Analysis

  • max time kernel
    150s
  • max time network
    165s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16-03-2024 14:15

General

  • Target

    LOLPRO 13.10.exe

  • Size

    449KB

  • MD5

    420dc8123043a54629f25adfb1cff776

  • SHA1

    fe54a1692343895742c6f043508d1c1e3913897b

  • SHA256

    3c08ff244314007374e4f36f88f876b8ef650c6e039d1df6a2c39948f742578a

  • SHA512

    f08267ba0a2fc9ad8e3bd74ace74d0415097c1a14a433190fe6ac9edb11dc4ae59ff10eb4083d6b3087245c25fad4c85c28220b5f7a962a4e466518110f11c42

  • SSDEEP

    12288:rBBbTe4jix+DsUp6BOaX8nfM3qEpg81EPC:rBNBe+Q5X8nZMg8n

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 55 IoCs
  • Suspicious behavior: EnumeratesProcesses 29 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LOLPRO 13.10.exe
    "C:\Users\Admin\AppData\Local\Temp\LOLPRO 13.10.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Users\Admin\AppData\Local\Temp\6aJ.exe
      "C:\Users\Admin\AppData\Local\Temp\6aJ.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1232
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2436
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2436 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:500

Network

  • flag-us
    DNS
    s.modskinpro.com
    6aJ.exe
    Remote address:
    8.8.8.8:53
    Request
    s.modskinpro.com
    IN A
    Response
    s.modskinpro.com
    IN A
    107.152.32.179
  • flag-us
    GET
    http://s.modskinpro.com/location.php
    6aJ.exe
    Remote address:
    107.152.32.179:80
    Request
    GET /location.php HTTP/1.1
    Connection: Keep-Alive
    User-Agent: Agent
    Host: s.modskinpro.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Date: Sat, 16 Mar 2024 14:16:08 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Vary: Accept-Encoding
    X-Frame-Options: SAMEORIGIN
    X-XSS-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
  • flag-us
    DNS
    leagueskin.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    leagueskin.net
    IN A
    Response
    leagueskin.net
    IN A
    172.67.182.236
    leagueskin.net
    IN A
    104.21.64.111
  • flag-us
    GET
    http://leagueskin.net/js/ui-bootstrap-tpls-2.5.0.min.js
    IEXPLORE.EXE
    Remote address:
    172.67.182.236:80
    Request
    GET /js/ui-bootstrap-tpls-2.5.0.min.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: leagueskin.net
    Connection: Keep-Alive
    Cookie: ls_session=4v680t9og7vpievrb38n0rafguhcli8k
    Response
    HTTP/1.1 200 OK
    Date: Sat, 16 Mar 2024 14:16:09 GMT
    Content-Type: application/javascript
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Sun, 16 Apr 2017 05:36:16 GMT
    Vary: Accept-Encoding
    ETag: W/"58f302d0-1e9c8"
    Expires: Fri, 29 Mar 2024 05:37:54 GMT
    Cache-Control: public, max-age=2592000, must-revalidate, proxy-revalidate
    Pragma: public
    Content-Encoding: gzip
    CF-Cache-Status: HIT
    Age: 1499895
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z0e7dC5b1cdTcCsR3ByLe0Tb5TR3RPoVKYr3fhW%2Btsf48LX3owLN7NXAjR54d1wcNR5GP3MFHwngAuMw73GKHltk4%2Bny%2BvblTkmaXBzncAJ0Iuz7yUukMZQbEKTtTTLCVw%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 86555c02881f653a-LHR
  • flag-us
    GET
    http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    IEXPLORE.EXE
    Remote address:
    172.67.182.236:80
    Request
    GET /p/make-cover-facebook-style-league-of-legends-chn HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: leagueskin.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sat, 16 Mar 2024 14:16:09 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Vary: Accept-Encoding
    Set-Cookie: ls_session=4v680t9og7vpievrb38n0rafguhcli8k; expires=Sat, 16-Mar-2024 16:16:09 GMT; Max-Age=7200; path=/; HttpOnly
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    X-Frame-Options: SAMEORIGIN
    X-XSS-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BQLNtTn15LffSGcQ8iuHl2RbKV%2BcwYUmyYKLl15U00ZVP8YqArdk3M1F5E5ksDNTZ%2F9ibwe9YnBDPCf8fQUS5vz%2Bu7AvCT8u7RiGmxhTQvLhlkqgcUFkmijTrDLPqROKnw%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 86555c002b9863e6-LHR
    Content-Encoding: gzip
  • flag-us
    GET
    http://leagueskin.net/css/my-template.css?c=5
    IEXPLORE.EXE
    Remote address:
    172.67.182.236:80
    Request
    GET /css/my-template.css?c=5 HTTP/1.1
    Accept: text/css, */*
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: leagueskin.net
    Connection: Keep-Alive
    Cookie: ls_session=4v680t9og7vpievrb38n0rafguhcli8k
    Response
    HTTP/1.1 200 OK
    Date: Sat, 16 Mar 2024 14:16:09 GMT
    Content-Type: text/css
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Mon, 24 Apr 2017 13:19:28 GMT
    Vary: Accept-Encoding
    ETag: W/"58fdfb60-3631"
    Expires: Mon, 15 Apr 2024 14:16:09 GMT
    Cache-Control: max-age=2592000
    Cache-Control: public, must-revalidate, proxy-revalidate
    Pragma: public
    Content-Encoding: gzip
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cg96IjFYy0QpPJw%2Fjuj1xvi8L4nG23gGImrJcXtLQAkrLin1l1UHo6CZTpXEu4E%2B4l5d6SpLP1ChFlPMJL5ZnmyhNYZQTHUVXQust7lu44fe%2BcKYXD3Ffx0BRL1rL7IzGg%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 86555c026f3663e6-LHR
  • flag-us
    DNS
    maxcdn.bootstrapcdn.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    maxcdn.bootstrapcdn.com
    IN A
    Response
    maxcdn.bootstrapcdn.com
    IN A
    104.18.10.207
    maxcdn.bootstrapcdn.com
    IN A
    104.18.11.207
  • flag-us
    DNS
    cdnjs.cloudflare.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    cdnjs.cloudflare.com
    IN A
    Response
    cdnjs.cloudflare.com
    IN A
    104.17.25.14
    cdnjs.cloudflare.com
    IN A
    104.17.24.14
  • flag-us
    DNS
    img.leagueskin.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    img.leagueskin.net
    IN A
    Response
    img.leagueskin.net
    IN A
    172.67.182.236
    img.leagueskin.net
    IN A
    104.21.64.111
  • flag-us
    DNS
    whos.amung.us
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    whos.amung.us
    IN A
    Response
    whos.amung.us
    IN A
    104.22.74.171
    whos.amung.us
    IN A
    172.67.8.141
    whos.amung.us
    IN A
    104.22.75.171
  • flag-us
    DNS
    ajax.googleapis.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    ajax.googleapis.com
    IN A
    Response
    ajax.googleapis.com
    IN A
    142.250.187.202
  • flag-us
    GET
    http://leagueskin.net/js/script.js?c=3
    IEXPLORE.EXE
    Remote address:
    172.67.182.236:80
    Request
    GET /js/script.js?c=3 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: leagueskin.net
    Connection: Keep-Alive
    Cookie: ls_session=4v680t9og7vpievrb38n0rafguhcli8k
    Response
    HTTP/1.1 200 OK
    Date: Sat, 16 Mar 2024 14:16:09 GMT
    Content-Type: application/javascript
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Thu, 20 Apr 2017 05:08:52 GMT
    Vary: Accept-Encoding
    ETag: W/"58f84264-7dd7"
    Expires: Mon, 15 Apr 2024 14:16:09 GMT
    Cache-Control: max-age=2592000
    Cache-Control: public, must-revalidate, proxy-revalidate
    Pragma: public
    Content-Encoding: gzip
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jue4IkKq8dZLZ8mScCqnPABY8LbhB%2BUGilWXNHWbK6sy4LwC3TlP1w1wSvau9MZgCMdYL46u%2FZUxelU38jprhPhGf1oU%2FRTZdn0rrvYnDIN2RU%2B9eQxwvttrvPWJqjU0lA%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 86555c02cf706328-LHR
  • flag-us
    GET
    http://leagueskin.net/js/apps/CoverLOL.js?u=7
    IEXPLORE.EXE
    Remote address:
    172.67.182.236:80
    Request
    GET /js/apps/CoverLOL.js?u=7 HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: leagueskin.net
    Connection: Keep-Alive
    Cookie: ls_session=4v680t9og7vpievrb38n0rafguhcli8k
    Response
    HTTP/1.1 200 OK
    Date: Sat, 16 Mar 2024 14:16:09 GMT
    Content-Type: application/javascript
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Thu, 23 Mar 2017 11:53:24 GMT
    Vary: Accept-Encoding
    ETag: W/"58d3b734-23c"
    Expires: Mon, 15 Apr 2024 14:16:09 GMT
    Cache-Control: max-age=2592000
    Cache-Control: public, must-revalidate, proxy-revalidate
    Pragma: public
    Content-Encoding: gzip
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IhegHC%2BZ%2BKaP8jcnx%2B87dBVOhia%2B0keEWuRF9iICbxkrYnQm4BuKk9Dv%2FRYh5AYhlGJu5lkE0%2FrB1ST7PS5drq3rYLFFzo05JoCCZCre6Y68p2x%2FtscPVBAYEcU2qj1izw%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 86555c02cd1124b7-LHR
  • flag-us
    GET
    http://leagueskin.net/image/fav.ico
    IEXPLORE.EXE
    Remote address:
    172.67.182.236:80
    Request
    GET /image/fav.ico HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Host: leagueskin.net
    Connection: Keep-Alive
    Cookie: ls_session=4v680t9og7vpievrb38n0rafguhcli8k; __gads=ID=bdd92c0d0b2f5a1a:T=1710598571:RT=1710598571:S=ALNI_MZGTHuqQb1G1OUhqP4EELwzwkn4zw; __gpi=UID=00000d474ed89405:T=1710598571:RT=1710598571:S=ALNI_MYM08hRnxRkO1Nm0d8S3SG1rC83vw; __eoi=ID=ac0c2f89d02da8a4:T=1710598571:RT=1710598571:S=AA-AfjYgXQXY2vmkhKV9NRdTlt-X; _ga=GA1.2.437716039.1710598570; _gid=GA1.2.1790297983.1710598574; _gat_gtag_UA_111261514_1=1
    Response
    HTTP/1.1 200 OK
    Date: Sat, 16 Mar 2024 14:16:14 GMT
    Content-Type: image/x-icon
    Transfer-Encoding: chunked
    Connection: keep-alive
    Last-Modified: Mon, 12 Sep 2016 05:03:08 GMT
    ETag: W/"57d6370c-7d26"
    Expires: Fri, 12 Apr 2024 20:42:40 GMT
    Cache-Control: public, max-age=2592000, must-revalidate, proxy-revalidate
    Pragma: public
    CF-Cache-Status: HIT
    Age: 236014
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zi%2BubwSiiSlHwc6Pe57cXlKNl%2BbKMB0BWyFSK%2FAKqzpPiGg56hINmP2RObDjknCduKfb7SeXC%2FWpf7vhCf9tS3TEZQ2WmmIOuJrciI6PP5Lhdf5qrDvgzK1cgorLSC4Osg%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 86555c229c2e24b7-LHR
    Content-Encoding: gzip
  • flag-gb
    GET
    http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
    IEXPLORE.EXE
    Remote address:
    142.250.180.2:80
    Request
    GET /pagead/js/adsbygoogle.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: pagead2.googlesyndication.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
    Vary: Accept-Encoding
    Date: Sat, 16 Mar 2024 14:16:09 GMT
    Expires: Sat, 16 Mar 2024 14:16:09 GMT
    Cache-Control: private, max-age=3600, stale-while-revalidate=3600
    Content-Type: text/javascript; charset=UTF-8
    ETag: 9489469171672934986
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    Content-Disposition: attachment; filename="f.txt"
    Content-Encoding: gzip
    Server: cafe
    Content-Length: 62716
    X-XSS-Protection: 0
  • flag-us
    GET
    http://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/css/font-awesome.min.css
    IEXPLORE.EXE
    Remote address:
    104.17.25.14:80
    Request
    GET /ajax/libs/font-awesome/4.4.0/css/font-awesome.min.css HTTP/1.1
    Accept: text/css, */*
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: cdnjs.cloudflare.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sat, 16 Mar 2024 14:16:09 GMT
    Content-Type: text/css; charset=utf-8
    Content-Length: 5936
    Connection: keep-alive
    Access-Control-Allow-Origin: *
    Cache-Control: public, max-age=30672000
    Content-Encoding: gzip
    ETag: "5eb03e5f-6857"
    Last-Modified: Mon, 04 May 2020 16:10:07 GMT
    cf-cdnjs-via: cfworker/kv
    Cross-Origin-Resource-Policy: cross-origin
    Timing-Allow-Origin: *
    X-Content-Type-Options: nosniff
    Vary: Accept-Encoding
    CF-Cache-Status: HIT
    Age: 377533
    Expires: Thu, 06 Mar 2025 14:16:09 GMT
    Accept-Ranges: bytes
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tNYYhOH12eHw8uP5fthlU7AoQI%2BHRZgYnhTrLKhnfoxbDabNzOaJb3lcdjticm%2FplmzYViYbP1ZAneBuCancVQaohUUum4vyTD1FPIySAIFa9iX0Zqsr1JtS%2FzbvK5aupDck1oot"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 86555c02e999dc31-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    http://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/fonts/fontawesome-webfont.eot?
    IEXPLORE.EXE
    Remote address:
    104.17.25.14:80
    Request
    GET /ajax/libs/font-awesome/4.4.0/fonts/fontawesome-webfont.eot? HTTP/1.1
    Accept: */*
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Origin: http://leagueskin.net
    Accept-Encoding: gzip, deflate
    Host: cdnjs.cloudflare.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sat, 16 Mar 2024 14:16:10 GMT
    Content-Type: application/octet-stream; charset=utf-8
    Content-Length: 68861
    Connection: keep-alive
    Access-Control-Allow-Origin: *
    Cache-Control: public, max-age=30672000
    Content-Encoding: gzip
    ETag: "5eb03e5f-10d0b"
    Last-Modified: Mon, 04 May 2020 16:10:07 GMT
    cf-cdnjs-via: cfworker/kv
    Cross-Origin-Resource-Policy: cross-origin
    Timing-Allow-Origin: *
    X-Content-Type-Options: nosniff
    Vary: Accept-Encoding
    CF-Cache-Status: HIT
    Age: 4776
    Expires: Thu, 06 Mar 2025 14:16:10 GMT
    Accept-Ranges: bytes
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QqvWKzWFayqgHwOabMRezYmtNhLXmjzwYed%2FFJRczKDPq2L4cLQ3ldoNwxynop7cjeOXVqIMWzsFqqtAKCD4pooWrSO701Fmw6kIydlpzSRPVtdKFcgURh%2BtX0HCNwmD%2FdMh%2FCZ3"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 86555c06cee4dc31-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css
    IEXPLORE.EXE
    Remote address:
    104.18.10.207:80
    Request
    GET /bootstrap/3.3.6/css/bootstrap.min.css HTTP/1.1
    Accept: text/css, */*
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: maxcdn.bootstrapcdn.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sat, 16 Mar 2024 14:16:09 GMT
    Content-Type: text/css; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Vary: Accept-Encoding
    CDN-PullZone: 252412
    CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74
    CDN-RequestCountryCode: FR
    Access-Control-Allow-Origin: *
    Cache-Control: public, max-age=31919000
    Content-Encoding: gzip
    ETag: W/"2f624089c65f12185e79925bc5a7fc42"
    Last-Modified: Mon, 25 Jan 2021 22:03:59 GMT
    CDN-CachedAt: 10/31/2023 19:19:15
    CDN-ProxyVer: 1.04
    CDN-RequestPullCode: 200
    CDN-RequestPullSuccess: True
    CDN-EdgeStorageId: 946
    timing-allow-origin: *
    cross-origin-resource-policy: cross-origin
    X-Content-Type-Options: nosniff
    CDN-Status: 200
    CDN-RequestId: 8d820116c82b1ae44bbea599066438ac
    CDN-Cache: HIT
    CF-Cache-Status: HIT
    Age: 9885331
    Server: cloudflare
    CF-RAY: 86555c02faeadd83-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/fonts/glyphicons-halflings-regular.eot?
    IEXPLORE.EXE
    Remote address:
    104.18.10.207:80
    Request
    GET /bootstrap/3.3.6/fonts/glyphicons-halflings-regular.eot? HTTP/1.1
    Accept: */*
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Origin: http://leagueskin.net
    Accept-Encoding: gzip, deflate
    Host: maxcdn.bootstrapcdn.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Sat, 16 Mar 2024 14:16:10 GMT
    Content-Type: application/vnd.ms-fontobject
    Transfer-Encoding: chunked
    Connection: keep-alive
    Vary: Accept-Encoding
    CDN-PullZone: 252412
    CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74
    CDN-RequestCountryCode: FR
    Access-Control-Allow-Origin: *
    Cache-Control: public, max-age=31919000
    ETag: W/"f4769f9bdb7466be65088239c12046d1"
    Last-Modified: Mon, 25 Jan 2021 22:03:59 GMT
    CDN-CachedAt: 10/31/2023 20:58:04
    CDN-ProxyVer: 1.04
    CDN-RequestPullCode: 200
    CDN-RequestPullSuccess: True
    CDN-EdgeStorageId: 1074
    timing-allow-origin: *
    cross-origin-resource-policy: cross-origin
    X-Content-Type-Options: nosniff
    CDN-Status: 200
    CDN-RequestId: b7de5c90af05c77703d6fb041714a5aa
    CDN-Cache: HIT
    Content-Encoding: gzip
    CF-Cache-Status: MISS
    Server: cloudflare
    CF-RAY: 86555c066f52dd83-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    http://whos.amung.us/widget/leagueskin.png
    IEXPLORE.EXE
    Remote address:
    104.22.74.171:80
    Request
    GET /widget/leagueskin.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: whos.amung.us
    Connection: Keep-Alive
    Response
    HTTP/1.1 307 Temporary Redirect
    Date: Sat, 16 Mar 2024 14:16:09 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    cache-control: no-cache, no-store, must-revalidate
    location: http://widgets.amung.us/classic/00/26.png
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 86555c030ef665f7-AMS
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    http://whos.amung.us/widget/xqja1tkgyuec.png
    IEXPLORE.EXE
    Remote address:
    104.22.74.171:80
    Request
    GET /widget/xqja1tkgyuec.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: whos.amung.us
    Connection: Keep-Alive
    Response
    HTTP/1.1 307 Temporary Redirect
    Date: Sat, 16 Mar 2024 14:16:09 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    cache-control: no-cache, no-store, must-revalidate
    location: http://widgets.amung.us/classic/00/33.png
    CF-Cache-Status: DYNAMIC
    Server: cloudflare
    CF-RAY: 86555c030ea00b5f-AMS
    alt-svc: h3=":443"; ma=86400
  • flag-gb
    GET
    https://ajax.googleapis.com/ajax/libs/angularjs/1.5.3/angular-animate.min.js
    IEXPLORE.EXE
    Remote address:
    142.250.187.202:443
    Request
    GET /ajax/libs/angularjs/1.5.3/angular-animate.min.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: ajax.googleapis.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Content-Encoding: gzip
    Content-Type: text/javascript; charset=UTF-8
    Access-Control-Allow-Origin: *
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
    Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
    Timing-Allow-Origin: *
    Content-Length: 9192
    Date: Sat, 16 Mar 2024 14:16:10 GMT
    Expires: Sun, 16 Mar 2025 14:16:10 GMT
    Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
    Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://ajax.googleapis.com/ajax/libs/angularjs/1.5.3/angular.min.js
    IEXPLORE.EXE
    Remote address:
    142.250.187.202:443
    Request
    GET /ajax/libs/angularjs/1.5.3/angular.min.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: ajax.googleapis.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Access-Control-Allow-Origin: *
    Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
    Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
    Timing-Allow-Origin: *
    Content-Length: 55456
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Fri, 15 Mar 2024 09:48:30 GMT
    Expires: Sat, 15 Mar 2025 09:48:30 GMT
    Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
    Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
    Content-Type: text/javascript; charset=UTF-8
    Vary: Accept-Encoding
    Age: 102460
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    GET
    http://img.leagueskin.net/upload/resize/image__20170420_1.jpg
    IEXPLORE.EXE
    Remote address:
    172.67.182.236:80
    Request
    GET /upload/resize/image__20170420_1.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: img.leagueskin.net
    Connection: Keep-Alive
    Cookie: ls_session=4v680t9og7vpievrb38n0rafguhcli8k
    Response
    HTTP/1.1 200 OK
    Date: Sat, 16 Mar 2024 14:16:09 GMT
    Content-Type: image/jpeg
    Content-Length: 12065
    Connection: keep-alive
    Last-Modified: Wed, 19 Apr 2017 22:39:54 GMT
    ETag: "58f7e73a-2f21"
    Expires: Fri, 12 Apr 2024 18:54:44 GMT
    Cache-Control: public, max-age=2592000, must-revalidate, proxy-revalidate
    Pragma: public
    CF-Cache-Status: HIT
    Age: 242485
    Accept-Ranges: bytes
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pp1y8t6zoaTG1nu98J979vlRIg3XuYHayS9rZm5qN3wmSv5cCsW8hhXonW8Q57JD7H8XyFHz9AA%2BbFpiwXSwEXA22OvIQT%2B7haRqoSEisBMy6z%2Fbp7vIPEe8JMwddvQxNtAx7gU%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 86555c030d523da8-LHR
  • flag-us
    GET
    http://img.leagueskin.net/upload/resize/image__20170313.jpg
    IEXPLORE.EXE
    Remote address:
    172.67.182.236:80
    Request
    GET /upload/resize/image__20170313.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: img.leagueskin.net
    Connection: Keep-Alive
    Cookie: ls_session=4v680t9og7vpievrb38n0rafguhcli8k
    Response
    HTTP/1.1 200 OK
    Date: Sat, 16 Mar 2024 14:16:09 GMT
    Content-Type: image/jpeg
    Content-Length: 18526
    Connection: keep-alive
    Last-Modified: Mon, 13 Mar 2017 13:49:18 GMT
    ETag: "58c6a35e-485e"
    Expires: Sat, 13 Apr 2024 02:42:39 GMT
    Cache-Control: public, max-age=2592000, must-revalidate, proxy-revalidate
    Pragma: public
    CF-Cache-Status: HIT
    Age: 214410
    Accept-Ranges: bytes
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=31%2FDTSjfr89%2BnG8IgWA1fngHiRe9i%2F8n14Zby9xMmJ5mvgh6%2FLjEbDc%2Ff04Qmvomu6%2BRdiNnsRPLaxLCCHpIbqtMBxIuKKpOUnuu7saF07KbP6mswDfDqhMWGi1m8VokGCyY%2Brk%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 86555c030af65321-LHR
  • flag-us
    GET
    http://img.leagueskin.net/upload/resize/image__20170420.jpg
    IEXPLORE.EXE
    Remote address:
    172.67.182.236:80
    Request
    GET /upload/resize/image__20170420.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: img.leagueskin.net
    Connection: Keep-Alive
    Cookie: ls_session=4v680t9og7vpievrb38n0rafguhcli8k
    Response
    HTTP/1.1 200 OK
    Date: Sat, 16 Mar 2024 14:16:09 GMT
    Content-Type: image/jpeg
    Content-Length: 14216
    Connection: keep-alive
    Last-Modified: Wed, 19 Apr 2017 22:18:40 GMT
    ETag: "58f7e240-3788"
    Expires: Sun, 14 Apr 2024 22:29:36 GMT
    Cache-Control: public, max-age=2592000, must-revalidate, proxy-revalidate
    Pragma: public
    CF-Cache-Status: HIT
    Age: 56793
    Accept-Ranges: bytes
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6lzEtFQA9isJljRFw5ksBre3BQPP9CjaJ%2FjlM1hXARcQKpUFQZ6yqllALe1X8O5xcskzpZnqFQThHv2uY1l8miYd0DSlsHkgEiEHlf9DmFd7Tq33dI5SyrUjuq9KmiDhwGPLN98%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 86555c030ea4643d-LHR
  • flag-us
    GET
    http://img.leagueskin.net/upload/resize/image__20160608_1.jpg
    IEXPLORE.EXE
    Remote address:
    172.67.182.236:80
    Request
    GET /upload/resize/image__20160608_1.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: img.leagueskin.net
    Connection: Keep-Alive
    Cookie: ls_session=4v680t9og7vpievrb38n0rafguhcli8k
    Response
    HTTP/1.1 200 OK
    Date: Sat, 16 Mar 2024 14:16:09 GMT
    Content-Type: image/jpeg
    Content-Length: 10136
    Connection: keep-alive
    Last-Modified: Wed, 08 Jun 2016 08:18:22 GMT
    ETag: "5757d4ce-2798"
    Expires: Wed, 10 Apr 2024 17:02:22 GMT
    Cache-Control: public, max-age=2592000, must-revalidate, proxy-revalidate
    Pragma: public
    CF-Cache-Status: HIT
    Age: 422027
    Accept-Ranges: bytes
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ddbBbUeccMDRDw2VD4p372jKLTIvsEoFjGCfOnF1QZMJ94mbBbW0CfiMRsrBWXGVeRJ1uW9hJAWH2DFL5Zd%2F2plCoaWEi%2FbVFzgoo6fF0nEQm6NLKUkgzJ%2F6SaqdkV4Qfrj0t20%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 86555c030fed0722-LHR
  • flag-us
    GET
    http://img.leagueskin.net/upload/resize/image__20170314.jpg
    IEXPLORE.EXE
    Remote address:
    172.67.182.236:80
    Request
    GET /upload/resize/image__20170314.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: img.leagueskin.net
    Connection: Keep-Alive
    Cookie: ls_session=4v680t9og7vpievrb38n0rafguhcli8k
    Response
    HTTP/1.1 200 OK
    Date: Sat, 16 Mar 2024 14:16:09 GMT
    Content-Type: image/jpeg
    Content-Length: 15168
    Connection: keep-alive
    Last-Modified: Tue, 14 Mar 2017 10:37:10 GMT
    ETag: "58c7c7d6-3b40"
    Expires: Sun, 31 Mar 2024 06:43:49 GMT
    Cache-Control: public, max-age=2592000, must-revalidate, proxy-revalidate
    Pragma: public
    CF-Cache-Status: HIT
    Age: 1323140
    Accept-Ranges: bytes
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wJTt8mZ39mcvnkQnlRtSwbUN2gPlCumfd4ucmx99Z0U6Bq1WErIFrFoAZUOnz8kZo8zooZNrPedVMusK9JavsDNc0bfZ0BGBapp%2B7mbJcWf0bXJKxyUfgwaQWRZOVwSrPV8c%2F9c%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 86555c030c1a7196-LHR
  • flag-us
    DNS
    widgets.amung.us
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    widgets.amung.us
    IN A
    Response
    widgets.amung.us
    IN A
    172.67.8.141
    widgets.amung.us
    IN A
    104.22.75.171
    widgets.amung.us
    IN A
    104.22.74.171
  • flag-us
    DNS
    embed.widgetpack.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    embed.widgetpack.com
    IN A
    Response
  • flag-us
    GET
    http://widgets.amung.us/classic/00/33.png
    IEXPLORE.EXE
    Remote address:
    172.67.8.141:80
    Request
    GET /classic/00/33.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Connection: Keep-Alive
    Host: widgets.amung.us
    Response
    HTTP/1.1 200 OK
    Date: Sat, 16 Mar 2024 14:16:09 GMT
    Content-Type: image/png
    Content-Length: 1388
    Connection: keep-alive
    last-modified: Sun, 13 Jun 2010 09:03:09 GMT
    etag: "4c149ecd-56c"
    expires: Sun, 17 Mar 2024 10:31:13 GMT
    cache-control: max-age=2678400
    access-control-allow-origin: *
    CF-Cache-Status: HIT
    Age: 13496
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 86555c04cf170656-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    GET
    http://widgets.amung.us/classic/00/26.png
    IEXPLORE.EXE
    Remote address:
    172.67.8.141:80
    Request
    GET /classic/00/26.png HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Connection: Keep-Alive
    Host: widgets.amung.us
    Response
    HTTP/1.1 200 OK
    Date: Sat, 16 Mar 2024 14:16:10 GMT
    Content-Type: image/png
    Content-Length: 1499
    Connection: keep-alive
    last-modified: Sun, 13 Jun 2010 09:03:09 GMT
    etag: "4c149ecd-5db"
    expires: Sun, 17 Mar 2024 14:16:09 GMT
    cache-control: max-age=2678400
    access-control-allow-origin: *
    CF-Cache-Status: MISS
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Server: cloudflare
    CF-RAY: 86555c059ff00656-LHR
    alt-svc: h3=":443"; ma=86400
  • flag-us
    DNS
    googleads.g.doubleclick.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    googleads.g.doubleclick.net
    IN A
    Response
    googleads.g.doubleclick.net
    IN A
    142.250.200.34
  • flag-gb
    GET
    https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2686630533834406&output=html&h=280&slotname=3338105376&adk=3777204485&adf=2289084161&pi=t.ma~as.3338105376&w=617&fwrn=4&fwrnh=100&lmt=1710598570&rafmt=1&format=617x280&url=http%3A%2F%2Fleagueskin.net%2Fp%2Fmake-cover-facebook-style-league-of-legends-chn&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1710598569423&bpp=2&bdt=700&idt=1052&shv=r20240313&mjsv=m202403140101&ptt=9&saldr=aa&abxe=1&prev_fmts=617x90&correlator=7759368785907&frm=20&pv=1&ga_vid=437716039.1710598570&ga_sid=1710598570&ga_hid=366154949&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=101&ady=808&biw=1142&bih=543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C95327951%2C95327955%2C31081902%2C31081718%2C95325785&oid=2&pvsid=737210755384549&tmod=1328044794&nvt=1&fc=1920&docm=11&brdim=44%2C98%2C36%2C36%2C1280%2C%2C1158%2C613%2C1142%2C543&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=1&bz=1.01&ifi=3&uci=a!3&btvi=1&dtd=1070
    IEXPLORE.EXE
    Remote address:
    142.250.200.34:443
    Request
    GET /pagead/ads?client=ca-pub-2686630533834406&output=html&h=280&slotname=3338105376&adk=3777204485&adf=2289084161&pi=t.ma~as.3338105376&w=617&fwrn=4&fwrnh=100&lmt=1710598570&rafmt=1&format=617x280&url=http%3A%2F%2Fleagueskin.net%2Fp%2Fmake-cover-facebook-style-league-of-legends-chn&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1710598569423&bpp=2&bdt=700&idt=1052&shv=r20240313&mjsv=m202403140101&ptt=9&saldr=aa&abxe=1&prev_fmts=617x90&correlator=7759368785907&frm=20&pv=1&ga_vid=437716039.1710598570&ga_sid=1710598570&ga_hid=366154949&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=101&ady=808&biw=1142&bih=543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C95327951%2C95327955%2C31081902%2C31081718%2C95325785&oid=2&pvsid=737210755384549&tmod=1328044794&nvt=1&fc=1920&docm=11&brdim=44%2C98%2C36%2C36%2C1280%2C%2C1158%2C613%2C1142%2C543&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=1&bz=1.01&ifi=3&uci=a!3&btvi=1&dtd=1070 HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: googleads.g.doubleclick.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Observe-Browsing-Topics: ?1
    Content-Type: text/html; charset=UTF-8
    X-Content-Type-Options: nosniff
    Content-Encoding: gzip
    Date: Sat, 16 Mar 2024 14:16:12 GMT
    Server: cafe
    Cache-Control: private
    X-XSS-Protection: 0
    Set-Cookie: test_cookie=CheckForPermission; expires=Sat, 16-Mar-2024 14:31:11 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Expires: Sat, 16 Mar 2024 14:16:12 GMT
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
    IEXPLORE.EXE
    Remote address:
    142.250.200.34:443
    Request
    GET /pagead/drt/si?st=NO_DATA HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: googleads.g.doubleclick.net
    Connection: Keep-Alive
    Cookie: IDE=AHWqTUnnmz6YXxUCp9Nr6XWOYu1WtCHnbIUsyzjUV-VYXldvPd99G-eLOSEOrkBnId4
    Response
    HTTP/1.1 200 OK
    Cross-Origin-Resource-Policy: cross-origin
    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
    Content-Type: text/html; charset=UTF-8
    X-Content-Type-Options: nosniff
    Date: Sat, 16 Mar 2024 14:16:13 GMT
    Server: cafe
    Content-Length: 0
    X-XSS-Protection: 0
    Set-Cookie: DSID=NO_DATA; expires=Sat, 16-Mar-2024 15:16:13 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Expires: Sat, 16 Mar 2024 14:16:13 GMT
    Cache-Control: private
  • flag-gb
    GET
    https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2686630533834406&output=html&h=90&slotname=2651854175&adk=24163497&adf=315909458&pi=t.ma~as.2651854175&w=617&lmt=1710598570&rafmt=12&format=617x90&url=http%3A%2F%2Fleagueskin.net%2Fp%2Fmake-cover-facebook-style-league-of-legends-chn&wgl=1&dt=1710598569421&bpp=2&bdt=706&idt=1004&shv=r20240313&mjsv=m202403140101&ptt=9&saldr=aa&abxe=1&correlator=7759368785907&frm=20&pv=2&ga_vid=437716039.1710598570&ga_sid=1710598570&ga_hid=366154949&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=101&ady=268&biw=1142&bih=543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C95327951%2C95327955%2C31081902%2C31081718%2C95325785&oid=2&pvsid=737210755384549&tmod=1328044794&nvt=1&fc=1920&docm=11&brdim=44%2C98%2C36%2C36%2C1280%2C%2C1158%2C613%2C1142%2C543&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=256&bc=1&bz=1.01&ifi=2&uci=a!2&dtd=1047
    IEXPLORE.EXE
    Remote address:
    142.250.200.34:443
    Request
    GET /pagead/ads?client=ca-pub-2686630533834406&output=html&h=90&slotname=2651854175&adk=24163497&adf=315909458&pi=t.ma~as.2651854175&w=617&lmt=1710598570&rafmt=12&format=617x90&url=http%3A%2F%2Fleagueskin.net%2Fp%2Fmake-cover-facebook-style-league-of-legends-chn&wgl=1&dt=1710598569421&bpp=2&bdt=706&idt=1004&shv=r20240313&mjsv=m202403140101&ptt=9&saldr=aa&abxe=1&correlator=7759368785907&frm=20&pv=2&ga_vid=437716039.1710598570&ga_sid=1710598570&ga_hid=366154949&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=101&ady=268&biw=1142&bih=543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C95327951%2C95327955%2C31081902%2C31081718%2C95325785&oid=2&pvsid=737210755384549&tmod=1328044794&nvt=1&fc=1920&docm=11&brdim=44%2C98%2C36%2C36%2C1280%2C%2C1158%2C613%2C1142%2C543&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=256&bc=1&bz=1.01&ifi=2&uci=a!2&dtd=1047 HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: googleads.g.doubleclick.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Observe-Browsing-Topics: ?1
    Content-Type: text/html; charset=UTF-8
    X-Content-Type-Options: nosniff
    Content-Encoding: gzip
    Date: Sat, 16 Mar 2024 14:16:12 GMT
    Server: cafe
    Cache-Control: private
    X-XSS-Protection: 0
    Set-Cookie: test_cookie=CheckForPermission; expires=Sat, 16-Mar-2024 14:31:11 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Expires: Sat, 16 Mar 2024 14:16:12 GMT
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://googleads.g.doubleclick.net/pagead/adview?ai=CnU-3q6n1ZZPZKZKRtOUPgNG9yAvYnPqWdq3QisSUEuOl4J-uAhABIOzbuSpgyQagAcm6_-woyAEBqQKcyG1tk0SyPqgDAcgDywSqBIUCT9DCyvCNDhOZpqpvN6ciGQ2-YSBqOu47DpwB9Qp4Z1sIaq-5Z-lzEX7kmnv7BTIjUkwxt8RJfRj7dY1Lb7-4AkbQnk6okWtlxIUZ72ztHBVQNY1LHIE2crvLyUrCChY2ZiClBzM7l2qlwPt8Q7t74F9xSh6s7GMDuLA4qoRfrl_9FsaPGhtCXEqedb3hvy_7HKYfVVbWEj_ykHZTf_pdikbIsaPggUhAeUKbsh0rQB1GSEIIupoNyztRoMoGdh7rHaF8tRIa9MEd7ecECkryWqkfpEd6JF5qlZgoux-gSnBhJSnFxKVTj9BiAUDAdvoQ4CAVbuzlXYGa10Oj9G_DDtid1WrkwATZ76TJxASIBcTmhYxOkgUECAQYAZIFBAgFGASAB8nyz8wDqAfZtrECqAevvrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQLYBwHyBwQQoq4h0ggkCIBhEAEYHzICigI6CYBAgMCAgICgKEi9_cE6WO2S26H8-IQDmgkbaHR0cHM6Ly90ZW1wb3NlYXJjaC5jb20vZHNygAoByAsB2gwRCgsQwI6a8KbMu8vhARICAQPYEwzQFQGYFgGAFwGyFxwKGggAEhRwdWItMjY4NjYzMDUzMzgzNDQwNhgAshgJEgKxXxgBIgEA&sigh=BQX6gHCCSlc&uach_m=%5BUACH%5D&ase=2&cid=CAQSTgB7FLtq1XuqCKGv7bQ-LgQneVcyvyay0XFbr2XwfDhi5RoT2_UA9sDy2WnYGDwQZTmZj4B2Ci8p-mttsbARDmRfcS-Wrsdu8o7a6Wa4eBgB&cbvp=2&vis=1&nis=5
    IEXPLORE.EXE
    Remote address:
    142.250.200.34:443
    Request
    GET /pagead/adview?ai=CnU-3q6n1ZZPZKZKRtOUPgNG9yAvYnPqWdq3QisSUEuOl4J-uAhABIOzbuSpgyQagAcm6_-woyAEBqQKcyG1tk0SyPqgDAcgDywSqBIUCT9DCyvCNDhOZpqpvN6ciGQ2-YSBqOu47DpwB9Qp4Z1sIaq-5Z-lzEX7kmnv7BTIjUkwxt8RJfRj7dY1Lb7-4AkbQnk6okWtlxIUZ72ztHBVQNY1LHIE2crvLyUrCChY2ZiClBzM7l2qlwPt8Q7t74F9xSh6s7GMDuLA4qoRfrl_9FsaPGhtCXEqedb3hvy_7HKYfVVbWEj_ykHZTf_pdikbIsaPggUhAeUKbsh0rQB1GSEIIupoNyztRoMoGdh7rHaF8tRIa9MEd7ecECkryWqkfpEd6JF5qlZgoux-gSnBhJSnFxKVTj9BiAUDAdvoQ4CAVbuzlXYGa10Oj9G_DDtid1WrkwATZ76TJxASIBcTmhYxOkgUECAQYAZIFBAgFGASAB8nyz8wDqAfZtrECqAevvrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQLYBwHyBwQQoq4h0ggkCIBhEAEYHzICigI6CYBAgMCAgICgKEi9_cE6WO2S26H8-IQDmgkbaHR0cHM6Ly90ZW1wb3NlYXJjaC5jb20vZHNygAoByAsB2gwRCgsQwI6a8KbMu8vhARICAQPYEwzQFQGYFgGAFwGyFxwKGggAEhRwdWItMjY4NjYzMDUzMzgzNDQwNhgAshgJEgKxXxgBIgEA&sigh=BQX6gHCCSlc&uach_m=%5BUACH%5D&ase=2&cid=CAQSTgB7FLtq1XuqCKGv7bQ-LgQneVcyvyay0XFbr2XwfDhi5RoT2_UA9sDy2WnYGDwQZTmZj4B2Ci8p-mttsbARDmRfcS-Wrsdu8o7a6Wa4eBgB&cbvp=2&vis=1&nis=5 HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2686630533834406&output=html&h=280&slotname=3338105376&adk=3777204485&adf=2289084161&pi=t.ma~as.3338105376&w=617&fwrn=4&fwrnh=100&lmt=1710598570&rafmt=1&format=617x280&url=http%3A%2F%2Fleagueskin.net%2Fp%2Fmake-cover-facebook-style-league-of-legends-chn&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1710598569423&bpp=2&bdt=700&idt=1052&shv=r20240313&mjsv=m202403140101&ptt=9&saldr=aa&abxe=1&prev_fmts=617x90&correlator=7759368785907&frm=20&pv=1&ga_vid=437716039.1710598570&ga_sid=1710598570&ga_hid=366154949&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=101&ady=808&biw=1142&bih=543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C95327951%2C95327955%2C31081902%2C31081718%2C95325785&oid=2&pvsid=737210755384549&tmod=1328044794&nvt=1&fc=1920&docm=11&brdim=44%2C98%2C36%2C36%2C1280%2C%2C1158%2C613%2C1142%2C543&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=1&bz=1.01&ifi=3&uci=a!3&btvi=1&dtd=1070
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: googleads.g.doubleclick.net
    Connection: Keep-Alive
    Cookie: test_cookie=CheckForPermission
    Response
    HTTP/1.1 200 OK
    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Content-Security-Policy: script-src 'none'; object-src 'none'
    Access-Control-Allow-Origin: *
    Access-Control-Allow-Credentials: true
    Content-Type: text/html; charset=UTF-8
    X-Content-Type-Options: nosniff
    Date: Sat, 16 Mar 2024 14:16:13 GMT
    Server: cafe
    Content-Length: 0
    X-XSS-Protection: 0
    Set-Cookie: IDE=AHWqTUnnmz6YXxUCp9Nr6XWOYu1WtCHnbIUsyzjUV-VYXldvPd99G-eLOSEOrkBnId4; expires=Mon, 16-Mar-2026 14:16:13 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
    Set-Cookie: test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Expires: Sat, 16 Mar 2024 14:16:13 GMT
    Cache-Control: private
  • flag-gb
    GET
    https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
    IEXPLORE.EXE
    Remote address:
    142.250.200.34:443
    Request
    GET /pagead/drt/si?st=NO_DATA HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: googleads.g.doubleclick.net
    Connection: Keep-Alive
    Cookie: IDE=AHWqTUnnmz6YXxUCp9Nr6XWOYu1WtCHnbIUsyzjUV-VYXldvPd99G-eLOSEOrkBnId4
    Response
    HTTP/1.1 200 OK
    Cross-Origin-Resource-Policy: cross-origin
    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
    Content-Type: text/html; charset=UTF-8
    X-Content-Type-Options: nosniff
    Date: Sat, 16 Mar 2024 14:16:13 GMT
    Server: cafe
    Content-Length: 0
    X-XSS-Protection: 0
    Set-Cookie: DSID=NO_DATA; expires=Sat, 16-Mar-2024 15:16:13 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Expires: Sat, 16 Mar 2024 14:16:13 GMT
    Cache-Control: private
  • flag-gb
    GET
    https://googleads.g.doubleclick.net/pagead/adview?ai=CzvdKq6n1ZdGlGbqqtOUPjcOWOPSDoLB28NfemdUSsciQ2-cNEAEg7Nu5KmDJBqABwfzC4CjIAQGpApzIbW2TRLI-qAMByAPLBKoEhQJP0HMW3CgU3Dp3lSqI7mL9_gKY0Nb0ijBpWEmtLCunjL1-v2Knk6fSHLdwh4aGd4CSHaEXSw3vaEqWpTT-DIxqXPFH-oOpCQNHIEYNlO36X3fGOZ2RRmr8PjrpllxwPMM4T8R1mj_PTRH3DzvnREQ8RknIhMm0Dy1G_13TlI5ySJXiJUGLnQWmavxDQnCEm2YdAfFt8SS3N5H0Pw2eOtuqMcBONINpSsfvUn5_gobMpGrZ2fv7lfgtbgLkJ2f-I_nUVG7cMesJY17GxVtj3Z8sxkCMMG1EUuiXsZ73lRKgzpCKPrVBYwtXQLvy6XpaPdWEjzTEMYpXFPHiv3L1Tm-ZYw-5CUvABITTprfXBIgF4rbmtk6SBQQIBBgBkgUECAUYBIAHwbSTwAOoB9m2sQKoB6--sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAtgHAfIHBBCJ2knSCCQIgGEQARgfMgKKAjoJgECAwICAgKAoSL39wTpYtd3Kofz4hAOaCRtodHRwczovL3RlbXBvc2VhcmNoLmNvbS9kc3KACgHICwHaDBAKChDwvczLufXhqAkSAgED2BMM0BUBgBcBshccChoIABIUcHViLTI2ODY2MzA1MzM4MzQ0MDYYALIYCRICi1QYASIBAA&sigh=hT5DKrXPg_U&uach_m=%5BUACH%5D&ase=2&cid=CAQSTgB7FLtqn0wpGoY37Tvcgqr3SLkkKP9e9XoVfy0J2NCakWqUJe9ERG0OL2POBhrAKzLU1kbjfpGrrY1Pv-zjdwv0S78rKBcMyT8jGp0JwxgB&template_id=5007&cbvp=2&vis=1&nis=5
    IEXPLORE.EXE
    Remote address:
    142.250.200.34:443
    Request
    GET /pagead/adview?ai=CzvdKq6n1ZdGlGbqqtOUPjcOWOPSDoLB28NfemdUSsciQ2-cNEAEg7Nu5KmDJBqABwfzC4CjIAQGpApzIbW2TRLI-qAMByAPLBKoEhQJP0HMW3CgU3Dp3lSqI7mL9_gKY0Nb0ijBpWEmtLCunjL1-v2Knk6fSHLdwh4aGd4CSHaEXSw3vaEqWpTT-DIxqXPFH-oOpCQNHIEYNlO36X3fGOZ2RRmr8PjrpllxwPMM4T8R1mj_PTRH3DzvnREQ8RknIhMm0Dy1G_13TlI5ySJXiJUGLnQWmavxDQnCEm2YdAfFt8SS3N5H0Pw2eOtuqMcBONINpSsfvUn5_gobMpGrZ2fv7lfgtbgLkJ2f-I_nUVG7cMesJY17GxVtj3Z8sxkCMMG1EUuiXsZ73lRKgzpCKPrVBYwtXQLvy6XpaPdWEjzTEMYpXFPHiv3L1Tm-ZYw-5CUvABITTprfXBIgF4rbmtk6SBQQIBBgBkgUECAUYBIAHwbSTwAOoB9m2sQKoB6--sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAtgHAfIHBBCJ2knSCCQIgGEQARgfMgKKAjoJgECAwICAgKAoSL39wTpYtd3Kofz4hAOaCRtodHRwczovL3RlbXBvc2VhcmNoLmNvbS9kc3KACgHICwHaDBAKChDwvczLufXhqAkSAgED2BMM0BUBgBcBshccChoIABIUcHViLTI2ODY2MzA1MzM4MzQ0MDYYALIYCRICi1QYASIBAA&sigh=hT5DKrXPg_U&uach_m=%5BUACH%5D&ase=2&cid=CAQSTgB7FLtqn0wpGoY37Tvcgqr3SLkkKP9e9XoVfy0J2NCakWqUJe9ERG0OL2POBhrAKzLU1kbjfpGrrY1Pv-zjdwv0S78rKBcMyT8jGp0JwxgB&template_id=5007&cbvp=2&vis=1&nis=5 HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2686630533834406&output=html&h=250&slotname=3338105376&adk=3020251315&adf=3177354834&pi=t.ma~as.3338105376&w=293&fwrn=4&fwrnh=100&lmt=1710598570&rafmt=1&format=293x250&url=http%3A%2F%2Fleagueskin.net%2Fp%2Fmake-cover-facebook-style-league-of-legends-chn&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1710598569426&bpp=1&bdt=701&idt=1122&shv=r20240313&mjsv=m202403140101&ptt=9&saldr=aa&abxe=1&prev_fmts=617x90%2C617x280%2C300x250&correlator=7759368785907&frm=20&pv=1&ga_vid=437716039.1710598570&ga_sid=1710598570&ga_hid=366154949&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=748&ady=70&biw=1142&bih=543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C95327951%2C95327955%2C31081902%2C31081718%2C95325785&oid=2&pvsid=737210755384549&tmod=1328044794&nvt=1&fc=1920&docm=11&brdim=44%2C98%2C36%2C36%2C1280%2C%2C1158%2C613%2C1142%2C543&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=1&bz=1.01&ifi=5&uci=a!5&dtd=1134
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: googleads.g.doubleclick.net
    Connection: Keep-Alive
    Cookie: IDE=AHWqTUnnmz6YXxUCp9Nr6XWOYu1WtCHnbIUsyzjUV-VYXldvPd99G-eLOSEOrkBnId4; DSID=NO_DATA
    Response
    HTTP/1.1 200 OK
    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Content-Security-Policy: script-src 'none'; object-src 'none'
    Access-Control-Allow-Origin: *
    Access-Control-Allow-Credentials: true
    Content-Type: text/html; charset=UTF-8
    X-Content-Type-Options: nosniff
    Date: Sat, 16 Mar 2024 14:16:13 GMT
    Server: cafe
    Content-Length: 0
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2686630533834406&output=html&h=250&slotname=8419186174&adk=3095244736&adf=1235099329&pi=t.ma~as.8419186174&w=300&lmt=1710598570&format=300x250&url=http%3A%2F%2Fleagueskin.net%2Fp%2Fmake-cover-facebook-style-league-of-legends-chn&wgl=1&dt=1710598569425&bpp=1&bdt=700&idt=1108&shv=r20240313&mjsv=m202403140101&ptt=9&saldr=aa&abxe=1&prev_fmts=617x90%2C617x280&correlator=7759368785907&frm=20&pv=1&ga_vid=437716039.1710598570&ga_sid=1710598570&ga_hid=366154949&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=259&ady=1311&biw=1142&bih=543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C95327951%2C95327955%2C31081902%2C31081718%2C95325785&oid=2&pvsid=737210755384549&tmod=1328044794&nvt=1&fc=1920&docm=11&brdim=44%2C98%2C36%2C36%2C1280%2C%2C1158%2C613%2C1142%2C543&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=1&bz=1.01&ifi=4&uci=a!4&btvi=2&dtd=1120
    IEXPLORE.EXE
    Remote address:
    142.250.200.34:443
    Request
    GET /pagead/ads?client=ca-pub-2686630533834406&output=html&h=250&slotname=8419186174&adk=3095244736&adf=1235099329&pi=t.ma~as.8419186174&w=300&lmt=1710598570&format=300x250&url=http%3A%2F%2Fleagueskin.net%2Fp%2Fmake-cover-facebook-style-league-of-legends-chn&wgl=1&dt=1710598569425&bpp=1&bdt=700&idt=1108&shv=r20240313&mjsv=m202403140101&ptt=9&saldr=aa&abxe=1&prev_fmts=617x90%2C617x280&correlator=7759368785907&frm=20&pv=1&ga_vid=437716039.1710598570&ga_sid=1710598570&ga_hid=366154949&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=259&ady=1311&biw=1142&bih=543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C95327951%2C95327955%2C31081902%2C31081718%2C95325785&oid=2&pvsid=737210755384549&tmod=1328044794&nvt=1&fc=1920&docm=11&brdim=44%2C98%2C36%2C36%2C1280%2C%2C1158%2C613%2C1142%2C543&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=1&bz=1.01&ifi=4&uci=a!4&btvi=2&dtd=1120 HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: googleads.g.doubleclick.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Observe-Browsing-Topics: ?1
    Content-Type: text/html; charset=UTF-8
    X-Content-Type-Options: nosniff
    Content-Encoding: gzip
    Date: Sat, 16 Mar 2024 14:16:11 GMT
    Server: cafe
    Cache-Control: private
    X-XSS-Protection: 0
    Set-Cookie: test_cookie=CheckForPermission; expires=Sat, 16-Mar-2024 14:31:11 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Expires: Sat, 16 Mar 2024 14:16:11 GMT
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
    IEXPLORE.EXE
    Remote address:
    142.250.200.34:443
    Request
    GET /pagead/drt/s?v=r20120211 HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2686630533834406&output=html&h=250&slotname=8419186174&adk=3095244736&adf=1235099329&pi=t.ma~as.8419186174&w=300&lmt=1710598570&format=300x250&url=http%3A%2F%2Fleagueskin.net%2Fp%2Fmake-cover-facebook-style-league-of-legends-chn&wgl=1&dt=1710598569425&bpp=1&bdt=700&idt=1108&shv=r20240313&mjsv=m202403140101&ptt=9&saldr=aa&abxe=1&prev_fmts=617x90%2C617x280&correlator=7759368785907&frm=20&pv=1&ga_vid=437716039.1710598570&ga_sid=1710598570&ga_hid=366154949&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=259&ady=1311&biw=1142&bih=543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C95327951%2C95327955%2C31081902%2C31081718%2C95325785&oid=2&pvsid=737210755384549&tmod=1328044794&nvt=1&fc=1920&docm=11&brdim=44%2C98%2C36%2C36%2C1280%2C%2C1158%2C613%2C1142%2C543&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=1&bz=1.01&ifi=4&uci=a!4&btvi=2&dtd=1120
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: googleads.g.doubleclick.net
    Connection: Keep-Alive
    Cookie: test_cookie=CheckForPermission
    Response
    HTTP/1.1 200 OK
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    X-Content-Type-Options: nosniff
    Content-Encoding: gzip
    Server: cafe
    Content-Length: 145
    X-XSS-Protection: 0
    Date: Sat, 16 Mar 2024 13:53:17 GMT
    Cache-Control: public, max-age=3600
    Content-Type: text/html; charset=UTF-8
    Age: 1375
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
    IEXPLORE.EXE
    Remote address:
    142.250.200.34:443
    Request
    GET /pagead/drt/si?st=NO_DATA HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: googleads.g.doubleclick.net
    Connection: Keep-Alive
    Cookie: IDE=AHWqTUnnmz6YXxUCp9Nr6XWOYu1WtCHnbIUsyzjUV-VYXldvPd99G-eLOSEOrkBnId4
    Response
    HTTP/1.1 200 OK
    Cross-Origin-Resource-Policy: cross-origin
    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
    Content-Type: text/html; charset=UTF-8
    X-Content-Type-Options: nosniff
    Date: Sat, 16 Mar 2024 14:16:13 GMT
    Server: cafe
    Content-Length: 0
    X-XSS-Protection: 0
    Set-Cookie: DSID=NO_DATA; expires=Sat, 16-Mar-2024 15:16:13 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Expires: Sat, 16 Mar 2024 14:16:13 GMT
    Cache-Control: private
  • flag-gb
    GET
    https://googleads.g.doubleclick.net/pagead/adview?ai=Chedjq6n1ZbSdF9GhtOUP_dSRwAWQ1vemdqyJirrsEZf94IeSDhABIOzbuSpgyQagAZ67g_spyAEBqQKcyG1tk0SyPqgDAcgDywSqBIUCT9BQMdozDPUSdE4qrgvJGxSReo6-ttZEiau9EFpceyWZKOI-VRK2eSeXryjoVAl778z-aOjccQ9-3NcRvnctRWgPhTEsWwIXOJur1qZzEoj3_caNmL8ppvLBwuLvqLEVveKfhyJTDPBVRnUWG50WOic2Ex-Jm6RiVNg6P4COccCPDTvkyxqbPFNgcT_DAcT-hDKOSmRJADeCRx08InIPVN8jb9ZXBjTlRrzl8LDE3rV393ybuINthkWv24d2nbbhfrq8d-6hZF6lxOWSMvJsmC_0zST-Q1nxaOX5PNnmXNiybfHYSgCFDopbS4DT2pWpfZo3Fs_PXK8mr-fXZUn55pCSPDsIwAT82paP3QSIBfSUtO5NkgUECAQYAZIFBAgFGASAB57z09oEqAfZtrECqAevvrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQLYBwHyBwQQkacR0ggkCIBhEAEYHzICigI6CYBAgMCAgICgKEi9_cE6WPS-yKH8-IQDmgkbaHR0cHM6Ly90ZW1wb3NlYXJjaC5jb20vZHNygAoByAsB2gwRCgsQgPHPi8qx37CVARICAQPYEwzQFQGAFwGyFxwKGggAEhRwdWItMjY4NjYzMDUzMzgzNDQwNhgAshgFGAEiAQA&sigh=VusWyA4BuB0&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwB7FLtqtghzhU9_EJbqE-Xyn8AfyqSPUONsQb02vwPFjKtHC5nLYFSmeynaxmw4HPnyrGGpNVC7ubjmotoINAUs0JW7fvcYtChGdHt7DzcYAQ&template_id=5028&cbvp=2&vis=1&nis=5
    IEXPLORE.EXE
    Remote address:
    142.250.200.34:443
    Request
    GET /pagead/adview?ai=Chedjq6n1ZbSdF9GhtOUP_dSRwAWQ1vemdqyJirrsEZf94IeSDhABIOzbuSpgyQagAZ67g_spyAEBqQKcyG1tk0SyPqgDAcgDywSqBIUCT9BQMdozDPUSdE4qrgvJGxSReo6-ttZEiau9EFpceyWZKOI-VRK2eSeXryjoVAl778z-aOjccQ9-3NcRvnctRWgPhTEsWwIXOJur1qZzEoj3_caNmL8ppvLBwuLvqLEVveKfhyJTDPBVRnUWG50WOic2Ex-Jm6RiVNg6P4COccCPDTvkyxqbPFNgcT_DAcT-hDKOSmRJADeCRx08InIPVN8jb9ZXBjTlRrzl8LDE3rV393ybuINthkWv24d2nbbhfrq8d-6hZF6lxOWSMvJsmC_0zST-Q1nxaOX5PNnmXNiybfHYSgCFDopbS4DT2pWpfZo3Fs_PXK8mr-fXZUn55pCSPDsIwAT82paP3QSIBfSUtO5NkgUECAQYAZIFBAgFGASAB57z09oEqAfZtrECqAevvrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQLYBwHyBwQQkacR0ggkCIBhEAEYHzICigI6CYBAgMCAgICgKEi9_cE6WPS-yKH8-IQDmgkbaHR0cHM6Ly90ZW1wb3NlYXJjaC5jb20vZHNygAoByAsB2gwRCgsQgPHPi8qx37CVARICAQPYEwzQFQGAFwGyFxwKGggAEhRwdWItMjY4NjYzMDUzMzgzNDQwNhgAshgFGAEiAQA&sigh=VusWyA4BuB0&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwB7FLtqtghzhU9_EJbqE-Xyn8AfyqSPUONsQb02vwPFjKtHC5nLYFSmeynaxmw4HPnyrGGpNVC7ubjmotoINAUs0JW7fvcYtChGdHt7DzcYAQ&template_id=5028&cbvp=2&vis=1&nis=5 HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2686630533834406&output=html&h=250&slotname=8419186174&adk=3095244736&adf=1235099329&pi=t.ma~as.8419186174&w=300&lmt=1710598570&format=300x250&url=http%3A%2F%2Fleagueskin.net%2Fp%2Fmake-cover-facebook-style-league-of-legends-chn&wgl=1&dt=1710598569425&bpp=1&bdt=700&idt=1108&shv=r20240313&mjsv=m202403140101&ptt=9&saldr=aa&abxe=1&prev_fmts=617x90%2C617x280&correlator=7759368785907&frm=20&pv=1&ga_vid=437716039.1710598570&ga_sid=1710598570&ga_hid=366154949&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=259&ady=1311&biw=1142&bih=543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C95327951%2C95327955%2C31081902%2C31081718%2C95325785&oid=2&pvsid=737210755384549&tmod=1328044794&nvt=1&fc=1920&docm=11&brdim=44%2C98%2C36%2C36%2C1280%2C%2C1158%2C613%2C1142%2C543&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=1&bz=1.01&ifi=4&uci=a!4&btvi=2&dtd=1120
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: googleads.g.doubleclick.net
    Connection: Keep-Alive
    Cookie: IDE=AHWqTUnnmz6YXxUCp9Nr6XWOYu1WtCHnbIUsyzjUV-VYXldvPd99G-eLOSEOrkBnId4; DSID=NO_DATA
    Response
    HTTP/1.1 200 OK
    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Content-Security-Policy: script-src 'none'; object-src 'none'
    Access-Control-Allow-Origin: *
    Access-Control-Allow-Credentials: true
    Content-Type: text/html; charset=UTF-8
    X-Content-Type-Options: nosniff
    Date: Sat, 16 Mar 2024 14:16:13 GMT
    Server: cafe
    Content-Length: 0
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2686630533834406&output=html&h=250&slotname=3338105376&adk=3020251315&adf=3177354834&pi=t.ma~as.3338105376&w=293&fwrn=4&fwrnh=100&lmt=1710598570&rafmt=1&format=293x250&url=http%3A%2F%2Fleagueskin.net%2Fp%2Fmake-cover-facebook-style-league-of-legends-chn&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1710598569426&bpp=1&bdt=701&idt=1122&shv=r20240313&mjsv=m202403140101&ptt=9&saldr=aa&abxe=1&prev_fmts=617x90%2C617x280%2C300x250&correlator=7759368785907&frm=20&pv=1&ga_vid=437716039.1710598570&ga_sid=1710598570&ga_hid=366154949&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=748&ady=70&biw=1142&bih=543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C95327951%2C95327955%2C31081902%2C31081718%2C95325785&oid=2&pvsid=737210755384549&tmod=1328044794&nvt=1&fc=1920&docm=11&brdim=44%2C98%2C36%2C36%2C1280%2C%2C1158%2C613%2C1142%2C543&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=1&bz=1.01&ifi=5&uci=a!5&dtd=1134
    IEXPLORE.EXE
    Remote address:
    142.250.200.34:443
    Request
    GET /pagead/ads?client=ca-pub-2686630533834406&output=html&h=250&slotname=3338105376&adk=3020251315&adf=3177354834&pi=t.ma~as.3338105376&w=293&fwrn=4&fwrnh=100&lmt=1710598570&rafmt=1&format=293x250&url=http%3A%2F%2Fleagueskin.net%2Fp%2Fmake-cover-facebook-style-league-of-legends-chn&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1710598569426&bpp=1&bdt=701&idt=1122&shv=r20240313&mjsv=m202403140101&ptt=9&saldr=aa&abxe=1&prev_fmts=617x90%2C617x280%2C300x250&correlator=7759368785907&frm=20&pv=1&ga_vid=437716039.1710598570&ga_sid=1710598570&ga_hid=366154949&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=748&ady=70&biw=1142&bih=543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C95327951%2C95327955%2C31081902%2C31081718%2C95325785&oid=2&pvsid=737210755384549&tmod=1328044794&nvt=1&fc=1920&docm=11&brdim=44%2C98%2C36%2C36%2C1280%2C%2C1158%2C613%2C1142%2C543&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=1&bz=1.01&ifi=5&uci=a!5&dtd=1134 HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: googleads.g.doubleclick.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Observe-Browsing-Topics: ?1
    Content-Type: text/html; charset=UTF-8
    X-Content-Type-Options: nosniff
    Content-Encoding: gzip
    Date: Sat, 16 Mar 2024 14:16:12 GMT
    Server: cafe
    Cache-Control: private
    X-XSS-Protection: 0
    Set-Cookie: test_cookie=CheckForPermission; expires=Sat, 16-Mar-2024 14:31:11 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Expires: Sat, 16 Mar 2024 14:16:12 GMT
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
    IEXPLORE.EXE
    Remote address:
    142.250.200.34:443
    Request
    GET /pagead/drt/si?st=NO_DATA HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: googleads.g.doubleclick.net
    Connection: Keep-Alive
    Cookie: IDE=AHWqTUnnmz6YXxUCp9Nr6XWOYu1WtCHnbIUsyzjUV-VYXldvPd99G-eLOSEOrkBnId4
    Response
    HTTP/1.1 200 OK
    Cross-Origin-Resource-Policy: cross-origin
    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
    Content-Type: text/html; charset=UTF-8
    X-Content-Type-Options: nosniff
    Date: Sat, 16 Mar 2024 14:16:13 GMT
    Server: cafe
    Content-Length: 0
    X-XSS-Protection: 0
    Set-Cookie: DSID=NO_DATA; expires=Sat, 16-Mar-2024 15:16:13 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Expires: Sat, 16 Mar 2024 14:16:13 GMT
    Cache-Control: private
  • flag-gb
    GET
    https://googleads.g.doubleclick.net/pagead/adview?ai=CtsqRq6n1ZevKKcSstOUP2JWmwAbYnPqWdq3QisSUEuOl4J-uAhABIOzbuSpgyQagAcm6_-woyAEBqQKcyG1tk0SyPqgDAcgDywSqBIECT9CVofj_r57Tb6C4QctxsF5rZIf0k_fRFW20507QngTDvzHMK1nwjLAJ-tlwZI4uz5WZXGshARl5PTM6GCtt-xx9OR7QFF9M24BqWCdKK5qsn9uS_jtiv3N4qBFiMcx_j2WOA5QOHa536nCBkAdd2efp7KEX7YguWMBTTLbF99v_JXrU3a_7gxP4s9uDXRz-5SNKU8T_nypXBM-xlqxBj-G81wrOzpcOY6o4liJIkxxsX2Gjlfgv6SKA6dCqQiCsHxQCNYdVDbCk7J9GKt_SUaYD_affxco89MAT3QMi8HMl9p1seBzIYq9XovWPNHRyuEklOId79Ll0pW5uSX3NbDzABNnvpMnEBIgFxOaFjE6SBQQIBBgBkgUECAUYBIAHyfLPzAOoB9m2sQKoB6--sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAtgHAfIHBRD3rusB0ggkCIBhEAEYHzICigI6CYBAgMCAgICgKEi9_cE6WOCC26H8-IQDmgkbaHR0cHM6Ly90ZW1wb3NlYXJjaC5jb20vZHNygAoByAsB2gwQCgoQsLzv2KXWmsdzEgIBA9gTDNAVAZgWAYAXAbIXHAoaCAASFHB1Yi0yNjg2NjMwNTMzODM0NDA2GACyGAkSArFfGAEiAQA&sigh=mbKgzF1L6Lg&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwB7FLtqb47ACqRLrTdToqggwLbnpGvpkI3M87iS9FVB7cZG7m66yicLe7rAdMC4sHpeC6Si1pvgc5oA3Z8LFycufLeLyIMsOSYDPUJsGfsYAQ&cbvp=2&vis=1&nis=5
    IEXPLORE.EXE
    Remote address:
    142.250.200.34:443
    Request
    GET /pagead/adview?ai=CtsqRq6n1ZevKKcSstOUP2JWmwAbYnPqWdq3QisSUEuOl4J-uAhABIOzbuSpgyQagAcm6_-woyAEBqQKcyG1tk0SyPqgDAcgDywSqBIECT9CVofj_r57Tb6C4QctxsF5rZIf0k_fRFW20507QngTDvzHMK1nwjLAJ-tlwZI4uz5WZXGshARl5PTM6GCtt-xx9OR7QFF9M24BqWCdKK5qsn9uS_jtiv3N4qBFiMcx_j2WOA5QOHa536nCBkAdd2efp7KEX7YguWMBTTLbF99v_JXrU3a_7gxP4s9uDXRz-5SNKU8T_nypXBM-xlqxBj-G81wrOzpcOY6o4liJIkxxsX2Gjlfgv6SKA6dCqQiCsHxQCNYdVDbCk7J9GKt_SUaYD_affxco89MAT3QMi8HMl9p1seBzIYq9XovWPNHRyuEklOId79Ll0pW5uSX3NbDzABNnvpMnEBIgFxOaFjE6SBQQIBBgBkgUECAUYBIAHyfLPzAOoB9m2sQKoB6--sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAtgHAfIHBRD3rusB0ggkCIBhEAEYHzICigI6CYBAgMCAgICgKEi9_cE6WOCC26H8-IQDmgkbaHR0cHM6Ly90ZW1wb3NlYXJjaC5jb20vZHNygAoByAsB2gwQCgoQsLzv2KXWmsdzEgIBA9gTDNAVAZgWAYAXAbIXHAoaCAASFHB1Yi0yNjg2NjMwNTMzODM0NDA2GACyGAkSArFfGAEiAQA&sigh=mbKgzF1L6Lg&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwB7FLtqb47ACqRLrTdToqggwLbnpGvpkI3M87iS9FVB7cZG7m66yicLe7rAdMC4sHpeC6Si1pvgc5oA3Z8LFycufLeLyIMsOSYDPUJsGfsYAQ&cbvp=2&vis=1&nis=5 HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2686630533834406&output=html&h=90&slotname=2651854175&adk=24163497&adf=315909458&pi=t.ma~as.2651854175&w=617&lmt=1710598570&rafmt=12&format=617x90&url=http%3A%2F%2Fleagueskin.net%2Fp%2Fmake-cover-facebook-style-league-of-legends-chn&wgl=1&dt=1710598569421&bpp=2&bdt=706&idt=1004&shv=r20240313&mjsv=m202403140101&ptt=9&saldr=aa&abxe=1&correlator=7759368785907&frm=20&pv=2&ga_vid=437716039.1710598570&ga_sid=1710598570&ga_hid=366154949&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=101&ady=268&biw=1142&bih=543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C95327951%2C95327955%2C31081902%2C31081718%2C95325785&oid=2&pvsid=737210755384549&tmod=1328044794&nvt=1&fc=1920&docm=11&brdim=44%2C98%2C36%2C36%2C1280%2C%2C1158%2C613%2C1142%2C543&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=256&bc=1&bz=1.01&ifi=2&uci=a!2&dtd=1047
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: googleads.g.doubleclick.net
    Connection: Keep-Alive
    Cookie: IDE=AHWqTUnnmz6YXxUCp9Nr6XWOYu1WtCHnbIUsyzjUV-VYXldvPd99G-eLOSEOrkBnId4; DSID=NO_DATA
    Response
    HTTP/1.1 200 OK
    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Content-Security-Policy: script-src 'none'; object-src 'none'
    Access-Control-Allow-Origin: *
    Access-Control-Allow-Credentials: true
    Content-Type: text/html; charset=UTF-8
    X-Content-Type-Options: nosniff
    Date: Sat, 16 Mar 2024 14:16:13 GMT
    Server: cafe
    Content-Length: 0
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    tpc.googlesyndication.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    tpc.googlesyndication.com
    IN A
    Response
    tpc.googlesyndication.com
    IN A
    216.58.212.193
  • flag-gb
    GET
    https://tpc.googlesyndication.com/pagead/js/r20240313/r20110914/client/load_preloaded_resource.js
    IEXPLORE.EXE
    Remote address:
    216.58.212.193:443
    Request
    GET /pagead/js/r20240313/r20110914/client/load_preloaded_resource.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2686630533834406&output=html&h=250&slotname=8419186174&adk=3095244736&adf=1235099329&pi=t.ma~as.8419186174&w=300&lmt=1710598570&format=300x250&url=http%3A%2F%2Fleagueskin.net%2Fp%2Fmake-cover-facebook-style-league-of-legends-chn&wgl=1&dt=1710598569425&bpp=1&bdt=700&idt=1108&shv=r20240313&mjsv=m202403140101&ptt=9&saldr=aa&abxe=1&prev_fmts=617x90%2C617x280&correlator=7759368785907&frm=20&pv=1&ga_vid=437716039.1710598570&ga_sid=1710598570&ga_hid=366154949&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=259&ady=1311&biw=1142&bih=543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C95327951%2C95327955%2C31081902%2C31081718%2C95325785&oid=2&pvsid=737210755384549&tmod=1328044794&nvt=1&fc=1920&docm=11&brdim=44%2C98%2C36%2C36%2C1280%2C%2C1158%2C613%2C1142%2C543&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=1&bz=1.01&ifi=4&uci=a!4&btvi=2&dtd=1120
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: tpc.googlesyndication.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    Content-Disposition: attachment; filename="f.txt"
    Content-Encoding: gzip
    Server: cafe
    Content-Length: 1321
    X-XSS-Protection: 0
    Date: Fri, 15 Mar 2024 18:35:12 GMT
    Expires: Fri, 29 Mar 2024 18:35:12 GMT
    Cache-Control: public, max-age=1209600
    Age: 70860
    ETag: 16216481440669322801
    Content-Type: text/javascript; charset=UTF-8
    Vary: Accept-Encoding
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://tpc.googlesyndication.com/pagead/js/r20240313/r20110914/abg_lite.js
    IEXPLORE.EXE
    Remote address:
    216.58.212.193:443
    Request
    GET /pagead/js/r20240313/r20110914/abg_lite.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2686630533834406&output=html&h=250&slotname=8419186174&adk=3095244736&adf=1235099329&pi=t.ma~as.8419186174&w=300&lmt=1710598570&format=300x250&url=http%3A%2F%2Fleagueskin.net%2Fp%2Fmake-cover-facebook-style-league-of-legends-chn&wgl=1&dt=1710598569425&bpp=1&bdt=700&idt=1108&shv=r20240313&mjsv=m202403140101&ptt=9&saldr=aa&abxe=1&prev_fmts=617x90%2C617x280&correlator=7759368785907&frm=20&pv=1&ga_vid=437716039.1710598570&ga_sid=1710598570&ga_hid=366154949&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=259&ady=1311&biw=1142&bih=543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C95327951%2C95327955%2C31081902%2C31081718%2C95325785&oid=2&pvsid=737210755384549&tmod=1328044794&nvt=1&fc=1920&docm=11&brdim=44%2C98%2C36%2C36%2C1280%2C%2C1158%2C613%2C1142%2C543&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=1&bz=1.01&ifi=4&uci=a!4&btvi=2&dtd=1120
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: tpc.googlesyndication.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    Content-Disposition: attachment; filename="f.txt"
    Content-Encoding: gzip
    Server: cafe
    Content-Length: 11815
    X-XSS-Protection: 0
    Date: Sat, 16 Mar 2024 09:18:12 GMT
    Expires: Sat, 30 Mar 2024 09:18:12 GMT
    Cache-Control: public, max-age=1209600
    Age: 17880
    ETag: 10374153479694904093
    Content-Type: text/javascript; charset=UTF-8
    Vary: Accept-Encoding
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://tpc.googlesyndication.com/simgad/11083806412385181244/14763004658117789537?w=100&h=100&tw=1&q=75
    IEXPLORE.EXE
    Remote address:
    216.58.212.193:443
    Request
    GET /simgad/11083806412385181244/14763004658117789537?w=100&h=100&tw=1&q=75 HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2686630533834406&output=html&h=250&slotname=3338105376&adk=3020251315&adf=3177354834&pi=t.ma~as.3338105376&w=293&fwrn=4&fwrnh=100&lmt=1710598570&rafmt=1&format=293x250&url=http%3A%2F%2Fleagueskin.net%2Fp%2Fmake-cover-facebook-style-league-of-legends-chn&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1710598569426&bpp=1&bdt=701&idt=1122&shv=r20240313&mjsv=m202403140101&ptt=9&saldr=aa&abxe=1&prev_fmts=617x90%2C617x280%2C300x250&correlator=7759368785907&frm=20&pv=1&ga_vid=437716039.1710598570&ga_sid=1710598570&ga_hid=366154949&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=748&ady=70&biw=1142&bih=543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C95327951%2C95327955%2C31081902%2C31081718%2C95325785&oid=2&pvsid=737210755384549&tmod=1328044794&nvt=1&fc=1920&docm=11&brdim=44%2C98%2C36%2C36%2C1280%2C%2C1158%2C613%2C1142%2C543&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=1&bz=1.01&ifi=5&uci=a!5&dtd=1134
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: tpc.googlesyndication.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Access-Control-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="content-ads-owners"
    Report-To: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
    Timing-Allow-Origin: *
    Content-Length: 1567
    X-Content-Type-Options: nosniff
    Allow-Fenced-Frame-Automatic-Beacons: true
    X-DNS-Prefetch-Control: off
    Server: sffe
    X-XSS-Protection: 0
    Date: Sat, 16 Mar 2024 12:45:08 GMT
    Expires: Sun, 16 Mar 2025 12:45:08 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Thu, 24 Aug 2023 05:14:51 GMT
    Content-Type: image/jpeg
    Age: 5464
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://tpc.googlesyndication.com/pagead/js/r20240313/r20110914/client/window_focus.js
    IEXPLORE.EXE
    Remote address:
    216.58.212.193:443
    Request
    GET /pagead/js/r20240313/r20110914/client/window_focus.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2686630533834406&output=html&h=250&slotname=8419186174&adk=3095244736&adf=1235099329&pi=t.ma~as.8419186174&w=300&lmt=1710598570&format=300x250&url=http%3A%2F%2Fleagueskin.net%2Fp%2Fmake-cover-facebook-style-league-of-legends-chn&wgl=1&dt=1710598569425&bpp=1&bdt=700&idt=1108&shv=r20240313&mjsv=m202403140101&ptt=9&saldr=aa&abxe=1&prev_fmts=617x90%2C617x280&correlator=7759368785907&frm=20&pv=1&ga_vid=437716039.1710598570&ga_sid=1710598570&ga_hid=366154949&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=259&ady=1311&biw=1142&bih=543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C95327951%2C95327955%2C31081902%2C31081718%2C95325785&oid=2&pvsid=737210755384549&tmod=1328044794&nvt=1&fc=1920&docm=11&brdim=44%2C98%2C36%2C36%2C1280%2C%2C1158%2C613%2C1142%2C543&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=1&bz=1.01&ifi=4&uci=a!4&btvi=2&dtd=1120
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: tpc.googlesyndication.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    Content-Disposition: attachment; filename="f.txt"
    Content-Encoding: gzip
    Server: cafe
    Content-Length: 1449
    X-XSS-Protection: 0
    Date: Fri, 15 Mar 2024 21:49:47 GMT
    Expires: Fri, 29 Mar 2024 21:49:47 GMT
    Cache-Control: public, max-age=1209600
    Age: 59185
    ETag: 18393213423120915576
    Content-Type: text/javascript; charset=UTF-8
    Vary: Accept-Encoding
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://tpc.googlesyndication.com/pagead/js/r20240313/r20110914/client/qs_click_protection.js
    IEXPLORE.EXE
    Remote address:
    216.58.212.193:443
    Request
    GET /pagead/js/r20240313/r20110914/client/qs_click_protection.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2686630533834406&output=html&h=250&slotname=8419186174&adk=3095244736&adf=1235099329&pi=t.ma~as.8419186174&w=300&lmt=1710598570&format=300x250&url=http%3A%2F%2Fleagueskin.net%2Fp%2Fmake-cover-facebook-style-league-of-legends-chn&wgl=1&dt=1710598569425&bpp=1&bdt=700&idt=1108&shv=r20240313&mjsv=m202403140101&ptt=9&saldr=aa&abxe=1&prev_fmts=617x90%2C617x280&correlator=7759368785907&frm=20&pv=1&ga_vid=437716039.1710598570&ga_sid=1710598570&ga_hid=366154949&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=259&ady=1311&biw=1142&bih=543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C95327951%2C95327955%2C31081902%2C31081718%2C95325785&oid=2&pvsid=737210755384549&tmod=1328044794&nvt=1&fc=1920&docm=11&brdim=44%2C98%2C36%2C36%2C1280%2C%2C1158%2C613%2C1142%2C543&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=1&bz=1.01&ifi=4&uci=a!4&btvi=2&dtd=1120
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: tpc.googlesyndication.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Access-Control-Allow-Origin: *
    X-Content-Type-Options: nosniff
    Content-Disposition: attachment; filename="f.txt"
    Content-Encoding: gzip
    Server: cafe
    Content-Length: 11653
    X-XSS-Protection: 0
    Date: Fri, 15 Mar 2024 21:49:43 GMT
    Expires: Fri, 29 Mar 2024 21:49:43 GMT
    Cache-Control: public, max-age=1209600
    Age: 59189
    ETag: 12023220663331010176
    Content-Type: text/javascript; charset=UTF-8
    Vary: Accept-Encoding
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://tpc.googlesyndication.com/simgad/18012794321068723114/14763004658117789537?w=100&h=100&tw=1&q=75
    IEXPLORE.EXE
    Remote address:
    216.58.212.193:443
    Request
    GET /simgad/18012794321068723114/14763004658117789537?w=100&h=100&tw=1&q=75 HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2686630533834406&output=html&h=250&slotname=3338105376&adk=3020251315&adf=3177354834&pi=t.ma~as.3338105376&w=293&fwrn=4&fwrnh=100&lmt=1710598570&rafmt=1&format=293x250&url=http%3A%2F%2Fleagueskin.net%2Fp%2Fmake-cover-facebook-style-league-of-legends-chn&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1710598569426&bpp=1&bdt=701&idt=1122&shv=r20240313&mjsv=m202403140101&ptt=9&saldr=aa&abxe=1&prev_fmts=617x90%2C617x280%2C300x250&correlator=7759368785907&frm=20&pv=1&ga_vid=437716039.1710598570&ga_sid=1710598570&ga_hid=366154949&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=748&ady=70&biw=1142&bih=543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C95327951%2C95327955%2C31081902%2C31081718%2C95325785&oid=2&pvsid=737210755384549&tmod=1328044794&nvt=1&fc=1920&docm=11&brdim=44%2C98%2C36%2C36%2C1280%2C%2C1158%2C613%2C1142%2C543&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=1&bz=1.01&ifi=5&uci=a!5&dtd=1134
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: tpc.googlesyndication.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Access-Control-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="content-ads-owners"
    Report-To: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
    Timing-Allow-Origin: *
    Content-Length: 4885
    X-Content-Type-Options: nosniff
    Allow-Fenced-Frame-Automatic-Beacons: true
    X-DNS-Prefetch-Control: off
    Server: sffe
    X-XSS-Protection: 0
    Date: Fri, 15 Mar 2024 09:39:38 GMT
    Expires: Sat, 15 Mar 2025 09:39:38 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Mon, 20 Feb 2023 12:01:31 GMT
    Content-Type: image/png
    Age: 102994
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://tpc.googlesyndication.com/sodar/sodar2.js
    IEXPLORE.EXE
    Remote address:
    216.58.212.193:443
    Request
    GET /sodar/sodar2.js HTTP/1.1
    Accept: application/javascript, */*;q=0.8
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: tpc.googlesyndication.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Vary: Accept-Encoding
    Content-Encoding: gzip
    Content-Type: text/javascript
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="adspam-signals-scs"
    Report-To: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
    Date: Sat, 16 Mar 2024 14:16:14 GMT
    Expires: Sat, 16 Mar 2024 14:16:14 GMT
    Cache-Control: private, max-age=3000
    ETag: "1637097310169751"
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
    IEXPLORE.EXE
    Remote address:
    216.58.212.193:443
    Request
    GET /sodar/sodar2/225/runner.html HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: tpc.googlesyndication.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Accept-Ranges: bytes
    Content-Encoding: gzip
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Opener-Policy: same-origin; report-to="adspam-signals-scs"
    Report-To: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
    Content-Length: 5046
    X-Content-Type-Options: nosniff
    Server: sffe
    X-XSS-Protection: 0
    Date: Fri, 15 Mar 2024 09:19:33 GMT
    Expires: Sat, 15 Mar 2025 09:19:33 GMT
    Cache-Control: public, max-age=31536000
    Last-Modified: Mon, 21 Jun 2021 20:47:05 GMT
    Content-Type: text/html
    Vary: Accept-Encoding
    Age: 104201
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://tpc.googlesyndication.com/generate_204?WDUA_g
    IEXPLORE.EXE
    Remote address:
    216.58.212.193:443
    Request
    GET /generate_204?WDUA_g HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: tpc.googlesyndication.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 204 No Content
    Content-Length: 0
    Cross-Origin-Resource-Policy: cross-origin
    Date: Sat, 16 Mar 2024 14:16:15 GMT
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    www.google.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    142.250.178.4
  • flag-us
    DNS
    www.google.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.google.com
    IN A
  • flag-gb
    GET
    https://www.google.com/pagead/drt/ui
    IEXPLORE.EXE
    Remote address:
    142.250.178.4:443
    Request
    GET /pagead/drt/ui HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
    Cache-Control: private
    Content-Type: text/html; charset=UTF-8
    X-Content-Type-Options: nosniff
    Date: Sat, 16 Mar 2024 14:16:13 GMT
    Server: cafe
    Content-Length: 0
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://www.google.com/pagead/drt/ui
    IEXPLORE.EXE
    Remote address:
    142.250.178.4:443
    Request
    GET /pagead/drt/ui HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
    Cache-Control: private
    Content-Type: text/html; charset=UTF-8
    X-Content-Type-Options: nosniff
    Date: Sat, 16 Mar 2024 14:16:13 GMT
    Server: cafe
    Content-Length: 0
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://www.google.com/pagead/drt/ui
    IEXPLORE.EXE
    Remote address:
    142.250.178.4:443
    Request
    GET /pagead/drt/ui HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
    Cache-Control: private
    Content-Type: text/html; charset=UTF-8
    X-Content-Type-Options: nosniff
    Date: Sat, 16 Mar 2024 14:16:13 GMT
    Server: cafe
    Content-Length: 0
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-gb
    GET
    https://www.google.com/recaptcha/api2/aframe
    IEXPLORE.EXE
    Remote address:
    142.250.178.4:443
    Request
    GET /recaptcha/api2/aframe HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Referer: http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Content-Type: text/html; charset=utf-8
    Cross-Origin-Resource-Policy: cross-origin
    Cross-Origin-Embedder-Policy: require-corp
    Report-To: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
    Expires: Sat, 16 Mar 2024 14:16:14 GMT
    Date: Sat, 16 Mar 2024 14:16:14 GMT
    Cache-Control: private, max-age=300
    Content-Security-Policy: script-src 'nonce-SzrGNmM6NevRWNNo0tqtuw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
    Content-Encoding: gzip
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 1; mode=block
    Server: GSE
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    Transfer-Encoding: chunked
  • flag-gb
    GET
    https://www.google.com/pagead/drt/ui
    IEXPLORE.EXE
    Remote address:
    142.250.178.4:443
    Request
    GET /pagead/drt/ui HTTP/1.1
    Accept: text/html, application/xhtml+xml, */*
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: www.google.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    Timing-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    Location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
    Cache-Control: private
    Content-Type: text/html; charset=UTF-8
    X-Content-Type-Options: nosniff
    Date: Sat, 16 Mar 2024 14:16:13 GMT
    Server: cafe
    Content-Length: 0
    X-XSS-Protection: 0
    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
  • flag-us
    DNS
    fe0.google.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    fe0.google.com
    IN A
    Response
  • 107.152.32.179:80
    http://s.modskinpro.com/location.php
    http
    6aJ.exe
    373 B
    505 B
    6
    5

    HTTP Request

    GET http://s.modskinpro.com/location.php

    HTTP Response

    200
  • 172.67.182.236:80
    http://leagueskin.net/js/ui-bootstrap-tpls-2.5.0.min.js
    http
    IEXPLORE.EXE
    1.4kB
    34.5kB
    21
    29

    HTTP Request

    GET http://leagueskin.net/js/ui-bootstrap-tpls-2.5.0.min.js

    HTTP Response

    200
  • 172.67.182.236:80
    http://leagueskin.net/css/my-template.css?c=5
    http
    IEXPLORE.EXE
    1.2kB
    11.9kB
    12
    16

    HTTP Request

    GET http://leagueskin.net/p/make-cover-facebook-style-league-of-legends-chn

    HTTP Response

    200

    HTTP Request

    GET http://leagueskin.net/css/my-template.css?c=5

    HTTP Response

    200
  • 172.67.182.236:80
    http://leagueskin.net/js/script.js?c=3
    http
    IEXPLORE.EXE
    862 B
    9.7kB
    10
    12

    HTTP Request

    GET http://leagueskin.net/js/script.js?c=3

    HTTP Response

    200
  • 172.67.182.236:80
    http://leagueskin.net/image/fav.ico
    http
    IEXPLORE.EXE
    1.5kB
    7.5kB
    11
    12

    HTTP Request

    GET http://leagueskin.net/js/apps/CoverLOL.js?u=7

    HTTP Response

    200

    HTTP Request

    GET http://leagueskin.net/image/fav.ico

    HTTP Response

    200
  • 142.250.180.2:80
    pagead2.googlesyndication.com
    IEXPLORE.EXE
    190 B
    92 B
    4
    2
  • 142.250.180.2:80
    http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
    http
    IEXPLORE.EXE
    1.8kB
    66.8kB
    31
    51

    HTTP Request

    GET http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

    HTTP Response

    200
  • 104.17.25.14:80
    cdnjs.cloudflare.com
    IEXPLORE.EXE
    236 B
    172 B
    5
    4
  • 104.17.25.14:80
    http://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/fonts/fontawesome-webfont.eot?
    http
    IEXPLORE.EXE
    3.2kB
    79.2kB
    43
    62

    HTTP Request

    GET http://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/css/font-awesome.min.css

    HTTP Response

    200

    HTTP Request

    GET http://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/fonts/fontawesome-webfont.eot?

    HTTP Response

    200
  • 104.18.10.207:80
    maxcdn.bootstrapcdn.com
    IEXPLORE.EXE
    236 B
    172 B
    5
    4
  • 104.18.10.207:80
    http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/fonts/glyphicons-halflings-regular.eot?
    http
    IEXPLORE.EXE
    2.4kB
    47.5kB
    27
    42

    HTTP Request

    GET http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css

    HTTP Response

    200

    HTTP Request

    GET http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/fonts/glyphicons-halflings-regular.eot?

    HTTP Response

    200
  • 104.22.74.171:80
    http://whos.amung.us/widget/leagueskin.png
    http
    IEXPLORE.EXE
    646 B
    972 B
    6
    5

    HTTP Request

    GET http://whos.amung.us/widget/leagueskin.png

    HTTP Response

    307
  • 104.22.74.171:80
    http://whos.amung.us/widget/xqja1tkgyuec.png
    http
    IEXPLORE.EXE
    694 B
    972 B
    7
    5

    HTTP Request

    GET http://whos.amung.us/widget/xqja1tkgyuec.png

    HTTP Response

    307
  • 142.250.187.202:443
    https://ajax.googleapis.com/ajax/libs/angularjs/1.5.3/angular-animate.min.js
    tls, http
    IEXPLORE.EXE
    1.6kB
    15.8kB
    16
    17

    HTTP Request

    GET https://ajax.googleapis.com/ajax/libs/angularjs/1.5.3/angular-animate.min.js

    HTTP Response

    200
  • 142.250.187.202:443
    https://ajax.googleapis.com/ajax/libs/angularjs/1.5.3/angular.min.js
    tls, http
    IEXPLORE.EXE
    2.3kB
    64.5kB
    34
    51

    HTTP Request

    GET https://ajax.googleapis.com/ajax/libs/angularjs/1.5.3/angular.min.js

    HTTP Response

    200
  • 172.67.182.236:80
    http://img.leagueskin.net/upload/resize/image__20170420_1.jpg
    http
    IEXPLORE.EXE
    942 B
    13.4kB
    11
    13

    HTTP Request

    GET http://img.leagueskin.net/upload/resize/image__20170420_1.jpg

    HTTP Response

    200
  • 172.67.182.236:80
    http://img.leagueskin.net/upload/resize/image__20170313.jpg
    http
    IEXPLORE.EXE
    1.0kB
    20.1kB
    13
    18

    HTTP Request

    GET http://img.leagueskin.net/upload/resize/image__20170313.jpg

    HTTP Response

    200
  • 172.67.182.236:80
    http://img.leagueskin.net/upload/resize/image__20170420.jpg
    http
    IEXPLORE.EXE
    986 B
    15.6kB
    12
    15

    HTTP Request

    GET http://img.leagueskin.net/upload/resize/image__20170420.jpg

    HTTP Response

    200
  • 172.67.182.236:80
    http://img.leagueskin.net/upload/resize/image__20160608_1.jpg
    http
    IEXPLORE.EXE
    896 B
    11.4kB
    10
    12

    HTTP Request

    GET http://img.leagueskin.net/upload/resize/image__20160608_1.jpg

    HTTP Response

    200
  • 172.67.182.236:80
    http://img.leagueskin.net/upload/resize/image__20170314.jpg
    http
    IEXPLORE.EXE
    986 B
    16.6kB
    12
    15

    HTTP Request

    GET http://img.leagueskin.net/upload/resize/image__20170314.jpg

    HTTP Response

    200
  • 172.67.8.141:80
    http://widgets.amung.us/classic/00/26.png
    http
    IEXPLORE.EXE
    1.1kB
    4.1kB
    8
    8

    HTTP Request

    GET http://widgets.amung.us/classic/00/33.png

    HTTP Response

    200

    HTTP Request

    GET http://widgets.amung.us/classic/00/26.png

    HTTP Response

    200
  • 172.67.8.141:80
    widgets.amung.us
    IEXPLORE.EXE
    466 B
    92 B
    10
    2
  • 142.250.200.34:443
    https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
    tls, http
    IEXPLORE.EXE
    5.4kB
    60.5kB
    43
    52

    HTTP Request

    GET https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2686630533834406&output=html&h=280&slotname=3338105376&adk=3777204485&adf=2289084161&pi=t.ma~as.3338105376&w=617&fwrn=4&fwrnh=100&lmt=1710598570&rafmt=1&format=617x280&url=http%3A%2F%2Fleagueskin.net%2Fp%2Fmake-cover-facebook-style-league-of-legends-chn&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1710598569423&bpp=2&bdt=700&idt=1052&shv=r20240313&mjsv=m202403140101&ptt=9&saldr=aa&abxe=1&prev_fmts=617x90&correlator=7759368785907&frm=20&pv=1&ga_vid=437716039.1710598570&ga_sid=1710598570&ga_hid=366154949&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=101&ady=808&biw=1142&bih=543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C95327951%2C95327955%2C31081902%2C31081718%2C95325785&oid=2&pvsid=737210755384549&tmod=1328044794&nvt=1&fc=1920&docm=11&brdim=44%2C98%2C36%2C36%2C1280%2C%2C1158%2C613%2C1142%2C543&vis=1&rsz=%7C%7CEebr%7C&abl=CS&pfx=0&fu=128&bc=1&bz=1.01&ifi=3&uci=a!3&btvi=1&dtd=1070

    HTTP Response

    200

    HTTP Request

    GET https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

    HTTP Response

    200
  • 142.250.200.34:443
    https://googleads.g.doubleclick.net/pagead/adview?ai=CzvdKq6n1ZdGlGbqqtOUPjcOWOPSDoLB28NfemdUSsciQ2-cNEAEg7Nu5KmDJBqABwfzC4CjIAQGpApzIbW2TRLI-qAMByAPLBKoEhQJP0HMW3CgU3Dp3lSqI7mL9_gKY0Nb0ijBpWEmtLCunjL1-v2Knk6fSHLdwh4aGd4CSHaEXSw3vaEqWpTT-DIxqXPFH-oOpCQNHIEYNlO36X3fGOZ2RRmr8PjrpllxwPMM4T8R1mj_PTRH3DzvnREQ8RknIhMm0Dy1G_13TlI5ySJXiJUGLnQWmavxDQnCEm2YdAfFt8SS3N5H0Pw2eOtuqMcBONINpSsfvUn5_gobMpGrZ2fv7lfgtbgLkJ2f-I_nUVG7cMesJY17GxVtj3Z8sxkCMMG1EUuiXsZ73lRKgzpCKPrVBYwtXQLvy6XpaPdWEjzTEMYpXFPHiv3L1Tm-ZYw-5CUvABITTprfXBIgF4rbmtk6SBQQIBBgBkgUECAUYBIAHwbSTwAOoB9m2sQKoB6--sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAtgHAfIHBBCJ2knSCCQIgGEQARgfMgKKAjoJgECAwICAgKAoSL39wTpYtd3Kofz4hAOaCRtodHRwczovL3RlbXBvc2VhcmNoLmNvbS9kc3KACgHICwHaDBAKChDwvczLufXhqAkSAgED2BMM0BUBgBcBshccChoIABIUcHViLTI2ODY2MzA1MzM4MzQ0MDYYALIYCRICi1QYASIBAA&sigh=hT5DKrXPg_U&uach_m=%5BUACH%5D&ase=2&cid=CAQSTgB7FLtqn0wpGoY37Tvcgqr3SLkkKP9e9XoVfy0J2NCakWqUJe9ERG0OL2POBhrAKzLU1kbjfpGrrY1Pv-zjdwv0S78rKBcMyT8jGp0JwxgB&template_id=5007&cbvp=2&vis=1&nis=5
    tls, http
    IEXPLORE.EXE
    10.1kB
    57.3kB
    46
    54

    HTTP Request

    GET https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2686630533834406&output=html&h=90&slotname=2651854175&adk=24163497&adf=315909458&pi=t.ma~as.2651854175&w=617&lmt=1710598570&rafmt=12&format=617x90&url=http%3A%2F%2Fleagueskin.net%2Fp%2Fmake-cover-facebook-style-league-of-legends-chn&wgl=1&dt=1710598569421&bpp=2&bdt=706&idt=1004&shv=r20240313&mjsv=m202403140101&ptt=9&saldr=aa&abxe=1&correlator=7759368785907&frm=20&pv=2&ga_vid=437716039.1710598570&ga_sid=1710598570&ga_hid=366154949&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=101&ady=268&biw=1142&bih=543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C95327951%2C95327955%2C31081902%2C31081718%2C95325785&oid=2&pvsid=737210755384549&tmod=1328044794&nvt=1&fc=1920&docm=11&brdim=44%2C98%2C36%2C36%2C1280%2C%2C1158%2C613%2C1142%2C543&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=256&bc=1&bz=1.01&ifi=2&uci=a!2&dtd=1047

    HTTP Response

    200

    HTTP Request

    GET https://googleads.g.doubleclick.net/pagead/adview?ai=CnU-3q6n1ZZPZKZKRtOUPgNG9yAvYnPqWdq3QisSUEuOl4J-uAhABIOzbuSpgyQagAcm6_-woyAEBqQKcyG1tk0SyPqgDAcgDywSqBIUCT9DCyvCNDhOZpqpvN6ciGQ2-YSBqOu47DpwB9Qp4Z1sIaq-5Z-lzEX7kmnv7BTIjUkwxt8RJfRj7dY1Lb7-4AkbQnk6okWtlxIUZ72ztHBVQNY1LHIE2crvLyUrCChY2ZiClBzM7l2qlwPt8Q7t74F9xSh6s7GMDuLA4qoRfrl_9FsaPGhtCXEqedb3hvy_7HKYfVVbWEj_ykHZTf_pdikbIsaPggUhAeUKbsh0rQB1GSEIIupoNyztRoMoGdh7rHaF8tRIa9MEd7ecECkryWqkfpEd6JF5qlZgoux-gSnBhJSnFxKVTj9BiAUDAdvoQ4CAVbuzlXYGa10Oj9G_DDtid1WrkwATZ76TJxASIBcTmhYxOkgUECAQYAZIFBAgFGASAB8nyz8wDqAfZtrECqAevvrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQLYBwHyBwQQoq4h0ggkCIBhEAEYHzICigI6CYBAgMCAgICgKEi9_cE6WO2S26H8-IQDmgkbaHR0cHM6Ly90ZW1wb3NlYXJjaC5jb20vZHNygAoByAsB2gwRCgsQwI6a8KbMu8vhARICAQPYEwzQFQGYFgGAFwGyFxwKGggAEhRwdWItMjY4NjYzMDUzMzgzNDQwNhgAshgJEgKxXxgBIgEA&sigh=BQX6gHCCSlc&uach_m=%5BUACH%5D&ase=2&cid=CAQSTgB7FLtq1XuqCKGv7bQ-LgQneVcyvyay0XFbr2XwfDhi5RoT2_UA9sDy2WnYGDwQZTmZj4B2Ci8p-mttsbARDmRfcS-Wrsdu8o7a6Wa4eBgB&cbvp=2&vis=1&nis=5

    HTTP Response

    200

    HTTP Request

    GET https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

    HTTP Response

    200

    HTTP Request

    GET https://googleads.g.doubleclick.net/pagead/adview?ai=CzvdKq6n1ZdGlGbqqtOUPjcOWOPSDoLB28NfemdUSsciQ2-cNEAEg7Nu5KmDJBqABwfzC4CjIAQGpApzIbW2TRLI-qAMByAPLBKoEhQJP0HMW3CgU3Dp3lSqI7mL9_gKY0Nb0ijBpWEmtLCunjL1-v2Knk6fSHLdwh4aGd4CSHaEXSw3vaEqWpTT-DIxqXPFH-oOpCQNHIEYNlO36X3fGOZ2RRmr8PjrpllxwPMM4T8R1mj_PTRH3DzvnREQ8RknIhMm0Dy1G_13TlI5ySJXiJUGLnQWmavxDQnCEm2YdAfFt8SS3N5H0Pw2eOtuqMcBONINpSsfvUn5_gobMpGrZ2fv7lfgtbgLkJ2f-I_nUVG7cMesJY17GxVtj3Z8sxkCMMG1EUuiXsZ73lRKgzpCKPrVBYwtXQLvy6XpaPdWEjzTEMYpXFPHiv3L1Tm-ZYw-5CUvABITTprfXBIgF4rbmtk6SBQQIBBgBkgUECAUYBIAHwbSTwAOoB9m2sQKoB6--sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAtgHAfIHBBCJ2knSCCQIgGEQARgfMgKKAjoJgECAwICAgKAoSL39wTpYtd3Kofz4hAOaCRtodHRwczovL3RlbXBvc2VhcmNoLmNvbS9kc3KACgHICwHaDBAKChDwvczLufXhqAkSAgED2BMM0BUBgBcBshccChoIABIUcHViLTI2ODY2MzA1MzM4MzQ0MDYYALIYCRICi1QYASIBAA&sigh=hT5DKrXPg_U&uach_m=%5BUACH%5D&ase=2&cid=CAQSTgB7FLtqn0wpGoY37Tvcgqr3SLkkKP9e9XoVfy0J2NCakWqUJe9ERG0OL2POBhrAKzLU1kbjfpGrrY1Pv-zjdwv0S78rKBcMyT8jGp0JwxgB&template_id=5007&cbvp=2&vis=1&nis=5

    HTTP Response

    200
  • 142.250.200.34:443
    https://googleads.g.doubleclick.net/pagead/adview?ai=Chedjq6n1ZbSdF9GhtOUP_dSRwAWQ1vemdqyJirrsEZf94IeSDhABIOzbuSpgyQagAZ67g_spyAEBqQKcyG1tk0SyPqgDAcgDywSqBIUCT9BQMdozDPUSdE4qrgvJGxSReo6-ttZEiau9EFpceyWZKOI-VRK2eSeXryjoVAl778z-aOjccQ9-3NcRvnctRWgPhTEsWwIXOJur1qZzEoj3_caNmL8ppvLBwuLvqLEVveKfhyJTDPBVRnUWG50WOic2Ex-Jm6RiVNg6P4COccCPDTvkyxqbPFNgcT_DAcT-hDKOSmRJADeCRx08InIPVN8jb9ZXBjTlRrzl8LDE3rV393ybuINthkWv24d2nbbhfrq8d-6hZF6lxOWSMvJsmC_0zST-Q1nxaOX5PNnmXNiybfHYSgCFDopbS4DT2pWpfZo3Fs_PXK8mr-fXZUn55pCSPDsIwAT82paP3QSIBfSUtO5NkgUECAQYAZIFBAgFGASAB57z09oEqAfZtrECqAevvrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQLYBwHyBwQQkacR0ggkCIBhEAEYHzICigI6CYBAgMCAgICgKEi9_cE6WPS-yKH8-IQDmgkbaHR0cHM6Ly90ZW1wb3NlYXJjaC5jb20vZHNygAoByAsB2gwRCgsQgPHPi8qx37CVARICAQPYEwzQFQGAFwGyFxwKGggAEhRwdWItMjY4NjYzMDUzMzgzNDQwNhgAshgFGAEiAQA&sigh=VusWyA4BuB0&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwB7FLtqtghzhU9_EJbqE-Xyn8AfyqSPUONsQb02vwPFjKtHC5nLYFSmeynaxmw4HPnyrGGpNVC7ubjmotoINAUs0JW7fvcYtChGdHt7DzcYAQ&template_id=5028&cbvp=2&vis=1&nis=5
    tls, http
    IEXPLORE.EXE
    7.7kB
    56.6kB
    42
    53

    HTTP Request

    GET https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2686630533834406&output=html&h=250&slotname=8419186174&adk=3095244736&adf=1235099329&pi=t.ma~as.8419186174&w=300&lmt=1710598570&format=300x250&url=http%3A%2F%2Fleagueskin.net%2Fp%2Fmake-cover-facebook-style-league-of-legends-chn&wgl=1&dt=1710598569425&bpp=1&bdt=700&idt=1108&shv=r20240313&mjsv=m202403140101&ptt=9&saldr=aa&abxe=1&prev_fmts=617x90%2C617x280&correlator=7759368785907&frm=20&pv=1&ga_vid=437716039.1710598570&ga_sid=1710598570&ga_hid=366154949&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=259&ady=1311&biw=1142&bih=543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C95327951%2C95327955%2C31081902%2C31081718%2C95325785&oid=2&pvsid=737210755384549&tmod=1328044794&nvt=1&fc=1920&docm=11&brdim=44%2C98%2C36%2C36%2C1280%2C%2C1158%2C613%2C1142%2C543&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=1&bz=1.01&ifi=4&uci=a!4&btvi=2&dtd=1120

    HTTP Response

    200

    HTTP Request

    GET https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

    HTTP Response

    200

    HTTP Request

    GET https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

    HTTP Response

    200

    HTTP Request

    GET https://googleads.g.doubleclick.net/pagead/adview?ai=Chedjq6n1ZbSdF9GhtOUP_dSRwAWQ1vemdqyJirrsEZf94IeSDhABIOzbuSpgyQagAZ67g_spyAEBqQKcyG1tk0SyPqgDAcgDywSqBIUCT9BQMdozDPUSdE4qrgvJGxSReo6-ttZEiau9EFpceyWZKOI-VRK2eSeXryjoVAl778z-aOjccQ9-3NcRvnctRWgPhTEsWwIXOJur1qZzEoj3_caNmL8ppvLBwuLvqLEVveKfhyJTDPBVRnUWG50WOic2Ex-Jm6RiVNg6P4COccCPDTvkyxqbPFNgcT_DAcT-hDKOSmRJADeCRx08InIPVN8jb9ZXBjTlRrzl8LDE3rV393ybuINthkWv24d2nbbhfrq8d-6hZF6lxOWSMvJsmC_0zST-Q1nxaOX5PNnmXNiybfHYSgCFDopbS4DT2pWpfZo3Fs_PXK8mr-fXZUn55pCSPDsIwAT82paP3QSIBfSUtO5NkgUECAQYAZIFBAgFGASAB57z09oEqAfZtrECqAevvrECqAfVyRuoB6a-G6gHjs4bqAeT2BuoB-6WsQKoB_6esQLYBwHyBwQQkacR0ggkCIBhEAEYHzICigI6CYBAgMCAgICgKEi9_cE6WPS-yKH8-IQDmgkbaHR0cHM6Ly90ZW1wb3NlYXJjaC5jb20vZHNygAoByAsB2gwRCgsQgPHPi8qx37CVARICAQPYEwzQFQGAFwGyFxwKGggAEhRwdWItMjY4NjYzMDUzMzgzNDQwNhgAshgFGAEiAQA&sigh=VusWyA4BuB0&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwB7FLtqtghzhU9_EJbqE-Xyn8AfyqSPUONsQb02vwPFjKtHC5nLYFSmeynaxmw4HPnyrGGpNVC7ubjmotoINAUs0JW7fvcYtChGdHt7DzcYAQ&template_id=5028&cbvp=2&vis=1&nis=5

    HTTP Response

    200
  • 142.250.200.34:443
    https://googleads.g.doubleclick.net/pagead/adview?ai=CtsqRq6n1ZevKKcSstOUP2JWmwAbYnPqWdq3QisSUEuOl4J-uAhABIOzbuSpgyQagAcm6_-woyAEBqQKcyG1tk0SyPqgDAcgDywSqBIECT9CVofj_r57Tb6C4QctxsF5rZIf0k_fRFW20507QngTDvzHMK1nwjLAJ-tlwZI4uz5WZXGshARl5PTM6GCtt-xx9OR7QFF9M24BqWCdKK5qsn9uS_jtiv3N4qBFiMcx_j2WOA5QOHa536nCBkAdd2efp7KEX7YguWMBTTLbF99v_JXrU3a_7gxP4s9uDXRz-5SNKU8T_nypXBM-xlqxBj-G81wrOzpcOY6o4liJIkxxsX2Gjlfgv6SKA6dCqQiCsHxQCNYdVDbCk7J9GKt_SUaYD_affxco89MAT3QMi8HMl9p1seBzIYq9XovWPNHRyuEklOId79Ll0pW5uSX3NbDzABNnvpMnEBIgFxOaFjE6SBQQIBBgBkgUECAUYBIAHyfLPzAOoB9m2sQKoB6--sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAtgHAfIHBRD3rusB0ggkCIBhEAEYHzICigI6CYBAgMCAgICgKEi9_cE6WOCC26H8-IQDmgkbaHR0cHM6Ly90ZW1wb3NlYXJjaC5jb20vZHNygAoByAsB2gwQCgoQsLzv2KXWmsdzEgIBA9gTDNAVAZgWAYAXAbIXHAoaCAASFHB1Yi0yNjg2NjMwNTMzODM0NDA2GACyGAkSArFfGAEiAQA&sigh=mbKgzF1L6Lg&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwB7FLtqb47ACqRLrTdToqggwLbnpGvpkI3M87iS9FVB7cZG7m66yicLe7rAdMC4sHpeC6Si1pvgc5oA3Z8LFycufLeLyIMsOSYDPUJsGfsYAQ&cbvp=2&vis=1&nis=5
    tls, http
    IEXPLORE.EXE
    6.2kB
    56.6kB
    39
    50

    HTTP Request

    GET https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2686630533834406&output=html&h=250&slotname=3338105376&adk=3020251315&adf=3177354834&pi=t.ma~as.3338105376&w=293&fwrn=4&fwrnh=100&lmt=1710598570&rafmt=1&format=293x250&url=http%3A%2F%2Fleagueskin.net%2Fp%2Fmake-cover-facebook-style-league-of-legends-chn&fwr=0&rpe=1&resp_fmts=3&wgl=1&dt=1710598569426&bpp=1&bdt=701&idt=1122&shv=r20240313&mjsv=m202403140101&ptt=9&saldr=aa&abxe=1&prev_fmts=617x90%2C617x280%2C300x250&correlator=7759368785907&frm=20&pv=1&ga_vid=437716039.1710598570&ga_sid=1710598570&ga_hid=366154949&ga_fc=0&u_tz=0&u_his=1&u_h=720&u_w=1280&u_ah=680&u_aw=1280&u_cd=24&u_sd=1&adx=748&ady=70&biw=1142&bih=543&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081828%2C95327951%2C95327955%2C31081902%2C31081718%2C95325785&oid=2&pvsid=737210755384549&tmod=1328044794&nvt=1&fc=1920&docm=11&brdim=44%2C98%2C36%2C36%2C1280%2C%2C1158%2C613%2C1142%2C543&vis=1&rsz=%7C%7CEe%7C&abl=CS&pfx=0&fu=128&bc=1&bz=1.01&ifi=5&uci=a!5&dtd=1134

    HTTP Response

    200

    HTTP Request

    GET https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

    HTTP Response

    200

    HTTP Request

    GET https://googleads.g.doubleclick.net/pagead/adview?ai=CtsqRq6n1ZevKKcSstOUP2JWmwAbYnPqWdq3QisSUEuOl4J-uAhABIOzbuSpgyQagAcm6_-woyAEBqQKcyG1tk0SyPqgDAcgDywSqBIECT9CVofj_r57Tb6C4QctxsF5rZIf0k_fRFW20507QngTDvzHMK1nwjLAJ-tlwZI4uz5WZXGshARl5PTM6GCtt-xx9OR7QFF9M24BqWCdKK5qsn9uS_jtiv3N4qBFiMcx_j2WOA5QOHa536nCBkAdd2efp7KEX7YguWMBTTLbF99v_JXrU3a_7gxP4s9uDXRz-5SNKU8T_nypXBM-xlqxBj-G81wrOzpcOY6o4liJIkxxsX2Gjlfgv6SKA6dCqQiCsHxQCNYdVDbCk7J9GKt_SUaYD_affxco89MAT3QMi8HMl9p1seBzIYq9XovWPNHRyuEklOId79Ll0pW5uSX3NbDzABNnvpMnEBIgFxOaFjE6SBQQIBBgBkgUECAUYBIAHyfLPzAOoB9m2sQKoB6--sQKoB9XJG6gHpr4bqAeOzhuoB5PYG6gH7paxAqgH_p6xAtgHAfIHBRD3rusB0ggkCIBhEAEYHzICigI6CYBAgMCAgICgKEi9_cE6WOCC26H8-IQDmgkbaHR0cHM6Ly90ZW1wb3NlYXJjaC5jb20vZHNygAoByAsB2gwQCgoQsLzv2KXWmsdzEgIBA9gTDNAVAZgWAYAXAbIXHAoaCAASFHB1Yi0yNjg2NjMwNTMzODM0NDA2GACyGAkSArFfGAEiAQA&sigh=mbKgzF1L6Lg&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwB7FLtqb47ACqRLrTdToqggwLbnpGvpkI3M87iS9FVB7cZG7m66yicLe7rAdMC4sHpeC6Si1pvgc5oA3Z8LFycufLeLyIMsOSYDPUJsGfsYAQ&cbvp=2&vis=1&nis=5

    HTTP Response

    200
  • 216.58.212.193:443
    tpc.googlesyndication.com
    tls
    IEXPLORE.EXE
    762 B
    4.7kB
    10
    9
  • 216.58.212.193:443
    https://tpc.googlesyndication.com/simgad/11083806412385181244/14763004658117789537?w=100&h=100&tw=1&q=75
    tls, http
    IEXPLORE.EXE
    5.2kB
    23.1kB
    20
    24

    HTTP Request

    GET https://tpc.googlesyndication.com/pagead/js/r20240313/r20110914/client/load_preloaded_resource.js

    HTTP Response

    200

    HTTP Request

    GET https://tpc.googlesyndication.com/pagead/js/r20240313/r20110914/abg_lite.js

    HTTP Response

    200

    HTTP Request

    GET https://tpc.googlesyndication.com/simgad/11083806412385181244/14763004658117789537?w=100&h=100&tw=1&q=75

    HTTP Response

    200
  • 216.58.212.193:443
    https://tpc.googlesyndication.com/pagead/js/r20240313/r20110914/client/window_focus.js
    tls, http
    IEXPLORE.EXE
    2.1kB
    6.9kB
    10
    10

    HTTP Request

    GET https://tpc.googlesyndication.com/pagead/js/r20240313/r20110914/client/window_focus.js

    HTTP Response

    200
  • 216.58.212.193:443
    https://tpc.googlesyndication.com/generate_204?WDUA_g
    tls, http
    IEXPLORE.EXE
    5.5kB
    38.2kB
    30
    38

    HTTP Request

    GET https://tpc.googlesyndication.com/pagead/js/r20240313/r20110914/client/qs_click_protection.js

    HTTP Response

    200

    HTTP Request

    GET https://tpc.googlesyndication.com/simgad/18012794321068723114/14763004658117789537?w=100&h=100&tw=1&q=75

    HTTP Response

    200

    HTTP Request

    GET https://tpc.googlesyndication.com/sodar/sodar2.js

    HTTP Response

    200

    HTTP Request

    GET https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

    HTTP Response

    200

    HTTP Request

    GET https://tpc.googlesyndication.com/generate_204?WDUA_g

    HTTP Response

    204
  • 142.250.178.4:443
    https://www.google.com/pagead/drt/ui
    tls, http
    IEXPLORE.EXE
    1.1kB
    5.6kB
    11
    11

    HTTP Request

    GET https://www.google.com/pagead/drt/ui

    HTTP Response

    302
  • 142.250.178.4:443
    https://www.google.com/pagead/drt/ui
    tls, http
    IEXPLORE.EXE
    1.1kB
    5.6kB
    11
    11

    HTTP Request

    GET https://www.google.com/pagead/drt/ui

    HTTP Response

    302
  • 142.250.178.4:443
    https://www.google.com/recaptcha/api2/aframe
    tls, http
    IEXPLORE.EXE
    1.6kB
    7.4kB
    14
    16

    HTTP Request

    GET https://www.google.com/pagead/drt/ui

    HTTP Response

    302

    HTTP Request

    GET https://www.google.com/recaptcha/api2/aframe

    HTTP Response

    200
  • 142.250.178.4:443
    https://www.google.com/pagead/drt/ui
    tls, http
    IEXPLORE.EXE
    1.1kB
    5.6kB
    11
    11

    HTTP Request

    GET https://www.google.com/pagead/drt/ui

    HTTP Response

    302
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
    7.7kB
    10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    799 B
    7.7kB
    10
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    877 B
    7.7kB
    11
    12
  • 8.8.8.8:53
    s.modskinpro.com
    dns
    6aJ.exe
    62 B
    78 B
    1
    1

    DNS Request

    s.modskinpro.com

    DNS Response

    107.152.32.179

  • 8.8.8.8:53
    leagueskin.net
    dns
    IEXPLORE.EXE
    60 B
    92 B
    1
    1

    DNS Request

    leagueskin.net

    DNS Response

    172.67.182.236
    104.21.64.111

  • 8.8.8.8:53
    maxcdn.bootstrapcdn.com
    dns
    IEXPLORE.EXE
    69 B
    101 B
    1
    1

    DNS Request

    maxcdn.bootstrapcdn.com

    DNS Response

    104.18.10.207
    104.18.11.207

  • 8.8.8.8:53
    cdnjs.cloudflare.com
    dns
    IEXPLORE.EXE
    66 B
    98 B
    1
    1

    DNS Request

    cdnjs.cloudflare.com

    DNS Response

    104.17.25.14
    104.17.24.14

  • 8.8.8.8:53
    img.leagueskin.net
    dns
    IEXPLORE.EXE
    64 B
    96 B
    1
    1

    DNS Request

    img.leagueskin.net

    DNS Response

    172.67.182.236
    104.21.64.111

  • 8.8.8.8:53
    whos.amung.us
    dns
    IEXPLORE.EXE
    59 B
    107 B
    1
    1

    DNS Request

    whos.amung.us

    DNS Response

    104.22.74.171
    172.67.8.141
    104.22.75.171

  • 8.8.8.8:53
    ajax.googleapis.com
    dns
    IEXPLORE.EXE
    65 B
    81 B
    1
    1

    DNS Request

    ajax.googleapis.com

    DNS Response

    142.250.187.202

  • 8.8.8.8:53
    widgets.amung.us
    dns
    IEXPLORE.EXE
    62 B
    110 B
    1
    1

    DNS Request

    widgets.amung.us

    DNS Response

    172.67.8.141
    104.22.75.171
    104.22.74.171

  • 8.8.8.8:53
    embed.widgetpack.com
    dns
    IEXPLORE.EXE
    66 B
    134 B
    1
    1

    DNS Request

    embed.widgetpack.com

  • 8.8.8.8:53
    googleads.g.doubleclick.net
    dns
    IEXPLORE.EXE
    73 B
    89 B
    1
    1

    DNS Request

    googleads.g.doubleclick.net

    DNS Response

    142.250.200.34

  • 8.8.8.8:53
    tpc.googlesyndication.com
    dns
    IEXPLORE.EXE
    71 B
    87 B
    1
    1

    DNS Request

    tpc.googlesyndication.com

    DNS Response

    216.58.212.193

  • 8.8.8.8:53
    www.google.com
    dns
    IEXPLORE.EXE
    120 B
    76 B
    2
    1

    DNS Request

    www.google.com

    DNS Request

    www.google.com

    DNS Response

    142.250.178.4

  • 8.8.8.8:53
    fe0.google.com
    dns
    IEXPLORE.EXE
    60 B
    110 B
    1
    1

    DNS Request

    fe0.google.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Fraps\data\Aatrox.jpg

    Filesize

    2KB

    MD5

    86d5ffe2d4b1d6cee733545f94318497

    SHA1

    481e24429563efe543f9c691100a00bd9351ad39

    SHA256

    7330d6b01b100e786175380388f17e15362796034f2cf0538dd54a5f619018f0

    SHA512

    05a410de84af4592a5499511f7e19a68c5d842f9729df28a5085d22fe1cd7a8d9e7d305639e762330576d192e10024bd34c6da68668f458ad057777814418094

  • C:\Fraps\data\Ahri.jpg

    Filesize

    2KB

    MD5

    d9bd25224aa2498fcf7c452825681c1f

    SHA1

    fd1ce923ffc0e5db574b9aca9acbed725abcbd88

    SHA256

    7743fa84a04fd32649b2d405516285f155683862f157eddbfd2c68ccab204879

    SHA512

    65e8a7f4ef807570f25b3e1e53ef9031aa56ed3cac402e99adf54ee5d0ed2e793798dc5f55f0f3042634233c7a7b718b0e8082558e60bccaab978d0e9add6555

  • C:\Fraps\data\Akali.jpg

    Filesize

    2KB

    MD5

    27ed1f09db99d75b09b44652b29bad11

    SHA1

    7387ecd3befc161349cfb71d7f3001936d528a5c

    SHA256

    4fedb39ba7b3b5a5f2e3191fca0753af4628343982ed318af270dfd19fbc28ad

    SHA512

    328e6147c1b69e7c4279fe42cc22d9d87c41728bd11885cead005900e1d096dd60ea2430146775b2f96637318891e09b61660101d56fd9d359c2404662271a99

  • C:\Fraps\data\Akshan.jpg

    Filesize

    2KB

    MD5

    9eeebd9ef2c12ff98fa5ebc1e7f98fe0

    SHA1

    eb44a83daa2290c5c90cdaed8807a549a83ff543

    SHA256

    edfb55e6875af8901a722721c4a536249f8401fad2cb0621b40c5447e8068c9d

    SHA512

    dea2660cfb8cf5002968d3faec1db198bd8022b724990b0d17f7621e21a4875659783d90b6a6511636514bfdb69a7f40e42b948ddcb218c16be185837ba4ddb0

  • C:\Fraps\data\Alistar.jpg

    Filesize

    2KB

    MD5

    6d143011393c8a81ce2703aaa1397108

    SHA1

    bb1893ef07a2c0adfdb836a8d826fd16a9528690

    SHA256

    01caad5ea1f869a63488c630f3921c29e275abf1dfe8c0c05f9f8b1b85eff668

    SHA512

    a0a32601cacecd4f838d0f3720497f14cea6f67e8173210aae33056252103fcaa7cc36f7ab282a22cd28b048854687df25b5eeaf361240ff5313a65b5b103781

  • C:\Fraps\data\Amumu.jpg

    Filesize

    2KB

    MD5

    6432e5b78ac194554d925db5adc58ae1

    SHA1

    e470630215a97c0c9f760b1bbb80ac9405c8c75b

    SHA256

    fc31ecf2dd0e4f543756b7e507bb666d43037494c0c8da1d602333a238dbc40d

    SHA512

    fa153379cd998dde630d2a20f8a504b1f2fe31fa154cc8e928ea96161dfc6b42ae2746f8b7d7fe341e739464e2427b9485b015f0e099a85c07f057868faebd84

  • C:\Fraps\data\Anivia.jpg

    Filesize

    3KB

    MD5

    49623765801dc613710ee2e69b38e39d

    SHA1

    00c74a1aa0108ed908e2a74c0844d9af03413edb

    SHA256

    4a89d9679ebad1da3220b759d686565891bde6aa2cf975a252675e7c02e6a8d7

    SHA512

    75a48c22b8994bd443b6ca21184fe581e56d28f92342401504d8a33a0241afe15a4fd0c89beac3e4682932ac48b2f2a1f126c12da7281c0be4bd293996707011

  • C:\Fraps\data\Annie.jpg

    Filesize

    2KB

    MD5

    1782b6d5ca65fe7a5aec922d35e3ac88

    SHA1

    7e7dfdbf9bff1d4124a0c3ca0e0642e96527b678

    SHA256

    8530ee6918ed06dac2ed6e1ac04587cbf08bb483bd567e33960b0add7ecf8090

    SHA512

    0e217f1d31d220d38040698f920c2386aa8891a39429f1ac770a605277a18c6ef4f3cde9f6f4aa76d1e917a1fbd01728a1c758d9451ea801566c1d0709aa4ac0

  • C:\Fraps\data\Aphelios.jpg

    Filesize

    2KB

    MD5

    f01c01627c66ba6a5a52b16df75e8ab7

    SHA1

    f2ea76f09d0291fefe8f137eb78bf6360a774ee8

    SHA256

    ab2fd494d306948cfaeff5c0bab478209fe4a719894a52b7c4fd5a0d93418423

    SHA512

    6874335f0f8f73b31071a7fb4018e4cae7fa2ad9eba6bfab8e8e868f5acd1e19dee4ac0573b4ad614f3d4e5d86504178773a792171a4425b51b4259c3cced5e6

  • C:\Fraps\data\Ashe.jpg

    Filesize

    3KB

    MD5

    048b8f5e25771c5a003fcf383b46cea6

    SHA1

    eb915ec1af4d3805db23e75c1006d0c84c7d91f5

    SHA256

    84e32c03e410e5a67a743e26491bf1bbad5461efcd427a62859e303f6664e974

    SHA512

    b5af2b49563ca456034df3c838dafe0c629c2a06ef1752d446e036d21bb8ab96299fd9333cdac075dd6cd38c24186744f96c97dba4fee09d3850a0c1b5385370

  • C:\Fraps\data\AurelionSol.jpg

    Filesize

    2KB

    MD5

    e17a1a62d73947b513d4367bb895491a

    SHA1

    575446d7654a7c35e6c204241e9f70999a866cf8

    SHA256

    ecc6ca5b3915e5abfe54dbc705c1c8a4c69d98aa8ad794467075d9e6f481891d

    SHA512

    7422fecaee253f587e9b8eba5e2fc9ec3d080291852ebe05dd2217dfb058972064a8b54860acc804e46c2df32947bb9387bfef9df39ddbded63436bc83b17417

  • C:\Fraps\data\Azir.jpg

    Filesize

    3KB

    MD5

    f4f83206637cefaf0e028651a5062e01

    SHA1

    48886a726461b5d5fbb6a7a1ea5545519ac1d7a8

    SHA256

    6250106b1f077bcf10ad966a1f88a67b5a22e596e3133735aa851d81f6ce6f4c

    SHA512

    996ce89a0aaf8f56d5479f6e280c97a6596f2cf84d4430625e325fbaeca44cb67e3d001e69ace45566fc9b25b2485c0d8514a493371ea470f43c6fb36c407bd9

  • C:\Fraps\data\Bard.jpg

    Filesize

    2KB

    MD5

    12683f279bd0cc4dc6cb56700370377c

    SHA1

    9f024f3a0fab9f4fab0cfadc73eb2227395603ad

    SHA256

    fb57d887c4273f94641799b5c3b4cf07320dc2d0ed9bb4d108d35929e57a97f3

    SHA512

    d03c4a1c1cc0acf727a2716510d43ae4adcda449f416e020c63f0924d0f16bcfd1873cf30bf431e6083d37c10ace7f096b31c5bce57f17e1c4161c6072875713

  • C:\Fraps\data\Blitzcrank.jpg

    Filesize

    3KB

    MD5

    0d7d95e37e33728c0c5879eb15021113

    SHA1

    9f8b82c6dbe9543ce2fa1ea1cad0410065ac4fa0

    SHA256

    847c9a2fe0f4d93449f452c8c08a04b7c5e258c5a0c8ec9e82f778c01ec46ab7

    SHA512

    4c65f0772debfc9a9023cd00327ccb5f840aa819e811b229f5f5b357c17e2d9298b894050b9ef3e863dd288bd82788acd4f3aca21478d2ff7a4bb9fcdf1c7d25

  • C:\Fraps\data\Brand.jpg

    Filesize

    3KB

    MD5

    d7546d8cf809c6f946bce3b21f8efbd8

    SHA1

    ca5fa2fff44f4e0ee91e445ed0488f9585a6a63f

    SHA256

    a8dcd6ea1b403e6b2d0a5d7da82abe3da54c781fd07eb88311ba6bea48b2fc45

    SHA512

    1c4e5f802430fb6b476925e485147079f151e1c9e0cab0ea23affd8a191c9cc6a8a24b40f796079523d81804f6fee896086dc14efcfe894adc32d66ca12f3665

  • C:\Fraps\data\Braum.jpg

    Filesize

    2KB

    MD5

    a4bab2a4421699ca21d0da1965740eaf

    SHA1

    e421ca1e8d8047a050a7a0ded4bde1a836b5f6af

    SHA256

    cd1f1b3ac70c1f0282549918b6580fd9dc84de90d099ebb2db71d5e4f7695bdc

    SHA512

    ba34250bf6a7d781efcd414568541a38eb70e9e3f01092d6b81cff6cae5e942ccc50137f3cf9065007b3109e5c42e2c77c799a9bcc4f21cdc9b71eba40a6b547

  • C:\Fraps\data\Caitlyn.jpg

    Filesize

    2KB

    MD5

    1c6fe44737cd9dba2f18499fa543c2cc

    SHA1

    1078ac2b2113d6d50fc0daf42fbfff155984cfdc

    SHA256

    6a73773164d12dbf8fd6625d3b01695178f08fee3119c3d89f26a24b217b5d5a

    SHA512

    7d2b0bd04618d036044b82326b3483062e951855c9831a785eb0244eabbf2ca1db82ebe6ee1a1fdc49db88acca9fc9c79c72fd5ac727717c0cdd39af4815a953

  • C:\Fraps\data\Camille.jpg

    Filesize

    2KB

    MD5

    2332373e2a133be87b56b0b833969c26

    SHA1

    d37a1a7d771536e4143a5bec9cdce211be7eb767

    SHA256

    9487e90f127e84f2ec22f4cded3595b19691bab024dcbce7e25524283b9103bc

    SHA512

    e347163c167e71ae5e577858bab62a91483a3e7d465a3f9fe27b374bbddef665a63b4804591d25933cb1212e264eef933d94a713cbe654b87a89ab62665cdd2c

  • C:\Fraps\data\Cassiopeia.jpg

    Filesize

    2KB

    MD5

    b2b812403dc5857ca10ab070e20e7c57

    SHA1

    e9fb727dfbb0070a4104bcbe334fb75f52b35f2e

    SHA256

    c12585bc45d54a7a52d287dee8f57cc7af92c66695603f344b17565fb7186492

    SHA512

    f64e84e9194d94ffccbad7e4204d4f10badd0779ed7e6b0fa250a1dbc27b4e14ddc17aad8176418322184ad962383f48a554a08b4d49e06eac1674a5b9741f95

  • C:\Fraps\data\Chogath.jpg

    Filesize

    3KB

    MD5

    205f5e5ebbb1a39059c49a66a56af752

    SHA1

    c009e2e910c4e801e51e89fbc3671fafc78b2620

    SHA256

    17a4b65c72952811e12af8dc52be40d136a52139d97cdaa8b3eaa85eee9dcfe6

    SHA512

    8f55c5f4d8e3b3284bc8a84947b9fb6aafc4b181a316ede5c56d3e9c1f34eaa31b7ef17598c05fae1dd739ba187af67776d59a37e638b8738fc722e2afe1b1db

  • C:\Fraps\data\Corki.jpg

    Filesize

    2KB

    MD5

    d8ba213c2c4171a8e06beb26d5fe8a13

    SHA1

    5b21d5853b533d67b2255cc899706567aa8b8866

    SHA256

    965c040bc208b189be5aa88a23fd6ba2b531613b0856922365eeab0872188d9e

    SHA512

    e390cfcfe51b2aaf7a52c25f72843064c225d147f69a047ef9b6935198ab5d4e2e978a41312f523bb4fda28b7ec30844aa5174b8965607b0bf4b5c506254ffcd

  • C:\Fraps\data\Darius.jpg

    Filesize

    2KB

    MD5

    3b124920a70dfdbed2e1bbd29aaa9c4c

    SHA1

    8c2cff9f77fe0e478febde393dabf9fa002474ad

    SHA256

    d51ff576198c29118b5093f2bf74b36ef4b5e50c3e68fd3562eb20407bcfa933

    SHA512

    b367c07de1f8f1c6e78aa7fa7f1be078b6700585ae91dfad3d18cefe223109fd7e5992dc6b3c77fccd35ef9c6216c0a3cd45100c22d38ea9545c8ce33337d762

  • C:\Fraps\data\Default\All.ini

    Filesize

    1KB

    MD5

    67ad1fefc8406ad6b28c42ec1aea7457

    SHA1

    cbd0f5dc7b9276cfb7b8445d804712d7ee2b073c

    SHA256

    abfa47e39005947c5e8e3944e061c6940e7f564e80074847835433216c7797d3

    SHA512

    731a01150bdff27112c4db3393eaf4b6bf1dbcb5fc8544c48311af7cf173f15c5e0d10809fb2bbe7551b099be91bb598aca6a399b624652c63d5498a92ed1352

  • C:\Fraps\data\Default\Config.ini

    Filesize

    1KB

    MD5

    e3a33b332d831f9df34b52e27fb38cf4

    SHA1

    d25658e1826f21fa0a7be249379afb5fec8bc1d5

    SHA256

    a83a471ab0bccad73e021f6f71797616833a60279777b66671ec5219b88d9e90

    SHA512

    93f3657326737cca9dbe8f2101cf9d565faafe041a58701b527215adccac194bd3341553f3d099bbdf77b0734ef1d0f802b1a29ad95b10df0d72ff1c1057ef99

  • C:\Fraps\data\Diana.jpg

    Filesize

    2KB

    MD5

    035b003a752d22cc0ef5973090993e17

    SHA1

    b9563006f176018a7bfb37d46433ba4f6720eb26

    SHA256

    ac9309f94d0b6279272dca7a35e081a539254ed14af36eba2c0431f895978c2d

    SHA512

    7e899b84bc22343c41e1cf0c4519da1b561f85852513fd6102a47e8547b8b18f8039b8d45ffe81902d1fa524e85f6f9f5cd7b12ef7309d7cc95f6afa1dc2b903

  • C:\Fraps\data\DrMundo.jpg

    Filesize

    2KB

    MD5

    0a6ca32f36606cf0237b7e4ae89dfb3b

    SHA1

    4014eda3486514a1b49a9026390ce59a3532e85f

    SHA256

    1b65db05ee95a0ceb7c8574b2a6e9cc801f67c85e5d0a9c757fd05531d3fd74e

    SHA512

    f1553400385d78690b278a1c1101c4001eec89c7382c7ce82e32bda82bf7fbf07aeaf53064197f5bd52067fda03adb086ba288e57ddd8bc3030c78da465171e7

  • C:\Fraps\data\Draven.jpg

    Filesize

    2KB

    MD5

    7af7e23289495a3944cb345a961e809d

    SHA1

    f2a6eb1d2c4a5e7739ff4a9d420667a80ff47310

    SHA256

    4e7d4e3f70b9253a59897f93d156626120cde6d12203dc84b2c258aa2301dc54

    SHA512

    a59878f78feee1f5fb4332f4689503c510a2118139c88c29aed70c2ad2648078441a97b0ab48c268206dc7dda0685599308b57bf46b8164b688f177f4c502353

  • C:\Fraps\data\Ekko.jpg

    Filesize

    2KB

    MD5

    62ec1e8a11855ce2b6b0d6f4a0e5f402

    SHA1

    b63b1b65062b0bfba10aa56edd557abbf96e1f7b

    SHA256

    dda98680ca4aac63407290a45d9a0ebea45731d8c9cd5560b93f59d3c966d694

    SHA512

    82218a383f76bfdc5fa12f60b90893e551b1a1d38f8613835100e97d91901281c5cfaa36b1f29732c45d31d4868ff217b2c23f8b7615d9c2aaccef1358566369

  • C:\Fraps\data\Elise.jpg

    Filesize

    2KB

    MD5

    f514abd1af9f4dc3d3b002c3303d781a

    SHA1

    fad834c2ed2a5adbd2e2f4b1612e53772ec2835e

    SHA256

    54950fd50096dc35e3e8e0ddcf9e31f03cddc8789872945de5d831fb0e255881

    SHA512

    d5e43dd8d82cba6d4570dffb9a0fded155ce22adfe162919b373d81d5a2c80c82e6d11bcea358e0a2f4760f7ac66180cf4971ad3c2025092771357933efeee88

  • C:\Fraps\data\Evelynn.jpg

    Filesize

    2KB

    MD5

    2e6eb6e17c794a4704dab6e1ff90a546

    SHA1

    2473eb2b872419f9c41caf2293e6745f01d874ca

    SHA256

    906e1ab0a3b0a75984863afbd0d300fdaedd0058c22823bb75d1f536c03af8e0

    SHA512

    c6e6d67c290fb1f554884eeadde02d9f9877f77cdce124a5b9fbbc10714d485bd0aced20109661a13017856d213e2aaced95eae19dd589b7c41fb0bd045d1d3b

  • C:\Fraps\data\Ezreal.jpg

    Filesize

    2KB

    MD5

    b283c8779680d2c6f1704b8ee8e07d5a

    SHA1

    ee2874c6a9ae6866e0e783ea2e7a3376bc958cd9

    SHA256

    42e0547d35a4c61a0348390b2751e50432bb77343023fc92409bddc1c4ebe53a

    SHA512

    8629589312c1bb2203888c6976ea65b4da0f7420fb07d1a59313892f56a929a5ba38c47ed28344ee65350e9b86a230f55b48a4138526075cab77d0895c44d372

  • C:\Fraps\data\Fiddlesticks.jpg

    Filesize

    2KB

    MD5

    37392d7809709050d327e0f475ca7b21

    SHA1

    73b537116332581368a47386d33ded35913f8273

    SHA256

    d6b72b99d0e8668d41ea486511ae89879ef61d62d5e3ec3353b2bb4ed0b22c5d

    SHA512

    390f87fbc2d23dac12ae6a927240be7a032fe35a17b4f4e352375f5d9909b044a7a7ce08e1b881ed340c39850a84bf07b30aaa5cdc5ed48e1ef76a1866dbfb09

  • C:\Fraps\data\Fiora.jpg

    Filesize

    2KB

    MD5

    06c864491cf9d86f425366c3a69b776d

    SHA1

    71140e94511a88fc130f89473402839928bdfad9

    SHA256

    836a9b9eff8d6e269ea9157673f3635ee0e78e0e08751e38032e136b1bc3ff99

    SHA512

    323819a22c6bbc647c32d9e06f02aa4439a920d6d01aa5504a9293091ec4524e04406e7ccd48026467d965a21728f4229a86bae014f99385f4c9d0b11940af4f

  • C:\Fraps\data\Fizz.jpg

    Filesize

    2KB

    MD5

    05a379a87077ea57cf46ae03f2e36fc6

    SHA1

    173523b8c23ee68f451c483547dafbb9edbc3dc9

    SHA256

    9c92a996c6eb7766f4d7ae46109747d51f774c78ae87cdba0a27e554c7a2f7b7

    SHA512

    104b5bb3c4faf99d47281b5af907bb0c07ee437c784e372dc3ae9b4e6946e520915660a291f9798d0cd46d61137c40bb24ea59d956fda8557fb607614a35c950

  • C:\Fraps\data\Galio.jpg

    Filesize

    2KB

    MD5

    e6e553bd976cfa9b83589e60f6ffb9d7

    SHA1

    126fe29eee6aabae76181e038a7b400b72ed6a6b

    SHA256

    e2dc2fe8eab127db0233fbda6ddf119c7b3f7e840760ffa94a2591e3bd19ed86

    SHA512

    956348fc81b83a7661c6a3d018ecc60aed4dc7edd2f6289130e1bf8664b8dafeb4abc805c71e87cd82f9da0d666082b81aa642679703627d55ffb853dcafc054

  • C:\Fraps\data\Gangplank.jpg

    Filesize

    2KB

    MD5

    ab859ee908ad5cec92ad736ee6c1eb72

    SHA1

    a6476469eb8309a7168d8dd01f3554156ebe0530

    SHA256

    5d8439bc389118b0c6e05018f596dbaa7b11de28ea3991fa71d43bb68f0b09d9

    SHA512

    2ca92200ca6fb47f57923c24c4f4e0d39c05b3201adce255c7401154ae3049ce3596ee25f4f295772c21e4ca0b8908bc58fdbf08641f2992e479ed4fc0a622e7

  • C:\Fraps\data\Garen.jpg

    Filesize

    3KB

    MD5

    9b46e4f2f240c6a7b9ded8c98eea9083

    SHA1

    1c1c6878382d0994f1617fb78109b7fbe6f30da1

    SHA256

    b930a70294b0d0f7de6a8162adc4cb9657379310bde008772be09d144bf317c1

    SHA512

    61eabe329c52cf1622e71a146e262d0575c7b876852aa351c0f5e15c1b81d3189efa4d58ba68f5d3f885315dbebd9a6c7e9205c406e87ee36bf022c8224cdf85

  • C:\Fraps\data\Gnar.jpg

    Filesize

    2KB

    MD5

    db856ef3848374c74b35c9a527f4cf20

    SHA1

    9f3b7f1075c6a5d860ad8f566a776898db8ddc58

    SHA256

    c2ee8c74dd05f3817d861261237a712812dcfa0f0902574ddb97eec7ddcdea11

    SHA512

    571948396da30d75393f6a53d8d37796e84edd1ec196a12400b2cd048a394d52eeb74bf80e1f1c31016c8e590db68dc734e33c0be75da77970f8b1c9d9de2438

  • C:\Fraps\data\Gragas.jpg

    Filesize

    2KB

    MD5

    d589706fb647d777d778893b174a703b

    SHA1

    9ad2ca71f906314d086be3d6790982e53ddaaa7d

    SHA256

    33181ecd61ce50fc77653cbf59d930ef08aafe20a3c160723793d3ebc2ac278d

    SHA512

    89f6b47e3e86e72ee811ab0140dd93960e6f488e7ecce8dfee74eebf141fff84d8b156b7fead0f6856795cabb87c0ae958a03a53a4734199733dc6e13468ff4c

  • C:\Fraps\data\Graves.jpg

    Filesize

    2KB

    MD5

    a1c63a181dd61acffd7856806ca32c2b

    SHA1

    de120f5ea3a05cd71b9c750dfc100ed8ef989ab9

    SHA256

    0139a54e8ec233997ec5ebc159787dedf627e2b34f9abe48d1c32b60b71e2093

    SHA512

    6e252bbc0690f1fa18fd452ca71fa857b70ee511f9dbfe02b3135e6d3859378426158b7ee45132ccbc35242ec20305c54b01c41a407699f7dfe857135f011673

  • C:\Fraps\data\Gwen.jpg

    Filesize

    3KB

    MD5

    e7617b294709c99c2f61fa15e2fa7308

    SHA1

    df00a8b41e99f24e6cb4e1ff2aaa27d5cd487d82

    SHA256

    cf77ae993fd7633e10d815f02951c360b81652c2d951af0fdd97384e7b67dbcb

    SHA512

    8775fa7fa2486a25cce14d533ab8234545f99bc3b06da43c4405ba457104d9e0b6ffbd0cde7bbab7328361bcfd3b964b8cad8ce60a042c65940be4ef16ed0bf6

  • C:\Fraps\data\Hecarim.jpg

    Filesize

    3KB

    MD5

    faa67dbe39186098e1fc6957b480b986

    SHA1

    75dc9e3504a9823d903b9d7a9e5da485c35ebecb

    SHA256

    e761356c8cd6357ad5a7c1649df02d5e82884e2b5394ba35104b59d9cb40393a

    SHA512

    2a8cec1ccf26d9f69d8b0e40cbb9d98483a1cd13df78c374700a3f7a5b3c37aeb7f5d09afa2920c1fb695bf49420418d0bd615cee02a99e17fe5863466f36e68

  • C:\Fraps\data\Heimerdinger.jpg

    Filesize

    3KB

    MD5

    26e2755476fd77cbac93b541438fd8cf

    SHA1

    e318567f667b77ca9dd612c4dfe8b5ab1813b969

    SHA256

    659980902d01da802f140025f8de2a5e4f75722da953e814ab16cd255825c5bb

    SHA512

    333bd89da7fe8ab84b05a8cfbeba51b090d2940014c216abd331998f8b0537db23bad5b0d81cb10efec95008589046e2b183fc361dfc47a936e686239e441b6f

  • C:\Fraps\data\Illaoi.jpg

    Filesize

    2KB

    MD5

    d7dc4fe07ab04c6d0f30c1f88730d4e4

    SHA1

    6f02da0a8c5efb3eb7d5f434ad71126ad1e88c86

    SHA256

    eb420cd069c17b5952330d6357cf4aa5f4fbfcceff28b50708eb427a830c96fe

    SHA512

    febfda8063f76893aafc7c30df67073a6c491ecdac0022f69e932bf2a5a3ab957e151df12b48163d57197f3443d0563e43b770dfa752b1e9285fa7a19dd1e6be

  • C:\Fraps\data\Irelia.jpg

    Filesize

    2KB

    MD5

    1e11bb6328fb1db42cae92567e2bedb2

    SHA1

    a78caa2961caa8c4379e2a8a7b7f987192c85464

    SHA256

    cbd614a83b659128b76941ac5c93e1150a9af3dd53fb51879bfb742b3e27762d

    SHA512

    93668611753e18c47929cad15d71ee8c1ce5571c8dc87dbf3348a51fec2aafaf88baf294096cf7f95bdc4cbe1328f6ce024e958d0bea2abc90a13f6b7b39134d

  • C:\Fraps\data\Ivern.jpg

    Filesize

    2KB

    MD5

    5f2d4903ce20b6401c42158d7f2bb745

    SHA1

    93aa1a6330989a76cc6bec6943b594e95d3f52af

    SHA256

    2a28330a379f57c53d694eaa2a0a1ed253f6d1956bb2e4a5fb575c01af37d1e0

    SHA512

    a6e231270fb7ceba79d8f69f0955958f4733d3b401baf1ac6b1e1a4d69a9d7e2ff7779a30cb5c960b2648f9a69b5e7af1c11d32be0155d38fb94aa9e89087050

  • C:\Fraps\data\Janna.jpg

    Filesize

    2KB

    MD5

    bc33e20904a4928ad098e40db0b94228

    SHA1

    e2fdac7a5d56ecebf1feaeec4740c6201ec2e03b

    SHA256

    65d433783846ef908ca178216f2a958522a2212e7ee65b1b9f86cb4af96e697f

    SHA512

    ae2f88b1290acc3a8fe6b91ef16989406167c4df9618ae054a8a49849f5557fe4aa39dcc8a8d6075e2c0d632fee9d089e0b35b12c0c4928768b4b45484ab842a

  • C:\Fraps\data\JarvanIV.jpg

    Filesize

    3KB

    MD5

    6fab5c8673f39141d54590d0d2be9697

    SHA1

    a2e29ad19b2cf377fa4981e49325a5a7013749ed

    SHA256

    7d1cda62b88a8f88e584c43ba1a785d186834cf756e594fd7d5e9e478ed6b7d0

    SHA512

    56e4aad6ef6186f9e7cfc8f2392c033b571a1a809beff15e1cbf54b6a1a17fe37f607de27c64d2a0e3afa41f2cdb596114406ac9664d388a76dafccfe758b602

  • C:\Fraps\data\Jax.jpg

    Filesize

    2KB

    MD5

    3189ea9a57ecea8218cc995cb0408374

    SHA1

    a7bd160ae151a00ee53c25f7c9fe6bee7a86e7be

    SHA256

    53cfce80f876f2cc9c331385360d942ae4f6ff4bf3300d8fd44c9abd3e199f1e

    SHA512

    2f25ae92d3a159637319482585be1909e6e61de32d2bad4de521a77193105dab2fa982958cb089092aabdf69f39469e40c427cc28e6b8ceb8ba2baee331ccfa9

  • C:\Fraps\data\Jayce.jpg

    Filesize

    2KB

    MD5

    a6f9c5b99698872b8d0d58a03f4a87de

    SHA1

    6313e8ea7e92d8886dd2e18fb0a6ce6cf54054be

    SHA256

    4c0bfc836d20a53d40ae312da1525e462f7ff9e3f940037089b1692d2f6960e5

    SHA512

    f274251d0197a6e1eb9c7f7ee4f7ad9c7d7d6c0713d51638b4ca53c330fa9f508b72ce4551875419c7d2f522468fe8bbb5e1689b7feee12c691020e32c89e69b

  • C:\Fraps\data\Jhin.jpg

    Filesize

    2KB

    MD5

    0d05e6ca2566b9781e31740da6d14024

    SHA1

    063acec73208caff62a063bc0a11bfd192cdaee5

    SHA256

    0110c22d3b35ace7965f0a83d636d4c09c13373a9670a8b764b41e9b244d7085

    SHA512

    3d419482861dd73e95532be5e0d15d644aeceed98fe4721100f34cb75c09c06f74b36ab618675f53a20adbb3770720396d7a9499b780f4570d1878696feacbd6

  • C:\Fraps\data\Jinx.jpg

    Filesize

    3KB

    MD5

    60cd937f8222136dcd20984de4ea9118

    SHA1

    b38bb11fc9ae195cc0c8e6639e621e4026671475

    SHA256

    71c109572402ba2fb15b80c21e24141a952f7f3c9fbff7fd2699ddb335fc4960

    SHA512

    979c1676c3ce2bbb532eb3ec180a2271ed3fcd4123803916c8b05083f4c29c4e6fa95c11fae1501a317988f0169e7cfcd68dc4d28d517b0c3c0102a871498ada

  • C:\Fraps\data\Kaisa.jpg

    Filesize

    2KB

    MD5

    b8794c53bb0e9bb1b9e28456c3a8c69f

    SHA1

    64889ee85fc94970e9197dba5951b798fb38c432

    SHA256

    3cd3ea02225dc231afe2fa07860788707d4850624ff85012151e6e1691a704a0

    SHA512

    a769cc32026d0dcfa2ed4079f9baa897e8c9e27ee74b1aa3b3703c47028e09cd36e08999a6c74cd78018355b76c813473cc7afd618f7dbb6c90a8f543f055be5

  • C:\Fraps\data\Kalista.jpg

    Filesize

    2KB

    MD5

    9f9daff62f4e90e7bd44a4ae87fdabd9

    SHA1

    15636171ded08eb7834352d189d27add5a1fbf3b

    SHA256

    768d8ae60e561889744f5c6732cd10924eb8c88104335d3921985dc9c5ddb23c

    SHA512

    f353a08315d75d2335bc379a25a3e0df772a55319b33dadc62409ffd17100928c0092781bed0e48cf7ea91a78705ae1b3b5f98f94ec189944aaa05b59f50abac

  • C:\Fraps\data\Karma.jpg

    Filesize

    3KB

    MD5

    e2280413717d5a28fa410224eaadbf91

    SHA1

    41162ecddbf95102661498e905fda96545a58ee9

    SHA256

    6d7ce4d8355406dcf79a7ad32257d697be40d77b851b94fb2da4b442bccfc5ca

    SHA512

    705fe385ed1da1f7f2cfdfdf90fb6d9d33b1fdee0dee6eac09c4f263e51eaa5c6a676fe5d8ae50983f221c5a8f7981156925ba6691b52a341e9f3b2bbafd737a

  • C:\Fraps\data\Karthus.jpg

    Filesize

    2KB

    MD5

    dde4a3e2d5039fdd81fe179c69fb89a1

    SHA1

    6a9d05872c89c1d2b33adde5fdfb16e9492d4277

    SHA256

    178352cd17fc1dd40f80213ef2bf38f53b80107570e354d13d16d088c90feca9

    SHA512

    e249ce77cdc98223661cbc69ab06c320028f770f42a1e0055f9eda73bf2c2fe28dac78641573c29d5092a4cd67acebc07dbb9eb4f21ede4e96cf707828672a62

  • C:\Fraps\data\My\Config.ini

    Filesize

    43B

    MD5

    94d57358c2d6f96a8b965e20555cd564

    SHA1

    f8738ed8da322894782d1c3a7fca92036a95d9ad

    SHA256

    81ab494fe2bcaa1f5d37ff9565f3f3ead24897794b611bc79d184eb01eb6bd20

    SHA512

    9e8aec6bef7601b04435581f785e3d3e5623f38805c898d63e270b8488e84ad506ff9296d2e0a7b8e41c1efef4d2526aa5ae0d4e9bfe0a579a39ecded76e39b0

  • C:\Fraps\data\font.ttf

    Filesize

    31KB

    MD5

    169a18caf29078b016d60796993684af

    SHA1

    a6e35ca6adf18b74a33708c7599faac8660440eb

    SHA256

    59ebc9e21f2b7f706a313c7188b26d3f69431487ec73da963923fd8d4e1ce6b1

    SHA512

    5a2c9ce02584f144fcae7c9e1ad07bb7d71a9e46e638ce970e9d3cd4fc11aad18aae260c8a1fcd3dd28b0b2fdd56f8de943de6e91e8f3c8213ef88a2c3f36b2f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c22814f7dc6a2750d7ae39fb9b077492

    SHA1

    991663598ce90abce6f951b792203640703124a6

    SHA256

    a83c3dd74dd73c916e6635c4c414b8d5c4eea135559c76e069a8a1d9befa0fb4

    SHA512

    4a645ee0b86417036c47c78bd6be48e279b48c4b14abeca6a70000c76b38b81585ff5c4029c60cf627ccf12fd1f32e432ee701a8ec1ce467356fc8ff5d6b4e0e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8458f5fea85fdec03d5d1924b66d1eab

    SHA1

    970045d5d3a0b9166b9c1983d35cd91eafbc9295

    SHA256

    e0d372bebf2682cf4224db55d4b0f554a1e17f4e1f9997b9fab04c89858739f6

    SHA512

    792ef976eb223a2914cc7438a389879fbb5468edab401fa7d2f08260b38b3bf50c8746252fc8f833d961610145b3602421497044cce7277bc8f23269ef7fbc4d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    85c634b41a25f1535d323fbb73e3783d

    SHA1

    caf45ecafec651ad326ad9aeeb1bf46159f346d7

    SHA256

    bdbc20a2957783709fdadb17f7e21c497263a6824ddecc19693394d69436260e

    SHA512

    1913c9c000ccb001521abecbe27274f3c2e383715278853f5459e21894229b16c21281f1e3de347ef93663c29c2bd2071eec568b1031e31cd0c5938830cef494

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0b202326e830f2bed262cc31288bbf27

    SHA1

    0bb0532ad996ee7c996d66dabc121c881873d749

    SHA256

    13f29968529f954822f6c32483cc1309de8a36adf4b6d180c4d3f1624089875c

    SHA512

    13c844a06191ba70c49990c586114d2c179a45d0f32e598b13ce39738d61a65b12bd12fbbd874cb3c386b916e8cd238b0da67d70c0241c72b0c57f5c66c1d161

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1370ebc589858d999664b719d443eb2d

    SHA1

    372c032de3193770ee01b12ead9dd2ea14a82b93

    SHA256

    c08439fd000768bee5c0db8ba33ab4dabf890a83598ab60507e0c4c24a6c6f72

    SHA512

    adcdb804e0d0aefed83567939c17bc06f45f4170e9372bf4c641926c1e73f584492d50a377f62c45cdb13391e47d68b6de46a4e23d2b963893668f09b3e2c50d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ccf86acd0f7632fd0d11f67222f7d818

    SHA1

    4b42ef9596fbefa1af94ff9774d63517ae90aa37

    SHA256

    8f01fe0a3e1108a85a5bd312162bc22f0153881201a641aa0f651100f0067c5c

    SHA512

    c20ca49ceee98b56116048818e752a6b1c18c44a76c997a59825873733e229a56bc8b9a448f0a8cf206b712a22ccd9a4590428e2ec39a85135329d5c05121cad

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0432cd9dfa32b585eaf5cf7c06518efa

    SHA1

    ae360df736888a0057a97a64cee2c4367efefe01

    SHA256

    d6bed1cbc3a71cd4561f9382499d16ac7cf88d81d10319537b1648cff26605b3

    SHA512

    f85039e40d9e814d653910618337f3ddeb7337f368c317bb09266dbee12638ca41eb2cd86f2830c4679ac5371acc87025cbd8498b39fbe88e66c39b7f7bd59a6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ce43c59785ca6b6c1c9d21a797642a30

    SHA1

    28734e82afe754565b37a696fd173bfc048903cc

    SHA256

    03b0629b20f0e8117a224acb50fd0bbf3b4c2740262d0a8dd138fc2939549fa9

    SHA512

    91a54ce3b56dd55ad55d5e537952c07d554106526a2f2fbb9cb5cfe9f3f88af84e9415506bcea48a1aae5944f9b8a279f37bb158f5267d4c2a22577d4edf5493

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1946262681eb5cf2c9aaf062910f2690

    SHA1

    82d61007114034ba9ad98b21b7880b933355b184

    SHA256

    49a0d1558bbfdaa9a2b8f3457245d8159b32ed2d39da8b113161427c877cfa71

    SHA512

    94cbf724b1d530fd4856487ee94f063601ffe7d71814ca653d5bc7adeb1ffda96201e5d46234657811911e4c78a950887f8e3f07b0f650f8bb1c93296076cbeb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7a7f7b9330ead6efa6b6eaa1f1e772f2

    SHA1

    ea9da3e536a605d76a34948453d54e211a84fb8e

    SHA256

    4bde3065c383d0cef1ca33038c3834d5eed74fc3217f68c39f7eb8618cc8a4bb

    SHA512

    b89b10c05f70ddd89a5d6bca7d7077816c9b29fa5500f467d992a58235877e4f07b65476ebeaacf9756d7c418906de9f7be57aca0d1cd33f9a27529f3ebe337f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    603b10a7a0c33f2e162418485f50a417

    SHA1

    fb5c76742f7f0dfbb675a803b14dde5ab6eef5d8

    SHA256

    3710662e5b6ee48734cac95a17c750a8e10bec33d9c0577edb0bbbe82a3a74d5

    SHA512

    5250b70fadf1a9b44b6388fab0b6f2bb9aa7b152d0cd0afe4d43a060bf667e6611d622522728477e98e9b075290d4be0d01f1d6fb258e5d0fb86f1bb7a280368

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    039fdffe1c8b447e6c76252b78c35bfa

    SHA1

    5ff8c43d09afbc082edde266b3aacc3726259fa4

    SHA256

    63b39b0dec8c5de7405756937aa7b5d8be26c826bba247a82815dfe9f70e132a

    SHA512

    ccba71acae13c678f88a7c2267623417118d3e6ef2a853c4612341235757d6ecaad4a3e73b4a9f781b06f0212f61cee35d174d64228e33922813d1a33d4b031a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f963ab83a43ec94afc69e13c3d9ea38d

    SHA1

    d8b60e824637a7cd0b98e4076139f334e7e1f7e0

    SHA256

    61b1e56effa1d9c188a7406b80760133919f71f639888ea721e6d7259c1c79d1

    SHA512

    0b3a7af67ffde60d1b480ef73bb010a4712c5fa993db0ee1c01a56104ee6249feba1bb0fd0befe6a2c0bcec9eb2c9c66f89bd95a577ea9c6b606bbe3d219c440

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4821dc7f520610173622e6fde708f901

    SHA1

    072d3f5e0ddb6aedc9a04f678a4b938b7976e09f

    SHA256

    5c63fb9e476cdee28e201c5abc52e0cc7ab4dd04e743b3c6366bf5bb1b4105f3

    SHA512

    ed8832d5472c745b4827fe77f7c8d8333d87522843d1b9257a557b1b94e5328521df9fd61942a8dd7a86a97d8d14bdd3455cbea469b67bbaef9abb7690ee3c72

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2f1ee916ed2421070baec1bf2638c285

    SHA1

    b06c5b9f3c2dea01dd793a95aa1138f0f71bd8b0

    SHA256

    0961b1fac761b4b2a9e6859737d25d25ef8fa4f4a310b759c0955e4a2371279e

    SHA512

    cb73aee6f994ab31a822975b7e0229a070322473254c7fbfa7f0aa17f1fad8c401412bc382d3185dbdb443d4e065c0cff5c0041c1abbb5aacecf043c70370e6c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e9d8985322cfac361d3e66e7226ba2db

    SHA1

    e4f06e438f79d542579bc5c84d6ff3d0a4095116

    SHA256

    a4274cdcd867c3b60c8cf7f7a420b52b99405c4220185e2ce8c4229a8e35ac7e

    SHA512

    19d1cea22f454ebf6fffa03696686838f1282d27bcd8a3c7efacb542d8b31212bdaa832dfe846914e5f41d0fcfcfb9dfb351b527abca60c037671b7ac58b065b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_418F7FFD224738F335044BF081F47B61

    Filesize

    414B

    MD5

    b36704458b320816d057cde45a792b83

    SHA1

    81c7bbc636bce0a24f22c7148767943f8f8c06db

    SHA256

    15668d05b7c044940f46b940ebe32e0a182272e6b06b62923a8994f435df7239

    SHA512

    559d0411bea7d5945cf67481a336c28c40d05bb05c1be52d672f3988874f58c46107f1c8109803e12ca115e9a32ba013135ea1b3b082ed1b28a2018a21b7f13b

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GJRR52TR\leagueskin[1].xml

    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GJRR52TR\leagueskin[1].xml

    Filesize

    178B

    MD5

    21ef413e7d7f8adb4a82b3a417dfea93

    SHA1

    bc8a729f3e4da9e945923cbe73e6001d08a3b0b8

    SHA256

    96cd42029593543f58f1582832be89563059816d7bb4e4564e99eeb844c6b654

    SHA512

    873a4db143b25acdcad772466db1ede1bbb67cbbc991244fb9e23df3a4d4bacad78b29fe72964d75bee5d99961f750ce7f30c5842f1246dc8b024fe8d239d207

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZVLY1833\www.google[1].xml

    Filesize

    92B

    MD5

    b59225dd1526782d80830dffd9d54829

    SHA1

    24a7e013739fb07d48ada3907de8972053f711d3

    SHA256

    a74a004d44e41eb44daf787ce18f50aad6e1af393b269bf9059f6b87023ad86a

    SHA512

    4215e9c5a7936de2f6507615e847a8cdccd4628b9f4bea1238d037ac32d2965779a8b832d9b2569e4d83f6b3a0c319582843bd6a30de324c1778dd7516c1ecd7

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\f[1].txt

    Filesize

    2KB

    MD5

    4c38d208d9d973925492b711fcbbf71e

    SHA1

    ca9aecef92acf22b2234e16dbb52133e45a80cbf

    SHA256

    cdbe9b84c30a00229826b0b1e354c94d36dd6bf16e6580bbef43877689c8f5bb

    SHA512

    24ed59d2de3c055a0a64ffe7a37eee094a8b7512489a04be0fc53de80bf21d16f2fff68be1cac49f2e7b4f75cb7ad32793501494982c5723fe135a6d7d88e2fe

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\fav[1].ico

    Filesize

    31KB

    MD5

    1922396c71d3aeb41d9d434f2ad9de71

    SHA1

    52e45219e51cbfa181d5467b9711608343b10aa4

    SHA256

    908d78199fdb20eda259c004e7d5d15d7cb370d18340ccb18caf94e9d9ccc1db

    SHA512

    fad13056380f099c559ba8c8c0a5b7ef7ed9e2bc35f299effa84269a20d85be0971f80bc448ffe78af43f4e92e09dedc31d060e88bb3822e1e325b68d9e15e93

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\e8fe9505a536d6b357c55aad9c4ec32b[1].js

    Filesize

    52KB

    MD5

    e8fe9505a536d6b357c55aad9c4ec32b

    SHA1

    73e345be4d677441d083de2b271b49c0be594518

    SHA256

    8f3b59dfca59f22e3dabd810cd309bc1a9133268ca1d29356f3f88f52af7b3e2

    SHA512

    88993970dab4af5fa17468e6629cb18091a3aa753102a45d2aa8b0f4d36e90ed78718d652b97e44208459ded34058fbaf162e0abee448eef969675cf9647592d

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\f[1].txt

    Filesize

    207KB

    MD5

    377f245e144c1702957aab23b4cf0966

    SHA1

    65d61ab3c508a7bfad5d8ea14f305d82fd8927e5

    SHA256

    3edca7294f70460740b307b1b70e7356a6165cb7a76c774f65398d0d052ac8c8

    SHA512

    2dc748f310e537ddeb53e5dad566c263fa1deb9cd94b2fdff3a5cfaf854df96a4f911f7ae13edb294699365cdf94c97f8d17d5da4e5d09583119f62b0b2f1019

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\s[1].htm

    Filesize

    143B

    MD5

    e4e31b474d3e0b577b3c8856e91f8659

    SHA1

    a81311f7fcfa9b6b23a24d4e5c976d5f75b1b9b7

    SHA256

    18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

    SHA512

    a07961eb39c4cd4e39ee19e2c675e64e5ba5367daa18e2f76a23772abd62f46b002e6be8fb0f35a70616941178facc8df579c4a68e5811b74313c12806aafae3

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\f[1].txt

    Filesize

    29KB

    MD5

    aaed27e95f23c9a82eb2eb601eac3bd6

    SHA1

    49ddd6f9081f334825b8544bc2abe667bdbd4851

    SHA256

    6ce4844dac7fea1e64925cbc809d1aa273c0bc7965ce7161c6cb86099b92e2bb

    SHA512

    637b64b8ff2a51ebd42e63ce22e735df285cf6a2b811945f3782b95b3c61822d10c6eb4e91701ece3df4bb8f06b5101e8eac5188b54a037b610468b4f6d1fa51

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\f[2].txt

    Filesize

    2KB

    MD5

    43df87d5c0a3c601607609202103773a

    SHA1

    8273930ea19d679255e8f82a8c136f7d70b4aef2

    SHA256

    88a577b7767cbe34315ff67366be5530949df573931dd9c762c2c2e0434c5b8a

    SHA512

    2162ab9334deebd5579ae218e2a454dd7a3eef165ecdacc7c671e5aae51876f449de4ac290563ecc046657167671d4a9973c50d51f7faefc93499b8515992137

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\dWyN5y7WwFB1cOu_eDZVEYfX_2fi3v-nYCwZRHwcGXI[1].js

    Filesize

    53KB

    MD5

    2a50e48c35486c694e48bd08cccfbdd6

    SHA1

    2b43ae9d571ade01fbf1bc7cdd5d41eaeb4730ad

    SHA256

    756c8de72ed6c0507570ebbf7836551187d7ff67e2deffa7602c19447c1c1972

    SHA512

    769a2e5a9f5ae4ae128f882a92fa169d63801fe4cec15f3b4c87c851324e87c061606ad736529f33d2f74a65631607ce2a834d1aa8c66e13580ca9b811b9e30d

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\f[1].txt

    Filesize

    177KB

    MD5

    ee840a91a905618f1ba925ee21ca29c7

    SHA1

    59cc315b2350108a509a4991781583746009dbcf

    SHA256

    e959c3dce469aabcc1375b2db9078e30e5bd70c377169eb31c4112c1d805d23c

    SHA512

    8d47480a74d57de56b40fa0b5cd35d2dd7ad2d171fd9d61152e58e0543244ec4cc432c247f10255afbc04f47011577eb3d132e141ee626a4258de945fe72afdd

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\f[3].txt

    Filesize

    30KB

    MD5

    2fa7d99995a29b526b8b23dd82f9f107

    SHA1

    9825be196fbe3226d418359aed6a7cb61450b3ab

    SHA256

    b4665fbd1c393f6a6340aa12fdfe61c9481dd3a6e9292a850feef98a621e89ba

    SHA512

    afe362f90cdccb5e1a7e9f6cf4b3a7da503c091a1d41f81d3c5215970b8c8955b9c758a3f2212c7242afa77f3f54e36fc6c37f6a2a42cfa15121ce9ddf7bd71a

  • C:\Users\Admin\AppData\Local\Temp\6aJ.exe

    Filesize

    544KB

    MD5

    d1cdf07b0a0587c72b55146081b0464c

    SHA1

    8358e460c9909087750cc121c057ec65321a0f19

    SHA256

    4623511d7ad5912be5ed0c89f9227d65ae6309dbcb9f4c40fdcba90012261cf1

    SHA512

    25c43884a9313d0041e181bf5a0b91550ad5db9c9552bee9b61a25ecf55e9b10ffc321f4fb0308bb08654bae1218470c82e479a6dcd7a10b16501f6526a06382

  • C:\Users\Admin\AppData\Local\Temp\Cab8CA8.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar8CA9.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

  • C:\Users\Admin\AppData\Local\Temp\Tar8E65.tmp

    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.