hxxp://oxy[.]name/d/eKTf

Analysis

max time kernel
149s
max time network
153s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
06/08/2023, 11:45 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://oxy.name/d/eKTf

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133357959426368496"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings	7zFM.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2916	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3704	chrome.exe
3704	chrome.exe
4460	7zFM.exe
4460	7zFM.exe
4460	7zFM.exe
4460	7zFM.exe
4460	7zFM.exe
4460	7zFM.exe
4460	7zFM.exe
4460	7zFM.exe
4460	7zFM.exe
4460	7zFM.exe
4460	7zFM.exe
4460	7zFM.exe
4460	7zFM.exe
4460	7zFM.exe
2536	chrome.exe
2536	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4460	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeShutdownPrivilege	3704	chrome.exe
Token: SeCreatePagefilePrivilege	3704	chrome.exe
Token: SeRestorePrivilege	4460	7zFM.exe
Token: 35	4460	7zFM.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
4460	7zFM.exe
4460	7zFM.exe
4460	7zFM.exe
4460	7zFM.exe
4460	7zFM.exe
4460	7zFM.exe
4460	7zFM.exe
4460	7zFM.exe
4460	7zFM.exe
4460	7zFM.exe
4460	7zFM.exe
4460	7zFM.exe
4460	7zFM.exe
4460	7zFM.exe
4460	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3704 wrote to memory of 168	3704	chrome.exe	70
PID 3704 wrote to memory of 168	3704	chrome.exe	70
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4916	3704	chrome.exe	76
PID 3704 wrote to memory of 4104	3704	chrome.exe	72
PID 3704 wrote to memory of 4104	3704	chrome.exe	72
PID 3704 wrote to memory of 5096	3704	chrome.exe	73
PID 3704 wrote to memory of 5096	3704	chrome.exe	73
PID 3704 wrote to memory of 5096	3704	chrome.exe	73
PID 3704 wrote to memory of 5096	3704	chrome.exe	73
PID 3704 wrote to memory of 5096	3704	chrome.exe	73
PID 3704 wrote to memory of 5096	3704	chrome.exe	73
PID 3704 wrote to memory of 5096	3704	chrome.exe	73
PID 3704 wrote to memory of 5096	3704	chrome.exe	73
PID 3704 wrote to memory of 5096	3704	chrome.exe	73
PID 3704 wrote to memory of 5096	3704	chrome.exe	73
PID 3704 wrote to memory of 5096	3704	chrome.exe	73
PID 3704 wrote to memory of 5096	3704	chrome.exe	73
PID 3704 wrote to memory of 5096	3704	chrome.exe	73
PID 3704 wrote to memory of 5096	3704	chrome.exe	73
PID 3704 wrote to memory of 5096	3704	chrome.exe	73
PID 3704 wrote to memory of 5096	3704	chrome.exe	73
PID 3704 wrote to memory of 5096	3704	chrome.exe	73
PID 3704 wrote to memory of 5096	3704	chrome.exe	73
PID 3704 wrote to memory of 5096	3704	chrome.exe	73
PID 3704 wrote to memory of 5096	3704	chrome.exe	73
PID 3704 wrote to memory of 5096	3704	chrome.exe	73
PID 3704 wrote to memory of 5096	3704	chrome.exe	73

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://oxy.name/d/eKTf
1⤵
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdf8719758,0x7ffdf8719768,0x7ffdf8719778
  2⤵
  PID:168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1892 --field-trial-handle=1728,i,4497895441656263846,1327201752122593956,131072 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1728,i,4497895441656263846,1327201752122593956,131072 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2664 --field-trial-handle=1728,i,4497895441656263846,1327201752122593956,131072 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2644 --field-trial-handle=1728,i,4497895441656263846,1327201752122593956,131072 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1728,i,4497895441656263846,1327201752122593956,131072 /prefetch:2
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4500 --field-trial-handle=1728,i,4497895441656263846,1327201752122593956,131072 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3496 --field-trial-handle=1728,i,4497895441656263846,1327201752122593956,131072 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4896 --field-trial-handle=1728,i,4497895441656263846,1327201752122593956,131072 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5108 --field-trial-handle=1728,i,4497895441656263846,1327201752122593956,131072 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4912 --field-trial-handle=1728,i,4497895441656263846,1327201752122593956,131072 /prefetch:1
  2⤵
  PID:668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5132 --field-trial-handle=1728,i,4497895441656263846,1327201752122593956,131072 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5236 --field-trial-handle=1728,i,4497895441656263846,1327201752122593956,131072 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3840 --field-trial-handle=1728,i,4497895441656263846,1327201752122593956,131072 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4936 --field-trial-handle=1728,i,4497895441656263846,1327201752122593956,131072 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 --field-trial-handle=1728,i,4497895441656263846,1327201752122593956,131072 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3100 --field-trial-handle=1728,i,4497895441656263846,1327201752122593956,131072 /prefetch:8
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5844 --field-trial-handle=1728,i,4497895441656263846,1327201752122593956,131072 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 --field-trial-handle=1728,i,4497895441656263846,1327201752122593956,131072 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 --field-trial-handle=1728,i,4497895441656263846,1327201752122593956,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2536

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1184

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3384

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\nl gui.rar"
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4460
- C:\Windows\System32\fontview.exe
  "C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\7zOC612F6BA\museosanscyrl-300.ttf
  2⤵
  PID:424
- C:\Windows\System32\fontview.exe
  "C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\7zOC612129A\ProggyTiny.ttf
  2⤵
  PID:4884
- C:\Windows\System32\fontview.exe
  "C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\7zOC61B13EA\Cousine-Regular.ttf
  2⤵
  PID:1528
- C:\Windows\System32\fontview.exe
  "C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\7zOC61092FA\DroidSans.ttf
  2⤵
  PID:1392
- C:\Windows\System32\fontview.exe
  "C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\7zOC616BEFA\Karla-Regular.ttf
  2⤵
  PID:4016
- C:\Windows\System32\fontview.exe
  "C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\7zOC61256DA\Roboto-Medium.ttf
  2⤵
  PID:2776
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zOC619C20B\README.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:2916

Network

DNS

oxy.name

chrome.exe

Remote address:

8.8.8.8:53

Request

oxy.name

IN A

Response

oxy.name

IN A

104.21.70.24

oxy.name

IN A

172.67.218.114
GET

http://oxy.name/d/eKTf

chrome.exe

Remote address:

104.21.70.24:80

Request

GET /d/eKTf HTTP/1.1
Host: oxy.name
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Date: Sun, 06 Aug 2023 11:45:35 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://oxy.name/d/eKTf
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fHO1fM5UmRAbPzS4IBVtVa0uTQdyCC08CwRI2gjcbdhF%2FEAPe5qIIr2uDMOLBxYnJVVBTFvYqPtlnsYeww5Yl%2Bv0d24wPJzSyaZQ3mjVRUyhKwWqd8L%2Bwix7NA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7f2708d5c8751c9e-AMS
alt-svc: h3=":443"; ma=86400
GET

https://oxy.name/d/eKTf

chrome.exe

Remote address:

104.21.70.24:443

Request

GET /d/eKTf HTTP/2.0
host: oxy.name
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

date: Sun, 06 Aug 2023 11:45:35 GMT
content-type: text/html; charset=UTF-8
location: https://oxy.st/d/eKTf
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hykg3wH3o2sr4GRe3FWMxezVOhTlvevvWTQQCBYxDNbl7E5UMmjX9gFtl%2Bv6na3km23b4aZ%2BAPsyPZiolPPGy%2FBooB%2FXRkR4yp3gmrsZo%2BwHqvTN%2FzeUNn0B%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7f2708d709150e58-AMS
alt-svc: h3=":443"; ma=86400
DNS

oxy.st

chrome.exe

Remote address:

8.8.8.8:53

Request

oxy.st

IN A

Response

oxy.st

IN A

185.178.208.137
GET

https://oxy.st/d/eKTf

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /d/eKTf HTTP/2.0
host: oxy.st
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L; Domain=.oxy.st; HttpOnly; Path=/; Expires=Mon, 05-Aug-2024 11:45:36 GMT
date: Sun, 06 Aug 2023 11:45:36 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1; path=/; domain=.oxy.st
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
content-encoding: gzip
GET

https://oxy.st/slake/asset/css/bootstrap.min.css

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/css/bootstrap.min.css HTTP/2.0
host: oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://oxy.st/d/eKTf
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 05 Aug 2023 12:31:35 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-235ed"
age: 83641
content-length: 20483
ddg-cache-status: HIT
GET

https://oxy.st/slake/asset/css/jquery.mCustomScrollbar.min.css

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/css/jquery.mCustomScrollbar.min.css HTTP/2.0
host: oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://oxy.st/d/eKTf
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 04 Aug 2023 06:59:45 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-a78e"
age: 189951
content-length: 3950
ddg-cache-status: HIT
GET

https://oxy.st/slake/asset/css/elements.css?1

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/css/elements.css?1 HTTP/2.0
host: oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://oxy.st/d/eKTf
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 27 Jul 2023 14:29:51 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-2fbea"
age: 854145
content-length: 24208
ddg-cache-status: HIT
GET

https://oxy.st/slake/style.css?ver=6

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/style.css?ver=6 HTTP/2.0
host: oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://oxy.st/d/eKTf
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Aug 2023 04:04:21 GMT
content-type: text/css
last-modified: Fri, 18 Dec 2020 20:37:06 GMT
vary: Accept-Encoding
etag: W/"5fdd12f2-2a549"
access-control-allow-origin: *
content-encoding: gzip
age: 27675
content-length: 24360
ddg-cache-status: HIT
GET

https://oxy.st/slake/cookie.css?ver=6

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/cookie.css?ver=6 HTTP/2.0
host: oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://oxy.st/d/eKTf
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 03 Aug 2023 01:02:06 GMT
content-type: application/javascript
last-modified: Tue, 20 Jun 2023 20:47:54 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "6492107a-908"
age: 297810
content-length: 1139
ddg-cache-status: HIT
GET

https://oxy.st/slake/responsive.css?ver=5

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/responsive.css?ver=5 HTTP/2.0
host: oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://oxy.st/d/eKTf
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 30 Jul 2023 22:59:33 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-1538e"
age: 564363
content-length: 30285
ddg-cache-status: HIT
GET

https://oxy.st/slake/asset/js/jquery.min.js

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/js/jquery.min.js HTTP/2.0
host: oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://oxy.st/d/eKTf
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 29 Jul 2023 19:43:42 GMT
content-type: text/css
last-modified: Mon, 15 Feb 2021 21:38:28 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "602ae9d4-224"
age: 662514
content-length: 299
ddg-cache-status: HIT
GET

https://oxy.st/js/jquery.cookie.min.js

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /js/jquery.cookie.min.js HTTP/2.0
host: oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://oxy.st/d/eKTf
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 30 Jul 2023 14:31:50 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 22:27:36 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefded8-135c7"
age: 594826
content-length: 11872
ddg-cache-status: HIT
GET

https://oxy.st/css/cloud.css

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /css/cloud.css HTTP/2.0
host: oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://oxy.st/d/eKTf
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 05 Aug 2023 22:11:26 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:25 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb1-d024"
age: 48851
content-length: 9206
ddg-cache-status: HIT
GET

https://oxy.st/slake/asset/js/bootstrap.min.js

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/js/bootstrap.min.js HTTP/2.0
host: oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://oxy.st/d/eKTf
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: __b22_=-1324136025

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 31 Jul 2023 09:07:16 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-bf30"
age: 527901
content-length: 13046
ddg-cache-status: HIT
GET

https://oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/js/jquery.mCustomScrollbar.concat.min.js HTTP/2.0
host: oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://oxy.st/d/eKTf
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: __b22_=-1324136025

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 01 Aug 2023 19:53:05 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-52d51"
age: 402752
content-length: 90933
ddg-cache-status: HIT
GET

https://oxy.st/slake/asset/js/plugins.js

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/js/plugins.js HTTP/2.0
host: oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://oxy.st/d/eKTf
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: __b22_=-1324136025

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 30 Jul 2023 19:52:06 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-b1ab"
age: 575611
content-length: 12929
ddg-cache-status: HIT
GET

https://oxy.st/slake/asset/js/main.js

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/js/main.js HTTP/2.0
host: oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://oxy.st/d/eKTf
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: __b22_=-1324136025

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 30 Jul 2023 22:59:33 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-2210"
age: 564364
content-length: 1840
ddg-cache-status: HIT
GET

https://oxy.st/slake/asset/js/ajax-mail.js

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/js/ajax-mail.js HTTP/2.0
host: oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://oxy.st/d/eKTf
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: __b22_=-1324136025

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 01 Aug 2023 05:13:03 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Feb 2021 01:25:02 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "602c706e-2019"
age: 455554
content-length: 3204
ddg-cache-status: HIT
GET

https://oxy.st/slake/asset/js/ajax-subscribe.js

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/js/ajax-subscribe.js HTTP/2.0
host: oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://oxy.st/d/eKTf
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: __b22_=-1324136025

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 04 Aug 2023 16:48:33 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
etag: W/"5eefbeb2-683"
access-control-allow-origin: *
content-encoding: gzip
age: 154624
content-length: 544
ddg-cache-status: HIT
GET

https://oxy.st/img/oxy-logo.svg

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /img/oxy-logo.svg HTTP/2.0
host: oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://oxy.st/d/eKTf
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: __b22_=-1324136025

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 27 Jul 2023 14:33:29 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-595"
age: 853928
content-length: 635
ddg-cache-status: HIT
GET

https://oxy.st/slake/asset/slice_white.png

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/slice_white.png HTTP/2.0
host: oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://oxy.st/d/eKTf
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: __b22_=-1324136025

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 01 Aug 2023 15:34:01 GMT
content-type: image/png
content-length: 6078
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
etag: "5eefbeb2-17be"
access-control-allow-origin: *
accept-ranges: bytes
age: 418296
ddg-cache-status: HIT
GET

https://oxy.st/images/sprite3.png

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /images/sprite3.png HTTP/2.0
host: oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://oxy.st/d/eKTf
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: __b22_=-1324136025

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 04 Aug 2023 16:15:59 GMT
content-type: image/png
content-length: 2059
last-modified: Sun, 27 Mar 2022 20:43:28 GMT
access-control-allow-origin: *
accept-ranges: bytes
etag: "6240cc70-80b"
age: 156578
ddg-cache-status: HIT
GET

https://oxy.st/images/ltd.svg

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /images/ltd.svg HTTP/2.0
host: oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://oxy.st/d/eKTf
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: __b22_=-1324136025

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Mon, 31 Jul 2023 08:24:42 GMT
content-type: image/svg+xml
last-modified: Fri, 20 Nov 2020 00:55:29 GMT
vary: Accept-Encoding
etag: W/"5fb71401-c420"
access-control-allow-origin: *
content-encoding: gzip
age: 530455
content-length: 19700
ddg-cache-status: HIT
GET

https://oxy.st/slake/asset/img/bg/flake-slider-header.jpg

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/img/bg/flake-slider-header.jpg HTTP/2.0
host: oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://oxy.st/slake/style.css?ver=6
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: __b22_=-1324136025

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 27 Jul 2023 19:52:03 GMT
content-type: image/jpeg
content-length: 31870
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
etag: "5eefbeb2-7c7e"
access-control-allow-origin: *
accept-ranges: bytes
age: 834814
ddg-cache-status: HIT
GET

https://oxy.st/slake/asset/fonts/themify--fvbane.woff

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/fonts/themify--fvbane.woff HTTP/2.0
host: oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://oxy.st
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://oxy.st/slake/asset/css/elements.css?1
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: __b22_=-1324136025

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 01 Aug 2023 14:09:51 GMT
content-type: font/woff
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
etag: W/"5eefbeb2-db2c"
access-control-allow-origin: *
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
age: 423346
content-length: 34487
ddg-cache-status: HIT
GET

https://oxy.st/slake/asset/img/bg/footer-bg.png

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/img/bg/footer-bg.png HTTP/2.0
host: oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://oxy.st/slake/style.css?ver=6
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: __b22_=-1324136025
cookie: session_depth=oxy.st%3D1%7C468178560%3D1

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 27 Jul 2023 14:40:31 GMT
content-type: image/png
content-length: 74560
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
etag: "5eefbeb2-12340"
access-control-allow-origin: *
accept-ranges: bytes
age: 853506
ddg-cache-status: HIT
GET

https://oxy.st/slake/asset/img/favicon/favicon.ico

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/img/favicon/favicon.ico HTTP/2.0
host: oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://oxy.st/d/eKTf
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: __b22_=-1324136025
cookie: session_depth=oxy.st%3D1%7C468178560%3D1
cookie: _pbjs_userid_consent_data=3524755945110770
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: cto_bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA
cookie: cto_bidid=s0QaY18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FTTlLUDIlMkJBQ3I2U0VpOTBMJTJGbXE2M1ElM0QlM0Q
cookie: __qca=P0-1169537539-1691322337809

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 30 Jul 2023 14:15:26 GMT
content-type: image/x-icon
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
access-control-allow-origin: *
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
etag: "5eefbeb2-7ca"
age: 595813
content-length: 2017
ddg-cache-status: HIT
DNS

apps.identrust.com

chrome.exe

Remote address:

8.8.8.8:53

Request

apps.identrust.com

IN A

Response

apps.identrust.com

IN CNAME

identrust.edgesuite.net

identrust.edgesuite.net

IN CNAME

a1952.dscq.akamai.net

a1952.dscq.akamai.net

IN A

84.53.175.19

a1952.dscq.akamai.net

IN A

88.221.25.170
GET

http://apps.identrust.com/roots/dstrootcax3.p7c

chrome.exe

Remote address:

84.53.175.19:80

Request

GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: apps.identrust.com

Response

HTTP/1.1 200 OK

X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Wed, 08 Feb 2023 16:52:56 GMT
ETag: "37d-5f433188daa00"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Sun, 06 Aug 2023 12:45:36 GMT
Date: Sun, 06 Aug 2023 11:45:36 GMT
Connection: keep-alive
DNS

137.208.178.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.208.178.185.in-addr.arpa

IN PTR

Response

137.208.178.185.in-addr.arpa

IN PTR

ddos-guardnet
DNS

24.70.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

24.70.21.104.in-addr.arpa

IN PTR

Response
DNS

19.175.53.84.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.175.53.84.in-addr.arpa

IN PTR

Response

19.175.53.84.in-addr.arpa

IN PTR

a84-53-175-19deploystaticakamaitechnologiescom
DNS

contextual.media.net

chrome.exe

Remote address:

8.8.8.8:53

Request

contextual.media.net

IN A

Response

contextual.media.net

IN A

104.85.0.23
GET

https://contextual.media.net/dmedianet.js?cid=8CU7BC15F

chrome.exe

Remote address:

104.85.0.23:443

Request

GET /dmedianet.js?cid=8CU7BC15F HTTP/2.0
host: contextual.media.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Apache
content-type: text/javascript; charset=utf-8
x-mnt-h: 22-vx5n
x-mnt-w: 22-qc9v
timing-allow-origin: *
etag: "075ebe62781c76e8d541de0c76ad6213"
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=300
expires: Sun, 06 Aug 2023 11:50:37 GMT
date: Sun, 06 Aug 2023 11:45:37 GMT
content-length: 38702
GET

https://contextual.media.net/smtr?&4y=mLR-9mABwFpfZkL83A%24*8&kkdd=A3%7Cu%7C93nH*A&44=Fi&QL=)Co)sxxss~x)CEc)oCl&O-Dh=)&w3Dk=E&Z34f=ix)~&4L-=l6I~_6)*N&4D4-=.3tzEEjM)pykzpCMVHB0Q.%3D%3D&4hL-=cCl)~l*CE&3LKf=sEE2x*E&rZZD3=)&hfV!h8=rZZD3%3A%2F%2F92bA3Z%2F-%2FfzXe&R3f=*&!O-=c&w4e=cE~Cl&DOL-=DEcEc)E~sxsZxExsElEC))c*&Ry=)

chrome.exe

Remote address:

104.85.0.23:443

Request

GET /smtr?&4y=mLR-9mABwFpfZkL83A%24*8&kkdd=A3%7Cu%7C93nH*A&44=Fi&QL=)Co)sxxss~x)CEc)oCl&O-Dh=)&w3Dk=E&Z34f=ix)~&4L-=l6I~_6)*N&4D4-=.3tzEEjM)pykzpCMVHB0Q.%3D%3D&4hL-=cCl)~l*CE&3LKf=sEE2x*E&rZZD3=)&hfV!h8=rZZD3%3A%2F%2F92bA3Z%2F-%2FfzXe&R3f=*&!O-=c&w4e=cE~Cl&DOL-=DEcEc)E~sxsZxExsElEC))c*&Ry=) HTTP/2.0
host: contextual.media.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-encoding: gzip
content-type: text/javascript
x-sc-h: 22-ljwt
expires: Sun, 06 Aug 2023 11:45:37 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sun, 06 Aug 2023 11:45:37 GMT
content-length: 334
vary: Accept-Encoding
strict-transport-security: max-age=31536000
GET

https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&ckdel=1&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM

chrome.exe

Remote address:

104.85.0.23:443

Request

GET /checksync.php?&gdpr=1&usp_status=0&ckdel=1&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM HTTP/2.0
host: contextual.media.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Apache
content-type: text/html; charset=UTF-8
x-mnet-hl2: E
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=172800
expires: Tue, 08 Aug 2023 11:45:37 GMT
date: Sun, 06 Aug 2023 11:45:37 GMT
content-length: 5917
GET

https://contextual.media.net/smtr?&Bs=xq84Uxch_ZMm6YqWKc%24RW&kkdd=u3%7Ch%7CAu9nH3*&oq=23G2d00ddJ2J3T2G2Jb&j4kX=2&_KkY=b&6KBm=V02J&Bq4=Du7JEu2Rt&BkB4=1K9ibbQL2MsYiM3LOphlo1%3D%3D&BXq4=T3D2JDR3b&KqNm=dbbz0Rb&BB=ZV&F66kK=2&XmOAXW=F66kK%3A%2F%2F4Ux8WUY4cUzPcK6%2F4%2Fmi(I%2F0%2FDDGRTBG3Ib4JdmmDY043RJBRbIm0mGD3&!xXI=F66kK%3A%2F%2FUzPcK6&m!xXI=xJJlC%3ALL_)RcCJ&8Km=R&Aj4=T&_BI=TbJ3D&kjq4=k2JJTJd0Dd60b0dbDb322TR&8s=2

chrome.exe

Remote address:

104.85.0.23:443

Request

GET /smtr?&Bs=xq84Uxch_ZMm6YqWKc%24RW&kkdd=u3%7Ch%7CAu9nH3*&oq=23G2d00ddJ2J3T2G2Jb&j4kX=2&_KkY=b&6KBm=V02J&Bq4=Du7JEu2Rt&BkB4=1K9ibbQL2MsYiM3LOphlo1%3D%3D&BXq4=T3D2JDR3b&KqNm=dbbz0Rb&BB=ZV&F66kK=2&XmOAXW=F66kK%3A%2F%2F4Ux8WUY4cUzPcK6%2F4%2Fmi(I%2F0%2FDDGRTBG3Ib4JdmmDY043RJBRbIm0mGD3&!xXI=F66kK%3A%2F%2FUzPcK6&m!xXI=xJJlC%3ALL_)RcCJ&8Km=R&Aj4=T&_BI=TbJ3D&kjq4=k2JJTJd0Dd60b0dbDb322TR&8s=2 HTTP/2.0
host: contextual.media.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://download.oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-encoding: gzip
content-type: text/javascript
x-sc-h: 22-ljwt
expires: Sun, 06 Aug 2023 11:45:40 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sun, 06 Aug 2023 11:45:40 GMT
content-length: 333
vary: Accept-Encoding
strict-transport-security: max-age=31536000
DNS

254.33.24.67.in-addr.arpa

Remote address:

8.8.8.8:53

Request

254.33.24.67.in-addr.arpa

IN PTR

Response
DNS

23.0.85.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.0.85.104.in-addr.arpa

IN PTR

Response

23.0.85.104.in-addr.arpa

IN PTR

a104-85-0-23deploystaticakamaitechnologiescom
DNS

93.93.17.193.in-addr.arpa

Remote address:

8.8.8.8:53

Request

93.93.17.193.in-addr.arpa

IN PTR

Response
DNS

106.208.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

106.208.58.216.in-addr.arpa

IN PTR

Response

106.208.58.216.in-addr.arpa

IN PTR

ams17s08-in-f101e100net

106.208.58.216.in-addr.arpa

IN PTR

sof01s11-in-f106�I
DNS

ads.themoneytizer.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ads.themoneytizer.com

IN A

Response

ads.themoneytizer.com

IN CNAME

1266287590.rsc.cdn77.org

1266287590.rsc.cdn77.org

IN A

143.244.42.32

1266287590.rsc.cdn77.org

IN A

195.181.172.27
DNS

wishesen.com

chrome.exe

Remote address:

8.8.8.8:53

Request

wishesen.com

IN A

Response

wishesen.com

IN A

88.208.46.156
DNS

cdn.adlook.me

chrome.exe

Remote address:

8.8.8.8:53

Request

cdn.adlook.me

IN A

Response

cdn.adlook.me

IN CNAME

cl-7c56f4b3.edgecdn.ru

cl-7c56f4b3.edgecdn.ru

IN A

193.17.93.93
GET

https://ads.themoneytizer.com/s/gen.js?type=2

chrome.exe

Remote address:

143.244.42.32:443

Request

GET /s/gen.js?type=2 HTTP/2.0
host: ads.themoneytizer.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 06 Aug 2023 11:45:37 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=604800
server: CDN77-Turbo
x-77-nzt: AY/0Kh8QF1r/ww4DAA
x-77-nzt-ray: 1317b72cafe30aefe187cf646740b416
x-accel-expires: @1691726750
x-accel-date: 1691121950
x-cache: HIT
x-age: 200387
x-77-pop: amsterdamNL
x-77-cache: HIT
content-encoding: gzip
GET

https://ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=2

chrome.exe

Remote address:

143.244.42.32:443

Request

GET /s/requestform.js?siteId=85433&formatId=2 HTTP/2.0
host: ads.themoneytizer.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 06 Aug 2023 11:45:37 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=604800
server: CDN77-Turbo
x-77-nzt: AY/0Kh+AL4D/WgwDAA
x-77-nzt-ray: 1317b72cafe30aefe187cf640902bc16
x-accel-expires: @1691727367
x-accel-date: 1691122567
x-cache: HIT
x-age: 199770
x-77-pop: amsterdamNL
x-77-cache: HIT
content-encoding: gzip
GET

https://ads.themoneytizer.com/moneybid8_6/build/dist/prebid.js

chrome.exe

Remote address:

143.244.42.32:443

Request

GET /moneybid8_6/build/dist/prebid.js HTTP/2.0
host: ads.themoneytizer.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 06 Aug 2023 11:45:37 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 02 Aug 2023 20:11:46 GMT
expires: Sat, 05 Aug 2023 04:05:45 GMT
cache-control: max-age=86400
cache-control: public, no-transform
pragma: public
server: CDN77-Turbo
x-77-nzt: AY/0Kh/aRgT/xmsAAA
x-77-nzt-ray: 1317b72cafe30aefe187cf644acd2032
x-accel-expires: @1691381147
x-accel-date: 1691294747
x-cache: HIT
x-age: 27590
x-77-pop: amsterdamNL
x-77-cache: HIT
content-encoding: gzip
GET

https://ads.themoneytizer.com/s/gen.js?type=28

chrome.exe

Remote address:

143.244.42.32:443

Request

GET /s/gen.js?type=28 HTTP/2.0
host: ads.themoneytizer.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://download.oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 06 Aug 2023 11:45:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=604800
server: CDN77-Turbo
x-77-nzt: AY/0Kh94jvn/wQ4DAA
x-77-nzt-ray: 1317b72cafe30aefe487cf6495f68d11
x-accel-expires: @1691726755
x-accel-date: 1691121955
x-cache: HIT
x-age: 200385
x-77-pop: amsterdamNL
x-77-cache: HIT
content-encoding: gzip
GET

https://ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=28

chrome.exe

Remote address:

143.244.42.32:443

Request

GET /s/requestform.js?siteId=85433&formatId=28 HTTP/2.0
host: ads.themoneytizer.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://download.oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 06 Aug 2023 11:45:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: max-age=604800
server: CDN77-Turbo
x-77-nzt: AY/0Kh9fpif/oQwDAA
x-77-nzt-ray: 1317b72cafe30aefe487cf6426877a12
x-accel-expires: @1691727299
x-accel-date: 1691122499
x-cache: HIT
x-age: 199841
x-77-pop: amsterdamNL
x-77-cache: HIT
content-encoding: gzip
GET

https://cdn.adlook.me/js/rlf.js

chrome.exe

Remote address:

193.17.93.93:443

Request

GET /js/rlf.js HTTP/2.0
host: cdn.adlook.me
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cdn.adlook.me/u/cds.html

chrome.exe

Remote address:

193.17.93.93:443

Request

GET /u/cds.html HTTP/2.0
host: cdn.adlook.me
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cdn.adlook.me/css/rlf.css?1.4

chrome.exe

Remote address:

193.17.93.93:443

Request

GET /css/rlf.css?1.4 HTTP/2.0
host: cdn.adlook.me
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

lg3.media.net

chrome.exe

Remote address:

8.8.8.8:53

Request

lg3.media.net

IN A

Response

lg3.media.net

IN A

23.44.232.24
DNS

c.tmyzer.com

chrome.exe

Remote address:

8.8.8.8:53

Request

c.tmyzer.com

IN A

Response

c.tmyzer.com

IN A

54.38.64.100
DNS

ced.sascdn.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ced.sascdn.com

IN A

Response

ced.sascdn.com

IN CNAME

akamai.smartadserver.com.edgesuite.net

akamai.smartadserver.com.edgesuite.net

IN CNAME

a1184.b.akamai.net

a1184.b.akamai.net

IN A

23.72.252.155

a1184.b.akamai.net

IN A

23.72.252.137
DNS

gum.criteo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

gum.criteo.com

IN A

Response

gum.criteo.com

IN CNAME

gum.fr3.vip.prod.criteo.com

gum.fr3.vip.prod.criteo.com

IN A

178.250.7.13
DNS

spl.zeotap.com

chrome.exe

Remote address:

8.8.8.8:53

Request

spl.zeotap.com

IN A

Response

spl.zeotap.com

IN A

172.67.13.182

spl.zeotap.com

IN A

104.22.25.87

spl.zeotap.com

IN A

104.22.24.87
DNS

tag.leadplace.fr

chrome.exe

Remote address:

8.8.8.8:53

Request

tag.leadplace.fr

IN A

Response

tag.leadplace.fr

IN CNAME

ip-fo-ovh.infra.leadplace.fr

ip-fo-ovh.infra.leadplace.fr

IN A

145.239.192.166

ip-fo-ovh.infra.leadplace.fr

IN A

145.239.193.51
GET

https://gum.criteo.com/sync?c=147&r=2&j=criteoCallback

chrome.exe

Remote address:

178.250.7.13:443

Request

GET /sync?c=147&r=2&j=criteoCallback HTTP/2.0
host: gum.criteo.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/javascript; charset=utf-8
date: Sun, 06 Aug 2023 11:45:36 GMT
server: Kestrel
cache-control: private, max-age=3600
expires: 60
server-processing-duration-in-ticks: 221537
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
GET

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1

chrome.exe

Remote address:

178.250.7.13:443

Request

GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1 HTTP/2.0
host: gum.criteo.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: application/json
accept: */*
origin: https://oxy.st
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
date: Sun, 06 Aug 2023 11:45:37 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://oxy.st
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 519669
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
GET

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fdownload.oxy.st%2F&domain=download.oxy.st&bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA&cw=1&lsw=1

chrome.exe

Remote address:

178.250.7.13:443

Request

GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Fdownload.oxy.st%2F&domain=download.oxy.st&bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA&cw=1&lsw=1 HTTP/2.0
host: gum.criteo.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: application/json
accept: */*
origin: https://download.oxy.st
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://download.oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
date: Sun, 06 Aug 2023 11:45:40 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://download.oxy.st
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 408327
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
GET

https://ced.sascdn.com/tag/1097/smart.js

chrome.exe

Remote address:

23.72.252.155:443

Request

GET /tag/1097/smart.js HTTP/1.1
Host: ced.sascdn.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://oxy.st/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: application/javascript; charset=UTF-8
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 37188
Cache-Control: public, max-age=7200
Expires: Sun, 06 Aug 2023 13:45:37 GMT
Date: Sun, 06 Aug 2023 11:45:37 GMT
Connection: keep-alive
GET

https://spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258

chrome.exe

Remote address:

172.67.13.182:443

Request

GET /mapper.js?env=mWeb&eventType=pageview&zdid=1258 HTTP/2.0
host: spl.zeotap.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 06 Aug 2023 11:45:37 GMT
content-type: application/javascript
cache-control: public, max-age=21600
cf-bgj: minify
cf-polished: origSize=62056
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://reise-und-urlaubsziele.de
expires: Sun, 06 Aug 2023 12:25:19 GMT
vary: Origin, Accept-Encoding
via: 1.1 google
cf-cache-status: HIT
age: 19218
strict-transport-security: max-age=2592000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7f2708e3cfc4b8e8-AMS
content-encoding: br
GET

https://spl.zeotap.com/?env=mWeb&eventType=pageview&zdid=1258

chrome.exe

Remote address:

172.67.13.182:443

Request

GET /?env=mWeb&eventType=pageview&zdid=1258 HTTP/2.0
host: spl.zeotap.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://oxy.st
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 06 Aug 2023 11:45:38 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://oxy.st
set-cookie: zc=871f0bb3-0b0b-438d-4c9e-b5551c3f93e1; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure
set-cookie: zsc=m%DAZx%E4KU%19%BB%99%BAR%0B%ECr%86u%B9%7D5D%40%A0%1B%9B%BB%EF%5C%CA%3Fc%E4%EB%5D%1C%81V%AA%D3%FF%3FAzl%C2%7F%D9uy%1C%DE%F9%DC%81%B1%86%8E%3C%C0%0F%A0%83QN%C7X%97%91%9E%0Be%A2%10%A45%29%19%BE%82%9D%AEZ%29; Path=/; Domain=.zeotap.com; Max-Age=86400; SameSite=None; Secure
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
strict-transport-security: max-age=2592000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7f2708e85cebb8e8-AMS
content-encoding: br
GET

https://mwzeom.zeotap.com/mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=871f0bb3-0b0b-438d-4c9e-b5551c3f93e1&reqId=943e4be8-e3d5-433c-4d1b-7d71e02982fa&zdid=1258&google_error=15

chrome.exe

Remote address:

172.67.13.182:443

Request

GET /mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=871f0bb3-0b0b-438d-4c9e-b5551c3f93e1&reqId=943e4be8-e3d5-433c-4d1b-7d71e02982fa&zdid=1258&google_error=15 HTTP/2.0
host: mwzeom.zeotap.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: zc=871f0bb3-0b0b-438d-4c9e-b5551c3f93e1
cookie: zsc=m%DAZx%E4KU%19%BB%99%BAR%0B%ECr%86u%B9%7D5D%40%A0%1B%9B%BB%EF%5C%CA%3Fc%E4%EB%5D%1C%81V%AA%D3%FF%3FAzl%C2%7F%D9uy%1C%DE%F9%DC%81%B1%86%8E%3C%C0%0F%A0%83QN%C7X%97%91%9E%0Be%A2%10%A45%29%19%BE%82%9D%AEZ%29

Response

HTTP/2.0 200

date: Sun, 06 Aug 2023 11:45:38 GMT
content-type: image/png
content-length: 95
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://oxy.st
set-cookie: zc=871f0bb3-0b0b-438d-4c9e-b5551c3f93e1; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
strict-transport-security: max-age=2592000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7f2708ea0ef6b8e8-AMS
GET

https://spl.zeotap.com/?env=mWeb&eventType=pageview&zdid=1258

chrome.exe

Remote address:

172.67.13.182:443

Request

GET /?env=mWeb&eventType=pageview&zdid=1258 HTTP/2.0
host: spl.zeotap.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://download.oxy.st
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://download.oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: zsc=m%DAZx%E4KU%19%BB%99%BAR%0B%ECr%86u%B9%7D5D%40%A0%1B%9B%BB%EF%5C%CA%3Fc%E4%EB%5D%1C%81V%AA%D3%FF%3FAzl%C2%7F%D9uy%1C%DE%F9%DC%81%B1%86%8E%3C%C0%0F%A0%83QN%C7X%97%91%9E%0Be%A2%10%A45%29%19%BE%82%9D%AEZ%29
cookie: zc=871f0bb3-0b0b-438d-4c9e-b5551c3f93e1

Response

HTTP/2.0 200

date: Sun, 06 Aug 2023 11:45:40 GMT
content-type: image/png
content-length: 95
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://download.oxy.st
set-cookie: zc=871f0bb3-0b0b-438d-4c9e-b5551c3f93e1; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure
set-cookie: zsc=z%B0%9B%1B2%7B%F4%F6%EF%987%0C%5Cw%9D%5CV%13%BD%5DMw%00%25%B5%C5.%5E%B9%F4%5C%B1+%DC%D7%A1%18%84%A6%2B%13%A0%9E%00%7Bn%D4%5Cm%B4%D4%D37%12%FEk%28X%A2%18%EB%187%EB%EB%EA%96Y%89%2B%60%81%E9%D4%A9%5C%1D%8E%CEd%FETq; Path=/; Domain=.zeotap.com; Max-Age=86400; SameSite=None; Secure
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
strict-transport-security: max-age=2592000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7f2708f5de24b8e8-AMS
DNS

onetag-sys.com

chrome.exe

Remote address:

8.8.8.8:53

Request

onetag-sys.com

IN A

Response

onetag-sys.com

IN A

51.89.9.254

onetag-sys.com

IN A

51.75.86.98

onetag-sys.com

IN A

51.38.120.206

onetag-sys.com

IN A

51.89.9.252

onetag-sys.com

IN A

51.89.9.253

onetag-sys.com

IN A

51.89.9.251
GET

https://lg3.media.net/bping.php?vgd_len=525&&vgd_cdv=1042&vgd_cage=1&vgd_tsce=L217&vgd_mcf=40768&gdpr=1&mspa=0&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1691322337216041968&ugd=4&lf=6&cc=NL&lper=100&wsip=170785041&r=1691322336780&requrl=https%3A%2F%2Foxy.st%2Fd%2FeKTf&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=174&vgd_rakh=1691322337188834912&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p0404107323t202308061145&vgd_pgids=1&vgd_uspa=0&hvsid=00001691322336775025877071369200&gdpr=1&mspa=0&vgd_l2type=scs_newfl&vgd_end=1

chrome.exe

Remote address:

23.44.232.24:443

Request

GET /bping.php?vgd_len=525&&vgd_cdv=1042&vgd_cage=1&vgd_tsce=L217&vgd_mcf=40768&gdpr=1&mspa=0&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1691322337216041968&ugd=4&lf=6&cc=NL&lper=100&wsip=170785041&r=1691322336780&requrl=https%3A%2F%2Foxy.st%2Fd%2FeKTf&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=174&vgd_rakh=1691322337188834912&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p0404107323t202308061145&vgd_pgids=1&vgd_uspa=0&hvsid=00001691322336775025877071369200&gdpr=1&mspa=0&vgd_l2type=scs_newfl&vgd_end=1 HTTP/1.1
Host: lg3.media.net
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://oxy.st/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 35
Content-Type: image/gif
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=21600
Expires: Sun, 06 Aug 2023 11:45:37 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 06 Aug 2023 11:45:37 GMT
Connection: keep-alive
GET

https://lg3.media.net/bping.php?vgd_len=598&&vgd_cdv=1042&vgd_cage=1&vgd_tsce=L217&vgd_mcf=40768&gdpr=1&mspa=0&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1691322337176419170&ugd=4&lf=6&kwrf=https%3A%2F%2Foxy.st&cc=NL&lper=100&wsip=170785041&r=1691322339548&requrl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FeKTf%2F2%2F88954c96f0d73ee8a2d657c50fe2e986&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=174&vgd_rakh=1691322337188834912&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p177473283t202308061145&vgd_pgids=1&vgd_uspa=0&hvsid=00001691322339540025877071365260&gdpr=1&mspa=0&vgd_l2type=scs_newfl&vgd_end=1

chrome.exe

Remote address:

23.44.232.24:443

Request

GET /bping.php?vgd_len=598&&vgd_cdv=1042&vgd_cage=1&vgd_tsce=L217&vgd_mcf=40768&gdpr=1&mspa=0&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1691322337176419170&ugd=4&lf=6&kwrf=https%3A%2F%2Foxy.st&cc=NL&lper=100&wsip=170785041&r=1691322339548&requrl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FeKTf%2F2%2F88954c96f0d73ee8a2d657c50fe2e986&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=174&vgd_rakh=1691322337188834912&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p177473283t202308061145&vgd_pgids=1&vgd_uspa=0&hvsid=00001691322339540025877071365260&gdpr=1&mspa=0&vgd_l2type=scs_newfl&vgd_end=1 HTTP/1.1
Host: lg3.media.net
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://download.oxy.st/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Length: 35
Content-Type: image/gif
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=21600
Expires: Sun, 06 Aug 2023 11:45:40 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 06 Aug 2023 11:45:40 GMT
Connection: keep-alive
GET

https://c.tmyzer.com/c/?s=85433&f=2&fi=99

chrome.exe

Remote address:

54.38.64.100:443

Request

GET /c/?s=85433&f=2&fi=99 HTTP/1.1
Host: c.tmyzer.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Origin: https://oxy.st
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://oxy.st/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

server: nginx
date: Sun, 06 Aug 2023 11:45:37 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
access-control-allow-origin: *
geo: rbx
x-iplb-request-id: 9A3D470D:C2B8_36264064:01BB_64CF87E1_28AD846:14674
x-iplb-instance: 38439
GET

https://c.tmyzer.com/c/?s=85433&f=28&fi=99

chrome.exe

Remote address:

54.38.64.100:443

Request

GET /c/?s=85433&f=28&fi=99 HTTP/1.1
Host: c.tmyzer.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Origin: https://download.oxy.st
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://download.oxy.st/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

server: nginx
date: Sun, 06 Aug 2023 11:45:41 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
access-control-allow-origin: *
geo: rbx
x-iplb-request-id: 9A3D470D:C2B8_36264064:01BB_64CF87E4_28AD90E:14674
x-iplb-instance: 38439
DNS

secure.quantserve.com

chrome.exe

Remote address:

8.8.8.8:53

Request

secure.quantserve.com

IN A

Response

secure.quantserve.com

IN CNAME

2kpixel.quantserve.com

2kpixel.quantserve.com

IN CNAME

global.px.quantserve.com

global.px.quantserve.com

IN A

192.184.69.252

global.px.quantserve.com

IN A

192.184.69.215

global.px.quantserve.com

IN A

192.184.69.167

global.px.quantserve.com

IN A

192.184.69.239

global.px.quantserve.com

IN A

192.184.69.201
DNS

p.cpx.to

chrome.exe

Remote address:

8.8.8.8:53

Request

p.cpx.to

IN A

Response

p.cpx.to

IN CNAME

k8s-pixeljsserver-11f4426a0b-1200762302.eu-west-1.elb.amazonaws.com

k8s-pixeljsserver-11f4426a0b-1200762302.eu-west-1.elb.amazonaws.com

IN A

52.208.148.0

k8s-pixeljsserver-11f4426a0b-1200762302.eu-west-1.elb.amazonaws.com

IN A

52.212.239.100
DNS

d2zur9cc2gf1tx.cloudfront.net

chrome.exe

Remote address:

8.8.8.8:53

Request

d2zur9cc2gf1tx.cloudfront.net

IN A

Response

d2zur9cc2gf1tx.cloudfront.net

IN A

108.156.61.80

d2zur9cc2gf1tx.cloudfront.net

IN A

108.156.61.198

d2zur9cc2gf1tx.cloudfront.net

IN A

108.156.61.94

d2zur9cc2gf1tx.cloudfront.net

IN A

108.156.61.138
DNS

yastatic.net

chrome.exe

Remote address:

8.8.8.8:53

Request

yastatic.net

IN A

Response

yastatic.net

IN A

178.154.131.216

yastatic.net

IN A

178.154.131.217

yastatic.net

IN A

178.154.131.215
GET

https://onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1691322336882

chrome.exe

Remote address:

51.89.9.254:443

Request

GET /usync/?pubId=2a897e3f18e6769&cb=1691322336882 HTTP/2.0
host: onetag-sys.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=vBX-kp2C_sJ_SxiubRUkd3IpY5pSjIGIEppwg9RzIXA; path=/; expires=Thu, 05 Sep 2024 04:03:55; domain=onetag-sys.com; SameSite=None; Secure
content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 1375
strict-transport-security: max-age=15552000
GET

https://onetag-sys.com/match/?int_id=106&redir=1&ot_initiated=1

chrome.exe

Remote address:

51.89.9.254:443

Request

GET /match/?int_id=106&redir=1&ot_initiated=1 HTTP/2.0
host: onetag-sys.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1691322336882
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OTP=vBX-kp2C_sJ_SxiubRUkd3IpY5pSjIGIEppwg9RzIXA

Response

HTTP/2.0 302

cache-control: no-transform, no-cache
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=vBX-kp2C_sJ_SxiubRUkd3IpY5pSjIGIEppwg9RzIXA; path=/; expires=Thu, 05 Sep 2024 04:03:56; domain=onetag-sys.com; SameSite=None; Secure;
location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABicqqy5VCJwVIAT0zb1lc8L8dWfcd9z6bNA
content-length: 0
strict-transport-security: max-age=15552000
GET

https://onetag-sys.com/match/?int_id=113&gdpr=1&gdpr_consent=&callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Donetag.com%26id%3D%24%7BUSER_TOKEN%7D&ot_initiated=1

chrome.exe

Remote address:

51.89.9.254:443

Request

GET /match/?int_id=113&gdpr=1&gdpr_consent=&callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Donetag.com%26id%3D%24%7BUSER_TOKEN%7D&ot_initiated=1 HTTP/2.0
host: onetag-sys.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1691322336882
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OTP=vBX-kp2C_sJ_SxiubRUkd3IpY5pSjIGIEppwg9RzIXA

Response

HTTP/2.0 302

cache-control: no-transform, no-cache
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=vBX-kp2C_sJ_SxiubRUkd3IpY5pSjIGIEppwg9RzIXA; path=/; expires=Thu, 05 Sep 2024 04:03:56; domain=onetag-sys.com; SameSite=None; Secure;
location: https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=vBX-kp2C_sJ_SxiubRUkd3IpY5pSjIGIEppwg9RzIXA
content-length: 0
strict-transport-security: max-age=15552000
GET

https://onetag-sys.com/match/?int_id=1&uid=04e864cf-87e2-4800-bfdc-233cd17c4226&gdpr=1&gdpr_consent=

chrome.exe

Remote address:

51.89.9.254:443

Request

GET /match/?int_id=1&uid=04e864cf-87e2-4800-bfdc-233cd17c4226&gdpr=1&gdpr_consent= HTTP/2.0
host: onetag-sys.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://onetag-sys.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OTP=vBX-kp2C_sJ_SxiubRUkd3IpY5pSjIGIEppwg9RzIXA

Response

HTTP/2.0 200

cache-control: no-transform, no-cache
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=vBX-kp2C_sJ_SxiubRUkd3IpY5pSjIGIEppwg9RzIXA; path=/; expires=Thu, 05 Sep 2024 04:03:56; domain=onetag-sys.com; SameSite=None; Secure;
content-length: 0
strict-transport-security: max-age=15552000
GET

https://onetag-sys.com/match/?int_id=98&gdpr=1&gdpr_consent=&uid=9110017361650720908

chrome.exe

Remote address:

51.89.9.254:443

Request

GET /match/?int_id=98&gdpr=1&gdpr_consent=&uid=9110017361650720908 HTTP/2.0
host: onetag-sys.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://onetag-sys.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OTP=vBX-kp2C_sJ_SxiubRUkd3IpY5pSjIGIEppwg9RzIXA

Response

HTTP/2.0 200

cache-control: no-transform, no-cache
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=vBX-kp2C_sJ_SxiubRUkd3IpY5pSjIGIEppwg9RzIXA; path=/; expires=Thu, 05 Sep 2024 04:03:57; domain=onetag-sys.com; SameSite=None; Secure;
content-length: 0
strict-transport-security: max-age=15552000
GET

https://onetag-sys.com/match/?int_id=106&google_error=15

chrome.exe

Remote address:

51.89.9.254:443

Request

GET /match/?int_id=106&google_error=15 HTTP/2.0
host: onetag-sys.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://onetag-sys.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OTP=vBX-kp2C_sJ_SxiubRUkd3IpY5pSjIGIEppwg9RzIXA

Response

HTTP/2.0 200

cache-control: no-transform, no-cache
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=vBX-kp2C_sJ_SxiubRUkd3IpY5pSjIGIEppwg9RzIXA; path=/; expires=Thu, 05 Sep 2024 04:03:57; domain=onetag-sys.com; SameSite=None; Secure;
content-length: 0
strict-transport-security: max-age=15552000
GET

https://onetag-sys.com/match/?int_id=110&uid=

chrome.exe

Remote address:

51.89.9.254:443

Request

GET /match/?int_id=110&uid= HTTP/2.0
host: onetag-sys.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://onetag-sys.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OTP=vBX-kp2C_sJ_SxiubRUkd3IpY5pSjIGIEppwg9RzIXA

Response

HTTP/2.0 200

cache-control: no-transform, no-cache
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=vBX-kp2C_sJ_SxiubRUkd3IpY5pSjIGIEppwg9RzIXA; path=/; expires=Thu, 05 Sep 2024 04:03:57; domain=onetag-sys.com; SameSite=None; Secure;
content-length: 0
strict-transport-security: max-age=15552000
GET

https://onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1691322339644

chrome.exe

Remote address:

51.89.9.254:443

Request

GET /usync/?pubId=2a897e3f18e6769&cb=1691322339644 HTTP/2.0
host: onetag-sys.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://download.oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OTP=vBX-kp2C_sJ_SxiubRUkd3IpY5pSjIGIEppwg9RzIXA

Response

HTTP/2.0 200

p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=JsT6xSrgQrZC5cPVA92G7Ry6xLfrg8ZTozfI0HwRpGU; path=/; expires=Thu, 05 Sep 2024 04:03:58; domain=onetag-sys.com; SameSite=None; Secure
content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 1279
strict-transport-security: max-age=15552000
GET

https://onetag-sys.com/match/?int_id=106&redir=1&ot_initiated=1

chrome.exe

Remote address:

51.89.9.254:443

Request

GET /match/?int_id=106&redir=1&ot_initiated=1 HTTP/2.0
host: onetag-sys.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1691322339644
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OTP=JsT6xSrgQrZC5cPVA92G7Ry6xLfrg8ZTozfI0HwRpGU

Response

HTTP/2.0 302

cache-control: no-transform, no-cache
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=JsT6xSrgQrZC5cPVA92G7Ry6xLfrg8ZTozfI0HwRpGU; path=/; expires=Thu, 05 Sep 2024 04:03:58; domain=onetag-sys.com; SameSite=None; Secure;
location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABicqq1Tc6X6dKZIqXsmYyO_blkgyr3UJ-ow
content-length: 0
strict-transport-security: max-age=15552000
GET

https://onetag-sys.com/match/?int_id=98&gdpr=1&gdpr_consent=&uid=9110017361650720908

chrome.exe

Remote address:

51.89.9.254:443

Request

GET /match/?int_id=98&gdpr=1&gdpr_consent=&uid=9110017361650720908 HTTP/2.0
host: onetag-sys.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://onetag-sys.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OTP=JsT6xSrgQrZC5cPVA92G7Ry6xLfrg8ZTozfI0HwRpGU

Response

HTTP/2.0 200

cache-control: no-transform, no-cache
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=JsT6xSrgQrZC5cPVA92G7Ry6xLfrg8ZTozfI0HwRpGU; path=/; expires=Thu, 05 Sep 2024 04:03:59; domain=onetag-sys.com; SameSite=None; Secure;
content-length: 0
strict-transport-security: max-age=15552000
GET

https://onetag-sys.com/match/?int_id=1&uid=04e864cf-87e2-4800-bfdc-233cd17c4226&gdpr=1&gdpr_consent=

chrome.exe

Remote address:

51.89.9.254:443

Request

GET /match/?int_id=1&uid=04e864cf-87e2-4800-bfdc-233cd17c4226&gdpr=1&gdpr_consent= HTTP/2.0
host: onetag-sys.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://onetag-sys.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OTP=JsT6xSrgQrZC5cPVA92G7Ry6xLfrg8ZTozfI0HwRpGU

Response

HTTP/2.0 200

cache-control: no-transform, no-cache
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=JsT6xSrgQrZC5cPVA92G7Ry6xLfrg8ZTozfI0HwRpGU; path=/; expires=Thu, 05 Sep 2024 04:03:59; domain=onetag-sys.com; SameSite=None; Secure;
content-length: 0
strict-transport-security: max-age=15552000
GET

https://onetag-sys.com/match/?int_id=106&google_error=15

chrome.exe

Remote address:

51.89.9.254:443

Request

GET /match/?int_id=106&google_error=15 HTTP/2.0
host: onetag-sys.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://onetag-sys.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OTP=JsT6xSrgQrZC5cPVA92G7Ry6xLfrg8ZTozfI0HwRpGU

Response

HTTP/2.0 200

cache-control: no-transform, no-cache
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=JsT6xSrgQrZC5cPVA92G7Ry6xLfrg8ZTozfI0HwRpGU; path=/; expires=Thu, 05 Sep 2024 04:03:59; domain=onetag-sys.com; SameSite=None; Secure;
content-length: 0
strict-transport-security: max-age=15552000
GET

https://yastatic.net/islands/_/KRBKbh7904nwfw8-FzDelXRpZ9o.woff2

chrome.exe

Remote address:

178.154.131.216:443

Request

GET /islands/_/KRBKbh7904nwfw8-FzDelXRpZ9o.woff2 HTTP/2.0
host: yastatic.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://oxy.st
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.17.9
date: Sun, 06 Aug 2023 11:45:37 GMT
content-type: application/font-woff2
content-length: 43116
access-control-allow-origin: *
cache-control: public, max-age=31556952
content-encoding: br
etag: "b12a51f97e25c747336afc3f3958c89e"
expires: Mon, 05 Aug 2024 17:34:04 GMT
last-modified: Tue, 22 Jan 2019 17:07:24 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-nginx-request-id: 42e2333b9c72ac70
accept-ranges: bytes
GET

https://yastatic.net/islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2

chrome.exe

Remote address:

178.154.131.216:443

Request

GET /islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2 HTTP/2.0
host: yastatic.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://oxy.st
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.17.9
date: Sun, 06 Aug 2023 11:45:37 GMT
content-type: application/font-woff2
content-length: 45104
access-control-allow-origin: *
cache-control: public, max-age=31556952
content-encoding: br
etag: "7ea3a7685d37ada753d75eff793a5615"
expires: Mon, 05 Aug 2024 17:33:37 GMT
last-modified: Tue, 22 Jan 2019 17:08:35 GMT
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
strict-transport-security: max-age=43200000; includeSubDomains;
timing-allow-origin: *
vary: Accept-Encoding
x-nginx-request-id: bddbab68d049149b
accept-ranges: bytes
GET

https://d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js

chrome.exe

Remote address:

108.156.61.80:443

Request

GET /a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js HTTP/1.1
Host: d2zur9cc2gf1tx.cloudfront.net
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://oxy.st/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: text/javascript
Content-Length: 25704
Connection: keep-alive
Accept-Ranges: bytes
Last-Modified: Mon, 18 Feb 2019 16:54:28 GMT
Server: Apache
Date: Sat, 05 Aug 2023 23:04:41 GMT
X-Cache: Hit from cloudfront
Via: 1.1 96e04892ec84a7161914f66c3ba3b5f0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-P2
X-Amz-Cf-Id: dHIOqT3NeCnMmOyZPXz_eaMOHi4hZIlu5MljL3wpN6AOiKESSAl4kg==
Age: 45657
DNS

counter.yadro.ru

chrome.exe

Remote address:

8.8.8.8:53

Request

counter.yadro.ru

IN A

Response

counter.yadro.ru

IN A

88.212.201.204

counter.yadro.ru

IN A

88.212.202.52

counter.yadro.ru

IN A

88.212.201.198
DNS

msstral.icu

chrome.exe

Remote address:

8.8.8.8:53

Request

msstral.icu

IN A

Response

msstral.icu

IN A

188.114.96.0

msstral.icu

IN A

188.114.97.0
GET

https://msstral.icu/api/getslugv3?partner_apikey=fc637ad2fa123a2358df5768a2427c14&bl=0&raw=Discover%20new%20possibilities%20for%20%3Cspan%3E%20%242.70%2F5%20days%3C%2Fspan%3E&sourceURL=https%3A%2F%2Floader.oxy.st%2Fget%2F23ebfff6d7d0097c673899ff91a04bfc%2Fnl_gui.rar&sourceName=nl%20gui.rar&sourceIntro=&sourceNote=&priority=source&tag=&rnd=61c084dad439404849be9fd084850cee&d=0&utm_content=&err=0&b=1&rfr=https%3A%2F%2Foxy.st%2Fd%2FeKTf

chrome.exe

Remote address:

188.114.96.0:443

Request

GET /api/getslugv3?partner_apikey=fc637ad2fa123a2358df5768a2427c14&bl=0&raw=Discover%20new%20possibilities%20for%20%3Cspan%3E%20%242.70%2F5%20days%3C%2Fspan%3E&sourceURL=https%3A%2F%2Floader.oxy.st%2Fget%2F23ebfff6d7d0097c673899ff91a04bfc%2Fnl_gui.rar&sourceName=nl%20gui.rar&sourceIntro=&sourceNote=&priority=source&tag=&rnd=61c084dad439404849be9fd084850cee&d=0&utm_content=&err=0&b=1&rfr=https%3A%2F%2Foxy.st%2Fd%2FeKTf HTTP/2.0
host: msstral.icu
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://oxy.st
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 06 Aug 2023 11:45:38 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zkX%2BVziplpIsWxq7IYKyd%2Bc2kZJ5udc7b3IyKs3CSuHVpkNVnLLHXS4zbnZ3VfhZC%2Bq%2BX8ywU76YpbUlP%2Bc9e5MIcSMUh%2FSqOoVjtTSl6lFVlkYYyK4p%2Fssm026WmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7f2708e5cf18b7b5-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
DNS

sync.mathtag.com

chrome.exe

Remote address:

8.8.8.8:53

Request

sync.mathtag.com

IN A

Response

sync.mathtag.com

IN CNAME

pixel-origin.mathtag.com

pixel-origin.mathtag.com

IN A

185.29.134.244

pixel-origin.mathtag.com

IN A

185.29.132.241

pixel-origin.mathtag.com

IN A

185.29.132.245

pixel-origin.mathtag.com

IN A

185.29.134.248
DNS

pixel-eu.rubiconproject.com

chrome.exe

Remote address:

8.8.8.8:53

Request

pixel-eu.rubiconproject.com

IN A

Response

pixel-eu.rubiconproject.com

IN CNAME

pixel-eu.rubiconproject.net.akadns.net

pixel-eu.rubiconproject.net.akadns.net

IN A

213.19.162.80

pixel-eu.rubiconproject.net.akadns.net

IN A

213.19.162.90
DNS

ib.adnxs.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ib.adnxs.com

IN A

Response

ib.adnxs.com

IN CNAME

g.geogslb.com

g.geogslb.com

IN CNAME

ib.anycast.adnxs.com

ib.anycast.adnxs.com

IN A

185.89.210.244

ib.anycast.adnxs.com

IN A

185.89.210.212

ib.anycast.adnxs.com

IN A

185.89.211.12

ib.anycast.adnxs.com

IN A

185.89.211.84

ib.anycast.adnxs.com

IN A

185.89.210.82

ib.anycast.adnxs.com

IN A

185.89.210.20

ib.anycast.adnxs.com

IN A

185.89.210.46

ib.anycast.adnxs.com

IN A

185.89.210.101

ib.anycast.adnxs.com

IN A

185.89.210.141

ib.anycast.adnxs.com

IN A

185.89.210.122

ib.anycast.adnxs.com

IN A

185.89.210.153

ib.anycast.adnxs.com

IN A

185.89.210.90
DNS

pixel.rubiconproject.com

chrome.exe

Remote address:

8.8.8.8:53

Request

pixel.rubiconproject.com

IN A

Response

pixel.rubiconproject.com

IN CNAME

pixel.rubiconproject.net.akadns.net

pixel.rubiconproject.net.akadns.net

IN A

213.19.162.90

pixel.rubiconproject.net.akadns.net

IN A

213.19.162.80
DNS

ssbsync-global.smartadserver.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ssbsync-global.smartadserver.com

IN A

Response

ssbsync-global.smartadserver.com

IN CNAME

usersync-geo-global.usersync-prod-sas.akadns.net

usersync-geo-global.usersync-prod-sas.akadns.net

IN CNAME

ssbsync-itx4.smartadserver.com

ssbsync-itx4.smartadserver.com

IN A

185.86.139.102

ssbsync-itx4.smartadserver.com

IN A

185.86.139.93

ssbsync-itx4.smartadserver.com

IN A

185.86.139.94

ssbsync-itx4.smartadserver.com

IN A

185.86.139.104

ssbsync-itx4.smartadserver.com

IN A

185.86.139.103

ssbsync-itx4.smartadserver.com

IN A

185.86.139.101
DNS

id.rlcdn.com

chrome.exe

Remote address:

8.8.8.8:53

Request

id.rlcdn.com

IN A

Response

id.rlcdn.com

IN A

35.190.60.146
DNS

image8.pubmatic.com

chrome.exe

Remote address:

8.8.8.8:53

Request

image8.pubmatic.com

IN A

Response

image8.pubmatic.com

IN CNAME

image8-v2.pubmnet.com

image8-v2.pubmnet.com

IN CNAME

imagesync33000-fpb.pubmnet.com

imagesync33000-fpb.pubmnet.com

IN A

104.36.113.110
DNS

cm.g.doubleclick.net

chrome.exe

Remote address:

8.8.8.8:53

Request

cm.g.doubleclick.net

IN A

Response

cm.g.doubleclick.net

IN A

142.250.179.130
DNS

match.adsrvr.org

chrome.exe

Remote address:

8.8.8.8:53

Request

match.adsrvr.org

IN A

Response

match.adsrvr.org

IN A

52.223.40.198

match.adsrvr.org

IN A

35.71.131.137

match.adsrvr.org

IN A

15.197.193.217

match.adsrvr.org

IN A

3.33.220.150
DNS

ups.analytics.yahoo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ups.analytics.yahoo.com

IN A

Response

ups.analytics.yahoo.com

IN CNAME

prod.ups-ats.aolp-ds-prd.aws.oath.cloud

prod.ups-ats.aolp-ds-prd.aws.oath.cloud

IN CNAME

prod.ups-ats.us-east-1.aolp-ds-prd.aws.oath.cloud

prod.ups-ats.us-east-1.aolp-ds-prd.aws.oath.cloud

IN CNAME

ats-eks.us-east-1.dcs-online-targeting-prd.aws.oath.cloud

ats-eks.us-east-1.dcs-online-targeting-prd.aws.oath.cloud

IN A

3.225.218.10

ats-eks.us-east-1.dcs-online-targeting-prd.aws.oath.cloud

IN A

34.200.65.202
DNS

content-autofill.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

216.58.208.106

content-autofill.googleapis.com

IN A

216.58.214.10

content-autofill.googleapis.com

IN A

142.250.179.138

content-autofill.googleapis.com

IN A

142.251.36.42

content-autofill.googleapis.com

IN A

142.250.179.170

content-autofill.googleapis.com

IN A

142.250.179.202

content-autofill.googleapis.com

IN A

142.251.36.10

content-autofill.googleapis.com

IN A

142.251.39.106

content-autofill.googleapis.com

IN A

172.217.23.202
GET

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=1&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D107%26uid%3D[ssb_sync_pid]

chrome.exe

Remote address:

185.86.139.102:443

Request

GET /api/sync?callerId=5&gdpr=1&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D107%26uid%3D[ssb_sync_pid] HTTP/2.0
host: ssbsync-global.smartadserver.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://onetag-sys.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 0
date: Sun, 06 Aug 2023 11:45:38 GMT
GET

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=1&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D107%26uid%3D[ssb_sync_pid]

chrome.exe

Remote address:

185.86.139.102:443

Request

GET /api/sync?callerId=5&gdpr=1&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D107%26uid%3D[ssb_sync_pid] HTTP/2.0
host: ssbsync-global.smartadserver.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://onetag-sys.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: pid=4881299743354675484
cookie: TestIfCookieP=ok
cookie: csync=111:ID5-90b4IzyLhTB2uxB5HTA9R7DMNqCI9XBuTXTBe2f8mA

Response

HTTP/2.0 200

content-length: 0
date: Sun, 06 Aug 2023 11:45:39 GMT
DNS

s.amazon-adsystem.com

chrome.exe

Remote address:

8.8.8.8:53

Request

s.amazon-adsystem.com

IN A

Response

s.amazon-adsystem.com

IN A

52.46.155.104
GET

https://id.rlcdn.com/711916.gif?ct=4&cv=

chrome.exe

Remote address:

35.190.60.146:443

Request

GET /711916.gif?ct=4&cv= HTTP/2.0
host: id.rlcdn.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://onetag-sys.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

131.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

131.179.250.142.in-addr.arpa

IN PTR

Response

131.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f31e100net
DNS

156.46.208.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

156.46.208.88.in-addr.arpa

IN PTR

Response
DNS

32.42.244.143.in-addr.arpa

Remote address:

8.8.8.8:53

Request

32.42.244.143.in-addr.arpa

IN PTR

Response

32.42.244.143.in-addr.arpa

IN PTR

750196499amscdn77com
DNS

13.7.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.7.250.178.in-addr.arpa

IN PTR

Response
DNS

155.252.72.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

155.252.72.23.in-addr.arpa

IN PTR

Response

155.252.72.23.in-addr.arpa

IN PTR

a23-72-252-155deploystaticakamaitechnologiescom
DNS

182.13.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

182.13.67.172.in-addr.arpa

IN PTR

Response
DNS

100.64.38.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

100.64.38.54.in-addr.arpa

IN PTR

Response
DNS

166.192.239.145.in-addr.arpa

Remote address:

8.8.8.8:53

Request

166.192.239.145.in-addr.arpa

IN PTR

Response
DNS

24.232.44.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

24.232.44.23.in-addr.arpa

IN PTR

Response

24.232.44.23.in-addr.arpa

IN PTR

a23-44-232-24deploystaticakamaitechnologiescom
DNS

216.131.154.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

216.131.154.178.in-addr.arpa

IN PTR

Response

216.131.154.178.in-addr.arpa

IN PTR

staticyandexnet
DNS

254.9.89.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

254.9.89.51.in-addr.arpa

IN PTR

Response

254.9.89.51.in-addr.arpa

IN PTR

ip254 ip-51-89-9eu
DNS

80.61.156.108.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.61.156.108.in-addr.arpa

IN PTR
DNS

80.61.156.108.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.61.156.108.in-addr.arpa

IN PTR
DNS

80.61.156.108.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.61.156.108.in-addr.arpa

IN PTR
DNS

80.61.156.108.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.61.156.108.in-addr.arpa

IN PTR
DNS

80.61.156.108.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.61.156.108.in-addr.arpa

IN PTR
DNS

0.148.208.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.148.208.52.in-addr.arpa

IN PTR

Response

0.148.208.52.in-addr.arpa

IN PTR

ec2-52-208-148-0 eu-west-1compute amazonawscom
DNS

252.69.184.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

252.69.184.192.in-addr.arpa

IN PTR

Response
DNS

204.201.212.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

204.201.212.88.in-addr.arpa

IN PTR

Response

204.201.212.88.in-addr.arpa

IN CNAME

204.192/26.201.212.88.in-addr.arpa

204.192/26.201.212.88.in-addr.arpa

IN PTR

host204raxru
GET

https://cm.g.doubleclick.net/pixel?google_nid=onetag_eb&google_cm

chrome.exe

Remote address:

142.250.179.130:443

Request

GET /pixel?google_nid=onetag_eb&google_cm HTTP/2.0
host: cm.g.doubleclick.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://onetag-sys.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABicqqy5VCJwVIAT0zb1lc8L8dWfcd9z6bNA

chrome.exe

Remote address:

142.250.179.130:443

Request

GET /pixel?google_nid=one_tag&google_hm=AAABicqqy5VCJwVIAT0zb1lc8L8dWfcd9z6bNA HTTP/2.0
host: cm.g.doubleclick.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://onetag-sys.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://ups.analytics.yahoo.com/ups/58488/occ?&gdpr=1&gdpr_consent=

chrome.exe

Remote address:

3.225.218.10:443

Request

GET /ups/58488/occ?&gdpr=1&gdpr_consent= HTTP/2.0
host: ups.analytics.yahoo.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://onetag-sys.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://ups.analytics.yahoo.com/ups/58488/occ?&gdpr=1&gdpr_consent=

chrome.exe

Remote address:

3.225.218.10:443

Request

GET /ups/58488/occ?&gdpr=1&gdpr_consent= HTTP/2.0
host: ups.analytics.yahoo.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://onetag-sys.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

ads.adlook.me

chrome.exe

Remote address:

8.8.8.8:53

Request

ads.adlook.me

IN A

Response

ads.adlook.me

IN CNAME

lb-prod.adlook.me

lb-prod.adlook.me

IN A

176.122.21.130

lb-prod.adlook.me

IN A

5.200.50.170

lb-prod.adlook.me

IN A

176.122.21.139
DNS

x.bidswitch.net

chrome.exe

Remote address:

8.8.8.8:53

Request

x.bidswitch.net

IN A

Response

x.bidswitch.net

IN CNAME

user-data-us-east.bidswitch.net

user-data-us-east.bidswitch.net

IN A

35.211.178.172
DNS

id5-sync.com

chrome.exe

Remote address:

8.8.8.8:53

Request

id5-sync.com

IN A

Response

id5-sync.com

IN A

141.95.98.65

id5-sync.com

IN A

162.19.138.118

id5-sync.com

IN A

162.19.138.116

id5-sync.com

IN A

162.19.138.117

id5-sync.com

IN A

162.19.138.120

id5-sync.com

IN A

141.95.33.111

id5-sync.com

IN A

141.95.98.64

id5-sync.com

IN A

162.19.138.83

id5-sync.com

IN A

162.19.138.119

id5-sync.com

IN A

162.19.138.82
POST

https://id5-sync.com/g/v2/102.json

chrome.exe

Remote address:

141.95.98.65:443

Request

POST /g/v2/102.json HTTP/1.1
Host: id5-sync.com
Connection: keep-alive
Content-Length: 155
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Content-Type: text/plain
Accept: */*
Origin: https://oxy.st
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://oxy.st/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://oxy.st
vary: Origin
access-control-allow-credentials: true
p3p: CP="CAO PSA OUR"
set-cookie: 3pi=; Max-Age=7776000; Expires=Sat, 04-Nov-2023 11:45:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: id5=e4dbec79-3380-7342-a7fb-4823bec4aef4#1691322338602#1; Max-Age=7776000; Expires=Sat, 04-Nov-2023 11:45:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Sun, 06 Aug 2023 11:45:37 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://id5-sync.com/i/102/8.gif?id5id=ID5*OUROTyNIp_4wApdreWkcRkfE4E2g_NkLbjlYunsT0ONZwnmK2xOR72e79cpTWxNzWcMRdkbZAxdQU-Fdd0J06w&o=api&gdpr_consent=undefined&gdpr=0

chrome.exe

Remote address:

141.95.98.65:443

Request

GET /i/102/8.gif?id5id=ID5*OUROTyNIp_4wApdreWkcRkfE4E2g_NkLbjlYunsT0ONZwnmK2xOR72e79cpTWxNzWcMRdkbZAxdQU-Fdd0J06w&o=api&gdpr_consent=undefined&gdpr=0 HTTP/1.1
Host: id5-sync.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://oxy.st/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: 3pi=; id5=e4dbec79-3380-7342-a7fb-4823bec4aef4#1691322338602#1

Response

HTTP/1.1 302

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: id5=e4dbec79-3380-7342-a7fb-4823bec4aef4#1691322338602#2; Max-Age=7776000; Expires=Sat, 04-Nov-2023 11:45:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: 3pi=; Max-Age=7776000; Expires=Sat, 04-Nov-2023 11:45:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cf=; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cip=; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cnac=; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: car=; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gdpr=; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: callback=; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
location: https://rtb-csync.smartadserver.com/redir/?partnerid=111&partneruserid=ID5-90b4IzyLhTB2uxB5HTA9R7DMNqCI9XBuTXTBe2f8mA&redirurl=https%3A%2F%2Fid5-sync.com%2Fc%2F102%2F102%2F7%2F2.gif%3Fpuid%3DSMART_USER_ID%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=
transfer-encoding: chunked
date: Sun, 06 Aug 2023 11:45:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
POST

https://id5-sync.com/g/v2/12.json

chrome.exe

Remote address:

141.95.98.65:443

Request

POST /g/v2/12.json HTTP/1.1
Host: id5-sync.com
Connection: keep-alive
Content-Length: 285
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Content-Type: text/plain
Accept: */*
Origin: https://oxy.st
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://oxy.st/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: 3pi=; id5=e4dbec79-3380-7342-a7fb-4823bec4aef4#1691322338602#2; cf=; cip=; cnac=; car=; gdpr=; callback=

Response

HTTP/1.1 200

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://oxy.st
vary: Origin
access-control-allow-credentials: true
p3p: CP="CAO PSA OUR"
set-cookie: id5=e4dbec79-3380-7342-a7fb-4823bec4aef4#1691322338602#3; Max-Age=7776000; Expires=Sat, 04-Nov-2023 11:45:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Sun, 06 Aug 2023 11:45:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://id5-sync.com/c/102/102/7/2.gif?puid=4881299743354675484&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent=

chrome.exe

Remote address:

141.95.98.65:443

Request

GET /c/102/102/7/2.gif?puid=4881299743354675484&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent= HTTP/1.1
Host: id5-sync.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://oxy.st/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: 3pi=; id5=e4dbec79-3380-7342-a7fb-4823bec4aef4#1691322338602#2; cf=; cip=; cnac=; car=; gdpr=; callback=

Response

HTTP/1.1 302

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: 3pi=102#1691322338885#1150083629; Max-Age=7776000; Expires=Sat, 04-Nov-2023 11:45:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cf=; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cip=; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cnac=; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: car=; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gdpr=; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: callback=; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
location: https://ib.adnxs.com/getuid?https://id5-sync.com/c/102/2/6/3.gif?puid=$UID&gdpr=0&gdpr_consent=
transfer-encoding: chunked
date: Sun, 06 Aug 2023 11:45:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://id5-sync.com/c/102/2/6/3.gif?puid=9110017361650720908&gdpr=0&gdpr_consent=

chrome.exe

Remote address:

141.95.98.65:443

Request

GET /c/102/2/6/3.gif?puid=9110017361650720908&gdpr=0&gdpr_consent= HTTP/1.1
Host: id5-sync.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://oxy.st/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: cf=; cip=; cnac=; car=; gdpr=; callback=; id5=e4dbec79-3380-7342-a7fb-4823bec4aef4#1691322338602#3; 3pi=102#1691322338885#1150083629

Response

HTTP/1.1 302

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: 3pi=2#1691322338963#1074920078#9110017361650720908|102#1691322338885#1150083629; Max-Age=7776000; Expires=Sat, 04-Nov-2023 11:45:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cf=gif; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cip=102; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cnac=5; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: car=4; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gdpr=0|; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: callback=; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:38 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
location: https://match.prod.bidr.io/cookie-sync/id5?us_privacy=
transfer-encoding: chunked
date: Sun, 06 Aug 2023 11:45:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://id5-sync.com/k/155.gif?puid=AADMnU7JnxAAACod0S9mbA&id5AccountNum=155&numCascadesAllowed=9

chrome.exe

Remote address:

141.95.98.65:443

Request

GET /k/155.gif?puid=AADMnU7JnxAAACod0S9mbA&id5AccountNum=155&numCascadesAllowed=9 HTTP/1.1
Host: id5-sync.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://oxy.st/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: callback=; id5=e4dbec79-3380-7342-a7fb-4823bec4aef4#1691322338602#3; 3pi=2#1691322338963#1074920078#9110017361650720908|102#1691322338885#1150083629; cf=gif; cip=102; cnac=5; car=4; gdpr=0|

Response

HTTP/1.1 302

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: 3pi=2#1691322338963#1074920078#9110017361650720908|102#1691322338885#1150083629|155#1691322339629#-377844742#AADMnU7JnxAAACod0S9mbA; Max-Age=7776000; Expires=Sat, 04-Nov-2023 11:45:39 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cf=; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:39 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cip=; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:39 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cnac=; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:39 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: car=; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:39 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gdpr=; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:39 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: callback=; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:39 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
location: https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-90b4IzyLhTB2uxB5HTA9R7DMNqCI9XBuTXTBe2f8mA&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F102%2F3%2F4%2F5.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=
transfer-encoding: chunked
date: Sun, 06 Aug 2023 11:45:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://id5-sync.com/c/102/3/4/5.gif?puid=04e864cf-87e2-4800-bfdc-233cd17c4226&gdpr=0&gdpr_consent=

chrome.exe

Remote address:

141.95.98.65:443

Request

GET /c/102/3/4/5.gif?puid=04e864cf-87e2-4800-bfdc-233cd17c4226&gdpr=0&gdpr_consent= HTTP/1.1
Host: id5-sync.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://oxy.st/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: callback=; id5=e4dbec79-3380-7342-a7fb-4823bec4aef4#1691322338602#3; 3pi=2#1691322338963#1074920078#9110017361650720908|102#1691322338885#1150083629|155#1691322339629#-377844742#AADMnU7JnxAAACod0S9mbA; cf=; cip=; cnac=; car=; gdpr=

Response

HTTP/1.1 302

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: 3pi=2#1691322338963#1074920078#9110017361650720908|3#1691322339711#-1192638279#04e864cf-87e2-4800-bfdc-233cd17c4226|102#1691322338885#1150083629|155#1691322339629#-377844742#AADMnU7JnxAAACod0S9mbA; Max-Age=7776000; Expires=Sat, 04-Nov-2023 11:45:39 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cf=gif; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:39 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cip=102; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:39 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cnac=3; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:39 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: car=6; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:39 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gdpr=0|; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:39 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: callback=; Max-Age=300; Expires=Sun, 06-Aug-2023 11:50:39 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=0&gdpr_consent=
transfer-encoding: chunked
date: Sun, 06 Aug 2023 11:45:39 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
POST

https://id5-sync.com/g/v2/102.json

chrome.exe

Remote address:

141.95.98.65:443

Request

POST /g/v2/102.json HTTP/1.1
Host: id5-sync.com
Connection: keep-alive
Content-Length: 243
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Content-Type: text/plain
Accept: */*
Origin: https://download.oxy.st
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://download.oxy.st/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: callback=; id5=e4dbec79-3380-7342-a7fb-4823bec4aef4#1691322338602#3; 3pi=2#1691322338963#1074920078#9110017361650720908|3#1691322339711#-1192638279#04e864cf-87e2-4800-bfdc-233cd17c4226|102#1691322338885#1150083629|155#1691322339629#-377844742#AADMnU7JnxAAACod0S9mbA; cf=gif; cip=102; cnac=3; car=6; gdpr=0|

Response

HTTP/1.1 200

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://download.oxy.st
vary: Origin
access-control-allow-credentials: true
p3p: CP="CAO PSA OUR"
set-cookie: id5=e4dbec79-3380-7342-a7fb-4823bec4aef4#1691322338602#4; Max-Age=7776000; Expires=Sat, 04-Nov-2023 11:45:40 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Sun, 06 Aug 2023 11:45:40 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
POST

https://id5-sync.com/g/v2/12.json

chrome.exe

Remote address:

141.95.98.65:443

Request

POST /g/v2/12.json HTTP/1.1
Host: id5-sync.com
Connection: keep-alive
Content-Length: 386
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Content-Type: text/plain
Accept: */*
Origin: https://download.oxy.st
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://download.oxy.st/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: callback=; 3pi=2#1691322338963#1074920078#9110017361650720908|3#1691322339711#-1192638279#04e864cf-87e2-4800-bfdc-233cd17c4226|102#1691322338885#1150083629|155#1691322339629#-377844742#AADMnU7JnxAAACod0S9mbA; cf=gif; cip=102; cnac=3; car=6; gdpr=0|; id5=e4dbec79-3380-7342-a7fb-4823bec4aef4#1691322338602#4

Response

HTTP/1.1 200

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://download.oxy.st
vary: Origin
access-control-allow-credentials: true
p3p: CP="CAO PSA OUR"
set-cookie: id5=e4dbec79-3380-7342-a7fb-4823bec4aef4#1691322338602#5; Max-Age=7776000; Expires=Sat, 04-Nov-2023 11:45:40 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Sun, 06 Aug 2023 11:45:40 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
OPTIONS

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1

chrome.exe

Remote address:

178.250.7.13:443

Request

OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1 HTTP/2.0
host: gum.criteo.com
accept: */*
access-control-request-method: GET
access-control-request-headers: content-type
origin: https://oxy.st
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
date: Sun, 06 Aug 2023 11:45:37 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://oxy.st
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 195083
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
OPTIONS

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fdownload.oxy.st%2F&domain=download.oxy.st&bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA&cw=1&lsw=1

chrome.exe

Remote address:

178.250.7.13:443

Request

OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Fdownload.oxy.st%2F&domain=download.oxy.st&bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA&cw=1&lsw=1 HTTP/2.0
host: gum.criteo.com
accept: */*
access-control-request-method: GET
access-control-request-headers: content-type
origin: https://download.oxy.st
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://download.oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
date: Sun, 06 Aug 2023 11:45:40 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://download.oxy.st
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 201849
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
POST

https://id5-sync.com/api/config/prebid

chrome.exe

Remote address:

141.95.98.65:443

Request

POST /api/config/prebid HTTP/1.1
Host: id5-sync.com
Connection: keep-alive
Content-Length: 95
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Content-Type: text/plain
Accept: */*
Origin: https://oxy.st
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://oxy.st/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://oxy.st
vary: Origin
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Sun, 06 Aug 2023 11:45:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
POST

https://id5-sync.com/api/config/prebid

chrome.exe

Remote address:

141.95.98.65:443

Request

POST /api/config/prebid HTTP/1.1
Host: id5-sync.com
Connection: keep-alive
Content-Length: 95
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Content-Type: text/plain
Accept: */*
Origin: https://download.oxy.st
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://download.oxy.st/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://download.oxy.st
vary: Origin
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Sun, 06 Aug 2023 11:45:40 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
DNS

rules.quantcount.com

chrome.exe

Remote address:

8.8.8.8:53

Request

rules.quantcount.com

IN A

Response

rules.quantcount.com

IN CNAME

d2fashanjl7d9f.cloudfront.net

d2fashanjl7d9f.cloudfront.net

IN A

18.65.39.81

d2fashanjl7d9f.cloudfront.net

IN A

18.65.39.30

d2fashanjl7d9f.cloudfront.net

IN A

18.65.39.9

d2fashanjl7d9f.cloudfront.net

IN A

18.65.39.99
GET

https://rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js

chrome.exe

Remote address:

18.65.39.81:443

Request

GET /rules-p-6Fv0cGNfc_bw8.js HTTP/2.0
host: rules.quantcount.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
last-modified: Thu, 13 Oct 2022 22:35:53 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: gzip
date: Sun, 06 Aug 2023 11:08:07 GMT
cache-control: max-age=3600
etag: W/"1f431dc94c1f033d6666f0fe637e2d7b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 74511018c757716e70d811d8214e45e0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: Agiyfil1d6OkSwvzMsGFhqRVJy1DRbAgVho6oPv3OzZvG3aKK0eU-g==
age: 2252
DNS

lb.eu-1-id5-sync.com

chrome.exe

Remote address:

8.8.8.8:53

Request

lb.eu-1-id5-sync.com

IN A

Response

lb.eu-1-id5-sync.com

IN A

162.19.138.82

lb.eu-1-id5-sync.com

IN A

162.19.138.117

lb.eu-1-id5-sync.com

IN A

162.19.138.118

lb.eu-1-id5-sync.com

IN A

141.95.98.64

lb.eu-1-id5-sync.com

IN A

162.19.138.119

lb.eu-1-id5-sync.com

IN A

162.19.138.120

lb.eu-1-id5-sync.com

IN A

141.95.33.111

lb.eu-1-id5-sync.com

IN A

162.19.138.116

lb.eu-1-id5-sync.com

IN A

141.95.98.65

lb.eu-1-id5-sync.com

IN A

162.19.138.83
DNS

rtb-csync.smartadserver.com

chrome.exe

Remote address:

8.8.8.8:53

Request

rtb-csync.smartadserver.com

IN A

Response

rtb-csync.smartadserver.com

IN CNAME

rtb-csync-geo.usersync-prod-sas.akadns.net

rtb-csync-geo.usersync-prod-sas.akadns.net

IN CNAME

rtb-csync-itx5.smartadserver.com

rtb-csync-itx5.smartadserver.com

IN A

185.86.138.152

rtb-csync-itx5.smartadserver.com

IN A

185.86.138.151

rtb-csync-itx5.smartadserver.com

IN A

185.86.138.155

rtb-csync-itx5.smartadserver.com

IN A

185.86.138.153

rtb-csync-itx5.smartadserver.com

IN A

185.86.138.150

rtb-csync-itx5.smartadserver.com

IN A

185.86.138.154
DNS

s.cpx.to

chrome.exe

Remote address:

8.8.8.8:53

Request

s.cpx.to

IN A

Response

s.cpx.to

IN CNAME

k8s-pixelserver-d81fc9cec3-210993491.eu-west-1.elb.amazonaws.com

k8s-pixelserver-d81fc9cec3-210993491.eu-west-1.elb.amazonaws.com

IN A

52.211.252.101

k8s-pixelserver-d81fc9cec3-210993491.eu-west-1.elb.amazonaws.com

IN A

18.200.218.194
GET

https://lb.eu-1-id5-sync.com/lb/v1

chrome.exe

Remote address:

162.19.138.82:443

Request

GET /lb/v1 HTTP/1.1
Host: lb.eu-1-id5-sync.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Content-Type: text/plain
Accept: */*
Origin: https://oxy.st
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://oxy.st/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://oxy.st
vary: Origin
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Sun, 06 Aug 2023 11:45:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://lb.eu-1-id5-sync.com/lb/v1

chrome.exe

Remote address:

162.19.138.82:443

Request

GET /lb/v1 HTTP/1.1
Host: lb.eu-1-id5-sync.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Content-Type: text/plain
Accept: */*
Origin: https://download.oxy.st
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://download.oxy.st/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://download.oxy.st
vary: Origin
content-type: application/json;charset=UTF-8
transfer-encoding: chunked
date: Sun, 06 Aug 2023 11:45:40 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://rtb-csync.smartadserver.com/redir/?partnerid=111&partneruserid=ID5-90b4IzyLhTB2uxB5HTA9R7DMNqCI9XBuTXTBe2f8mA&redirurl=https%3A%2F%2Fid5-sync.com%2Fc%2F102%2F102%2F7%2F2.gif%3Fpuid%3DSMART_USER_ID%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=

chrome.exe

Remote address:

185.86.138.152:443

Request

GET /redir/?partnerid=111&partneruserid=ID5-90b4IzyLhTB2uxB5HTA9R7DMNqCI9XBuTXTBe2f8mA&redirurl=https%3A%2F%2Fid5-sync.com%2Fc%2F102%2F102%2F7%2F2.gif%3Fpuid%3DSMART_USER_ID%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP/1.1
Host: rtb-csync.smartadserver.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://oxy.st/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

content-length: 0
date: Sun, 06 Aug 2023 11:45:37 GMT
cache-control: no-cache,no-store
location: https://id5-sync.com/c/102/102/7/2.gif?puid=4881299743354675484&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent=
pragma: no-cache
set-cookie: pid=4881299743354675484; expires=Thu, 05 Sep 2024 11:45:38 GMT; domain=smartadserver.com; path=/; SameSite=None; secure
set-cookie: TestIfCookieP=ok; expires=Thu, 05 Sep 2024 11:45:38 GMT; domain=smartadserver.com; path=/; SameSite=None; secure
set-cookie: csync=111:ID5-90b4IzyLhTB2uxB5HTA9R7DMNqCI9XBuTXTBe2f8mA; expires=Tue, 06 Aug 2024 11:45:38 GMT; domain=smartadserver.com; path=/; SameSite=None; secure
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
DNS

pixel.quantserve.com

chrome.exe

Remote address:

8.8.8.8:53

Request

pixel.quantserve.com

IN A

Response

pixel.quantserve.com

IN CNAME

global.px.quantserve.com

global.px.quantserve.com

IN A

192.184.69.252

global.px.quantserve.com

IN A

192.184.69.201

global.px.quantserve.com

IN A

192.184.69.239

global.px.quantserve.com

IN A

192.184.69.215

global.px.quantserve.com

IN A

192.184.69.167
DNS

mwzeom.zeotap.com

chrome.exe

Remote address:

8.8.8.8:53

Request

mwzeom.zeotap.com

IN A

Response

mwzeom.zeotap.com

IN A

104.22.25.87

mwzeom.zeotap.com

IN A

104.22.24.87

mwzeom.zeotap.com

IN A

172.67.13.182
DNS

ajax.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

142.251.36.10
DNS

u.openx.net

chrome.exe

Remote address:

8.8.8.8:53

Request

u.openx.net

IN A

Response

u.openx.net

IN A

34.98.64.218

u.openx.net

IN A

35.244.159.8
DNS

image2.pubmatic.com

chrome.exe

Remote address:

8.8.8.8:53

Request

image2.pubmatic.com

IN A

Response

image2.pubmatic.com

IN CNAME

image2v2.pubmnet.com

image2v2.pubmnet.com

IN CNAME

pug-lhrc.pubmnet.com

pug-lhrc.pubmnet.com

IN A

185.64.190.80
GET

https://ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js

chrome.exe

Remote address:

142.251.36.10:443

Request

GET /ajax/libs/jquery/3.0.0/jquery.min.js HTTP/2.0
host: ajax.googleapis.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID

chrome.exe

Remote address:

185.64.190.80:443

Request

GET /AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID HTTP/2.0
host: image2.pubmatic.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

server: nginx
date: Sun, 06 Aug 2023 11:45:38 GMT
set-cookie: KTPCACOOKIE=true; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 04-Nov-2023 11:45:38 GMT; path=/
location: https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
GET

https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID

chrome.exe

Remote address:

185.64.190.80:443

Request

GET /AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID HTTP/2.0
host: image2.pubmatic.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: KTPCACOOKIE=true

Response

HTTP/2.0 302

server: nginx
date: Sun, 06 Aug 2023 11:45:38 GMT
set-cookie: KADUSERCOOKIE=3672E8E5-B750-46D8-B9F2-BA852BEA9121; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 05-Aug-2024 11:45:38 GMT; path=/
location: https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=3672E8E5-B750-46D8-B9F2-BA852BEA9121
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
GET

https://u.openx.net/w/1.0/cm?id=f0f39a70-2c21-4d5d-af4b-7350637edcd5&r=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3DOPENX%26dsp_uid%3D%7BOPENX_ID%7D

chrome.exe

Remote address:

34.98.64.218:443

Request

GET /w/1.0/cm?id=f0f39a70-2c21-4d5d-af4b-7350637edcd5&r=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3DOPENX%26dsp_uid%3D%7BOPENX_ID%7D HTTP/2.0
host: u.openx.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

adtrack.adleadevent.com

chrome.exe

Remote address:

8.8.8.8:53

Request

adtrack.adleadevent.com

IN A

Response

adtrack.adleadevent.com

IN CNAME

adtrack-php-loadbalancer-vpc-1246401395.eu-west-1.elb.amazonaws.com

adtrack-php-loadbalancer-vpc-1246401395.eu-west-1.elb.amazonaws.com

IN A

52.209.73.195

adtrack-php-loadbalancer-vpc-1246401395.eu-west-1.elb.amazonaws.com

IN A

52.214.118.85
DNS

match.prod.bidr.io

chrome.exe

Remote address:

8.8.8.8:53

Request

match.prod.bidr.io

IN A

Response

match.prod.bidr.io

IN A

54.145.44.246

match.prod.bidr.io

IN A

52.2.41.26

match.prod.bidr.io

IN A

44.193.243.239

match.prod.bidr.io

IN A

52.204.75.117

match.prod.bidr.io

IN A

52.20.6.194

match.prod.bidr.io

IN A

52.71.189.156

match.prod.bidr.io

IN A

3.225.186.40

match.prod.bidr.io

IN A

52.86.159.148
DNS

0.96.114.188.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.96.114.188.in-addr.arpa

IN PTR

Response
DNS

244.134.29.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

244.134.29.185.in-addr.arpa

IN PTR

Response
DNS

244.210.89.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

244.210.89.185.in-addr.arpa

IN PTR

Response

244.210.89.185.in-addr.arpa

IN PTR

946bm-nginx-loadbalancermgmtams3adnexusnet
DNS

80.162.19.213.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.162.19.213.in-addr.arpa

IN PTR

Response
DNS

198.40.223.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.40.223.52.in-addr.arpa

IN PTR

Response

198.40.223.52.in-addr.arpa

IN PTR

a6370ebea231e0c9aawsglobalacceleratorcom
DNS

102.139.86.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

102.139.86.185.in-addr.arpa

IN PTR

Response
DNS

110.113.36.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

110.113.36.104.in-addr.arpa

IN PTR

Response
DNS

146.60.190.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.60.190.35.in-addr.arpa

IN PTR

Response

146.60.190.35.in-addr.arpa

IN PTR

1466019035bcgoogleusercontentcom
DNS

90.162.19.213.in-addr.arpa

Remote address:

8.8.8.8:53

Request

90.162.19.213.in-addr.arpa

IN PTR

Response
DNS

130.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

130.179.250.142.in-addr.arpa

IN PTR

Response

130.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f21e100net
DNS

104.155.46.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.155.46.52.in-addr.arpa

IN PTR

Response
DNS

130.21.122.176.in-addr.arpa

Remote address:

8.8.8.8:53

Request

130.21.122.176.in-addr.arpa

IN PTR

Response
DNS

65.98.95.141.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.98.95.141.in-addr.arpa

IN PTR

Response

65.98.95.141.in-addr.arpa

IN PTR

ns3216659ip-141-95-98eu
DNS

226.21.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.21.18.104.in-addr.arpa

IN PTR

Response
DNS

10.218.225.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.218.225.3.in-addr.arpa

IN PTR

Response

10.218.225.3.in-addr.arpa

IN PTR

ec2-3-225-218-10 compute-1 amazonawscom
DNS

112.211.227.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

112.211.227.13.in-addr.arpa

IN PTR

Response

112.211.227.13.in-addr.arpa

IN PTR

server-13-227-211-112ams54r cloudfrontnet
DNS

172.178.211.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.178.211.35.in-addr.arpa

IN PTR

Response

172.178.211.35.in-addr.arpa

IN PTR

17217821135bcgoogleusercontentcom
DNS

81.39.65.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.39.65.18.in-addr.arpa

IN PTR

Response

81.39.65.18.in-addr.arpa

IN PTR

server-18-65-39-81ams1r cloudfrontnet
DNS

101.15.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

101.15.18.104.in-addr.arpa

IN PTR

Response
DNS

82.138.19.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

82.138.19.162.in-addr.arpa

IN PTR

Response

82.138.19.162.in-addr.arpa

IN PTR

ns31532337 ip-162-19-138eu
DNS

152.138.86.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

152.138.86.185.in-addr.arpa

IN PTR

Response
DNS

101.252.211.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

101.252.211.52.in-addr.arpa

IN PTR

Response

101.252.211.52.in-addr.arpa

IN PTR

ec2-52-211-252-101 eu-west-1compute amazonawscom
DNS

218.64.98.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

218.64.98.34.in-addr.arpa

IN PTR

Response

218.64.98.34.in-addr.arpa

IN PTR

218649834bcgoogleusercontentcom
DNS

10.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.36.251.142.in-addr.arpa

IN PTR

Response

10.36.251.142.in-addr.arpa

IN PTR

ams15s44-in-f101e100net
DNS

80.190.64.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

80.190.64.185.in-addr.arpa

IN PTR

Response
DNS

download.oxy.st

chrome.exe

Remote address:

8.8.8.8:53

Request

download.oxy.st

IN A

Response

download.oxy.st

IN A

185.178.208.137
GET

https://download.oxy.st/d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986 HTTP/2.0
host: download.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: cto_bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA
cookie: cto_bidid=s0QaY18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FTTlLUDIlMkJBQ3I2U0VpOTBMJTJGbXE2M1ElM0QlM0Q
cookie: __qca=P0-1169537539-1691322337809

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Aug 2023 11:45:40 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
content-encoding: gzip
GET

https://download.oxy.st/slake/asset/css/bootstrap.min.css

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/css/bootstrap.min.css HTTP/2.0
host: download.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://download.oxy.st/d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: cto_bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA
cookie: cto_bidid=s0QaY18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FTTlLUDIlMkJBQ3I2U0VpOTBMJTJGbXE2M1ElM0QlM0Q
cookie: __qca=P0-1169537539-1691322337809

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 01 Aug 2023 12:14:27 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-2fbea"
age: 430273
content-length: 24208
ddg-cache-status: HIT
GET

https://download.oxy.st/slake/asset/css/jquery.mCustomScrollbar.min.css

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/css/jquery.mCustomScrollbar.min.css HTTP/2.0
host: download.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://download.oxy.st/d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: cto_bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA
cookie: cto_bidid=s0QaY18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FTTlLUDIlMkJBQ3I2U0VpOTBMJTJGbXE2M1ElM0QlM0Q
cookie: __qca=P0-1169537539-1691322337809

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 30 Jul 2023 22:59:33 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-1538e"
age: 564367
content-length: 30285
ddg-cache-status: HIT
GET

https://download.oxy.st/slake/asset/css/elements.css?1

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/css/elements.css?1 HTTP/2.0
host: download.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://download.oxy.st/d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: cto_bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA
cookie: cto_bidid=s0QaY18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FTTlLUDIlMkJBQ3I2U0VpOTBMJTJGbXE2M1ElM0QlM0Q
cookie: __qca=P0-1169537539-1691322337809

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 27 Jul 2023 20:35:06 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-a78e"
age: 832234
content-length: 3950
ddg-cache-status: HIT
GET

https://download.oxy.st/slake/style.css?ver=6

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/style.css?ver=6 HTTP/2.0
host: download.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://download.oxy.st/d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: cto_bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA
cookie: cto_bidid=s0QaY18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FTTlLUDIlMkJBQ3I2U0VpOTBMJTJGbXE2M1ElM0QlM0Q
cookie: __qca=P0-1169537539-1691322337809

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 28 Jul 2023 12:47:16 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 22:27:36 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefded8-135c7"
age: 773904
content-length: 11872
ddg-cache-status: HIT
GET

https://download.oxy.st/slake/cookie.css?ver=6

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/cookie.css?ver=6 HTTP/2.0
host: download.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://download.oxy.st/d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: cto_bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA
cookie: cto_bidid=s0QaY18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FTTlLUDIlMkJBQ3I2U0VpOTBMJTJGbXE2M1ElM0QlM0Q
cookie: __qca=P0-1169537539-1691322337809

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 27 Jul 2023 20:09:13 GMT
content-type: text/css
last-modified: Fri, 18 Dec 2020 20:37:06 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5fdd12f2-2a549"
age: 833787
content-length: 24360
ddg-cache-status: HIT
GET

https://download.oxy.st/slake/responsive.css?ver=5

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/responsive.css?ver=5 HTTP/2.0
host: download.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://download.oxy.st/d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: cto_bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA
cookie: cto_bidid=s0QaY18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FTTlLUDIlMkJBQ3I2U0VpOTBMJTJGbXE2M1ElM0QlM0Q
cookie: __qca=P0-1169537539-1691322337809

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 28 Jul 2023 22:49:55 GMT
content-type: text/css
last-modified: Mon, 15 Feb 2021 21:38:28 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "602ae9d4-224"
age: 737745
content-length: 299
ddg-cache-status: HIT
GET

https://download.oxy.st/slake/asset/js/jquery.min.js

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/js/jquery.min.js HTTP/2.0
host: download.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://download.oxy.st/d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: cto_bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA
cookie: cto_bidid=s0QaY18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FTTlLUDIlMkJBQ3I2U0VpOTBMJTJGbXE2M1ElM0QlM0Q
cookie: __qca=P0-1169537539-1691322337809

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 30 Jul 2023 10:08:58 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-235ed"
age: 610602
content-length: 20483
ddg-cache-status: HIT
GET

https://download.oxy.st/js/jquery.cookie.min.js

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /js/jquery.cookie.min.js HTTP/2.0
host: download.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://download.oxy.st/d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: cto_bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA
cookie: cto_bidid=s0QaY18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FTTlLUDIlMkJBQ3I2U0VpOTBMJTJGbXE2M1ElM0QlM0Q
cookie: __qca=P0-1169537539-1691322337809

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Aug 2023 10:46:22 GMT
content-type: application/javascript
last-modified: Tue, 20 Jun 2023 20:47:54 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "6492107a-908"
age: 3558
content-length: 1139
ddg-cache-status: HIT
GET

https://download.oxy.st/css/cloud.css

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /css/cloud.css HTTP/2.0
host: download.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://download.oxy.st/d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: cto_bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA
cookie: cto_bidid=s0QaY18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FTTlLUDIlMkJBQ3I2U0VpOTBMJTJGbXE2M1ElM0QlM0Q
cookie: __qca=P0-1169537539-1691322337809

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 30 Jul 2023 12:59:42 GMT
content-type: text/css
last-modified: Sun, 21 Jun 2020 20:10:25 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb1-d024"
age: 600358
content-length: 9206
ddg-cache-status: HIT
GET

https://download.oxy.st/js/download2.js

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /js/download2.js HTTP/2.0
host: download.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://download.oxy.st/d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: cto_bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA
cookie: cto_bidid=s0QaY18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FTTlLUDIlMkJBQ3I2U0VpOTBMJTJGbXE2M1ElM0QlM0Q
cookie: __qca=P0-1169537539-1691322337809
cookie: __b22_=-1324136025

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 05 Aug 2023 05:53:44 GMT
content-type: application/javascript
last-modified: Fri, 26 Jun 2020 14:46:15 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5ef60a37-e1b"
age: 107516
content-length: 1743
ddg-cache-status: HIT
GET

https://download.oxy.st/slake/asset/js/bootstrap.min.js

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/js/bootstrap.min.js HTTP/2.0
host: download.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://download.oxy.st/d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: cto_bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA
cookie: cto_bidid=s0QaY18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FTTlLUDIlMkJBQ3I2U0VpOTBMJTJGbXE2M1ElM0QlM0Q
cookie: __qca=P0-1169537539-1691322337809
cookie: __b22_=-1324136025

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 30 Jul 2023 10:22:41 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-bf30"
age: 609779
content-length: 13046
ddg-cache-status: HIT
GET

https://download.oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/js/jquery.mCustomScrollbar.concat.min.js HTTP/2.0
host: download.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://download.oxy.st/d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: cto_bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA
cookie: cto_bidid=s0QaY18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FTTlLUDIlMkJBQ3I2U0VpOTBMJTJGbXE2M1ElM0QlM0Q
cookie: __qca=P0-1169537539-1691322337809
cookie: __b22_=-1324136025

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 30 Jul 2023 19:01:46 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-595"
age: 578634
content-length: 635
ddg-cache-status: HIT
GET

https://download.oxy.st/slake/asset/js/plugins.js

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/js/plugins.js HTTP/2.0
host: download.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://download.oxy.st/d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: cto_bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA
cookie: cto_bidid=s0QaY18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FTTlLUDIlMkJBQ3I2U0VpOTBMJTJGbXE2M1ElM0QlM0Q
cookie: __qca=P0-1169537539-1691322337809
cookie: __b22_=-1324136025

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 05 Aug 2023 15:19:33 GMT
content-type: image/svg+xml
last-modified: Wed, 17 Feb 2021 01:25:02 GMT
vary: Accept-Encoding
etag: W/"602c706e-2019"
access-control-allow-origin: *
content-encoding: gzip
age: 73567
content-length: 3204
ddg-cache-status: HIT
GET

https://download.oxy.st/slake/asset/js/main.js

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/js/main.js HTTP/2.0
host: download.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://download.oxy.st/d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: cto_bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA
cookie: cto_bidid=s0QaY18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FTTlLUDIlMkJBQ3I2U0VpOTBMJTJGbXE2M1ElM0QlM0Q
cookie: __qca=P0-1169537539-1691322337809
cookie: __b22_=-1324136025

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 30 Jul 2023 18:37:27 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-b1ab"
age: 580093
content-length: 12929
ddg-cache-status: HIT
GET

https://download.oxy.st/slake/asset/js/ajax-mail.js

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/js/ajax-mail.js HTTP/2.0
host: download.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://download.oxy.st/d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: cto_bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA
cookie: cto_bidid=s0QaY18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FTTlLUDIlMkJBQ3I2U0VpOTBMJTJGbXE2M1ElM0QlM0Q
cookie: __qca=P0-1169537539-1691322337809
cookie: __b22_=-1324136025

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 28 Jul 2023 13:25:01 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-683"
age: 771639
content-length: 544
ddg-cache-status: HIT
GET

https://download.oxy.st/slake/asset/js/ajax-subscribe.js

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/js/ajax-subscribe.js HTTP/2.0
host: download.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://download.oxy.st/d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: cto_bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA
cookie: cto_bidid=s0QaY18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FTTlLUDIlMkJBQ3I2U0VpOTBMJTJGbXE2M1ElM0QlM0Q
cookie: __qca=P0-1169537539-1691322337809
cookie: __b22_=-1324136025

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 28 Jul 2023 19:14:51 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-2210"
age: 750649
content-length: 1840
ddg-cache-status: HIT
GET

https://download.oxy.st/img/oxy-logo.svg

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /img/oxy-logo.svg HTTP/2.0
host: download.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://download.oxy.st/d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: cto_bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA
cookie: cto_bidid=s0QaY18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FTTlLUDIlMkJBQ3I2U0VpOTBMJTJGbXE2M1ElM0QlM0Q
cookie: __qca=P0-1169537539-1691322337809
cookie: __b22_=-1324136025

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 30 Jul 2023 17:27:43 GMT
content-type: application/javascript
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
vary: Accept-Encoding
access-control-allow-origin: *
content-encoding: gzip
etag: "5eefbeb2-52d51"
age: 584277
content-length: 90933
ddg-cache-status: HIT
GET

https://download.oxy.st/slake/asset/slice_white.png

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/slice_white.png HTTP/2.0
host: download.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://download.oxy.st/d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: cto_bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA
cookie: cto_bidid=s0QaY18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FTTlLUDIlMkJBQ3I2U0VpOTBMJTJGbXE2M1ElM0QlM0Q
cookie: __qca=P0-1169537539-1691322337809
cookie: __b22_=-1324136025

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 28 Jul 2023 12:20:03 GMT
content-type: image/png
content-length: 6078
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
etag: "5eefbeb2-17be"
access-control-allow-origin: *
accept-ranges: bytes
age: 775537
ddg-cache-status: HIT
GET

https://download.oxy.st/images/sprite3.png

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /images/sprite3.png HTTP/2.0
host: download.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://download.oxy.st/d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: cto_bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA
cookie: cto_bidid=s0QaY18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FTTlLUDIlMkJBQ3I2U0VpOTBMJTJGbXE2M1ElM0QlM0Q
cookie: __qca=P0-1169537539-1691322337809
cookie: __b22_=-1324136025

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Fri, 04 Aug 2023 16:16:55 GMT
content-type: image/png
content-length: 2059
last-modified: Sun, 27 Mar 2022 20:43:28 GMT
access-control-allow-origin: *
accept-ranges: bytes
etag: "6240cc70-80b"
age: 156525
ddg-cache-status: HIT
GET

https://download.oxy.st/images/ltd.svg

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /images/ltd.svg HTTP/2.0
host: download.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://download.oxy.st/d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: cto_bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA
cookie: cto_bidid=s0QaY18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FTTlLUDIlMkJBQ3I2U0VpOTBMJTJGbXE2M1ElM0QlM0Q
cookie: __qca=P0-1169537539-1691322337809
cookie: __b22_=-1324136025

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Tue, 01 Aug 2023 13:13:58 GMT
content-type: image/svg+xml
last-modified: Fri, 20 Nov 2020 00:55:29 GMT
vary: Accept-Encoding
etag: W/"5fb71401-c420"
access-control-allow-origin: *
content-encoding: gzip
age: 426702
content-length: 19700
ddg-cache-status: HIT
GET

https://download.oxy.st/slake/asset/img/bg/flake-slider-header.jpg

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/img/bg/flake-slider-header.jpg HTTP/2.0
host: download.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://download.oxy.st/d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: cto_bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA
cookie: cto_bidid=s0QaY18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FTTlLUDIlMkJBQ3I2U0VpOTBMJTJGbXE2M1ElM0QlM0Q
cookie: __qca=P0-1169537539-1691322337809
cookie: __b22_=-1324136025
cookie: session_depth=download.oxy.st%3D1%7C468178560%3D1

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Aug 2023 11:19:49 GMT
content-type: image/jpeg
content-length: 31870
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
access-control-allow-origin: *
accept-ranges: bytes
etag: "5eefbeb2-7c7e"
age: 1551
ddg-cache-status: HIT
GET

https://download.oxy.st/slake/asset/fonts/themify--fvbane.woff

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/fonts/themify--fvbane.woff HTTP/2.0
host: download.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://download.oxy.st
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://download.oxy.st/slake/asset/css/elements.css?1
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: cto_bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA
cookie: cto_bidid=s0QaY18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FTTlLUDIlMkJBQ3I2U0VpOTBMJTJGbXE2M1ElM0QlM0Q
cookie: __qca=P0-1169537539-1691322337809
cookie: __b22_=-1324136025
cookie: session_depth=download.oxy.st%3D1%7C468178560%3D1

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 03 Aug 2023 11:25:12 GMT
content-type: font/woff
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
etag: W/"5eefbeb2-db2c"
access-control-allow-origin: *
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
age: 260428
content-length: 34487
ddg-cache-status: HIT
GET

https://download.oxy.st/slake/asset/img/bg/footer-bg.png

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/img/bg/footer-bg.png HTTP/2.0
host: download.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://download.oxy.st/slake/style.css?ver=6
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: cto_bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA
cookie: cto_bidid=s0QaY18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FTTlLUDIlMkJBQ3I2U0VpOTBMJTJGbXE2M1ElM0QlM0Q
cookie: __qca=P0-1169537539-1691322337809
cookie: __b22_=-1324136025
cookie: session_depth=download.oxy.st%3D1%7C468178560%3D1

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Thu, 27 Jul 2023 14:41:12 GMT
content-type: image/png
content-length: 74560
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
etag: "5eefbeb2-12340"
access-control-allow-origin: *
accept-ranges: bytes
age: 853468
ddg-cache-status: HIT
GET

https://download.oxy.st/slake/asset/img/favicon/favicon.ico

chrome.exe

Remote address:

185.178.208.137:443

Request

GET /slake/asset/img/favicon/favicon.ico HTTP/2.0
host: download.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://download.oxy.st/d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: __qca=P0-1169537539-1691322337809
cookie: __b22_=-1324136025
cookie: session_depth=download.oxy.st%3D1%7C468178560%3D1
cookie: _pbjs_userid_consent_data=3524755945110770
cookie: cto_bundle=UiSm8F9WdjdVcW1YRjI3SWwzaVdScVZXaHRpS3RyemRZSFJDNGYzZHJidDFnY0RTVEw5WCUyRiUyQlUyWSUyQkw2cGtIa0FicFM4V1p0UFlreFlFUWtBaVZDRlB1OE52MjFEWlBPbEFVSnhXU0olMkJVMHRKMVNNJTNE
cookie: cto_bidid=S-W9o18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FazlHOFI2U3FCemJ2Z2dOWXAzSW1xZyUzRCUzRA

Response

HTTP/2.0 200

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sat, 29 Jul 2023 14:29:12 GMT
content-type: image/x-icon
last-modified: Sun, 21 Jun 2020 20:10:26 GMT
access-control-allow-origin: *
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
etag: "5eefbeb2-7ca"
age: 681389
content-length: 2017
ddg-cache-status: HIT
POST

https://download.oxy.st/get/7714ce0cf6036568d42a5b8ca1a807d1/nl_gui.rar

chrome.exe

Remote address:

185.178.208.137:443

Request

POST /get/7714ce0cf6036568d42a5b8ca1a807d1/nl_gui.rar HTTP/2.0
host: download.oxy.st
content-length: 0
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://download.oxy.st
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://download.oxy.st/d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: __ddg1_=NxdmwTp9GbTCZt46UH5L
cookie: PHPSESSID=6ttdbplcjebi802c7vmnja3lr1
cookie: sharedid=105553b5-8ab3-4f78-8dcf-3d2aa849469b
cookie: __qca=P0-1169537539-1691322337809
cookie: __b22_=-1324136025
cookie: session_depth=download.oxy.st%3D1%7C468178560%3D1
cookie: _pbjs_userid_consent_data=3524755945110770
cookie: cto_bundle=UiSm8F9WdjdVcW1YRjI3SWwzaVdScVZXaHRpS3RyemRZSFJDNGYzZHJidDFnY0RTVEw5WCUyRiUyQlUyWSUyQkw2cGtIa0FicFM4V1p0UFlreFlFUWtBaVZDRlB1OE52MjFEWlBPbEFVSnhXU0olMkJVMHRKMVNNJTNE
cookie: cto_bidid=S-W9o18wb2ZtbmlGVEg1MjZ4clZZdTBXMWtLRTA2bHBDRWN1YkM5Q3FmUjN1amFtNWl1TFBZZDdHR0pnUG9aTlcwY21FazlHOFI2U3FCemJ2Z2dOWXAzSW1xZyUzRCUzRA

Response

HTTP/2.0 302

server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Aug 2023 11:45:43 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
location: https://s1.oxy.st/get.php?cg=czozMjoiNDNmMmE4ODQ1NjQ4ODM1MWU3OTA0MGM3Yzg4NDY5MjMiOw%2C%2C&n=czoxMDoibmwgZ3VpLnJhciI7&c=czo2NDoiMmEwN2JkNTQzZjdjNTYwMmY1YTY3YTZkMDViYzMxZGNmNGQ4ODE1ZjM2ZDVjZDJiZTI2OGIwODNjOWMwYzgyYyI7&t=1691322343
access-control-allow-origin: *
content-encoding: br
vary: Accept-Encoding
DNS

195.73.209.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.73.209.52.in-addr.arpa

IN PTR

Response

195.73.209.52.in-addr.arpa

IN PTR

ec2-52-209-73-195 eu-west-1compute amazonawscom
DNS

246.44.145.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

246.44.145.54.in-addr.arpa

IN PTR

Response

246.44.145.54.in-addr.arpa

IN PTR

ec2-54-145-44-246 compute-1 amazonawscom
DNS

s1.oxy.st

chrome.exe

Remote address:

8.8.8.8:53

Request

s1.oxy.st

IN A

Response

s1.oxy.st

IN A

104.21.234.182

s1.oxy.st

IN A

104.21.234.183
GET

https://s1.oxy.st/get.php?cg=czozMjoiNDNmMmE4ODQ1NjQ4ODM1MWU3OTA0MGM3Yzg4NDY5MjMiOw%2C%2C&n=czoxMDoibmwgZ3VpLnJhciI7&c=czo2NDoiMmEwN2JkNTQzZjdjNTYwMmY1YTY3YTZkMDViYzMxZGNmNGQ4ODE1ZjM2ZDVjZDJiZTI2OGIwODNjOWMwYzgyYyI7&t=1691322343

chrome.exe

Remote address:

104.21.234.182:443

Request

GET /get.php?cg=czozMjoiNDNmMmE4ODQ1NjQ4ODM1MWU3OTA0MGM3Yzg4NDY5MjMiOw%2C%2C&n=czoxMDoibmwgZ3VpLnJhciI7&c=czo2NDoiMmEwN2JkNTQzZjdjNTYwMmY1YTY3YTZkMDViYzMxZGNmNGQ4ODE1ZjM2ZDVjZDJiZTI2OGIwODNjOWMwYzgyYyI7&t=1691322343 HTTP/2.0
host: s1.oxy.st
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://download.oxy.st
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://download.oxy.st/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 06 Aug 2023 11:45:43 GMT
content-type: application/octet-stream
content-length: 46176226
content-description: File Transfer
content-disposition: attachment; filename=nl gui.rar
content-transfer-encoding: binary
expires: 0
cache-control: must-revalidate, post-check=0, pre-check=0
pragma: public
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zacstZm%2B%2BcaB%2FIIepihUX3w1bqwPzKjJo4sxpIhuWIP7TUyeJz4gyVO1z9FKSmmpEOMeLu6X3D1HNg0fA155wqakrEgS0qX3lEnkKuOdG82EYg%2BFyDv6oA1UXAU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7f27090849e8b97b-AMS
alt-svc: h3=":443"; ma=86400
DNS

182.234.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

182.234.21.104.in-addr.arpa

IN PTR

Response
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
DNS

9.57.101.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.57.101.20.in-addr.arpa

IN PTR

Response
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

192.178.49.3
DNS

9.179.89.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.179.89.13.in-addr.arpa

IN PTR

Response
DNS

3.49.178.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.49.178.192.in-addr.arpa

IN PTR

Response

3.49.178.192.in-addr.arpa

IN PTR

phx18s08-in-f31e100net

104.21.70.24:80

http://oxy.name/d/eKTf

http

chrome.exe

751 B
948 B
7
6

HTTP Request

GET http://oxy.name/d/eKTf

HTTP Response

301
104.21.70.24:80

oxy.name

chrome.exe

190 B
132 B
4
3
104.21.70.24:443

https://oxy.name/d/eKTf

tls, http2

chrome.exe

1.8kB
5.9kB
14
14

HTTP Request

GET https://oxy.name/d/eKTf

HTTP Response

301
185.178.208.137:443

https://oxy.st/slake/asset/img/favicon/favicon.ico

tls, http2

chrome.exe

14.9kB
448.7kB
249
353

HTTP Request

GET https://oxy.st/d/eKTf

HTTP Response

200

HTTP Request

GET https://oxy.st/slake/asset/css/bootstrap.min.css

HTTP Request

GET https://oxy.st/slake/asset/css/jquery.mCustomScrollbar.min.css

HTTP Request

GET https://oxy.st/slake/asset/css/elements.css?1

HTTP Request

GET https://oxy.st/slake/style.css?ver=6

HTTP Request

GET https://oxy.st/slake/cookie.css?ver=6

HTTP Request

GET https://oxy.st/slake/responsive.css?ver=5

HTTP Request

GET https://oxy.st/slake/asset/js/jquery.min.js

HTTP Request

GET https://oxy.st/js/jquery.cookie.min.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://oxy.st/css/cloud.css

HTTP Response

200

HTTP Request

GET https://oxy.st/slake/asset/js/bootstrap.min.js

HTTP Request

GET https://oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js

HTTP Request

GET https://oxy.st/slake/asset/js/plugins.js

HTTP Request

GET https://oxy.st/slake/asset/js/main.js

HTTP Request

GET https://oxy.st/slake/asset/js/ajax-mail.js

HTTP Request

GET https://oxy.st/slake/asset/js/ajax-subscribe.js

HTTP Request

GET https://oxy.st/img/oxy-logo.svg

HTTP Request

GET https://oxy.st/slake/asset/slice_white.png

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://oxy.st/images/sprite3.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://oxy.st/images/ltd.svg

HTTP Request

GET https://oxy.st/slake/asset/img/bg/flake-slider-header.jpg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://oxy.st/slake/asset/fonts/themify--fvbane.woff

HTTP Response

200

HTTP Request

GET https://oxy.st/slake/asset/img/bg/footer-bg.png

HTTP Response

200

HTTP Request

GET https://oxy.st/slake/asset/img/favicon/favicon.ico

HTTP Response

200
84.53.175.19:80

http://apps.identrust.com/roots/dstrootcax3.p7c

http

chrome.exe

468 B
1.7kB
7
6

HTTP Request

GET http://apps.identrust.com/roots/dstrootcax3.p7c

HTTP Response

200
104.85.0.23:443

https://contextual.media.net/smtr?&Bs=xq84Uxch_ZMm6YqWKc%24RW&kkdd=u3%7Ch%7CAu9nH3*&oq=23G2d00ddJ2J3T2G2Jb&j4kX=2&_KkY=b&6KBm=V02J&Bq4=Du7JEu2Rt&BkB4=1K9ibbQL2MsYiM3LOphlo1%3D%3D&BXq4=T3D2JDR3b&KqNm=dbbz0Rb&BB=ZV&F66kK=2&XmOAXW=F66kK%3A%2F%2F4Ux8WUY4cUzPcK6%2F4%2Fmi(I%2F0%2FDDGRTBG3Ib4JdmmDY043RJBRbIm0mGD3&!xXI=F66kK%3A%2F%2FUzPcK6&m!xXI=xJJlC%3ALL_)RcCJ&8Km=R&Aj4=T&_BI=TbJ3D&kjq4=k2JJTJd0Dd60b0dbDb322TR&8s=2

tls, http2

chrome.exe

3.7kB
53.5kB
37
61

HTTP Request

GET https://contextual.media.net/dmedianet.js?cid=8CU7BC15F

HTTP Response

200

HTTP Request

GET https://contextual.media.net/smtr?&4y=mLR-9mABwFpfZkL83A%24*8&kkdd=A3%7Cu%7C93nH*A&44=Fi&QL=)Co)sxxss~x)CEc)oCl&O-Dh=)&w3Dk=E&Z34f=ix)~&4L-=l6I~_6)*N&4D4-=.3tzEEjM)pykzpCMVHB0Q.%3D%3D&4hL-=cCl)~l*CE&3LKf=sEE2x*E&rZZD3=)&hfV!h8=rZZD3%3A%2F%2F92bA3Z%2F-%2FfzXe&R3f=*&!O-=c&w4e=cE~Cl&DOL-=DEcEc)E~sxsZxExsElEC))c*&Ry=)

HTTP Request

GET https://contextual.media.net/checksync.php?&gdpr=1&usp_status=0&ckdel=1&cs=2&cv=31&cid=8CU7BC15F&https=1&itype=CM

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://contextual.media.net/smtr?&Bs=xq84Uxch_ZMm6YqWKc%24RW&kkdd=u3%7Ch%7CAu9nH3*&oq=23G2d00ddJ2J3T2G2Jb&j4kX=2&_KkY=b&6KBm=V02J&Bq4=Du7JEu2Rt&BkB4=1K9ibbQL2MsYiM3LOphlo1%3D%3D&BXq4=T3D2JDR3b&KqNm=dbbz0Rb&BB=ZV&F66kK=2&XmOAXW=F66kK%3A%2F%2F4Ux8WUY4cUzPcK6%2F4%2Fmi(I%2F0%2FDDGRTBG3Ib4JdmmDY043RJBRbIm0mGD3&!xXI=F66kK%3A%2F%2FUzPcK6&m!xXI=xJJlC%3ALL_)RcCJ&8Km=R&Aj4=T&_BI=TbJ3D&kjq4=k2JJTJd0Dd60b0dbDb322TR&8s=2

HTTP Response

200
88.208.46.156:443

wishesen.com

tls

chrome.exe

1.9kB
14.5kB
15
18
143.244.42.32:443

ads.themoneytizer.com

tls, http2

chrome.exe

1.1kB
5.9kB
11
12
143.244.42.32:443

https://ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=28

tls, http2

chrome.exe

6.5kB
241.4kB
112
191

HTTP Request

GET https://ads.themoneytizer.com/s/gen.js?type=2

HTTP Request

GET https://ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=2

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://ads.themoneytizer.com/moneybid8_6/build/dist/prebid.js

HTTP Response

200

HTTP Request

GET https://ads.themoneytizer.com/s/gen.js?type=28

HTTP Request

GET https://ads.themoneytizer.com/s/requestform.js?siteId=85433&formatId=28

HTTP Response

200

HTTP Response

200
193.17.93.93:443

https://cdn.adlook.me/css/rlf.css?1.4

tls, http2

chrome.exe

2.6kB
33.0kB
28
40

HTTP Request

GET https://cdn.adlook.me/js/rlf.js

HTTP Request

GET https://cdn.adlook.me/u/cds.html

HTTP Request

GET https://cdn.adlook.me/css/rlf.css?1.4
178.250.7.13:443

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fdownload.oxy.st%2F&domain=download.oxy.st&bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA&cw=1&lsw=1

tls, http2

chrome.exe

2.2kB
6.2kB
16
14

HTTP Request

GET https://gum.criteo.com/sync?c=147&r=2&j=criteoCallback

HTTP Response

200

HTTP Request

GET https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1

HTTP Response

200

HTTP Request

GET https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fdownload.oxy.st%2F&domain=download.oxy.st&bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA&cw=1&lsw=1

HTTP Response

200
23.72.252.155:443

https://ced.sascdn.com/tag/1097/smart.js

tls, http

chrome.exe

2.3kB
43.4kB
25
41

HTTP Request

GET https://ced.sascdn.com/tag/1097/smart.js

HTTP Response

200
172.67.13.182:443

https://spl.zeotap.com/?env=mWeb&eventType=pageview&zdid=1258

tls, http2

chrome.exe

3.2kB
26.8kB
31
40

HTTP Request

GET https://spl.zeotap.com/mapper.js?env=mWeb&eventType=pageview&zdid=1258

HTTP Response

200

HTTP Request

GET https://spl.zeotap.com/?env=mWeb&eventType=pageview&zdid=1258

HTTP Response

200

HTTP Request

GET https://mwzeom.zeotap.com/mw?google_gid=&google_cver=&zpartnerid=1&env=mWeb&eventType=pageview&id_mid_4=871f0bb3-0b0b-438d-4c9e-b5551c3f93e1&reqId=943e4be8-e3d5-433c-4d1b-7d71e02982fa&zdid=1258&google_error=15

HTTP Response

200

HTTP Request

GET https://spl.zeotap.com/?env=mWeb&eventType=pageview&zdid=1258

HTTP Response

200
23.44.232.24:443

https://lg3.media.net/bping.php?vgd_len=598&&vgd_cdv=1042&vgd_cage=1&vgd_tsce=L217&vgd_mcf=40768&gdpr=1&mspa=0&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1691322337176419170&ugd=4&lf=6&kwrf=https%3A%2F%2Foxy.st&cc=NL&lper=100&wsip=170785041&r=1691322339548&requrl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FeKTf%2F2%2F88954c96f0d73ee8a2d657c50fe2e986&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=174&vgd_rakh=1691322337188834912&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p177473283t202308061145&vgd_pgids=1&vgd_uspa=0&hvsid=00001691322339540025877071365260&gdpr=1&mspa=0&vgd_l2type=scs_newfl&vgd_end=1

tls, http

chrome.exe

3.5kB
5.9kB
14
15

HTTP Request

GET https://lg3.media.net/bping.php?vgd_len=525&&vgd_cdv=1042&vgd_cage=1&vgd_tsce=L217&vgd_mcf=40768&gdpr=1&mspa=0&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1691322337216041968&ugd=4&lf=6&cc=NL&lper=100&wsip=170785041&r=1691322336780&requrl=https%3A%2F%2Foxy.st%2Fd%2FeKTf&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=174&vgd_rakh=1691322337188834912&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p0404107323t202308061145&vgd_pgids=1&vgd_uspa=0&hvsid=00001691322336775025877071369200&gdpr=1&mspa=0&vgd_l2type=scs_newfl&vgd_end=1

HTTP Response

200

HTTP Request

GET https://lg3.media.net/bping.php?vgd_len=598&&vgd_cdv=1042&vgd_cage=1&vgd_tsce=L217&vgd_mcf=40768&gdpr=1&mspa=0&prid=8PRHGG6T9&cid=8CU7BC15F&crid=468178560&vi=1691322337176419170&ugd=4&lf=6&kwrf=https%3A%2F%2Foxy.st&cc=NL&lper=100&wsip=170785041&r=1691322339548&requrl=https%3A%2F%2Fdownload.oxy.st%2Fd%2FeKTf%2F2%2F88954c96f0d73ee8a2d657c50fe2e986&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=174&vgd_rakh=1691322337188834912&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fdmedianet.js&vgd_pgid=p177473283t202308061145&vgd_pgids=1&vgd_uspa=0&hvsid=00001691322339540025877071365260&gdpr=1&mspa=0&vgd_l2type=scs_newfl&vgd_end=1

HTTP Response

200
54.38.64.100:443

https://c.tmyzer.com/c/?s=85433&f=28&fi=99

tls, http

chrome.exe

2.4kB
6.4kB
14
15

HTTP Request

GET https://c.tmyzer.com/c/?s=85433&f=2&fi=99

HTTP Response

200

HTTP Request

GET https://c.tmyzer.com/c/?s=85433&f=28&fi=99

HTTP Response

200
145.239.192.166:443

tag.leadplace.fr

tls

chrome.exe

3.5kB
11.2kB
16
16
51.89.9.254:443

https://onetag-sys.com/match/?int_id=106&google_error=15

tls, http2

chrome.exe

3.9kB
11.4kB
31
27

HTTP Request

GET https://onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1691322336882

HTTP Response

200

HTTP Request

GET https://onetag-sys.com/match/?int_id=106&redir=1&ot_initiated=1

HTTP Request

GET https://onetag-sys.com/match/?int_id=113&gdpr=1&gdpr_consent=&callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Donetag.com%26id%3D%24%7BUSER_TOKEN%7D&ot_initiated=1

HTTP Response

302

HTTP Response

302

HTTP Request

GET https://onetag-sys.com/match/?int_id=1&uid=04e864cf-87e2-4800-bfdc-233cd17c4226&gdpr=1&gdpr_consent=

HTTP Response

200

HTTP Request

GET https://onetag-sys.com/match/?int_id=98&gdpr=1&gdpr_consent=&uid=9110017361650720908

HTTP Request

GET https://onetag-sys.com/match/?int_id=106&google_error=15

HTTP Response

200

HTTP Request

GET https://onetag-sys.com/match/?int_id=110&uid=

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1691322339644

HTTP Response

200

HTTP Request

GET https://onetag-sys.com/match/?int_id=106&redir=1&ot_initiated=1

HTTP Response

302

HTTP Request

GET https://onetag-sys.com/match/?int_id=98&gdpr=1&gdpr_consent=&uid=9110017361650720908

HTTP Request

GET https://onetag-sys.com/match/?int_id=1&uid=04e864cf-87e2-4800-bfdc-233cd17c4226&gdpr=1&gdpr_consent=

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://onetag-sys.com/match/?int_id=106&google_error=15

HTTP Response

200
178.154.131.216:443

https://yastatic.net/islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2

tls, http2

chrome.exe

3.7kB
97.3kB
55
82

HTTP Request

GET https://yastatic.net/islands/_/KRBKbh7904nwfw8-FzDelXRpZ9o.woff2

HTTP Request

GET https://yastatic.net/islands/_/TR2STky64Ra69XlYzqKN7cnjYfQ.woff2

HTTP Response

200

HTTP Response

200
178.154.131.216:443

yastatic.net

tls

chrome.exe

1.0kB
4.7kB
9
9
192.184.69.252:443

secure.quantserve.com

tls

chrome.exe

2.8kB
15.1kB
20
27
52.208.148.0:443

p.cpx.to

tls

chrome.exe

1.8kB
8.1kB
15
18
108.156.61.80:443

https://d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js

tls, http

chrome.exe

2.2kB
33.6kB
22
32

HTTP Request

GET https://d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js

HTTP Response

200
88.212.201.204:443

counter.yadro.ru

tls

chrome.exe

4.5kB
6.6kB
17
13
188.114.96.0:443

https://msstral.icu/api/getslugv3?partner_apikey=fc637ad2fa123a2358df5768a2427c14&bl=0&raw=Discover%20new%20possibilities%20for%20%3Cspan%3E%20%242.70%2F5%20days%3C%2Fspan%3E&sourceURL=https%3A%2F%2Floader.oxy.st%2Fget%2F23ebfff6d7d0097c673899ff91a04bfc%2Fnl_gui.rar&sourceName=nl%20gui.rar&sourceIntro=&sourceNote=&priority=source&tag=&rnd=61c084dad439404849be9fd084850cee&d=0&utm_content=&err=0&b=1&rfr=https%3A%2F%2Foxy.st%2Fd%2FeKTf

tls, http2

chrome.exe

2.0kB
6.2kB
15
16

HTTP Request

GET https://msstral.icu/api/getslugv3?partner_apikey=fc637ad2fa123a2358df5768a2427c14&bl=0&raw=Discover%20new%20possibilities%20for%20%3Cspan%3E%20%242.70%2F5%20days%3C%2Fspan%3E&sourceURL=https%3A%2F%2Floader.oxy.st%2Fget%2F23ebfff6d7d0097c673899ff91a04bfc%2Fnl_gui.rar&sourceName=nl%20gui.rar&sourceIntro=&sourceNote=&priority=source&tag=&rnd=61c084dad439404849be9fd084850cee&d=0&utm_content=&err=0&b=1&rfr=https%3A%2F%2Foxy.st%2Fd%2FeKTf

HTTP Response

200
185.29.134.244:443

sync.mathtag.com

tls

chrome.exe

3.6kB
6.0kB
14
12
185.89.210.244:443

ib.adnxs.com

tls

chrome.exe

2.9kB
8.7kB
23
25
213.19.162.80:443

pixel-eu.rubiconproject.com

tls

chrome.exe

2.8kB
4.1kB
14
12
52.223.40.198:443

match.adsrvr.org

tls

chrome.exe

2.8kB
6.5kB
24
26
185.86.139.102:443

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=1&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D107%26uid%3D[ssb_sync_pid]

tls, http2

chrome.exe

2.2kB
5.2kB
16
15

HTTP Request

GET https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=1&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D107%26uid%3D[ssb_sync_pid]

HTTP Response

200

HTTP Request

GET https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=1&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D107%26uid%3D[ssb_sync_pid]

HTTP Response

200
104.36.113.110:443

image8.pubmatic.com

tls

chrome.exe

2.3kB
5.4kB
16
19
35.190.60.146:443

https://id.rlcdn.com/711916.gif?ct=4&cv=

tls, http2

chrome.exe

1.8kB
7.9kB
15
16

HTTP Request

GET https://id.rlcdn.com/711916.gif?ct=4&cv=
52.46.155.104:443

s.amazon-adsystem.com

tls

chrome.exe

1.1kB
6.5kB
10
12
213.19.162.90:443

pixel.rubiconproject.com

tls

chrome.exe

2.7kB
4.6kB
13
12
142.250.179.130:443

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABicqqy5VCJwVIAT0zb1lc8L8dWfcd9z6bNA

tls, http2

chrome.exe

2.1kB
8.2kB
18
21

HTTP Request

GET https://cm.g.doubleclick.net/pixel?google_nid=onetag_eb&google_cm

HTTP Request

GET https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABicqqy5VCJwVIAT0zb1lc8L8dWfcd9z6bNA
142.250.179.130:443

cm.g.doubleclick.net

tls, http2

chrome.exe

999 B
6.0kB
9
8
3.225.218.10:443

https://ups.analytics.yahoo.com/ups/58488/occ?&gdpr=1&gdpr_consent=

tls, http2

chrome.exe

2.0kB
5.7kB
17
17

HTTP Request

GET https://ups.analytics.yahoo.com/ups/58488/occ?&gdpr=1&gdpr_consent=

HTTP Request

GET https://ups.analytics.yahoo.com/ups/58488/occ?&gdpr=1&gdpr_consent=
213.19.162.90:443

pixel.rubiconproject.com

tls

chrome.exe

1.2kB
3.9kB
11
11
142.250.179.130:443

cm.g.doubleclick.net

tls, http2

chrome.exe

999 B
6.0kB
9
8
3.225.218.10:443

ups.analytics.yahoo.com

tls, http2

chrome.exe

1.1kB
5.2kB
11
11
52.46.155.104:443

s.amazon-adsystem.com

tls

chrome.exe

1.9kB
7.0kB
12
13
35.211.178.172:443

x.bidswitch.net

tls

chrome.exe

2.5kB
6.4kB
13
14
176.122.21.130:443

ads.adlook.me

tls

chrome.exe

2.1kB
6.4kB
15
14
141.95.98.65:443

https://id5-sync.com/g/v2/12.json

tls, http

chrome.exe

10.4kB
18.1kB
32
32

HTTP Request

POST https://id5-sync.com/g/v2/102.json

HTTP Response

200

HTTP Request

GET https://id5-sync.com/i/102/8.gif?id5id=ID5*OUROTyNIp_4wApdreWkcRkfE4E2g_NkLbjlYunsT0ONZwnmK2xOR72e79cpTWxNzWcMRdkbZAxdQU-Fdd0J06w&o=api&gdpr_consent=undefined&gdpr=0

HTTP Response

302

HTTP Request

POST https://id5-sync.com/g/v2/12.json

HTTP Response

200

HTTP Request

GET https://id5-sync.com/c/102/102/7/2.gif?puid=4881299743354675484&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent=

HTTP Response

302

HTTP Request

GET https://id5-sync.com/c/102/2/6/3.gif?puid=9110017361650720908&gdpr=0&gdpr_consent=

HTTP Response

302

HTTP Request

GET https://id5-sync.com/k/155.gif?puid=AADMnU7JnxAAACod0S9mbA&id5AccountNum=155&numCascadesAllowed=9

HTTP Response

302

HTTP Request

GET https://id5-sync.com/c/102/3/4/5.gif?puid=04e864cf-87e2-4800-bfdc-233cd17c4226&gdpr=0&gdpr_consent=

HTTP Response

302

HTTP Request

POST https://id5-sync.com/g/v2/102.json

HTTP Response

200

HTTP Request

POST https://id5-sync.com/g/v2/12.json

HTTP Response

200
178.250.7.13:443

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fdownload.oxy.st%2F&domain=download.oxy.st&bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA&cw=1&lsw=1

tls, http2

chrome.exe

2.0kB
5.4kB
13
13

HTTP Request

OPTIONS https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Foxy.st%2F&domain=oxy.st&cw=1&lsw=1

HTTP Response

200

HTTP Request

OPTIONS https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fdownload.oxy.st%2F&domain=download.oxy.st&bundle=JD6KIV9WdjdVcW1YRjI3SWwzaVdScVZXaHRqTHNkUUk0SjFGRE5vWEVHaHowRXhRZkswUWtVcHg0U1pkeXJkb3NQV1lmUGs3SVBsQmZSYXd5YzV3cHNQWnJ0UlRMZzMySVBMYkJKbW5abXBCZEJwRSUzRA&cw=1&lsw=1

HTTP Response

200
141.95.98.65:443

https://id5-sync.com/api/config/prebid

tls, http

chrome.exe

2.8kB
6.1kB
17
16

HTTP Request

POST https://id5-sync.com/api/config/prebid

HTTP Response

200

HTTP Request

POST https://id5-sync.com/api/config/prebid

HTTP Response

200
18.65.39.81:443

https://rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js

tls, http2

chrome.exe

1.7kB
8.6kB
14
16

HTTP Request

GET https://rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js

HTTP Response

200
52.211.252.101:443

s.cpx.to

tls

chrome.exe

3.2kB
8.4kB
24
25
162.19.138.82:443

https://lb.eu-1-id5-sync.com/lb/v1

tls, http

chrome.exe

2.5kB
6.2kB
16
16

HTTP Request

GET https://lb.eu-1-id5-sync.com/lb/v1

HTTP Response

200

HTTP Request

GET https://lb.eu-1-id5-sync.com/lb/v1

HTTP Response

200
185.86.138.152:443

https://rtb-csync.smartadserver.com/redir/?partnerid=111&partneruserid=ID5-90b4IzyLhTB2uxB5HTA9R7DMNqCI9XBuTXTBe2f8mA&redirurl=https%3A%2F%2Fid5-sync.com%2Fc%2F102%2F102%2F7%2F2.gif%3Fpuid%3DSMART_USER_ID%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=

tls, http

chrome.exe

2.0kB
5.6kB
12
10

HTTP Request

GET https://rtb-csync.smartadserver.com/redir/?partnerid=111&partneruserid=ID5-90b4IzyLhTB2uxB5HTA9R7DMNqCI9XBuTXTBe2f8mA&redirurl=https%3A%2F%2Fid5-sync.com%2Fc%2F102%2F102%2F7%2F2.gif%3Fpuid%3DSMART_USER_ID%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=

HTTP Response

302
141.95.98.65:443

id5-sync.com

tls

chrome.exe

943 B
624 B
8
7
142.251.36.10:443

https://ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js

tls, http2

chrome.exe

2.3kB
38.7kB
25
36

HTTP Request

GET https://ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js
185.64.190.80:443

https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID

tls, http2

chrome.exe

2.0kB
6.1kB
15
20

HTTP Request

GET https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID

HTTP Response

302

HTTP Request

GET https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID

HTTP Response

302
34.98.64.218:443

https://u.openx.net/w/1.0/cm?id=f0f39a70-2c21-4d5d-af4b-7350637edcd5&r=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3DOPENX%26dsp_uid%3D%7BOPENX_ID%7D

tls, http2

chrome.exe

1.8kB
4.9kB
13
14

HTTP Request

GET https://u.openx.net/w/1.0/cm?id=f0f39a70-2c21-4d5d-af4b-7350637edcd5&r=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3DOPENX%26dsp_uid%3D%7BOPENX_ID%7D
52.209.73.195:443

adtrack.adleadevent.com

tls

chrome.exe

2.9kB
7.6kB
17
15
54.145.44.246:443

match.prod.bidr.io

tls

chrome.exe

2.6kB
7.1kB
14
13
185.178.208.137:443

https://download.oxy.st/get/7714ce0cf6036568d42a5b8ca1a807d1/nl_gui.rar

tls, http2

chrome.exe

14.4kB
451.4kB
225
360

HTTP Request

GET https://download.oxy.st/d/eKTf/2/88954c96f0d73ee8a2d657c50fe2e986

HTTP Response

200

HTTP Request

GET https://download.oxy.st/slake/asset/css/bootstrap.min.css

HTTP Request

GET https://download.oxy.st/slake/asset/css/jquery.mCustomScrollbar.min.css

HTTP Request

GET https://download.oxy.st/slake/asset/css/elements.css?1

HTTP Request

GET https://download.oxy.st/slake/style.css?ver=6

HTTP Request

GET https://download.oxy.st/slake/cookie.css?ver=6

HTTP Request

GET https://download.oxy.st/slake/responsive.css?ver=5

HTTP Request

GET https://download.oxy.st/slake/asset/js/jquery.min.js

HTTP Request

GET https://download.oxy.st/js/jquery.cookie.min.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://download.oxy.st/css/cloud.css

HTTP Response

200

HTTP Request

GET https://download.oxy.st/js/download2.js

HTTP Request

GET https://download.oxy.st/slake/asset/js/bootstrap.min.js

HTTP Request

GET https://download.oxy.st/slake/asset/js/jquery.mCustomScrollbar.concat.min.js

HTTP Request

GET https://download.oxy.st/slake/asset/js/plugins.js

HTTP Request

GET https://download.oxy.st/slake/asset/js/main.js

HTTP Request

GET https://download.oxy.st/slake/asset/js/ajax-mail.js

HTTP Request

GET https://download.oxy.st/slake/asset/js/ajax-subscribe.js

HTTP Request

GET https://download.oxy.st/img/oxy-logo.svg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://download.oxy.st/slake/asset/slice_white.png

HTTP Request

GET https://download.oxy.st/images/sprite3.png

HTTP Request

GET https://download.oxy.st/images/ltd.svg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://download.oxy.st/slake/asset/img/bg/flake-slider-header.jpg

HTTP Response

200

HTTP Request

GET https://download.oxy.st/slake/asset/fonts/themify--fvbane.woff

HTTP Request

GET https://download.oxy.st/slake/asset/img/bg/footer-bg.png

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://download.oxy.st/slake/asset/img/favicon/favicon.ico

HTTP Response

200

HTTP Request

POST https://download.oxy.st/get/7714ce0cf6036568d42a5b8ca1a807d1/nl_gui.rar

HTTP Response

302
185.178.208.137:443

download.oxy.st

tls

chrome.exe

1.0kB
5.5kB
10
10
104.21.234.182:443

https://s1.oxy.st/get.php?cg=czozMjoiNDNmMmE4ODQ1NjQ4ODM1MWU3OTA0MGM3Yzg4NDY5MjMiOw%2C%2C&n=czoxMDoibmwgZ3VpLnJhciI7&c=czo2NDoiMmEwN2JkNTQzZjdjNTYwMmY1YTY3YTZkMDViYzMxZGNmNGQ4ODE1ZjM2ZDVjZDJiZTI2OGIwODNjOWMwYzgyYyI7&t=1691322343

tls, http2

chrome.exe

1.0MB
48.7MB
20703
34821

HTTP Request

GET https://s1.oxy.st/get.php?cg=czozMjoiNDNmMmE4ODQ1NjQ4ODM1MWU3OTA0MGM3Yzg4NDY5MjMiOw%2C%2C&n=czoxMDoibmwgZ3VpLnJhciI7&c=czo2NDoiMmEwN2JkNTQzZjdjNTYwMmY1YTY3YTZkMDViYzMxZGNmNGQ4ODE1ZjM2ZDVjZDJiZTI2OGIwODNjOWMwYzgyYyI7&t=1691322343

HTTP Response

200
192.178.49.3:443

beacons.gcp.gvt2.com

tls

chrome.exe

909 B
4.8kB
8
7

8.8.8.8:53

oxy.name

dns

chrome.exe

54 B
86 B
1
1

DNS Request

oxy.name

DNS Response

104.21.70.24

172.67.218.114
8.8.8.8:53

oxy.st

dns

chrome.exe

52 B
68 B
1
1

DNS Request

oxy.st

DNS Response

185.178.208.137
8.8.8.8:53

apps.identrust.com

dns

chrome.exe

64 B
165 B
1
1

DNS Request

apps.identrust.com

DNS Response

84.53.175.19

88.221.25.170
8.8.8.8:53

137.208.178.185.in-addr.arpa

dns

74 B
102 B
1
1

DNS Request

137.208.178.185.in-addr.arpa
8.8.8.8:53

24.70.21.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

24.70.21.104.in-addr.arpa
8.8.8.8:53

19.175.53.84.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

19.175.53.84.in-addr.arpa
8.8.8.8:53

contextual.media.net

dns

chrome.exe

66 B
82 B
1
1

DNS Request

contextual.media.net

DNS Response

104.85.0.23
8.8.8.8:53

254.33.24.67.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

254.33.24.67.in-addr.arpa
8.8.8.8:53

23.0.85.104.in-addr.arpa

dns

141 B
264 B
2
2

DNS Request

23.0.85.104.in-addr.arpa

DNS Request

93.93.17.193.in-addr.arpa
8.8.8.8:53

106.208.58.216.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

106.208.58.216.in-addr.arpa
8.8.8.8:53

ads.themoneytizer.com

dns

chrome.exe

67 B
137 B
1
1

DNS Request

ads.themoneytizer.com

DNS Response

143.244.42.32

195.181.172.27
8.8.8.8:53

wishesen.com

dns

chrome.exe

58 B
74 B
1
1

DNS Request

wishesen.com

DNS Response

88.208.46.156
8.8.8.8:53

cdn.adlook.me

dns

chrome.exe

59 B
111 B
1
1

DNS Request

cdn.adlook.me

DNS Response

193.17.93.93
8.8.8.8:53

lg3.media.net

dns

chrome.exe

59 B
75 B
1
1

DNS Request

lg3.media.net

DNS Response

23.44.232.24
8.8.8.8:53

c.tmyzer.com

dns

chrome.exe

58 B
74 B
1
1

DNS Request

c.tmyzer.com

DNS Response

54.38.64.100
8.8.8.8:53

ced.sascdn.com

dns

chrome.exe

60 B
173 B
1
1

DNS Request

ced.sascdn.com

DNS Response

23.72.252.155

23.72.252.137
8.8.8.8:53

gum.criteo.com

dns

chrome.exe

60 B
107 B
1
1

DNS Request

gum.criteo.com

DNS Response

178.250.7.13
8.8.8.8:53

spl.zeotap.com

dns

chrome.exe

60 B
108 B
1
1

DNS Request

spl.zeotap.com

DNS Response

172.67.13.182

104.22.25.87

104.22.24.87
8.8.8.8:53

tag.leadplace.fr

dns

chrome.exe

62 B
124 B
1
1

DNS Request

tag.leadplace.fr

DNS Response

145.239.192.166

145.239.193.51
8.8.8.8:53

onetag-sys.com

dns

chrome.exe

60 B
156 B
1
1

DNS Request

onetag-sys.com

DNS Response

51.89.9.254

51.75.86.98

51.38.120.206

51.89.9.252

51.89.9.253

51.89.9.251
8.8.8.8:53

secure.quantserve.com

dns

chrome.exe

67 B
193 B
1
1

DNS Request

secure.quantserve.com

DNS Response

192.184.69.252

192.184.69.215

192.184.69.167

192.184.69.239

192.184.69.201
8.8.8.8:53

p.cpx.to

dns

chrome.exe

54 B
167 B
1
1

DNS Request

p.cpx.to

DNS Response

52.208.148.0

52.212.239.100
8.8.8.8:53

d2zur9cc2gf1tx.cloudfront.net

dns

chrome.exe

75 B
139 B
1
1

DNS Request

d2zur9cc2gf1tx.cloudfront.net

DNS Response

108.156.61.80

108.156.61.198

108.156.61.94

108.156.61.138
8.8.8.8:53

yastatic.net

dns

chrome.exe

58 B
106 B
1
1

DNS Request

yastatic.net

DNS Response

178.154.131.216

178.154.131.217

178.154.131.215
8.8.8.8:53

counter.yadro.ru

dns

chrome.exe

62 B
110 B
1
1

DNS Request

counter.yadro.ru

DNS Response

88.212.201.204

88.212.202.52

88.212.201.198
8.8.8.8:53

msstral.icu

dns

chrome.exe

57 B
89 B
1
1

DNS Request

msstral.icu

DNS Response

188.114.96.0

188.114.97.0
8.8.8.8:53

sync.mathtag.com

dns

chrome.exe

62 B
153 B
1
1

DNS Request

sync.mathtag.com

DNS Response

185.29.134.244

185.29.132.241

185.29.132.245

185.29.134.248
8.8.8.8:53

pixel-eu.rubiconproject.com

dns

chrome.exe

73 B
157 B
1
1

DNS Request

pixel-eu.rubiconproject.com

DNS Response

213.19.162.80

213.19.162.90
8.8.8.8:53

ib.adnxs.com

dns

chrome.exe

58 B
299 B
1
1

DNS Request

ib.adnxs.com

DNS Response

185.89.210.244

185.89.210.212

185.89.211.12

185.89.211.84

185.89.210.82

185.89.210.20

185.89.210.46

185.89.210.101

185.89.210.141

185.89.210.122

185.89.210.153

185.89.210.90
8.8.8.8:53

pixel.rubiconproject.com

dns

chrome.exe

70 B
151 B
1
1

DNS Request

pixel.rubiconproject.com

DNS Response

213.19.162.90

213.19.162.80
8.8.8.8:53

ssbsync-global.smartadserver.com

dns

chrome.exe

78 B
263 B
1
1

DNS Request

ssbsync-global.smartadserver.com

DNS Response

185.86.139.102

185.86.139.93

185.86.139.94

185.86.139.104

185.86.139.103

185.86.139.101
8.8.8.8:53

id.rlcdn.com

dns

chrome.exe

58 B
74 B
1
1

DNS Request

id.rlcdn.com

DNS Response

35.190.60.146
8.8.8.8:53

image8.pubmatic.com

dns

chrome.exe

65 B
146 B
1
1

DNS Request

image8.pubmatic.com

DNS Response

104.36.113.110
8.8.8.8:53

cm.g.doubleclick.net

dns

chrome.exe

66 B
82 B
1
1

DNS Request

cm.g.doubleclick.net

DNS Response

142.250.179.130
8.8.8.8:53

match.adsrvr.org

dns

chrome.exe

62 B
126 B
1
1

DNS Request

match.adsrvr.org

DNS Response

52.223.40.198

35.71.131.137

15.197.193.217

3.33.220.150
8.8.8.8:53

ups.analytics.yahoo.com

dns

chrome.exe

69 B
248 B
1
1

DNS Request

ups.analytics.yahoo.com

DNS Response

3.225.218.10

34.200.65.202
8.8.8.8:53

content-autofill.googleapis.com

dns

chrome.exe

77 B
221 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

216.58.208.106

216.58.214.10

142.250.179.138

142.251.36.42

142.250.179.170

142.250.179.202

142.251.36.10

142.251.39.106

172.217.23.202
8.8.8.8:53

s.amazon-adsystem.com

dns

chrome.exe

67 B
83 B
1
1

DNS Request

s.amazon-adsystem.com

DNS Response

52.46.155.104
8.8.8.8:53

131.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

131.179.250.142.in-addr.arpa
8.8.8.8:53

156.46.208.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

156.46.208.88.in-addr.arpa
8.8.8.8:53

32.42.244.143.in-addr.arpa

dns

72 B
109 B
1
1

DNS Request

32.42.244.143.in-addr.arpa
8.8.8.8:53

13.7.250.178.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

13.7.250.178.in-addr.arpa
8.8.8.8:53

155.252.72.23.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

155.252.72.23.in-addr.arpa
8.8.8.8:53

182.13.67.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

182.13.67.172.in-addr.arpa
8.8.8.8:53

100.64.38.54.in-addr.arpa

dns

71 B
126 B
1
1

DNS Request

100.64.38.54.in-addr.arpa
8.8.8.8:53

166.192.239.145.in-addr.arpa

dns

74 B
129 B
1
1

DNS Request

166.192.239.145.in-addr.arpa
8.8.8.8:53

24.232.44.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

24.232.44.23.in-addr.arpa
8.8.8.8:53

216.131.154.178.in-addr.arpa

dns

74 B
105 B
1
1

DNS Request

216.131.154.178.in-addr.arpa
8.8.8.8:53

254.9.89.51.in-addr.arpa

dns

70 B
103 B
1
1

DNS Request

254.9.89.51.in-addr.arpa
8.8.8.8:53

80.61.156.108.in-addr.arpa

dns

360 B
5

DNS Request

80.61.156.108.in-addr.arpa

DNS Request

80.61.156.108.in-addr.arpa

DNS Request

80.61.156.108.in-addr.arpa

DNS Request

80.61.156.108.in-addr.arpa

DNS Request

80.61.156.108.in-addr.arpa
8.8.8.8:53

0.148.208.52.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

0.148.208.52.in-addr.arpa
8.8.8.8:53

252.69.184.192.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

252.69.184.192.in-addr.arpa
8.8.8.8:53

204.201.212.88.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

204.201.212.88.in-addr.arpa
8.8.8.8:53

ads.adlook.me

dns

chrome.exe

59 B
129 B
1
1

DNS Request

ads.adlook.me

DNS Response

176.122.21.130

5.200.50.170

176.122.21.139
8.8.8.8:53

x.bidswitch.net

dns

chrome.exe

61 B
109 B
1
1

DNS Request

x.bidswitch.net

DNS Response

35.211.178.172
8.8.8.8:53

id5-sync.com

dns

chrome.exe

58 B
218 B
1
1

DNS Request

id5-sync.com

DNS Response

141.95.98.65

162.19.138.118

162.19.138.116

162.19.138.117

162.19.138.120

141.95.33.111

141.95.98.64

162.19.138.83

162.19.138.119

162.19.138.82
8.8.8.8:53

rules.quantcount.com

dns

chrome.exe

66 B
173 B
1
1

DNS Request

rules.quantcount.com

DNS Response

18.65.39.81

18.65.39.30

18.65.39.9

18.65.39.99
8.8.8.8:53

lb.eu-1-id5-sync.com

dns

chrome.exe

66 B
226 B
1
1

DNS Request

lb.eu-1-id5-sync.com

DNS Response

162.19.138.82

162.19.138.117

162.19.138.118

141.95.98.64

162.19.138.119

162.19.138.120

141.95.33.111

162.19.138.116

141.95.98.65

162.19.138.83
8.8.8.8:53

rtb-csync.smartadserver.com

dns

chrome.exe

73 B
254 B
1
1

DNS Request

rtb-csync.smartadserver.com

DNS Response

185.86.138.152

185.86.138.151

185.86.138.155

185.86.138.153

185.86.138.150

185.86.138.154
8.8.8.8:53

s.cpx.to

dns

chrome.exe

54 B
164 B
1
1

DNS Request

s.cpx.to

DNS Response

52.211.252.101

18.200.218.194
142.250.179.130:443

cm.g.doubleclick.net

https

chrome.exe

5.6kB
11.8kB
31
39
8.8.8.8:53

pixel.quantserve.com

dns

chrome.exe

66 B
170 B
1
1

DNS Request

pixel.quantserve.com

DNS Response

192.184.69.252

192.184.69.201

192.184.69.239

192.184.69.215

192.184.69.167
8.8.8.8:53

mwzeom.zeotap.com

dns

chrome.exe

63 B
111 B
1
1

DNS Request

mwzeom.zeotap.com

DNS Response

104.22.25.87

104.22.24.87

172.67.13.182
8.8.8.8:53

ajax.googleapis.com

dns

chrome.exe

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

142.251.36.10
35.190.60.146:443

id.rlcdn.com

https

chrome.exe

2.3kB
6.4kB
8
9
8.8.8.8:53

u.openx.net

dns

chrome.exe

57 B
89 B
1
1

DNS Request

u.openx.net

DNS Response

34.98.64.218

35.244.159.8
8.8.8.8:53

image2.pubmatic.com

dns

chrome.exe

65 B
135 B
1
1

DNS Request

image2.pubmatic.com

DNS Response

185.64.190.80
34.98.64.218:443

u.openx.net

https

chrome.exe

2.2kB
4.3kB
6
8
8.8.8.8:53

adtrack.adleadevent.com

dns

chrome.exe

69 B
179 B
1
1

DNS Request

adtrack.adleadevent.com

DNS Response

52.209.73.195

52.214.118.85
8.8.8.8:53

match.prod.bidr.io

dns

chrome.exe

64 B
192 B
1
1

DNS Request

match.prod.bidr.io

DNS Response

54.145.44.246

52.2.41.26

44.193.243.239

52.204.75.117

52.20.6.194

52.71.189.156

3.225.186.40

52.86.159.148
8.8.8.8:53

0.96.114.188.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

0.96.114.188.in-addr.arpa
8.8.8.8:53

244.134.29.185.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

244.134.29.185.in-addr.arpa
8.8.8.8:53

244.210.89.185.in-addr.arpa

dns

73 B
134 B
1
1

DNS Request

244.210.89.185.in-addr.arpa
8.8.8.8:53

80.162.19.213.in-addr.arpa

dns

72 B
72 B
1
1

DNS Request

80.162.19.213.in-addr.arpa
8.8.8.8:53

198.40.223.52.in-addr.arpa

dns

72 B
128 B
1
1

DNS Request

198.40.223.52.in-addr.arpa
8.8.8.8:53

102.139.86.185.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

102.139.86.185.in-addr.arpa
8.8.8.8:53

110.113.36.104.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

110.113.36.104.in-addr.arpa
8.8.8.8:53

146.60.190.35.in-addr.arpa

dns

72 B
124 B
1
1

DNS Request

146.60.190.35.in-addr.arpa
8.8.8.8:53

90.162.19.213.in-addr.arpa

dns

72 B
72 B
1
1

DNS Request

90.162.19.213.in-addr.arpa
8.8.8.8:53

130.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

130.179.250.142.in-addr.arpa
8.8.8.8:53

104.155.46.52.in-addr.arpa

dns

72 B
143 B
1
1

DNS Request

104.155.46.52.in-addr.arpa
8.8.8.8:53

130.21.122.176.in-addr.arpa

dns

73 B
134 B
1
1

DNS Request

130.21.122.176.in-addr.arpa
8.8.8.8:53

65.98.95.141.in-addr.arpa

dns

71 B
110 B
1
1

DNS Request

65.98.95.141.in-addr.arpa
8.8.8.8:53

226.21.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

226.21.18.104.in-addr.arpa
8.8.8.8:53

10.218.225.3.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

10.218.225.3.in-addr.arpa
8.8.8.8:53

112.211.227.13.in-addr.arpa

dns

73 B
131 B
1
1

DNS Request

112.211.227.13.in-addr.arpa
8.8.8.8:53

172.178.211.35.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

172.178.211.35.in-addr.arpa
8.8.8.8:53

81.39.65.18.in-addr.arpa

dns

70 B
124 B
1
1

DNS Request

81.39.65.18.in-addr.arpa
8.8.8.8:53

101.15.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

101.15.18.104.in-addr.arpa
8.8.8.8:53

82.138.19.162.in-addr.arpa

dns

72 B
113 B
1
1

DNS Request

82.138.19.162.in-addr.arpa
8.8.8.8:53

152.138.86.185.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

152.138.86.185.in-addr.arpa
8.8.8.8:53

101.252.211.52.in-addr.arpa

dns

73 B
137 B
1
1

DNS Request

101.252.211.52.in-addr.arpa
8.8.8.8:53

218.64.98.34.in-addr.arpa

dns

71 B
122 B
1
1

DNS Request

218.64.98.34.in-addr.arpa
8.8.8.8:53

10.36.251.142.in-addr.arpa

dns

72 B
111 B
1
1

DNS Request

10.36.251.142.in-addr.arpa
8.8.8.8:53

80.190.64.185.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

80.190.64.185.in-addr.arpa
8.8.8.8:53

download.oxy.st

dns

chrome.exe

61 B
77 B
1
1

DNS Request

download.oxy.st

DNS Response

185.178.208.137
8.8.8.8:53

195.73.209.52.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

195.73.209.52.in-addr.arpa
8.8.8.8:53

246.44.145.54.in-addr.arpa

dns

72 B
127 B
1
1

DNS Request

246.44.145.54.in-addr.arpa
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

s1.oxy.st

dns

chrome.exe

55 B
87 B
1
1

DNS Request

s1.oxy.st

DNS Response

104.21.234.182

104.21.234.183
8.8.8.8:53

182.234.21.104.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

182.234.21.104.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

43.229.111.52.in-addr.arpa
8.8.8.8:53

9.57.101.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.57.101.20.in-addr.arpa
8.8.8.8:53

beacons.gcp.gvt2.com

dns

chrome.exe

66 B
112 B
1
1

DNS Request

beacons.gcp.gvt2.com

DNS Response

192.178.49.3
8.8.8.8:53

9.179.89.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

9.179.89.13.in-addr.arpa
8.8.8.8:53

3.49.178.192.in-addr.arpa

dns

71 B
109 B
1
1

DNS Request

3.49.178.192.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
901a8a90c90d464b4eb9a12ba9f0303a

SHA1
448b9e22026e24ab959c814df988e305103b4754

SHA256
e0fa6fef439189f682a19986cf7154e84063aa7d65c452b6e0a0e752dce83bc9

SHA512
a380f6f092a9ed561aae921e927dae50d9e45771980f5f4f977c9cde481c04a9b39fec9d678afe1319f40b9f87a59cd865f75d7739db0bcef2467ca7af3a6e5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
9c9cfff33dd1735b66eeb1160b2218f9

SHA1
f1bb63dc6eece8b85a76b987bb187712a1f2b833

SHA256
69cdd9eb986d7a299faeeb4f1703bc81a66b8ce28f60a4cfba0fefe8a92316cf

SHA512
f06c395420eb9390f0361505a93653d9b3bb3b7bf948fc8dae7b637a09cd71b656501a124564fe70d348334c1be23d3f70ee850515ca39ff7c3611ab5c3462bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
08e83f74fb6fd46d99607a6438acfdd1

SHA1
b6fd0fbc26c24fe66acc72068bd04a6ff7285cf0

SHA256
9890819ab0407967a6d1932ca00e3ae3e599fcd55ff30076cb4cf9aae7d77fc0

SHA512
58596d04532cf5912daa6e433d15d5861002238fac4db49a6505d909fb2f2aa73eeb36f65f7dde9c69351a6db9da667c2a8151230881e7064472c46e9882d2ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
72bb177a1f138cf3ff3c952d7bc2b99d

SHA1
65c2430e833792e2ab386e709da624acc18d6ef2

SHA256
99f422765943f85e55ca5138e60d143ed907d2fa7be35634596360a6b53f220d

SHA512
138169118cafbe5075cf1727f18f7d6d0702751c12654e5a3704423ddfe23d3effdaf49b69b65f63145ff15866990640c1a4d68519e7e22bab4ffeccd3628545

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
878134226156504b1fd44e1423caa1ea

SHA1
e372aa4f07e1b59d4c0d5a6cfd0094acf57109dc

SHA256
bf06dda1a98bde98afe1abb565ab9e00c4187d4cf6bf1b03c8da79729d74995f

SHA512
cc38126a6a03066d540de25a59e0c6f212c8c7191eaeaf619d8f48ee62c4085a96a463b0079e2c7a7c86cbe9c5480994c560b44eb8179bfd91c3efe6c0c97cf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
0a9c04cf8421dbb9fa27992dc7655358

SHA1
3b89deb248d604e978a55c31740e5f23f023f9d4

SHA256
0b675ad64c0fb862f9c67eaeb4bc3c50df4f36adcc0b1c50582945bdae818e14

SHA512
191c5bb098154876a4f55c94ff60321d088ea79f09df2ef96e8889f88323863c43c88015f0ca84768b5818ca8a1eeab581c1b558c21351b8b7cf7ee15ef7104f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
7fd286a636113d3bcfb5cc94e6e09dd4

SHA1
e4be818eefa68e965d12bb47d57a43c1e8374866

SHA256
7bc509696439b40248d8d19d9c273bff15e6089f4aca05d1548322aba50af0fd

SHA512
b2ae40201f469903c390be9366c8f6ca71f33a25cecf889bd6e3482bf418d257776ff2d25f508bec5255de361e394990ec6a6c0ed9ee670ce16aee604fc34893

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59f3dc.TMP

Filesize
98KB

MD5
c17c31c977196183111b38c3c1905fc8

SHA1
f521fec5e338d30960b1fb48716b18198b2d9f36

SHA256
0b94b1dc0dc7de8c26cfedd5b22062e5cf986ea3587d032a6a75798ae7a731a3

SHA512
78c661b0931410fedd43cb0f5c12de3ae3f7c2e4e527de2e8929486b118b6ea3d95c8f3e20d2cd9d45b8ffa5e46c39aad606a35f4f69774bddfd961653bf6379

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOC61092FA\DroidSans.ttf

Filesize
185KB

MD5
9d83fb20700a3a7c45dc9acd64ab121e

SHA1
da5b3c7758a2c8fbc4775beb69d7150493c7d312

SHA256
4e2371bc0e4cf6983342e150412f140da79d674c9be0b56458401f581072ecd3

SHA512
d7b4bc364a17179f3bfa306af42e33f3c4645bd84a49fb72b255efb8a066518e7dfc003c7dd179655d1b87a7c9512e41abd054fc0f02c322eaef42209fdfbf0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOC612129A\ProggyTiny.ttf

Filesize
34KB

MD5
6eec1497b5b2f7ca96910039dced6ac4

SHA1
c5ee3a408981e5bbe7a5646b3c11816339b61cac

SHA256
79bf8d3896ba83ae2f9c4fa214dce8fc689eae47950474947a4cc5c6e14a9bfc

SHA512
0b23596b137647716d92019b56cf1d564b160377061d7a442839e3e8af2ba4deb00c76ed75402d2d980f7588e45f64a27fb72528fa0604c82d85df91ce9a0496

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOC61256DA\Roboto-Medium.ttf

Filesize
158KB

MD5
fe13e4170719c2fc586501e777bde143

SHA1
08bab5b1ab478e8af2279b613d3a32636b85cc65

SHA256
8559132c89ad51d8a2ba5b171887a44a7ba93776e205f553573de228e64b45f8

SHA512
c62dc07831278e29213c05d93439aacf7da7b741fc572c28851f9d392380c6d802e3147a388c4d7a3a0f359306e50cefc4b4e2b0b98b9235c73cb699bd6fd218

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOC612F6BA\museosanscyrl-300.ttf

Filesize
126KB

MD5
c2e5987ab95e9df93393619a6eac8dea

SHA1
f3c36bae1cb2b9575ca094bd500ed3fd25e6d536

SHA256
5d85065052d7be514682a881888a36a2da0f6ee37184b909c17b54dd2a0644c7

SHA512
3383dae42a8bb8fff06a0f7b0aae87a58a5a46384c6dfc44be72a89353731f76edfa4db4afef985198c196eb84f0144df99357a08429abe2e7bde837de6caf76

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOC616BEFA\Karla-Regular.ttf

Filesize
16KB

MD5
b923ce07bd8c6d8c02f163460d4428ca

SHA1
81c645a5bb59f327489ed86c48cc18b7f780a0a4

SHA256
907c55a993e35b3ae4f3b8b8c28367f4b6d431df8e9ca6fbd382d8317dd3684e

SHA512
c8ed55f13d89c501c7e87f841bd388512171e6b73bccba01d09f91fada430e9748dcf9a6cf9314c909ba487caa3bf5918269760bd4614d4ccc22983a281f1fb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOC619C20B\README.txt

Filesize
998B

MD5
1602fe2f469b383ec478463d949d9a82

SHA1
3da7de2de41f8bc97de6fcd9cbb657810800a859

SHA256
c00e156900bcd0db58bfaee14027dd69fcc33c3cce7533b546fdc00dcc9e58dc

SHA512
e7512fcba0b111bdce3a55e1a2ca4eb809c06411ebe4d4d8c9231b42deee2e765f6ae108cd789b67a50de89c575f1ed250457dde7198a2f8a8472d7137fcaff9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOC61B13EA\Cousine-Regular.ttf

Filesize
42KB

MD5
0df40da32257f8430af90e514e5bdfe2

SHA1
1bbd6022d85dc8b5e51f2ccaf678528bcb1bedda

SHA256
0d5d5eeb6a342432bd63a3c0d16e8470160e019933ee5af3e159d06d665dacce

SHA512
cb870652a8ef21fffd1713874ca8ae913cbca640e610bca4a5bfc91190ca9ff091a7712e5e102615969d08345591faa39476fd745dfa2a55cea52933accea72d

Download Submit
C:\Users\Admin\Downloads\nl gui.rar

Filesize
44.0MB

MD5
e1b17e3c1d11eb7b39a7ad613440c24e

SHA1
6aec5aee09fa79b8188563d37f3e7c8f21da10e4

SHA256
2a07bd543f7c5602f5a67a6d05bc31dcf4d8815f36d5cd2be268b083c9c0c82c

SHA512
7198a7d98d71d99646613f72d09bc3ab631351264ce2a97e24e4bef72489b4e4a2020452c2ea533fb1103acbb51bb68cd60a5a04e52abc0b84a75489ac45e621

Download Submit
C:\Users\Admin\Downloads\nl gui.rar.crdownload

Filesize
44.0MB

MD5
e1b17e3c1d11eb7b39a7ad613440c24e

SHA1
6aec5aee09fa79b8188563d37f3e7c8f21da10e4

SHA256
2a07bd543f7c5602f5a67a6d05bc31dcf4d8815f36d5cd2be268b083c9c0c82c

SHA512
7198a7d98d71d99646613f72d09bc3ab631351264ce2a97e24e4bef72489b4e4a2020452c2ea533fb1103acbb51bb68cd60a5a04e52abc0b84a75489ac45e621

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request