Report - www.oxid.it/downloads/ca

Report Overview

Visited public
2025-05-12 12:41:44
Tags
Submit Tags
URL
www.oxid.it/downloads/ca_setup.exe
Finishing URL
blushtales.com/
IP / ASN
139.162.174.209
#63949 Akamai Connected Cloud
Title
Blush Stories | Intimate Stories

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ppb-eu.6zo3f1m226.com	unknown	unknown	No data	No data	726 B	1.4 kB	157.90.219.248
live.onlidex.com	unknown	2024-08-12	2025-05-09	2025-05-09	588 B	13 kB	173.239.53.32
push.pushub.net	unknown	2020-09-29	2022-10-10	2025-05-09	564 B	210 B	173.239.53.36
www.oxid.it	unknown	2019-08-09	2012-05-21	2025-04-22	1.9 kB	31 kB	139.162.174.209
click-v4.mainexpclkdir.com	unknown	2025-02-10	2025-04-01	2025-05-08	552 B	13 kB	198.134.116.17
static.pushub.net	55300	2020-09-29	2020-10-22	2025-05-12	1.3 kB	50 kB	23.36.77.89
xml-v4.pushub.net	unknown	2020-09-29	2022-11-09	2025-05-09	2.5 kB	144 kB	173.239.53.32
xml.pushub.net	25790	2020-09-29	2020-10-13	2025-05-09	613 B	641 B	173.239.53.32
blushtales.com	unknown	2025-04-08	2025-05-09	2025-05-09	2.7 kB	401 kB	161.35.252.241
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2025-05-07	977 B	244 kB	151.101.193.229
eu.6zo3f1m226.com	unknown	unknown	No data	No data	480 B	1.4 kB	157.90.84.36

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-12	medium	6zo3f1m226.com	Sinkholed
2025-05-12	medium	6zo3f1m226.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (11)

	URL	From	Size	First Seen	Last Seen
	www.oxid.it/_static/deliver.js?nonce=3498571	ScriptElement	26 kB	2025-04-28	2025-05-15
Pretty URL www.oxid.it/_static/deliver.js?nonce=3498571 IP 139.162.174.209 ASN #63949 Akamai Connected Cloud Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-28 17:43 Last Seen2025-05-15 13:01 Times Seen33 Hash e88db5a595908543019e5c60b5584c9a 1ede61696f18d09dbb4b1f8a68fb42dc07533f2d 565a4ffddb2d710120a63dd41397541bd8b3af72a01d71d70c7b5830bee58ceb Loading...

	live.onlidex.com/filter?q=oxid.it&i=XUK3m41SjTU_0&ci=3218282228836241380&t=1862979742&h=2	ScriptElement	11 kB	2025-05-12	2025-05-12
Pretty URL live.onlidex.com/filter?q=oxid.it&i=XUK3m41SjTU_0&ci=3218282228836241380&t=1862979742&h=2 IP 173.239.53.32 ASN #27257 WEBAIR-INTERNET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-12 12:41 Last Seen2025-05-12 12:41 Times Seen1 Hash 8a5c65abfa8a31255b7b760a1efab823 3790754fa40564b65a34100dce66c304e3b9d931 d78c27907c11acb551aa1080626994cfe7bf7dcdb5633b7eb8e97d1377f86e1e Loading...

	static.pushub.net/tabu/display.js	ScriptElement	9.4 kB	2023-03-09	2025-07-03
Pretty URL static.pushub.net/tabu/display.js IP 23.36.77.89 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 04:18 Last Seen2025-07-03 08:57 Times Seen56 Hash c531a26fc9de6122a6baef2b579e2d6e 4e547a82f87bef26694a4c3a61a36d2dc23e103c 84227a11ec4ee5a8c2100d35ccf2a59e4a0c179e2001be708e6ea03461c99039 Loading...

	cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js	ScriptElement	78 kB	2023-03-07	2025-07-16
Pretty URL cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js IP 151.101.193.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06 Last Seen2025-07-16 04:20 Times Seen6247 Hash 7ccd9d390d31af98110f74f842ea9b32 a85e681624c91a106a514c31eacf80de817b2cc3 f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3 Loading...

	blushtales.com/	ScriptElement	670 B	2025-05-09	2025-05-17
Pretty URL blushtales.com/ IP 161.35.252.241 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-09 22:57 Last Seen2025-05-17 07:03 Times Seen3 Hash 89ad1712b483e22e8b721fdcb624f9b9 0852c9517e1971ce9225b650b730b4e00a2e075e 26cd94a5b0811428097ca85b525d2586238438f00f7c1a5bb0a1cd6dfeab1ac1 Loading...

	static.pushub.net/webpush/scripts/v1.2/webpush.js	ScriptElement	26 kB	2024-09-24	2025-05-17
Pretty URL static.pushub.net/webpush/scripts/v1.2/webpush.js IP 23.36.77.89 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-24 04:44 Last Seen2025-05-17 07:03 Times Seen33 Hash 0288b26dcf4528d8c74e33281a7cb7e7 926907e3d1c919adc513628d9aca882c4d993e5e a197f0c64431a29086a11493456b4c3cf317d1934b32acb5b0565578e0e8bd4f Loading...

	live.onlidex.com/filter?q=oxid.it&i=XUK3m41SjTU_0&ci=3218282228836241380&t=1862979742&h=2	EventHandler	17 B	2023-04-20	2025-07-16
Pretty URL live.onlidex.com/filter?q=oxid.it&i=XUK3m41SjTU_0&ci=3218282228836241380&t=1862979742&h=2 IP 173.239.53.32 ASN #27257 WEBAIR-INTERNET Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-20 03:27 Last Seen2025-07-16 06:33 Times Seen802 Hash 56f2e798b912606f085d36f4927629c4 1b3407d3895ab71d08daa9f19e216a8ba79f6394 229b43e4b5960428f468c286c539416a8729af10cb0387b28a29da78b4fc66db Loading...

	blushtales.com/assets/js/script.js	ScriptElement	201 B	2025-05-09	2025-05-17
Pretty URL blushtales.com/assets/js/script.js IP 161.35.252.241 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-09 22:57 Last Seen2025-05-17 07:03 Times Seen3 Hash dc3bc0032c09b33b044cf221a5320322 a0a4178870a02fbcb69a73ddb83138b035b622ae 1ab212f27c66c1fb25bf3842e115ece0fb2ce31f09d97c394bf7bef77ae9bc97 Loading...

	blushtales.com/	ScriptElement	534 B	2025-05-09	2025-05-17
Pretty URL blushtales.com/ IP 161.35.252.241 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-09 22:57 Last Seen2025-05-17 07:03 Times Seen3 Hash 07b5544b2f55b32d3ef68f2e82bbeaaa 0330911193f1673f6d61a2435e3d8f2d6f3048c2 317ebf6f5875ee377087c4a7b5f348c96f6d5b538b441a0155d1b43f07c2a57c Loading...

	blushtales.com/	ScriptElement	167 B	2025-05-09	2025-05-17
Pretty URL blushtales.com/ IP 161.35.252.241 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-09 22:57 Last Seen2025-05-17 07:03 Times Seen3 Hash 773c26a5bcc3c25143b1013cc09080c1 be4334cc0d413f647897a047616f7ad65392e816 761b622066d6ca56c03de1863c95a45919ea7441ed609ddf6abc7e69b5b7a6a6 Loading...

	static.pushub.net/inpage/inpage.js	ScriptElement	13 kB	2023-03-10	2025-07-15
Pretty URL static.pushub.net/inpage/inpage.js IP 23.36.77.89 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 14:20 Last Seen2025-07-15 05:36 Times Seen47 Hash 5910e494b34694553906c84adbf11b84 abcc4dad695e8dbbcb817d6c69048001b6e58f36 be9ce430b5c00ab65a0ab52c4a3e3b2e764a2da413b1b83986e59ce810678f2c Loading...

HTTP Transactions (24)

URL IP Response Size

GET www.oxid.it/_static/deliver.js?nonce=3498571

139.162.174.209

200 OK

26 kB

URL GET
www.oxid.it/_static/deliver.js?nonce=3498571
IP
139.162.174.209:443
ASN
#63949 Akamai Connected Cloud

Requested by
https://www.oxid.it/downloads/ca_setup.exe
Certificate
IssuerLet's Encrypt
Subjectoxid.it
FingerprintFF:5E:1C:DC:BF:B8:27:B0:62:F0:21:04:65:53:01:AA:0D:CC:57:AB
ValidityMon, 07 Apr 2025 15:20:49 GMT - Sun, 06 Jul 2025 15:20:48 GMT

File type
C++ source, ASCII text
Size
26 kB (25730 bytes)
Hash
e88db5a595908543019e5c60b5584c9a
1ede61696f18d09dbb4b1f8a68fb42dc07533f2d
565a4ffddb2d710120a63dd41397541bd8b3af72a01d71d70c7b5830bee58ceb

HTTP Headers

GET /_static/deliver.js?nonce=3498571 HTTP/1.1
Host: www.oxid.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.oxid.it/downloads/ca_setup.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty/1.27.1.2
date: Mon, 12 May 2025 12:41:11 GMT
content-type: application/javascript
last-modified: Mon, 28 Apr 2025 15:32:51 GMT
vary: Accept-Encoding
etag: W/"680f9fa3-6482"
strict-transport-security: max-age=0; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

GET click-v4.mainexpclkdir.com/click?i=bchSWtQUgQ4_0&rc=1

198.134.116.17

302 Found

13 kB

URL User Request GET
click-v4.mainexpclkdir.com/click?i=bchSWtQUgQ4_0&rc=1
IP
198.134.116.17:443
ASN
#27257 WEBAIR-INTERNET

Certificate
IssuerLet's Encrypt
Subjectmainexpclkdir.com
Fingerprint39:14:9C:F0:1F:7A:A4:27:37:81:A8:F3:FA:6F:0F:57:1B:4D:F0:62
ValidityFri, 11 Apr 2025 06:42:36 GMT - Thu, 10 Jul 2025 06:42:35 GMT

File type

Size
13 kB (12982 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?i=bchSWtQUgQ4_0&rc=1 HTTP/1.1
Host: click-v4.mainexpclkdir.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.oxid.it/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Mon, 12 May 2025 12:41:12 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Set-Cookie: x3332619=1019660882; Domain=.pushub.net
Location: https://live.onlidex.com/filter?q=oxid.it&i=XUK3m41SjTU_0&ci=3218282228836241380&t=1862979742&h=2

GET blushtales.com/assets/js/script.js

161.35.252.241

200 OK

201 B

URL GET
blushtales.com/assets/js/script.js
IP
161.35.252.241:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://blushtales.com/
Certificate
IssuerLet's Encrypt
Subjectblushtales.com
FingerprintF4:6A:9E:52:AC:54:BE:0E:62:03:E0:30:11:E7:90:55:99:0E:67:54
ValidityTue, 08 Apr 2025 14:15:03 GMT - Mon, 07 Jul 2025 14:15:02 GMT

File type
ASCII text
Size
201 B (201 bytes)
Hash
dc3bc0032c09b33b044cf221a5320322
a0a4178870a02fbcb69a73ddb83138b035b622ae
1ab212f27c66c1fb25bf3842e115ece0fb2ce31f09d97c394bf7bef77ae9bc97

HTTP Headers

GET /assets/js/script.js HTTP/1.1
Host: blushtales.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blushtales.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Mon, 12 May 2025 12:41:15 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-powered-by: Express
cache-control: public, max-age=0
last-modified: Tue, 08 Apr 2025 15:15:33 GMT
etag: W/"c9-19615f89095"
content-encoding: gzip
X-Firefox-Spdy: h2

GET static.pushub.net/webpush/scripts/v1.2/webpush.js

23.36.77.89

200 OK

26 kB

URL GET
static.pushub.net/webpush/scripts/v1.2/webpush.js
IP
23.36.77.89:443
ASN
#20940 Akamai International B.V.

Requested by
https://blushtales.com/
Certificate
IssuerLet's Encrypt
Subjectstatic.pushub.net
FingerprintBD:83:2F:A4:B5:2F:6D:29:07:A7:90:61:DF:7D:4E:1F:E8:22:33:EE
ValidityTue, 22 Apr 2025 08:29:44 GMT - Mon, 21 Jul 2025 08:29:43 GMT

File type
JavaScript source, ASCII text, with very long lines (25904)
Size
26 kB (25971 bytes)
Hash
0288b26dcf4528d8c74e33281a7cb7e7
926907e3d1c919adc513628d9aca882c4d993e5e
a197f0c64431a29086a11493456b4c3cf317d1934b32acb5b0565578e0e8bd4f

HTTP Headers

GET /webpush/scripts/v1.2/webpush.js HTTP/1.1
Host: static.pushub.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blushtales.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/javascript
Content-Length: 25971
Last-Modified: Tue, 28 May 2024 13:10:15 GMT
ETag: "6655d7b7-6573"
Accept-Ranges: bytes
Cache-Control: max-age=23677
Expires: Mon, 12 May 2025 19:15:52 GMT
Date: Mon, 12 May 2025 12:41:15 GMT
Connection: keep-alive
X-Forward-Proto: http
CDN-Origin-Protocol: HTTP

GET xml-v4.pushub.net/pixel?i=ZUJIQp*Gu5Q_0

173.239.53.32

200 OK

42 B

URL GET
xml-v4.pushub.net/pixel?i=ZUJIQp*Gu5Q_0
IP
173.239.53.32:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://blushtales.com/
Certificate
IssuerLet's Encrypt
Subjectpushub.net
FingerprintDC:CE:16:E3:1B:09:87:2A:69:71:6C:96:DB:ED:AF:F9:8D:0B:E5:0F
ValidityTue, 29 Apr 2025 06:54:01 GMT - Mon, 28 Jul 2025 06:54:00 GMT

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pixel?i=ZUJIQp*Gu5Q_0 HTTP/1.1
Host: xml-v4.pushub.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blushtales.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 May 2025 12:41:16 GMT
Content-Type: image/gif
Content-Length: 42
Connection: keep-alive
Cache-Control: no-store

GET xml.pushub.net/search?feed=778566&auth=34VEZr&subid=blushtales&url=https%3A%2F%2Fblushtales.com&query=blushtales&image_size=0x0&icon_size=0x0&ua=caller&user_ip=caller&format=json&lang=caller&count=2

173.239.53.32

200 OK

360 B

URL GET
xml.pushub.net/search?feed=778566&auth=34VEZr&subid=blushtales&url=https%3A%2F%2Fblushtales.com&query=blushtales&image_size=0x0&icon_size=0x0&ua=caller&user_ip=caller&format=json&lang=caller&count=2
IP
173.239.53.32:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://blushtales.com/
Certificate
IssuerLet's Encrypt
Subjectpushub.net
FingerprintDC:CE:16:E3:1B:09:87:2A:69:71:6C:96:DB:ED:AF:F9:8D:0B:E5:0F
ValidityTue, 29 Apr 2025 06:54:01 GMT - Mon, 28 Jul 2025 06:54:00 GMT

File type
JSON text data
Size
360 B (360 bytes)
Hash
ad56546d13b1fc2309993ce4016663e9
b8d407bbe95c0791e4767d1430c2e6630eef09a8
e2c9ae5ac2cdceecc75faad103e6720bee5edeb320c9c7a80968a2aeae54d9bf

HTTP Headers

GET /search?feed=778566&auth=34VEZr&subid=blushtales&url=https%3A%2F%2Fblushtales.com&query=blushtales&image_size=0x0&icon_size=0x0&ua=caller&user_ip=caller&format=json&lang=caller&count=2 HTTP/1.1
Host: xml.pushub.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blushtales.com
DNT: 1
Connection: keep-alive
Referer: https://blushtales.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 May 2025 12:41:15 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 360
Connection: keep-alive
Access-Control-Allow-Origin: https://blushtales.com
Cache-Control: no-store
Access-Control-Allow-Credentials: true

GET ppb-eu.6zo3f1m226.com/?bid_id=287864b0-3294-4ce9-8921-c17cddeaeb58&bid_req_id=ebfbd9ba-f211-41af-a82f-ad62f0d61086&imp_id=a3170877-48f0-4e95-9bf9-827cd71f6f6b&iu=NB2HI4DTHIXS6ZLVFY3HU3ZTMYYW2MRSGYXGG33NF5UW2YLHMVZS6MTFF5QTGLZSMVQTGNRQMM2C2ZTGMY2S2NBXMY3C2YJUGJTC2ZJRMRRWIMJUMQZWENDFFZ3WKYTQ&price=0.0004224942531436682

157.90.219.248

302 Found

950 B

URL GET
ppb-eu.6zo3f1m226.com/?bid_id=287864b0-3294-4ce9-8921-c17cddeaeb58&bid_req_id=ebfbd9ba-f211-41af-a82f-ad62f0d61086&imp_id=a3170877-48f0-4e95-9bf9-827cd71f6f6b&iu=NB2HI4DTHIXS6ZLVFY3HU3ZTMYYW2MRSGYXGG33NF5UW2YLHMVZS6MTFF5QTGLZSMVQTGNRQMM2C2ZTGMY2S2NBXMY3C2YJUGJTC2ZJRMRRWIMJUMQZWENDFFZ3WKYTQ&price=0.0004224942531436682
IP
157.90.219.248:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://blushtales.com/
Certificate
IssuerLet's Encrypt
Subject6zo3f1m226.com
Fingerprint82:8C:20:A1:01:C1:36:A0:B3:78:75:B2:37:04:35:09:48:A2:70:8D
ValidityTue, 01 Apr 2025 08:34:01 GMT - Mon, 30 Jun 2025 08:34:00 GMT

File type

Size
950 B (950 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?bid_id=287864b0-3294-4ce9-8921-c17cddeaeb58&bid_req_id=ebfbd9ba-f211-41af-a82f-ad62f0d61086&imp_id=a3170877-48f0-4e95-9bf9-827cd71f6f6b&iu=NB2HI4DTHIXS6ZLVFY3HU3ZTMYYW2MRSGYXGG33NF5UW2YLHMVZS6MTFF5QTGLZSMVQTGNRQMM2C2ZTGMY2S2NBXMY3C2YJUGJTC2ZJRMRRWIMJUMQZWENDFFZ3WKYTQ&price=0.0004224942531436682 HTTP/1.1
Host: ppb-eu.6zo3f1m226.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://blushtales.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.27.4
Date: Mon, 12 May 2025 12:41:16 GMT
Content-Length: 0
Connection: keep-alive
Location: https://eu.6zo3f1m226.com/images/2e/a3/2ea360c4-fff5-47f6-a42f-e1dcd14d3b4e.webp
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, HEAD, PATCH
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin,Content-Type,Accept,Authorization,X-Requested-With

GET www.oxid.it/downloads/ca_setup.exe

139.162.174.209

200 OK

3.3 kB

URL User Request GET
www.oxid.it/downloads/ca_setup.exe
IP
139.162.174.209:443
ASN
#63949 Akamai Connected Cloud

Certificate
IssuerLet's Encrypt
Subjectoxid.it
FingerprintFF:5E:1C:DC:BF:B8:27:B0:62:F0:21:04:65:53:01:AA:0D:CC:57:AB
ValidityMon, 07 Apr 2025 15:20:49 GMT - Sun, 06 Jul 2025 15:20:48 GMT

File type
HTML document, ASCII text
Size
3.3 kB (3264 bytes)
Hash
f5c65ea8a5aa0fae6570a9cc967c86cc
7bc02283e2e4ce707df4149a55dd6f5b2aaff0f7
4a19a8785c734b157b14fc81481f00802621300d56da966300a77724e48960bd

HTTP Headers

GET /downloads/ca_setup.exe HTTP/1.1
Host: www.oxid.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty/1.27.1.2
date: Mon, 12 May 2025 12:41:11 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

GET live.onlidex.com/filter?q=oxid.it&i=XUK3m41SjTU_0&ci=3218282228836241380&t=1862979742&h=2

173.239.53.32

200 OK

13 kB

URL User Request GET
live.onlidex.com/filter?q=oxid.it&i=XUK3m41SjTU_0&ci=3218282228836241380&t=1862979742&h=2
IP
173.239.53.32:443
ASN
#27257 WEBAIR-INTERNET

Certificate
IssuerLet's Encrypt
Subjectonlidex.com
FingerprintA5:04:55:27:65:82:33:F8:07:34:79:EF:EB:24:8F:C6:BC:76:8E:E9
ValidityThu, 10 Apr 2025 06:44:58 GMT - Wed, 09 Jul 2025 06:44:57 GMT

File type
HTML document, ASCII text, with very long lines (594)
Size
13 kB (12982 bytes)
Hash
5df1e89aa077bb1feb2b41a63f146daf
e91967ccb48b05b1bfa4b6f47bdf809c71e77d3b
c0b3c4ff95bdb00aa3bdc7f2f98fb9f38eb9c701e8f1eda198fc0124219b7ff9

HTTP Headers

GET /filter?q=oxid.it&i=XUK3m41SjTU_0&ci=3218282228836241380&t=1862979742&h=2 HTTP/1.1
Host: live.onlidex.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.oxid.it/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 May 2025 12:41:13 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 12982
Connection: keep-alive
Cache-Control: no-store
Set-Cookie: c-1471362548=-1019660882
x3332619=1019660882; Domain=.onlidex.com
Referrer-Policy: unsafe-url

GET cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css

151.101.193.229

200 OK

164 kB

URL GET
cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://blushtales.com/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C
ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT

File type
Unicode text, UTF-8 text, with very long lines (65306)
Size
164 kB (163873 bytes)
Hash
94994c66fec8c3468b269dc0cc242151
ec16bd19bf4ae9bc2e2336ac409a503bbbdaacad
62f74b1cf824a89f03554c638e719594c309b4d8a627a758928c0516fa7890ab

HTTP Headers

GET /npm/bootstrap@5.1.3/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blushtales.com
DNT: 1
Connection: keep-alive
Referer: https://blushtales.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.1.3
x-jsd-version-type: version
etag: W/"28021-7Ba9Gb9K6bwuIzasQJpQO7varK0"
content-encoding: br
accept-ranges: bytes
date: Mon, 12 May 2025 12:41:15 GMT
age: 3815944
x-served-by: cache-fra-etou8220101-FRA, cache-hel1410034-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 20842
X-Firefox-Spdy: h2

GET blushtales.com/assets/images/hero.jpg

161.35.252.241

200 OK

236 kB

URL GET
blushtales.com/assets/images/hero.jpg
IP
161.35.252.241:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://blushtales.com/
Certificate
IssuerLet's Encrypt
Subjectblushtales.com
FingerprintF4:6A:9E:52:AC:54:BE:0E:62:03:E0:30:11:E7:90:55:99:0E:67:54
ValidityTue, 08 Apr 2025 14:15:03 GMT - Mon, 07 Jul 2025 14:15:02 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1440x500, components 3
Size
236 kB (236052 bytes)
Hash
d79cfc1829cc315b659b81d55d5d2424
da0091e12b20eec02e84b2e1bcf47481b398f6d8
da675103d97d857d41d489c68aecb75e6d71d60f9abe19fb742b6b6060b22a2e

HTTP Headers

GET /assets/images/hero.jpg HTTP/1.1
Host: blushtales.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blushtales.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Mon, 12 May 2025 12:41:15 GMT
content-type: image/jpeg
content-length: 236052
x-powered-by: Express
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Tue, 08 Apr 2025 15:15:33 GMT
etag: W/"39a14-19615f89095"
X-Firefox-Spdy: h2

GET cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js

151.101.193.229

200 OK

78 kB

URL GET
cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://blushtales.com/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C
ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT

File type
JavaScript source, ASCII text, with very long lines (65299)
Size
78 kB (78129 bytes)
Hash
7ccd9d390d31af98110f74f842ea9b32
a85e681624c91a106a514c31eacf80de817b2cc3
f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3

HTTP Headers

GET /npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://blushtales.com
DNT: 1
Connection: keep-alive
Referer: https://blushtales.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.1.3
x-jsd-version-type: version
etag: W/"13131-qF5oFiTJGhBqUUwx6s+A3oF7LMM"
content-encoding: br
accept-ranges: bytes
date: Mon, 12 May 2025 12:41:15 GMT
age: 3579389
x-served-by: cache-fra-etou8220091-FRA, cache-hel1410034-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 22075
X-Firefox-Spdy: h2

GET static.pushub.net/tabu/display.js

23.36.77.89

200 OK

9.4 kB

URL GET
static.pushub.net/tabu/display.js
IP
23.36.77.89:443
ASN
#20940 Akamai International B.V.

Requested by
https://blushtales.com/
Certificate
IssuerLet's Encrypt
Subjectstatic.pushub.net
FingerprintBD:83:2F:A4:B5:2F:6D:29:07:A7:90:61:DF:7D:4E:1F:E8:22:33:EE
ValidityTue, 22 Apr 2025 08:29:44 GMT - Mon, 21 Jul 2025 08:29:43 GMT

File type
JavaScript source, ASCII text, with very long lines (9325)
Size
9.4 kB (9378 bytes)
Hash
c531a26fc9de6122a6baef2b579e2d6e
4e547a82f87bef26694a4c3a61a36d2dc23e103c
84227a11ec4ee5a8c2100d35ccf2a59e4a0c179e2001be708e6ea03461c99039

HTTP Headers

GET /tabu/display.js HTTP/1.1
Host: static.pushub.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blushtales.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/javascript
Content-Length: 9378
Last-Modified: Tue, 08 Nov 2022 10:04:25 GMT
ETag: "636a29a9-24a2"
Accept-Ranges: bytes
Cache-Control: max-age=17675
Expires: Mon, 12 May 2025 17:35:50 GMT
Date: Mon, 12 May 2025 12:41:15 GMT
Connection: keep-alive
X-Forward-Proto: http
CDN-Origin-Protocol: HTTP

GET www.oxid.it/apple-touch-icon.png

139.162.174.209

404 Not Found

159 B

URL GET
www.oxid.it/apple-touch-icon.png
IP
139.162.174.209:443
ASN
#63949 Akamai Connected Cloud

Requested by
https://www.oxid.it/downloads/ca_setup.exe
Certificate
IssuerLet's Encrypt
Subjectoxid.it
FingerprintFF:5E:1C:DC:BF:B8:27:B0:62:F0:21:04:65:53:01:AA:0D:CC:57:AB
ValidityMon, 07 Apr 2025 15:20:49 GMT - Sun, 06 Jul 2025 15:20:48 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
159 B (159 bytes)
Hash
1620e905665c273e91a8cb2a00df1509
e0ea169369ad349affad0f6d41987a73fea0280f
5a41c6b1c3d5061adbd15744312c919ee4a639abc0572a2927b06838bec1a6ed

HTTP Headers

GET /apple-touch-icon.png HTTP/1.1
Host: www.oxid.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.oxid.it/downloads/ca_setup.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: openresty/1.27.1.2
date: Mon, 12 May 2025 12:41:11 GMT
content-type: text/html
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

GET xml-v4.pushub.net/click2?i=XUK3m41SjTU_0&ci=3218282228836241380&j=rv%3Db%26ss%3D1280x1024%26ws%3D1280x1024%26wp%3D0x0%26ce%3D1%26ck%3Djc%26cv%3D5357%26cs%3D1%26fr%3D0%26hc%3D0%26fl%3Dnull%26jv%3Dnull%26sc%3D24%26hr%3D3%26rf%3Dwww.oxid.it%26lo%3Dlive.onlidex.com%26mb%3D0%26hb%3D1%26pl%3DLinux%2Bx86_64%26ua%3DMozilla%252F5.0%2B%28Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%253B%2Brv%253A134.0%29%2BGecko%252F20100101%2BFirefox%252F134.0%26nd%3D0%26to%3Dnull%26wbd%3D1%26wbde%3D0%26sqm%3D0%26phj%3D0%26nmj%3D0%26sln%3D0%26es%3D0%26ln%3Den-US%252Cen%26lnl%3D2%26hsc%3D0%26frc%3D0%26dbt%3D0%26prb%3D20100101%26tz%3D0%26hid%3D0%26mq%3D1%26bch%3D%26blv%3D%26my%3D%26geo%3D%26thx%3D0%26the%3D0%26ths%3D0%26cpc%3D%26ocp%3DLinux%2Bx86_64%26hwc%3D48%26hrl%3D%26acd%3Dpmpmm%26vcd%3Dppp%26pal%3D5%26pai%3D1%26pli%3D1%26win%3D1280x1024%26wout%3D1280x1024%26wpof%3D0x0%26bcld%3D1264x19%26scrp%3D0x0%26scrad%3D1280x1024%26spd%3D24%26pxr%3D1%26sck%3D1%26ckl%3D54%26sls%3D1%26sss%3D1%26six%3D1%26sdb%3D0%26vvr%3DMesa%26vrd%3Dllvmpipe%26pnt%3Dprompt%26cnvs%3D7f7f7f80%26mmd_ao%3D0%26mmd_ai%3D0%26mmd_vi%3D0

173.239.53.32

302 Found

142 kB

URL User Request GET
xml-v4.pushub.net/click2?i=XUK3m41SjTU_0&ci=3218282228836241380&j=rv%3Db%26ss%3D1280x1024%26ws%3D1280x1024%26wp%3D0x0%26ce%3D1%26ck%3Djc%26cv%3D5357%26cs%3D1%26fr%3D0%26hc%3D0%26fl%3Dnull%26jv%3Dnull%26sc%3D24%26hr%3D3%26rf%3Dwww.oxid.it%26lo%3Dlive.onlidex.com%26mb%3D0%26hb%3D1%26pl%3DLinux%2Bx86_64%26ua%3DMozilla%252F5.0%2B%28Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%253B%2Brv%253A134.0%29%2BGecko%252F20100101%2BFirefox%252F134.0%26nd%3D0%26to%3Dnull%26wbd%3D1%26wbde%3D0%26sqm%3D0%26phj%3D0%26nmj%3D0%26sln%3D0%26es%3D0%26ln%3Den-US%252Cen%26lnl%3D2%26hsc%3D0%26frc%3D0%26dbt%3D0%26prb%3D20100101%26tz%3D0%26hid%3D0%26mq%3D1%26bch%3D%26blv%3D%26my%3D%26geo%3D%26thx%3D0%26the%3D0%26ths%3D0%26cpc%3D%26ocp%3DLinux%2Bx86_64%26hwc%3D48%26hrl%3D%26acd%3Dpmpmm%26vcd%3Dppp%26pal%3D5%26pai%3D1%26pli%3D1%26win%3D1280x1024%26wout%3D1280x1024%26wpof%3D0x0%26bcld%3D1264x19%26scrp%3D0x0%26scrad%3D1280x1024%26spd%3D24%26pxr%3D1%26sck%3D1%26ckl%3D54%26sls%3D1%26sss%3D1%26six%3D1%26sdb%3D0%26vvr%3DMesa%26vrd%3Dllvmpipe%26pnt%3Dprompt%26cnvs%3D7f7f7f80%26mmd_ao%3D0%26mmd_ai%3D0%26mmd_vi%3D0
IP
173.239.53.32:443
ASN
#27257 WEBAIR-INTERNET

Certificate
IssuerLet's Encrypt
Subjectpushub.net
FingerprintDC:CE:16:E3:1B:09:87:2A:69:71:6C:96:DB:ED:AF:F9:8D:0B:E5:0F
ValidityTue, 29 Apr 2025 06:54:01 GMT - Mon, 28 Jul 2025 06:54:00 GMT

File type

Size
142 kB (142079 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click2?i=XUK3m41SjTU_0&ci=3218282228836241380&j=rv%3Db%26ss%3D1280x1024%26ws%3D1280x1024%26wp%3D0x0%26ce%3D1%26ck%3Djc%26cv%3D5357%26cs%3D1%26fr%3D0%26hc%3D0%26fl%3Dnull%26jv%3Dnull%26sc%3D24%26hr%3D3%26rf%3Dwww.oxid.it%26lo%3Dlive.onlidex.com%26mb%3D0%26hb%3D1%26pl%3DLinux%2Bx86_64%26ua%3DMozilla%252F5.0%2B%28Windows%2BNT%2B10.0%253B%2BWin64%253B%2Bx64%253B%2Brv%253A134.0%29%2BGecko%252F20100101%2BFirefox%252F134.0%26nd%3D0%26to%3Dnull%26wbd%3D1%26wbde%3D0%26sqm%3D0%26phj%3D0%26nmj%3D0%26sln%3D0%26es%3D0%26ln%3Den-US%252Cen%26lnl%3D2%26hsc%3D0%26frc%3D0%26dbt%3D0%26prb%3D20100101%26tz%3D0%26hid%3D0%26mq%3D1%26bch%3D%26blv%3D%26my%3D%26geo%3D%26thx%3D0%26the%3D0%26ths%3D0%26cpc%3D%26ocp%3DLinux%2Bx86_64%26hwc%3D48%26hrl%3D%26acd%3Dpmpmm%26vcd%3Dppp%26pal%3D5%26pai%3D1%26pli%3D1%26win%3D1280x1024%26wout%3D1280x1024%26wpof%3D0x0%26bcld%3D1264x19%26scrp%3D0x0%26scrad%3D1280x1024%26spd%3D24%26pxr%3D1%26sck%3D1%26ckl%3D54%26sls%3D1%26sss%3D1%26six%3D1%26sdb%3D0%26vvr%3DMesa%26vrd%3Dllvmpipe%26pnt%3Dprompt%26cnvs%3D7f7f7f80%26mmd_ao%3D0%26mmd_ai%3D0%26mmd_vi%3D0 HTTP/1.1
Host: xml-v4.pushub.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://live.onlidex.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Mon, 12 May 2025 12:41:14 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://blushtales.com/

GET blushtales.com/

161.35.252.241

200 OK

142 kB

URL User Request GET
blushtales.com/
IP
161.35.252.241:443
ASN
#14061 DIGITALOCEAN-ASN

Certificate
IssuerLet's Encrypt
Subjectblushtales.com
FingerprintF4:6A:9E:52:AC:54:BE:0E:62:03:E0:30:11:E7:90:55:99:0E:67:54
ValidityTue, 08 Apr 2025 14:15:03 GMT - Mon, 07 Jul 2025 14:15:02 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (2836)
Size
142 kB (142079 bytes)
Hash
16cd6d3021175c6d5bbe28d3afb67c22
7923240ae2d25ad4a91c5b56841fb67e35cf4cb8
765863973ce10d36f348d6f46879d4299e6f86c6c7ebb04cfeb9b67cb2b271e1

HTTP Headers

GET / HTTP/1.1
Host: blushtales.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://live.onlidex.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Mon, 12 May 2025 12:41:14 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-powered-by: Express
etag: W/"22aff-eSMkCuLSWtSpHFtWhB+2fjXPTLg"
content-encoding: gzip
X-Firefox-Spdy: h2

POST push.pushub.net/telemetry2?v=1.2.10&dm=blushtales.com&chid=366&sbid=blushtales.com&ab=ui

173.239.53.36

204 No Content

0 B

URL POST
push.pushub.net/telemetry2?v=1.2.10&dm=blushtales.com&chid=366&sbid=blushtales.com&ab=ui
IP
173.239.53.36:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://blushtales.com/
Certificate
IssuerLet's Encrypt
Subjectpushub.net
FingerprintDC:CE:16:E3:1B:09:87:2A:69:71:6C:96:DB:ED:AF:F9:8D:0B:E5:0F
ValidityTue, 29 Apr 2025 06:54:01 GMT - Mon, 28 Jul 2025 06:54:00 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /telemetry2?v=1.2.10&dm=blushtales.com&chid=366&sbid=blushtales.com&ab=ui HTTP/1.1
Host: push.pushub.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://blushtales.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 19
Origin: https://blushtales.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx
Date: Mon, 12 May 2025 12:41:15 GMT
Content-Length: 0
Connection: close
Access-Control-Allow-Origin: https://blushtales.com
Access-Control-Allow-Credentials: true

GET xml-v4.pushub.net/thumbnail?i=ZUJIQp*Gu5Q_0&imgt=icon

173.239.53.32

302 Found

950 B

URL GET
xml-v4.pushub.net/thumbnail?i=ZUJIQp*Gu5Q_0&imgt=icon
IP
173.239.53.32:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://blushtales.com/
Certificate
IssuerLet's Encrypt
Subjectpushub.net
FingerprintDC:CE:16:E3:1B:09:87:2A:69:71:6C:96:DB:ED:AF:F9:8D:0B:E5:0F
ValidityTue, 29 Apr 2025 06:54:01 GMT - Mon, 28 Jul 2025 06:54:00 GMT

File type

Size
950 B (950 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /thumbnail?i=ZUJIQp*Gu5Q_0&imgt=icon HTTP/1.1
Host: xml-v4.pushub.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blushtales.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Mon, 12 May 2025 12:41:16 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://ppb-eu.6zo3f1m226.com/?bid_id=287864b0-3294-4ce9-8921-c17cddeaeb58&bid_req_id=ebfbd9ba-f211-41af-a82f-ad62f0d61086&imp_id=a3170877-48f0-4e95-9bf9-827cd71f6f6b&iu=NB2HI4DTHIXS6ZLVFY3HU3ZTMYYW2MRSGYXGG33NF5UW2YLHMVZS6MTFF5QTGLZSMVQTGNRQMM2C2ZTGMY2S2NBXMY3C2YJUGJTC2ZJRMRRWIMJUMQZWENDFFZ3WKYTQ&price=0.0004224942531436682

GET eu.6zo3f1m226.com/images/2e/a3/2ea360c4-fff5-47f6-a42f-e1dcd14d3b4e.webp

157.90.84.36

200 OK

950 B

URL GET
eu.6zo3f1m226.com/images/2e/a3/2ea360c4-fff5-47f6-a42f-e1dcd14d3b4e.webp
IP
157.90.84.36:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://blushtales.com/
Certificate
IssuerLet's Encrypt
Subject6zo3f1m226.com
Fingerprint82:8C:20:A1:01:C1:36:A0:B3:78:75:B2:37:04:35:09:48:A2:70:8D
ValidityTue, 01 Apr 2025 08:34:01 GMT - Mon, 30 Jun 2025 08:34:00 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp
Size
950 B (950 bytes)
Hash
5e97ea3da88cdded9a53c940fe2c0e84
3ba7aa506db1db1cacb21cd6983861bb29f13f63
6bf96ad70900ece4f29101c1b79a719ce0a547245967dea673772366fc632a5c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/2e/a3/2ea360c4-fff5-47f6-a42f-e1dcd14d3b4e.webp HTTP/1.1
Host: eu.6zo3f1m226.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://blushtales.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.27.4
Date: Mon, 12 May 2025 12:41:16 GMT
Content-Type: image/webp
Content-Length: 950
Last-Modified: Thu, 10 Apr 2025 09:42:40 GMT
Connection: keep-alive
ETag: "67f79290-3b6"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: *
Access-Control-Expose-Headers: *
Accept-Ranges: bytes

POST www.oxid.it/_d

139.162.174.209

200 OK

716 B

URL POST
www.oxid.it/_d
IP
139.162.174.209:443
ASN
#63949 Akamai Connected Cloud

Requested by
https://www.oxid.it/downloads/ca_setup.exe
Certificate
IssuerLet's Encrypt
Subjectoxid.it
FingerprintFF:5E:1C:DC:BF:B8:27:B0:62:F0:21:04:65:53:01:AA:0D:CC:57:AB
ValidityMon, 07 Apr 2025 15:20:49 GMT - Sun, 06 Jul 2025 15:20:48 GMT

File type
JSON text data
Size
716 B (716 bytes)
Hash
1b59d1bf54d9f17219f73910a2918559
7dee5edd8c6d63a99e1555cd4fea509672b14b6d
892620fd85990cfc1d46b59e0d427ef81fafcca969278843a971ea3d8a8c93c1

HTTP Headers

POST /_d HTTP/1.1
Host: www.oxid.it
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.oxid.it/downloads/ca_setup.exe
Content-Type: application/json
Content-Length: 324
Origin: https://www.oxid.it
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty/1.27.1.2
date: Mon, 12 May 2025 12:41:12 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
set-cookie: session_id=f38aded9cd76d522ef0d642313735325; Max-Age=86400; Path=/; HttpOnly; SameSite=Lax
strict-transport-security: max-age=0; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

GET blushtales.com/assets/css/style.css

161.35.252.241

200 OK

4.3 kB

URL GET
blushtales.com/assets/css/style.css
IP
161.35.252.241:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://blushtales.com/
Certificate
IssuerLet's Encrypt
Subjectblushtales.com
FingerprintF4:6A:9E:52:AC:54:BE:0E:62:03:E0:30:11:E7:90:55:99:0E:67:54
ValidityTue, 08 Apr 2025 14:15:03 GMT - Mon, 07 Jul 2025 14:15:02 GMT

File type
ASCII text
Size
4.3 kB (4291 bytes)
Hash
7c44590fcab81a82655ba2cae0acf0de
2b38e21b57e361f075aea6cf304aca7ea106e6ec
ce15a30a91510f9dada0023a868ba6c0ea19880f6d2af7a300dcb1c27357bbcf

HTTP Headers

GET /assets/css/style.css HTTP/1.1
Host: blushtales.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blushtales.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Mon, 12 May 2025 12:41:15 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
x-powered-by: Express
cache-control: public, max-age=0
last-modified: Thu, 10 Apr 2025 10:46:37 GMT
etag: W/"10c3-1961f4f1071"
content-encoding: gzip
X-Firefox-Spdy: h2

GET blushtales.com/assets/images/logo-white.svg

161.35.252.241

200 OK

1.5 kB

URL GET
blushtales.com/assets/images/logo-white.svg
IP
161.35.252.241:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://blushtales.com/
Certificate
IssuerLet's Encrypt
Subjectblushtales.com
FingerprintF4:6A:9E:52:AC:54:BE:0E:62:03:E0:30:11:E7:90:55:99:0E:67:54
ValidityTue, 08 Apr 2025 14:15:03 GMT - Mon, 07 Jul 2025 14:15:02 GMT

File type
SVG Scalable Vector Graphics image
Size
1.5 kB (1508 bytes)
Hash
ac4435f983f158d4d1207151c3f1ab9a
1e51798bb6f40288da21db33c957cb923cd28e34
f7ab347f30570b50c8b668723c6e51426c010208283662c011891a6bc6665f4a

HTTP Headers

GET /assets/images/logo-white.svg HTTP/1.1
Host: blushtales.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blushtales.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Mon, 12 May 2025 12:41:15 GMT
content-type: image/svg+xml
content-length: 1508
x-powered-by: Express
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Tue, 08 Apr 2025 15:15:33 GMT
etag: W/"5e4-19615f89095"
X-Firefox-Spdy: h2

GET static.pushub.net/inpage/inpage.js

23.36.77.89

200 OK

13 kB

URL GET
static.pushub.net/inpage/inpage.js
IP
23.36.77.89:443
ASN
#20940 Akamai International B.V.

Requested by
https://blushtales.com/
Certificate
IssuerLet's Encrypt
Subjectstatic.pushub.net
FingerprintBD:83:2F:A4:B5:2F:6D:29:07:A7:90:61:DF:7D:4E:1F:E8:22:33:EE
ValidityTue, 22 Apr 2025 08:29:44 GMT - Mon, 21 Jul 2025 08:29:43 GMT

File type
JavaScript source, ASCII text, with very long lines (13123)
Size
13 kB (13180 bytes)
Hash
5910e494b34694553906c84adbf11b84
abcc4dad695e8dbbcb817d6c69048001b6e58f36
be9ce430b5c00ab65a0ab52c4a3e3b2e764a2da413b1b83986e59ce810678f2c

HTTP Headers

GET /inpage/inpage.js HTTP/1.1
Host: static.pushub.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blushtales.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/javascript
Content-Length: 13180
Last-Modified: Thu, 05 May 2022 12:41:49 GMT
ETag: "6273c60d-337c"
Accept-Ranges: bytes
Cache-Control: max-age=84493
Expires: Tue, 13 May 2025 12:09:28 GMT
Date: Mon, 12 May 2025 12:41:15 GMT
Connection: keep-alive
X-Forward-Proto: http
CDN-Origin-Protocol: HTTP

GET blushtales.com/favicon.ico

161.35.252.241

200 OK

15 kB

URL GET
blushtales.com/favicon.ico
IP
161.35.252.241:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://blushtales.com/
Certificate
IssuerLet's Encrypt
Subjectblushtales.com
FingerprintF4:6A:9E:52:AC:54:BE:0E:62:03:E0:30:11:E7:90:55:99:0E:67:54
ValidityTue, 08 Apr 2025 14:15:03 GMT - Mon, 07 Jul 2025 14:15:02 GMT

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15406 bytes)
Hash
c8542491c42e456e25d1c10389103f3a
e9962177ffd4c38675a6d343858e4a46a5f53bca
8e00e3dec55a6ee010e8a26ab6900be0ae4e21995b77126ff107ac4cc5959b76

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: blushtales.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://blushtales.com/
Cookie: test=test
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Mon, 12 May 2025 12:41:15 GMT
content-type: image/x-icon
content-length: 15406
x-powered-by: Express
accept-ranges: bytes
cache-control: public, max-age=0
last-modified: Wed, 09 Apr 2025 12:52:08 GMT
etag: W/"3c2e-1961a9b9ead"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML