCzYLSCdwNyxGGWAzIHM+AR4iYxFrIiFKKGQuEnhRYBw8cD5fHghjWGsAMHc4FAwZXQdCWyUAJmRXBX9RZSMBBSBcLg
65.9.44.118200 OK 1.2 kB URL HTTP/1.1 hethisisath.xyz/MmkyZmpTC1ELVVNUUEAfQAUPQ1h0TAAgDgMHXx4DWwxFChIEWwVICV4GRwIMQAZcEkRcDEZDWHQ4UVUoQz5qMzt6HmNDWHQ6VQUwdgRgJTsCBVMEL3w/dQ4BAC5FKCR4PkFQIGcsdCAvAgJ8NyxHOXBWXmYqAjYsAlhTABJZOnoBW1k8Sj8PcT5gIzxgLH0pWlohZA5eQi5aDiR6LXsrLXA4Yi0oCi11Ix1BL3dSDnA6fwUiSh5+AC9RWGAzOEI8dyArYwAGBSJgOHQqDWg+YwoFAShkPCllBFogMmcrYgcAVj5jCgVHIXBXLWoHSiEnZD9rBzsDL2AjRwsYfFcwcT5bFS5kAn8UC3c/dT4GQh5nIyxzLWYRPXUrCzYLSCdwNyxGGWAzIHM+AR4iYxFrIiFKKGQuEnhRYBw8cD5fHghjWGsAMHc4FAwZXQdCWyUAJmRXBX9RZSMBBSBcLg
IP 65.9.44.118:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3049), with no line terminators
Hash e08cf24b50fc1d94db1c0caae47d714d
da3ab9c28e90195e6c313bb87c8b3499a425f309
3741637d008a0ab1cf2acaca6d9293cd165722307d2bc5e25805039f2370f494
GET /MmkyZmpTC1ELVVNUUEAfQAUPQ1h0TAAgDgMHXx4DWwxFChIEWwVICV4GRwIMQAZcEkRcDEZDWHQ4UVUoQz5qMzt6HmNDWHQ6VQUwdgRgJTsCBVMEL3w/dQ4BAC5FKCR4PkFQIGcsdCAvAgJ8NyxHOXBWXmYqAjYsAlhTABJZOnoBW1k8Sj8PcT5gIzxgLH0pWlohZA5eQi5aDiR6LXsrLXA4Yi0oCi11Ix1BL3dSDnA6fwUiSh5+AC9RWGAzOEI8dyArYwAGBSJgOHQqDWg+YwoFAShkPCllBFogMmcrYgcAVj5jCgVHIXBXLWoHSiEnZD9rBzsDL2AjRwsYfFcwcT5bFS5kAn8UC3c/dT4GQh5nIyxzLWYRPXUrCzYLSCdwNyxGGWAzIHM+AR4iYxFrIiFKKGQuEnhRYBw8cD5fHghjWGsAMHc4FAwZXQdCWyUAJmRXBX9RZSMBBSBcLg HTTP/1.1
Host: hethisisath.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://oaxyteek.net/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1198
Connection: keep-alive
Date: Sat, 28 Jan 2023 18:57:33 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 d661c8f821b4dd0011bb1bb50baf07c2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN54-C1
X-Amz-Cf-Id: CP9p7HooqgOWJJO-b4Fd-n5Buv9Yw-fkI9FNPnWd3_um6T1bTuyC6A==
fbcdn2.com/script/firefox.js
104.16.218.20200 OK 3.7 kB URL HTTP/1.1 fbcdn2.com/script/firefox.js
IP 104.16.218.20:0
File type ASCII text, with very long lines (11758), with no line terminators
Hash 9cec94fe431f2a287a07b6ae67093935
77cfbdf64caeabaa890e537408e66d9c3fd80cde
f803761c68ac15eaad6f0ccd84b35ac312da397359f6badf8b8c40b5df068896
GET /script/firefox.js HTTP/1.1
Host: fbcdn2.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://oaxyteek.net/
HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 18:57:33 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-GUploader-UploadID: ADPycdvH-yqjXKyaHKUPK-aQKwedkGEubqC3QMOqF_XwP5SDPhN4By_4HctypCwXqOBx7LQKpL2ZiP3qSkpfNExP2kFHWw
Expires: Sat, 28 Jan 2023 22:57:33 GMT
Cache-Control: public, max-age=14400
Last-Modified: Tue, 21 Jun 2022 09:08:59 GMT
ETag: W/"1461940cfd6093640b63b931682cce4d"
x-goog-generation: 1655802539797909
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 11758
x-goog-hash: crc32c=BzbV2Q==, md5=FGGUDP1gk2QLY7kxaCzOTQ==
x-goog-storage-class: MULTI_REGIONAL
Access-Control-Allow-Origin: *
CF-Cache-Status: HIT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 790bf4569d7ab51d-OSL
Content-Encoding: gzip
dhthrewdownth.xyz/RzYyeXJoCVEKTxFYZAETd0JaKCcjb1Q+JAVldDNXdXRoEhYEbmoOVDNfVkRFdw8CTERhRlsdT3UPFAoGJkJHCk92EFsXFCgLFA9PdhgCV0R3GANfB3oHFA0CJlEPSFQ3QkYVT3YABU1LdAQATEV3DgU
188.114.96.1204 No Content 0 B URL HTTP/2 dhthrewdownth.xyz/RzYyeXJoCVEKTxFYZAETd0JaKCcjb1Q+JAVldDNXdXRoEhYEbmoOVDNfVkRFdw8CTERhRlsdT3UPFAoGJkJHCk92EFsXFCgLFA9PdhgCV0R3GANfB3oHFA0CJlEPSFQ3QkYVT3YABU1LdAQATEV3DgU
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /RzYyeXJoCVEKTxFYZAETd0JaKCcjb1Q+JAVldDNXdXRoEhYEbmoOVDNfVkRFdw8CTERhRlsdT3UPFAoGJkJHCk92EFsXFCgLFA9PdhgCV0R3GANfB3oHFA0CJlEPSFQ3QkYVT3YABU1LdAQATEV3DgU HTTP/1.1
Host: dhthrewdownth.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://oaxyteek.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 28 Jan 2023 18:57:33 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YSa5U1Ot1S1GRlsyr7unSgjl5Ixkgm9Z0Emj0v22E83uqnFoyfhXo34%2BO0daso3qvbK58Hif88k4%2BqMTBuUi4CPlfakR%2B58VLGu4f24k%2F8LJ13XgD4OY2LPyDrUIbQ5OlLKnxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790bf457296c0b41-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.ay.gy/static/image/favicon.ico
188.114.97.1200 OK 1.1 kB URL HTTP/2 cdn.ay.gy/static/image/favicon.ico
IP 188.114.97.1:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash e3cbe64708ae336ed59ef6fd14806bcf
178ed19d9fd29ea9e2c6043d627c43659ac37739
793b196f5619c5b1ca30fc146c1d474b3325c2c11c80d81924bb7ef17f06fe75
GET /static/image/favicon.ico HTTP/1.1
Host: cdn.ay.gy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://oaxyteek.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sat, 28 Jan 2023 18:57:33 GMT
content-type: image/vnd.microsoft.icon
cache-control: public, max-age=604800
expires: Sat, 04 Feb 2023 18:17:00 GMT
last-modified: Tue, 10 Nov 2020 09:44:06 GMT
etag: W/"47e-5faa60e6-ae87f5cbe4d6cff3;;;"
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 2433
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IYwiG%2FPNyG%2BaJAk%2Fks3X22PAUVYQnjTfhZwbDR1AmLUzifcnnoYrN4yl4W0iw1FBQ9Ccuj1Q6ntlHjZShVgqJdct%2BzFPnVtIQRSS0OiqC2GtMhXeO4x90qCd6qA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790bf457ecf40b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f97d1250e7b06507dcdde98d44b58dc8
10030f7fced8691202dbf19200efd6035bf7a405
c97a128485f45c02621ea479e8619499c3336c97a8812b0cece90e150beefb0f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C97A128485F45C02621EA479E8619499C3336C97A8812B0CECE90E150BEEFB0F"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10647
Expires: Sat, 28 Jan 2023 21:55:00 GMT
Date: Sat, 28 Jan 2023 18:57:33 GMT
Connection: keep-alive
hethisisath.xyz/utx?cb=7aEV9J7jTqFX&top=oaxyteek.net&tid=709056
65.9.44.118204 No Content 0 B URL HTTP/2 hethisisath.xyz/utx?cb=7aEV9J7jTqFX&top=oaxyteek.net&tid=709056
IP 65.9.44.118:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=7aEV9J7jTqFX&top=oaxyteek.net&tid=709056 HTTP/1.1
Host: hethisisath.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://oaxyteek.net
Connection: keep-alive
Referer: http://oaxyteek.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 28 Jan 2023 18:57:33 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://oaxyteek.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sat, 28 Jan 2023 18:58:33 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 5c2d36b0430d7877f1609d99fe01caa8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: TgqByt6T7zSI8L8W5FSZetGj4Yf3j3GKG-qxFcnaJEykws3ZHLTbZw==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f97d1250e7b06507dcdde98d44b58dc8
10030f7fced8691202dbf19200efd6035bf7a405
c97a128485f45c02621ea479e8619499c3336c97a8812b0cece90e150beefb0f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C97A128485F45C02621EA479E8619499C3336C97A8812B0CECE90E150BEEFB0F"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10647
Expires: Sat, 28 Jan 2023 21:55:00 GMT
Date: Sat, 28 Jan 2023 18:57:33 GMT
Connection: keep-alive
pogothere.xyz/
172.64.106.19200 OK 29 B IP 172.64.106.19:0
File type ASCII text, with no line terminators
Hash 7237713c999881e6f26cda45d5671fc0
2910cc022487badb1717798dd46b2fcd585ec928
f1f03c7281a27795f86dedc392d59549ab819f6507e8c8a8122a115901cf3886
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://oaxyteek.net/
Origin: http://oaxyteek.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 28 Jan 2023 18:57:33 GMT
content-type: text/plain
set-cookie: csu=2015178324158510@1@1674932253; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://oaxyteek.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XxidPiA%2FM2QIkz8TcC5wyPx5HRoy%2B8A7cQ3ji%2FJ1Gkl7sZHUh7jcOUGgwmtiRvihAlUBUPT43bk%2BOT2YN5wPfT5tT9tb0b95vA8R1OckT%2B6Zl%2BEDH42pvqVWteXLoSgo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 790bf458880976ff-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-GT41R23D5L>m=2oe1p0&_p=1229758446&cid=1818487839.1674932257&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1674932256&sct=1&seg=0&dl=http%3A%2F%2Foaxyteek.net%2Fnot-found.php&dt=AdF.ly%20-%20Not%20Found&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-GT41R23D5L>m=2oe1p0&_p=1229758446&cid=1818487839.1674932257&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1674932256&sct=1&seg=0&dl=http%3A%2F%2Foaxyteek.net%2Fnot-found.php&dt=AdF.ly%20-%20Not%20Found&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-GT41R23D5L>m=2oe1p0&_p=1229758446&cid=1818487839.1674932257&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1674932256&sct=1&seg=0&dl=http%3A%2F%2Foaxyteek.net%2Fnot-found.php&dt=AdF.ly%20-%20Not%20Found&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://oaxyteek.net
Connection: keep-alive
Referer: http://oaxyteek.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://oaxyteek.net
date: Sat, 28 Jan 2023 18:57:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
d1nmxiiewlx627.cloudfront.net/Qc3BqWXUQHwQ/SgcZDmRCQ0labENVGhk2GwNNJWs6JUEFFE0kNQFuPB04TC0PF01afxkSHg1kUxYeCWREVREOO0hHVh4pGhhNHDIMGBQPKB8DGEwsFE4dBSMcHxwLfEc1RURpUEFAQi4cHRQFLgZWQlo3AVZCWmhFXUBPajdWQlouHB1GXnxGMVVYaQ1FRE-9qN1ZCWisDVkMraEVGXlpwUEFADTwWGB9PazNBQFtpRUJAW3xHQxYDKxAVHxJ8RzVBWmxbQ1YfZEQ
54.230.245.135200 OK 447 B URL HTTP/1.1 d1nmxiiewlx627.cloudfront.net/Qc3BqWXUQHwQ/SgcZDmRCQ0labENVGhk2GwNNJWs6JUEFFE0kNQFuPB04TC0PF01afxkSHg1kUxYeCWREVREOO0hHVh4pGhhNHDIMGBQPKB8DGEwsFE4dBSMcHxwLfEc1RURpUEFAQi4cHRQFLgZWQlo3AVZCWmhFXUBPajdWQlouHB1GXnxGMVVYaQ1FRE-9qN1ZCWisDVkMraEVGXlpwUEFADTwWGB9PazNBQFtpRUJAW3xHQxYDKxAVHxJ8RzVBWmxbQ1YfZEQ
IP 54.230.245.135:0
File type ASCII text, with very long lines (595), with no line terminators
Hash 8708ce5d0b8e775c621b71fd7a56a86d
4945f315aaf3bf87f1567ef593ef0230851e6b71
5be699f51c91ea476f1be5dd22e06dba214b81a9872e61934aa430295d035adf
Analyzer Verdict Alert fortinet Malware
GET /Qc3BqWXUQHwQ/SgcZDmRCQ0labENVGhk2GwNNJWs6JUEFFE0kNQFuPB04TC0PF01afxkSHg1kUxYeCWREVREOO0hHVh4pGhhNHDIMGBQPKB8DGEwsFE4dBSMcHxwLfEc1RURpUEFAQi4cHRQFLgZWQlo3AVZCWmhFXUBPajdWQlouHB1GXnxGMVVYaQ1FRE-9qN1ZCWisDVkMraEVGXlpwUEFADTwWGB9PazNBQFtpRUJAW3xHQxYDKxAVHxJ8RzVBWmxbQ1YfZEQ HTTP/1.1
Host: d1nmxiiewlx627.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://hethisisath.xyz/
HTTP/1.1 200 OK
Content-Length: 447
Connection: keep-alive
Date: Sat, 28 Jan 2023 18:57:33 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Tvnuo_DBlAfDUpJFBg8EUXHYdkUj-gY0KMDFaDEj4rP4vfdpigIz_g==
hethisisath.xyz/multi?cs=N1J5RVUAZk92YgRmQHxgB2BKc2I&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=709056&rxy=1280_1024&u=2015178324158510&agec=1674932253&fs=1&mbkb=273.972602739726&ref=http%3A%2F%2Foaxyteek.net%2Fnot-found.php&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_CPUw=1674932257586&crc=1
65.9.44.118200 OK 41 B URL HTTP/2 hethisisath.xyz/multi?cs=N1J5RVUAZk92YgRmQHxgB2BKc2I&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=709056&rxy=1280_1024&u=2015178324158510&agec=1674932253&fs=1&mbkb=273.972602739726&ref=http%3A%2F%2Foaxyteek.net%2Fnot-found.php&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_CPUw=1674932257586&crc=1
IP 65.9.44.118:0
File type ASCII text, with no line terminators
Hash 795c6cd02ff4af0445069c7480f79467
7455b40a4f4e2b4348d672f491e95c6817f7f940
86128b6fea67c80b9a710075b1381c06388a52059a73b06e6e8aa90d1daffd6a
GET /multi?cs=N1J5RVUAZk92YgRmQHxgB2BKc2I&abt=0&red=1&sm=76&k=&v=1.0.60.1&sts=0&prn=0&emb=0&tid=709056&rxy=1280_1024&u=2015178324158510&agec=1674932253&fs=1&mbkb=273.972602739726&ref=http%3A%2F%2Foaxyteek.net%2Fnot-found.php&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_CPUw=1674932257586&crc=1 HTTP/1.1
Host: hethisisath.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://oaxyteek.net
Connection: keep-alive
Referer: http://oaxyteek.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 41
date: Sat, 28 Jan 2023 18:57:33 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://oaxyteek.net
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=a3a7c573-250d-4458-bfe8-d8e6fc0d05c5
csu=2015178324158510
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 5c2d36b0430d7877f1609d99fe01caa8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: xGZWp4R9ufm3pfN9EcaYuRGhH0z8Dc5kAOdN6-NiolrPE5BVg3YQoQ==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8618
Expires: Sat, 28 Jan 2023 21:21:12 GMT
Date: Sat, 28 Jan 2023 18:57:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8618
Expires: Sat, 28 Jan 2023 21:21:12 GMT
Date: Sat, 28 Jan 2023 18:57:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8618
Expires: Sat, 28 Jan 2023 21:21:12 GMT
Date: Sat, 28 Jan 2023 18:57:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8618
Expires: Sat, 28 Jan 2023 21:21:12 GMT
Date: Sat, 28 Jan 2023 18:57:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8618
Expires: Sat, 28 Jan 2023 21:21:12 GMT
Date: Sat, 28 Jan 2023 18:57:34 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
34.120.237.76200 OK 4.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:46 GMT
age: 75648
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 79b70f1f-a157-4dd4-8743-825714195b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e9T3UGA3oAMFSlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c86695-36e60aba09c152c73b8aefcb;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 21:37:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zt4bgV2C6Wb_Ufa5mZ7-UDTfCvhXJggPJw9668v5DEmyBnWZ-aNrCg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 23:03:41 GMT
age: 71633
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0ed1a0bd725b2078b4cfe4ed83877901
62493ca03be9870aac2341e033611a6d56bd322a
706e84bc63fd98acaeb72789239af3210ae6e3910e6589d92a25899dc9059dfc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdeb12df7-074b-4044-bdbe-0e07bccbc8e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12397
x-amzn-requestid: e8436997-696d-483a-b03a-a84e7ca614ea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_T5HbzoAMFXsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445b2-1c2ccd0a187d0a3e2f6a59cc;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:44:18 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lmLHc8fKQYUpq9B-GyOQ0FKzhxi0ToTEPA7cu6JnQftgDFDNV8USvw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:37 GMT
etag: "62493ca03be9870aac2341e033611a6d56bd322a"
content-type: image/jpeg
age: 75657
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea24bcba583bd8bd139559448a343e68
b9d37c2b14f890d41983a59f352e8f7caa9c94bb
e5ef5975eec964ae1684deb424f00833f2d217bdc7e6c385320ed3adeb6bc1c4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7585
x-amzn-requestid: bfb52acb-e0d7-482d-8be9-be5db1c16cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkE5roAMF0Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-2d38d314177e0ac40d4c8240;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: K9YWM9eaEc1DQ6wtEEuADnG1U-ahRBXDaiHIAm20dkWMOxPWBlJidw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:46:13 GMT
age: 72681
etag: "b9d37c2b14f890d41983a59f352e8f7caa9c94bb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c982569d070f24dba1259603091c22e3
0f93acb5bee53670cc4ef486922f7333d96a2f4e
9a5a2d8a181a763ee6f60c27b396a0e3d7b1527e5177b2aff8d511db250753ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ed7c466-ac98-4e05-89cf-f0abf56e8d98.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4975
x-amzn-requestid: 633350b7-4686-40d5-8c9d-3c097f8e2d34
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-EBGuaoAMFbSw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443b3-4201212c1a0eb2a65d3f494c;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: M4VR-I89SGD0-FLzHhZ88PJJJmdWTEi0UrBnAmCBCQAdjRsssqnSzw==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:49:06 GMT
age: 76108
etag: "0f93acb5bee53670cc4ef486922f7333d96a2f4e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b4afa01d2ffe17f8378e4c0b5afd4608
f5c7e2137efa07a207427a6b6fe1df541f85ea25
84fc0c05d25d674b5594b54720017332b86d391f66c7136d76cfce3e884e8e12
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13375
x-amzn-requestid: 372fcbe8-85a1-4be2-a006-31fb9289c5e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-CxF6BoAMFyGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443ab-4b9860545c612cc416cbe599;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: otEuPlfCL7DeVwGZiGJuMjxjVyGdMwxPWeCz5T_mpXboi-oRujKhBw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:48:58 GMT
age: 76116
etag: "f5c7e2137efa07a207427a6b6fe1df541f85ea25"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.106.19200 OK 0 B IP 172.64.106.19:0
Analyzer Verdict Alert quad9 Sinkholed
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://oaxyteek.net/
Origin: http://oaxyteek.net
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 28 Jan 2023 18:57:33 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://oaxyteek.net
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 6156
last-modified: Sat, 28 Jan 2023 17:14:57 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9RhmIV%2BHN4u6BPeYZspa33oz99xASBzvP74JLv2W178el69DSwybrYgP2UpNeR4D4RvywUNS7KYPz4b%2FyuAfOsnSRgSCrclAH5PuoSfIP9IV57zSlxJjRkFRus5zdDkc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 790bf458a84176ff-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2