hxxps://links[.]mkt2527[.]com/els/v2/a4A_hZqNZ8f7/elpTOUx3RGViSExMaEFRTUVTOUFtRVJDWFV5TzhmdVFyWDhSSjhHNGprNWxaVXRtMUxjaTZKbUIxUEhqZGxieTJtUWFGU3NaZ0JlRndlbGVUWmE5Z01OMWpsdFhqRnVtaGFkYThYL0RlL1U9S0/

Analysis

max time kernel
294s
max time network
311s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2023, 19:19 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://links.mkt2527.com/els/v2/a4A_hZqNZ8f7/elpTOUx3RGViSExMaEFRTUVTOUFtRVJDWFV5TzhmdVFyWDhSSjhHNGprNWxaVXRtMUxjaTZKbUIxUEhqZGxieTJtUWFGU3NaZ0JlRndlbGVUWmE5Z01OMWpsdFhqRnVtaGFkYThYL0RlL1U9S0/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4772	ChromeRecovery.exe

Drops file in Program Files directory 7 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4480_514757598\ChromeRecoveryCRX.crx	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4480_514757598\ChromeRecovery.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4480_514757598\ChromeRecovery.exe	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4480_514757598\manifest.json	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4480_514757598\manifest.json	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4480_514757598\_metadata\verified_contents.json	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4480_514757598\_metadata\verified_contents.json	elevation_service.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2892	chrome.exe
2892	chrome.exe
740	chrome.exe
740	chrome.exe
3572	chrome.exe
3572	chrome.exe
2384	chrome.exe
2384	chrome.exe
1888	chrome.exe
1888	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
1908	chrome.exe
2096	chrome.exe
2096	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe
740	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 740 wrote to memory of 4976	740	chrome.exe	81
PID 740 wrote to memory of 4976	740	chrome.exe	81
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2224	740	chrome.exe	84
PID 740 wrote to memory of 2892	740	chrome.exe	85
PID 740 wrote to memory of 2892	740	chrome.exe	85
PID 740 wrote to memory of 3616	740	chrome.exe	86
PID 740 wrote to memory of 3616	740	chrome.exe	86
PID 740 wrote to memory of 3616	740	chrome.exe	86
PID 740 wrote to memory of 3616	740	chrome.exe	86
PID 740 wrote to memory of 3616	740	chrome.exe	86
PID 740 wrote to memory of 3616	740	chrome.exe	86
PID 740 wrote to memory of 3616	740	chrome.exe	86
PID 740 wrote to memory of 3616	740	chrome.exe	86
PID 740 wrote to memory of 3616	740	chrome.exe	86
PID 740 wrote to memory of 3616	740	chrome.exe	86
PID 740 wrote to memory of 3616	740	chrome.exe	86
PID 740 wrote to memory of 3616	740	chrome.exe	86
PID 740 wrote to memory of 3616	740	chrome.exe	86
PID 740 wrote to memory of 3616	740	chrome.exe	86
PID 740 wrote to memory of 3616	740	chrome.exe	86
PID 740 wrote to memory of 3616	740	chrome.exe	86
PID 740 wrote to memory of 3616	740	chrome.exe	86
PID 740 wrote to memory of 3616	740	chrome.exe	86
PID 740 wrote to memory of 3616	740	chrome.exe	86
PID 740 wrote to memory of 3616	740	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://links.mkt2527.com/els/v2/a4A_hZqNZ8f7/elpTOUx3RGViSExMaEFRTUVTOUFtRVJDWFV5TzhmdVFyWDhSSjhHNGprNWxaVXRtMUxjaTZKbUIxUEhqZGxieTJtUWFGU3NaZ0JlRndlbGVUWmE5Z01OMWpsdFhqRnVtaGFkYThYL0RlL1U9S0/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbaaab4f50,0x7ffbaaab4f60,0x7ffbaaab4f70
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1628 /prefetch:2
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1908 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2384 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2980 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3012 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4432 /prefetch:8
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2428 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2316 /prefetch:8
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5976 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=916 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2480 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1460 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1584,15677882276444112417,8212248428967061503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:3132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2448

C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"
1⤵
- Drops file in Program Files directory
PID:4480
- C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4480_514757598\ChromeRecovery.exe
  "C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4480_514757598\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={090b1d7d-eb17-4a5f-b76e-1cbd4492bd92} --system
  2⤵
  - Executes dropped EXE
  PID:4772

Network

DNS

links.mkt2527.com

chrome.exe

Remote address:

8.8.8.8:53

Request

links.mkt2527.com

IN A

Response

links.mkt2527.com

IN CNAME

dim4hg03yd3ll.cloudfront.net

dim4hg03yd3ll.cloudfront.net

IN A

52.222.139.32

dim4hg03yd3ll.cloudfront.net

IN A

52.222.139.127

dim4hg03yd3ll.cloudfront.net

IN A

52.222.139.48

dim4hg03yd3ll.cloudfront.net

IN A

52.222.139.40
DNS

accounts.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

142.251.36.45
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

172.217.168.238
GET

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D175%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D175%2526e%253D1

chrome.exe

Remote address:

172.217.168.238:443

Request

GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D175%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D175%2526e%253D1 HTTP/2.0
host: clients2.google.com
x-goog-update-interactivity: fg
x-goog-update-appid: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfm
x-goog-update-updater: chromecrx-89.0.4389.114
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://links.mkt2527.com/els/v2/a4A_hZqNZ8f7/elpTOUx3RGViSExMaEFRTUVTOUFtRVJDWFV5TzhmdVFyWDhSSjhHNGprNWxaVXRtMUxjaTZKbUIxUEhqZGxieTJtUWFGU3NaZ0JlRndlbGVUWmE5Z01OMWpsdFhqRnVtaGFkYThYL0RlL1U9S0/

chrome.exe

Remote address:

52.222.139.32:443

Request

GET /els/v2/a4A_hZqNZ8f7/elpTOUx3RGViSExMaEFRTUVTOUFtRVJDWFV5TzhmdVFyWDhSSjhHNGprNWxaVXRtMUxjaTZKbUIxUEhqZGxieTJtUWFGU3NaZ0JlRndlbGVUWmE5Z01OMWpsdFhqRnVtaGFkYThYL0RlL1U9S0/ HTTP/1.1
Host: links.mkt2527.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

Content-Length: 0
Connection: keep-alive
Date: Fri, 03 Feb 2023 19:19:31 GMT
location: http://www.twitter.com/bcbsil
content-language: en-US
x-envoy-upstream-service-time: 2
server: istio-envoy
X-Cache: Miss from cloudfront
Via: 1.1 9c84f9ddc9675b0adb884f2700ada8f2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS50-C1
X-Amz-Cf-Id: ggTE22ENtZ12RqdGHWUrzBb9Ag0v-bxortc1-6ihTvRMakF6-IToFA==
POST

https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard

chrome.exe

Remote address:

142.251.36.45:443

Request

POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/2.0
host: accounts.google.com
content-length: 1
origin: https://www.google.com
content-type: application/x-www-form-urlencoded
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://accounts.google.com/gsi/client

chrome.exe

Remote address:

142.251.36.45:443

Request

GET /gsi/client HTTP/2.0
host: accounts.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://accounts.google.com/gsi/style

chrome.exe

Remote address:

142.251.36.45:443

Request

GET /gsi/style HTTP/2.0
host: accounts.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://accounts.google.com/gsi/status?client_id=49625052041-kgt0hghf445lmcmhijv46b715m2mpbct.apps.googleusercontent.com&as=5GlkeknRI96mFP8XJ%2FQN2w

chrome.exe

Remote address:

142.251.36.45:443

Request

GET /gsi/status?client_id=49625052041-kgt0hghf445lmcmhijv46b715m2mpbct.apps.googleusercontent.com&as=5GlkeknRI96mFP8XJ%2FQN2w HTTP/2.0
host: accounts.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
origin: https://twitter.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://accounts.google.com/gsi/button?theme=outline&size=large&shape=circle&logo_alignment=center&text=signup_with&width=300&client_id=49625052041-kgt0hghf445lmcmhijv46b715m2mpbct.apps.googleusercontent.com&iframe_id=gsi_582940_356587&as=uwDxXrtvgA59c%2FmV5ZIL5Q&hl=en

chrome.exe

Remote address:

142.251.36.45:443

Request

GET /gsi/button?theme=outline&size=large&shape=circle&logo_alignment=center&text=signup_with&width=300&client_id=49625052041-kgt0hghf445lmcmhijv46b715m2mpbct.apps.googleusercontent.com&iframe_id=gsi_582940_356587&as=uwDxXrtvgA59c%2FmV5ZIL5Q&hl=en HTTP/2.0
host: accounts.google.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
x-chrome-id-consistency-request: version=1,client_id=77185425430.apps.googleusercontent.com,device_id=1d6042d9-3960-404a-b560-43aca761f897,signin_mode=all_accounts,signout_mode=show_confirmation
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

edgedl.me.gvt1.com

chrome.exe

Remote address:

8.8.8.8:53

Request

edgedl.me.gvt1.com

IN A

Response

edgedl.me.gvt1.com

IN A

34.104.35.123
GET

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx

chrome.exe

Remote address:

34.104.35.123:80

Request

GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx HTTP/1.1
Host: edgedl.me.gvt1.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 248531
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: b42772c9-f68b-43ac-871d-6daec070ca2a
date: Fri, 03 Feb 2023 02:13:55 GMT
age: 61536
last-modified: Fri, 25 Feb 2022 22:08:36 GMT
etag: "c994e6"
content-type: application/x-chrome-extension
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
DNS

www.twitter.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.twitter.com

IN A

Response

www.twitter.com

IN CNAME

twitter.com

twitter.com

IN A

104.244.42.65

twitter.com

IN A

104.244.42.1
GET

http://www.twitter.com/bcbsil

chrome.exe

Remote address:

104.244.42.65:80

Request

GET /bcbsil HTTP/1.1
Host: www.twitter.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

perf: 7626143928
location: https://www.twitter.com/bcbsil
cache-control: no-cache, no-store, max-age=0
content-length: 0
x-transaction-id: 37711a1fb4e51d35
x-response-time: 107
x-connection-hash: 64041347c6022c3ae9fefa686a3c42c17685b441934852512a318bf353997063
date: Fri, 03 Feb 2023 19:19:31 GMT
server: tsa_o
GET

https://www.twitter.com/bcbsil

chrome.exe

Remote address:

104.244.42.65:443

Request

GET /bcbsil HTTP/2.0
host: www.twitter.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 301

perf: 7626143928
location: https://twitter.com/bcbsil
cache-control: no-cache, no-store, max-age=0
content-length: 0
x-transaction-id: 5923349cc2f91042
x-response-time: 107
x-connection-hash: 5e7884ab71bd16f414d0a29e9178aa8997c1bd62792aa7d70fecd63c88cc7c8f
date: Fri, 03 Feb 2023 19:19:31 GMT
server: tsa_o
DNS

twitter.com

chrome.exe

Remote address:

8.8.8.8:53

Request

twitter.com

IN A

Response

twitter.com

IN A

104.244.42.1

twitter.com

IN A

104.244.42.129
GET

https://twitter.com/bcbsil

chrome.exe

Remote address:

104.244.42.1:443

Request

GET /bcbsil HTTP/2.0
host: twitter.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:19:32 GMT
perf: 7626143928
expiry: Tue, 31 Mar 1981 05:00:00 GMT
pragma: no-cache
server: tsa_o
set-cookie: guest_id=v1%3A167545197205257884; Max-Age=34214400; Expires=Tue, 05 Mar 2024 19:19:32 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None
content-type: text/html; charset=utf-8
x-powered-by: Express
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Fri, 03 Feb 2023 19:19:32 GMT
x-frame-options: DENY
x-transaction-id: 932b7d3d3cc54543
x-xss-protection: 0
x-content-type-options: nosniff
content-security-policy: connect-src 'self' blob: https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://aa.twitter.com https://caps.twitter.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://app.link https://api2.branch.io https://bnc.lt wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://app.link https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js 'nonce-M2JhMDIxMmEtZTA0Ny00ZjdhLThlNmYtZDE3ZTM4MGEzOWIy'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
strict-transport-security: max-age=631138519
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy: unsafe-none
content-encoding: gzip
x-response-time: 138
x-connection-hash: 4efb10da6a05bbe23150020de8900313095e965891750cc3d7d6100565de7bed
GET

https://twitter.com/manifest.json

chrome.exe

Remote address:

104.244.42.1:443

Request

GET /manifest.json HTTP/2.0
host: twitter.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://twitter.com/bcbsil
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guest_id=v1%3A167545197205257884
cookie: gt=1621589218764984320
cookie: ct0=fbe090e809c3a0c5be98a44c8f0f81f0

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:19:38 GMT
etag: W/"bd1-w5CQGg5106s/KnSQmOJq8sR7YvI"
perf: 7626143928
expiry: Tue, 31 Mar 1981 05:00:00 GMT
pragma: no-cache
server: tsa_o
content-type: application/manifest+json; charset=utf-8
x-powered-by: Express
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Fri, 03 Feb 2023 19:19:38 GMT
content-length: 3025
x-frame-options: DENY
x-transaction-id: 995115f11c793568
x-xss-protection: 0
x-content-type-options: nosniff
content-security-policy: connect-src 'self' blob: https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://aa.twitter.com https://caps.twitter.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://app.link https://api2.branch.io https://bnc.lt wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://app.link https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js 'nonce-NWU2YjkzNmUtNTUxZC00YmIwLWI0MDgtNTVmMDkxNmE0M2Q2'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
strict-transport-security: max-age=631138519
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy: unsafe-none
x-response-time: 126
x-connection-hash: 4efb10da6a05bbe23150020de8900313095e965891750cc3d7d6100565de7bed
GET

https://twitter.com/sw.js

chrome.exe

Remote address:

104.244.42.1:443

Request

GET /sw.js HTTP/2.0
host: twitter.com
cache-control: max-age=0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
service-worker: script
sec-fetch-site: same-origin
sec-fetch-mode: same-origin
sec-fetch-dest: serviceworker
referer: https://twitter.com/bcbsil
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guest_id=v1%3A167545197205257884
cookie: gt=1621589218764984320
cookie: ct0=fbe090e809c3a0c5be98a44c8f0f81f0

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:19:41 GMT
etag: W/"f5f3-7lD7ypivf0xdK+ydZUi5wu38FAc"
perf: 7626143928
expiry: Tue, 31 Mar 1981 05:00:00 GMT
pragma: no-cache
server: tsa_o
content-type: application/javascript; charset=utf-8
x-powered-by: Express
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Fri, 03 Feb 2023 19:19:41 GMT
x-frame-options: DENY
x-transaction-id: db54b2d1d4c58b65
x-xss-protection: 0
x-content-type-options: nosniff
content-security-policy: connect-src 'self' blob: https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://aa.twitter.com https://caps.twitter.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://app.link https://api2.branch.io https://bnc.lt wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://app.link https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js 'nonce-NDY4MDVhNzEtYmZmOC00ODk2LWFlNzYtOWFhODMzMTc2ZmQy'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
strict-transport-security: max-age=631138519
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy: unsafe-none
content-encoding: gzip
content-length: 8373
x-response-time: 126
x-connection-hash: 4efb10da6a05bbe23150020de8900313095e965891750cc3d7d6100565de7bed
GET

https://twitter.com/manifest.json

chrome.exe

Remote address:

104.244.42.1:443

Request

GET /manifest.json HTTP/2.0
host: twitter.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://twitter.com/sw.js
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guest_id=v1%3A167545197205257884
cookie: gt=1621589218764984320
cookie: ct0=fbe090e809c3a0c5be98a44c8f0f81f0

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:19:41 GMT
etag: W/"bd1-w5CQGg5106s/KnSQmOJq8sR7YvI"
perf: 7626143928
expiry: Tue, 31 Mar 1981 05:00:00 GMT
pragma: no-cache
server: tsa_o
content-type: application/manifest+json; charset=utf-8
x-powered-by: Express
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Fri, 03 Feb 2023 19:19:41 GMT
content-length: 3025
x-frame-options: DENY
x-transaction-id: 10b1649f4ddf241f
x-xss-protection: 0
x-content-type-options: nosniff
content-security-policy: connect-src 'self' blob: https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://aa.twitter.com https://caps.twitter.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://app.link https://api2.branch.io https://bnc.lt wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://app.link https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js 'nonce-ZmViNjJlY2UtMzIxOS00MDAzLWI5NjAtZDA4Y2JlOTYyMmUx'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
strict-transport-security: max-age=631138519
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy: unsafe-none
x-response-time: 116
x-connection-hash: 4efb10da6a05bbe23150020de8900313095e965891750cc3d7d6100565de7bed
GET

https://twitter.com/home?precache=1

chrome.exe

Remote address:

104.244.42.1:443

Request

GET /home?precache=1 HTTP/2.0
host: twitter.com
pragma: no-cache
cache-control: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: same-origin
sec-fetch-dest: empty
referer: https://twitter.com/sw.js
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guest_id=v1%3A167545197205257884
cookie: gt=1621589218764984320
cookie: ct0=fbe090e809c3a0c5be98a44c8f0f81f0

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:19:41 GMT
perf: 7626143928
expiry: Tue, 31 Mar 1981 05:00:00 GMT
pragma: no-cache
server: tsa_o
content-type: text/html; charset=utf-8
x-powered-by: Express
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Fri, 03 Feb 2023 19:19:41 GMT
x-frame-options: DENY
x-transaction-id: fafc0b7d764f44af
x-xss-protection: 0
x-content-type-options: nosniff
content-security-policy: connect-src 'self' blob: https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api-stream.twitter.com https://ads-api.twitter.com https://aa.twitter.com https://caps.twitter.com https://pay.twitter.com https://sentry.io https://ton.twitter.com https://twitter.com https://upload.twitter.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://app.link https://api2.branch.io https://bnc.lt wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://mobile.twitter.com https://pay.twitter.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://ton.twitter.com https://*.twimg.com https://analytics.twitter.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://app.link https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js 'nonce-MmFhYWFkYzktNWI0ZS00NmJlLTkxMGYtNjQ2MjdhNTVkYzYx'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false
strict-transport-security: max-age=631138519
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy: unsafe-none
content-encoding: gzip
x-response-time: 128
x-connection-hash: 4efb10da6a05bbe23150020de8900313095e965891750cc3d7d6100565de7bed
DNS

dns.google

chrome.exe

Remote address:

8.8.8.8:53

Request

dns.google

IN A

Response

dns.google

IN A

8.8.4.4

dns.google

IN A

8.8.8.8
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABBnVwZGF0ZQpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAE4ADABKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABBnVwZGF0ZQpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAE4ADABKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA2FicwV0d2ltZwNjb20AAAEAAQAAKRAAAAAAAABWAAwAUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA2FicwV0d2ltZwNjb20AAAEAAQAAKRAAAAAAAABWAAwAUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3BicwV0d2ltZwNjb20AAAEAAQAAKRAAAAAAAABWAAwAUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3BicwV0d2ltZwNjb20AAAEAAQAAKRAAAAAAAABWAAwAUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA2FwaQd0d2l0dGVyA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA2FwaQd0d2l0dGVyA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABAXQCY28AAAEAAQAAKRAAAAAAAABfAAwAWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABAXQCY28AAAEAAQAAKRAAAAAAAABfAAwAWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABBXZpZGVvBXR3aW1nA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABBXZpZGVvBXR3aW1nA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3NzbAdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3NzbAdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABB2FwcGxlaWQJY2RuLWFwcGxlA2NvbQAAAQABAAApEAAAAAAAAE4ADABKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABB2FwcGxlaWQJY2RuLWFwcGxlA2NvbQAAAQABAAApEAAAAAAAAE4ADABKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABEGNvbnRlbnQtYXV0b2ZpbGwKZ29vZ2xlYXBpcwNjb20AAAEAAQAAKRAAAAAAAABEAAwAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABEGNvbnRlbnQtYXV0b2ZpbGwKZ29vZ2xlYXBpcwNjb20AAAEAAQAAKRAAAAAAAABEAAwAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABBWZvbnRzB2dzdGF0aWMDY29tAAABAAEAACkQAAAAAAAAUgAMAE4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABBWZvbnRzB2dzdGF0aWMDY29tAAABAAEAACkQAAAAAAAAUgAMAE4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABBWFicy0wBXR3aW1nA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABBWFicy0wBXR3aW1nA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABBHBsYXkGZ29vZ2xlA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABBHBsYXkGZ29vZ2xlA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
POST

https://api.twitter.com/1.1/jot/client_event.json?keepalive=false

chrome.exe

Remote address:

104.244.42.66:443

Request

POST /1.1/jot/client_event.json?keepalive=false HTTP/2.0
host: api.twitter.com
content-length: 152
authorization: Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA
x-twitter-client-language: en
x-csrf-token: fbe090e809c3a0c5be98a44c8f0f81f0
x-guest-token: 1621589218764984320
x-twitter-active-user: yes
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
content-type: application/x-www-form-urlencoded
accept: */*
origin: https://twitter.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guest_id=v1%3A167545197205257884
cookie: gt=1621589218764984320
cookie: ct0=fbe090e809c3a0c5be98a44c8f0f81f0

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:19:37 GMT
perf: 7626143928
pragma: no-cache
server: tsa_o
expires: Tue, 31 Mar 1981 05:00:00 GMT
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Fri, 03 Feb 2023 19:19:37 GMT
x-transaction: 7182dfb7536df322
content-length: 0
x-frame-options: SAMEORIGIN
x-transaction-id: 7182dfb7536df322
x-xss-protection: 0
x-content-type-options: nosniff
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-response-time: 113
x-connection-hash: 064adf0dd4142215ecd10bdc787b5296060f36a2898e1b33de8e84ff5f56c1d3
POST

https://api.twitter.com/1.1/jot/client_event.json?keepalive=false

chrome.exe

Remote address:

104.244.42.66:443

Request

POST /1.1/jot/client_event.json?keepalive=false HTTP/2.0
host: api.twitter.com
content-length: 1302
authorization: Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA
x-twitter-client-language: en
x-csrf-token: fbe090e809c3a0c5be98a44c8f0f81f0
x-guest-token: 1621589218764984320
x-twitter-active-user: yes
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
content-type: application/x-www-form-urlencoded
accept: */*
origin: https://twitter.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guest_id=v1%3A167545197205257884
cookie: gt=1621589218764984320
cookie: ct0=fbe090e809c3a0c5be98a44c8f0f81f0

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:19:38 GMT
perf: 7626143928
pragma: no-cache
server: tsa_o
expires: Tue, 31 Mar 1981 05:00:00 GMT
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Fri, 03 Feb 2023 19:19:38 GMT
x-transaction: 8b62b065c7dbdf69
content-length: 0
x-frame-options: SAMEORIGIN
x-transaction-id: 8b62b065c7dbdf69
x-xss-protection: 0
x-content-type-options: nosniff
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-response-time: 125
x-connection-hash: 064adf0dd4142215ecd10bdc787b5296060f36a2898e1b33de8e84ff5f56c1d3
GET

https://api.twitter.com/1.1/hashflags.json

chrome.exe

Remote address:

104.244.42.66:443

Request

GET /1.1/hashflags.json HTTP/2.0
host: api.twitter.com
authorization: Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA
x-twitter-client-language: en
x-csrf-token: fbe090e809c3a0c5be98a44c8f0f81f0
x-guest-token: 1621589218764984320
x-twitter-active-user: yes
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
origin: https://twitter.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guest_id=v1%3A167545197205257884
cookie: gt=1621589218764984320
cookie: ct0=fbe090e809c3a0c5be98a44c8f0f81f0

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:19:40 GMT
etag: a0082055e62fb4fb70c7141c742c1224
perf: 7626143928
server: tsa_o
content-type: application/json; charset=utf-8
cache-control: public, max-age=1800
content-length: 31166
content-encoding: gzip
x-transaction-id: 209c864014647c0e
strict-transport-security: max-age=631138519
access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-response-time: 226
x-connection-hash: 064adf0dd4142215ecd10bdc787b5296060f36a2898e1b33de8e84ff5f56c1d3
POST

https://api.twitter.com/1.1/jot/client_event.json?keepalive=false

chrome.exe

Remote address:

104.244.42.66:443

Request

POST /1.1/jot/client_event.json?keepalive=false HTTP/2.0
host: api.twitter.com
content-length: 428
authorization: Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA
x-twitter-client-language: en
x-csrf-token: fbe090e809c3a0c5be98a44c8f0f81f0
x-guest-token: 1621589218764984320
x-twitter-active-user: yes
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
content-type: application/x-www-form-urlencoded
accept: */*
origin: https://twitter.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guest_id=v1%3A167545197205257884
cookie: gt=1621589218764984320
cookie: ct0=fbe090e809c3a0c5be98a44c8f0f81f0

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:19:41 GMT
perf: 7626143928
pragma: no-cache
server: tsa_o
expires: Tue, 31 Mar 1981 05:00:00 GMT
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Fri, 03 Feb 2023 19:19:41 GMT
x-transaction: 88f00392bfca6c6a
content-length: 0
x-frame-options: SAMEORIGIN
x-transaction-id: 88f00392bfca6c6a
x-xss-protection: 0
x-content-type-options: nosniff
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-response-time: 117
x-connection-hash: 064adf0dd4142215ecd10bdc787b5296060f36a2898e1b33de8e84ff5f56c1d3
POST

https://api.twitter.com/1.1/attribution/event.json

chrome.exe

Remote address:

104.244.42.66:443

Request

POST /1.1/attribution/event.json HTTP/2.0
host: api.twitter.com
content-length: 16
authorization: Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA
x-twitter-client-language: en
x-csrf-token: fbe090e809c3a0c5be98a44c8f0f81f0
x-guest-token: 1621589218764984320
x-twitter-active-user: yes
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
content-type: application/json
accept: */*
origin: https://twitter.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guest_id=v1%3A167545197205257884
cookie: gt=1621589218764984320
cookie: ct0=fbe090e809c3a0c5be98a44c8f0f81f0

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:19:40 GMT
perf: 7626143928
pragma: no-cache
server: tsa_o
expires: Tue, 31 Mar 1981 05:00:00 GMT
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Fri, 03 Feb 2023 19:19:41 GMT
content-length: 68
x-frame-options: SAMEORIGIN
content-encoding: gzip
x-transaction-id: 2e3ab81e2c90699b
x-xss-protection: 0
x-rate-limit-limit: 900
x-rate-limit-reset: 1675452881
content-disposition: attachment; filename=json.json
x-content-type-options: nosniff
x-rate-limit-remaining: 899
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-response-time: 113
x-connection-hash: 064adf0dd4142215ecd10bdc787b5296060f36a2898e1b33de8e84ff5f56c1d3
GET

https://api.twitter.com/graphql/hVhfo_TquFTmgL7gYwf91Q/UserByScreenName?variables=%7B%22screen_name%22%3A%22bcbsil%22%2C%22withSafetyModeUserFields%22%3Atrue%2C%22withSuperFollowsUserFields%22%3Atrue%7D&features=%7B%22responsive_web_twitter_blue_verified_badge_is_enabled%22%3Atrue%2C%22verified_phone_label_enabled%22%3Afalse%2C%22responsive_web_graphql_timeline_navigation_enabled%22%3Atrue%7D

chrome.exe

Remote address:

104.244.42.66:443

Request

GET /graphql/hVhfo_TquFTmgL7gYwf91Q/UserByScreenName?variables=%7B%22screen_name%22%3A%22bcbsil%22%2C%22withSafetyModeUserFields%22%3Atrue%2C%22withSuperFollowsUserFields%22%3Atrue%7D&features=%7B%22responsive_web_twitter_blue_verified_badge_is_enabled%22%3Atrue%2C%22verified_phone_label_enabled%22%3Afalse%2C%22responsive_web_graphql_timeline_navigation_enabled%22%3Atrue%7D HTTP/2.0
host: api.twitter.com
authorization: Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA
x-twitter-client-language: en
x-csrf-token: fbe090e809c3a0c5be98a44c8f0f81f0
x-guest-token: 1621589218764984320
x-twitter-active-user: yes
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
content-type: application/json
accept: */*
origin: https://twitter.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guest_id=v1%3A167545197205257884
cookie: gt=1621589218764984320
cookie: ct0=fbe090e809c3a0c5be98a44c8f0f81f0

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:19:42 GMT
perf: 7626143928
vary: Origin
pragma: no-cache
server: tsa_o
expires: Tue, 31 Mar 1981 05:00:00 GMT
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Fri, 03 Feb 2023 19:19:42 GMT
content-length: 1321
x-frame-options: SAMEORIGIN
content-encoding: gzip
x-transaction-id: 5f30e0920e97b792
x-xss-protection: 0
x-rate-limit-limit: 500
x-rate-limit-reset: 1675452882
content-disposition: attachment; filename=json.json
x-tfe-preserve-body: true
x-content-type-options: nosniff
x-rate-limit-remaining: 499
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-response-time: 150
x-connection-hash: 064adf0dd4142215ecd10bdc787b5296060f36a2898e1b33de8e84ff5f56c1d3
POST

https://api.twitter.com/1.1/jot/client_event.json?keepalive=false

chrome.exe

Remote address:

104.244.42.66:443

Request

POST /1.1/jot/client_event.json?keepalive=false HTTP/2.0
host: api.twitter.com
content-length: 741
authorization: Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA
x-twitter-client-language: en
x-csrf-token: fbe090e809c3a0c5be98a44c8f0f81f0
x-guest-token: 1621589218764984320
x-twitter-active-user: yes
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
content-type: application/x-www-form-urlencoded
accept: */*
origin: https://twitter.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guest_id=v1%3A167545197205257884
cookie: gt=1621589218764984320
cookie: ct0=fbe090e809c3a0c5be98a44c8f0f81f0

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:19:42 GMT
perf: 7626143928
pragma: no-cache
server: tsa_o
expires: Tue, 31 Mar 1981 05:00:00 GMT
content-type: application/octet-stream
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Fri, 03 Feb 2023 19:19:43 GMT
content-length: 124
x-frame-options: SAMEORIGIN
x-transaction-id: 08d58d99f8a3add4
x-xss-protection: 0
x-content-type-options: nosniff
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-response-time: 112
x-connection-hash: 064adf0dd4142215ecd10bdc787b5296060f36a2898e1b33de8e84ff5f56c1d3
POST

https://api.twitter.com/1.1/jot/ces/p2

chrome.exe

Remote address:

104.244.42.66:443

Request

POST /1.1/jot/ces/p2 HTTP/2.0
host: api.twitter.com
content-length: 533
authorization: Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA
x-twitter-client-language: en
x-csrf-token: fbe090e809c3a0c5be98a44c8f0f81f0
x-guest-token: 1621589218764984320
x-twitter-active-user: yes
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
content-type: application/twitter.web.thrift.json
accept: */*
origin: https://twitter.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guest_id=v1%3A167545197205257884
cookie: gt=1621589218764984320
cookie: ct0=fbe090e809c3a0c5be98a44c8f0f81f0

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:19:42 GMT
perf: 7626143928
pragma: no-cache
server: tsa_o
expires: Tue, 31 Mar 1981 05:00:00 GMT
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Fri, 03 Feb 2023 19:19:43 GMT
x-transaction: 263f989cbe7001b4
content-length: 0
x-frame-options: SAMEORIGIN
x-transaction-id: 263f989cbe7001b4
x-xss-protection: 0
x-content-type-options: nosniff
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-response-time: 121
x-connection-hash: 064adf0dd4142215ecd10bdc787b5296060f36a2898e1b33de8e84ff5f56c1d3
GET

https://api.twitter.com/graphql/mi_IjXgFyr41N9zkszPz9w/UserByRestId?variables=%7B%22userId%22%3A%2216312904%22%2C%22withSafetyModeUserFields%22%3Atrue%2C%22withSuperFollowsUserFields%22%3Atrue%7D&features=%7B%22responsive_web_twitter_blue_verified_badge_is_enabled%22%3Atrue%2C%22verified_phone_label_enabled%22%3Afalse%2C%22responsive_web_graphql_timeline_navigation_enabled%22%3Atrue%7D

chrome.exe

Remote address:

104.244.42.66:443

Request

GET /graphql/mi_IjXgFyr41N9zkszPz9w/UserByRestId?variables=%7B%22userId%22%3A%2216312904%22%2C%22withSafetyModeUserFields%22%3Atrue%2C%22withSuperFollowsUserFields%22%3Atrue%7D&features=%7B%22responsive_web_twitter_blue_verified_badge_is_enabled%22%3Atrue%2C%22verified_phone_label_enabled%22%3Afalse%2C%22responsive_web_graphql_timeline_navigation_enabled%22%3Atrue%7D HTTP/2.0
host: api.twitter.com
authorization: Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA
x-twitter-client-language: en
x-csrf-token: fbe090e809c3a0c5be98a44c8f0f81f0
x-guest-token: 1621589218764984320
x-twitter-active-user: yes
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
content-type: application/json
accept: */*
origin: https://twitter.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guest_id=v1%3A167545197205257884
cookie: gt=1621589218764984320
cookie: ct0=fbe090e809c3a0c5be98a44c8f0f81f0

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:19:42 GMT
perf: 7626143928
vary: Origin
pragma: no-cache
server: tsa_o
expires: Tue, 31 Mar 1981 05:00:00 GMT
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Fri, 03 Feb 2023 19:19:43 GMT
content-length: 1164
x-frame-options: SAMEORIGIN
content-encoding: gzip
x-transaction-id: 15e4c088cbd6b8c8
x-xss-protection: 0
x-rate-limit-limit: 500
x-rate-limit-reset: 1675452883
content-disposition: attachment; filename=json.json
x-tfe-preserve-body: true
x-content-type-options: nosniff
x-rate-limit-remaining: 499
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-response-time: 127
x-connection-hash: 064adf0dd4142215ecd10bdc787b5296060f36a2898e1b33de8e84ff5f56c1d3
POST

https://api.twitter.com/1.1/jot/client_event.json?keepalive=false

chrome.exe

Remote address:

104.244.42.66:443

Request

POST /1.1/jot/client_event.json?keepalive=false HTTP/2.0
host: api.twitter.com
content-length: 2874
authorization: Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA
x-twitter-client-language: en
x-csrf-token: fbe090e809c3a0c5be98a44c8f0f81f0
x-guest-token: 1621589218764984320
x-twitter-active-user: yes
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
content-type: application/x-www-form-urlencoded
accept: */*
origin: https://twitter.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guest_id=v1%3A167545197205257884
cookie: gt=1621589218764984320
cookie: ct0=fbe090e809c3a0c5be98a44c8f0f81f0

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:19:43 GMT
perf: 7626143928
pragma: no-cache
server: tsa_o
expires: Tue, 31 Mar 1981 05:00:00 GMT
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Fri, 03 Feb 2023 19:19:44 GMT
x-transaction: 039f5e52ac37e767
content-length: 0
x-frame-options: SAMEORIGIN
x-transaction-id: 039f5e52ac37e767
x-xss-protection: 0
x-content-type-options: nosniff
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-response-time: 113
x-connection-hash: 064adf0dd4142215ecd10bdc787b5296060f36a2898e1b33de8e84ff5f56c1d3
GET

https://api.twitter.com/graphql/sj-BEQ0Jq5AwrydqFstdvg/UserTweets?variables=%7B%22userId%22%3A%2216312904%22%2C%22count%22%3A40%2C%22includePromotedContent%22%3Atrue%2C%22withQuickPromoteEligibilityTweetFields%22%3Atrue%2C%22withSuperFollowsUserFields%22%3Atrue%2C%22withDownvotePerspective%22%3Afalse%2C%22withReactionsMetadata%22%3Afalse%2C%22withReactionsPerspective%22%3Afalse%2C%22withSuperFollowsTweetFields%22%3Atrue%2C%22withVoice%22%3Atrue%2C%22withV2Timeline%22%3Atrue%7D&features=%7B%22responsive_web_twitter_blue_verified_badge_is_enabled%22%3Atrue%2C%22verified_phone_label_enabled%22%3Afalse%2C%22responsive_web_graphql_timeline_navigation_enabled%22%3Atrue%2C%22longform_notetweets_consumption_enabled%22%3Atrue%2C%22tweetypie_unmention_optimization_enabled%22%3Atrue%2C%22vibe_api_enabled%22%3Atrue%2C%22responsive_web_edit_tweet_api_enabled%22%3Atrue%2C%22graphql_is_translatable_rweb_tweet_is_translatable_enabled%22%3Atrue%2C%22view_counts_everywhere_api_enabled%22%3Atrue%2C%22standardized_nudges_misinfo%22%3Atrue%2C%22tweet_with_visibility_results_prefer_gql_limited_actions_policy_enabled%22%3Afalse%2C%22interactive_text_enabled%22%3Atrue%2C%22responsive_web_text_conversations_enabled%22%3Afalse%2C%22responsive_web_enhance_cards_enabled%22%3Afalse%7D

chrome.exe

Remote address:

104.244.42.66:443

Request

GET /graphql/sj-BEQ0Jq5AwrydqFstdvg/UserTweets?variables=%7B%22userId%22%3A%2216312904%22%2C%22count%22%3A40%2C%22includePromotedContent%22%3Atrue%2C%22withQuickPromoteEligibilityTweetFields%22%3Atrue%2C%22withSuperFollowsUserFields%22%3Atrue%2C%22withDownvotePerspective%22%3Afalse%2C%22withReactionsMetadata%22%3Afalse%2C%22withReactionsPerspective%22%3Afalse%2C%22withSuperFollowsTweetFields%22%3Atrue%2C%22withVoice%22%3Atrue%2C%22withV2Timeline%22%3Atrue%7D&features=%7B%22responsive_web_twitter_blue_verified_badge_is_enabled%22%3Atrue%2C%22verified_phone_label_enabled%22%3Afalse%2C%22responsive_web_graphql_timeline_navigation_enabled%22%3Atrue%2C%22longform_notetweets_consumption_enabled%22%3Atrue%2C%22tweetypie_unmention_optimization_enabled%22%3Atrue%2C%22vibe_api_enabled%22%3Atrue%2C%22responsive_web_edit_tweet_api_enabled%22%3Atrue%2C%22graphql_is_translatable_rweb_tweet_is_translatable_enabled%22%3Atrue%2C%22view_counts_everywhere_api_enabled%22%3Atrue%2C%22standardized_nudges_misinfo%22%3Atrue%2C%22tweet_with_visibility_results_prefer_gql_limited_actions_policy_enabled%22%3Afalse%2C%22interactive_text_enabled%22%3Atrue%2C%22responsive_web_text_conversations_enabled%22%3Afalse%2C%22responsive_web_enhance_cards_enabled%22%3Afalse%7D HTTP/2.0
host: api.twitter.com
authorization: Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA
x-twitter-client-language: en
x-csrf-token: fbe090e809c3a0c5be98a44c8f0f81f0
x-guest-token: 1621589218764984320
x-twitter-active-user: yes
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
content-type: application/json
accept: */*
origin: https://twitter.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guest_id=v1%3A167545197205257884
cookie: gt=1621589218764984320
cookie: ct0=fbe090e809c3a0c5be98a44c8f0f81f0

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:19:44 GMT
perf: 7626143928
vary: Origin
pragma: no-cache
server: tsa_o
expires: Tue, 31 Mar 1981 05:00:00 GMT
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Fri, 03 Feb 2023 19:19:44 GMT
content-length: 83
x-frame-options: SAMEORIGIN
content-encoding: gzip
x-transaction-id: 676a26bef8be893f
x-xss-protection: 0
x-rate-limit-limit: 500
x-rate-limit-reset: 1675452884
content-disposition: attachment; filename=json.json
x-tfe-preserve-body: true
x-content-type-options: nosniff
x-rate-limit-remaining: 499
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-response-time: 142
x-connection-hash: 064adf0dd4142215ecd10bdc787b5296060f36a2898e1b33de8e84ff5f56c1d3
GET

https://api.twitter.com/graphql/LsL6YcDRR1EWy6Ojp9zeMA/UserMedia?variables=%7B%22userId%22%3A%2216312904%22%2C%22count%22%3A20%2C%22includePromotedContent%22%3Afalse%2C%22withSuperFollowsUserFields%22%3Atrue%2C%22withDownvotePerspective%22%3Afalse%2C%22withReactionsMetadata%22%3Afalse%2C%22withReactionsPerspective%22%3Afalse%2C%22withSuperFollowsTweetFields%22%3Atrue%2C%22withClientEventToken%22%3Afalse%2C%22withBirdwatchNotes%22%3Afalse%2C%22withVoice%22%3Atrue%2C%22withV2Timeline%22%3Atrue%7D&features=%7B%22responsive_web_twitter_blue_verified_badge_is_enabled%22%3Atrue%2C%22verified_phone_label_enabled%22%3Afalse%2C%22responsive_web_graphql_timeline_navigation_enabled%22%3Atrue%2C%22longform_notetweets_consumption_enabled%22%3Atrue%2C%22tweetypie_unmention_optimization_enabled%22%3Atrue%2C%22vibe_api_enabled%22%3Atrue%2C%22responsive_web_edit_tweet_api_enabled%22%3Atrue%2C%22graphql_is_translatable_rweb_tweet_is_translatable_enabled%22%3Atrue%2C%22view_counts_everywhere_api_enabled%22%3Atrue%2C%22standardized_nudges_misinfo%22%3Atrue%2C%22tweet_with_visibility_results_prefer_gql_limited_actions_policy_enabled%22%3Afalse%2C%22interactive_text_enabled%22%3Atrue%2C%22responsive_web_text_conversations_enabled%22%3Afalse%2C%22responsive_web_enhance_cards_enabled%22%3Afalse%7D

chrome.exe

Remote address:

104.244.42.66:443

Request

GET /graphql/LsL6YcDRR1EWy6Ojp9zeMA/UserMedia?variables=%7B%22userId%22%3A%2216312904%22%2C%22count%22%3A20%2C%22includePromotedContent%22%3Afalse%2C%22withSuperFollowsUserFields%22%3Atrue%2C%22withDownvotePerspective%22%3Afalse%2C%22withReactionsMetadata%22%3Afalse%2C%22withReactionsPerspective%22%3Afalse%2C%22withSuperFollowsTweetFields%22%3Atrue%2C%22withClientEventToken%22%3Afalse%2C%22withBirdwatchNotes%22%3Afalse%2C%22withVoice%22%3Atrue%2C%22withV2Timeline%22%3Atrue%7D&features=%7B%22responsive_web_twitter_blue_verified_badge_is_enabled%22%3Atrue%2C%22verified_phone_label_enabled%22%3Afalse%2C%22responsive_web_graphql_timeline_navigation_enabled%22%3Atrue%2C%22longform_notetweets_consumption_enabled%22%3Atrue%2C%22tweetypie_unmention_optimization_enabled%22%3Atrue%2C%22vibe_api_enabled%22%3Atrue%2C%22responsive_web_edit_tweet_api_enabled%22%3Atrue%2C%22graphql_is_translatable_rweb_tweet_is_translatable_enabled%22%3Atrue%2C%22view_counts_everywhere_api_enabled%22%3Atrue%2C%22standardized_nudges_misinfo%22%3Atrue%2C%22tweet_with_visibility_results_prefer_gql_limited_actions_policy_enabled%22%3Afalse%2C%22interactive_text_enabled%22%3Atrue%2C%22responsive_web_text_conversations_enabled%22%3Afalse%2C%22responsive_web_enhance_cards_enabled%22%3Afalse%7D HTTP/2.0
host: api.twitter.com
authorization: Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA
x-twitter-client-language: en
x-csrf-token: fbe090e809c3a0c5be98a44c8f0f81f0
x-guest-token: 1621589218764984320
x-twitter-active-user: yes
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
content-type: application/json
accept: */*
origin: https://twitter.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guest_id=v1%3A167545197205257884
cookie: gt=1621589218764984320
cookie: ct0=fbe090e809c3a0c5be98a44c8f0f81f0

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:19:45 GMT
perf: 7626143928
pragma: no-cache
server: tsa_o
expires: Tue, 31 Mar 1981 05:00:00 GMT
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Fri, 03 Feb 2023 19:19:45 GMT
content-length: 1867
x-frame-options: SAMEORIGIN
content-encoding: gzip
x-transaction-id: b815c36f0d7b6d2d
x-xss-protection: 0
x-rate-limit-limit: 60
x-rate-limit-reset: 1675452885
content-disposition: attachment; filename=json.json
x-content-type-options: nosniff
x-rate-limit-remaining: 59
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-response-time: 184
x-connection-hash: 064adf0dd4142215ecd10bdc787b5296060f36a2898e1b33de8e84ff5f56c1d3
GET

https://api.twitter.com/1.1/users/recommendations.json?include_profile_interstitial_type=1&include_blocking=1&include_blocked_by=1&include_followed_by=1&include_want_retweets=1&include_mute_edge=1&include_can_dm=1&include_can_media_tag=1&include_ext_has_nft_avatar=1&include_ext_is_blue_verified=1&include_ext_verified_type=1&skip_status=1&&pc=true&display_location=profile_accounts_sidebar&limit=4&user_id=16312904&ext=mediaStats%2ChighlightedLabel%2ChasNftAvatar%2CvoiceInfo%2Cenrichments%2CsuperFollowMetadata%2CunmentionInfo%2CeditControl%2Ccollab_control%2Cvibe

chrome.exe

Remote address:

104.244.42.66:443

Request

GET /1.1/users/recommendations.json?include_profile_interstitial_type=1&include_blocking=1&include_blocked_by=1&include_followed_by=1&include_want_retweets=1&include_mute_edge=1&include_can_dm=1&include_can_media_tag=1&include_ext_has_nft_avatar=1&include_ext_is_blue_verified=1&include_ext_verified_type=1&skip_status=1&&pc=true&display_location=profile_accounts_sidebar&limit=4&user_id=16312904&ext=mediaStats%2ChighlightedLabel%2ChasNftAvatar%2CvoiceInfo%2Cenrichments%2CsuperFollowMetadata%2CunmentionInfo%2CeditControl%2Ccollab_control%2Cvibe HTTP/2.0
host: api.twitter.com
authorization: Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA
x-twitter-client-language: en
x-csrf-token: fbe090e809c3a0c5be98a44c8f0f81f0
x-guest-token: 1621589218764984320
x-twitter-active-user: yes
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
origin: https://twitter.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guest_id=v1%3A167545197205257884
cookie: gt=1621589218764984320
cookie: ct0=fbe090e809c3a0c5be98a44c8f0f81f0

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:19:44 GMT
perf: 7626143928
vary: Origin
pragma: no-cache
server: tsa_o
expires: Tue, 31 Mar 1981 05:00:00 GMT
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Fri, 03 Feb 2023 19:19:45 GMT
content-length: 21070
x-frame-options: SAMEORIGIN
content-encoding: br
x-transaction-id: f04406292edb26b8
x-xss-protection: 0
x-rate-limit-limit: 500
x-rate-limit-reset: 1675452884
content-disposition: attachment; filename=json.json
x-tfe-preserve-body: true
x-content-type-options: nosniff
x-rate-limit-remaining: 499
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-response-time: 852
x-connection-hash: 064adf0dd4142215ecd10bdc787b5296060f36a2898e1b33de8e84ff5f56c1d3
GET

https://api.twitter.com/2/guide.json?include_profile_interstitial_type=1&include_blocking=1&include_blocked_by=1&include_followed_by=1&include_want_retweets=1&include_mute_edge=1&include_can_dm=1&include_can_media_tag=1&include_ext_has_nft_avatar=1&include_ext_is_blue_verified=1&include_ext_verified_type=1&skip_status=1&cards_platform=Web-12&include_cards=1&include_ext_alt_text=true&include_ext_limited_action_results=false&include_quote_count=true&include_reply_count=1&tweet_mode=extended&include_ext_collab_control=true&include_ext_views=true&include_entities=true&include_user_entities=true&include_ext_media_color=true&include_ext_media_availability=true&include_ext_sensitive_media_warning=true&include_ext_trusted_friends_metadata=true&send_error_codes=true&simple_quoted_tweet=true&count=20&requestContext=launch&display_location=web_sidebar&include_page_configuration=false&profile_user_id=16312904&entity_tokens=false&ext=mediaStats%2ChighlightedLabel%2ChasNftAvatar%2CvoiceInfo%2Cenrichments%2CsuperFollowMetadata%2CunmentionInfo%2CeditControl%2Ccollab_control%2Cvibe

chrome.exe

Remote address:

104.244.42.66:443

Request

GET /2/guide.json?include_profile_interstitial_type=1&include_blocking=1&include_blocked_by=1&include_followed_by=1&include_want_retweets=1&include_mute_edge=1&include_can_dm=1&include_can_media_tag=1&include_ext_has_nft_avatar=1&include_ext_is_blue_verified=1&include_ext_verified_type=1&skip_status=1&cards_platform=Web-12&include_cards=1&include_ext_alt_text=true&include_ext_limited_action_results=false&include_quote_count=true&include_reply_count=1&tweet_mode=extended&include_ext_collab_control=true&include_ext_views=true&include_entities=true&include_user_entities=true&include_ext_media_color=true&include_ext_media_availability=true&include_ext_sensitive_media_warning=true&include_ext_trusted_friends_metadata=true&send_error_codes=true&simple_quoted_tweet=true&count=20&requestContext=launch&display_location=web_sidebar&include_page_configuration=false&profile_user_id=16312904&entity_tokens=false&ext=mediaStats%2ChighlightedLabel%2ChasNftAvatar%2CvoiceInfo%2Cenrichments%2CsuperFollowMetadata%2CunmentionInfo%2CeditControl%2Ccollab_control%2Cvibe HTTP/2.0
host: api.twitter.com
authorization: Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA
x-twitter-client-language: en
x-csrf-token: fbe090e809c3a0c5be98a44c8f0f81f0
x-guest-token: 1621589218764984320
x-twitter-active-user: yes
x-twitter-utcoffset: +0000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept: */*
origin: https://twitter.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guest_id=v1%3A167545197205257884
cookie: gt=1621589218764984320
cookie: ct0=fbe090e809c3a0c5be98a44c8f0f81f0

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:19:45 GMT
perf: 7626143928
pragma: no-cache
server: tsa_o
expires: Tue, 31 Mar 1981 05:00:00 GMT
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Fri, 03 Feb 2023 19:19:45 GMT
content-length: 81
x-frame-options: SAMEORIGIN
content-encoding: gzip
x-transaction-id: d85747b474c36a04
x-xss-protection: 0
content-disposition: attachment; filename=json.json
x-content-type-options: nosniff
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-response-time: 111
x-connection-hash: 064adf0dd4142215ecd10bdc787b5296060f36a2898e1b33de8e84ff5f56c1d3
POST

https://api.twitter.com/1.1/onboarding/sso_init.json

chrome.exe

Remote address:

104.244.42.66:443

Request

POST /1.1/onboarding/sso_init.json HTTP/2.0
host: api.twitter.com
content-length: 20
authorization: Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA
x-twitter-client-language: en
x-csrf-token: fbe090e809c3a0c5be98a44c8f0f81f0
x-guest-token: 1621589218764984320
x-twitter-active-user: yes
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
content-type: application/json
accept: */*
origin: https://twitter.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guest_id=v1%3A167545197205257884
cookie: gt=1621589218764984320
cookie: ct0=fbe090e809c3a0c5be98a44c8f0f81f0

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:19:45 GMT
perf: 7626143928
pragma: no-cache
server: tsa_o
expires: Tue, 31 Mar 1981 05:00:00 GMT
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Fri, 03 Feb 2023 19:19:45 GMT
content-length: 2580
x-frame-options: SAMEORIGIN
content-encoding: br
x-transaction-id: d07a1fbd75de3aac
x-xss-protection: 0
x-rate-limit-limit: 20000
x-rate-limit-reset: 1675452885
content-disposition: attachment; filename=json.json
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
x-content-type-options: nosniff
x-rate-limit-remaining: 19999
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-response-time: 330
x-connection-hash: 064adf0dd4142215ecd10bdc787b5296060f36a2898e1b33de8e84ff5f56c1d3
POST

https://api.twitter.com/1.1/jot/client_event.json?keepalive=false

chrome.exe

Remote address:

104.244.42.66:443

Request

POST /1.1/jot/client_event.json?keepalive=false HTTP/2.0
host: api.twitter.com
content-length: 1056
authorization: Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA
x-twitter-client-language: en
x-csrf-token: fbe090e809c3a0c5be98a44c8f0f81f0
x-guest-token: 1621589218764984320
x-twitter-active-user: yes
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
content-type: application/x-www-form-urlencoded
accept: */*
origin: https://twitter.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guest_id=v1%3A167545197205257884
cookie: gt=1621589218764984320
cookie: ct0=fbe090e809c3a0c5be98a44c8f0f81f0

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:19:47 GMT
perf: 7626143928
pragma: no-cache
server: tsa_o
expires: Tue, 31 Mar 1981 05:00:00 GMT
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Fri, 03 Feb 2023 19:19:47 GMT
x-transaction: f5bf0d31516d7d41
content-length: 0
x-frame-options: SAMEORIGIN
x-transaction-id: f5bf0d31516d7d41
x-xss-protection: 0
x-content-type-options: nosniff
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-response-time: 121
x-connection-hash: 064adf0dd4142215ecd10bdc787b5296060f36a2898e1b33de8e84ff5f56c1d3
POST

https://api.twitter.com/1.1/jot/client_event.json?keepalive=false

chrome.exe

Remote address:

104.244.42.66:443

Request

POST /1.1/jot/client_event.json?keepalive=false HTTP/2.0
host: api.twitter.com
content-length: 21817
authorization: Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA
x-twitter-client-language: en
x-csrf-token: fbe090e809c3a0c5be98a44c8f0f81f0
x-guest-token: 1621589218764984320
x-twitter-active-user: yes
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
content-type: application/x-www-form-urlencoded
accept: */*
origin: https://twitter.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guest_id=v1%3A167545197205257884
cookie: gt=1621589218764984320
cookie: ct0=fbe090e809c3a0c5be98a44c8f0f81f0

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:19:47 GMT
perf: 7626143928
pragma: no-cache
server: tsa_o
expires: Tue, 31 Mar 1981 05:00:00 GMT
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Fri, 03 Feb 2023 19:19:47 GMT
x-transaction: 79a8e1dc7f818927
content-length: 0
x-frame-options: SAMEORIGIN
x-transaction-id: 79a8e1dc7f818927
x-xss-protection: 0
x-content-type-options: nosniff
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-response-time: 118
x-connection-hash: 064adf0dd4142215ecd10bdc787b5296060f36a2898e1b33de8e84ff5f56c1d3
POST

https://api.twitter.com/1.1/jot/client_event.json?keepalive=false

chrome.exe

Remote address:

104.244.42.66:443

Request

POST /1.1/jot/client_event.json?keepalive=false HTTP/2.0
host: api.twitter.com
content-length: 735
authorization: Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA
x-twitter-client-language: en
x-csrf-token: fbe090e809c3a0c5be98a44c8f0f81f0
x-guest-token: 1621589218764984320
x-twitter-active-user: yes
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
content-type: application/x-www-form-urlencoded
accept: */*
origin: https://twitter.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guest_id=v1%3A167545197205257884
cookie: gt=1621589218764984320
cookie: ct0=fbe090e809c3a0c5be98a44c8f0f81f0

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:19:47 GMT
perf: 7626143928
pragma: no-cache
server: tsa_o
expires: Tue, 31 Mar 1981 05:00:00 GMT
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Fri, 03 Feb 2023 19:19:47 GMT
x-transaction: 535f4652b840226d
content-length: 0
x-frame-options: SAMEORIGIN
x-transaction-id: 535f4652b840226d
x-xss-protection: 0
x-content-type-options: nosniff
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-response-time: 128
x-connection-hash: 064adf0dd4142215ecd10bdc787b5296060f36a2898e1b33de8e84ff5f56c1d3
POST

https://api.twitter.com/1.1/jot/client_event.json?keepalive=false

chrome.exe

Remote address:

104.244.42.66:443

Request

POST /1.1/jot/client_event.json?keepalive=false HTTP/2.0
host: api.twitter.com
content-length: 1789
authorization: Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA
x-twitter-client-language: en
x-csrf-token: fbe090e809c3a0c5be98a44c8f0f81f0
x-guest-token: 1621589218764984320
x-twitter-active-user: yes
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
content-type: application/x-www-form-urlencoded
accept: */*
origin: https://twitter.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guest_id=v1%3A167545197205257884
cookie: gt=1621589218764984320
cookie: ct0=fbe090e809c3a0c5be98a44c8f0f81f0

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:19:50 GMT
perf: 7626143928
pragma: no-cache
server: tsa_o
expires: Tue, 31 Mar 1981 05:00:00 GMT
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Fri, 03 Feb 2023 19:19:50 GMT
x-transaction: 60f0cd0c6adf19c4
content-length: 0
x-frame-options: SAMEORIGIN
x-transaction-id: 60f0cd0c6adf19c4
x-xss-protection: 0
x-content-type-options: nosniff
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-response-time: 121
x-connection-hash: 064adf0dd4142215ecd10bdc787b5296060f36a2898e1b33de8e84ff5f56c1d3
POST

https://api.twitter.com/1.1/jot/ces/p2

chrome.exe

Remote address:

104.244.42.66:443

Request

POST /1.1/jot/ces/p2 HTTP/2.0
host: api.twitter.com
content-length: 497
authorization: Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA
x-twitter-client-language: en
x-csrf-token: fbe090e809c3a0c5be98a44c8f0f81f0
x-guest-token: 1621589218764984320
x-twitter-active-user: yes
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
content-type: application/twitter.web.thrift.json
accept: */*
origin: https://twitter.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guest_id=v1%3A167545197205257884
cookie: gt=1621589218764984320
cookie: ct0=fbe090e809c3a0c5be98a44c8f0f81f0

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:19:52 GMT
perf: 7626143928
pragma: no-cache
server: tsa_o
expires: Tue, 31 Mar 1981 05:00:00 GMT
content-type: application/octet-stream
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Fri, 03 Feb 2023 19:19:52 GMT
content-length: 124
x-frame-options: SAMEORIGIN
x-transaction-id: b8d656b025409e05
x-xss-protection: 0
x-content-type-options: nosniff
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-response-time: 117
x-connection-hash: 064adf0dd4142215ecd10bdc787b5296060f36a2898e1b33de8e84ff5f56c1d3
POST

https://api.twitter.com/1.1/jot/client_event.json?keepalive=false

chrome.exe

Remote address:

104.244.42.66:443

Request

POST /1.1/jot/client_event.json?keepalive=false HTTP/2.0
host: api.twitter.com
content-length: 489
x-twitter-client-language: en
x-csrf-token: fbe090e809c3a0c5be98a44c8f0f81f0
authorization: Bearer AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA
content-type: application/x-www-form-urlencoded
accept: */*
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
x-guest-token: 1621589218764984320
x-twitter-active-user: yes
origin: https://twitter.com
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guest_id=v1%3A167545197205257884
cookie: gt=1621589218764984320
cookie: ct0=fbe090e809c3a0c5be98a44c8f0f81f0

Response

HTTP/2.0 200

date: Fri, 03 Feb 2023 19:20:44 GMT
perf: 7626143928
pragma: no-cache
server: tsa_o
expires: Tue, 31 Mar 1981 05:00:00 GMT
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
last-modified: Fri, 03 Feb 2023 19:20:44 GMT
x-transaction: 82a6579d9e4ab67c
content-length: 0
x-frame-options: SAMEORIGIN
x-transaction-id: 82a6579d9e4ab67c
x-xss-protection: 0
x-content-type-options: nosniff
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-response-time: 107
x-connection-hash: 064adf0dd4142215ecd10bdc787b5296060f36a2898e1b33de8e84ff5f56c1d3
OPTIONS

https://api.twitter.com/1.1/jot/client_event.json?keepalive=false

chrome.exe

Remote address:

104.244.42.66:443

Request

OPTIONS /1.1/jot/client_event.json?keepalive=false HTTP/2.0
host: api.twitter.com
accept: */*
access-control-request-method: POST
access-control-request-headers: authorization,x-csrf-token,x-guest-token,x-twitter-active-user,x-twitter-client-language
origin: https://twitter.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-allow-methods: HEAD,PUT,GET,POST,DELETE
access-control-allow-headers: X-Web-Auth-Multi-User-Id,X-Contributor-Version,X-Twitter-CESModel-Version,Server,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,Dtab-Local,X-Twitter-Client-Language,If-Modified-Since,X-Twitter-Client,SecurelyOktaToken,X-TD-Iff-Mtime,X-Twitter-Auth-Type,Content-Length,Alt-Used,X-B3-Flags,Cache-Control,X-Transaction-Id,X-TFE-Bot-Test,Content-Type,X-TD-Mtime-Check,Pragma,X-CSRF-Token,X-Twitter-Polling,X-Twitter-Active-User,X-Guest-Token,LivePipeline-Session,X-Twitter-UTCOffset,X-Response-Time,X-Act-As-User-Id,Authorization,X-Contribute-To-User-Id
access-control-max-age: 1728000
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-connection-hash: 5b5c1dfe92a8409ce0e9c69edd8c1694f0a72cc8d8149bcb80be5ca3ae48bd06
date: Fri, 03 Feb 2023 19:19:37 GMT
server: tsa_o
OPTIONS

https://api.twitter.com/1.1/hashflags.json

chrome.exe

Remote address:

104.244.42.66:443

Request

OPTIONS /1.1/hashflags.json HTTP/2.0
host: api.twitter.com
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization,x-csrf-token,x-guest-token,x-twitter-active-user,x-twitter-client-language
origin: https://twitter.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-allow-methods: HEAD,PUT,GET,POST,DELETE
access-control-allow-headers: X-Web-Auth-Multi-User-Id,X-Contributor-Version,X-Twitter-CESModel-Version,Server,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,Dtab-Local,X-Twitter-Client-Language,If-Modified-Since,X-Twitter-Client,SecurelyOktaToken,X-TD-Iff-Mtime,X-Twitter-Auth-Type,Content-Length,Alt-Used,X-B3-Flags,Cache-Control,X-Transaction-Id,X-TFE-Bot-Test,Content-Type,X-TD-Mtime-Check,Pragma,X-CSRF-Token,X-Twitter-Polling,X-Twitter-Active-User,X-Guest-Token,LivePipeline-Session,X-Twitter-UTCOffset,X-Response-Time,X-Act-As-User-Id,Authorization,X-Contribute-To-User-Id
access-control-max-age: 1728000
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-connection-hash: 5b5c1dfe92a8409ce0e9c69edd8c1694f0a72cc8d8149bcb80be5ca3ae48bd06
date: Fri, 03 Feb 2023 19:19:40 GMT
server: tsa_o
OPTIONS

https://api.twitter.com/1.1/attribution/event.json

chrome.exe

Remote address:

104.244.42.66:443

Request

OPTIONS /1.1/attribution/event.json HTTP/2.0
host: api.twitter.com
accept: */*
access-control-request-method: POST
access-control-request-headers: authorization,content-type,x-csrf-token,x-guest-token,x-twitter-active-user,x-twitter-client-language
origin: https://twitter.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-allow-methods: HEAD,PUT,GET,POST,DELETE
access-control-allow-headers: X-Web-Auth-Multi-User-Id,X-Contributor-Version,X-Twitter-CESModel-Version,Server,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,Dtab-Local,X-Twitter-Client-Language,If-Modified-Since,X-Twitter-Client,SecurelyOktaToken,X-TD-Iff-Mtime,X-Twitter-Auth-Type,Content-Length,Alt-Used,X-B3-Flags,Cache-Control,X-Transaction-Id,X-TFE-Bot-Test,Content-Type,X-TD-Mtime-Check,Pragma,X-CSRF-Token,X-Twitter-Polling,X-Twitter-Active-User,X-Guest-Token,LivePipeline-Session,X-Twitter-UTCOffset,X-Response-Time,X-Act-As-User-Id,Authorization,X-Contribute-To-User-Id
access-control-max-age: 1728000
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-connection-hash: 5b5c1dfe92a8409ce0e9c69edd8c1694f0a72cc8d8149bcb80be5ca3ae48bd06
date: Fri, 03 Feb 2023 19:19:41 GMT
server: tsa_o
OPTIONS

https://api.twitter.com/graphql/hVhfo_TquFTmgL7gYwf91Q/UserByScreenName?variables=%7B%22screen_name%22%3A%22bcbsil%22%2C%22withSafetyModeUserFields%22%3Atrue%2C%22withSuperFollowsUserFields%22%3Atrue%7D&features=%7B%22responsive_web_twitter_blue_verified_badge_is_enabled%22%3Atrue%2C%22verified_phone_label_enabled%22%3Afalse%2C%22responsive_web_graphql_timeline_navigation_enabled%22%3Atrue%7D

chrome.exe

Remote address:

104.244.42.66:443

Request

OPTIONS /graphql/hVhfo_TquFTmgL7gYwf91Q/UserByScreenName?variables=%7B%22screen_name%22%3A%22bcbsil%22%2C%22withSafetyModeUserFields%22%3Atrue%2C%22withSuperFollowsUserFields%22%3Atrue%7D&features=%7B%22responsive_web_twitter_blue_verified_badge_is_enabled%22%3Atrue%2C%22verified_phone_label_enabled%22%3Afalse%2C%22responsive_web_graphql_timeline_navigation_enabled%22%3Atrue%7D HTTP/2.0
host: api.twitter.com
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization,content-type,x-csrf-token,x-guest-token,x-twitter-active-user,x-twitter-client-language
origin: https://twitter.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-allow-methods: HEAD,PUT,GET,POST,DELETE
access-control-allow-headers: X-Web-Auth-Multi-User-Id,X-Contributor-Version,X-Twitter-CESModel-Version,Server,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,Dtab-Local,X-Twitter-Client-Language,If-Modified-Since,X-Twitter-Client,SecurelyOktaToken,X-TD-Iff-Mtime,X-Twitter-Auth-Type,Content-Length,Alt-Used,X-B3-Flags,Cache-Control,X-Transaction-Id,X-TFE-Bot-Test,Content-Type,X-TD-Mtime-Check,Pragma,X-CSRF-Token,X-Twitter-Polling,X-Twitter-Active-User,X-Guest-Token,LivePipeline-Session,X-Twitter-UTCOffset,X-Response-Time,X-Act-As-User-Id,Authorization,X-Contribute-To-User-Id
access-control-max-age: 1728000
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-connection-hash: 5b5c1dfe92a8409ce0e9c69edd8c1694f0a72cc8d8149bcb80be5ca3ae48bd06
date: Fri, 03 Feb 2023 19:19:42 GMT
server: tsa_o
OPTIONS

https://api.twitter.com/1.1/jot/ces/p2

chrome.exe

Remote address:

104.244.42.66:443

Request

OPTIONS /1.1/jot/ces/p2 HTTP/2.0
host: api.twitter.com
accept: */*
access-control-request-method: POST
access-control-request-headers: authorization,content-type,x-csrf-token,x-guest-token,x-twitter-active-user,x-twitter-client-language
origin: https://twitter.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-allow-methods: HEAD,PUT,GET,POST,DELETE
access-control-allow-headers: X-Web-Auth-Multi-User-Id,X-Contributor-Version,X-Twitter-CESModel-Version,Server,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,Dtab-Local,X-Twitter-Client-Language,If-Modified-Since,X-Twitter-Client,SecurelyOktaToken,X-TD-Iff-Mtime,X-Twitter-Auth-Type,Content-Length,Alt-Used,X-B3-Flags,Cache-Control,X-Transaction-Id,X-TFE-Bot-Test,Content-Type,X-TD-Mtime-Check,Pragma,X-CSRF-Token,X-Twitter-Polling,X-Twitter-Active-User,X-Guest-Token,LivePipeline-Session,X-Twitter-UTCOffset,X-Response-Time,X-Act-As-User-Id,Authorization,X-Contribute-To-User-Id
access-control-max-age: 1728000
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-connection-hash: 5b5c1dfe92a8409ce0e9c69edd8c1694f0a72cc8d8149bcb80be5ca3ae48bd06
date: Fri, 03 Feb 2023 19:19:42 GMT
server: tsa_o
OPTIONS

https://api.twitter.com/graphql/mi_IjXgFyr41N9zkszPz9w/UserByRestId?variables=%7B%22userId%22%3A%2216312904%22%2C%22withSafetyModeUserFields%22%3Atrue%2C%22withSuperFollowsUserFields%22%3Atrue%7D&features=%7B%22responsive_web_twitter_blue_verified_badge_is_enabled%22%3Atrue%2C%22verified_phone_label_enabled%22%3Afalse%2C%22responsive_web_graphql_timeline_navigation_enabled%22%3Atrue%7D

chrome.exe

Remote address:

104.244.42.66:443

Request

OPTIONS /graphql/mi_IjXgFyr41N9zkszPz9w/UserByRestId?variables=%7B%22userId%22%3A%2216312904%22%2C%22withSafetyModeUserFields%22%3Atrue%2C%22withSuperFollowsUserFields%22%3Atrue%7D&features=%7B%22responsive_web_twitter_blue_verified_badge_is_enabled%22%3Atrue%2C%22verified_phone_label_enabled%22%3Afalse%2C%22responsive_web_graphql_timeline_navigation_enabled%22%3Atrue%7D HTTP/2.0
host: api.twitter.com
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization,content-type,x-csrf-token,x-guest-token,x-twitter-active-user,x-twitter-client-language
origin: https://twitter.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-allow-methods: HEAD,PUT,GET,POST,DELETE
access-control-allow-headers: X-Web-Auth-Multi-User-Id,X-Contributor-Version,X-Twitter-CESModel-Version,Server,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,Dtab-Local,X-Twitter-Client-Language,If-Modified-Since,X-Twitter-Client,SecurelyOktaToken,X-TD-Iff-Mtime,X-Twitter-Auth-Type,Content-Length,Alt-Used,X-B3-Flags,Cache-Control,X-Transaction-Id,X-TFE-Bot-Test,Content-Type,X-TD-Mtime-Check,Pragma,X-CSRF-Token,X-Twitter-Polling,X-Twitter-Active-User,X-Guest-Token,LivePipeline-Session,X-Twitter-UTCOffset,X-Response-Time,X-Act-As-User-Id,Authorization,X-Contribute-To-User-Id
access-control-max-age: 1728000
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-connection-hash: 5b5c1dfe92a8409ce0e9c69edd8c1694f0a72cc8d8149bcb80be5ca3ae48bd06
date: Fri, 03 Feb 2023 19:19:43 GMT
server: tsa_o
OPTIONS

https://api.twitter.com/graphql/sj-BEQ0Jq5AwrydqFstdvg/UserTweets?variables=%7B%22userId%22%3A%2216312904%22%2C%22count%22%3A40%2C%22includePromotedContent%22%3Atrue%2C%22withQuickPromoteEligibilityTweetFields%22%3Atrue%2C%22withSuperFollowsUserFields%22%3Atrue%2C%22withDownvotePerspective%22%3Afalse%2C%22withReactionsMetadata%22%3Afalse%2C%22withReactionsPerspective%22%3Afalse%2C%22withSuperFollowsTweetFields%22%3Atrue%2C%22withVoice%22%3Atrue%2C%22withV2Timeline%22%3Atrue%7D&features=%7B%22responsive_web_twitter_blue_verified_badge_is_enabled%22%3Atrue%2C%22verified_phone_label_enabled%22%3Afalse%2C%22responsive_web_graphql_timeline_navigation_enabled%22%3Atrue%2C%22longform_notetweets_consumption_enabled%22%3Atrue%2C%22tweetypie_unmention_optimization_enabled%22%3Atrue%2C%22vibe_api_enabled%22%3Atrue%2C%22responsive_web_edit_tweet_api_enabled%22%3Atrue%2C%22graphql_is_translatable_rweb_tweet_is_translatable_enabled%22%3Atrue%2C%22view_counts_everywhere_api_enabled%22%3Atrue%2C%22standardized_nudges_misinfo%22%3Atrue%2C%22tweet_with_visibility_results_prefer_gql_limited_actions_policy_enabled%22%3Afalse%2C%22interactive_text_enabled%22%3Atrue%2C%22responsive_web_text_conversations_enabled%22%3Afalse%2C%22responsive_web_enhance_cards_enabled%22%3Afalse%7D

chrome.exe

Remote address:

104.244.42.66:443

Request

OPTIONS /graphql/sj-BEQ0Jq5AwrydqFstdvg/UserTweets?variables=%7B%22userId%22%3A%2216312904%22%2C%22count%22%3A40%2C%22includePromotedContent%22%3Atrue%2C%22withQuickPromoteEligibilityTweetFields%22%3Atrue%2C%22withSuperFollowsUserFields%22%3Atrue%2C%22withDownvotePerspective%22%3Afalse%2C%22withReactionsMetadata%22%3Afalse%2C%22withReactionsPerspective%22%3Afalse%2C%22withSuperFollowsTweetFields%22%3Atrue%2C%22withVoice%22%3Atrue%2C%22withV2Timeline%22%3Atrue%7D&features=%7B%22responsive_web_twitter_blue_verified_badge_is_enabled%22%3Atrue%2C%22verified_phone_label_enabled%22%3Afalse%2C%22responsive_web_graphql_timeline_navigation_enabled%22%3Atrue%2C%22longform_notetweets_consumption_enabled%22%3Atrue%2C%22tweetypie_unmention_optimization_enabled%22%3Atrue%2C%22vibe_api_enabled%22%3Atrue%2C%22responsive_web_edit_tweet_api_enabled%22%3Atrue%2C%22graphql_is_translatable_rweb_tweet_is_translatable_enabled%22%3Atrue%2C%22view_counts_everywhere_api_enabled%22%3Atrue%2C%22standardized_nudges_misinfo%22%3Atrue%2C%22tweet_with_visibility_results_prefer_gql_limited_actions_policy_enabled%22%3Afalse%2C%22interactive_text_enabled%22%3Atrue%2C%22responsive_web_text_conversations_enabled%22%3Afalse%2C%22responsive_web_enhance_cards_enabled%22%3Afalse%7D HTTP/2.0
host: api.twitter.com
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization,content-type,x-csrf-token,x-guest-token,x-twitter-active-user,x-twitter-client-language
origin: https://twitter.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-allow-methods: HEAD,PUT,GET,POST,DELETE
access-control-allow-headers: X-Web-Auth-Multi-User-Id,X-Contributor-Version,X-Twitter-CESModel-Version,Server,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,Dtab-Local,X-Twitter-Client-Language,If-Modified-Since,X-Twitter-Client,SecurelyOktaToken,X-TD-Iff-Mtime,X-Twitter-Auth-Type,Content-Length,Alt-Used,X-B3-Flags,Cache-Control,X-Transaction-Id,X-TFE-Bot-Test,Content-Type,X-TD-Mtime-Check,Pragma,X-CSRF-Token,X-Twitter-Polling,X-Twitter-Active-User,X-Guest-Token,LivePipeline-Session,X-Twitter-UTCOffset,X-Response-Time,X-Act-As-User-Id,Authorization,X-Contribute-To-User-Id
access-control-max-age: 1728000
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-connection-hash: 5b5c1dfe92a8409ce0e9c69edd8c1694f0a72cc8d8149bcb80be5ca3ae48bd06
date: Fri, 03 Feb 2023 19:19:44 GMT
server: tsa_o
OPTIONS

https://api.twitter.com/graphql/LsL6YcDRR1EWy6Ojp9zeMA/UserMedia?variables=%7B%22userId%22%3A%2216312904%22%2C%22count%22%3A20%2C%22includePromotedContent%22%3Afalse%2C%22withSuperFollowsUserFields%22%3Atrue%2C%22withDownvotePerspective%22%3Afalse%2C%22withReactionsMetadata%22%3Afalse%2C%22withReactionsPerspective%22%3Afalse%2C%22withSuperFollowsTweetFields%22%3Atrue%2C%22withClientEventToken%22%3Afalse%2C%22withBirdwatchNotes%22%3Afalse%2C%22withVoice%22%3Atrue%2C%22withV2Timeline%22%3Atrue%7D&features=%7B%22responsive_web_twitter_blue_verified_badge_is_enabled%22%3Atrue%2C%22verified_phone_label_enabled%22%3Afalse%2C%22responsive_web_graphql_timeline_navigation_enabled%22%3Atrue%2C%22longform_notetweets_consumption_enabled%22%3Atrue%2C%22tweetypie_unmention_optimization_enabled%22%3Atrue%2C%22vibe_api_enabled%22%3Atrue%2C%22responsive_web_edit_tweet_api_enabled%22%3Atrue%2C%22graphql_is_translatable_rweb_tweet_is_translatable_enabled%22%3Atrue%2C%22view_counts_everywhere_api_enabled%22%3Atrue%2C%22standardized_nudges_misinfo%22%3Atrue%2C%22tweet_with_visibility_results_prefer_gql_limited_actions_policy_enabled%22%3Afalse%2C%22interactive_text_enabled%22%3Atrue%2C%22responsive_web_text_conversations_enabled%22%3Afalse%2C%22responsive_web_enhance_cards_enabled%22%3Afalse%7D

chrome.exe

Remote address:

104.244.42.66:443

Request

OPTIONS /graphql/LsL6YcDRR1EWy6Ojp9zeMA/UserMedia?variables=%7B%22userId%22%3A%2216312904%22%2C%22count%22%3A20%2C%22includePromotedContent%22%3Afalse%2C%22withSuperFollowsUserFields%22%3Atrue%2C%22withDownvotePerspective%22%3Afalse%2C%22withReactionsMetadata%22%3Afalse%2C%22withReactionsPerspective%22%3Afalse%2C%22withSuperFollowsTweetFields%22%3Atrue%2C%22withClientEventToken%22%3Afalse%2C%22withBirdwatchNotes%22%3Afalse%2C%22withVoice%22%3Atrue%2C%22withV2Timeline%22%3Atrue%7D&features=%7B%22responsive_web_twitter_blue_verified_badge_is_enabled%22%3Atrue%2C%22verified_phone_label_enabled%22%3Afalse%2C%22responsive_web_graphql_timeline_navigation_enabled%22%3Atrue%2C%22longform_notetweets_consumption_enabled%22%3Atrue%2C%22tweetypie_unmention_optimization_enabled%22%3Atrue%2C%22vibe_api_enabled%22%3Atrue%2C%22responsive_web_edit_tweet_api_enabled%22%3Atrue%2C%22graphql_is_translatable_rweb_tweet_is_translatable_enabled%22%3Atrue%2C%22view_counts_everywhere_api_enabled%22%3Atrue%2C%22standardized_nudges_misinfo%22%3Atrue%2C%22tweet_with_visibility_results_prefer_gql_limited_actions_policy_enabled%22%3Afalse%2C%22interactive_text_enabled%22%3Atrue%2C%22responsive_web_text_conversations_enabled%22%3Afalse%2C%22responsive_web_enhance_cards_enabled%22%3Afalse%7D HTTP/2.0
host: api.twitter.com
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization,content-type,x-csrf-token,x-guest-token,x-twitter-active-user,x-twitter-client-language
origin: https://twitter.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-allow-methods: HEAD,PUT,GET,POST,DELETE
access-control-allow-headers: X-Web-Auth-Multi-User-Id,X-Contributor-Version,X-Twitter-CESModel-Version,Server,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,Dtab-Local,X-Twitter-Client-Language,If-Modified-Since,X-Twitter-Client,SecurelyOktaToken,X-TD-Iff-Mtime,X-Twitter-Auth-Type,Content-Length,Alt-Used,X-B3-Flags,Cache-Control,X-Transaction-Id,X-TFE-Bot-Test,Content-Type,X-TD-Mtime-Check,Pragma,X-CSRF-Token,X-Twitter-Polling,X-Twitter-Active-User,X-Guest-Token,LivePipeline-Session,X-Twitter-UTCOffset,X-Response-Time,X-Act-As-User-Id,Authorization,X-Contribute-To-User-Id
access-control-max-age: 1728000
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-connection-hash: 5b5c1dfe92a8409ce0e9c69edd8c1694f0a72cc8d8149bcb80be5ca3ae48bd06
date: Fri, 03 Feb 2023 19:19:44 GMT
server: tsa_o
OPTIONS

https://api.twitter.com/1.1/users/recommendations.json?include_profile_interstitial_type=1&include_blocking=1&include_blocked_by=1&include_followed_by=1&include_want_retweets=1&include_mute_edge=1&include_can_dm=1&include_can_media_tag=1&include_ext_has_nft_avatar=1&include_ext_is_blue_verified=1&include_ext_verified_type=1&skip_status=1&&pc=true&display_location=profile_accounts_sidebar&limit=4&user_id=16312904&ext=mediaStats%2ChighlightedLabel%2ChasNftAvatar%2CvoiceInfo%2Cenrichments%2CsuperFollowMetadata%2CunmentionInfo%2CeditControl%2Ccollab_control%2Cvibe

chrome.exe

Remote address:

104.244.42.66:443

Request

OPTIONS /1.1/users/recommendations.json?include_profile_interstitial_type=1&include_blocking=1&include_blocked_by=1&include_followed_by=1&include_want_retweets=1&include_mute_edge=1&include_can_dm=1&include_can_media_tag=1&include_ext_has_nft_avatar=1&include_ext_is_blue_verified=1&include_ext_verified_type=1&skip_status=1&&pc=true&display_location=profile_accounts_sidebar&limit=4&user_id=16312904&ext=mediaStats%2ChighlightedLabel%2ChasNftAvatar%2CvoiceInfo%2Cenrichments%2CsuperFollowMetadata%2CunmentionInfo%2CeditControl%2Ccollab_control%2Cvibe HTTP/2.0
host: api.twitter.com
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization,x-csrf-token,x-guest-token,x-twitter-active-user,x-twitter-client-language
origin: https://twitter.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-allow-methods: HEAD,PUT,GET,POST,DELETE
access-control-allow-headers: X-Web-Auth-Multi-User-Id,X-Contributor-Version,X-Twitter-CESModel-Version,Server,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,Dtab-Local,X-Twitter-Client-Language,If-Modified-Since,X-Twitter-Client,SecurelyOktaToken,X-TD-Iff-Mtime,X-Twitter-Auth-Type,Content-Length,Alt-Used,X-B3-Flags,Cache-Control,X-Transaction-Id,X-TFE-Bot-Test,Content-Type,X-TD-Mtime-Check,Pragma,X-CSRF-Token,X-Twitter-Polling,X-Twitter-Active-User,X-Guest-Token,LivePipeline-Session,X-Twitter-UTCOffset,X-Response-Time,X-Act-As-User-Id,Authorization,X-Contribute-To-User-Id
access-control-max-age: 1728000
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-connection-hash: 5b5c1dfe92a8409ce0e9c69edd8c1694f0a72cc8d8149bcb80be5ca3ae48bd06
date: Fri, 03 Feb 2023 19:19:45 GMT
server: tsa_o
OPTIONS

https://api.twitter.com/2/guide.json?include_profile_interstitial_type=1&include_blocking=1&include_blocked_by=1&include_followed_by=1&include_want_retweets=1&include_mute_edge=1&include_can_dm=1&include_can_media_tag=1&include_ext_has_nft_avatar=1&include_ext_is_blue_verified=1&include_ext_verified_type=1&skip_status=1&cards_platform=Web-12&include_cards=1&include_ext_alt_text=true&include_ext_limited_action_results=false&include_quote_count=true&include_reply_count=1&tweet_mode=extended&include_ext_collab_control=true&include_ext_views=true&include_entities=true&include_user_entities=true&include_ext_media_color=true&include_ext_media_availability=true&include_ext_sensitive_media_warning=true&include_ext_trusted_friends_metadata=true&send_error_codes=true&simple_quoted_tweet=true&count=20&requestContext=launch&display_location=web_sidebar&include_page_configuration=false&profile_user_id=16312904&entity_tokens=false&ext=mediaStats%2ChighlightedLabel%2ChasNftAvatar%2CvoiceInfo%2Cenrichments%2CsuperFollowMetadata%2CunmentionInfo%2CeditControl%2Ccollab_control%2Cvibe

chrome.exe

Remote address:

104.244.42.66:443

Request

OPTIONS /2/guide.json?include_profile_interstitial_type=1&include_blocking=1&include_blocked_by=1&include_followed_by=1&include_want_retweets=1&include_mute_edge=1&include_can_dm=1&include_can_media_tag=1&include_ext_has_nft_avatar=1&include_ext_is_blue_verified=1&include_ext_verified_type=1&skip_status=1&cards_platform=Web-12&include_cards=1&include_ext_alt_text=true&include_ext_limited_action_results=false&include_quote_count=true&include_reply_count=1&tweet_mode=extended&include_ext_collab_control=true&include_ext_views=true&include_entities=true&include_user_entities=true&include_ext_media_color=true&include_ext_media_availability=true&include_ext_sensitive_media_warning=true&include_ext_trusted_friends_metadata=true&send_error_codes=true&simple_quoted_tweet=true&count=20&requestContext=launch&display_location=web_sidebar&include_page_configuration=false&profile_user_id=16312904&entity_tokens=false&ext=mediaStats%2ChighlightedLabel%2ChasNftAvatar%2CvoiceInfo%2Cenrichments%2CsuperFollowMetadata%2CunmentionInfo%2CeditControl%2Ccollab_control%2Cvibe HTTP/2.0
host: api.twitter.com
accept: */*
access-control-request-method: GET
access-control-request-headers: authorization,x-csrf-token,x-guest-token,x-twitter-active-user,x-twitter-client-language,x-twitter-utcoffset
origin: https://twitter.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-allow-methods: HEAD,PUT,GET,POST,DELETE
access-control-allow-headers: X-Web-Auth-Multi-User-Id,X-Contributor-Version,X-Twitter-CESModel-Version,Server,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,Dtab-Local,X-Twitter-Client-Language,If-Modified-Since,X-Twitter-Client,SecurelyOktaToken,X-TD-Iff-Mtime,X-Twitter-Auth-Type,Content-Length,Alt-Used,X-B3-Flags,Cache-Control,X-Transaction-Id,X-TFE-Bot-Test,Content-Type,X-TD-Mtime-Check,Pragma,X-CSRF-Token,X-Twitter-Polling,X-Twitter-Active-User,X-Guest-Token,LivePipeline-Session,X-Twitter-UTCOffset,X-Response-Time,X-Act-As-User-Id,Authorization,X-Contribute-To-User-Id
access-control-max-age: 1728000
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-connection-hash: 5b5c1dfe92a8409ce0e9c69edd8c1694f0a72cc8d8149bcb80be5ca3ae48bd06
date: Fri, 03 Feb 2023 19:19:45 GMT
server: tsa_o
OPTIONS

https://api.twitter.com/1.1/onboarding/sso_init.json

chrome.exe

Remote address:

104.244.42.66:443

Request

OPTIONS /1.1/onboarding/sso_init.json HTTP/2.0
host: api.twitter.com
accept: */*
access-control-request-method: POST
access-control-request-headers: authorization,content-type,x-csrf-token,x-guest-token,x-twitter-active-user,x-twitter-client-language
origin: https://twitter.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://twitter.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: https://twitter.com
access-control-allow-credentials: true
access-control-allow-methods: HEAD,PUT,GET,POST,DELETE
access-control-allow-headers: X-Web-Auth-Multi-User-Id,X-Contributor-Version,X-Twitter-CESModel-Version,Server,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,Dtab-Local,X-Twitter-Client-Language,If-Modified-Since,X-Twitter-Client,SecurelyOktaToken,X-TD-Iff-Mtime,X-Twitter-Auth-Type,Content-Length,Alt-Used,X-B3-Flags,Cache-Control,X-Transaction-Id,X-TFE-Bot-Test,Content-Type,X-TD-Mtime-Check,Pragma,X-CSRF-Token,X-Twitter-Polling,X-Twitter-Active-User,X-Guest-Token,LivePipeline-Session,X-Twitter-UTCOffset,X-Response-Time,X-Act-As-User-Id,Authorization,X-Contribute-To-User-Id
access-control-max-age: 1728000
access-control-expose-headers: X-Twitter-Spotify-Access-Token,X-Twitter-Client-Version,X-Twitter-Diffy-Request-Key,X-Rate-Limit-Limit,X-TD-Mtime,X-Twitter-Client,Backoff-Policy,X-Rate-Limit-Remaining,Content-Length,X-Rate-Limit-Reset,X-Transaction-Id,X-Acted-As-User-Id,X-Twitter-Polling,X-Twitter-UTCOffset,X-Response-Time
x-connection-hash: 5b5c1dfe92a8409ce0e9c69edd8c1694f0a72cc8d8149bcb80be5ca3ae48bd06
date: Fri, 03 Feb 2023 19:19:45 GMT
server: tsa_o
GET

https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb

chrome.exe

Remote address:

216.58.208.99:443

Request

GET /safebrowsing/csd/client_model_v5_variation_6.pb HTTP/2.0
host: ssl.gstatic.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js

chrome.exe

Remote address:

23.222.51.44:443

Request

GET /appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js HTTP/1.1
Host: appleid.cdn-apple.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://twitter.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Server: Apple
Content-Type: application/javascript;charset=UTF-8
Cache-Control: public, max-age=86400,stale-while-revalidate=86400
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Accept-Ranges: bytes
ETag: W/"42671-1673569073418"
Last-Modified: Fri, 13 Jan 2023 00:17:53 GMT
Vary: accept-encoding
Content-Encoding: gzip
Content-Length: 17247
Date: Fri, 03 Feb 2023 19:19:45 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
GET

https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvODkuMC40Mzg5LjExNBIQCU8K9GMPI8A4EgUNkWGVTg==?alt=proto

chrome.exe

Remote address:

142.251.36.10:443

Request

GET /v1/pages/ChRDaHJvbWUvODkuMC40Mzg5LjExNBIQCU8K9GMPI8A4EgUNkWGVTg==?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CKSMywE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://update.googleapis.com/service/update2/json?cup2key=10:4046398369&cup2hreq=d838865c1cd8e4de1bde65bf6ebbdd41ed7b2473f0efc1f04052d3771c0b9aba

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json?cup2key=10:4046398369&cup2hreq=d838865c1cd8e4de1bde65bf6ebbdd41ed7b2473f0efc1f04052d3771c0b9aba HTTP/2.0
host: update.googleapis.com
content-length: 3017
x-goog-update-appid: ggkkehgbnfjpeggfpleeakpidbkibbmn,gcmjkmgdlgnkkcocmoeiminaijmmjnii,gkmgaooipdjhmangpemjhigmamcehddo,khaoiebndkojlmppeemjhbpbandiljpe,llkgjffcdpffmhiakmfcdcblohccpfmo,bklopemakmnopmghhmccadeonafabnal,jamhcnnkihinmdlkakkaopbjbbcngflc,ihnlcenocehgdaegdmhbidjhnhdchfmm,cmahhnpholdijhjokonmfdjbfmklppij,hnimpnehoodheedghdeeijklkeaacbdc,ojhpjlocmbogdgmfpkhlaaeamibhnphh,jflookgnkcckhobaglndicnbbgbonegd,giekcmmlnklenlaomppkphknjmnnpneh,eeigpngbgcognadeebkilcpcaedhellh,hfnkpimlhhgieaddgfemjhofmfblmnib,obedbbhbpmojnkanicioggnmelmoomoc,ehgidpndbllacpjalkiimkbadgjfnnmc,aemomkdncapdnfajjbbcbdebjljbpmpj,oimompecagnajdejgnnjijobebaeigek
x-goog-update-interactivity: bg
x-goog-update-updater: chrome-89.0.4389.114
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 1043
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 995
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 973
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 991
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 916
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 1029
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 1052
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 933
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 1013
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
POST

https://update.googleapis.com/service/update2/json

chrome.exe

Remote address:

142.250.179.163:443

Request

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 921
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br
DNS

edgedl.me.gvt1.com

chrome.exe

Remote address:

8.8.8.8:53

Request

edgedl.me.gvt1.com

IN A

Response

edgedl.me.gvt1.com

IN A

34.104.35.123
HEAD

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/eua6zlfhpj3roq46nymxtbz4zq_2022.10.19.1145/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/release2/chrome_component/eua6zlfhpj3roq46nymxtbz4zq_2022.10.19.1145/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 10490
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 45d77bdb-9ad1-49e4-a5d9-032c353dfcfb
date: Thu, 02 Feb 2023 19:29:22 GMT
age: 85870
last-modified: Wed, 19 Oct 2022 19:15:29 GMT
etag: "fd2c76"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/eua6zlfhpj3roq46nymxtbz4zq_2022.10.19.1145/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/eua6zlfhpj3roq46nymxtbz4zq_2022.10.19.1145/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 19 Oct 2022 19:15:29 GMT
Range: bytes=0-1119
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 1120
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 70fc92f2-11b9-48a5-9fad-ae85c7ff1034
date: Thu, 02 Feb 2023 19:29:22 GMT
age: 85871
last-modified: Wed, 19 Oct 2022 19:15:29 GMT
etag: "fd2c76"
content-type: application/octet-stream
content-range: bytes 0-1119/10490
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/eua6zlfhpj3roq46nymxtbz4zq_2022.10.19.1145/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/eua6zlfhpj3roq46nymxtbz4zq_2022.10.19.1145/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 19 Oct 2022 19:15:29 GMT
Range: bytes=1120-3044
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 1925
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 8a68545c-a0fb-45e0-9cd0-f997a777983f
date: Thu, 02 Feb 2023 19:29:22 GMT
age: 85877
last-modified: Wed, 19 Oct 2022 19:15:29 GMT
etag: "fd2c76"
content-type: application/octet-stream
content-range: bytes 1120-3044/10490
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/eua6zlfhpj3roq46nymxtbz4zq_2022.10.19.1145/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/eua6zlfhpj3roq46nymxtbz4zq_2022.10.19.1145/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 19 Oct 2022 19:15:29 GMT
Range: bytes=3045-7296
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 4252
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 975c7c5b-8857-4609-8252-0b49d3bbcfd6
date: Thu, 02 Feb 2023 19:29:22 GMT
age: 85886
last-modified: Wed, 19 Oct 2022 19:15:29 GMT
etag: "fd2c76"
content-type: application/octet-stream
content-range: bytes 3045-7296/10490
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/eua6zlfhpj3roq46nymxtbz4zq_2022.10.19.1145/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/eua6zlfhpj3roq46nymxtbz4zq_2022.10.19.1145/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 19 Oct 2022 19:15:29 GMT
Range: bytes=7297-10489
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 3193
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 7fa315c7-088b-4c14-8412-9f3424b970df
date: Thu, 02 Feb 2023 19:29:22 GMT
age: 85889
last-modified: Wed, 19 Oct 2022 19:15:29 GMT
etag: "fd2c76"
content-type: application/octet-stream
content-range: bytes 7297-10489/10490
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
HEAD

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/a6cmame6gvjjxyoop5xalea2j4_9.42.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.42.0_all_pxsqvymripaq7s6szfzfirkhqq.crx3

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/release2/chrome_component/a6cmame6gvjjxyoop5xalea2j4_9.42.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.42.0_all_pxsqvymripaq7s6szfzfirkhqq.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 41029
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: d79ef2b8-f6c7-4618-82ef-b807e6f85e1c
date: Fri, 03 Feb 2023 08:45:37 GMT
age: 38138
last-modified: Fri, 16 Dec 2022 17:42:20 GMT
etag: "10d3771"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/a6cmame6gvjjxyoop5xalea2j4_9.42.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.42.0_all_pxsqvymripaq7s6szfzfirkhqq.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/a6cmame6gvjjxyoop5xalea2j4_9.42.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.42.0_all_pxsqvymripaq7s6szfzfirkhqq.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 16 Dec 2022 17:42:20 GMT
Range: bytes=0-19668
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 19669
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 24844530-5339-4556-9bb4-fe892d3062ab
date: Fri, 03 Feb 2023 08:45:37 GMT
age: 38139
last-modified: Fri, 16 Dec 2022 17:42:20 GMT
etag: "10d3771"
content-type: application/octet-stream
content-range: bytes 0-19668/41029
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/a6cmame6gvjjxyoop5xalea2j4_9.42.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.42.0_all_pxsqvymripaq7s6szfzfirkhqq.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/a6cmame6gvjjxyoop5xalea2j4_9.42.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.42.0_all_pxsqvymripaq7s6szfzfirkhqq.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 16 Dec 2022 17:42:20 GMT
Range: bytes=19669-41028
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 21360
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 461bd76f-9104-4144-bf53-de089910364e
date: Fri, 03 Feb 2023 08:45:37 GMT
age: 38140
last-modified: Fri, 16 Dec 2022 17:42:20 GMT
etag: "10d3771"
content-type: application/octet-stream
content-range: bytes 19669-41028/41029
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
HEAD

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/mouvdyia34vlibzxbufzmd6m7y_57/khaoiebndkojlmppeemjhbpbandiljpe_57_win_o57jjjyx7jfaz3k2d7p3mbix6e.crx3

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/release2/chrome_component/mouvdyia34vlibzxbufzmd6m7y_57/khaoiebndkojlmppeemjhbpbandiljpe_57_win_o57jjjyx7jfaz3k2d7p3mbix6e.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 5571
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: fd8ec763-09f2-40d6-a800-da873a802166
date: Thu, 02 Feb 2023 20:48:00 GMT
age: 81200
last-modified: Thu, 19 Jan 2023 23:21:44 GMT
etag: "1258e3f"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/mouvdyia34vlibzxbufzmd6m7y_57/khaoiebndkojlmppeemjhbpbandiljpe_57_win_o57jjjyx7jfaz3k2d7p3mbix6e.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/mouvdyia34vlibzxbufzmd6m7y_57/khaoiebndkojlmppeemjhbpbandiljpe_57_win_o57jjjyx7jfaz3k2d7p3mbix6e.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 19 Jan 2023 23:21:44 GMT
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 5571
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 8d5ea2a9-af81-4551-ac81-17a2ae9e01dd
date: Thu, 02 Feb 2023 20:48:00 GMT
age: 81200
last-modified: Thu, 19 Jan 2023 23:21:44 GMT
etag: "1258e3f"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
HEAD

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 2876
x-request-id: 5994a09a-f0aa-44a7-a82a-317c7d756008
date: Thu, 02 Feb 2023 20:32:01 GMT
age: 82167
last-modified: Wed, 23 Mar 2022 16:40:40 GMT
etag: "d1bcdc"
content-type: application/x-chrome-extension
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

Remote address:

34.104.35.123:80

Request

GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 23 Mar 2022 16:40:40 GMT
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 2876
x-request-id: b5ca5e54-1c00-4ad4-b366-eab8b7b6dfdf
date: Thu, 02 Feb 2023 20:32:01 GMT
age: 82167
last-modified: Wed, 23 Mar 2022 16:40:40 GMT
etag: "d1bcdc"
content-type: application/x-chrome-extension
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
HEAD

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/YGkwa4MXjfWSuERyWQYP_A_4/aapLKTSZ439A-0g3nqJr3Q

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/release2/chrome_component/YGkwa4MXjfWSuERyWQYP_A_4/aapLKTSZ439A-0g3nqJr3Q HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 3809
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: c272e65e-90b6-4959-9e39-8915dd9385a0
date: Thu, 02 Feb 2023 19:48:20 GMT
age: 84801
last-modified: Thu, 07 Jan 2021 02:23:28 GMT
etag: "81a15c"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/YGkwa4MXjfWSuERyWQYP_A_4/aapLKTSZ439A-0g3nqJr3Q

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/YGkwa4MXjfWSuERyWQYP_A_4/aapLKTSZ439A-0g3nqJr3Q HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 07 Jan 2021 02:23:28 GMT
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 3809
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 4d824a26-9379-4509-9401-12bad40391ab
date: Thu, 02 Feb 2023 19:48:20 GMT
age: 84801
last-modified: Thu, 07 Jan 2021 02:23:28 GMT
etag: "81a15c"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
HEAD

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adbgwltl5na5cz7kxx7rxgdhnn5q_112.0.5576.0/jamhcnnkihinmdlkakkaopbjbbcngflc_112.0.5576.0_all_nbo4na5y3uf5etkwxibm77jp3i.crx3

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/release2/chrome_component/adbgwltl5na5cz7kxx7rxgdhnn5q_112.0.5576.0/jamhcnnkihinmdlkakkaopbjbbcngflc_112.0.5576.0_all_nbo4na5y3uf5etkwxibm77jp3i.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 818338
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 3bf964fa-c2bf-4995-9237-e68c929d754c
date: Fri, 03 Feb 2023 07:35:52 GMT
age: 42365
last-modified: Fri, 03 Feb 2023 07:35:27 GMT
etag: "12ba97b"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adbgwltl5na5cz7kxx7rxgdhnn5q_112.0.5576.0/jamhcnnkihinmdlkakkaopbjbbcngflc_112.0.5576.0_all_nbo4na5y3uf5etkwxibm77jp3i.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/adbgwltl5na5cz7kxx7rxgdhnn5q_112.0.5576.0/jamhcnnkihinmdlkakkaopbjbbcngflc_112.0.5576.0_all_nbo4na5y3uf5etkwxibm77jp3i.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 03 Feb 2023 07:35:27 GMT
Range: bytes=0-295529
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 295530
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 21a4e1f7-e507-4a12-8f41-0e30d69b3f29
date: Fri, 03 Feb 2023 07:35:52 GMT
age: 42365
last-modified: Fri, 03 Feb 2023 07:35:27 GMT
etag: "12ba97b"
content-type: application/octet-stream
content-range: bytes 0-295529/818338
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adbgwltl5na5cz7kxx7rxgdhnn5q_112.0.5576.0/jamhcnnkihinmdlkakkaopbjbbcngflc_112.0.5576.0_all_nbo4na5y3uf5etkwxibm77jp3i.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/adbgwltl5na5cz7kxx7rxgdhnn5q_112.0.5576.0/jamhcnnkihinmdlkakkaopbjbbcngflc_112.0.5576.0_all_nbo4na5y3uf5etkwxibm77jp3i.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Fri, 03 Feb 2023 07:35:27 GMT
Range: bytes=295530-818337
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-length: 522808
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 62cbb9f4-1d9b-4a15-ac55-fbad38eb2ff8
date: Fri, 03 Feb 2023 07:35:52 GMT
age: 42367
last-modified: Fri, 03 Feb 2023 07:35:27 GMT
etag: "12ba97b"
content-type: application/octet-stream
content-range: bytes 295530-818337/818338
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
HEAD

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 148557
x-request-id: b7a78624-9a14-4e20-8d2f-4bfae35307ec
date: Fri, 03 Feb 2023 04:49:29 GMT
age: 52369
last-modified: Mon, 16 May 2022 15:33:39 GMT
etag: "debf6d"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3 HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 16 May 2022 15:33:39 GMT
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 148557
x-request-id: 4253c313-19a4-4263-bcc9-94559a8da371
date: Fri, 03 Feb 2023 04:49:29 GMT
age: 52370
last-modified: Mon, 16 May 2022 15:33:39 GMT
etag: "debf6d"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
HEAD

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 9555
x-request-id: 9d7b354d-28b8-4c2c-923e-8606a406ee1a
date: Thu, 02 Feb 2023 19:46:46 GMT
age: 84959
last-modified: Mon, 29 Mar 2021 22:42:38 GMT
etag: "9deda9"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Mon, 29 Mar 2021 22:42:38 GMT
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 9555
x-request-id: 666b602f-038d-4a99-9ee1-e00b6a51d647
date: Thu, 02 Feb 2023 19:46:46 GMT
age: 84960
last-modified: Mon, 29 Mar 2021 22:42:38 GMT
etag: "9deda9"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
HEAD

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 6760942
x-request-id: 2774354c-bd2f-4d6d-9679-0a36425073e3
date: Thu, 02 Feb 2023 20:29:34 GMT
age: 82422
last-modified: Wed, 10 Oct 2018 17:49:21 GMT
etag: "2e2fe7"
content-type: application/x-chrome-extension
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

Remote address:

34.104.35.123:80

Request

GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
Range: bytes=0-2498056
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 2498057
x-request-id: 4cd66ebe-4e6f-46bb-a272-7a913a8b857c
date: Thu, 02 Feb 2023 20:29:34 GMT
age: 82422
last-modified: Wed, 10 Oct 2018 17:49:21 GMT
etag: "2e2fe7"
content-type: application/x-chrome-extension
content-range: bytes 0-2498056/6760942
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

Remote address:

34.104.35.123:80

Request

GET /edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Wed, 10 Oct 2018 17:49:21 GMT
Range: bytes=2498057-6760941
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 206 Partial Content

accept-ranges: bytes
content-disposition: attachment
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
content-length: 4262885
x-request-id: e7754af1-4eca-48dd-a64f-1071bc3d48b6
date: Thu, 02 Feb 2023 20:29:34 GMT
age: 82423
last-modified: Wed, 10 Oct 2018 17:49:21 GMT
etag: "2e2fe7"
content-type: application/x-chrome-extension
content-range: bytes 2498057-6760941/6760942
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
HEAD

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/APhHMzuprJvS7ixvnAk_gdI_1/anGnv31dmOJhheXBnYQ3gw

Remote address:

34.104.35.123:80

Request

HEAD /edgedl/release2/chrome_component/APhHMzuprJvS7ixvnAk_gdI_1/anGnv31dmOJhheXBnYQ3gw HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 394133
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: 3829f8ec-e764-46ff-b97e-db32564e9728
date: Fri, 03 Feb 2023 08:59:58 GMT
age: 37433
last-modified: Tue, 28 Jul 2020 19:50:19 GMT
etag: "662670"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
coprocessor-response: download-server
GET

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/APhHMzuprJvS7ixvnAk_gdI_1/anGnv31dmOJhheXBnYQ3gw

Remote address:

34.104.35.123:80

Request

GET /edgedl/release2/chrome_component/APhHMzuprJvS7ixvnAk_gdI_1/anGnv31dmOJhheXBnYQ3gw HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 28 Jul 2020 19:50:19 GMT
User-Agent: Microsoft BITS/7.8
Host: edgedl.me.gvt1.com

Response

HTTP/1.1 200 OK

accept-ranges: bytes
content-disposition: attachment
content-length: 394133
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: d08a11b7-0a33-4a0b-a3f0-11d1f941fcd6
date: Fri, 03 Feb 2023 08:59:58 GMT
age: 37433
last-modified: Tue, 28 Jul 2020 19:50:19 GMT
etag: "662670"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000
cache-control: public,max-age=86400
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://dns.google/dns-query?dns=AAABAAABAAAAAAABDHNhZmVicm93c2luZwpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAEgADABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

chrome.exe

Remote address:

8.8.4.4:443

Request

GET /dns-query?dns=AAABAAABAAAAAAABDHNhZmVicm93c2luZwpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAEgADABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA HTTP/2.0
host: dns.google
accept: application/dns-message
accept-language: *
user-agent: Chrome
accept-encoding: identity
GET

https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$req=Ch0KDGdvb2dsZWNocm9tZRINODkuMC40Mzg5LjExNBoMCAUQASIEIAEgAigBGgwIARABIgQgASACKAEaDAgDEAEiBCABIAIoARoMCAcQASIEIAEgAigBGgwIARABIgQgASACKAMaDAgBEAgiBCABIAIoBBoMCAkQASIEIAEgAigGGgwIDxABIgQgASACKAEaDAgKEAgiBCABIAIoARoMCAkQASIEIAEgAigBGgwICBABIgQgASACKAEaDAgNEAEiBCABIAIoARoMCA4QASIEIAEgAigBGgwIEBABIgQgASACKAEiAggB&$ct=application/x-protobuf&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw

chrome.exe

Remote address:

142.250.179.170:443

Request

GET /v4/threatListUpdates:fetch?$req=Ch0KDGdvb2dsZWNocm9tZRINODkuMC40Mzg5LjExNBoMCAUQASIEIAEgAigBGgwIARABIgQgASACKAEaDAgDEAEiBCABIAIoARoMCAcQASIEIAEgAigBGgwIARABIgQgASACKAMaDAgBEAgiBCABIAIoBBoMCAkQASIEIAEgAigGGgwIDxABIgQgASACKAEaDAgKEAgiBCABIAIoARoMCAkQASIEIAEgAigBGgwICBABIgQgASACKAEaDAgNEAEiBCABIAIoARoMCA4QASIEIAEgAigBGgwIEBABIgQgASACKAEiAggB&$ct=application/x-protobuf&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/2.0
host: safebrowsing.googleapis.com
x-http-method-override: POST
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
accept-encoding: gzip, deflate, br

172.217.168.238:443

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D175%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D175%2526e%253D1

tls, http2

chrome.exe

2.3kB
9.8kB
20
22

HTTP Request

GET https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=89.0.4389.114&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D175%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D175%2526e%253D1
52.222.139.32:443

https://links.mkt2527.com/els/v2/a4A_hZqNZ8f7/elpTOUx3RGViSExMaEFRTUVTOUFtRVJDWFV5TzhmdVFyWDhSSjhHNGprNWxaVXRtMUxjaTZKbUIxUEhqZGxieTJtUWFGU3NaZ0JlRndlbGVUWmE5Z01OMWpsdFhqRnVtaGFkYThYL0RlL1U9S0/

tls, http

chrome.exe

2.1kB
8.6kB
17
20

HTTP Request

GET https://links.mkt2527.com/els/v2/a4A_hZqNZ8f7/elpTOUx3RGViSExMaEFRTUVTOUFtRVJDWFV5TzhmdVFyWDhSSjhHNGprNWxaVXRtMUxjaTZKbUIxUEhqZGxieTJtUWFGU3NaZ0JlRndlbGVUWmE5Z01OMWpsdFhqRnVtaGFkYThYL0RlL1U9S0/

HTTP Response

302
142.251.36.45:443

https://accounts.google.com/gsi/button?theme=outline&size=large&shape=circle&logo_alignment=center&text=signup_with&width=300&client_id=49625052041-kgt0hghf445lmcmhijv46b715m2mpbct.apps.googleusercontent.com&iframe_id=gsi_582940_356587&as=uwDxXrtvgA59c%2FmV5ZIL5Q&hl=en

tls, http2

chrome.exe

5.9kB
135.5kB
84
142

HTTP Request

POST https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard

HTTP Request

GET https://accounts.google.com/gsi/client

HTTP Request

GET https://accounts.google.com/gsi/style

HTTP Request

GET https://accounts.google.com/gsi/status?client_id=49625052041-kgt0hghf445lmcmhijv46b715m2mpbct.apps.googleusercontent.com&as=5GlkeknRI96mFP8XJ%2FQN2w

HTTP Request

GET https://accounts.google.com/gsi/button?theme=outline&size=large&shape=circle&logo_alignment=center&text=signup_with&width=300&client_id=49625052041-kgt0hghf445lmcmhijv46b715m2mpbct.apps.googleusercontent.com&iframe_id=gsi_582940_356587&as=uwDxXrtvgA59c%2FmV5ZIL5Q&hl=en
52.222.139.32:443

links.mkt2527.com

tls

chrome.exe

1.1kB
7.9kB
12
14
34.104.35.123:80

http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx

http

chrome.exe

5.0kB
256.9kB
101
192

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx

HTTP Response

200
20.189.173.1:443

322 B
7
104.244.42.65:80

http://www.twitter.com/bcbsil

http

chrome.exe

900 B
798 B
10
9

HTTP Request

GET http://www.twitter.com/bcbsil

HTTP Response

301
104.244.42.65:443

https://www.twitter.com/bcbsil

tls, http2

chrome.exe

1.7kB
4.3kB
15
17

HTTP Request

GET https://www.twitter.com/bcbsil

HTTP Response

301
104.244.42.1:443

https://twitter.com/home?precache=1

tls, http2

chrome.exe

4.7kB
125.7kB
70
118

HTTP Request

GET https://twitter.com/bcbsil

HTTP Response

200

HTTP Request

GET https://twitter.com/manifest.json

HTTP Response

200

HTTP Request

GET https://twitter.com/sw.js

HTTP Response

200

HTTP Request

GET https://twitter.com/manifest.json

HTTP Request

GET https://twitter.com/home?precache=1

HTTP Response

200

HTTP Response

200
8.8.4.4:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABBnVwZGF0ZQpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAE4ADABKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

chrome.exe

2.7kB
9.2kB
29
34

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABBnVwZGF0ZQpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAE4ADABKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
8.8.4.4:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABBHBsYXkGZ29vZ2xlA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

chrome.exe

6.1kB
16.9kB
62
80

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA2FicwV0d2ltZwNjb20AAAEAAQAAKRAAAAAAAABWAAwAUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3BicwV0d2ltZwNjb20AAAEAAQAAKRAAAAAAAABWAAwAUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA2FwaQd0d2l0dGVyA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABAXQCY28AAAEAAQAAKRAAAAAAAABfAAwAWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABBXZpZGVvBXR3aW1nA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3NzbAdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABB2FwcGxlaWQJY2RuLWFwcGxlA2NvbQAAAQABAAApEAAAAAAAAE4ADABKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABEGNvbnRlbnQtYXV0b2ZpbGwKZ29vZ2xlYXBpcwNjb20AAAEAAQAAKRAAAAAAAABEAAwAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABBWZvbnRzB2dzdGF0aWMDY29tAAABAAEAACkQAAAAAAAAUgAMAE4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABBWFicy0wBXR3aW1nA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABBHBsYXkGZ29vZ2xlA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
199.232.148.159:443

abs.twimg.com

tls

chrome.exe

131.5kB
3.5MB
1787
3153
199.232.148.159:443

abs.twimg.com

tls

chrome.exe

972 B
4.5kB
8
10
199.232.148.159:443

abs.twimg.com

tls

chrome.exe

1.0kB
5.7kB
9
11
199.232.148.159:443

abs.twimg.com

tls

chrome.exe

1.0kB
5.7kB
9
11
199.232.148.159:443

abs.twimg.com

tls

chrome.exe

972 B
4.5kB
8
10
199.232.148.159:443

abs.twimg.com

tls

chrome.exe

1.0kB
5.7kB
9
11
199.232.148.159:443

abs.twimg.com

tls

chrome.exe

45.1kB
1.2MB
593
1029
199.232.148.159:443

pbs.twimg.com

tls

chrome.exe

7.3kB
236.7kB
115
206
104.244.42.66:443

https://api.twitter.com/1.1/jot/client_event.json?keepalive=false

tls, http2

chrome.exe

43.9kB
71.4kB
107
113

HTTP Request

POST https://api.twitter.com/1.1/jot/client_event.json?keepalive=false

HTTP Response

200

HTTP Request

POST https://api.twitter.com/1.1/jot/client_event.json?keepalive=false

HTTP Response

200

HTTP Request

GET https://api.twitter.com/1.1/hashflags.json

HTTP Response

200

HTTP Request

POST https://api.twitter.com/1.1/jot/client_event.json?keepalive=false

HTTP Response

200

HTTP Request

POST https://api.twitter.com/1.1/attribution/event.json

HTTP Response

200

HTTP Request

GET https://api.twitter.com/graphql/hVhfo_TquFTmgL7gYwf91Q/UserByScreenName?variables=%7B%22screen_name%22%3A%22bcbsil%22%2C%22withSafetyModeUserFields%22%3Atrue%2C%22withSuperFollowsUserFields%22%3Atrue%7D&features=%7B%22responsive_web_twitter_blue_verified_badge_is_enabled%22%3Atrue%2C%22verified_phone_label_enabled%22%3Afalse%2C%22responsive_web_graphql_timeline_navigation_enabled%22%3Atrue%7D

HTTP Response

200

HTTP Request

POST https://api.twitter.com/1.1/jot/client_event.json?keepalive=false

HTTP Request

POST https://api.twitter.com/1.1/jot/ces/p2

HTTP Request

GET https://api.twitter.com/graphql/mi_IjXgFyr41N9zkszPz9w/UserByRestId?variables=%7B%22userId%22%3A%2216312904%22%2C%22withSafetyModeUserFields%22%3Atrue%2C%22withSuperFollowsUserFields%22%3Atrue%7D&features=%7B%22responsive_web_twitter_blue_verified_badge_is_enabled%22%3Atrue%2C%22verified_phone_label_enabled%22%3Afalse%2C%22responsive_web_graphql_timeline_navigation_enabled%22%3Atrue%7D

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://api.twitter.com/1.1/jot/client_event.json?keepalive=false

HTTP Response

200

HTTP Request

GET https://api.twitter.com/graphql/sj-BEQ0Jq5AwrydqFstdvg/UserTweets?variables=%7B%22userId%22%3A%2216312904%22%2C%22count%22%3A40%2C%22includePromotedContent%22%3Atrue%2C%22withQuickPromoteEligibilityTweetFields%22%3Atrue%2C%22withSuperFollowsUserFields%22%3Atrue%2C%22withDownvotePerspective%22%3Afalse%2C%22withReactionsMetadata%22%3Afalse%2C%22withReactionsPerspective%22%3Afalse%2C%22withSuperFollowsTweetFields%22%3Atrue%2C%22withVoice%22%3Atrue%2C%22withV2Timeline%22%3Atrue%7D&features=%7B%22responsive_web_twitter_blue_verified_badge_is_enabled%22%3Atrue%2C%22verified_phone_label_enabled%22%3Afalse%2C%22responsive_web_graphql_timeline_navigation_enabled%22%3Atrue%2C%22longform_notetweets_consumption_enabled%22%3Atrue%2C%22tweetypie_unmention_optimization_enabled%22%3Atrue%2C%22vibe_api_enabled%22%3Atrue%2C%22responsive_web_edit_tweet_api_enabled%22%3Atrue%2C%22graphql_is_translatable_rweb_tweet_is_translatable_enabled%22%3Atrue%2C%22view_counts_everywhere_api_enabled%22%3Atrue%2C%22standardized_nudges_misinfo%22%3Atrue%2C%22tweet_with_visibility_results_prefer_gql_limited_actions_policy_enabled%22%3Afalse%2C%22interactive_text_enabled%22%3Atrue%2C%22responsive_web_text_conversations_enabled%22%3Afalse%2C%22responsive_web_enhance_cards_enabled%22%3Afalse%7D

HTTP Request

GET https://api.twitter.com/graphql/LsL6YcDRR1EWy6Ojp9zeMA/UserMedia?variables=%7B%22userId%22%3A%2216312904%22%2C%22count%22%3A20%2C%22includePromotedContent%22%3Afalse%2C%22withSuperFollowsUserFields%22%3Atrue%2C%22withDownvotePerspective%22%3Afalse%2C%22withReactionsMetadata%22%3Afalse%2C%22withReactionsPerspective%22%3Afalse%2C%22withSuperFollowsTweetFields%22%3Atrue%2C%22withClientEventToken%22%3Afalse%2C%22withBirdwatchNotes%22%3Afalse%2C%22withVoice%22%3Atrue%2C%22withV2Timeline%22%3Atrue%7D&features=%7B%22responsive_web_twitter_blue_verified_badge_is_enabled%22%3Atrue%2C%22verified_phone_label_enabled%22%3Afalse%2C%22responsive_web_graphql_timeline_navigation_enabled%22%3Atrue%2C%22longform_notetweets_consumption_enabled%22%3Atrue%2C%22tweetypie_unmention_optimization_enabled%22%3Atrue%2C%22vibe_api_enabled%22%3Atrue%2C%22responsive_web_edit_tweet_api_enabled%22%3Atrue%2C%22graphql_is_translatable_rweb_tweet_is_translatable_enabled%22%3Atrue%2C%22view_counts_everywhere_api_enabled%22%3Atrue%2C%22standardized_nudges_misinfo%22%3Atrue%2C%22tweet_with_visibility_results_prefer_gql_limited_actions_policy_enabled%22%3Afalse%2C%22interactive_text_enabled%22%3Atrue%2C%22responsive_web_text_conversations_enabled%22%3Afalse%2C%22responsive_web_enhance_cards_enabled%22%3Afalse%7D

HTTP Response

200

HTTP Request

GET https://api.twitter.com/1.1/users/recommendations.json?include_profile_interstitial_type=1&include_blocking=1&include_blocked_by=1&include_followed_by=1&include_want_retweets=1&include_mute_edge=1&include_can_dm=1&include_can_media_tag=1&include_ext_has_nft_avatar=1&include_ext_is_blue_verified=1&include_ext_verified_type=1&skip_status=1&&pc=true&display_location=profile_accounts_sidebar&limit=4&user_id=16312904&ext=mediaStats%2ChighlightedLabel%2ChasNftAvatar%2CvoiceInfo%2Cenrichments%2CsuperFollowMetadata%2CunmentionInfo%2CeditControl%2Ccollab_control%2Cvibe

HTTP Request

GET https://api.twitter.com/2/guide.json?include_profile_interstitial_type=1&include_blocking=1&include_blocked_by=1&include_followed_by=1&include_want_retweets=1&include_mute_edge=1&include_can_dm=1&include_can_media_tag=1&include_ext_has_nft_avatar=1&include_ext_is_blue_verified=1&include_ext_verified_type=1&skip_status=1&cards_platform=Web-12&include_cards=1&include_ext_alt_text=true&include_ext_limited_action_results=false&include_quote_count=true&include_reply_count=1&tweet_mode=extended&include_ext_collab_control=true&include_ext_views=true&include_entities=true&include_user_entities=true&include_ext_media_color=true&include_ext_media_availability=true&include_ext_sensitive_media_warning=true&include_ext_trusted_friends_metadata=true&send_error_codes=true&simple_quoted_tweet=true&count=20&requestContext=launch&display_location=web_sidebar&include_page_configuration=false&profile_user_id=16312904&entity_tokens=false&ext=mediaStats%2ChighlightedLabel%2ChasNftAvatar%2CvoiceInfo%2Cenrichments%2CsuperFollowMetadata%2CunmentionInfo%2CeditControl%2Ccollab_control%2Cvibe

HTTP Request

POST https://api.twitter.com/1.1/onboarding/sso_init.json

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://api.twitter.com/1.1/jot/client_event.json?keepalive=false

HTTP Response

200

HTTP Request

POST https://api.twitter.com/1.1/jot/client_event.json?keepalive=false

HTTP Request

POST https://api.twitter.com/1.1/jot/client_event.json?keepalive=false

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://api.twitter.com/1.1/jot/client_event.json?keepalive=false

HTTP Response

200

HTTP Request

POST https://api.twitter.com/1.1/jot/ces/p2

HTTP Response

200

HTTP Request

POST https://api.twitter.com/1.1/jot/client_event.json?keepalive=false

HTTP Response

200
104.244.42.69:443

t.co

tls

chrome.exe

1.1kB
3.3kB
12
12
117.18.232.102:443

video.twimg.com

tls

chrome.exe

1.7kB
5.5kB
12
16
104.244.42.66:443

https://api.twitter.com/1.1/onboarding/sso_init.json

tls, http2

chrome.exe

6.8kB
5.9kB
33
28

HTTP Request

OPTIONS https://api.twitter.com/1.1/jot/client_event.json?keepalive=false

HTTP Response

200

HTTP Request

OPTIONS https://api.twitter.com/1.1/hashflags.json

HTTP Response

200

HTTP Request

OPTIONS https://api.twitter.com/1.1/attribution/event.json

HTTP Response

200

HTTP Request

OPTIONS https://api.twitter.com/graphql/hVhfo_TquFTmgL7gYwf91Q/UserByScreenName?variables=%7B%22screen_name%22%3A%22bcbsil%22%2C%22withSafetyModeUserFields%22%3Atrue%2C%22withSuperFollowsUserFields%22%3Atrue%7D&features=%7B%22responsive_web_twitter_blue_verified_badge_is_enabled%22%3Atrue%2C%22verified_phone_label_enabled%22%3Afalse%2C%22responsive_web_graphql_timeline_navigation_enabled%22%3Atrue%7D

HTTP Response

200

HTTP Request

OPTIONS https://api.twitter.com/1.1/jot/ces/p2

HTTP Response

200

HTTP Request

OPTIONS https://api.twitter.com/graphql/mi_IjXgFyr41N9zkszPz9w/UserByRestId?variables=%7B%22userId%22%3A%2216312904%22%2C%22withSafetyModeUserFields%22%3Atrue%2C%22withSuperFollowsUserFields%22%3Atrue%7D&features=%7B%22responsive_web_twitter_blue_verified_badge_is_enabled%22%3Atrue%2C%22verified_phone_label_enabled%22%3Afalse%2C%22responsive_web_graphql_timeline_navigation_enabled%22%3Atrue%7D

HTTP Response

200

HTTP Request

OPTIONS https://api.twitter.com/graphql/sj-BEQ0Jq5AwrydqFstdvg/UserTweets?variables=%7B%22userId%22%3A%2216312904%22%2C%22count%22%3A40%2C%22includePromotedContent%22%3Atrue%2C%22withQuickPromoteEligibilityTweetFields%22%3Atrue%2C%22withSuperFollowsUserFields%22%3Atrue%2C%22withDownvotePerspective%22%3Afalse%2C%22withReactionsMetadata%22%3Afalse%2C%22withReactionsPerspective%22%3Afalse%2C%22withSuperFollowsTweetFields%22%3Atrue%2C%22withVoice%22%3Atrue%2C%22withV2Timeline%22%3Atrue%7D&features=%7B%22responsive_web_twitter_blue_verified_badge_is_enabled%22%3Atrue%2C%22verified_phone_label_enabled%22%3Afalse%2C%22responsive_web_graphql_timeline_navigation_enabled%22%3Atrue%2C%22longform_notetweets_consumption_enabled%22%3Atrue%2C%22tweetypie_unmention_optimization_enabled%22%3Atrue%2C%22vibe_api_enabled%22%3Atrue%2C%22responsive_web_edit_tweet_api_enabled%22%3Atrue%2C%22graphql_is_translatable_rweb_tweet_is_translatable_enabled%22%3Atrue%2C%22view_counts_everywhere_api_enabled%22%3Atrue%2C%22standardized_nudges_misinfo%22%3Atrue%2C%22tweet_with_visibility_results_prefer_gql_limited_actions_policy_enabled%22%3Afalse%2C%22interactive_text_enabled%22%3Atrue%2C%22responsive_web_text_conversations_enabled%22%3Afalse%2C%22responsive_web_enhance_cards_enabled%22%3Afalse%7D

HTTP Response

200

HTTP Request

OPTIONS https://api.twitter.com/graphql/LsL6YcDRR1EWy6Ojp9zeMA/UserMedia?variables=%7B%22userId%22%3A%2216312904%22%2C%22count%22%3A20%2C%22includePromotedContent%22%3Afalse%2C%22withSuperFollowsUserFields%22%3Atrue%2C%22withDownvotePerspective%22%3Afalse%2C%22withReactionsMetadata%22%3Afalse%2C%22withReactionsPerspective%22%3Afalse%2C%22withSuperFollowsTweetFields%22%3Atrue%2C%22withClientEventToken%22%3Afalse%2C%22withBirdwatchNotes%22%3Afalse%2C%22withVoice%22%3Atrue%2C%22withV2Timeline%22%3Atrue%7D&features=%7B%22responsive_web_twitter_blue_verified_badge_is_enabled%22%3Atrue%2C%22verified_phone_label_enabled%22%3Afalse%2C%22responsive_web_graphql_timeline_navigation_enabled%22%3Atrue%2C%22longform_notetweets_consumption_enabled%22%3Atrue%2C%22tweetypie_unmention_optimization_enabled%22%3Atrue%2C%22vibe_api_enabled%22%3Atrue%2C%22responsive_web_edit_tweet_api_enabled%22%3Atrue%2C%22graphql_is_translatable_rweb_tweet_is_translatable_enabled%22%3Atrue%2C%22view_counts_everywhere_api_enabled%22%3Atrue%2C%22standardized_nudges_misinfo%22%3Atrue%2C%22tweet_with_visibility_results_prefer_gql_limited_actions_policy_enabled%22%3Afalse%2C%22interactive_text_enabled%22%3Atrue%2C%22responsive_web_text_conversations_enabled%22%3Afalse%2C%22responsive_web_enhance_cards_enabled%22%3Afalse%7D

HTTP Response

200

HTTP Request

OPTIONS https://api.twitter.com/1.1/users/recommendations.json?include_profile_interstitial_type=1&include_blocking=1&include_blocked_by=1&include_followed_by=1&include_want_retweets=1&include_mute_edge=1&include_can_dm=1&include_can_media_tag=1&include_ext_has_nft_avatar=1&include_ext_is_blue_verified=1&include_ext_verified_type=1&skip_status=1&&pc=true&display_location=profile_accounts_sidebar&limit=4&user_id=16312904&ext=mediaStats%2ChighlightedLabel%2ChasNftAvatar%2CvoiceInfo%2Cenrichments%2CsuperFollowMetadata%2CunmentionInfo%2CeditControl%2Ccollab_control%2Cvibe

HTTP Response

200

HTTP Request

OPTIONS https://api.twitter.com/2/guide.json?include_profile_interstitial_type=1&include_blocking=1&include_blocked_by=1&include_followed_by=1&include_want_retweets=1&include_mute_edge=1&include_can_dm=1&include_can_media_tag=1&include_ext_has_nft_avatar=1&include_ext_is_blue_verified=1&include_ext_verified_type=1&skip_status=1&cards_platform=Web-12&include_cards=1&include_ext_alt_text=true&include_ext_limited_action_results=false&include_quote_count=true&include_reply_count=1&tweet_mode=extended&include_ext_collab_control=true&include_ext_views=true&include_entities=true&include_user_entities=true&include_ext_media_color=true&include_ext_media_availability=true&include_ext_sensitive_media_warning=true&include_ext_trusted_friends_metadata=true&send_error_codes=true&simple_quoted_tweet=true&count=20&requestContext=launch&display_location=web_sidebar&include_page_configuration=false&profile_user_id=16312904&entity_tokens=false&ext=mediaStats%2ChighlightedLabel%2ChasNftAvatar%2CvoiceInfo%2Cenrichments%2CsuperFollowMetadata%2CunmentionInfo%2CeditControl%2Ccollab_control%2Cvibe

HTTP Response

200

HTTP Request

OPTIONS https://api.twitter.com/1.1/onboarding/sso_init.json

HTTP Response

200
216.58.208.99:443

https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb

tls, http2

chrome.exe

5.6kB
92.3kB
82
79

HTTP Request

GET https://ssl.gstatic.com/safebrowsing/csd/client_model_v5_variation_6.pb
23.222.51.44:443

https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js

tls, http

chrome.exe

2.1kB
25.3kB
23
33

HTTP Request

GET https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js

HTTP Response

200
142.251.36.10:443

https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvODkuMC40Mzg5LjExNBIQCU8K9GMPI8A4EgUNkWGVTg==?alt=proto

tls, http2

chrome.exe

2.0kB
6.7kB
19
20

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvODkuMC40Mzg5LjExNBIQCU8K9GMPI8A4EgUNkWGVTg==?alt=proto
104.244.43.131:443

abs-0.twimg.com

tls

chrome.exe

1.8kB
6.4kB
16
19
142.251.36.14:443

play.google.com

tls, https

chrome.exe

2.8kB
9.8kB
23
25
209.197.3.8:80

322 B
7
209.197.3.8:80

322 B
7
209.197.3.8:80

322 B
7
104.80.225.205:443

322 B
7
209.197.3.8:80

322 B
7
142.250.179.163:443

https://update.googleapis.com/service/update2/json

tls, http2

chrome.exe

19.4kB
22.6kB
75
104

HTTP Request

POST https://update.googleapis.com/service/update2/json?cup2key=10:4046398369&cup2hreq=d838865c1cd8e4de1bde65bf6ebbdd41ed7b2473f0efc1f04052d3771c0b9aba

HTTP Request

POST https://update.googleapis.com/service/update2/json

HTTP Request

POST https://update.googleapis.com/service/update2/json

HTTP Request

POST https://update.googleapis.com/service/update2/json

HTTP Request

POST https://update.googleapis.com/service/update2/json

HTTP Request

POST https://update.googleapis.com/service/update2/json

HTTP Request

POST https://update.googleapis.com/service/update2/json

HTTP Request

POST https://update.googleapis.com/service/update2/json

HTTP Request

POST https://update.googleapis.com/service/update2/json

HTTP Request

POST https://update.googleapis.com/service/update2/json

HTTP Request

POST https://update.googleapis.com/service/update2/json
34.104.35.123:80

http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/APhHMzuprJvS7ixvnAk_gdI_1/anGnv31dmOJhheXBnYQ3gw

http

291.2kB
9.1MB
4523
6500

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/eua6zlfhpj3roq46nymxtbz4zq_2022.10.19.1145/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/eua6zlfhpj3roq46nymxtbz4zq_2022.10.19.1145/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/eua6zlfhpj3roq46nymxtbz4zq_2022.10.19.1145/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/eua6zlfhpj3roq46nymxtbz4zq_2022.10.19.1145/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/eua6zlfhpj3roq46nymxtbz4zq_2022.10.19.1145/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3

HTTP Response

206

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/a6cmame6gvjjxyoop5xalea2j4_9.42.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.42.0_all_pxsqvymripaq7s6szfzfirkhqq.crx3

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/a6cmame6gvjjxyoop5xalea2j4_9.42.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.42.0_all_pxsqvymripaq7s6szfzfirkhqq.crx3

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/a6cmame6gvjjxyoop5xalea2j4_9.42.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.42.0_all_pxsqvymripaq7s6szfzfirkhqq.crx3

HTTP Response

206

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/mouvdyia34vlibzxbufzmd6m7y_57/khaoiebndkojlmppeemjhbpbandiljpe_57_win_o57jjjyx7jfaz3k2d7p3mbix6e.crx3

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/mouvdyia34vlibzxbufzmd6m7y_57/khaoiebndkojlmppeemjhbpbandiljpe_57_win_o57jjjyx7jfaz3k2d7p3mbix6e.crx3

HTTP Response

200

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvODJiQUFYYVJaZ0k5di1hUFlXS1prX2xDZw/1.0.0.13_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

HTTP Response

200

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/YGkwa4MXjfWSuERyWQYP_A_4/aapLKTSZ439A-0g3nqJr3Q

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/YGkwa4MXjfWSuERyWQYP_A_4/aapLKTSZ439A-0g3nqJr3Q

HTTP Response

200

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adbgwltl5na5cz7kxx7rxgdhnn5q_112.0.5576.0/jamhcnnkihinmdlkakkaopbjbbcngflc_112.0.5576.0_all_nbo4na5y3uf5etkwxibm77jp3i.crx3

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adbgwltl5na5cz7kxx7rxgdhnn5q_112.0.5576.0/jamhcnnkihinmdlkakkaopbjbbcngflc_112.0.5576.0_all_nbo4na5y3uf5etkwxibm77jp3i.crx3

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adbgwltl5na5cz7kxx7rxgdhnn5q_112.0.5576.0/jamhcnnkihinmdlkakkaopbjbbcngflc_112.0.5576.0_all_nbo4na5y3uf5etkwxibm77jp3i.crx3

HTTP Response

206

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3

HTTP Response

200

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ANlaTV2JH2WK9RCoHi__mxg_1.0.6/S3ybLvFx94Hgn9pWLt24ug

HTTP Response

200

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

HTTP Response

206

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVlUQ/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

HTTP Response

206

HTTP Request

HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/APhHMzuprJvS7ixvnAk_gdI_1/anGnv31dmOJhheXBnYQ3gw

HTTP Response

200

HTTP Request

GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/APhHMzuprJvS7ixvnAk_gdI_1/anGnv31dmOJhheXBnYQ3gw

HTTP Response

200
8.8.4.4:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

chrome.exe

2.0kB
7.9kB
19
22

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
8.8.4.4:443

https://dns.google/dns-query?dns=AAABAAABAAAAAAABDHNhZmVicm93c2luZwpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAEgADABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

tls, http2

chrome.exe

2.0kB
7.8kB
18
20

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABA3d3dwdnc3RhdGljA2NvbQAAAQABAAApEAAAAAAAAFQADABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HTTP Request

GET https://dns.google/dns-query?dns=AAABAAABAAAAAAABDHNhZmVicm93c2luZwpnb29nbGVhcGlzA2NvbQAAAQABAAApEAAAAAAAAEgADABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
142.250.179.170:443

https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$req=Ch0KDGdvb2dsZWNocm9tZRINODkuMC40Mzg5LjExNBoMCAUQASIEIAEgAigBGgwIARABIgQgASACKAEaDAgDEAEiBCABIAIoARoMCAcQASIEIAEgAigBGgwIARABIgQgASACKAMaDAgBEAgiBCABIAIoBBoMCAkQASIEIAEgAigGGgwIDxABIgQgASACKAEaDAgKEAgiBCABIAIoARoMCAkQASIEIAEgAigBGgwICBABIgQgASACKAEaDAgNEAEiBCABIAIoARoMCA4QASIEIAEgAigBGgwIEBABIgQgASACKAEiAggB&$ct=application/x-protobuf&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw

tls, http2

chrome.exe

125.2kB
7.2MB
2687
5165

HTTP Request

GET https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$req=Ch0KDGdvb2dsZWNocm9tZRINODkuMC40Mzg5LjExNBoMCAUQASIEIAEgAigBGgwIARABIgQgASACKAEaDAgDEAEiBCABIAIoARoMCAcQASIEIAEgAigBGgwIARABIgQgASACKAMaDAgBEAgiBCABIAIoBBoMCAkQASIEIAEgAigGGgwIDxABIgQgASACKAEaDAgKEAgiBCABIAIoARoMCAkQASIEIAEgAigBGgwICBABIgQgASACKAEaDAgNEAEiBCABIAIoARoMCA4QASIEIAEgAigBGgwIEBABIgQgASACKAEiAggB&$ct=application/x-protobuf&key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw

224.0.0.251:5353

2.9kB
50
8.8.8.8:53

links.mkt2527.com

dns

chrome.exe

63 B
169 B
1
1

DNS Request

links.mkt2527.com

DNS Response

52.222.139.32

52.222.139.127

52.222.139.48

52.222.139.40
8.8.8.8:53

accounts.google.com

dns

chrome.exe

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

142.251.36.45
8.8.8.8:53

clients2.google.com

dns

chrome.exe

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

172.217.168.238
8.8.8.8:53

edgedl.me.gvt1.com

dns

chrome.exe

64 B
80 B
1
1

DNS Request

edgedl.me.gvt1.com

DNS Response

34.104.35.123
8.8.8.8:53

www.twitter.com

dns

chrome.exe

61 B
107 B
1
1

DNS Request

www.twitter.com

DNS Response

104.244.42.65

104.244.42.1
8.8.8.8:53

twitter.com

dns

chrome.exe

57 B
89 B
1
1

DNS Request

twitter.com

DNS Response

104.244.42.1

104.244.42.129
8.8.8.8:53

dns.google

dns

chrome.exe

56 B
88 B
1
1

DNS Request

dns.google

DNS Response

8.8.4.4

8.8.8.8
8.8.8.8:53

edgedl.me.gvt1.com

dns

chrome.exe

64 B
80 B
1
1

DNS Request

edgedl.me.gvt1.com

DNS Response

34.104.35.123

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4480_514757598\ChromeRecovery.exe

Filesize
253KB

MD5
49ac3c96d270702a27b4895e4ce1f42a

SHA1
55b90405f1e1b72143c64113e8bc65608dd3fd76

SHA256
82aa3fd6a25cda9e16689cfadea175091be010cecae537e517f392e0bef5ba0f

SHA512
b62f6501cb4c992d42d9097e356805c88ac4ac5a46ead4a8eee9f8cbae197b2305da8aab5b4a61891fe73951588025f2d642c32524b360687993f98c913138a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved\1.3.36.141\Recovery.crx3

Filesize
141KB

MD5
ea1c1ffd3ea54d1fb117bfdbb3569c60

SHA1
10958b0f690ae8f5240e1528b1ccffff28a33272

SHA256
7c3a6a7d16ac44c3200f572a764bce7d8fa84b9572dd028b15c59bdccbc0a77d

SHA512
6c30728cac9eac53f0b27b7dbe2222da83225c3b63617d6b271a6cfedf18e8f0a8dffa1053e1cbc4c5e16625f4bbc0d03aa306a946c9d72faa4ceb779f8ffcaf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request