guerrilla | 86e78c5424bca2e9f9b84c50e251118573dc22bcee6ff908362b6b0e37205bdc

Analysis

max time kernel
2701s
max time network
2663s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04/04/2024, 06:20 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LDPlayer9_ru_1007_ld.exe
Size

6.2MB
MD5

e0e91d2d5ecc36bde3a3ba87342c4442
SHA1

47dbd2d9ad2ac3c830339bada9f5daa1c7c993a2
SHA256

86e78c5424bca2e9f9b84c50e251118573dc22bcee6ff908362b6b0e37205bdc
SHA512

b1e2e7fb492158f5fa2ece54bd5a805a5dd97b1eca8d0da3d1ec2bfe8c55220acacf4627384e62745d440b263e1b416177094e33729b1bba97d414ebb575eb86
SSDEEP

98304:TaMOOH01Z71vVOO+svd2YJVr5cOlprwwEGK579UbrGi:TaMOA01uCtf5copnEGKF97

Score

10^/10

guerrilla discovery exploit infostealer persistence rat trojan

Malware Config

Signatures

Guerrilla
Guerrilla is an Android malware used by the Lemon Group threat actor.
trojan infostealer rat guerrilla

Guerrilla payload 2 IoCs

resource	yara_rule
behavioral1/files/0x0008000000023479-311.dat	family_guerrilla
behavioral1/files/0x0008000000023479-1129.dat	family_guerrilla

Creates new service(s) 1 TTPs
persistence

Windows Service
T1543.003

Manipulates Digital Signatures 1 TTPs 64 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{189A3842-3041-11D1-85E1-00C04FC295EE}\$Function = "SoftpubCheckCert"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\2.5.29.32\FuncName = "FormatVerisignExtension"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.4\Dll = "cryptdlg.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustCertPolicy"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCleanup"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2008\FuncName = "WVTAsn1SpcLinkEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubInitialize"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.12\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AAB8-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.16.1.1\Dll = "cryptdlg.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2006\FuncName = "WVTAsn1SpcStatementTypeEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2012\FuncName = "WVTAsn1SealingTimestampAttributeEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$DLL = "Cryptdlg.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubLoadSignature"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubInitialize"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllFormatObject\1.3.6.1.5.5.7.3.4\Dll = "cryptdlg.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.16.4\FuncName = "DecodeRecipientID"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubAuthenticode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$Function = "SoftpubInitialize"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllPutSignedDataMsg\{DE351A42-8E59-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPPutSignedDataMsg"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\FuncName = "CryptSIPCreateIndirectData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2008\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.10\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllGetSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubLoadMessage"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\1.3.6.1.4.1.311.2.1.26\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubAuthenticode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{C689AABA-8E78-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Message\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\FinalPolicy\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "HTTPSFinalProv"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2001\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllDecodeObject\#2002\FuncName = "WVTAsn1SpcFinancialCriteriaInfoDecode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "SoftpubCleanup"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllRemoveSignedDataMsg\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllVerifyIndirectData\{9BA61D3F-E73A-11D0-8CD2-00C04FC295EE}\FuncName = "CryptSIPVerifyIndirectData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptSIPDllCreateIndirectData\{DE351A43-8E59-11D0-8C47-00C04FC295EE}\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Cleanup\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}\$Function = "SoftpubCleanup"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2008\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.2.1.30\FuncName = "WVTAsn1SpcSigInfoEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2000\FuncName = "WVTAsn1SpcSpAgencyInfoEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\#2222\FuncName = "WVTAsn1CatMemberInfoEncode"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{7801EBD0-CF4B-11D0-851F-0060979387EA}\$Function = "CertTrustInit"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Signature\{189A3842-3041-11D1-85E1-00C04FC295EE}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.1\CallbackFreeFunction = "SoftpubFreeDefUsageCallData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$DLL = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 1\CryptDllEncodeObject\1.3.6.1.4.1.311.12.2.1\Dll = "WINTRUST.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Usages\1.3.6.1.5.5.7.3.2\CallbackFreeFunction = "SoftpubFreeDefUsageCallData"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\CertCheck\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\$Function = "SoftpubCheckCert"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}\$Function = "GenericChainCertificateTrust"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}\$Function = "SoftpubInitialize"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Providers\Trust\Certificate\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}\$DLL = "WINTRUST.DLL"	regsvr32.exe

Possible privilege escalation attempt 6 IoCs

exploit

pid	Process
2932	takeown.exe
4300	takeown.exe
5028	icacls.exe
1536	takeown.exe
4624	icacls.exe
5012	icacls.exe

Modifies file permissions 1 TTPs 6 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1536	takeown.exe
4624	icacls.exe
5012	icacls.exe
2932	takeown.exe
4300	takeown.exe
5028	icacls.exe

Downloads MZ/PE file
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5572_994301988\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxNetLwf.sys	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxSup.sys	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\libcrypto-1_1-x64.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\SUPLoggerCtl.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\tstAnimate.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\GLES_CM.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-processthreads-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5572_994301988\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\ldplayer9box\driver-PreW10\Ld9BoxSup.cat	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\Ld9BoxNetLwf.cat	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\regsvr32_x86.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxSDL.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-file-l2-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-util-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5572_994301988\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-heap-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\msedge_url_fetcher_5572_2144847647\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_75_4_0.crx	msedge.exe
File created	C:\Program Files\ldplayer9box\Ld9VirtualBox.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-errorhandling-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-datetime-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5572_994301988\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5572_994301988\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-core-libraryloader-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5572_994301988\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-stdio-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\libOpenglRender.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\ldutils.dll	dnrepairer.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5572_994301988\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\ldplayer9box\NetAdp6Uninstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\NetFltUninstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\vbox-img.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxSampleDevice.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-runtime-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\fastpipe.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-process-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5572_994301988\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\ldplayer9box\x86\api-ms-win-crt-utility-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-sysinfo-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5572_994301988\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5572_994301988\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5572_994301988\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\ldplayer9box\NetAdpUninstall.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxSharedFolders.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VirtualBoxVM.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\GLES12Translator.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\GLES_V2_utils.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\vccorlib140.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\padlock.dll	dnrepairer.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5572_994301988\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5572_994301988\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5572_994301988\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\ldplayer9box\VBoxDTrace.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxDDU.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-crt-string-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5572_994301988\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5572_994301988\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5572_994301988\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\ldplayer9box\VBoxAuth.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxInstallHelper.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\VBoxTestOGL.exe	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\x86\padlock.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-namedpipe-l1-1-0.dll	dnrepairer.exe
File created	C:\Program Files\ldplayer9box\api-ms-win-core-timezone-l1-1-0.dll	dnrepairer.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Logs\DISM\dism.log	dism.exe
File opened for modification	C:\Windows\Logs\DISM\dism.log	dismhost.exe

Executes dropped EXE 11 IoCs

pid	Process
1208	LDPlayer.exe
4104	dnrepairer.exe
2756	dismhost.exe
4464	Ld9BoxSVC.exe
1224	driverconfig.exe
1744	dnplayer.exe
2216	Ld9BoxSVC.exe
2332	vbox-img.exe
2156	vbox-img.exe
3904	vbox-img.exe
3200	vmware-vdiskmanager.exe

Launches sc.exe 8 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
2936	sc.exe
1132	sc.exe
2172	sc.exe
4548	sc.exe
3108	sc.exe
3080	sc.exe
3264	sc.exe
2552	sc.exe

Loads dropped DLL 64 IoCs

pid	Process
4104	dnrepairer.exe
4104	dnrepairer.exe
4104	dnrepairer.exe
4104	dnrepairer.exe
2756	dismhost.exe
2756	dismhost.exe
2756	dismhost.exe
2756	dismhost.exe
2756	dismhost.exe
2756	dismhost.exe
2756	dismhost.exe
2756	dismhost.exe
2756	dismhost.exe
2756	dismhost.exe
2756	dismhost.exe
2756	dismhost.exe
2756	dismhost.exe
2756	dismhost.exe
2756	dismhost.exe
2756	dismhost.exe
2756	dismhost.exe
2756	dismhost.exe
2756	dismhost.exe
4464	Ld9BoxSVC.exe
4464	Ld9BoxSVC.exe
4464	Ld9BoxSVC.exe
4464	Ld9BoxSVC.exe
4464	Ld9BoxSVC.exe
4464	Ld9BoxSVC.exe
4464	Ld9BoxSVC.exe
4464	Ld9BoxSVC.exe
4464	Ld9BoxSVC.exe
4540	regsvr32.exe
4540	regsvr32.exe
4540	regsvr32.exe
4540	regsvr32.exe
4540	regsvr32.exe
4540	regsvr32.exe
4540	regsvr32.exe
4540	regsvr32.exe
2520	regsvr32.exe
2520	regsvr32.exe
2520	regsvr32.exe
2520	regsvr32.exe
2520	regsvr32.exe
2520	regsvr32.exe
2520	regsvr32.exe
2520	regsvr32.exe
2520	regsvr32.exe
4532	regsvr32.exe
4532	regsvr32.exe
4532	regsvr32.exe
4532	regsvr32.exe
4532	regsvr32.exe
4532	regsvr32.exe
4532	regsvr32.exe
4532	regsvr32.exe
2288	regsvr32.exe
2288	regsvr32.exe
2288	regsvr32.exe
2288	regsvr32.exe
2288	regsvr32.exe
2288	regsvr32.exe
2288	regsvr32.exe

Registers COM server for autorun 1 TTPs 21 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ThreadingModel = "Free"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InprocServer32	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32	dnrepairer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-1807-4249-5BA5-EA42D66AF0BF}\InProcServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxProxyStub.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\LocalServer32\ = "\"C:\\Program Files\\ldplayer9box\\Ld9BoxSVC.exe\""	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ = "C:\\Program Files\\ldplayer9box\\VBoxC.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}\InprocServer32\ThreadingModel = "Free"	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	dnplayer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	dnplayer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
3944	taskkill.exe
4596	taskkill.exe
684	taskkill.exe
5024	taskkill.exe
2412	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	dnplayer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ldnews.exe = "11001"	dnplayer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\dnplayer.exe = "11001"	dnplayer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-6B76-4805-8FAB-00A9DCF4732B}\NumMethods\ = "31"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-A1A9-4AC2-8E80-C049AF69DAC8}\ = "IDHCPServer"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CB63-47A1-84FB-02C4894B89A9}\ProxyStubClsid32	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7619-41AA-AECE-B21AC5C1A7E6}\ = "IAppliance"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-8079-447A-A33E-47A69C7980DB}\ = "ISnapshotChangedEvent"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000_Classes\WOW6432Node\Interface	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-58D9-43AE-8B03-C1FD7088EF15}\ = "IDataStream"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-E254-4E5B-A1F2-011CF991C38D}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3E87-11E9-8AF2-576E84223953}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-A227-4F23-8278-2F675EEA1BB2}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7071-4894-93D6-DCBEC010FA91}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20191216-26c0-4fe1-bf6f-67f633265bba}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9B2D-4377-BFE6-9702E881516B}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20191216-47b9-4a1e-82b2-07ccd5323c3f}\VersionIndependentProgID	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-7E67-4144-BF34-41C38E8B4CC7}\ = "IBIOSSettings"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-3346-49D6-8F1C-41B0C4784FF2}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-CD54-400C-B858-797BCB82570E}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7BDC-11E9-8BC2-8FFDB8B19219}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-80e1-4a8a-93a1-67c5f92a838a}	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-AEDF-461C-BE2C-99E91BDAD8A1}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-AA82-4720-BC84-BD097B2B13B8}\ProxyStubClsid32	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7006-40D4-B339-472EE3801844}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-C6EA-45B6-9D43-DC6F70CC9F02}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-2F05-4D28-855F-488F96BAD2B2}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-394D-44D3-9EDB-AF2C4472C40A}\TypeLib\Version = "1.3"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-73A5-46CC-8227-93FE57D006A6}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-2E88-4436-83D7-50F3E64D0503}\ = "IMachineDataChangedEvent"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7BA7-45A8-B26D-C91AE3754E37}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-D4FC-485F-8613-5AF88BFCFCDC}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-0FF7-46B7-A138-3C6E5AC946B4}\ = "IGuestDnDTarget"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A06-81FC-A916-78B2DA1FA0E5}\NumMethods\ = "14"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-D545-44AA-8013-181B8C288554}\NumMethods\ = "15"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20191216-c9d2-4f11-a384-53f0cf917214}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-E9BB-49B3-BFC7-C5171E93EF38}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-0C65-11EA-AD23-0FF257C71A7F}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7193-426C-A41F-522E8F537FA0}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-6E0B-492A-A8D0-968472A94DC7}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4BA3-7903-2AA4-43988BA11554}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-DAD4-4496-85CF-3F76BCB3B5FA}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-61D9-4940-A084-E6BB29AF3D83}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-486F-40DB-9150-DEEE3FD24189}\NumMethods\ = "17"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-FEBE-4049-B476-1292A8E45B09}\NumMethods\ = "29"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-9B2D-4377-BFE6-9702E881516B}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-394D-44D3-9EDB-AF2C4472C40A}\ = "ICloudNetworkEnvironmentInfo"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-4289-EF4E-8E6A-E5B07816B631}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-929C-40E8-BF16-FEA557CD8E7E}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-486E-472F-481B-969746AF2480}\ = "IGuestFileSizeChangedEvent"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-9536-4EF8-820E-3B0E17E5BBC8}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-35F3-4F4D-B5BB-ED0ECEFD8538}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\VirtualBox.VirtualBox\CurVer\ = "VirtualBox.VirtualBox.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-32E7-4F6C-85EE-422304C71B90}\TypeLib	Ld9BoxSVC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4}\ = "IVRDEServerInfo"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-604D-11E9-92D3-53CB473DB9FB}\ = "IStringArray"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-CB63-47A1-84FB-02C4894B89A9}\TypeLib\ = "{20191216-1750-46f0-936e-bd127d5bc264}"	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A75-437E-B0BB-7E7C90D0DF2A}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-BF98-47FB-AB2F-B5177533F493}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7556-4CBC-8C04-043096B02D82}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-e5db-4d2c-baaa-c71053a6236d}	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-4A9B-1727-BEE2-5585105B9EED}\ProxyStubClsid32	Ld9BoxSVC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20191216-5A1D-43F1-6F27-6A0DB298A9A8}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-7532-45E8-96DA-EB5986AE76E4}\ProxyStubClsid32\ = "{20191216-1807-4249-5BA5-EA42D66AF0BF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-42DA-C94B-8AEC-21968E08355D}\NumMethods\ = "21"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{20191216-394D-44D3-9EDB-AF2C4472C40A}\NumMethods\ = "15"	regsvr32.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
1208	LDPlayer.exe
1208	LDPlayer.exe
1208	LDPlayer.exe
1208	LDPlayer.exe
1208	LDPlayer.exe
1208	LDPlayer.exe
1208	LDPlayer.exe
1208	LDPlayer.exe
4104	dnrepairer.exe
4104	dnrepairer.exe
4080	powershell.exe
4080	powershell.exe
4352	powershell.exe
4352	powershell.exe
1800	powershell.exe
1800	powershell.exe
1208	LDPlayer.exe
1208	LDPlayer.exe
3464	LDPlayer9_ru_1007_ld.exe
3464	LDPlayer9_ru_1007_ld.exe
3200	vmware-vdiskmanager.exe
3200	vmware-vdiskmanager.exe
5572	msedge.exe
5572	msedge.exe
4004	msedge.exe
4004	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1744	dnplayer.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
676	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3944	taskkill.exe
Token: SeDebugPrivilege	4596	taskkill.exe
Token: SeDebugPrivilege	684	taskkill.exe
Token: SeDebugPrivilege	5024	taskkill.exe
Token: SeTakeOwnershipPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeTakeOwnershipPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe
Token: SeDebugPrivilege	1208	LDPlayer.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3464	LDPlayer9_ru_1007_ld.exe
1744	dnplayer.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1744	dnplayer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3464 wrote to memory of 3944	3464	LDPlayer9_ru_1007_ld.exe	103
PID 3464 wrote to memory of 3944	3464	LDPlayer9_ru_1007_ld.exe	103
PID 3464 wrote to memory of 3944	3464	LDPlayer9_ru_1007_ld.exe	103
PID 3464 wrote to memory of 4596	3464	LDPlayer9_ru_1007_ld.exe	105
PID 3464 wrote to memory of 4596	3464	LDPlayer9_ru_1007_ld.exe	105
PID 3464 wrote to memory of 4596	3464	LDPlayer9_ru_1007_ld.exe	105
PID 3464 wrote to memory of 684	3464	LDPlayer9_ru_1007_ld.exe	107
PID 3464 wrote to memory of 684	3464	LDPlayer9_ru_1007_ld.exe	107
PID 3464 wrote to memory of 684	3464	LDPlayer9_ru_1007_ld.exe	107
PID 3464 wrote to memory of 5024	3464	LDPlayer9_ru_1007_ld.exe	109
PID 3464 wrote to memory of 5024	3464	LDPlayer9_ru_1007_ld.exe	109
PID 3464 wrote to memory of 5024	3464	LDPlayer9_ru_1007_ld.exe	109
PID 3464 wrote to memory of 1208	3464	LDPlayer9_ru_1007_ld.exe	111
PID 3464 wrote to memory of 1208	3464	LDPlayer9_ru_1007_ld.exe	111
PID 3464 wrote to memory of 1208	3464	LDPlayer9_ru_1007_ld.exe	111
PID 1208 wrote to memory of 4104	1208	LDPlayer.exe	112
PID 1208 wrote to memory of 4104	1208	LDPlayer.exe	112
PID 1208 wrote to memory of 4104	1208	LDPlayer.exe	112
PID 4104 wrote to memory of 1576	4104	dnrepairer.exe	113
PID 4104 wrote to memory of 1576	4104	dnrepairer.exe	113
PID 4104 wrote to memory of 1576	4104	dnrepairer.exe	113
PID 1576 wrote to memory of 4632	1576	net.exe	115
PID 1576 wrote to memory of 4632	1576	net.exe	115
PID 1576 wrote to memory of 4632	1576	net.exe	115
PID 4104 wrote to memory of 4008	4104	dnrepairer.exe	116
PID 4104 wrote to memory of 4008	4104	dnrepairer.exe	116
PID 4104 wrote to memory of 4008	4104	dnrepairer.exe	116
PID 4104 wrote to memory of 4356	4104	dnrepairer.exe	117
PID 4104 wrote to memory of 4356	4104	dnrepairer.exe	117
PID 4104 wrote to memory of 4356	4104	dnrepairer.exe	117
PID 4104 wrote to memory of 4348	4104	dnrepairer.exe	118
PID 4104 wrote to memory of 4348	4104	dnrepairer.exe	118
PID 4104 wrote to memory of 4348	4104	dnrepairer.exe	118
PID 4104 wrote to memory of 656	4104	dnrepairer.exe	119
PID 4104 wrote to memory of 656	4104	dnrepairer.exe	119
PID 4104 wrote to memory of 656	4104	dnrepairer.exe	119
PID 4104 wrote to memory of 3848	4104	dnrepairer.exe	120
PID 4104 wrote to memory of 3848	4104	dnrepairer.exe	120
PID 4104 wrote to memory of 3848	4104	dnrepairer.exe	120
PID 4104 wrote to memory of 2616	4104	dnrepairer.exe	121
PID 4104 wrote to memory of 2616	4104	dnrepairer.exe	121
PID 4104 wrote to memory of 2616	4104	dnrepairer.exe	121
PID 4104 wrote to memory of 3148	4104	dnrepairer.exe	122
PID 4104 wrote to memory of 3148	4104	dnrepairer.exe	122
PID 4104 wrote to memory of 3148	4104	dnrepairer.exe	122
PID 4104 wrote to memory of 4300	4104	dnrepairer.exe	123
PID 4104 wrote to memory of 4300	4104	dnrepairer.exe	123
PID 4104 wrote to memory of 4300	4104	dnrepairer.exe	123
PID 4104 wrote to memory of 5028	4104	dnrepairer.exe	125
PID 4104 wrote to memory of 5028	4104	dnrepairer.exe	125
PID 4104 wrote to memory of 5028	4104	dnrepairer.exe	125
PID 4104 wrote to memory of 1536	4104	dnrepairer.exe	127
PID 4104 wrote to memory of 1536	4104	dnrepairer.exe	127
PID 4104 wrote to memory of 1536	4104	dnrepairer.exe	127
PID 4104 wrote to memory of 4624	4104	dnrepairer.exe	129
PID 4104 wrote to memory of 4624	4104	dnrepairer.exe	129
PID 4104 wrote to memory of 4624	4104	dnrepairer.exe	129
PID 4104 wrote to memory of 764	4104	dnrepairer.exe	131
PID 4104 wrote to memory of 764	4104	dnrepairer.exe	131
PID 4104 wrote to memory of 764	4104	dnrepairer.exe	131
PID 764 wrote to memory of 2756	764	dism.exe	133
PID 764 wrote to memory of 2756	764	dism.exe	133
PID 4104 wrote to memory of 2936	4104	dnrepairer.exe	135
PID 4104 wrote to memory of 2936	4104	dnrepairer.exe	135

C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1007_ld.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer9_ru_1007_ld.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3464
- C:\Windows\SysWOW64\taskkill.exe
  "taskkill" /F /IM dnplayer.exe /T
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:3944
- C:\Windows\SysWOW64\taskkill.exe
  "taskkill" /F /IM dnmultiplayer.exe /T
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4596
- C:\Windows\SysWOW64\taskkill.exe
  "taskkill" /F /IM dnupdate.exe /T
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:684
- C:\Windows\SysWOW64\taskkill.exe
  "taskkill" /F /IM bugreport.exe /T
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:5024
- C:\LDPlayer\LDPlayer9\LDPlayer.exe
  "C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=1007 -language=ru -path="C:\LDPlayer\LDPlayer9\"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1208
- - C:\LDPlayer\LDPlayer9\dnrepairer.exe
    "C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=393714
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Registers COM server for autorun
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4104
  - - C:\Windows\SysWOW64\net.exe
      "net" start cryptsvc
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1576
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start cryptsvc
        5⤵
        
        PID:4632
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" Softpub.dll /s
      4⤵
      Manipulates Digital Signatures
      PID:4008
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" Wintrust.dll /s
      4⤵
      Manipulates Digital Signatures
      PID:4356
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" Initpki.dll /s
      4⤵
      PID:4348
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32" Initpki.dll /s
      4⤵
      PID:656
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" dssenh.dll /s
      4⤵
      PID:3848
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" rsaenh.dll /s
      4⤵
      PID:2616
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" cryptdlg.dll /s
      4⤵
      Manipulates Digital Signatures
      PID:3148
  - - C:\Windows\SysWOW64\takeown.exe
      "takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      PID:4300
  - - C:\Windows\SysWOW64\icacls.exe
      "icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      PID:5028
  - - C:\Windows\SysWOW64\takeown.exe
      "takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      PID:1536
  - - C:\Windows\SysWOW64\icacls.exe
      "icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t
      4⤵
      Possible privilege escalation attempt
      Modifies file permissions
      PID:4624
  - - C:\Windows\SysWOW64\dism.exe
      C:\Windows\system32\dism.exe /Online /English /Get-Features
      4⤵
      Drops file in Windows directory
      Suspicious use of WriteProcessMemory
      PID:764
    - - C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\dismhost.exe
        
        C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\dismhost.exe {156202C7-8BBD-4EAF-80A9-44CACF5E0631}
        5⤵
        Drops file in Windows directory
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2756
  - - C:\Windows\SysWOW64\sc.exe
      sc query HvHost
      4⤵
      Launches sc.exe
      PID:2936
  - - C:\Windows\SysWOW64\sc.exe
      sc query vmms
      4⤵
      Launches sc.exe
      PID:1132
  - - C:\Windows\SysWOW64\sc.exe
      sc query vmcompute
      4⤵
      Launches sc.exe
      PID:2172
  - - C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
      "C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" /RegServer
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4464
  - - C:\Windows\SYSTEM32\regsvr32.exe
      "regsvr32" "C:\Program Files\ldplayer9box\VBoxC.dll" /s
      4⤵
      Loads dropped DLL
      PID:4540
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxClient-x86.dll" /s
      4⤵
      Loads dropped DLL
      PID:2520
  - - C:\Windows\SYSTEM32\regsvr32.exe
      "regsvr32" "C:\Program Files\ldplayer9box\VBoxProxyStub.dll" /s
      4⤵
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:4532
  - - C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32" "C:\Program Files\ldplayer9box\x86\VBoxProxyStub-x86.dll" /s
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:2288
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc" create Ld9BoxSup binPath= "C:\Program Files\ldplayer9box\Ld9BoxSup.sys" type= kernel start= auto
      4⤵
      Launches sc.exe
      PID:4548
  - - C:\Windows\SysWOW64\sc.exe
      "C:\Windows\system32\sc" start Ld9BoxSup
      4⤵
      Launches sc.exe
      PID:3108
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxSup" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\Ld9BoxHeadless.exe' -RemoteAddress LocalSubnet -Action Allow
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4080
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" New-NetFirewallRule -DisplayName "Ld9BoxNat" -Direction Inbound -Program 'C:\Program Files\ldplayer9box\VBoxNetNAT.exe' -RemoteAddress LocalSubnet -Action Allow
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4352
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" New-NetFirewallRule -DisplayName "dnplayer" -Direction Inbound -Program 'C:\LDPlayer\LDPlayer9\dnplayer.exe' -RemoteAddress LocalSubnet -Action Allow
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1800
- - C:\LDPlayer\LDPlayer9\driverconfig.exe
    "C:\LDPlayer\LDPlayer9\driverconfig.exe"
    3⤵
    - Executes dropped EXE
    PID:1224
- - C:\Windows\SysWOW64\takeown.exe
    "takeown" /f C:\LDPlayer\ldmutiplayer\ /r /d y
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:2932
- - C:\Windows\SysWOW64\icacls.exe
    "icacls" C:\LDPlayer\ldmutiplayer\ /grant everyone:F /t
    3⤵
    - Possible privilege escalation attempt
    - Modifies file permissions
    PID:5012
- C:\LDPlayer\LDPlayer9\dnplayer.exe
  "C:\LDPlayer\LDPlayer9\\dnplayer.exe"
  2⤵
  - Executes dropped EXE
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1744
- - C:\Windows\SysWOW64\sc.exe
    sc query HvHost
    3⤵
    - Launches sc.exe
    PID:3080
  - - C:\Windows\System32\Conhost.exe
      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      4⤵
      PID:2932
- - C:\Windows\SysWOW64\sc.exe
    sc query vmms
    3⤵
    - Launches sc.exe
    PID:3264
- - C:\Windows\SysWOW64\sc.exe
    sc query vmcompute
    3⤵
    - Launches sc.exe
    PID:2552
- - C:\Program Files\ldplayer9box\vbox-img.exe
    "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\..\system.vmdk" --uuid 20160302-bbbb-bbbb-0eee-bbbb00000000
    3⤵
    - Executes dropped EXE
    PID:2332
- - C:\Program Files\ldplayer9box\vbox-img.exe
    "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\data.vmdk" --uuid 20160302-cccc-cccc-0eee-000000000000
    3⤵
    - Executes dropped EXE
    PID:2156
- - C:\Program Files\ldplayer9box\vbox-img.exe
    "C:\Program Files\ldplayer9box\vbox-img.exe" setuuid --filename "C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk" --uuid 20160302-dddd-dddd-0eee-000000000000
    3⤵
    - Executes dropped EXE
    PID:3904
- - C:\LDPlayer\LDPlayer9\vmware-vdiskmanager.exe
    "C:\LDPlayer\LDPlayer9\vmware-vdiskmanager.exe" -R C:\LDPlayer\LDPlayer9\system.vmdk
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:3200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ru.ldplayer.net/blog/how-to-enable-vt.html
    3⤵
    PID:1960
- C:\Windows\SysWOW64\taskkill.exe
  "taskkill" /F /IM ldcurl.exe /T
  2⤵
  - Kills process with taskkill
  PID:2412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4500 --field-trial-handle=2280,i,8281149332300504990,9122875031903898779,262144 --variations-seed-version /prefetch:8
1⤵
PID:4604

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x2f4
1⤵
PID:3248

C:\Program Files\ldplayer9box\Ld9BoxSVC.exe
"C:\Program Files\ldplayer9box\Ld9BoxSVC.exe" -Embedding
1⤵
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
PID:2216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4076 --field-trial-handle=2280,i,8281149332300504990,9122875031903898779,262144 --variations-seed-version /prefetch:1
1⤵
PID:1036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=3888 --field-trial-handle=2280,i,8281149332300504990,9122875031903898779,262144 --variations-seed-version /prefetch:1
1⤵
PID:1252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4108 --field-trial-handle=2280,i,8281149332300504990,9122875031903898779,262144 --variations-seed-version /prefetch:8
1⤵
PID:4504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5784 --field-trial-handle=2280,i,8281149332300504990,9122875031903898779,262144 --variations-seed-version /prefetch:1
1⤵
PID:4624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5912 --field-trial-handle=2280,i,8281149332300504990,9122875031903898779,262144 --variations-seed-version /prefetch:1
1⤵
PID:1052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6072 --field-trial-handle=2280,i,8281149332300504990,9122875031903898779,262144 --variations-seed-version /prefetch:1
1⤵
PID:4916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5576 --field-trial-handle=2280,i,8281149332300504990,9122875031903898779,262144 --variations-seed-version /prefetch:8
1⤵
PID:876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=6516 --field-trial-handle=2280,i,8281149332300504990,9122875031903898779,262144 --variations-seed-version /prefetch:1
1⤵
PID:3588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=5916 --field-trial-handle=2280,i,8281149332300504990,9122875031903898779,262144 --variations-seed-version /prefetch:1
1⤵
PID:3108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=5568 --field-trial-handle=2280,i,8281149332300504990,9122875031903898779,262144 --variations-seed-version /prefetch:1
1⤵
PID:1956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=6676 --field-trial-handle=2280,i,8281149332300504990,9122875031903898779,262144 --variations-seed-version /prefetch:1
1⤵
PID:3352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=7028 --field-trial-handle=2280,i,8281149332300504990,9122875031903898779,262144 --variations-seed-version /prefetch:1
1⤵
PID:4964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=7276 --field-trial-handle=2280,i,8281149332300504990,9122875031903898779,262144 --variations-seed-version /prefetch:1
1⤵
PID:644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=7320 --field-trial-handle=2280,i,8281149332300504990,9122875031903898779,262144 --variations-seed-version /prefetch:1
1⤵
PID:2232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --mojo-platform-channel-handle=7524 --field-trial-handle=2280,i,8281149332300504990,9122875031903898779,262144 --variations-seed-version /prefetch:1
1⤵
PID:5152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --mojo-platform-channel-handle=7708 --field-trial-handle=2280,i,8281149332300504990,9122875031903898779,262144 --variations-seed-version /prefetch:1
1⤵
PID:5160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --mojo-platform-channel-handle=7716 --field-trial-handle=2280,i,8281149332300504990,9122875031903898779,262144 --variations-seed-version /prefetch:1
1⤵
PID:5232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --mojo-platform-channel-handle=8092 --field-trial-handle=2280,i,8281149332300504990,9122875031903898779,262144 --variations-seed-version /prefetch:1
1⤵
PID:5416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --mojo-platform-channel-handle=8388 --field-trial-handle=2280,i,8281149332300504990,9122875031903898779,262144 --variations-seed-version /prefetch:1
1⤵
PID:5680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --mojo-platform-channel-handle=8604 --field-trial-handle=2280,i,8281149332300504990,9122875031903898779,262144 --variations-seed-version /prefetch:1
1⤵
PID:5992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=9268 --field-trial-handle=2280,i,8281149332300504990,9122875031903898779,262144 --variations-seed-version /prefetch:8
1⤵
PID:6076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Drops file in Program Files directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x23c,0x240,0x244,0x238,0x214,0x7ff955c82e98,0x7ff955c82ea4,0x7ff955c82eb0
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2064 --field-trial-handle=2068,i,14795847822347008202,15510188765454412709,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2340 --field-trial-handle=2068,i,14795847822347008202,15510188765454412709,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2328 --field-trial-handle=2068,i,14795847822347008202,15510188765454412709,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4368 --field-trial-handle=2068,i,14795847822347008202,15510188765454412709,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4368 --field-trial-handle=2068,i,14795847822347008202,15510188765454412709,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4480 --field-trial-handle=2068,i,14795847822347008202,15510188765454412709,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4540 --field-trial-handle=2068,i,14795847822347008202,15510188765454412709,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4624 --field-trial-handle=2068,i,14795847822347008202,15510188765454412709,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4636 --field-trial-handle=2068,i,14795847822347008202,15510188765454412709,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4600 --field-trial-handle=2068,i,14795847822347008202,15510188765454412709,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4744 --field-trial-handle=2068,i,14795847822347008202,15510188765454412709,262144 --variations-seed-version /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3812 --field-trial-handle=2068,i,14795847822347008202,15510188765454412709,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3136 --field-trial-handle=2068,i,14795847822347008202,15510188765454412709,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2376

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4108

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:3136

Network

DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

encdn.ldmnq.com

dnplayer.exe

Remote address:

8.8.8.8:53

Request

encdn.ldmnq.com

IN A

Response

encdn.ldmnq.com

IN CNAME

d24tpq3dxz8t7t.cloudfront.net

d24tpq3dxz8t7t.cloudfront.net

IN A

13.249.9.21

d24tpq3dxz8t7t.cloudfront.net

IN A

13.249.9.19

d24tpq3dxz8t7t.cloudfront.net

IN A

13.249.9.78

d24tpq3dxz8t7t.cloudfront.net

IN A

13.249.9.34
GET

https://encdn.ldmnq.com/player_files/en/leidianex

LDPlayer9_ru_1007_ld.exe

Remote address:

13.249.9.21:443

Request

GET /player_files/en/leidianex HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: okhttp/3.5.0L
Host: encdn.ldmnq.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 1870
Connection: keep-alive
Server: AliyunOSS
Date: Wed, 03 Apr 2024 12:20:26 GMT
x-oss-request-id: 660D498A81BDAB353758CB68
Accept-Ranges: bytes
ETag: "5C43CF1E6F43F26D83011E777A4FA55A"
Last-Modified: Tue, 26 Mar 2024 09:57:37 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 1265423187099989328
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
Content-MD5: XEPPHm9D8m2DAR53ek+lWg==
x-oss-server-time: 17
X-Cache: Hit from cloudfront
Via: 1.1 ef76486b8b2194781e7708296c3d455c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG53-C1
X-Amz-Cf-Id: V51ls2Z18XjyXQPcbnmpt8NgUGKv7yrWnJQm0IqrdV2cpIFa0z5yTA==
Age: 64827
GET

http://www.google-analytics.com/collect?v=1&t=event&tid=UA-134765723-4&cid=9c259aa7f6a49091c1e506721add63a0&ec=app2&ea=download_run&el=1007&ev=100&z=41

LDPlayer9_ru_1007_ld.exe

Remote address:

172.217.16.238:80

Request

GET /collect?v=1&t=event&tid=UA-134765723-4&cid=9c259aa7f6a49091c1e506721add63a0&ec=app2&ea=download_run&el=1007&ev=100&z=41 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: okhttp/3.5.0L
Host: www.google-analytics.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Wed, 03 Apr 2024 12:08:04 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 65569
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
GET

http://www.google-analytics.com/collect?v=1&t=event&tid=UA-134765723-4&cid=9c259aa7f6a49091c1e506721add63a0&ec=app2&ea=YanDex_show&el=1007&ev=100&z=18467

LDPlayer9_ru_1007_ld.exe

Remote address:

172.217.16.238:80

Request

GET /collect?v=1&t=event&tid=UA-134765723-4&cid=9c259aa7f6a49091c1e506721add63a0&ec=app2&ea=YanDex_show&el=1007&ev=100&z=18467 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: okhttp/3.5.0L
Host: www.google-analytics.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Wed, 03 Apr 2024 12:08:04 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 65572
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
GET

http://www.google-analytics.com/collect?v=1&t=event&tid=UA-134765723-4&cid=9c259aa7f6a49091c1e506721add63a0&ec=app2&ea=download_installBtnClick3.0&el=1007&ev=100&z=6334

LDPlayer9_ru_1007_ld.exe

Remote address:

172.217.16.238:80

Request

GET /collect?v=1&t=event&tid=UA-134765723-4&cid=9c259aa7f6a49091c1e506721add63a0&ec=app2&ea=download_installBtnClick3.0&el=1007&ev=100&z=6334 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: okhttp/3.5.0L
Host: www.google-analytics.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Wed, 03 Apr 2024 12:08:04 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 65575
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
DNS

21.9.249.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.9.249.13.in-addr.arpa

IN PTR

Response

21.9.249.13.in-addr.arpa

IN PTR

server-13-249-9-21cdg53r cloudfrontnet
DNS

238.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.16.217.172.in-addr.arpa

IN PTR

Response

238.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f141e100net

238.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f14�I
DNS

163.128.155.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

163.128.155.18.in-addr.arpa

IN PTR

Response

163.128.155.18.in-addr.arpa

IN PTR

server-18-155-128-163cdg52r cloudfrontnet
DNS

90.193.84.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

90.193.84.52.in-addr.arpa

IN PTR

Response

90.193.84.52.in-addr.arpa

IN PTR

server-52-84-193-90cdg52r cloudfrontnet
DNS

133.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.32.126.40.in-addr.arpa

IN PTR

Response
DNS

cdn.ldplayer.net

dnplayer.exe

Remote address:

8.8.8.8:53

Request

cdn.ldplayer.net

IN A

Response

cdn.ldplayer.net

IN CNAME

d266zoinebx0lb.cloudfront.net

d266zoinebx0lb.cloudfront.net

IN A

3.162.38.43

d266zoinebx0lb.cloudfront.net

IN A

3.162.38.36

d266zoinebx0lb.cloudfront.net

IN A

3.162.38.96

d266zoinebx0lb.cloudfront.net

IN A

3.162.38.2
GET

https://cdn.ldplayer.net/download/package/LDPlayer_9.0.68.3.exe

LDPlayer9_ru_1007_ld.exe

Remote address:

3.162.38.43:443

Request

GET /download/package/LDPlayer_9.0.68.3.exe HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: okhttp/3.5.0L
Host: cdn.ldplayer.net
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 683803248
Connection: keep-alive
Server: AliyunOSS
x-oss-request-id: 660696B2AA0DCC30339CFF58
Accept-Ranges: bytes
Last-Modified: Thu, 28 Mar 2024 08:16:07 GMT
x-oss-object-type: Multipart
x-oss-hash-crc64ecma: 9611864030387989322
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
x-oss-server-time: 9
Date: Wed, 03 Apr 2024 21:36:38 GMT
ETag: "67AF8133D691C6969196AC033DE1E32A-66"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 c47a2112f2ba11dfde1f02cf42a6b3f0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P6
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: 0DJPjrNYNi29MK4Ty2QIhwJy64Y3NGDMxwguuYYoMA8mE3lIl395pg==
Age: 31474
DNS

43.38.162.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.38.162.3.in-addr.arpa

IN PTR

Response

43.38.162.3.in-addr.arpa

IN PTR

server-3-162-38-43cdg52r cloudfrontnet
DNS

152.33.115.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

152.33.115.104.in-addr.arpa

IN PTR

Response

152.33.115.104.in-addr.arpa

IN PTR

a104-115-33-152deploystaticakamaitechnologiescom
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

21.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.236.111.52.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

145.110.86.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

145.110.86.104.in-addr.arpa

IN PTR

Response

145.110.86.104.in-addr.arpa

IN PTR

a104-86-110-145deploystaticakamaitechnologiescom
DNS

145.110.86.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

145.110.86.104.in-addr.arpa

IN PTR
DNS

145.110.86.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

145.110.86.104.in-addr.arpa

IN PTR
DNS

145.110.86.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

145.110.86.104.in-addr.arpa

IN PTR
DNS

145.110.86.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

145.110.86.104.in-addr.arpa

IN PTR
GET

http://www.google-analytics.com/collect?v=1&t=event&tid=UA-134765723-4&cid=9c259aa7f6a49091c1e506721add63a0&ec=app2&ea=download_Success&el=1007_90&ev=100&z=26500

LDPlayer9_ru_1007_ld.exe

Remote address:

172.217.16.238:80

Request

GET /collect?v=1&t=event&tid=UA-134765723-4&cid=9c259aa7f6a49091c1e506721add63a0&ec=app2&ea=download_Success&el=1007_90&ev=100&z=26500 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: okhttp/3.5.0L
Host: www.google-analytics.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Wed, 03 Apr 2024 12:05:06 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 65816
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
GET

http://www.google-analytics.com/collect?v=1&t=event&tid=UA-156094621-1&cid=9c259aa7f6a49091c1e506721add63a0&ec=0900006803&ea=playerInstallNew&el=1007&ev=100&z=41

LDPlayer.exe

Remote address:

172.217.16.238:80

Request

GET /collect?v=1&t=event&tid=UA-156094621-1&cid=9c259aa7f6a49091c1e506721add63a0&ec=0900006803&ea=playerInstallNew&el=1007&ev=100&z=41 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: www.google-analytics.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Wed, 03 Apr 2024 21:36:54 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 31611
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
GET

http://www.google-analytics.com/collect?v=1&t=event&tid=UA-156094621-1&cid=9c259aa7f6a49091c1e506721add63a0&ec=0900006803&ea=installRun&el=1007_downloader&ev=100&z=18467

LDPlayer.exe

Remote address:

172.217.16.238:80

Request

GET /collect?v=1&t=event&tid=UA-156094621-1&cid=9c259aa7f6a49091c1e506721add63a0&ec=0900006803&ea=installRun&el=1007_downloader&ev=100&z=18467 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: www.google-analytics.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Wed, 03 Apr 2024 21:36:54 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 31611
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
GET

http://www.google-analytics.com/collect?v=1&t=event&tid=UA-156094621-1&cid=9c259aa7f6a49091c1e506721add63a0&ec=0900006803&ea=playerInstallStart&el=1007&ev=100&z=6334

LDPlayer.exe

Remote address:

172.217.16.238:80

Request

GET /collect?v=1&t=event&tid=UA-156094621-1&cid=9c259aa7f6a49091c1e506721add63a0&ec=0900006803&ea=playerInstallStart&el=1007&ev=100&z=6334 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: www.google-analytics.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Wed, 03 Apr 2024 21:36:54 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 31611
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
DNS

235.17.178.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

235.17.178.52.in-addr.arpa

IN PTR

Response
DNS

middledata.ldplayer.net

LDPlayer.exe

Remote address:

8.8.8.8:53

Request

middledata.ldplayer.net

IN A

Response

middledata.ldplayer.net

IN CNAME

alb-vnsvd2pytinqdbj862.ap-southeast-1.alb.aliyuncs.com

alb-vnsvd2pytinqdbj862.ap-southeast-1.alb.aliyuncs.com

IN A

8.219.4.49

alb-vnsvd2pytinqdbj862.ap-southeast-1.alb.aliyuncs.com

IN A

8.219.48.146

alb-vnsvd2pytinqdbj862.ap-southeast-1.alb.aliyuncs.com

IN A

8.219.136.97
POST

https://middledata.ldplayer.net/collection/biz/upload

LDPlayer.exe

Remote address:

8.219.4.49:443

Request

POST /collection/biz/upload HTTP/1.1
Host: middledata.ldplayer.net
Accept: */*
Content-Type:application/json;charset=UTF-8
timestamp: 1712211846187
signature: d864863e
Content-Length: 433

Response

HTTP/1.1 200

Date: Thu, 04 Apr 2024 06:24:09 GMT
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
DNS

49.4.219.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

49.4.219.8.in-addr.arpa

IN PTR

Response
GET

http://www.google-analytics.com/collect?v=1&t=event&tid=UA-134765723-4&cid=9c259aa7f6a49091c1e506721add63a0&ec=app2&ea=download_installComplete&el=1007_errWaitTimeout&ev=100&z=19169

LDPlayer9_ru_1007_ld.exe

Remote address:

172.217.16.238:80

Request

GET /collect?v=1&t=event&tid=UA-134765723-4&cid=9c259aa7f6a49091c1e506721add63a0&ec=app2&ea=download_installComplete&el=1007_errWaitTimeout&ev=100&z=19169 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: okhttp/3.5.0L
Host: www.google-analytics.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Wed, 03 Apr 2024 12:23:49 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 64894
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
DNS

ad.ldplayer.net

dnplayer.exe

Remote address:

8.8.8.8:53

Request

ad.ldplayer.net

IN A

Response

ad.ldplayer.net

IN CNAME

d19przo9d3f9zk.cloudfront.net

d19przo9d3f9zk.cloudfront.net

IN A

52.222.149.79

d19przo9d3f9zk.cloudfront.net

IN A

52.222.149.30

d19przo9d3f9zk.cloudfront.net

IN A

52.222.149.101

d19przo9d3f9zk.cloudfront.net

IN A

52.222.149.35
DNS

ad.ldplayer.net

dnplayer.exe

Remote address:

8.8.8.8:53

Request

ad.ldplayer.net

IN A

Response

ad.ldplayer.net

IN CNAME

d19przo9d3f9zk.cloudfront.net

d19przo9d3f9zk.cloudfront.net

IN A

52.222.149.79

d19przo9d3f9zk.cloudfront.net

IN A

52.222.149.101

d19przo9d3f9zk.cloudfront.net

IN A

52.222.149.30

d19przo9d3f9zk.cloudfront.net

IN A

52.222.149.35
DNS

en.ldplayer.net

dnplayer.exe

Remote address:

8.8.8.8:53

Request

en.ldplayer.net

IN A

Response

en.ldplayer.net

IN CNAME

en.ldplayer.net.w.kunlungr.com

en.ldplayer.net.w.kunlungr.com

IN A

163.181.154.249

en.ldplayer.net.w.kunlungr.com

IN A

163.181.154.244

en.ldplayer.net.w.kunlungr.com

IN A

163.181.154.242

en.ldplayer.net.w.kunlungr.com

IN A

163.181.154.241

en.ldplayer.net.w.kunlungr.com

IN A

163.181.154.240

en.ldplayer.net.w.kunlungr.com

IN A

163.181.154.243

en.ldplayer.net.w.kunlungr.com

IN A

163.181.154.248

en.ldplayer.net.w.kunlungr.com

IN A

163.181.154.239
DNS

en.ldplayer.net

dnplayer.exe

Remote address:

8.8.8.8:53

Request

en.ldplayer.net

IN A

Response

en.ldplayer.net

IN CNAME

en.ldplayer.net.w.kunlungr.com

en.ldplayer.net.w.kunlungr.com

IN A

163.181.154.241

en.ldplayer.net.w.kunlungr.com

IN A

163.181.154.249

en.ldplayer.net.w.kunlungr.com

IN A

163.181.154.239

en.ldplayer.net.w.kunlungr.com

IN A

163.181.154.242

en.ldplayer.net.w.kunlungr.com

IN A

163.181.154.240

en.ldplayer.net.w.kunlungr.com

IN A

163.181.154.244

en.ldplayer.net.w.kunlungr.com

IN A

163.181.154.243

en.ldplayer.net.w.kunlungr.com

IN A

163.181.154.248
DNS

encdn.ldmnq.com

dnplayer.exe

Remote address:

8.8.8.8:53

Request

encdn.ldmnq.com

IN A

Response

encdn.ldmnq.com

IN CNAME

d24tpq3dxz8t7t.cloudfront.net

d24tpq3dxz8t7t.cloudfront.net

IN A

13.249.9.34

d24tpq3dxz8t7t.cloudfront.net

IN A

13.249.9.19

d24tpq3dxz8t7t.cloudfront.net

IN A

13.249.9.78

d24tpq3dxz8t7t.cloudfront.net

IN A

13.249.9.21
DNS

encdn.ldmnq.com

dnplayer.exe

Remote address:

8.8.8.8:53

Request

encdn.ldmnq.com

IN A

Response

encdn.ldmnq.com

IN CNAME

d24tpq3dxz8t7t.cloudfront.net

d24tpq3dxz8t7t.cloudfront.net

IN A

13.249.9.78

d24tpq3dxz8t7t.cloudfront.net

IN A

13.249.9.34

d24tpq3dxz8t7t.cloudfront.net

IN A

13.249.9.19

d24tpq3dxz8t7t.cloudfront.net

IN A

13.249.9.21
GET

https://encdn.ldmnq.com/player_files/ru/apps_must_config.data

dnplayer.exe

Remote address:

13.249.9.34:443

Request

GET /player_files/ru/apps_must_config.data HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: encdn.ldmnq.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 6465
Connection: keep-alive
Server: AliyunOSS
x-oss-request-id: 660B1422048FEF37367A44E8
Accept-Ranges: bytes
Last-Modified: Mon, 01 Apr 2024 10:27:51 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 2307982608912913462
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
Content-MD5: 2TdTGBnYIADwnq5a7GGSYw==
x-oss-server-time: 17
Date: Wed, 03 Apr 2024 20:12:16 GMT
ETag: "D937531819D82000F09EAE5AEC619263"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 3e54eeb04035e3584145be33441ccbba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG53-C1
X-Amz-Cf-Id: 9IskyFuejSx8ejKLTg7S49Znxw6Cztt2qj9DHvQYp73zrevo1mgu6A==
Age: 37007
GET

https://encdn.ldmnq.com/player_files/en/apps_max.data

dnplayer.exe

Remote address:

13.249.9.34:443

Request

GET /player_files/en/apps_max.data HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: encdn.ldmnq.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 1527
Connection: keep-alive
Server: AliyunOSS
Date: Thu, 04 Apr 2024 03:08:12 GMT
x-oss-request-id: 660E199CABE9A53937CDE122
Accept-Ranges: bytes
ETag: "35530491A6FEC62DD493E818CCEBAA10"
Last-Modified: Mon, 24 Jul 2023 03:30:43 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 7279417188327358934
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
Content-MD5: NVMEkab+xi3Uk+gYzOuqEA==
x-oss-server-time: 31
X-Cache: Hit from cloudfront
Via: 1.1 ee57e278d5f96045a012c4c3d8da58f8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG53-C1
X-Amz-Cf-Id: NNdvbfNN1Kqi2VejGCeg8SEsnXCkL1NOgdhTY2YKCg17IjUBBK2_HA==
Age: 11839
GET

https://en.ldplayer.net/ows/en/ip/checkIpArea

dnplayer.exe

Remote address:

163.181.154.249:443

Request

GET /ows/en/ip/checkIpArea HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: en.ldplayer.net
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: Tengine
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Date: Thu, 04 Apr 2024 06:25:31 GMT
Vary: Accept-Encoding
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-RateLimit-Remaining: 499
X-RateLimit-Requested-Tokens: 1
X-RateLimit-Burst-Capacity: 500
X-RateLimit-Replenish-Rate: 100
vary: accept-encoding
Via: cache15.l2de2[11,0], ens-cache23.gb4[28,0]
Timing-Allow-Origin: *
EagleId: a3b59aab17122119312554178e
GET

https://ad.ldplayer.net/getIpCountryJsonFile

dnplayer.exe

Remote address:

52.222.149.79:443

Request

GET /getIpCountryJsonFile HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: ad.ldplayer.net
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Date: Thu, 04 Apr 2024 06:25:31 GMT
X-RateLimit-Remaining: -1
X-RateLimit-Requested-Tokens: 1
X-RateLimit-Burst-Capacity: 500
X-RateLimit-Replenish-Rate: 100
Vary: Accept-Encoding,accept-encoding
X-Cache: Miss from cloudfront
Via: 1.1 873d6434b45dab39b9f50a4f2cbd92f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P1
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: eS7bmq0DoxX6OC9JqBoKZ8-T2Gbt88KWuLg6qDPet2iBbmhKLhfnMQ==
GET

https://encdn.ldmnq.com/player_files/en/leidianex

dnplayer.exe

Remote address:

13.249.9.34:443

Request

GET /player_files/en/leidianex HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: encdn.ldmnq.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 1870
Connection: keep-alive
Server: AliyunOSS
Date: Wed, 03 Apr 2024 12:20:26 GMT
x-oss-request-id: 660D498A81BDAB353758CB68
Accept-Ranges: bytes
ETag: "5C43CF1E6F43F26D83011E777A4FA55A"
Last-Modified: Tue, 26 Mar 2024 09:57:37 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 1265423187099989328
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
Content-MD5: XEPPHm9D8m2DAR53ek+lWg==
x-oss-server-time: 17
X-Cache: Hit from cloudfront
Via: 1.1 0bdb6226f7a0cedb88fa9173b0b4ca10.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG53-C1
X-Amz-Cf-Id: _hiZx1ZLCv44HiXDkeWtMyK9L-XjgqgH6hKdh32ukzfLvdG5NWVNIg==
Age: 65105
GET

https://encdn.ldmnq.com/player_files/en/apps_plugin.data

dnplayer.exe

Remote address:

13.249.9.34:443

Request

GET /player_files/en/apps_plugin.data HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: encdn.ldmnq.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 184
Connection: keep-alive
Server: AliyunOSS
x-oss-request-id: 660AB4D50A930636302AADA7
Accept-Ranges: bytes
Last-Modified: Mon, 01 Feb 2021 03:09:14 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 5266247070689327771
x-oss-storage-class: Standard
Content-MD5: spCEZOZPh320VQNkevQKEQ==
x-oss-server-time: 2
Date: Wed, 03 Apr 2024 13:21:35 GMT
ETag: "B2908464E64F877DB45503647AF40A11"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 d4a6e22bfb276f18612ccc6f7763ed5e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG53-C1
X-Amz-Cf-Id: xahYmiUJn7gSLFpu3UhfsWp_d6wTxNdrxzmKGw7EbvZA5mLZsi7AAg==
Age: 61436
DNS

advertise.ldplayer.net

dnplayer.exe

Remote address:

8.8.8.8:53

Request

advertise.ldplayer.net

IN A

Response

advertise.ldplayer.net

IN CNAME

advertise.ldplayer.net.a.lahuashanbx.com

advertise.ldplayer.net.a.lahuashanbx.com

IN A

163.181.154.215
DNS

advertise.ldplayer.net

dnplayer.exe

Remote address:

8.8.8.8:53

Request

advertise.ldplayer.net

IN A

Response

advertise.ldplayer.net

IN CNAME

advertise.ldplayer.net.a.lahuashanbx.com

advertise.ldplayer.net.a.lahuashanbx.com

IN A

163.181.154.215
GET

https://advertise.ldplayer.net/ad/gb/cpt_ad.data

dnplayer.exe

Remote address:

163.181.154.215:443

Request

GET /ad/gb/cpt_ad.data HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: advertise.ldplayer.net
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: Tengine
Content-Type: text/plain
Content-Length: 1913
Connection: keep-alive
Date: Thu, 04 Apr 2024 06:25:31 GMT
x-oss-request-id: 660E47DB7732EB35379B0E42
x-oss-cdn-auth: success
Accept-Ranges: bytes
ETag: "7AEF966E4D3079701BABE165D5C7140F"
Last-Modified: Thu, 04 Apr 2024 06:25:07 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 7123044002947244804
x-oss-storage-class: Standard
Content-Encoding: utf-8
x-oss-server-side-encryption: AES256
Content-Disposition: filename/filesize=cpt_ad.data/1913Byte.
Cache-Control: no-cache
Content-MD5: eu+Wbk0weXAbq+Fl1ccUDw==
x-oss-server-time: 5
Ali-Swift-Global-Savetime: 1712211932
Via: cache9.l2fr1[490,489,200-0,M], cache23.l2fr1[491,0], ens-cache27.gb4[509,508,200-0,M], ens-cache25.gb4[510,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Thu, 04 Apr 2024 06:25:32 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: a3b59aad17122119315643259e
DNS

cdn.ldplayer.net

dnplayer.exe

Remote address:

8.8.8.8:53

Request

cdn.ldplayer.net

IN A

Response

cdn.ldplayer.net

IN CNAME

d266zoinebx0lb.cloudfront.net

d266zoinebx0lb.cloudfront.net

IN A

3.162.38.36

d266zoinebx0lb.cloudfront.net

IN A

3.162.38.96

d266zoinebx0lb.cloudfront.net

IN A

3.162.38.43

d266zoinebx0lb.cloudfront.net

IN A

3.162.38.2
DNS

cdn.ldplayer.net

dnplayer.exe

Remote address:

8.8.8.8:53

Request

cdn.ldplayer.net

IN A

Response

cdn.ldplayer.net

IN CNAME

d266zoinebx0lb.cloudfront.net

d266zoinebx0lb.cloudfront.net

IN A

3.162.38.36

d266zoinebx0lb.cloudfront.net

IN A

3.162.38.43

d266zoinebx0lb.cloudfront.net

IN A

3.162.38.2

d266zoinebx0lb.cloudfront.net

IN A

3.162.38.96
GET

https://cdn.ldplayer.net/rms/ldplayer/process/img/3aa137d179074e8b80a79e397daa198c1711962911.webp

dnplayer.exe

Remote address:

3.162.38.36:443

Request

GET /rms/ldplayer/process/img/3aa137d179074e8b80a79e397daa198c1711962911.webp HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: cdn.ldplayer.net
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 357928
Connection: keep-alive
Server: AliyunOSS
x-oss-request-id: 660B79650A93063631F3B14B
Accept-Ranges: bytes
Last-Modified: Mon, 01 Apr 2024 09:15:11 GMT
x-oss-object-type: Multipart
x-oss-hash-crc64ecma: 10832870443379806904
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
x-oss-server-time: 149
Date: Thu, 04 Apr 2024 03:20:28 GMT
ETag: "6949B42D98572BF4661A8B2F57F3325C-1"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 a5aef96cbff4e6d0b6f6c37b4a0dc1e2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P6
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: 0qPYMYB0seFjhRbcQ7aa5OwbB07HALBYNAEMS10sKeJA-QoYugl3RQ==
Age: 11125
DNS

34.9.249.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.9.249.13.in-addr.arpa

IN PTR

Response

34.9.249.13.in-addr.arpa

IN PTR

server-13-249-9-34cdg53r cloudfrontnet
DNS

249.154.181.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

249.154.181.163.in-addr.arpa

IN PTR

Response
DNS

79.149.222.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.149.222.52.in-addr.arpa

IN PTR

Response

79.149.222.52.in-addr.arpa

IN PTR

server-52-222-149-79cdg52r cloudfrontnet
DNS

215.154.181.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

215.154.181.163.in-addr.arpa

IN PTR

Response
GET

https://cdn.ldplayer.net/rms/ldplayer/process/img/93e3c2fd56504aed983fbfd31cb1c02f1711962957.webp

dnplayer.exe

Remote address:

3.162.38.36:443

Request

GET /rms/ldplayer/process/img/93e3c2fd56504aed983fbfd31cb1c02f1711962957.webp HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: cdn.ldplayer.net
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 383539
Connection: keep-alive
Server: AliyunOSS
x-oss-request-id: 660B7965AA0DCC3138368A09
Accept-Ranges: bytes
Last-Modified: Mon, 01 Apr 2024 09:15:57 GMT
x-oss-object-type: Multipart
x-oss-hash-crc64ecma: 3455825808635024536
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
x-oss-server-time: 30
Date: Thu, 04 Apr 2024 03:20:29 GMT
ETag: "3326A96CD4FC94AD884F986321F9756F-1"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 c7deb8fcb33ecb1e5a3a6d85b3f06e68.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P6
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: L-TWatAaKsPQWgLXfwnj4lD_ShQjqiJNc4mNyNqXGMs-sFdLttjL1g==
Age: 11125
GET

https://cdn.ldplayer.net/rms/ldplayer/process/img/03d9c83a54ba4b0d81df23f0a54239991711962918.webp

dnplayer.exe

Remote address:

3.162.38.36:443

Request

GET /rms/ldplayer/process/img/03d9c83a54ba4b0d81df23f0a54239991711962918.webp HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: cdn.ldplayer.net
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 129839
Connection: keep-alive
Server: AliyunOSS
x-oss-request-id: 660B79664FF14A3330C46DF2
Accept-Ranges: bytes
Last-Modified: Mon, 01 Apr 2024 09:15:18 GMT
x-oss-object-type: Multipart
x-oss-hash-crc64ecma: 946917428281106094
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
x-oss-server-time: 15
Date: Thu, 04 Apr 2024 03:20:30 GMT
ETag: "02B8ED4FAA8FCAB99208111B537ACFED-1"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 3ea65c00673e679acc29eeee7edb4d1e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P6
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: 3a9kDiypdaQK03NtrhnWsx_dqN1_td6cTBE9uQk3MquGEjMH0caUog==
Age: 11125
GET

https://cdn.ldplayer.net/rms/ldplayer/process/img/f238f16857114ae28385c0d5e0c140351711962974.webp

dnplayer.exe

Remote address:

3.162.38.36:443

Request

GET /rms/ldplayer/process/img/f238f16857114ae28385c0d5e0c140351711962974.webp HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: cdn.ldplayer.net
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 129839
Connection: keep-alive
Server: AliyunOSS
x-oss-request-id: 660B796699AE823432A47995
Accept-Ranges: bytes
Last-Modified: Mon, 01 Apr 2024 09:16:14 GMT
x-oss-object-type: Multipart
x-oss-hash-crc64ecma: 946917428281106094
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
x-oss-server-time: 42
Date: Thu, 04 Apr 2024 03:20:31 GMT
ETag: "02B8ED4FAA8FCAB99208111B537ACFED-1"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 5e9eaa4dae17f466e627d76765f5de64.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P6
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: JuW0U8Ws21pZ1JDNewcpc468tVFi0BlHFfkG3Wr-hFdeUEVNrIa92w==
Age: 11125
GET

https://cdn.ldplayer.net/rms/ldplayer/process/img/4f4f3f79f3404e46a05e78c89b3c62601712154143.webp

dnplayer.exe

Remote address:

3.162.38.36:443

Request

GET /rms/ldplayer/process/img/4f4f3f79f3404e46a05e78c89b3c62601712154143.webp HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: cdn.ldplayer.net
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 238497
Connection: keep-alive
Server: AliyunOSS
Date: Wed, 03 Apr 2024 14:26:23 GMT
x-oss-request-id: 660D670F43F9F838355747B8
Accept-Ranges: bytes
ETag: "90A69E64506F50E17A9CB76761138ED4-1"
Last-Modified: Wed, 03 Apr 2024 14:22:23 GMT
x-oss-object-type: Multipart
x-oss-hash-crc64ecma: 1680969689302300154
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
x-oss-server-time: 43
X-Cache: Hit from cloudfront
Via: 1.1 5a012a43a727d36b7bf1976d7c8817dc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P6
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: Ll8BAHsksaoO51Wj8QTRikJCudgdNayd6WuddRkm9lROGX4CXEFa1w==
Age: 57550
DNS

36.38.162.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

36.38.162.3.in-addr.arpa

IN PTR

Response

36.38.162.3.in-addr.arpa

IN PTR

server-3-162-38-36cdg52r cloudfrontnet
GET

https://cdn.ldplayer.net/rms/ldplayer/process/img/720b7aef1925457985eee4d860f2343e1712154148.webp

dnplayer.exe

Remote address:

3.162.38.36:443

Request

GET /rms/ldplayer/process/img/720b7aef1925457985eee4d860f2343e1712154148.webp HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: cdn.ldplayer.net
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 246332
Connection: keep-alive
Server: AliyunOSS
Date: Wed, 03 Apr 2024 14:26:23 GMT
x-oss-request-id: 660D670FBEB4E133314265B8
Accept-Ranges: bytes
ETag: "147C03D30F8DA2B0A2BF1D5CB89D532E-1"
Last-Modified: Wed, 03 Apr 2024 14:22:29 GMT
x-oss-object-type: Multipart
x-oss-hash-crc64ecma: 9309925070357257036
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
x-oss-server-time: 28
X-Cache: Hit from cloudfront
Via: 1.1 541b3521516c2ab2d19244b7072c9f9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P6
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: S4PbqAS1z93xsT6ZXIeAQNKqOYjtwSOs6VYL5LIgUXzu9BIcpCGHeA==
Age: 57550
GET

https://encdn.ldmnq.com/ldstore/CHzyNa-1620808132426.png

dnplayer.exe

Remote address:

13.249.9.34:443

Request

GET /ldstore/CHzyNa-1620808132426.png HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: encdn.ldmnq.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: image/png
Content-Length: 34246
Connection: keep-alive
Server: AliyunOSS
x-oss-request-id: 660AA53DAA0DCC373962C1D9
Accept-Ranges: bytes
Last-Modified: Wed, 12 May 2021 08:28:54 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 8815189099002522325
x-oss-storage-class: Standard
Content-MD5: CEInMUigxDUWo+M0ghG/UQ==
x-oss-server-time: 54
Date: Thu, 04 Apr 2024 02:42:33 GMT
ETag: "0842273148A0C43516A3E3348211BF51"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 e2dc4178fd5d89ed6c6e3cd0e2e53fa6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG53-C1
X-Amz-Cf-Id: 6Yzu30JtIb5eckfurOycHgFpSn9QYmc8rLaR1eUmRT-2I1I_zW4qTQ==
Age: 61460
GET

https://advertise.ldplayer.net/ad/gb/cpi_ad.data

dnplayer.exe

Remote address:

163.181.154.215:443

Request

GET /ad/gb/cpi_ad.data HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: advertise.ldplayer.net
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Server: Tengine
Content-Type: text/plain
Content-Length: 54461
Connection: keep-alive
Date: Thu, 04 Apr 2024 06:25:34 GMT
x-oss-request-id: 660E47DE70888B3537E8C0C0
x-oss-cdn-auth: success
Accept-Ranges: bytes
ETag: "B37E909F31DF91C6056FD74557B6A896"
Last-Modified: Thu, 04 Apr 2024 06:25:28 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 7773190544565165409
x-oss-storage-class: Standard
Content-Encoding: utf-8
x-oss-server-side-encryption: AES256
Content-Disposition: filename/filesize=cpi_ad.data/54461Byte.
Cache-Control: no-cache
Content-MD5: s36QnzHfkcYFb9dFV7aolg==
x-oss-server-time: 7
Ali-Swift-Global-Savetime: 1712211934
Via: cache26.l2fr1[485,484,200-0,M], cache14.l2fr1[485,0], ens-cache4.gb4[505,504,200-0,M], ens-cache27.gb4[506,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Thu, 04 Apr 2024 06:25:34 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: a3b59aaf17122119337646561e
GET

https://ad.ldplayer.net/cptAdExposure?cptId=0&language=ru_RU&placement=loading_video&version=9.0.68

dnplayer.exe

Remote address:

52.222.149.79:443

Request

GET /cptAdExposure?cptId=0&language=ru_RU&placement=loading_video&version=9.0.68 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: ad.ldplayer.net
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Date: Thu, 04 Apr 2024 06:25:33 GMT
X-RateLimit-Remaining: -1
X-RateLimit-Requested-Tokens: 1
X-RateLimit-Burst-Capacity: 500
X-RateLimit-Replenish-Rate: 100
Vary: Accept-Encoding,accept-encoding
X-Cache: Miss from cloudfront
Via: 1.1 35c1a072f5e34dd7857432de42b52680.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P1
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: o8eAnnPCMsb5f-DZs_ctQd2ZIRekPWoy0LOasxJ1xftpDRaxWFgdzg==
GET

https://ad.ldplayer.net/cptAdExposure?cptId=9724&language=ru_RU&placement=loading&version=9.0.68

dnplayer.exe

Remote address:

52.222.149.79:443

Request

GET /cptAdExposure?cptId=9724&language=ru_RU&placement=loading&version=9.0.68 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: ad.ldplayer.net
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Date: Thu, 04 Apr 2024 06:25:34 GMT
X-RateLimit-Remaining: -1
X-RateLimit-Requested-Tokens: 1
X-RateLimit-Burst-Capacity: 500
X-RateLimit-Replenish-Rate: 100
Vary: Accept-Encoding,accept-encoding
X-Cache: Miss from cloudfront
Via: 1.1 5c0a9fbe4f8b2e7835a09c41c52efb12.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P1
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: f1EB53q3f05MjjpduQCljCFkfq-7exRRT7NZM8DqTGHqUm0MryZmHA==
DNS

apiru.ldmnq.com

dnplayer.exe

Remote address:

8.8.8.8:53

Request

apiru.ldmnq.com

IN A

Response

apiru.ldmnq.com

IN CNAME

d27jrj8596jp2m.cloudfront.net

d27jrj8596jp2m.cloudfront.net

IN A

18.155.129.58

d27jrj8596jp2m.cloudfront.net

IN A

18.155.129.20

d27jrj8596jp2m.cloudfront.net

IN A

18.155.129.44

d27jrj8596jp2m.cloudfront.net

IN A

18.155.129.118
DNS

apiru.ldmnq.com

dnplayer.exe

Remote address:

8.8.8.8:53

Request

apiru.ldmnq.com

IN A

Response

apiru.ldmnq.com

IN CNAME

d27jrj8596jp2m.cloudfront.net

d27jrj8596jp2m.cloudfront.net

IN A

18.155.129.58

d27jrj8596jp2m.cloudfront.net

IN A

18.155.129.20

d27jrj8596jp2m.cloudfront.net

IN A

18.155.129.44

d27jrj8596jp2m.cloudfront.net

IN A

18.155.129.118
GET

http://apiru.ldmnq.com/checkVersion2?pid=dnplayer-ru&openid=1007&t=20240404062537&sv=0900006803&m=9c259aa7f6a49091c1e506721add63a0&architecture=x64&multiplayer=1&androidimei=010067029042170&androidmac=00DB5BEF69A5

dnplayer.exe

Remote address:

18.155.129.58:80

Request

GET /checkVersion2?pid=dnplayer-ru&openid=1007&t=20240404062537&sv=0900006803&m=9c259aa7f6a49091c1e506721add63a0&architecture=x64&multiplayer=1&androidimei=010067029042170&androidmac=00DB5BEF69A5 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: apiru.ldmnq.com
Cache-Control: no-cache

Response

HTTP/1.1 301 Moved Permanently

Server: CloudFront
Date: Thu, 04 Apr 2024 06:25:38 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://apiru.ldmnq.com/checkVersion2?pid=dnplayer-ru&openid=1007&t=20240404062537&sv=0900006803&m=9c259aa7f6a49091c1e506721add63a0&architecture=x64&multiplayer=1&androidimei=010067029042170&androidmac=00DB5BEF69A5
X-Cache: Redirect from cloudfront
Via: 1.1 887aba73f027fe4e82f965d15238ed3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P4
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: soIKlCLgmXxH-aANmuLKz_KADsa9n7NAZYveVBjBTAfAYia2soUKMw==
GET

https://apiru.ldmnq.com/checkVersion2?pid=dnplayer-ru&openid=1007&t=20240404062537&sv=0900006803&m=9c259aa7f6a49091c1e506721add63a0&architecture=x64&multiplayer=1&androidimei=010067029042170&androidmac=00DB5BEF69A5

dnplayer.exe

Remote address:

18.155.129.58:443

Request

GET /checkVersion2?pid=dnplayer-ru&openid=1007&t=20240404062537&sv=0900006803&m=9c259aa7f6a49091c1e506721add63a0&architecture=x64&multiplayer=1&androidimei=010067029042170&androidmac=00DB5BEF69A5 HTTP/1.1
Accept: */*
Cache-Control: no-cache
Host: apiru.ldmnq.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Date: Thu, 04 Apr 2024 06:25:38 GMT
X-RateLimit-Remaining: 495
X-RateLimit-Requested-Tokens: 1
X-RateLimit-Burst-Capacity: 500
X-RateLimit-Replenish-Rate: 100
Vary: Accept-Encoding,accept-encoding
X-Cache: Miss from cloudfront
Via: 1.1 49f259fbf0878ade02febf4980fecb18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P4
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: udRwU9Mr7-iSZUrAJ_K_MJk4osHfWvtD2N8ISxGv34hmvvZiW5I4Vg==
GET

https://ad.ldplayer.net/cptAdExposure?cptId=9761&language=ru_RU&placement=loading&version=9.0.68

dnplayer.exe

Remote address:

52.222.149.79:443

Request

GET /cptAdExposure?cptId=9761&language=ru_RU&placement=loading&version=9.0.68 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: ad.ldplayer.net
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Date: Thu, 04 Apr 2024 06:25:39 GMT
X-RateLimit-Remaining: -1
X-RateLimit-Requested-Tokens: 1
X-RateLimit-Burst-Capacity: 500
X-RateLimit-Replenish-Rate: 100
Vary: Accept-Encoding,accept-encoding
X-Cache: Miss from cloudfront
Via: 1.1 fb7dd4ab7d279a5ac003ba27474cf5ee.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P1
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: PxRxsSnuN7DKAcBmeht-gMLtNs9ATcWozK1oW65yhfUM8APGn600Ig==
DNS

58.129.155.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.129.155.18.in-addr.arpa

IN PTR

Response

58.129.155.18.in-addr.arpa

IN PTR

server-18-155-129-58cdg52r cloudfrontnet
GET

https://apiru.ldmnq.com/checkMnqVersion?pid=dnplayer-ru9&openid=1007&t=20240404062540&sv=0900006803&n=4ed820ed97a93942be2094ffcb6edd56&updatetype=1

dnplayer.exe

Remote address:

18.155.129.58:443

Request

GET /checkMnqVersion?pid=dnplayer-ru9&openid=1007&t=20240404062540&sv=0900006803&n=4ed820ed97a93942be2094ffcb6edd56&updatetype=1 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: apiru.ldmnq.com
Cache-Control: no-cache

Response

HTTP/1.1 204 No Content

Connection: keep-alive
Date: Thu, 04 Apr 2024 06:25:41 GMT
X-RateLimit-Remaining: 497
X-RateLimit-Requested-Tokens: 1
X-RateLimit-Burst-Capacity: 500
X-RateLimit-Replenish-Rate: 100
X-Cache: Miss from cloudfront
Via: 1.1 2337aeab2297ca19027573938bc0ae66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG52-P4
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: A6hm9G9iyFnVyoqij86heVIC_jcVYCK9AfJbtI37aBoipOJGOqf2wA==
DNS

ru.ldplayer.net

Remote address:

8.8.8.8:53

Request

ru.ldplayer.net

IN A

Response

ru.ldplayer.net

IN CNAME

ru.ldplayer.net.w.kunlungr.com

ru.ldplayer.net.w.kunlungr.com

IN A

163.181.154.240

ru.ldplayer.net.w.kunlungr.com

IN A

163.181.154.242

ru.ldplayer.net.w.kunlungr.com

IN A

163.181.154.244

ru.ldplayer.net.w.kunlungr.com

IN A

163.181.154.243

ru.ldplayer.net.w.kunlungr.com

IN A

163.181.154.249

ru.ldplayer.net.w.kunlungr.com

IN A

163.181.154.241

ru.ldplayer.net.w.kunlungr.com

IN A

163.181.154.248

ru.ldplayer.net.w.kunlungr.com

IN A

163.181.154.239
DNS

ru.ldplayer.net

Remote address:

8.8.8.8:53

Request

ru.ldplayer.net

IN Unknown

Response

ru.ldplayer.net

IN CNAME

ru.ldplayer.net.w.kunlungr.com
DNS

ru.ldplayer.net

Remote address:

8.8.8.8:53

Request

ru.ldplayer.net

IN A

Response

ru.ldplayer.net

IN CNAME

ru.ldplayer.net.w.kunlungr.com

ru.ldplayer.net.w.kunlungr.com

IN A

163.181.154.241

ru.ldplayer.net.w.kunlungr.com

IN A

163.181.154.240

ru.ldplayer.net.w.kunlungr.com

IN A

163.181.154.249

ru.ldplayer.net.w.kunlungr.com

IN A

163.181.154.243

ru.ldplayer.net.w.kunlungr.com

IN A

163.181.154.239

ru.ldplayer.net.w.kunlungr.com

IN A

163.181.154.242

ru.ldplayer.net.w.kunlungr.com

IN A

163.181.154.244

ru.ldplayer.net.w.kunlungr.com

IN A

163.181.154.248
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN A

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-uw-2.ukwest.cloudapp.azure.com

prod-agic-uw-2.ukwest.cloudapp.azure.com

IN A

51.140.244.186
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN Unknown

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-us-1.uksouth.cloudapp.azure.com
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN A

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net

b-0005.b-msedge.net

IN A

13.107.6.158
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN Unknown

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

92.123.241.137
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

92.123.241.137
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN Unknown

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net
DNS

cdn.ldplayer.net

dnplayer.exe

Remote address:

8.8.8.8:53

Request

cdn.ldplayer.net

IN A

Response

cdn.ldplayer.net

IN CNAME

d266zoinebx0lb.cloudfront.net

d266zoinebx0lb.cloudfront.net

IN A

3.162.38.96

d266zoinebx0lb.cloudfront.net

IN A

3.162.38.2

d266zoinebx0lb.cloudfront.net

IN A

3.162.38.43

d266zoinebx0lb.cloudfront.net

IN A

3.162.38.36
DNS

cdn.ldplayer.net

dnplayer.exe

Remote address:

8.8.8.8:53

Request

cdn.ldplayer.net

IN Unknown

Response

cdn.ldplayer.net

IN CNAME

d266zoinebx0lb.cloudfront.net
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN A

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net

a416.dscd.akamai.net

IN A

104.86.110.144

a416.dscd.akamai.net

IN A

104.86.110.131
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN Unknown

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net
DNS

cmp.setupcmp.com

Remote address:

8.8.8.8:53

Request

cmp.setupcmp.com

IN A

Response

cmp.setupcmp.com

IN A

104.26.4.6

cmp.setupcmp.com

IN A

104.26.5.6

cmp.setupcmp.com

IN A

172.67.70.36
DNS

cmp.setupcmp.com

Remote address:

8.8.8.8:53

Request

cmp.setupcmp.com

IN Unknown

Response

cmp.setupcmp.com

IN Unknown

h2hh�CF$0&G h&G h&G �CF$
DNS

240.154.181.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.154.181.163.in-addr.arpa

IN PTR

Response
DNS

186.244.140.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

186.244.140.51.in-addr.arpa

IN PTR

Response
DNS

137.241.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.241.123.92.in-addr.arpa

IN PTR

Response

137.241.123.92.in-addr.arpa

IN PTR

a92-123-241-137deploystaticakamaitechnologiescom
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

92.123.241.137
DNS

encdn.ldmnq.com

dnplayer.exe

Remote address:

8.8.8.8:53

Request

encdn.ldmnq.com

IN A

Response

encdn.ldmnq.com

IN CNAME

d24tpq3dxz8t7t.cloudfront.net

d24tpq3dxz8t7t.cloudfront.net

IN A

13.249.9.34

d24tpq3dxz8t7t.cloudfront.net

IN A

13.249.9.19

d24tpq3dxz8t7t.cloudfront.net

IN A

13.249.9.78

d24tpq3dxz8t7t.cloudfront.net

IN A

13.249.9.21
DNS

encdn.ldmnq.com

dnplayer.exe

Remote address:

8.8.8.8:53

Request

encdn.ldmnq.com

IN Unknown

Response

encdn.ldmnq.com

IN CNAME

d24tpq3dxz8t7t.cloudfront.net
DNS

www.youtube.com

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

216.58.213.14

youtube-ui.l.google.com

IN A

172.217.169.14

youtube-ui.l.google.com

IN A

216.58.212.238

youtube-ui.l.google.com

IN A

172.217.169.78
DNS

www.youtube.com

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN Unknown

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN Unknown
DNS

www.youtube.com

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

216.58.213.14

youtube-ui.l.google.com

IN A

172.217.169.14

youtube-ui.l.google.com

IN A

216.58.212.238

youtube-ui.l.google.com

IN A

172.217.169.78
DNS

yandex.ru

Remote address:

8.8.8.8:53

Request

yandex.ru

IN A

Response

yandex.ru

IN A

77.88.55.88

yandex.ru

IN A

77.88.55.60

yandex.ru

IN A

5.255.255.70

yandex.ru

IN A

5.255.255.77
DNS

yandex.ru

Remote address:

8.8.8.8:53

Request

yandex.ru

IN Unknown

Response
DNS

fundingchoicesmessages.google.com

Remote address:

8.8.8.8:53

Request

fundingchoicesmessages.google.com

IN A

Response

fundingchoicesmessages.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

142.250.187.206
DNS

fundingchoicesmessages.google.com

Remote address:

8.8.8.8:53

Request

fundingchoicesmessages.google.com

IN Unknown

Response

fundingchoicesmessages.google.com

IN CNAME

www3.l.google.com
DNS

179.21.88.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

179.21.88.77.in-addr.arpa

IN PTR

Response

179.21.88.77.in-addr.arpa

IN PTR

adfox-external-l3-enginestableqloud-byandexnet
DNS

179.21.88.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

179.21.88.77.in-addr.arpa

IN PTR

Response

179.21.88.77.in-addr.arpa

IN PTR

adfox-external-l3-enginestableqloud-byandexnet
DNS

encdn01.ldmnq.com

Remote address:

8.8.8.8:53

Request

encdn01.ldmnq.com

IN A

Response

encdn01.ldmnq.com

IN CNAME

d21vev8e90jh0w.cloudfront.net

d21vev8e90jh0w.cloudfront.net

IN A

3.162.38.30

d21vev8e90jh0w.cloudfront.net

IN A

3.162.38.93

d21vev8e90jh0w.cloudfront.net

IN A

3.162.38.68

d21vev8e90jh0w.cloudfront.net

IN A

3.162.38.60
DNS

encdn01.ldmnq.com

Remote address:

8.8.8.8:53

Request

encdn01.ldmnq.com

IN Unknown

Response

encdn01.ldmnq.com

IN CNAME

d21vev8e90jh0w.cloudfront.net
DNS

encdn09.ldmnq.com

Remote address:

8.8.8.8:53

Request

encdn09.ldmnq.com

IN A

Response

encdn09.ldmnq.com

IN CNAME

d52598oefqxb1.cloudfront.net

d52598oefqxb1.cloudfront.net

IN A

52.222.201.89

d52598oefqxb1.cloudfront.net

IN A

52.222.201.15

d52598oefqxb1.cloudfront.net

IN A

52.222.201.32

d52598oefqxb1.cloudfront.net

IN A

52.222.201.31
DNS

encdn09.ldmnq.com

Remote address:

8.8.8.8:53

Request

encdn09.ldmnq.com

IN Unknown

Response

encdn09.ldmnq.com

IN CNAME

d52598oefqxb1.cloudfront.net
DNS

encdn03.ldmnq.com

Remote address:

8.8.8.8:53

Request

encdn03.ldmnq.com

IN A

Response

encdn03.ldmnq.com

IN CNAME

djtoaxs8z6fy9.cloudfront.net

djtoaxs8z6fy9.cloudfront.net

IN A

99.86.91.95

djtoaxs8z6fy9.cloudfront.net

IN A

99.86.91.45

djtoaxs8z6fy9.cloudfront.net

IN A

99.86.91.86

djtoaxs8z6fy9.cloudfront.net

IN A

99.86.91.121
DNS

encdn03.ldmnq.com

Remote address:

8.8.8.8:53

Request

encdn03.ldmnq.com

IN Unknown

Response

encdn03.ldmnq.com

IN CNAME

djtoaxs8z6fy9.cloudfront.net
DNS

stpd.cloud

Remote address:

8.8.8.8:53

Request

stpd.cloud

IN A

Response

stpd.cloud

IN A

104.18.31.49

stpd.cloud

IN A

104.18.30.49
DNS

stpd.cloud

Remote address:

8.8.8.8:53

Request

stpd.cloud

IN Unknown

Response

stpd.cloud

IN Unknown

h2h1h1 &Gh1&Gh1
DNS

i.ytimg.com

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

142.250.200.54

i.ytimg.com

IN A

216.58.201.118

i.ytimg.com

IN A

216.58.204.86

i.ytimg.com

IN A

216.58.213.22

i.ytimg.com

IN A

172.217.169.22

i.ytimg.com

IN A

216.58.212.246

i.ytimg.com

IN A

172.217.169.86

i.ytimg.com

IN A

172.217.169.54

i.ytimg.com

IN A

142.250.179.246

i.ytimg.com

IN A

142.250.180.22

i.ytimg.com

IN A

142.250.187.214

i.ytimg.com

IN A

142.250.187.246

i.ytimg.com

IN A

142.250.178.22

i.ytimg.com

IN A

172.217.16.246

i.ytimg.com

IN A

142.250.200.22
DNS

i.ytimg.com

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN Unknown

Response
DNS

67.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.204.58.216.in-addr.arpa

IN PTR

Response

67.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f31e100net

67.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f3�G

67.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f67�G
DNS

67.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.204.58.216.in-addr.arpa

IN PTR

Response

67.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f31e100net

67.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f3�G

67.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f67�G
DNS

10.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.180.250.142.in-addr.arpa

IN PTR

Response

10.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f101e100net
DNS

10.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.180.250.142.in-addr.arpa

IN PTR

Response

10.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f101e100net
DNS

144.110.86.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

144.110.86.104.in-addr.arpa

IN PTR

Response

144.110.86.104.in-addr.arpa

IN PTR

a104-86-110-144deploystaticakamaitechnologiescom
DNS

144.110.86.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

144.110.86.104.in-addr.arpa

IN PTR

Response

144.110.86.104.in-addr.arpa

IN PTR

a104-86-110-144deploystaticakamaitechnologiescom
DNS

6.4.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

6.4.26.104.in-addr.arpa

IN PTR

Response
DNS

6.4.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

6.4.26.104.in-addr.arpa

IN PTR

Response
DNS

www.google.com

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

172.217.16.228
DNS

96.38.162.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

96.38.162.3.in-addr.arpa

IN PTR

Response

96.38.162.3.in-addr.arpa

IN PTR

server-3-162-38-96cdg52r cloudfrontnet
DNS

96.38.162.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

96.38.162.3.in-addr.arpa

IN PTR

Response

96.38.162.3.in-addr.arpa

IN PTR

server-3-162-38-96cdg52r cloudfrontnet
DNS

238.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.179.250.142.in-addr.arpa

IN PTR

Response

238.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f141e100net
DNS

238.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.179.250.142.in-addr.arpa

IN PTR

Response

238.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f141e100net
DNS

206.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.187.250.142.in-addr.arpa

IN PTR

Response

206.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f141e100net
DNS

206.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.187.250.142.in-addr.arpa

IN PTR

Response

206.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f141e100net
DNS

30.38.162.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.38.162.3.in-addr.arpa

IN PTR

Response

30.38.162.3.in-addr.arpa

IN PTR

server-3-162-38-30cdg52r cloudfrontnet
DNS

30.38.162.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.38.162.3.in-addr.arpa

IN PTR

Response

30.38.162.3.in-addr.arpa

IN PTR

server-3-162-38-30cdg52r cloudfrontnet
DNS

88.55.88.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.55.88.77.in-addr.arpa

IN PTR

Response

88.55.88.77.in-addr.arpa

IN PTR

yandexru
DNS

88.55.88.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.55.88.77.in-addr.arpa

IN PTR

Response

88.55.88.77.in-addr.arpa

IN PTR

yandexru
DNS

89.201.222.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

89.201.222.52.in-addr.arpa

IN PTR

Response

89.201.222.52.in-addr.arpa

IN PTR

server-52-222-201-89cdg50r cloudfrontnet
DNS

89.201.222.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

89.201.222.52.in-addr.arpa

IN PTR

Response

89.201.222.52.in-addr.arpa

IN PTR

server-52-222-201-89cdg50r cloudfrontnet
DNS

apis.google.com

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.187.206
DNS

apis.google.com

Remote address:

8.8.8.8:53

Request

apis.google.com

IN Unknown

Response

apis.google.com

IN CNAME

plus.l.google.com
DNS

www.youtube.com

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

216.58.213.14

youtube-ui.l.google.com

IN A

172.217.169.14

youtube-ui.l.google.com

IN A

216.58.212.238

youtube-ui.l.google.com

IN A

172.217.169.78
DNS

apiru.ldplayer.net

Remote address:

8.8.8.8:53

Request

apiru.ldplayer.net

IN A

Response

apiru.ldplayer.net

IN CNAME

d374joeshw94ol.cloudfront.net

d374joeshw94ol.cloudfront.net

IN A

52.222.201.65

d374joeshw94ol.cloudfront.net

IN A

52.222.201.24

d374joeshw94ol.cloudfront.net

IN A

52.222.201.93

d374joeshw94ol.cloudfront.net

IN A

52.222.201.89
DNS

apiru.ldplayer.net

Remote address:

8.8.8.8:53

Request

apiru.ldplayer.net

IN Unknown

Response

apiru.ldplayer.net

IN CNAME

d374joeshw94ol.cloudfront.net
DNS

usersdk.ldmnq.com

Remote address:

8.8.8.8:53

Request

usersdk.ldmnq.com

IN A

Response

usersdk.ldmnq.com

IN CNAME

alb-nlrme3iinq4n8lu6ii.ap-southeast-1.alb.aliyuncs.com

alb-nlrme3iinq4n8lu6ii.ap-southeast-1.alb.aliyuncs.com

IN A

47.236.4.49

alb-nlrme3iinq4n8lu6ii.ap-southeast-1.alb.aliyuncs.com

IN A

8.219.223.66
DNS

usersdk.ldmnq.com

Remote address:

8.8.8.8:53

Request

usersdk.ldmnq.com

IN Unknown

Response

usersdk.ldmnq.com

IN CNAME

alb-nlrme3iinq4n8lu6ii.ap-southeast-1.alb.aliyuncs.com
DNS

yastatic.net

Remote address:

8.8.8.8:53

Request

yastatic.net

IN A

Response

yastatic.net

IN A

178.154.131.215

yastatic.net

IN A

178.154.131.216

yastatic.net

IN A

178.154.131.217
DNS

yastatic.net

Remote address:

8.8.8.8:53

Request

yastatic.net

IN Unknown

Response
DNS

avatars.mds.yandex.net

Remote address:

8.8.8.8:53

Request

avatars.mds.yandex.net

IN A

Response

avatars.mds.yandex.net

IN A

87.250.247.182

avatars.mds.yandex.net

IN A

87.250.247.183

avatars.mds.yandex.net

IN A

87.250.247.184

avatars.mds.yandex.net

IN A

87.250.247.181
DNS

avatars.mds.yandex.net

Remote address:

8.8.8.8:53

Request

avatars.mds.yandex.net

IN Unknown

Response
DNS

mc.yandex.ru

Remote address:

8.8.8.8:53

Request

mc.yandex.ru

IN A

Response

mc.yandex.ru

IN A

77.88.21.119

mc.yandex.ru

IN A

93.158.134.119

mc.yandex.ru

IN A

87.250.251.119

mc.yandex.ru

IN A

87.250.250.119
DNS

mc.yandex.ru

Remote address:

8.8.8.8:53

Request

mc.yandex.ru

IN Unknown

Response
DNS

www.googletagservices.com

Remote address:

8.8.8.8:53

Request

www.googletagservices.com

IN A

Response

www.googletagservices.com

IN A

142.250.187.194
DNS

www.googletagservices.com

Remote address:

8.8.8.8:53

Request

www.googletagservices.com

IN Unknown

Response
DNS

ads.adfox.ru

Remote address:

8.8.8.8:53

Request

ads.adfox.ru

IN A

Response

ads.adfox.ru

IN A

77.88.21.179
DNS

ads.adfox.ru

Remote address:

8.8.8.8:53

Request

ads.adfox.ru

IN Unknown

Response
DNS

googleads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

216.58.212.194
DNS

googleads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN Unknown

Response

googleads.g.doubleclick.net

IN Unknown

h2h3
DNS

securepubads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

securepubads.g.doubleclick.net

IN A

Response

securepubads.g.doubleclick.net

IN CNAME

securepubads46.g.doubleclick.net

securepubads46.g.doubleclick.net

IN A

142.250.187.226
DNS

securepubads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

securepubads.g.doubleclick.net

IN Unknown

Response

securepubads.g.doubleclick.net

IN CNAME

securepubads46.g.doubleclick.net
DNS

95.91.86.99.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.91.86.99.in-addr.arpa

IN PTR

Response

95.91.86.99.in-addr.arpa

IN PTR

server-99-86-91-95cdg50r cloudfrontnet
DNS

95.91.86.99.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.91.86.99.in-addr.arpa

IN PTR

Response

95.91.86.99.in-addr.arpa

IN PTR

server-99-86-91-95cdg50r cloudfrontnet
DNS

49.31.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

49.31.18.104.in-addr.arpa

IN PTR

Response
DNS

49.31.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

49.31.18.104.in-addr.arpa

IN PTR

Response
DNS

54.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

54.200.250.142.in-addr.arpa

IN PTR

Response

54.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f221e100net
DNS

54.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

54.200.250.142.in-addr.arpa

IN PTR

Response

54.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f221e100net
DNS

162.66.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

162.66.18.2.in-addr.arpa

IN PTR

Response

162.66.18.2.in-addr.arpa

IN PTR

a2-18-66-162deploystaticakamaitechnologiescom
DNS

162.66.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

162.66.18.2.in-addr.arpa

IN PTR

Response

162.66.18.2.in-addr.arpa

IN PTR

a2-18-66-162deploystaticakamaitechnologiescom
DNS

2.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.213.58.216.in-addr.arpa

IN PTR

Response

2.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f21e100net

2.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f2�F
DNS

2.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.213.58.216.in-addr.arpa

IN PTR

Response

2.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f21e100net

2.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f2�F
DNS

65.201.222.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.201.222.52.in-addr.arpa

IN PTR

Response

65.201.222.52.in-addr.arpa

IN PTR

server-52-222-201-65cdg50r cloudfrontnet
DNS

65.201.222.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.201.222.52.in-addr.arpa

IN PTR

Response

65.201.222.52.in-addr.arpa

IN PTR

server-52-222-201-65cdg50r cloudfrontnet
DNS

215.131.154.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

215.131.154.178.in-addr.arpa

IN PTR

Response

215.131.154.178.in-addr.arpa

IN PTR

staticyandexnet
DNS

215.131.154.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

215.131.154.178.in-addr.arpa

IN PTR

Response

215.131.154.178.in-addr.arpa

IN PTR

staticyandexnet
DNS

182.247.250.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

182.247.250.87.in-addr.arpa

IN PTR

Response

182.247.250.87.in-addr.arpa

IN PTR

avatarsmdsyandexnet
DNS

182.247.250.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

182.247.250.87.in-addr.arpa

IN PTR

Response

182.247.250.87.in-addr.arpa

IN PTR

avatarsmdsyandexnet
DNS

ssum.casalemedia.com

Remote address:

8.8.8.8:53

Request

ssum.casalemedia.com

IN Unknown

Response
DNS

119.21.88.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.21.88.77.in-addr.arpa

IN PTR

Response

119.21.88.77.in-addr.arpa

IN PTR

mcyandexru
DNS

119.21.88.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.21.88.77.in-addr.arpa

IN PTR

Response

119.21.88.77.in-addr.arpa

IN PTR

mcyandexru
DNS

246.83.36.212.in-addr.arpa

Remote address:

8.8.8.8:53

Request

246.83.36.212.in-addr.arpa

IN PTR

Response

246.83.36.212.in-addr.arpa

IN PTR

lb2vdmydtices
DNS

246.83.36.212.in-addr.arpa

Remote address:

8.8.8.8:53

Request

246.83.36.212.in-addr.arpa

IN PTR

Response

246.83.36.212.in-addr.arpa

IN PTR

lb2vdmydtices
DNS

194.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.187.250.142.in-addr.arpa

IN PTR

Response

194.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f21e100net
DNS

accounts.google.com

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

108.177.15.84
DNS

accounts.google.com

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN Unknown

Response
DNS

accounts.google.com

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

108.177.15.84
DNS

googleads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.250.200.34
DNS

googleads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN Unknown

Response

googleads.g.doubleclick.net

IN Unknown

h2h3
DNS

49.4.236.47.in-addr.arpa

Remote address:

8.8.8.8:53

Request

49.4.236.47.in-addr.arpa

IN PTR

Response
DNS

49.4.236.47.in-addr.arpa

Remote address:

8.8.8.8:53

Request

49.4.236.47.in-addr.arpa

IN PTR

Response
DNS

194.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.212.58.216.in-addr.arpa

IN PTR

Response

194.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f21e100net

194.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f194�H

194.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f2�H
DNS

226.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.187.250.142.in-addr.arpa

IN PTR

Response

226.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f21e100net
DNS

84.15.177.108.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.15.177.108.in-addr.arpa

IN PTR

Response

84.15.177.108.in-addr.arpa

IN PTR

wr-in-f841e100net
DNS

34.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.200.250.142.in-addr.arpa

IN PTR

Response

34.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f21e100net
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN A

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net

e13678.dscg.akamaiedge.net

IN A

104.115.33.219
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN Unknown

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN A

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net

part-0036.t-0009.t-msedge.net

IN A

13.107.246.64

part-0036.t-0009.t-msedge.net

IN A

13.107.213.64
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN Unknown

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net
DNS

jnn-pa.googleapis.com

Remote address:

8.8.8.8:53

Request

jnn-pa.googleapis.com

IN A

Response

jnn-pa.googleapis.com

IN A

172.217.169.10

jnn-pa.googleapis.com

IN A

216.58.212.202

jnn-pa.googleapis.com

IN A

172.217.169.42

jnn-pa.googleapis.com

IN A

142.250.179.234

jnn-pa.googleapis.com

IN A

142.250.180.10

jnn-pa.googleapis.com

IN A

142.250.187.202

jnn-pa.googleapis.com

IN A

142.250.187.234

jnn-pa.googleapis.com

IN A

142.250.178.10

jnn-pa.googleapis.com

IN A

172.217.16.234

jnn-pa.googleapis.com

IN A

142.250.200.10

jnn-pa.googleapis.com

IN A

142.250.200.42

jnn-pa.googleapis.com

IN A

216.58.201.106

jnn-pa.googleapis.com

IN A

216.58.204.74

jnn-pa.googleapis.com

IN A

216.58.213.10
DNS

adxbid.info

Remote address:

8.8.8.8:53

Request

adxbid.info

IN A

Response

adxbid.info

IN A

172.67.138.13

adxbid.info

IN A

104.21.48.215
DNS

jnn-pa.googleapis.com

Remote address:

8.8.8.8:53

Request

jnn-pa.googleapis.com

IN Unknown

Response
DNS

static.doubleclick.net

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN A

Response

static.doubleclick.net

IN A

216.58.204.70
DNS

static.doubleclick.net

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN Unknown

Response
DNS

www.google.com

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

172.217.16.228
DNS

www.google.com

Remote address:

8.8.8.8:53

Request

www.google.com

IN Unknown

Response

www.google.com

IN Unknown

h2h3
DNS

yt3.ggpht.com

Remote address:

8.8.8.8:53

Request

yt3.ggpht.com

IN A

Response

yt3.ggpht.com

IN CNAME

photos-ugc.l.googleusercontent.com

photos-ugc.l.googleusercontent.com

IN A

172.217.169.65
DNS

yt3.ggpht.com

Remote address:

8.8.8.8:53

Request

yt3.ggpht.com

IN Unknown

Response

yt3.ggpht.com

IN CNAME

photos-ugc.l.googleusercontent.com
DNS

tagan.adlightning.com

Remote address:

8.8.8.8:53

Request

tagan.adlightning.com

IN A

Response

tagan.adlightning.com

IN A

99.86.91.39

tagan.adlightning.com

IN A

99.86.91.84

tagan.adlightning.com

IN A

99.86.91.98

tagan.adlightning.com

IN A

99.86.91.43
DNS

tagan.adlightning.com

Remote address:

8.8.8.8:53

Request

tagan.adlightning.com

IN Unknown

Response
DNS

c.amazon-adsystem.com

Remote address:

8.8.8.8:53

Request

c.amazon-adsystem.com

IN A

Response

c.amazon-adsystem.com

IN CNAME

d1ykf07e75w7ss.cloudfront.net

d1ykf07e75w7ss.cloudfront.net

IN A

52.222.168.86
DNS

c.amazon-adsystem.com

Remote address:

8.8.8.8:53

Request

c.amazon-adsystem.com

IN Unknown

Response

c.amazon-adsystem.com

IN CNAME

d1ykf07e75w7ss.cloudfront.net
DNS

cdn.jsdelivr.net

Remote address:

8.8.8.8:53

Request

cdn.jsdelivr.net

IN A

Response

cdn.jsdelivr.net

IN CNAME

jsdelivr.map.fastly.net

jsdelivr.map.fastly.net

IN A

151.101.1.229

jsdelivr.map.fastly.net

IN A

151.101.65.229

jsdelivr.map.fastly.net

IN A

151.101.129.229

jsdelivr.map.fastly.net

IN A

151.101.193.229
DNS

cdn.jsdelivr.net

Remote address:

8.8.8.8:53

Request

cdn.jsdelivr.net

IN Unknown

Response

cdn.jsdelivr.net

IN CNAME

jsdelivr.map.fastly.net
DNS

10.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.169.217.172.in-addr.arpa

IN PTR

Response

10.169.217.172.in-addr.arpa

IN PTR

lhr25s26-in-f101e100net
DNS

70.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

70.204.58.216.in-addr.arpa

IN PTR

Response

70.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f61e100net

70.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f6�G

70.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f70�G
DNS

70.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

70.204.58.216.in-addr.arpa

IN PTR

Response

70.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f61e100net

70.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f6�G

70.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f70�G
DNS

228.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.16.217.172.in-addr.arpa

IN PTR

Response

228.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f41e100net

228.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f4�H
DNS

39.91.86.99.in-addr.arpa

Remote address:

8.8.8.8:53

Request

39.91.86.99.in-addr.arpa

IN PTR

Response

39.91.86.99.in-addr.arpa

IN PTR

server-99-86-91-39cdg50r cloudfrontnet
DNS

229.1.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

229.1.101.151.in-addr.arpa

IN PTR

Response
DNS

65.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.169.217.172.in-addr.arpa

IN PTR

Response

65.169.217.172.in-addr.arpa

IN PTR

lhr48s09-in-f11e100net
DNS

65.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

65.169.217.172.in-addr.arpa

IN PTR

Response

65.169.217.172.in-addr.arpa

IN PTR

lhr48s09-in-f11e100net
DNS

86.168.222.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.168.222.52.in-addr.arpa

IN PTR

Response

86.168.222.52.in-addr.arpa

IN PTR

server-52-222-168-86cdg52r cloudfrontnet
DNS

86.168.222.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.168.222.52.in-addr.arpa

IN PTR

Response

86.168.222.52.in-addr.arpa

IN PTR

server-52-222-168-86cdg52r cloudfrontnet
DNS

config.aps.amazon-adsystem.com

Remote address:

8.8.8.8:53

Request

config.aps.amazon-adsystem.com

IN A

Response

config.aps.amazon-adsystem.com

IN A

52.84.174.40

config.aps.amazon-adsystem.com

IN A

52.84.174.60

config.aps.amazon-adsystem.com

IN A

52.84.174.6

config.aps.amazon-adsystem.com

IN A

52.84.174.75
DNS

config.aps.amazon-adsystem.com

Remote address:

8.8.8.8:53

Request

config.aps.amazon-adsystem.com

IN Unknown

Response
DNS

aax.amazon-adsystem.com

Remote address:

8.8.8.8:53

Request

aax.amazon-adsystem.com

IN A

Response

aax.amazon-adsystem.com

IN CNAME

aax-dtb-cf.amazon-adsystem.com

aax-dtb-cf.amazon-adsystem.com

IN CNAME

aax-dtb-cf.amazon-adsystem.amazon.com

aax-dtb-cf.amazon-adsystem.amazon.com

IN CNAME

d1jvc9b8z3vcjs.cloudfront.net

d1jvc9b8z3vcjs.cloudfront.net

IN A

52.84.179.171
DNS

aax.amazon-adsystem.com

Remote address:

8.8.8.8:53

Request

aax.amazon-adsystem.com

IN Unknown

Response

aax.amazon-adsystem.com

IN CNAME

aax-dtb-cf.amazon-adsystem.com

aax-dtb-cf.amazon-adsystem.com

IN CNAME

aax-dtb-cf.amazon-adsystem.amazon.com

aax-dtb-cf.amazon-adsystem.amazon.com

IN CNAME

d1jvc9b8z3vcjs.cloudfront.net
DNS

secure.cdn.fastclick.net

Remote address:

8.8.8.8:53

Request

secure.cdn.fastclick.net

IN A

Response

secure.cdn.fastclick.net

IN CNAME

secure2.cdn.fastclick.net.edgekey.net

secure2.cdn.fastclick.net.edgekey.net

IN CNAME

e4536.g.akamaiedge.net

e4536.g.akamaiedge.net

IN A

104.78.175.230
DNS

secure.cdn.fastclick.net

Remote address:

8.8.8.8:53

Request

secure.cdn.fastclick.net

IN Unknown

Response

secure.cdn.fastclick.net

IN CNAME

secure2.cdn.fastclick.net.edgekey.net

secure2.cdn.fastclick.net.edgekey.net

IN CNAME

e4536.g.akamaiedge.net
DNS

tags.crwdcntrl.net

Remote address:

8.8.8.8:53

Request

tags.crwdcntrl.net

IN A

Response

tags.crwdcntrl.net

IN A

18.155.129.39

tags.crwdcntrl.net

IN A

18.155.129.34

tags.crwdcntrl.net

IN A

18.155.129.56

tags.crwdcntrl.net

IN A

18.155.129.21
DNS

tags.crwdcntrl.net

Remote address:

8.8.8.8:53

Request

tags.crwdcntrl.net

IN Unknown

Response
DNS

cdn.hadronid.net

Remote address:

8.8.8.8:53

Request

cdn.hadronid.net

IN A

Response

cdn.hadronid.net

IN A

104.22.52.173

cdn.hadronid.net

IN A

104.22.53.173

cdn.hadronid.net

IN A

172.67.36.110
DNS

cdn.hadronid.net

Remote address:

8.8.8.8:53

Request

cdn.hadronid.net

IN Unknown

Response

cdn.hadronid.net

IN Unknown

h2h4�h5��C$n0&Gh4�&Gh5�&G�C$n
DNS

cdn.id5-sync.com

Remote address:

8.8.8.8:53

Request

cdn.id5-sync.com

IN A

Response

cdn.id5-sync.com

IN A

172.67.38.106

cdn.id5-sync.com

IN A

104.22.53.86

cdn.id5-sync.com

IN A

104.22.52.86
DNS

cdn.id5-sync.com

Remote address:

8.8.8.8:53

Request

cdn.id5-sync.com

IN Unknown

Response

cdn.id5-sync.com

IN Unknown

h2h4Vh5V�C&j0&Gh4V&Gh5V&G�C&j
DNS

id.hadron.ad.gt

Remote address:

8.8.8.8:53

Request

id.hadron.ad.gt

IN A

Response

id.hadron.ad.gt

IN CNAME

id.hadron.ad.gt.cdn.cloudflare.net

id.hadron.ad.gt.cdn.cloudflare.net

IN A

104.22.5.69

id.hadron.ad.gt.cdn.cloudflare.net

IN A

104.22.4.69

id.hadron.ad.gt.cdn.cloudflare.net

IN A

172.67.23.234
DNS

id.hadron.ad.gt

Remote address:

8.8.8.8:53

Request

id.hadron.ad.gt

IN Unknown

Response

id.hadron.ad.gt

IN CNAME

id.hadron.ad.gt.cdn.cloudflare.net

id.hadron.ad.gt.cdn.cloudflare.net

IN Unknown

h2hEhE�C�0&GhE&GhE&G�C�
DNS

bcp.crwdcntrl.net

Remote address:

8.8.8.8:53

Request

bcp.crwdcntrl.net

IN A

Response

bcp.crwdcntrl.net

IN A

54.155.27.174

bcp.crwdcntrl.net

IN A

54.77.0.180

bcp.crwdcntrl.net

IN A

52.210.166.25

bcp.crwdcntrl.net

IN A

52.49.44.122

bcp.crwdcntrl.net

IN A

54.155.211.205

bcp.crwdcntrl.net

IN A

52.214.182.85

bcp.crwdcntrl.net

IN A

54.229.184.161

bcp.crwdcntrl.net

IN A

108.128.218.76
DNS

bcp.crwdcntrl.net

Remote address:

8.8.8.8:53

Request

bcp.crwdcntrl.net

IN Unknown

Response
DNS

proc.ad.cpe.dotomi.com

Remote address:

8.8.8.8:53

Request

proc.ad.cpe.dotomi.com

IN A

Response

proc.ad.cpe.dotomi.com

IN CNAME

convex-rr.global.dual.dotomi.weighted.com.akadns.net

convex-rr.global.dual.dotomi.weighted.com.akadns.net

IN A

89.207.16.210

convex-rr.global.dual.dotomi.weighted.com.akadns.net

IN A

63.215.202.146

convex-rr.global.dual.dotomi.weighted.com.akadns.net

IN A

89.207.16.146

convex-rr.global.dual.dotomi.weighted.com.akadns.net

IN A

64.158.223.146

convex-rr.global.dual.dotomi.weighted.com.akadns.net

IN A

63.215.202.178
DNS

proc.ad.cpe.dotomi.com

Remote address:

8.8.8.8:53

Request

proc.ad.cpe.dotomi.com

IN Unknown

Response

proc.ad.cpe.dotomi.com

IN CNAME

convex-rr.global.dual.dotomi.weighted.com.akadns.net
DNS

40.174.84.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

40.174.84.52.in-addr.arpa

IN PTR

Response

40.174.84.52.in-addr.arpa

IN PTR

server-52-84-174-40cdg50r cloudfrontnet
DNS

230.175.78.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

230.175.78.104.in-addr.arpa

IN PTR

Response

230.175.78.104.in-addr.arpa

IN PTR

a104-78-175-230deploystaticakamaitechnologiescom
DNS

173.52.22.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

173.52.22.104.in-addr.arpa

IN PTR

Response
DNS

106.38.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

106.38.67.172.in-addr.arpa

IN PTR

Response
DNS

171.179.84.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.179.84.52.in-addr.arpa

IN PTR

Response

171.179.84.52.in-addr.arpa

IN PTR

server-52-84-179-171cdg50r cloudfrontnet
DNS

69.5.22.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

69.5.22.104.in-addr.arpa

IN PTR

Response
DNS

39.129.155.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

39.129.155.18.in-addr.arpa

IN PTR

Response

39.129.155.18.in-addr.arpa

IN PTR

server-18-155-129-39cdg52r cloudfrontnet
DNS

174.27.155.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

174.27.155.54.in-addr.arpa

IN PTR

Response

174.27.155.54.in-addr.arpa

IN PTR

ec2-54-155-27-174 eu-west-1compute amazonawscom
DNS

210.16.207.89.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.16.207.89.in-addr.arpa

IN PTR

Response

210.16.207.89.in-addr.arpa

IN PTR

ams04-convex-float1dotomicom
DNS

76.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.32.126.40.in-addr.arpa

IN PTR

Response
DNS

nw-umwatson.events.data.microsoft.com

Remote address:

8.8.8.8:53

Request

nw-umwatson.events.data.microsoft.com

IN A

Response

nw-umwatson.events.data.microsoft.com

IN CNAME

blobcollector.events.data.trafficmanager.net

blobcollector.events.data.trafficmanager.net

IN CNAME

onedsblobprdcus17.centralus.cloudapp.azure.com

onedsblobprdcus17.centralus.cloudapp.azure.com

IN A

13.89.179.12
DNS

nw-umwatson.events.data.microsoft.com

Remote address:

8.8.8.8:53

Request

nw-umwatson.events.data.microsoft.com

IN A
POST

https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

Remote address:

13.89.179.12:443

Request

POST /Telemetry.Request HTTP/1.1
Connection: Keep-Alive
Content-Type: application/xml
User-Agent: Crashpad/0.8.0 WinHTTP/10.0.19041.1151 Windows_NT/10.0.19041.1202 (x64)
MSA_DeviceTicket: t=EwC4AlN5BAAUu1V9OkIAK55tj6h8OjaXgvkszYkAAdbRJXZzYM6vjQyykM4vtFoYhpzRgsQm49IgF7qUcfCxpk4nU6ReOwuxUoSuK3DTlwVL6ZdPeu1uShuFOvTF3ykrWigM+x5HQwLRxsQl9Fvdw2kbvghRloXvvFHYR8J3llCOSSAuo+w9vzKjO8lbvIKFYfDZ9w2nvCmX+DLVO6RACgDHUDx204cOUGWwjCVAYDaLeMHR0o+UY2W3SL3QXC+FQGFMd7lxqZ3f4Ft+6JcyXexgntyQ6RXKYc2Ysnp0O/jAb3TxS9GFSov54Iz7FU38QnsgYY+Xmrt9C3rz7irZIDaZtqzT1/xuViR6f1D7hk3pjwvVdkpu1qMnpBY92YEDZgAACDcjfTeOZJE1iAE8OmVPAOLelyXeGg9KBKUtf9ZR7wt5BVm5Nez1EJ0cOlTmMV087ghcHePKwmy9QnA430jjEF3l+cDSC+SwzwGj1A5xaRYdUceCYzz7AW0C5YqiiFX4SbIxiLth4ZywdVn/M6jghARXe0lu6QcdbO1AjJuGFvQf+4BVmryn/2AinX9yiZ3RVdKc9ZKwbQym+mfVSnzm0Oc2utGSfLmPtp5xEed3gWCh7w81j21NUriU9uSNlDa1ZbsrogUcyoHNcKsbT7E15jJdigSB0JU2RGRG5e/W/8T9CxKQMBHiCWBFSeTVYDiYYCt5EnY+KqXfT9UL3lksluSbPyXjWpo5eunpxDfDg6oLdPTswSmcC6P5o5Ju4wDZJJZY/8TF/T0Yp4MUDqVtg+bcYdxkhXwd8SAVNsX1E78xQ9GeSeT9AzwOECb5kB+1QRQ5yaagywl1lR8pYhpucEgqN71h1rAxL3sJzlE8y8t4NCu/XAaNeEjC5242cxS4fjfTsRZNgkHnH+5/yI4I0XEqX7gB&p=
Content-Length: 3683
Host: nw-umwatson.events.data.microsoft.com

Response

HTTP/1.1 200 200 OK

Content-Length: 634
Content-Type: text/xml
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000
Date: Thu, 04 Apr 2024 06:26:03 GMT
DNS

12.179.89.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

12.179.89.13.in-addr.arpa

IN PTR

Response
GET

http://www.google-analytics.com/collect?v=1&t=event&tid=UA-156094621-1&cid=9c259aa7f6a49091c1e506721add63a0&ec=0900006803&ea=mainCheckOK&el=1007&ev=100&z=26500

LDPlayer.exe

Remote address:

172.217.16.238:80

Request

GET /collect?v=1&t=event&tid=UA-156094621-1&cid=9c259aa7f6a49091c1e506721add63a0&ec=0900006803&ea=mainCheckOK&el=1007&ev=100&z=26500 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Host: www.google-analytics.com
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Wed, 03 Apr 2024 11:03:31 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 69752
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
DNS

a.ad.gt

Remote address:

8.8.8.8:53

Request

a.ad.gt

IN A

Response

a.ad.gt

IN CNAME

a.ad.gt.cdn.cloudflare.net

a.ad.gt.cdn.cloudflare.net

IN A

172.67.23.234

a.ad.gt.cdn.cloudflare.net

IN A

104.22.4.69

a.ad.gt.cdn.cloudflare.net

IN A

104.22.5.69
DNS

a.ad.gt

Remote address:

8.8.8.8:53

Request

a.ad.gt

IN Unknown

Response

a.ad.gt

IN CNAME

a.ad.gt.cdn.cloudflare.net

a.ad.gt.cdn.cloudflare.net

IN Unknown

h2hEhE�C�0&GhE&GhE&G�C�
DNS

chromewebstore.googleapis.com

Remote address:

8.8.8.8:53

Request

chromewebstore.googleapis.com

IN A

Response

chromewebstore.googleapis.com

IN A

142.250.200.42

chromewebstore.googleapis.com

IN A

216.58.201.106

chromewebstore.googleapis.com

IN A

216.58.204.74

chromewebstore.googleapis.com

IN A

216.58.212.202

chromewebstore.googleapis.com

IN A

216.58.212.234

chromewebstore.googleapis.com

IN A

142.250.179.234

chromewebstore.googleapis.com

IN A

142.250.180.10

chromewebstore.googleapis.com

IN A

142.250.187.202

chromewebstore.googleapis.com

IN A

142.250.187.234

chromewebstore.googleapis.com

IN A

142.250.178.10

chromewebstore.googleapis.com

IN A

172.217.16.234

chromewebstore.googleapis.com

IN A

142.250.200.10
DNS

chromewebstore.googleapis.com

Remote address:

8.8.8.8:53

Request

chromewebstore.googleapis.com

IN Unknown

Response
DNS

googleads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

172.217.16.226
DNS

googleads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.250.200.2
DNS

id5-sync.com

Remote address:

8.8.8.8:53

Request

id5-sync.com

IN A

Response

id5-sync.com

IN A

162.19.138.117

id5-sync.com

IN A

162.19.138.116

id5-sync.com

IN A

141.95.98.65

id5-sync.com

IN A

162.19.138.118

id5-sync.com

IN A

162.19.138.119

id5-sync.com

IN A

162.19.138.120

id5-sync.com

IN A

162.19.138.83

id5-sync.com

IN A

162.19.138.82

id5-sync.com

IN A

141.95.98.64

id5-sync.com

IN A

141.95.33.120
DNS

id5-sync.com

Remote address:

8.8.8.8:53

Request

id5-sync.com

IN Unknown

Response
DNS

googleads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

216.58.201.98
DNS

234.23.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.23.67.172.in-addr.arpa

IN PTR

Response
DNS

234.23.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.23.67.172.in-addr.arpa

IN PTR

Response
DNS

um.simpli.fi

Remote address:

8.8.8.8:53

Request

um.simpli.fi

IN A

Response

um.simpli.fi

IN A

35.204.158.49

um.simpli.fi

IN A

34.91.62.186

um.simpli.fi

IN A

35.204.74.118
DNS

42.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.200.250.142.in-addr.arpa

IN PTR

Response

42.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f101e100net
DNS

42.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.200.250.142.in-addr.arpa

IN PTR

Response

42.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f101e100net
DNS

gum.criteo.com

Remote address:

8.8.8.8:53

Request

gum.criteo.com

IN A

Response

gum.criteo.com

IN CNAME

gum.nl3.vip.prod.criteo.com

gum.nl3.vip.prod.criteo.com

IN A

178.250.1.11
DNS

gum.criteo.com

Remote address:

8.8.8.8:53

Request

gum.criteo.com

IN Unknown

Response

gum.criteo.com

IN CNAME

gum.nl3.vip.prod.criteo.com
DNS

prebid-stag.setupad.net

Remote address:

8.8.8.8:53

Request

prebid-stag.setupad.net

IN A

Response

prebid-stag.setupad.net

IN A

104.26.8.178

prebid-stag.setupad.net

IN A

104.26.9.178

prebid-stag.setupad.net

IN A

172.67.68.162
DNS

prebid-stag.setupad.net

Remote address:

8.8.8.8:53

Request

prebid-stag.setupad.net

IN Unknown

Response

prebid-stag.setupad.net

IN Unknown

h2h�h ��CD�
DNS

rtb.openx.net

Remote address:

8.8.8.8:53

Request

rtb.openx.net

IN A

Response

rtb.openx.net

IN A

35.227.252.103

rtb.openx.net

IN A

35.186.253.211
DNS

rtb.openx.net

Remote address:

8.8.8.8:53

Request

rtb.openx.net

IN Unknown

Response
DNS

hbopenbid.pubmatic.com

Remote address:

8.8.8.8:53

Request

hbopenbid.pubmatic.com

IN A

Response

hbopenbid.pubmatic.com

IN CNAME

hbprebid-v3.pubmnet.com

hbprebid-v3.pubmnet.com

IN CNAME

hbopenbid-ams.pubmnet.com

hbopenbid-ams.pubmnet.com

IN A

185.64.189.112
DNS

hbopenbid.pubmatic.com

Remote address:

8.8.8.8:53

Request

hbopenbid.pubmatic.com

IN Unknown

Response

hbopenbid.pubmatic.com

IN CNAME

hbprebid-v3.pubmnet.com

hbprebid-v3.pubmnet.com

IN CNAME

hbopenbid-lhrc.pubmnet.com
DNS

rtb.adxpremium.services

Remote address:

8.8.8.8:53

Request

rtb.adxpremium.services

IN A

Response

rtb.adxpremium.services

IN A

185.106.140.18
DNS

rtb.adxpremium.services

Remote address:

8.8.8.8:53

Request

rtb.adxpremium.services

IN Unknown

Response
DNS

adx.adform.net

Remote address:

8.8.8.8:53

Request

adx.adform.net

IN A

Response

adx.adform.net

IN CNAME

track-eu.adformnet.akadns.net

track-eu.adformnet.akadns.net

IN A

37.157.6.233

track-eu.adformnet.akadns.net

IN A

37.157.6.254

track-eu.adformnet.akadns.net

IN A

37.157.6.237

track-eu.adformnet.akadns.net

IN A

37.157.6.243

track-eu.adformnet.akadns.net

IN A

37.157.6.232
DNS

adx.adform.net

Remote address:

8.8.8.8:53

Request

adx.adform.net

IN Unknown

Response

adx.adform.net

IN CNAME

track-eu.adformnet.akadns.net
DNS

script.4dex.io

Remote address:

8.8.8.8:53

Request

script.4dex.io

IN A

Response

script.4dex.io

IN A

104.26.9.169

script.4dex.io

IN A

104.26.8.169

script.4dex.io

IN A

172.67.75.241
DNS

script.4dex.io

Remote address:

8.8.8.8:53

Request

script.4dex.io

IN Unknown

Response

script.4dex.io

IN Unknown

h2h�h ��CK�0&G h�&G h �&G �CK�
DNS

lb.eu-1-id5-sync.com

Remote address:

8.8.8.8:53

Request

lb.eu-1-id5-sync.com

IN A

Response

lb.eu-1-id5-sync.com

IN A

162.19.138.120

lb.eu-1-id5-sync.com

IN A

162.19.138.118

lb.eu-1-id5-sync.com

IN A

141.95.33.120

lb.eu-1-id5-sync.com

IN A

141.95.98.64

lb.eu-1-id5-sync.com

IN A

162.19.138.82

lb.eu-1-id5-sync.com

IN A

162.19.138.119

lb.eu-1-id5-sync.com

IN A

162.19.138.116

lb.eu-1-id5-sync.com

IN A

141.95.98.65

lb.eu-1-id5-sync.com

IN A

162.19.138.83

lb.eu-1-id5-sync.com

IN A

162.19.138.117
DNS

lb.eu-1-id5-sync.com

Remote address:

8.8.8.8:53

Request

lb.eu-1-id5-sync.com

IN Unknown

Response
DNS

ldcdn.ldmnq.com

Remote address:

8.8.8.8:53

Request

ldcdn.ldmnq.com

IN A

Response

ldcdn.ldmnq.com

IN CNAME

d3d7mqyjv9ruir.cloudfront.net

d3d7mqyjv9ruir.cloudfront.net

IN A

18.155.129.82

d3d7mqyjv9ruir.cloudfront.net

IN A

18.155.129.4

d3d7mqyjv9ruir.cloudfront.net

IN A

18.155.129.106

d3d7mqyjv9ruir.cloudfront.net

IN A

18.155.129.47
DNS

ldcdn.ldmnq.com

Remote address:

8.8.8.8:53

Request

ldcdn.ldmnq.com

IN Unknown

Response

ldcdn.ldmnq.com

IN CNAME

d3d7mqyjv9ruir.cloudfront.net
DNS

mp.4dex.io

Remote address:

8.8.8.8:53

Request

mp.4dex.io

IN A

Response

mp.4dex.io

IN A

104.18.34.178

mp.4dex.io

IN A

172.64.153.78
DNS

mp.4dex.io

Remote address:

8.8.8.8:53

Request

mp.4dex.io

IN Unknown

Response

mp.4dex.io

IN Unknown

h2h"��@�N &GDh"�&GD�@�N
DNS

prebid-eu.creativecdn.com

Remote address:

8.8.8.8:53

Request

prebid-eu.creativecdn.com

IN A

Response

prebid-eu.creativecdn.com

IN A

185.184.8.90
DNS

prebid-eu.creativecdn.com

Remote address:

8.8.8.8:53

Request

prebid-eu.creativecdn.com

IN Unknown

Response
DNS

prebid.a-mo.net

Remote address:

8.8.8.8:53

Request

prebid.a-mo.net

IN A

Response

prebid.a-mo.net

IN CNAME

am6-prebid.a-mx.net

am6-prebid.a-mx.net

IN A

145.40.97.67

am6-prebid.a-mx.net

IN A

145.40.97.66

am6-prebid.a-mx.net

IN A

147.75.84.158
DNS

prebid.a-mo.net

Remote address:

8.8.8.8:53

Request

prebid.a-mo.net

IN Unknown

Response

prebid.a-mo.net

IN CNAME

am6-prebid.a-mx.net
DNS

bidder.criteo.com

Remote address:

8.8.8.8:53

Request

bidder.criteo.com

IN A

Response

bidder.criteo.com

IN CNAME

bidder.nl3.vip.prod.criteo.com

bidder.nl3.vip.prod.criteo.com

IN A

178.250.1.8
DNS

bidder.criteo.com

Remote address:

8.8.8.8:53

Request

bidder.criteo.com

IN Unknown

Response

bidder.criteo.com

IN CNAME

bidder.nl3.vip.prod.criteo.com
DNS

prg.smartadserver.com

Remote address:

8.8.8.8:53

Request

prg.smartadserver.com

IN A

Response

prg.smartadserver.com

IN CNAME

prga.smartadserver.com

prga.smartadserver.com

IN CNAME

hb-geo.delivery-prod-sas.akadns.net

hb-geo.delivery-prod-sas.akadns.net

IN CNAME

itx5.smartadserver.com

itx5.smartadserver.com

IN A

185.86.138.124

itx5.smartadserver.com

IN A

185.86.138.121

itx5.smartadserver.com

IN A

185.86.138.16

itx5.smartadserver.com

IN A

185.86.138.32

itx5.smartadserver.com

IN A

185.86.138.123

itx5.smartadserver.com

IN A

185.86.138.122
DNS

prg.smartadserver.com

Remote address:

8.8.8.8:53

Request

prg.smartadserver.com

IN Unknown

Response

prg.smartadserver.com

IN CNAME

prga.smartadserver.com

prga.smartadserver.com

IN CNAME

hb-geo.delivery-prod-sas.akadns.net

hb-geo.delivery-prod-sas.akadns.net

IN CNAME

euw2.smartadserver.com
DNS

tpc.googlesyndication.com

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

172.217.16.225
DNS

tpc.googlesyndication.com

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN Unknown

Response
DNS

ssbsync-global.smartadserver.com

Remote address:

8.8.8.8:53

Request

ssbsync-global.smartadserver.com

IN A

Response

ssbsync-global.smartadserver.com

IN CNAME

usersync-geo-global.usersync-prod-sas.akadns.net

usersync-geo-global.usersync-prod-sas.akadns.net

IN CNAME

ssbsync-euw2.smartadserver.com

ssbsync-euw2.smartadserver.com

IN A

5.196.111.69

ssbsync-euw2.smartadserver.com

IN A

5.196.111.68

ssbsync-euw2.smartadserver.com

IN A

5.135.209.101

ssbsync-euw2.smartadserver.com

IN A

178.32.210.230

ssbsync-euw2.smartadserver.com

IN A

217.182.178.228

ssbsync-euw2.smartadserver.com

IN A

149.202.238.100

ssbsync-euw2.smartadserver.com

IN A

149.202.238.101

ssbsync-euw2.smartadserver.com

IN A

5.135.209.100

ssbsync-euw2.smartadserver.com

IN A

91.134.110.133

ssbsync-euw2.smartadserver.com

IN A

51.178.195.212

ssbsync-euw2.smartadserver.com

IN A

164.132.25.181

ssbsync-euw2.smartadserver.com

IN A

178.32.197.52

ssbsync-euw2.smartadserver.com

IN A

51.178.195.213

ssbsync-euw2.smartadserver.com

IN A

178.32.210.231

ssbsync-euw2.smartadserver.com

IN A

217.182.178.229

ssbsync-euw2.smartadserver.com

IN A

91.134.110.132

ssbsync-euw2.smartadserver.com

IN A

164.132.25.180

ssbsync-euw2.smartadserver.com

IN A

178.32.197.53
DNS

ssbsync-global.smartadserver.com

Remote address:

8.8.8.8:53

Request

ssbsync-global.smartadserver.com

IN Unknown

Response

ssbsync-global.smartadserver.com

IN CNAME

usersync-geo-global.usersync-prod-sas.akadns.net

usersync-geo-global.usersync-prod-sas.akadns.net

IN CNAME

ssbsync-euw2.smartadserver.com
DNS

ads.pubmatic.com

Remote address:

8.8.8.8:53

Request

ads.pubmatic.com

IN A

Response

ads.pubmatic.com

IN CNAME

pubmatic.edgekey.net

pubmatic.edgekey.net

IN CNAME

e6603.g.akamaiedge.net

e6603.g.akamaiedge.net

IN A

104.115.32.236
DNS

ads.pubmatic.com

Remote address:

8.8.8.8:53

Request

ads.pubmatic.com

IN Unknown

Response

ads.pubmatic.com

IN CNAME

pubmatic.edgekey.net

pubmatic.edgekey.net

IN CNAME

e6603.g.akamaiedge.net
DNS

ads.pubmatic.com

Remote address:

8.8.8.8:53

Request

ads.pubmatic.com

IN A

Response

ads.pubmatic.com

IN CNAME

pubmatic.edgekey.net

pubmatic.edgekey.net

IN CNAME

e6603.g.akamaiedge.net

e6603.g.akamaiedge.net

IN A

104.115.32.236
DNS

u.openx.net

Remote address:

8.8.8.8:53

Request

u.openx.net

IN A

Response

u.openx.net

IN A

35.244.159.8

u.openx.net

IN A

34.98.64.218
DNS

u.openx.net

Remote address:

8.8.8.8:53

Request

u.openx.net

IN Unknown

Response
DNS

u.openx.net

Remote address:

8.8.8.8:53

Request

u.openx.net

IN A

Response

u.openx.net

IN A

34.98.64.218

u.openx.net

IN A

35.244.159.8
DNS

tpc.googlesyndication.com

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

172.217.16.225
DNS

tpc.googlesyndication.com

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN Unknown

Response
DNS

cadmus.script.ac

Remote address:

8.8.8.8:53

Request

cadmus.script.ac

IN A

Response

cadmus.script.ac

IN A

104.18.22.145

cadmus.script.ac

IN A

104.18.23.145
DNS

cadmus.script.ac

Remote address:

8.8.8.8:53

Request

cadmus.script.ac

IN Unknown

Response

cadmus.script.ac

IN Unknown

h2h�h� &Gh�&Gh�
DNS

117.138.19.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

117.138.19.162.in-addr.arpa

IN PTR

Response

117.138.19.162.in-addr.arpa

IN PTR

ns31533568 ip-162-19-138eu
DNS

googleads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.250.200.2
DNS

103.252.227.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.252.227.35.in-addr.arpa

IN PTR

Response

103.252.227.35.in-addr.arpa

IN PTR

10325222735bcgoogleusercontentcom
DNS

11.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.1.250.178.in-addr.arpa

IN PTR

Response
DNS

googleads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.250.200.2
DNS

178.8.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

178.8.26.104.in-addr.arpa

IN PTR

Response
DNS

169.9.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

169.9.26.104.in-addr.arpa

IN PTR

Response
DNS

112.189.64.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

112.189.64.185.in-addr.arpa

IN PTR

Response
DNS

18.140.106.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.140.106.185.in-addr.arpa

IN PTR

Response
DNS

18.140.106.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.140.106.185.in-addr.arpa

IN PTR

Response
DNS

90.8.184.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

90.8.184.185.in-addr.arpa

IN PTR

Response

90.8.184.185.in-addr.arpa

IN PTR

ip-185-184-8-90rtbhousenet
DNS

90.8.184.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

90.8.184.185.in-addr.arpa

IN PTR

Response

90.8.184.185.in-addr.arpa

IN PTR

ip-185-184-8-90rtbhousenet
DNS

233.6.157.37.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.6.157.37.in-addr.arpa

IN PTR

Response
DNS

233.6.157.37.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.6.157.37.in-addr.arpa

IN PTR

Response
DNS

178.34.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

178.34.18.104.in-addr.arpa

IN PTR

Response
DNS

120.138.19.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

120.138.19.162.in-addr.arpa

IN PTR

Response

120.138.19.162.in-addr.arpa

IN PTR

ns31533571 ip-162-19-138eu
DNS

120.138.19.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

120.138.19.162.in-addr.arpa

IN PTR

Response

120.138.19.162.in-addr.arpa

IN PTR

ns31533571 ip-162-19-138eu
DNS

8.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.1.250.178.in-addr.arpa

IN PTR

Response
DNS

8.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.1.250.178.in-addr.arpa

IN PTR

Response
DNS

67.97.40.145.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.97.40.145.in-addr.arpa

IN PTR

Response
DNS

67.97.40.145.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.97.40.145.in-addr.arpa

IN PTR

Response
DNS

82.129.155.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

82.129.155.18.in-addr.arpa

IN PTR

Response

82.129.155.18.in-addr.arpa

IN PTR

server-18-155-129-82cdg52r cloudfrontnet
DNS

82.129.155.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

82.129.155.18.in-addr.arpa

IN PTR

Response

82.129.155.18.in-addr.arpa

IN PTR

server-18-155-129-82cdg52r cloudfrontnet
DNS

124.138.86.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

124.138.86.185.in-addr.arpa

IN PTR

Response
DNS

124.138.86.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

124.138.86.185.in-addr.arpa

IN PTR

Response
DNS

225.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

225.16.217.172.in-addr.arpa

IN PTR

Response

225.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f11e100net

225.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f1�H
DNS

225.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

225.16.217.172.in-addr.arpa

IN PTR

Response

225.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f11e100net

225.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f1�H
DNS

14e3182e46bc0479742cdf3d1ffcbdac.safeframe.googlesyndication.com

Remote address:

8.8.8.8:53

Request

14e3182e46bc0479742cdf3d1ffcbdac.safeframe.googlesyndication.com

IN A

Response

14e3182e46bc0479742cdf3d1ffcbdac.safeframe.googlesyndication.com

IN CNAME

pagead-googlehosted.l.google.com

pagead-googlehosted.l.google.com

IN A

142.250.180.1
DNS

14e3182e46bc0479742cdf3d1ffcbdac.safeframe.googlesyndication.com

Remote address:

8.8.8.8:53

Request

14e3182e46bc0479742cdf3d1ffcbdac.safeframe.googlesyndication.com

IN Unknown

Response

14e3182e46bc0479742cdf3d1ffcbdac.safeframe.googlesyndication.com

IN CNAME

pagead-googlehosted.l.google.com
DNS

14e3182e46bc0479742cdf3d1ffcbdac.safeframe.googlesyndication.com

Remote address:

8.8.8.8:53

Request

14e3182e46bc0479742cdf3d1ffcbdac.safeframe.googlesyndication.com

IN A

Response

14e3182e46bc0479742cdf3d1ffcbdac.safeframe.googlesyndication.com

IN CNAME

pagead-googlehosted.l.google.com

pagead-googlehosted.l.google.com

IN A

142.250.180.1
DNS

dnacdn.net

Remote address:

8.8.8.8:53

Request

dnacdn.net

IN A

Response

dnacdn.net

IN A

178.250.7.13
DNS

dnacdn.net

Remote address:

8.8.8.8:53

Request

dnacdn.net

IN Unknown

Response
DNS

1x1.a-mo.net

Remote address:

8.8.8.8:53

Request

1x1.a-mo.net

IN A

Response

1x1.a-mo.net

IN A

52.200.122.91

1x1.a-mo.net

IN A

34.197.15.32

1x1.a-mo.net

IN A

34.234.115.171

1x1.a-mo.net

IN A

54.198.51.14

1x1.a-mo.net

IN A

52.22.241.133

1x1.a-mo.net

IN A

3.92.5.209
DNS

1x1.a-mo.net

Remote address:

8.8.8.8:53

Request

1x1.a-mo.net

IN Unknown

Response
DNS

0d4f329be38a4f08801ad5706670162d.safeframe.googlesyndication.com

Remote address:

8.8.8.8:53

Request

0d4f329be38a4f08801ad5706670162d.safeframe.googlesyndication.com

IN A

Response

0d4f329be38a4f08801ad5706670162d.safeframe.googlesyndication.com

IN CNAME

pagead-googlehosted.l.google.com

pagead-googlehosted.l.google.com

IN A

142.250.180.1
DNS

0d4f329be38a4f08801ad5706670162d.safeframe.googlesyndication.com

Remote address:

8.8.8.8:53

Request

0d4f329be38a4f08801ad5706670162d.safeframe.googlesyndication.com

IN Unknown

Response

0d4f329be38a4f08801ad5706670162d.safeframe.googlesyndication.com

IN CNAME

pagead-googlehosted.l.google.com
DNS

0d4f329be38a4f08801ad5706670162d.safeframe.googlesyndication.com

Remote address:

8.8.8.8:53

Request

0d4f329be38a4f08801ad5706670162d.safeframe.googlesyndication.com

IN A

Response

0d4f329be38a4f08801ad5706670162d.safeframe.googlesyndication.com

IN CNAME

pagead-googlehosted.l.google.com

pagead-googlehosted.l.google.com

IN A

142.250.180.1
DNS

tpc.googlesyndication.com

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

172.217.16.225
DNS

u.openx.net

Remote address:

8.8.8.8:53

Request

u.openx.net

IN A

Response

u.openx.net

IN A

35.244.159.8

u.openx.net

IN A

34.98.64.218
DNS

u.openx.net

Remote address:

8.8.8.8:53

Request

u.openx.net

IN Unknown

Response
DNS

cm.adform.net

Remote address:

8.8.8.8:53

Request

cm.adform.net

IN A

Response

cm.adform.net

IN CNAME

track-eu.adformnet.akadns.net

track-eu.adformnet.akadns.net

IN A

37.157.5.133

track-eu.adformnet.akadns.net

IN A

37.157.4.28

track-eu.adformnet.akadns.net

IN A

37.157.5.132

track-eu.adformnet.akadns.net

IN A

37.157.5.84

track-eu.adformnet.akadns.net

IN A

37.157.4.29
DNS

cm.adform.net

Remote address:

8.8.8.8:53

Request

cm.adform.net

IN Unknown

Response

cm.adform.net

IN CNAME

track-eu.adformnet.akadns.net
DNS

www.google.com

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

172.217.16.228
DNS

googleads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

216.58.201.98
DNS

tpc.googlesyndication.com

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

172.217.16.225
DNS

www.google.com

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

172.217.16.228
DNS

googleads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A
DNS

ads.pubmatic.com

Remote address:

8.8.8.8:53

Request

ads.pubmatic.com

IN A

Response

ads.pubmatic.com

IN CNAME

pubmatic.edgekey.net

pubmatic.edgekey.net

IN CNAME

e6603.g.akamaiedge.net

e6603.g.akamaiedge.net

IN A

104.115.32.236
DNS

prebid-stag.setupad.net

Remote address:

8.8.8.8:53

Request

prebid-stag.setupad.net

IN A

Response

prebid-stag.setupad.net

IN A

104.26.9.178

prebid-stag.setupad.net

IN A

172.67.68.162

prebid-stag.setupad.net

IN A

104.26.8.178
DNS

prebid-stag.setupad.net

Remote address:

8.8.8.8:53

Request

prebid-stag.setupad.net

IN Unknown

Response

prebid-stag.setupad.net

IN Unknown

h2h�h ��CD�
DNS

ads.pubmatic.com

Remote address:

8.8.8.8:53

Request

ads.pubmatic.com

IN A

Response

ads.pubmatic.com

IN CNAME

pubmatic.edgekey.net

pubmatic.edgekey.net

IN CNAME

e6603.g.akamaiedge.net

e6603.g.akamaiedge.net

IN A

104.115.32.236
DNS

googleads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

172.217.16.226
DNS

u.4dex.io

Remote address:

8.8.8.8:53

Request

u.4dex.io

IN A

Response

u.4dex.io

IN A

34.149.40.38
DNS

u.4dex.io

Remote address:

8.8.8.8:53

Request

u.4dex.io

IN Unknown

Response
DNS

tpc.googlesyndication.com

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

172.217.16.225
DNS

www.google.com

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

172.217.16.228
DNS

googleads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

216.58.201.98
DNS

69.111.196.5.in-addr.arpa

Remote address:

8.8.8.8:53

Request

69.111.196.5.in-addr.arpa

IN PTR

Response

69.111.196.5.in-addr.arpa

IN PTR

ip69ip-5-196-111eu
DNS

236.32.115.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

236.32.115.104.in-addr.arpa

IN PTR

Response

236.32.115.104.in-addr.arpa

IN PTR

a104-115-32-236deploystaticakamaitechnologiescom
DNS

8.159.244.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.159.244.35.in-addr.arpa

IN PTR

Response

8.159.244.35.in-addr.arpa

IN PTR

815924435bcgoogleusercontentcom
DNS

8.159.244.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.159.244.35.in-addr.arpa

IN PTR

Response

8.159.244.35.in-addr.arpa

IN PTR

815924435bcgoogleusercontentcom
DNS

145.22.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

145.22.18.104.in-addr.arpa

IN PTR

Response
DNS

1.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.180.250.142.in-addr.arpa

IN PTR

Response

1.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f11e100net
DNS

1.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.180.250.142.in-addr.arpa

IN PTR

Response

1.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f11e100net
DNS

13.7.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.7.250.178.in-addr.arpa

IN PTR

Response
DNS

91.122.200.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

91.122.200.52.in-addr.arpa

IN PTR

Response

91.122.200.52.in-addr.arpa

IN PTR

ec2-52-200-122-91 compute-1 amazonawscom
DNS

133.5.157.37.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.5.157.37.in-addr.arpa

IN PTR

Response
DNS

googleads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

216.58.201.98
DNS

googleads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

172.217.16.226
DNS

ads.pubmatic.com

Remote address:

8.8.8.8:53

Request

ads.pubmatic.com

IN A

Response

ads.pubmatic.com

IN CNAME

pubmatic.edgekey.net

pubmatic.edgekey.net

IN CNAME

e6603.g.akamaiedge.net

e6603.g.akamaiedge.net

IN A

104.115.32.236
DNS

onetag-sys.com

Remote address:

8.8.8.8:53

Request

onetag-sys.com

IN A

Response

onetag-sys.com

IN A

51.89.9.253

onetag-sys.com

IN A

51.75.86.98

onetag-sys.com

IN A

51.89.9.254

onetag-sys.com

IN A

51.89.9.252

onetag-sys.com

IN A

51.89.9.251

onetag-sys.com

IN A

51.38.120.206
DNS

onetag-sys.com

Remote address:

8.8.8.8:53

Request

onetag-sys.com

IN Unknown

Response
DNS

onetag-sys.com

Remote address:

8.8.8.8:53

Request

onetag-sys.com

IN A

Response

onetag-sys.com

IN A

51.89.9.251

onetag-sys.com

IN A

51.75.86.98

onetag-sys.com

IN A

51.89.9.254

onetag-sys.com

IN A

51.38.120.206

onetag-sys.com

IN A

51.89.9.252

onetag-sys.com

IN A

51.89.9.253
DNS

cdn.ampproject.org

Remote address:

8.8.8.8:53

Request

cdn.ampproject.org

IN A

Response

cdn.ampproject.org

IN CNAME

cdn-content.ampproject.org

cdn-content.ampproject.org

IN A

172.217.16.225
DNS

cdn.ampproject.org

Remote address:

8.8.8.8:53

Request

cdn.ampproject.org

IN Unknown

Response

cdn.ampproject.org

IN CNAME

cdn-content.ampproject.org
DNS

onetag-sys.com

Remote address:

8.8.8.8:53

Request

onetag-sys.com

IN A

Response

onetag-sys.com

IN A

51.89.9.252

onetag-sys.com

IN A

51.89.9.253

onetag-sys.com

IN A

51.89.9.254

onetag-sys.com

IN A

51.75.86.98

onetag-sys.com

IN A

51.38.120.206

onetag-sys.com

IN A

51.89.9.251
DNS

u.openx.net

Remote address:

8.8.8.8:53

Request

u.openx.net

IN A

Response

u.openx.net

IN A

34.98.64.218

u.openx.net

IN A

35.244.159.8
DNS

www.google.com

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

172.217.16.228
DNS

googleads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.250.200.34
DNS

178.9.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

178.9.26.104.in-addr.arpa

IN PTR

Response
DNS

38.40.149.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

38.40.149.34.in-addr.arpa

IN PTR

Response

38.40.149.34.in-addr.arpa

IN PTR

384014934bcgoogleusercontentcom
DNS

6.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

6.178.250.142.in-addr.arpa

IN PTR

Response

6.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f61e100net
DNS

2.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.178.250.142.in-addr.arpa

IN PTR

Response

2.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f21e100net
DNS

253.9.89.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

253.9.89.51.in-addr.arpa

IN PTR

Response

253.9.89.51.in-addr.arpa

IN PTR

ip253 ip-51-89-9eu
DNS

node.setupad.com

Remote address:

8.8.8.8:53

Request

node.setupad.com

IN A

Response

node.setupad.com

IN A

159.89.25.223
DNS

node.setupad.com

Remote address:

8.8.8.8:53

Request

node.setupad.com

IN Unknown

Response
DNS

static.criteo.net

Request

static.criteo.net

IN A

Response

static.criteo.net

IN CNAME

static.nl3.vip.prod.criteo.net

static.nl3.vip.prod.criteo.net

IN A

178.250.1.3
DNS

static.criteo.net

Request

static.criteo.net

IN Unknown

Response

static.criteo.net

IN CNAME

static.nl3.vip.prod.criteo.net
DNS

39a8fe1ff1aac9d17eb5f0ae89110709.safeframe.googlesyndication.com

Request

39a8fe1ff1aac9d17eb5f0ae89110709.safeframe.googlesyndication.com

IN A

Response

39a8fe1ff1aac9d17eb5f0ae89110709.safeframe.googlesyndication.com

IN CNAME

pagead-googlehosted.l.google.com

pagead-googlehosted.l.google.com

IN A

142.250.180.1
DNS

39a8fe1ff1aac9d17eb5f0ae89110709.safeframe.googlesyndication.com

Request

39a8fe1ff1aac9d17eb5f0ae89110709.safeframe.googlesyndication.com

IN Unknown

Response

39a8fe1ff1aac9d17eb5f0ae89110709.safeframe.googlesyndication.com

IN CNAME

pagead-googlehosted.l.google.com
DNS

39a8fe1ff1aac9d17eb5f0ae89110709.safeframe.googlesyndication.com

Request

39a8fe1ff1aac9d17eb5f0ae89110709.safeframe.googlesyndication.com

IN A

Response

39a8fe1ff1aac9d17eb5f0ae89110709.safeframe.googlesyndication.com

IN CNAME

pagead-googlehosted.l.google.com

pagead-googlehosted.l.google.com

IN A

142.250.180.1
DNS

secure-assets.rubiconproject.com

Request

secure-assets.rubiconproject.com

IN A

Response

secure-assets.rubiconproject.com

IN CNAME

digicertwc.rubiconproject.com.edgekey.net

digicertwc.rubiconproject.com.edgekey.net

IN CNAME

e8960.e2.akamaiedge.net

e8960.e2.akamaiedge.net

IN A

23.215.239.190
DNS

secure-assets.rubiconproject.com

Request

secure-assets.rubiconproject.com

IN Unknown

Response

secure-assets.rubiconproject.com

IN CNAME

digicertwc.rubiconproject.com.edgekey.net

digicertwc.rubiconproject.com.edgekey.net

IN CNAME

e8960.e2.akamaiedge.net
DNS

secure-assets.rubiconproject.com

Request

secure-assets.rubiconproject.com

IN A

Response

secure-assets.rubiconproject.com

IN CNAME

digicertwc.rubiconproject.com.edgekey.net

digicertwc.rubiconproject.com.edgekey.net

IN CNAME

e8960.e2.akamaiedge.net

e8960.e2.akamaiedge.net

IN A

23.215.239.190
DNS

ads.us.e-planning.net

Request

ads.us.e-planning.net

IN A

Response

ads.us.e-planning.net

IN A

193.3.178.4
DNS

ads.us.e-planning.net

Request

ads.us.e-planning.net

IN Unknown

Response
DNS

ads.us.e-planning.net

Request

ads.us.e-planning.net

IN A

Response

ads.us.e-planning.net

IN A

193.3.178.3
DNS

sync.1rx.io

Request

sync.1rx.io

IN A

Response

sync.1rx.io

IN A

46.228.174.117
DNS

sync.1rx.io

Request

sync.1rx.io

IN Unknown

Response
DNS

u.openx.net

Request

u.openx.net

IN A

Response

u.openx.net

IN A

34.98.64.218

u.openx.net

IN A

35.244.159.8
DNS

rtb.mfadsrvr.com

Request

rtb.mfadsrvr.com

IN A

Response

rtb.mfadsrvr.com

IN CNAME

pool.dorpat.iponweb.net

pool.dorpat.iponweb.net

IN CNAME

dorpat.geo.iponweb.net

dorpat.geo.iponweb.net

IN CNAME

elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com

elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com

IN A

18.197.118.154

elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com

IN A

3.122.34.216

elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com

IN A

52.28.236.78

elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com

IN A

3.73.17.159

elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com

IN A

3.64.107.104

elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com

IN A

35.157.15.100
DNS

rtb.mfadsrvr.com

Request

rtb.mfadsrvr.com

IN Unknown

Response

rtb.mfadsrvr.com

IN CNAME

pool.dorpat.iponweb.net

pool.dorpat.iponweb.net

IN CNAME

dorpat.geo.iponweb.net

dorpat.geo.iponweb.net

IN CNAME

elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com
DNS

sync.mathtag.com

Request

sync.mathtag.com

IN A

Response

sync.mathtag.com

IN CNAME

pixel-origin.mathtag.com

pixel-origin.mathtag.com

IN A

216.200.232.249

pixel-origin.mathtag.com

IN A

216.200.232.253

pixel-origin.mathtag.com

IN A

74.121.140.211
DNS

sync.mathtag.com

Request

sync.mathtag.com

IN Unknown

Response

sync.mathtag.com

IN CNAME

pixel-origin.mathtag.com
DNS

pixel-eu.rubiconproject.com

Request

pixel-eu.rubiconproject.com

IN A

Response

pixel-eu.rubiconproject.com

IN CNAME

pixel-eu.rubiconproject.net.akadns.net

pixel-eu.rubiconproject.net.akadns.net

IN A

213.19.162.90

pixel-eu.rubiconproject.net.akadns.net

IN A

213.19.162.80
DNS

pixel-eu.rubiconproject.com

Request

pixel-eu.rubiconproject.com

IN Unknown

Response

pixel-eu.rubiconproject.com

IN CNAME

pixel-eu.rubiconproject.net.akadns.net
DNS

ib.adnxs.com

Request

ib.adnxs.com

IN A

Response

ib.adnxs.com

IN CNAME

g.geo.appnexusgslb.net

g.geo.appnexusgslb.net

IN CNAME

ib.anycast.adnxs.com

ib.anycast.adnxs.com

IN A

37.252.171.52

ib.anycast.adnxs.com

IN A

37.252.173.215

ib.anycast.adnxs.com

IN A

37.252.171.53

ib.anycast.adnxs.com

IN A

37.252.171.21

ib.anycast.adnxs.com

IN A

37.252.171.149

ib.anycast.adnxs.com

IN A

37.252.171.85

ib.anycast.adnxs.com

IN A

37.252.172.123
DNS

ib.adnxs.com

Request

ib.adnxs.com

IN Unknown

Response

ib.adnxs.com

IN CNAME

g.geo.appnexusgslb.net

g.geo.appnexusgslb.net

IN CNAME

ib.anycast.adnxs.com
DNS

ads.stickyadstv.com

Request

ads.stickyadstv.com

IN A

Response

ads.stickyadstv.com

IN CNAME

ip1.ads.stickyadstv.com.akadns.net

ip1.ads.stickyadstv.com.akadns.net

IN CNAME

ip2.ads.stickyadstv.com.akadns.net

ip2.ads.stickyadstv.com.akadns.net

IN CNAME

eu-west-dual.ads.stickyadstv.com.akadns.net

eu-west-dual.ads.stickyadstv.com.akadns.net

IN A

154.54.250.151

eu-west-dual.ads.stickyadstv.com.akadns.net

IN A

154.57.158.26

eu-west-dual.ads.stickyadstv.com.akadns.net

IN A

154.57.158.25

eu-west-dual.ads.stickyadstv.com.akadns.net

IN A

154.54.250.150
DNS

ads.stickyadstv.com

Request

ads.stickyadstv.com

IN Unknown

Response

ads.stickyadstv.com

IN CNAME

ip1.ads.stickyadstv.com.akadns.net

ip1.ads.stickyadstv.com.akadns.net

IN CNAME

ip2.ads.stickyadstv.com.akadns.net

ip2.ads.stickyadstv.com.akadns.net

IN CNAME

eu-west-dual.ads.stickyadstv.com.akadns.net
DNS

pixel.rubiconproject.com

Request

pixel.rubiconproject.com

IN A

Response

pixel.rubiconproject.com

IN CNAME

pixel.rubiconproject.net.akadns.net

pixel.rubiconproject.net.akadns.net

IN A

213.19.162.80

pixel.rubiconproject.net.akadns.net

IN A

213.19.162.90
DNS

pixel.rubiconproject.com

Request

pixel.rubiconproject.com

IN Unknown

Response

pixel.rubiconproject.com

IN CNAME

pixel.rubiconproject.net.akadns.net
DNS

googleads.g.doubleclick.net

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.250.187.194
DNS

cs.admanmedia.com

Request

cs.admanmedia.com

IN A

Response

cs.admanmedia.com

IN A

80.77.87.161
DNS

cs.admanmedia.com

Request

cs.admanmedia.com

IN Unknown

Response
DNS

t.adx.opera.com

Request

t.adx.opera.com

IN A

Response

t.adx.opera.com

IN CNAME

outspot2-ams.adx.opera.com

outspot2-ams.adx.opera.com

IN A

82.145.213.8
DNS

t.adx.opera.com

Request

t.adx.opera.com

IN Unknown

Response

t.adx.opera.com

IN CNAME

outspot2-ams.adx.opera.com
DNS

ssbsync-global.smartadserver.com

Request

ssbsync-global.smartadserver.com

IN A

Response

ssbsync-global.smartadserver.com

IN CNAME

usersync-geo-global.usersync-prod-sas.akadns.net

usersync-geo-global.usersync-prod-sas.akadns.net

IN CNAME

ssbsync-euw2.smartadserver.com

ssbsync-euw2.smartadserver.com

IN A

5.196.111.69

ssbsync-euw2.smartadserver.com

IN A

5.196.111.68

ssbsync-euw2.smartadserver.com

IN A

5.135.209.101

ssbsync-euw2.smartadserver.com

IN A

178.32.210.230

ssbsync-euw2.smartadserver.com

IN A

217.182.178.228

ssbsync-euw2.smartadserver.com

IN A

149.202.238.100

ssbsync-euw2.smartadserver.com

IN A

149.202.238.101

ssbsync-euw2.smartadserver.com

IN A

5.135.209.100

ssbsync-euw2.smartadserver.com

IN A

91.134.110.133

ssbsync-euw2.smartadserver.com

IN A

51.178.195.212

ssbsync-euw2.smartadserver.com

IN A

164.132.25.181

ssbsync-euw2.smartadserver.com

IN A

178.32.197.52

ssbsync-euw2.smartadserver.com

IN A

51.178.195.213

ssbsync-euw2.smartadserver.com

IN A

178.32.210.231

ssbsync-euw2.smartadserver.com

IN A

217.182.178.229

ssbsync-euw2.smartadserver.com

IN A

91.134.110.132

ssbsync-euw2.smartadserver.com

IN A

164.132.25.180

ssbsync-euw2.smartadserver.com

IN A

178.32.197.53
DNS

ssbsync-global.smartadserver.com

Request

ssbsync-global.smartadserver.com

IN Unknown

Response

ssbsync-global.smartadserver.com

IN CNAME

usersync-geo-global.usersync-prod-sas.akadns.net

usersync-geo-global.usersync-prod-sas.akadns.net

IN CNAME

ssbsync-euw2.smartadserver.com
DNS

image8.pubmatic.com

Request

image8.pubmatic.com

IN A

Response

image8.pubmatic.com

IN CNAME

image8-v2.pubmnet.com

image8-v2.pubmnet.com

IN CNAME

imgsync-amsfpairbc.pubmnet.com

imgsync-amsfpairbc.pubmnet.com

IN A

198.47.127.18
DNS

image8.pubmatic.com

Request

image8.pubmatic.com

IN Unknown

Response

image8.pubmatic.com

IN CNAME

image8-v2.pubmnet.com

image8-v2.pubmnet.com

IN CNAME

imagesync-lhrc.pubmnet.com
DNS

wcpstatic.microsoft.com

Request

wcpstatic.microsoft.com

IN A

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net

part-0036.t-0009.t-msedge.net

IN A

13.107.246.64

part-0036.t-0009.t-msedge.net

IN A

13.107.213.64
DNS

wcpstatic.microsoft.com

Request

wcpstatic.microsoft.com

IN Unknown

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net
DNS

223.25.89.159.in-addr.arpa

Request

223.25.89.159.in-addr.arpa

IN PTR

Response
DNS

223.25.89.159.in-addr.arpa

Request

223.25.89.159.in-addr.arpa

IN PTR

Response
DNS

3.1.250.178.in-addr.arpa

Request

3.1.250.178.in-addr.arpa

IN PTR

Response
DNS

3.1.250.178.in-addr.arpa

Request

3.1.250.178.in-addr.arpa

IN PTR

Response
DNS

4.178.3.193.in-addr.arpa

Request

4.178.3.193.in-addr.arpa

IN PTR

Response

4.178.3.193.in-addr.arpa

IN PTR

adsus e-planningnet
DNS

4.178.3.193.in-addr.arpa

Request

4.178.3.193.in-addr.arpa

IN PTR

Response

4.178.3.193.in-addr.arpa

IN PTR

adsus e-planningnet
DNS

190.239.215.23.in-addr.arpa

Request

190.239.215.23.in-addr.arpa

IN PTR

Response

190.239.215.23.in-addr.arpa

IN PTR

a23-215-239-190deploystaticakamaitechnologiescom
DNS

190.239.215.23.in-addr.arpa

Request

190.239.215.23.in-addr.arpa

IN PTR

Response

190.239.215.23.in-addr.arpa

IN PTR

a23-215-239-190deploystaticakamaitechnologiescom
DNS

cm.g.doubleclick.net

Request

cm.g.doubleclick.net

IN A

Response

cm.g.doubleclick.net

IN A

172.217.16.226
DNS

cm.g.doubleclick.net

Request

cm.g.doubleclick.net

IN Unknown

Response
DNS

s.amazon-adsystem.com

Request

s.amazon-adsystem.com

IN A

Response

s.amazon-adsystem.com

IN A

52.46.151.131
DNS

s.amazon-adsystem.com

Request

s.amazon-adsystem.com

IN Unknown

Response
DNS

setupad-d.openx.net

Request

setupad-d.openx.net

IN A

Response

setupad-d.openx.net

IN A

34.98.64.218

setupad-d.openx.net

IN A

35.244.159.8
DNS

setupad-d.openx.net

Request

setupad-d.openx.net

IN Unknown

Response
DNS

setupad-d.openx.net

Request

setupad-d.openx.net

IN A

Response

setupad-d.openx.net

IN A

35.244.159.8

setupad-d.openx.net

IN A

34.98.64.218
DNS

ads.pubmatic.com

Request

ads.pubmatic.com

IN A

Response

ads.pubmatic.com

IN CNAME

pubmatic.edgekey.net

pubmatic.edgekey.net

IN CNAME

e6603.g.akamaiedge.net

e6603.g.akamaiedge.net

IN A

104.115.32.236
DNS

adxbid.info

Request

adxbid.info

IN A

Response

adxbid.info

IN A

172.67.138.13

adxbid.info

IN A

104.21.48.215
DNS

adxbid.info

Request

adxbid.info

IN Unknown

Response

adxbid.info

IN Unknown

h3h2h0׬C� &G00�C� &G05h0�
DNS

adxbid.info

Request

adxbid.info

IN A

Response

adxbid.info

IN A

104.21.48.215

adxbid.info

IN A

172.67.138.13
DNS

sync.a-mo.net

Request

sync.a-mo.net

IN A

Response

sync.a-mo.net

IN CNAME

am6-prebid.a-mx.net

am6-prebid.a-mx.net

IN A

145.40.97.67

am6-prebid.a-mx.net

IN A

147.75.84.158

am6-prebid.a-mx.net

IN A

145.40.97.66
DNS

sync.a-mo.net

Request

sync.a-mo.net

IN Unknown

Response

sync.a-mo.net

IN CNAME

am6-prebid.a-mx.net
DNS

sync.a-mo.net

Request

sync.a-mo.net

IN A

Response

sync.a-mo.net

IN CNAME

am6-prebid.a-mx.net

am6-prebid.a-mx.net

IN A

145.40.97.67

am6-prebid.a-mx.net

IN A

145.40.97.66

am6-prebid.a-mx.net

IN A

147.75.84.158
DNS

ads.pubmatic.com

Request

ads.pubmatic.com

IN A

Response

ads.pubmatic.com

IN CNAME

pubmatic.edgekey.net

pubmatic.edgekey.net

IN CNAME

e6603.g.akamaiedge.net

e6603.g.akamaiedge.net

IN A

104.115.32.236
DNS

setupad-d.openx.net

Request

setupad-d.openx.net

IN A

Response

setupad-d.openx.net

IN A

35.244.159.8

setupad-d.openx.net

IN A

34.98.64.218
DNS

sync.a-mo.net

Request

sync.a-mo.net

IN A

Response

sync.a-mo.net

IN CNAME

am6-prebid.a-mx.net

am6-prebid.a-mx.net

IN A

145.40.97.66

am6-prebid.a-mx.net

IN A

147.75.84.158

am6-prebid.a-mx.net

IN A

145.40.97.67
DNS

adxbid.info

Request

adxbid.info

IN A

Response

adxbid.info

IN A

172.67.138.13

adxbid.info

IN A

104.21.48.215
DNS

ssbsync.smartadserver.com

Request

ssbsync.smartadserver.com

IN A

Response

ssbsync.smartadserver.com

IN CNAME

ssbsync-geo.smartadserver.com

ssbsync-geo.smartadserver.com

IN CNAME

usersync-geo-global.usersync-prod-sas.akadns.net

usersync-geo-global.usersync-prod-sas.akadns.net

IN CNAME

ssbsync-euw1.smartadserver.com

ssbsync-euw1.smartadserver.com

IN A

81.17.55.171

ssbsync-euw1.smartadserver.com

IN A

89.149.192.244

ssbsync-euw1.smartadserver.com

IN A

89.149.192.245

ssbsync-euw1.smartadserver.com

IN A

89.149.192.196

ssbsync-euw1.smartadserver.com

IN A

89.149.192.197

ssbsync-euw1.smartadserver.com

IN A

81.17.55.170

ssbsync-euw1.smartadserver.com

IN A

81.17.55.122

ssbsync-euw1.smartadserver.com

IN A

81.17.55.109

ssbsync-euw1.smartadserver.com

IN A

81.17.55.108

ssbsync-euw1.smartadserver.com

IN A

89.149.192.76

ssbsync-euw1.smartadserver.com

IN A

81.17.55.123

ssbsync-euw1.smartadserver.com

IN A

89.149.192.75
DNS

ssbsync.smartadserver.com

Request

ssbsync.smartadserver.com

IN Unknown

Response

ssbsync.smartadserver.com

IN CNAME

ssbsync-geo.smartadserver.com

ssbsync-geo.smartadserver.com

IN CNAME

usersync-geo-global.usersync-prod-sas.akadns.net

usersync-geo-global.usersync-prod-sas.akadns.net

IN CNAME

ssbsync-euw2.smartadserver.com
DNS

ssbsync.smartadserver.com

Request

ssbsync.smartadserver.com

IN A

Response

ssbsync.smartadserver.com

IN CNAME

ssbsync-geo.smartadserver.com

ssbsync-geo.smartadserver.com

IN CNAME

usersync-geo-global.usersync-prod-sas.akadns.net

usersync-geo-global.usersync-prod-sas.akadns.net

IN CNAME

ssbsync-euw2.smartadserver.com

ssbsync-euw2.smartadserver.com

IN A

51.178.195.213

ssbsync-euw2.smartadserver.com

IN A

217.182.178.229

ssbsync-euw2.smartadserver.com

IN A

91.134.110.133

ssbsync-euw2.smartadserver.com

IN A

178.32.197.53

ssbsync-euw2.smartadserver.com

IN A

5.196.111.68

ssbsync-euw2.smartadserver.com

IN A

178.32.210.230

ssbsync-euw2.smartadserver.com

IN A

5.196.111.69

ssbsync-euw2.smartadserver.com

IN A

149.202.238.101

ssbsync-euw2.smartadserver.com

IN A

5.135.209.101

ssbsync-euw2.smartadserver.com

IN A

217.182.178.228

ssbsync-euw2.smartadserver.com

IN A

178.32.210.231

ssbsync-euw2.smartadserver.com

IN A

51.178.195.212

ssbsync-euw2.smartadserver.com

IN A

91.134.110.132

ssbsync-euw2.smartadserver.com

IN A

164.132.25.181

ssbsync-euw2.smartadserver.com

IN A

164.132.25.180

ssbsync-euw2.smartadserver.com

IN A

149.202.238.100

ssbsync-euw2.smartadserver.com

IN A

178.32.197.52

ssbsync-euw2.smartadserver.com

IN A

5.135.209.100
DNS

eus.rubiconproject.com

Request

eus.rubiconproject.com

IN A

Response

eus.rubiconproject.com

IN CNAME

eus.rubiconproject.com.edgekey.net

eus.rubiconproject.com.edgekey.net

IN CNAME

e8960.b.akamaiedge.net

e8960.b.akamaiedge.net

IN A

92.123.242.2
DNS

www.google.com

Request

www.google.com

IN A

Response

www.google.com

IN A

172.217.16.228
DNS

www.google.com

Request

www.google.com

IN Unknown

Response

www.google.com

IN Unknown

h2h3
DNS

rtb-csync.smartadserver.com

Request

rtb-csync.smartadserver.com

IN A

Response

rtb-csync.smartadserver.com

IN CNAME

rtb-csync-geo.usersync-prod-sas.akadns.net

rtb-csync-geo.usersync-prod-sas.akadns.net

IN CNAME

rtb-csync-euw1.smartadserver.com

rtb-csync-euw1.smartadserver.com

IN A

89.149.192.74

rtb-csync-euw1.smartadserver.com

IN A

89.149.192.200

rtb-csync-euw1.smartadserver.com

IN A

81.17.55.173

rtb-csync-euw1.smartadserver.com

IN A

81.17.55.117

rtb-csync-euw1.smartadserver.com

IN A

89.149.192.201

rtb-csync-euw1.smartadserver.com

IN A

81.17.55.116

rtb-csync-euw1.smartadserver.com

IN A

81.17.55.97

rtb-csync-euw1.smartadserver.com

IN A

89.149.192.73

rtb-csync-euw1.smartadserver.com

IN A

81.17.55.172

rtb-csync-euw1.smartadserver.com

IN A

81.17.55.106
DNS

rtb-csync.smartadserver.com

Request

rtb-csync.smartadserver.com

IN Unknown

Response

rtb-csync.smartadserver.com

IN CNAME

rtb-csync-geo.usersync-prod-sas.akadns.net

rtb-csync-geo.usersync-prod-sas.akadns.net

IN CNAME

rtb-csync-euw2.smartadserver.com
DNS

secure.adnxs.com

Request

secure.adnxs.com

IN A

Response

secure.adnxs.com

IN CNAME

g.geo.appnexusgslb.net

g.geo.appnexusgslb.net

IN CNAME

ib.anycast.adnxs.com

ib.anycast.adnxs.com

IN A

37.252.171.53

ib.anycast.adnxs.com

IN A

37.252.171.149

ib.anycast.adnxs.com

IN A

37.252.171.21

ib.anycast.adnxs.com

IN A

37.252.171.52

ib.anycast.adnxs.com

IN A

37.252.172.123

ib.anycast.adnxs.com

IN A

37.252.171.85

ib.anycast.adnxs.com

IN A

37.252.173.215
DNS

secure.adnxs.com

Request

secure.adnxs.com

IN Unknown

Response

secure.adnxs.com

IN CNAME

g.geo.appnexusgslb.net

g.geo.appnexusgslb.net

IN CNAME

ib.anycast.adnxs.com
DNS

eu-u.openx.net

Request

eu-u.openx.net

IN A

Response

eu-u.openx.net

IN A

35.244.159.8

eu-u.openx.net

IN A

34.98.64.218
DNS

eu-u.openx.net

Request

eu-u.openx.net

IN Unknown

Response
DNS

ice.360yield.com

Request

ice.360yield.com

IN A

Response

ice.360yield.com

IN CNAME

euw-ice.360yield.com

euw-ice.360yield.com

IN A

54.195.226.61

euw-ice.360yield.com

IN A

54.217.116.3

euw-ice.360yield.com

IN A

52.208.220.232

euw-ice.360yield.com

IN A

54.194.25.32

euw-ice.360yield.com

IN A

52.31.199.23

euw-ice.360yield.com

IN A

52.212.58.235

euw-ice.360yield.com

IN A

54.228.144.151

euw-ice.360yield.com

IN A

52.208.63.64
DNS

ice.360yield.com

Request

ice.360yield.com

IN Unknown

Response

ice.360yield.com

IN CNAME

euw-ice.360yield.com
DNS

eus.rubiconproject.com

Request

eus.rubiconproject.com

IN A

Response

eus.rubiconproject.com

IN CNAME

eus.rubiconproject.com.edgekey.net

eus.rubiconproject.com.edgekey.net

IN CNAME

e8960.b.akamaiedge.net

e8960.b.akamaiedge.net

IN A

92.123.242.2
DNS

eus.rubiconproject.com

Request

eus.rubiconproject.com

IN Unknown

Response

eus.rubiconproject.com

IN CNAME

eus.rubiconproject.com.edgekey.net

eus.rubiconproject.com.edgekey.net

IN CNAME

e8960.b.akamaiedge.net
DNS

x.bidswitch.net

Request

x.bidswitch.net

IN A

Response

x.bidswitch.net

IN CNAME

user-data-eu.bidswitch.net

user-data-eu.bidswitch.net

IN A

35.214.149.91
DNS

x.bidswitch.net

Request

x.bidswitch.net

IN Unknown

Response

x.bidswitch.net

IN CNAME

user-data-eu.bidswitch.net
DNS

90.162.19.213.in-addr.arpa

Request

90.162.19.213.in-addr.arpa

IN PTR

Response
DNS

154.118.197.18.in-addr.arpa

Request

154.118.197.18.in-addr.arpa

IN PTR

Response

154.118.197.18.in-addr.arpa

IN PTR

ec2-18-197-118-154eu-central-1compute amazonawscom
DNS

52.171.252.37.in-addr.arpa

Request

52.171.252.37.in-addr.arpa

IN PTR

Response

52.171.252.37.in-addr.arpa

IN PTR

1005bm-nginx-loadbalancermgmtfra1adnexusnet
DNS

80.162.19.213.in-addr.arpa

Request

80.162.19.213.in-addr.arpa

IN PTR

Response
DNS

8.213.145.82.in-addr.arpa

Request

8.213.145.82.in-addr.arpa

IN PTR

Response

8.213.145.82.in-addr.arpa

IN PTR

n-sysadmin-jumpbox-03feednewsopera technology
DNS

151.250.54.154.in-addr.arpa

Request

151.250.54.154.in-addr.arpa

IN PTR

Response
DNS

18.127.47.198.in-addr.arpa

Request

18.127.47.198.in-addr.arpa

IN PTR

Response
DNS

117.174.228.46.in-addr.arpa

Request

117.174.228.46.in-addr.arpa

IN PTR

Response
DNS

161.87.77.80.in-addr.arpa

Request

161.87.77.80.in-addr.arpa

IN PTR

Response
DNS

249.232.200.216.in-addr.arpa

Request

249.232.200.216.in-addr.arpa

IN PTR

Response
DNS

226.16.217.172.in-addr.arpa

Request

226.16.217.172.in-addr.arpa

IN PTR

Response

226.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f21e100net

226.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f2�H
DNS

131.151.46.52.in-addr.arpa

Request

131.151.46.52.in-addr.arpa

IN PTR

Response
DNS

13.138.67.172.in-addr.arpa

Request

13.138.67.172.in-addr.arpa

IN PTR

Response
DNS

218.64.98.34.in-addr.arpa

Request

218.64.98.34.in-addr.arpa

IN PTR

Response

218.64.98.34.in-addr.arpa

IN PTR

218649834bcgoogleusercontentcom
DNS

171.55.17.81.in-addr.arpa

Request

171.55.17.81.in-addr.arpa

IN PTR

Response
DNS

53.171.252.37.in-addr.arpa

Request

53.171.252.37.in-addr.arpa

IN PTR

Response

53.171.252.37.in-addr.arpa

IN PTR

1003bm-nginx-loadbalancermgmtfra1adnexusnet
DNS

2.242.123.92.in-addr.arpa

Request

2.242.123.92.in-addr.arpa

IN PTR

Response

2.242.123.92.in-addr.arpa

IN PTR

a92-123-242-2deploystaticakamaitechnologiescom
DNS

74.192.149.89.in-addr.arpa

Request

74.192.149.89.in-addr.arpa

IN PTR

Response
DNS

gum.criteo.com

Request

gum.criteo.com

IN A

Response

gum.criteo.com

IN CNAME

gum.nl3.vip.prod.criteo.com

gum.nl3.vip.prod.criteo.com

IN A

178.250.1.11
DNS

gum.criteo.com

Request

gum.criteo.com

IN Unknown

Response

gum.criteo.com

IN CNAME

gum.nl3.vip.prod.criteo.com
DNS

gum.criteo.com

Request

gum.criteo.com

IN A

Response

gum.criteo.com

IN CNAME

gum.nl3.vip.prod.criteo.com

gum.nl3.vip.prod.criteo.com

IN A

178.250.1.11
DNS

gum.criteo.com

Request

gum.criteo.com

IN A

Response

gum.criteo.com

IN CNAME

gum.nl3.vip.prod.criteo.com

gum.nl3.vip.prod.criteo.com

IN A

178.250.1.11
DNS

gum.criteo.com

Request

gum.criteo.com

IN A

Response

gum.criteo.com

IN CNAME

gum.nl3.vip.prod.criteo.com

gum.nl3.vip.prod.criteo.com

IN A

178.250.1.11
DNS

tpc.googlesyndication.com

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

172.217.16.225
DNS

www.google.com

Request

www.google.com

IN A

Response

www.google.com

IN A

172.217.16.228
DNS

u.4dex.io

Request

u.4dex.io

IN A

Response

u.4dex.io

IN A

34.149.40.38
DNS

u.4dex.io

Request

u.4dex.io

IN Unknown

Response
DNS

eb2.3lift.com

Request

eb2.3lift.com

IN A

Response

eb2.3lift.com

IN CNAME

eu-eb2.3lift.com

eu-eb2.3lift.com

IN A

76.223.111.18

eu-eb2.3lift.com

IN A

13.248.245.213
DNS

eb2.3lift.com

Request

eb2.3lift.com

IN Unknown

Response

eb2.3lift.com

IN CNAME

eu-eb2.3lift.com
DNS

61.226.195.54.in-addr.arpa

Request

61.226.195.54.in-addr.arpa

IN PTR

Response

61.226.195.54.in-addr.arpa

IN PTR

ec2-54-195-226-61 eu-west-1compute amazonawscom
DNS

61.226.195.54.in-addr.arpa

Request

61.226.195.54.in-addr.arpa

IN PTR

Response

61.226.195.54.in-addr.arpa

IN PTR

ec2-54-195-226-61 eu-west-1compute amazonawscom
DNS

s.amazon-adsystem.com

Request

s.amazon-adsystem.com

IN A

Response

s.amazon-adsystem.com

IN A

209.54.182.161
DNS

s.amazon-adsystem.com

Request

s.amazon-adsystem.com

IN Unknown

Response
DNS

cm.g.doubleclick.net

Request

cm.g.doubleclick.net

IN A

Response

cm.g.doubleclick.net

IN A

142.250.200.34
DNS

cm.g.doubleclick.net

Request

cm.g.doubleclick.net

IN Unknown

Response
DNS

assets.a-mo.net

Request

assets.a-mo.net

IN A

Response

assets.a-mo.net

IN CNAME

assets.a-mo.net.cdn.cloudflare.net

assets.a-mo.net.cdn.cloudflare.net

IN A

104.19.158.19

assets.a-mo.net.cdn.cloudflare.net

IN A

104.19.159.19
DNS

assets.a-mo.net

Request

assets.a-mo.net

IN Unknown

Response

assets.a-mo.net

IN CNAME

assets.a-mo.net.cdn.cloudflare.net

assets.a-mo.net.cdn.cloudflare.net

IN Unknown

h2h�h� &Gh�&Gh�
DNS

91.149.214.35.in-addr.arpa

Request

91.149.214.35.in-addr.arpa

IN PTR

Response

91.149.214.35.in-addr.arpa

IN PTR

9114921435bcgoogleusercontentcom
DNS

91.149.214.35.in-addr.arpa

Request

91.149.214.35.in-addr.arpa

IN PTR

Response

91.149.214.35.in-addr.arpa

IN PTR

9114921435bcgoogleusercontentcom
DNS

match.prod.bidr.io

Request

match.prod.bidr.io

IN A

Response

match.prod.bidr.io

IN A

34.247.172.184

match.prod.bidr.io

IN A

34.246.207.123

match.prod.bidr.io

IN A

52.30.157.117

match.prod.bidr.io

IN A

34.253.45.44

match.prod.bidr.io

IN A

52.209.243.124

match.prod.bidr.io

IN A

52.19.84.37

match.prod.bidr.io

IN A

52.214.83.111

match.prod.bidr.io

IN A

52.19.105.29
DNS

match.prod.bidr.io

Request

match.prod.bidr.io

IN Unknown

Response
DNS

s.ad.smaato.net

Request

s.ad.smaato.net

IN A

Response

s.ad.smaato.net

IN A

18.164.52.4

s.ad.smaato.net

IN A

18.164.52.46

s.ad.smaato.net

IN A

18.164.52.25

s.ad.smaato.net

IN A

18.164.52.116
DNS

s.ad.smaato.net

Request

s.ad.smaato.net

IN Unknown

Response
DNS

rtb-csync.smartadserver.com

Request

rtb-csync.smartadserver.com

IN A

Response

rtb-csync.smartadserver.com

IN CNAME

rtb-csync-geo.usersync-prod-sas.akadns.net

rtb-csync-geo.usersync-prod-sas.akadns.net

IN CNAME

rtb-csync-euw1.smartadserver.com

rtb-csync-euw1.smartadserver.com

IN A

89.149.192.201

rtb-csync-euw1.smartadserver.com

IN A

81.17.55.173

rtb-csync-euw1.smartadserver.com

IN A

81.17.55.116

rtb-csync-euw1.smartadserver.com

IN A

89.149.192.200

rtb-csync-euw1.smartadserver.com

IN A

81.17.55.106

rtb-csync-euw1.smartadserver.com

IN A

81.17.55.97

rtb-csync-euw1.smartadserver.com

IN A

89.149.192.74

rtb-csync-euw1.smartadserver.com

IN A

81.17.55.117

rtb-csync-euw1.smartadserver.com

IN A

81.17.55.172

rtb-csync-euw1.smartadserver.com

IN A

89.149.192.73
DNS

rtb-csync.smartadserver.com

Request

rtb-csync.smartadserver.com

IN Unknown

Response

rtb-csync.smartadserver.com

IN CNAME

rtb-csync-geo.usersync-prod-sas.akadns.net

rtb-csync-geo.usersync-prod-sas.akadns.net

IN CNAME

rtb-csync-euw2.smartadserver.com
DNS

id5-sync.com

Request

id5-sync.com

IN A

Response

id5-sync.com

IN A

162.19.138.82

id5-sync.com

IN A

162.19.138.116

id5-sync.com

IN A

141.95.98.65

id5-sync.com

IN A

162.19.138.120

id5-sync.com

IN A

162.19.138.118

id5-sync.com

IN A

162.19.138.117

id5-sync.com

IN A

141.95.33.120

id5-sync.com

IN A

141.95.98.64

id5-sync.com

IN A

162.19.138.83

id5-sync.com

IN A

162.19.138.119
DNS

id5-sync.com

Request

id5-sync.com

IN Unknown

Response
DNS

ads.pubmatic.com

Request

ads.pubmatic.com

IN A

Response

ads.pubmatic.com

IN CNAME

pubmatic.edgekey.net

pubmatic.edgekey.net

IN CNAME

e6603.g.akamaiedge.net

e6603.g.akamaiedge.net

IN A

104.115.32.236
DNS

setupad-d.openx.net

Request

setupad-d.openx.net

IN A

Response

setupad-d.openx.net

IN A

35.244.159.8

setupad-d.openx.net

IN A

34.98.64.218
DNS

sync.a-mo.net

Request

sync.a-mo.net

IN A

Response

sync.a-mo.net

IN CNAME

am6-prebid.a-mx.net

am6-prebid.a-mx.net

IN A

147.75.84.158

am6-prebid.a-mx.net

IN A

145.40.97.67

am6-prebid.a-mx.net

IN A

145.40.97.66
DNS

pixel-sync.sitescout.com

Request

pixel-sync.sitescout.com

IN Unknown

Response
DNS

ad.turn.com

Request

ad.turn.com

IN A

Response

ad.turn.com

IN CNAME

ad.turn.com.akadns.net

ad.turn.com.akadns.net

IN A

46.228.164.11
DNS

ad.turn.com

Request

ad.turn.com

IN Unknown

Response

ad.turn.com

IN CNAME

ad.turn.com.akadns.net
DNS

bh.contextweb.com

Request

bh.contextweb.com

IN A

Response

bh.contextweb.com

IN CNAME

am1-bh.contextweb.com

am1-bh.contextweb.com

IN CNAME

am1-direct-bgp.contextweb.com

am1-direct-bgp.contextweb.com

IN A

208.93.169.131
DNS

bh.contextweb.com

Request

bh.contextweb.com

IN Unknown

Response

bh.contextweb.com

IN CNAME

am1-bh.contextweb.com

am1-bh.contextweb.com

IN CNAME

am1-direct-bgp.contextweb.com
DNS

dsp.adfarm1.adition.com

Request

dsp.adfarm1.adition.com

IN A

Response

dsp.adfarm1.adition.com

IN A

85.114.159.93

dsp.adfarm1.adition.com

IN A

85.114.159.118
DNS

dsp.adfarm1.adition.com

Request

dsp.adfarm1.adition.com

IN Unknown

Response
DNS

ssum-sec.casalemedia.com

Request

ssum-sec.casalemedia.com

IN A

Response

ssum-sec.casalemedia.com

IN A

172.64.151.101

ssum-sec.casalemedia.com

IN A

104.18.36.155
DNS

ssum-sec.casalemedia.com

Request

ssum-sec.casalemedia.com

IN Unknown

Response
DNS

csync.loopme.me

Request

csync.loopme.me

IN A

Response

csync.loopme.me

IN CNAME

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

IN A

35.214.223.180

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

IN A

35.214.244.54

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

IN A

35.214.185.87

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

IN A

35.214.229.219

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

IN A

35.214.154.81

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

IN A

35.214.238.211

envoy-hl.envoy-csync1.core-b8mf.ov1o.com

IN A

35.214.129.22
DNS

csync.loopme.me

Request

csync.loopme.me

IN Unknown

Response

csync.loopme.me

IN CNAME

envoy-hl.envoy-csync1.core-b8mf.ov1o.com
DNS

dnacdn.net

Request

dnacdn.net

IN A

Response

dnacdn.net

IN A

178.250.7.13
DNS

dnacdn.net

Request

dnacdn.net

IN Unknown

Response
DNS

ag.gbc.criteo.com

Request

ag.gbc.criteo.com

IN A

Response

ag.gbc.criteo.com

IN CNAME

gbc5.fr3.eu.criteo.com

gbc5.fr3.eu.criteo.com

IN A

185.235.86.154

gbc5.fr3.eu.criteo.com

IN A

185.235.86.158

gbc5.fr3.eu.criteo.com

IN A

185.235.86.164

gbc5.fr3.eu.criteo.com

IN A

185.235.86.145

gbc5.fr3.eu.criteo.com

IN A

185.235.86.148

gbc5.fr3.eu.criteo.com

IN A

185.235.86.144

gbc5.fr3.eu.criteo.com

IN A

185.235.86.153

gbc5.fr3.eu.criteo.com

IN A

185.235.86.149

gbc5.fr3.eu.criteo.com

IN A

185.235.86.142

gbc5.fr3.eu.criteo.com

IN A

185.235.86.159

gbc5.fr3.eu.criteo.com

IN A

185.235.86.155

gbc5.fr3.eu.criteo.com

IN A

185.235.86.167

gbc5.fr3.eu.criteo.com

IN A

185.235.86.147

gbc5.fr3.eu.criteo.com

IN A

185.235.86.161

gbc5.fr3.eu.criteo.com

IN A

185.235.86.157

gbc5.fr3.eu.criteo.com

IN A

185.235.86.162

gbc5.fr3.eu.criteo.com

IN A

185.235.86.165

gbc5.fr3.eu.criteo.com

IN A

185.235.86.151

gbc5.fr3.eu.criteo.com

IN A

185.235.86.140

gbc5.fr3.eu.criteo.com

IN A

185.235.86.160

gbc5.fr3.eu.criteo.com

IN A

185.235.86.150

gbc5.fr3.eu.criteo.com

IN A

185.235.86.146

gbc5.fr3.eu.criteo.com

IN A

185.235.86.156

gbc5.fr3.eu.criteo.com

IN A

185.235.86.141

gbc5.fr3.eu.criteo.com

IN A

185.235.86.152

gbc5.fr3.eu.criteo.com

IN A

185.235.86.166

gbc5.fr3.eu.criteo.com

IN A

185.235.86.143

gbc5.fr3.eu.criteo.com

IN A

185.235.86.163
DNS

ag.gbc.criteo.com

Request

ag.gbc.criteo.com

IN Unknown

Response

ag.gbc.criteo.com

IN CNAME

gbc1.fr3.eu.criteo.com
DNS

gem.gbc.criteo.com

Request

gem.gbc.criteo.com

IN A

Response

gem.gbc.criteo.com

IN CNAME

gbc7.nl3.eu.criteo.com

gbc7.nl3.eu.criteo.com

IN A

185.235.87.222

gbc7.nl3.eu.criteo.com

IN A

185.235.87.206

gbc7.nl3.eu.criteo.com

IN A

185.235.87.207

gbc7.nl3.eu.criteo.com

IN A

185.235.87.213

gbc7.nl3.eu.criteo.com

IN A

185.235.87.208

gbc7.nl3.eu.criteo.com

IN A

185.235.87.209

gbc7.nl3.eu.criteo.com

IN A

185.235.87.212

gbc7.nl3.eu.criteo.com

IN A

185.235.87.221

gbc7.nl3.eu.criteo.com

IN A

185.235.87.200

gbc7.nl3.eu.criteo.com

IN A

185.235.87.201

gbc7.nl3.eu.criteo.com

IN A

185.235.87.202

gbc7.nl3.eu.criteo.com

IN A

185.235.87.198

gbc7.nl3.eu.criteo.com

IN A

185.235.87.215

gbc7.nl3.eu.criteo.com

IN A

185.235.87.218

gbc7.nl3.eu.criteo.com

IN A

185.235.87.197

gbc7.nl3.eu.criteo.com

IN A

185.235.87.211

gbc7.nl3.eu.criteo.com

IN A

185.235.87.205

gbc7.nl3.eu.criteo.com

IN A

185.235.87.203

gbc7.nl3.eu.criteo.com

IN A

185.235.87.210

gbc7.nl3.eu.criteo.com

IN A

185.235.87.204

gbc7.nl3.eu.criteo.com

IN A

185.235.87.219

gbc7.nl3.eu.criteo.com

IN A

185.235.87.223

gbc7.nl3.eu.criteo.com

IN A

185.235.87.199

gbc7.nl3.eu.criteo.com

IN A

185.235.87.214

gbc7.nl3.eu.criteo.com

IN A

185.235.87.217

gbc7.nl3.eu.criteo.com

IN A

185.235.87.220

gbc7.nl3.eu.criteo.com

IN A

185.235.87.216

gbc7.nl3.eu.criteo.com

IN A

185.235.87.196
DNS

gem.gbc.criteo.com

Request

gem.gbc.criteo.com

IN Unknown

Response

gem.gbc.criteo.com

IN CNAME

gbc7.nl3.eu.criteo.com
DNS

token.rubiconproject.com

Request

token.rubiconproject.com

IN A

Response

token.rubiconproject.com

IN CNAME

pixel.rubiconproject.net.akadns.net

pixel.rubiconproject.net.akadns.net

IN A

213.19.162.90

pixel.rubiconproject.net.akadns.net

IN A

213.19.162.80
DNS

token.rubiconproject.com

Request

token.rubiconproject.com

IN Unknown

Response

token.rubiconproject.com

IN CNAME

pixel.rubiconproject.net.akadns.net
DNS

ssbsync.smartadserver.com

Request

ssbsync.smartadserver.com

IN A

Response

ssbsync.smartadserver.com

IN CNAME

ssbsync-geo.smartadserver.com

ssbsync-geo.smartadserver.com

IN CNAME

usersync-geo-global.usersync-prod-sas.akadns.net

usersync-geo-global.usersync-prod-sas.akadns.net

IN CNAME

ssbsync-euw2.smartadserver.com

ssbsync-euw2.smartadserver.com

IN A

91.134.110.132

ssbsync-euw2.smartadserver.com

IN A

5.196.111.69

ssbsync-euw2.smartadserver.com

IN A

217.182.178.229

ssbsync-euw2.smartadserver.com

IN A

51.178.195.212

ssbsync-euw2.smartadserver.com

IN A

164.132.25.180

ssbsync-euw2.smartadserver.com

IN A

5.135.209.100

ssbsync-euw2.smartadserver.com

IN A

5.196.111.68

ssbsync-euw2.smartadserver.com

IN A

149.202.238.100

ssbsync-euw2.smartadserver.com

IN A

178.32.210.230

ssbsync-euw2.smartadserver.com

IN A

51.178.195.213

ssbsync-euw2.smartadserver.com

IN A

164.132.25.181

ssbsync-euw2.smartadserver.com

IN A

217.182.178.228

ssbsync-euw2.smartadserver.com

IN A

178.32.210.231

ssbsync-euw2.smartadserver.com

IN A

5.135.209.101

ssbsync-euw2.smartadserver.com

IN A

178.32.197.52

ssbsync-euw2.smartadserver.com

IN A

149.202.238.101

ssbsync-euw2.smartadserver.com

IN A

178.32.197.53

ssbsync-euw2.smartadserver.com

IN A

91.134.110.133
DNS

ssbsync.smartadserver.com

Request

ssbsync.smartadserver.com

IN Unknown

Response

ssbsync.smartadserver.com

IN CNAME

ssbsync-geo.smartadserver.com

ssbsync-geo.smartadserver.com

IN CNAME

usersync-geo-global.usersync-prod-sas.akadns.net

usersync-geo-global.usersync-prod-sas.akadns.net

IN CNAME

ssbsync-euw2.smartadserver.com
DNS

as.ck-ie.com

Request

as.ck-ie.com

IN A

Response

as.ck-ie.com

IN A

8.2.110.113
DNS

as.ck-ie.com

Request

as.ck-ie.com

IN Unknown

Response
DNS

18.111.223.76.in-addr.arpa

Request

18.111.223.76.in-addr.arpa

IN PTR

Response

18.111.223.76.in-addr.arpa

IN PTR

a0f671730127a0812awsglobalacceleratorcom
DNS

18.111.223.76.in-addr.arpa

Request

18.111.223.76.in-addr.arpa

IN PTR

Response

18.111.223.76.in-addr.arpa

IN PTR

a0f671730127a0812awsglobalacceleratorcom
DNS

161.182.54.209.in-addr.arpa

Request

161.182.54.209.in-addr.arpa

IN PTR

Response
DNS

161.182.54.209.in-addr.arpa

Request

161.182.54.209.in-addr.arpa

IN PTR

Response
DNS

19.158.19.104.in-addr.arpa

Request

19.158.19.104.in-addr.arpa

IN PTR

Response
DNS

4.52.164.18.in-addr.arpa

Request

4.52.164.18.in-addr.arpa

IN PTR

Response

4.52.164.18.in-addr.arpa

IN PTR

server-18-164-52-4cdg50r cloudfrontnet
DNS

184.172.247.34.in-addr.arpa

Request

184.172.247.34.in-addr.arpa

IN PTR

Response

184.172.247.34.in-addr.arpa

IN PTR

ec2-34-247-172-184 eu-west-1compute amazonawscom
DNS

82.138.19.162.in-addr.arpa

Request

82.138.19.162.in-addr.arpa

IN PTR

Response

82.138.19.162.in-addr.arpa

IN PTR

ns31532337 ip-162-19-138eu
DNS

201.192.149.89.in-addr.arpa

Request

201.192.149.89.in-addr.arpa

IN PTR

Response
DNS

101.151.64.172.in-addr.arpa

Request

101.151.64.172.in-addr.arpa

IN PTR

Response
DNS

93.159.114.85.in-addr.arpa

Request

93.159.114.85.in-addr.arpa

IN PTR

Response

93.159.114.85.in-addr.arpa

IN PTR

dspadfarm1aditioncom
DNS

131.169.93.208.in-addr.arpa

Request

131.169.93.208.in-addr.arpa

IN PTR

Response
DNS

11.164.228.46.in-addr.arpa

Request

11.164.228.46.in-addr.arpa

IN PTR

Response

11.164.228.46.in-addr.arpa

IN PTR

presentation-ams1turncom
DNS

154.86.235.185.in-addr.arpa

Request

154.86.235.185.in-addr.arpa

IN PTR

Response
DNS

154.86.235.185.in-addr.arpa

Request

154.86.235.185.in-addr.arpa

IN PTR

Response
DNS

180.223.214.35.in-addr.arpa

Request

180.223.214.35.in-addr.arpa

IN PTR

Response

180.223.214.35.in-addr.arpa

IN PTR

18022321435bcgoogleusercontentcom
DNS

222.87.235.185.in-addr.arpa

Request

222.87.235.185.in-addr.arpa

IN PTR

Response
DNS

222.87.235.185.in-addr.arpa

Request

222.87.235.185.in-addr.arpa

IN PTR

Response
DNS

113.110.2.8.in-addr.arpa

Request

113.110.2.8.in-addr.arpa

IN PTR

Response
DNS

113.110.2.8.in-addr.arpa

Request

113.110.2.8.in-addr.arpa

IN PTR

Response
DNS

vid.vidoomy.com

Request

vid.vidoomy.com

IN A

Response

vid.vidoomy.com

IN CNAME

1651846316.rsc.cdn77.org

1651846316.rsc.cdn77.org

IN A

87.249.137.3
DNS

vid.vidoomy.com

Request

vid.vidoomy.com

IN Unknown

Response

vid.vidoomy.com

IN CNAME

1651846316.rsc.cdn77.org
DNS

vid.vidoomy.com

Request

vid.vidoomy.com

IN A

Response

vid.vidoomy.com

IN CNAME

1651846316.rsc.cdn77.org

1651846316.rsc.cdn77.org

IN A

87.249.137.2
DNS

adxbid.info

Request

adxbid.info

IN A

Response

adxbid.info

IN A

172.67.138.13

adxbid.info

IN A

104.21.48.215
DNS

3.137.249.87.in-addr.arpa

Request

3.137.249.87.in-addr.arpa

IN PTR

Response

3.137.249.87.in-addr.arpa

IN PTR

439366956dubcdn77com
DNS

um.simpli.fi

Request

um.simpli.fi

IN Unknown

Response
DNS

crt.sectigo.com

Request

crt.sectigo.com

IN A

Response

crt.sectigo.com

IN CNAME

crt.comodoca.com.cdn.cloudflare.net

crt.comodoca.com.cdn.cloudflare.net

IN A

172.64.149.23

crt.comodoca.com.cdn.cloudflare.net

IN A

104.18.38.233
DNS

crt.sectigo.com

Request

crt.sectigo.com

IN Unknown

Response

crt.sectigo.com

IN CNAME

crt.comodoca.com.cdn.cloudflare.net
DNS

id.a-mx.com

Request

id.a-mx.com

IN A

Response

id.a-mx.com

IN A

79.127.216.47

id.a-mx.com

IN A

79.127.227.46
DNS

id.a-mx.com

Request

id.a-mx.com

IN Unknown

Response
GET

http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt

Request

GET /SectigoRSADomainValidationSecureServerCA.crt HTTP/1.1
Host: crt.sectigo.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Thu, 04 Apr 2024 06:26:14 GMT
Content-Type: application/pkix-cert
Content-Length: 1559
Connection: keep-alive
Last-Modified: Fri, 02 Nov 2018 00:00:00 GMT
Etag: "33e4e80807204c2b6182a3a14b591acd25b5f0db"
Cache-Control: max-age=86400,s-maxage=14400,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 7452
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 86ef39c9f8419557-LHR
DNS

ow.pubmatic.com

Request

ow.pubmatic.com

IN A

Response

ow.pubmatic.com

IN CNAME

owv2.pubmnet.com

owv2.pubmnet.com

IN CNAME

ow-lhrc.pubmnet.com

ow-lhrc.pubmnet.com

IN A

185.64.190.84
DNS

ow.pubmatic.com

Request

ow.pubmatic.com

IN Unknown

Response

ow.pubmatic.com

IN CNAME

owv2.pubmnet.com

owv2.pubmnet.com

IN CNAME

ow-lhrc.pubmnet.com
DNS

prebid-server.rubiconproject.com

Request

prebid-server.rubiconproject.com

IN A

Response

prebid-server.rubiconproject.com

IN CNAME

prebid-server.rubiconproject.net.akadns.net

prebid-server.rubiconproject.net.akadns.net

IN CNAME

prebid-server-perf-eu.rubiconproject.net.akadns.net

prebid-server-perf-eu.rubiconproject.net.akadns.net

IN A

213.19.162.71
DNS

prebid-server.rubiconproject.com

Request

prebid-server.rubiconproject.com

IN Unknown

Response

prebid-server.rubiconproject.com

IN CNAME

prebid-server.rubiconproject.net.akadns.net

prebid-server.rubiconproject.net.akadns.net

IN CNAME

prebid-server-perf-eu.rubiconproject.net.akadns.net
DNS

pixel.tapad.com

Request

pixel.tapad.com

IN A

Response

pixel.tapad.com

IN A

34.111.113.62
DNS

pixel.tapad.com

Request

pixel.tapad.com

IN Unknown

Response
DNS

ce.lijit.com

Request

ce.lijit.com

IN A

Response

ce.lijit.com

IN CNAME

ce-ew1.lijit.com

ce-ew1.lijit.com

IN CNAME

raptor-prd-ew1-alb-2127381300.eu-west-1.elb.amazonaws.com

raptor-prd-ew1-alb-2127381300.eu-west-1.elb.amazonaws.com

IN A

54.217.72.151

raptor-prd-ew1-alb-2127381300.eu-west-1.elb.amazonaws.com

IN A

54.154.92.191

raptor-prd-ew1-alb-2127381300.eu-west-1.elb.amazonaws.com

IN A

52.18.182.124

raptor-prd-ew1-alb-2127381300.eu-west-1.elb.amazonaws.com

IN A

54.229.202.228

raptor-prd-ew1-alb-2127381300.eu-west-1.elb.amazonaws.com

IN A

52.209.51.105

raptor-prd-ew1-alb-2127381300.eu-west-1.elb.amazonaws.com

IN A

52.209.162.244

raptor-prd-ew1-alb-2127381300.eu-west-1.elb.amazonaws.com

IN A

54.77.212.111

raptor-prd-ew1-alb-2127381300.eu-west-1.elb.amazonaws.com

IN A

52.49.98.87
DNS

ce.lijit.com

Request

ce.lijit.com

IN Unknown

Response

ce.lijit.com

IN CNAME

ce-ew1.lijit.com

ce-ew1.lijit.com

IN CNAME

raptor-prd-ew1-alb-2127381300.eu-west-1.elb.amazonaws.com
DNS

vid.vidoomy.com

Request

vid.vidoomy.com

IN A

Response

vid.vidoomy.com

IN CNAME

1651846316.rsc.cdn77.org

1651846316.rsc.cdn77.org

IN A

87.249.137.3
DNS

adxbid.info

Request

adxbid.info

IN A

Response

adxbid.info

IN A

172.67.138.13

adxbid.info

IN A

104.21.48.215
DNS

vid.vidoomy.com

Request

vid.vidoomy.com

IN A

Response

vid.vidoomy.com

IN CNAME

1651846316.rsc.cdn77.org

1651846316.rsc.cdn77.org

IN A

87.249.137.3
DNS

adxbid.info

Request

adxbid.info

IN A

Response

adxbid.info

IN A

172.67.138.13

adxbid.info

IN A

104.21.48.215
DNS

23.149.64.172.in-addr.arpa

Request

23.149.64.172.in-addr.arpa

IN PTR

Response
DNS

23.149.64.172.in-addr.arpa

Request

23.149.64.172.in-addr.arpa

IN PTR

Response
DNS

49.158.204.35.in-addr.arpa

Request

49.158.204.35.in-addr.arpa

IN PTR

Response

49.158.204.35.in-addr.arpa

IN PTR

4915820435bcgoogleusercontentcom
DNS

49.158.204.35.in-addr.arpa

Request

49.158.204.35.in-addr.arpa

IN PTR

Response

49.158.204.35.in-addr.arpa

IN PTR

4915820435bcgoogleusercontentcom
DNS

47.216.127.79.in-addr.arpa

Request

47.216.127.79.in-addr.arpa

IN PTR

Response

47.216.127.79.in-addr.arpa

IN PTR

unn-79-127-216-47 datapacketcom
DNS

47.216.127.79.in-addr.arpa

Request

47.216.127.79.in-addr.arpa

IN PTR

Response

47.216.127.79.in-addr.arpa

IN PTR

unn-79-127-216-47 datapacketcom
DNS

84.190.64.185.in-addr.arpa

Request

84.190.64.185.in-addr.arpa

IN PTR

Response
DNS

84.190.64.185.in-addr.arpa

Request

84.190.64.185.in-addr.arpa

IN PTR

Response
DNS

71.162.19.213.in-addr.arpa

Request

71.162.19.213.in-addr.arpa

IN PTR

Response
DNS

71.162.19.213.in-addr.arpa

Request

71.162.19.213.in-addr.arpa

IN PTR

Response
DNS

62.113.111.34.in-addr.arpa

Request

62.113.111.34.in-addr.arpa

IN PTR

Response

62.113.111.34.in-addr.arpa

IN PTR

6211311134bcgoogleusercontentcom
DNS

62.113.111.34.in-addr.arpa

Request

62.113.111.34.in-addr.arpa

IN PTR

Response

62.113.111.34.in-addr.arpa

IN PTR

6211311134bcgoogleusercontentcom
DNS

151.72.217.54.in-addr.arpa

Request

151.72.217.54.in-addr.arpa

IN PTR

Response

151.72.217.54.in-addr.arpa

IN PTR

ec2-54-217-72-151 eu-west-1compute amazonawscom
DNS

151.72.217.54.in-addr.arpa

Request

151.72.217.54.in-addr.arpa

IN PTR

Response

151.72.217.54.in-addr.arpa

IN PTR

ec2-54-217-72-151 eu-west-1compute amazonawscom
DNS

play.google.com

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.187.238
DNS

play.google.com

Request

play.google.com

IN Unknown

Response
DNS

prebid.a-mo.net

Request

prebid.a-mo.net

IN A

Response

prebid.a-mo.net

IN CNAME

am6-prebid.a-mx.net

am6-prebid.a-mx.net

IN A

147.75.84.158

am6-prebid.a-mx.net

IN A

145.40.97.67

am6-prebid.a-mx.net

IN A

145.40.97.66
DNS

prebid.a-mo.net

Request

prebid.a-mo.net

IN Unknown

Response

prebid.a-mo.net

IN CNAME

am6-prebid.a-mx.net
DNS

238.187.250.142.in-addr.arpa

Request

238.187.250.142.in-addr.arpa

IN PTR

Response

238.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f141e100net
DNS

c3.a-mo.net

Request

c3.a-mo.net

IN A

Response

c3.a-mo.net

IN CNAME

id.a-mx.com

id.a-mx.com

IN A

79.127.216.47

id.a-mx.com

IN A

79.127.227.46
DNS

c3.a-mo.net

Request

c3.a-mo.net

IN Unknown

Response

c3.a-mo.net

IN CNAME

id.a-mx.com
DNS

ssum.casalemedia.com

Request

ssum.casalemedia.com

IN A

Response

ssum.casalemedia.com

IN A

104.18.36.155

ssum.casalemedia.com

IN A

172.64.151.101
DNS

158.84.75.147.in-addr.arpa

Request

158.84.75.147.in-addr.arpa

IN PTR

Response
DNS

158.84.75.147.in-addr.arpa

Request

158.84.75.147.in-addr.arpa

IN PTR

Response
DNS

user-sync.adxpremium.services

Request

user-sync.adxpremium.services

IN A

Response

user-sync.adxpremium.services

IN A

209.192.201.180
DNS

user-sync.adxpremium.services

Request

user-sync.adxpremium.services

IN Unknown

Response
DNS

id.rtb.mx

Request

id.rtb.mx

IN A

Response

id.rtb.mx

IN CNAME

id.a-mx.com

id.a-mx.com

IN A

79.127.227.46

id.a-mx.com

IN A

79.127.216.47
DNS

id.rtb.mx

Request

id.rtb.mx

IN Unknown

Response

id.rtb.mx

IN CNAME

id.a-mx.com
DNS

155.36.18.104.in-addr.arpa

Request

155.36.18.104.in-addr.arpa

IN PTR

Response
DNS

155.36.18.104.in-addr.arpa

Request

155.36.18.104.in-addr.arpa

IN PTR

Response
DNS

46.227.127.79.in-addr.arpa

Request

46.227.127.79.in-addr.arpa

IN PTR

Response

46.227.127.79.in-addr.arpa

IN PTR

unn-79-127-227-46 datapacketcom
DNS

46.227.127.79.in-addr.arpa

Request

46.227.127.79.in-addr.arpa

IN PTR

Response

46.227.127.79.in-addr.arpa

IN PTR

unn-79-127-227-46 datapacketcom
DNS

180.201.192.209.in-addr.arpa

Request

180.201.192.209.in-addr.arpa

IN PTR

Response
DNS

180.201.192.209.in-addr.arpa

Request

180.201.192.209.in-addr.arpa

IN PTR

Response
DNS

vpaid.vidoomy.com

Request

vpaid.vidoomy.com

IN A

Response

vpaid.vidoomy.com

IN CNAME

1099493781.rsc.cdn77.org

1099493781.rsc.cdn77.org

IN A

87.249.137.2
DNS

vpaid.vidoomy.com

Request

vpaid.vidoomy.com

IN Unknown

Response

vpaid.vidoomy.com

IN CNAME

1099493781.rsc.cdn77.org
DNS

ads.pubmatic.com

Request

ads.pubmatic.com

IN A

Response

ads.pubmatic.com

IN CNAME

pubmatic.edgekey.net

pubmatic.edgekey.net

IN CNAME

e6603.g.akamaiedge.net

e6603.g.akamaiedge.net

IN A

104.115.32.236
DNS

adxbid.info

Request

adxbid.info

IN A

Response

adxbid.info

IN A

172.67.138.13

adxbid.info

IN A

104.21.48.215
DNS

ap.lijit.com

Request

ap.lijit.com

IN A

Response

ap.lijit.com

IN CNAME

vap.lijit.com

vap.lijit.com

IN CNAME

emeas.vap.lijit.com

emeas.vap.lijit.com

IN CNAME

eu.vap.lijit.com

eu.vap.lijit.com

IN CNAME

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

52.30.39.78

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

34.250.113.227

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

54.229.105.156

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

52.209.149.220

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

34.253.7.71

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

52.211.54.244

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

52.16.145.164

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

54.76.24.187
DNS

ap.lijit.com

Request

ap.lijit.com

IN Unknown

Response

ap.lijit.com

IN CNAME

vap.lijit.com

vap.lijit.com

IN CNAME

emeas.vap.lijit.com

emeas.vap.lijit.com

IN CNAME

eu.vap.lijit.com

eu.vap.lijit.com

IN CNAME

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com
DNS

rtb.openx.net

Request

rtb.openx.net

IN A

Response

rtb.openx.net

IN A

35.227.252.103

rtb.openx.net

IN A

35.186.253.211
DNS

rtb.openx.net

Request

rtb.openx.net

IN Unknown

Response
DNS

pixel-sync.sitescout.com

Request

pixel-sync.sitescout.com

IN A

Response

pixel-sync.sitescout.com

IN A

34.36.216.150
DNS

ups.analytics.yahoo.com

Request

ups.analytics.yahoo.com

IN A

Response

ups.analytics.yahoo.com

IN CNAME

prod.ups-ats.aolp-ds-prd.aws.oath.cloud

prod.ups-ats.aolp-ds-prd.aws.oath.cloud

IN CNAME

prod.ups-ats.eu-central-1.aolp-ds-prd.aws.oath.cloud

prod.ups-ats.eu-central-1.aolp-ds-prd.aws.oath.cloud

IN CNAME

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

IN A

3.75.62.37

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud

IN A

3.71.149.231
DNS

ups.analytics.yahoo.com

Request

ups.analytics.yahoo.com

IN Unknown

Response

ups.analytics.yahoo.com

IN CNAME

prod.ups-ats.aolp-ds-prd.aws.oath.cloud

prod.ups-ats.aolp-ds-prd.aws.oath.cloud

IN CNAME

prod.ups-ats.eu-central-1.aolp-ds-prd.aws.oath.cloud

prod.ups-ats.eu-central-1.aolp-ds-prd.aws.oath.cloud

IN CNAME

ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud
DNS

ads.pubmatic.com

Request

ads.pubmatic.com

IN A

Response

ads.pubmatic.com

IN CNAME

pubmatic.edgekey.net

pubmatic.edgekey.net

IN CNAME

e6603.g.akamaiedge.net

e6603.g.akamaiedge.net

IN A

104.115.32.236
DNS

adxbid.info

Request

adxbid.info

IN A

Response

adxbid.info

IN A

172.67.138.13

adxbid.info

IN A

104.21.48.215
DNS

ads.pubmatic.com

Request

ads.pubmatic.com

IN A

Response

ads.pubmatic.com

IN CNAME

pubmatic.edgekey.net

pubmatic.edgekey.net

IN CNAME

e6603.g.akamaiedge.net

e6603.g.akamaiedge.net

IN A

104.115.32.236
DNS

vid.vidoomy.com

Request

vid.vidoomy.com

IN A

Response

vid.vidoomy.com

IN CNAME

1651846316.rsc.cdn77.org

1651846316.rsc.cdn77.org

IN A

87.249.137.3
DNS

ads.pubmatic.com

Request

ads.pubmatic.com

IN A

Response

ads.pubmatic.com

IN CNAME

pubmatic.edgekey.net

pubmatic.edgekey.net

IN CNAME

e6603.g.akamaiedge.net

e6603.g.akamaiedge.net

IN A

104.115.32.236
DNS

vid.vidoomy.com

Request

vid.vidoomy.com

IN A

Response

vid.vidoomy.com

IN CNAME

1651846316.rsc.cdn77.org

1651846316.rsc.cdn77.org

IN A

87.249.137.3
DNS

cm.adform.net

Request

cm.adform.net

IN A

Response

cm.adform.net

IN CNAME

track-eu.adformnet.akadns.net

track-eu.adformnet.akadns.net

IN A

37.157.5.84

track-eu.adformnet.akadns.net

IN A

37.157.4.29

track-eu.adformnet.akadns.net

IN A

37.157.5.133

track-eu.adformnet.akadns.net

IN A

37.157.4.28

track-eu.adformnet.akadns.net

IN A

37.157.5.132
DNS

cm.adform.net

Request

cm.adform.net

IN Unknown

Response

cm.adform.net

IN CNAME

track-eu.adformnet.akadns.net
DNS

a.vidoomy.com

Request

a.vidoomy.com

IN A

Response

a.vidoomy.com

IN CNAME

lb.vidoomy.com

lb.vidoomy.com

IN A

212.36.83.246

lb.vidoomy.com

IN A

212.36.83.245
DNS

a.vidoomy.com

Request

a.vidoomy.com

IN Unknown

Response

a.vidoomy.com

IN CNAME

lb.vidoomy.com
DNS

ads.pubmatic.com

Request

ads.pubmatic.com

IN A

Response

ads.pubmatic.com

IN CNAME

pubmatic.edgekey.net

pubmatic.edgekey.net

IN CNAME

e6603.g.akamaiedge.net

e6603.g.akamaiedge.net

IN A

104.115.32.236
DNS

adxbid.info

Request

adxbid.info

IN A

Response

adxbid.info

IN A

172.67.138.13

adxbid.info

IN A

104.21.48.215
DNS

2.137.249.87.in-addr.arpa

Request

2.137.249.87.in-addr.arpa

IN PTR

Response

2.137.249.87.in-addr.arpa

IN PTR

439366956dubcdn77com
DNS

2.137.249.87.in-addr.arpa

Request

2.137.249.87.in-addr.arpa

IN PTR

Response

2.137.249.87.in-addr.arpa

IN PTR

439366956dubcdn77com
DNS

150.216.36.34.in-addr.arpa

Request

150.216.36.34.in-addr.arpa

IN PTR

Response

150.216.36.34.in-addr.arpa

IN PTR

1502163634bcgoogleusercontentcom
DNS

150.216.36.34.in-addr.arpa

Request

150.216.36.34.in-addr.arpa

IN PTR

Response

150.216.36.34.in-addr.arpa

IN PTR

1502163634bcgoogleusercontentcom
DNS

78.39.30.52.in-addr.arpa

Request

78.39.30.52.in-addr.arpa

IN PTR

Response

78.39.30.52.in-addr.arpa

IN PTR

ec2-52-30-39-78 eu-west-1compute amazonawscom
DNS

78.39.30.52.in-addr.arpa

Request

78.39.30.52.in-addr.arpa

IN PTR

Response

78.39.30.52.in-addr.arpa

IN PTR

ec2-52-30-39-78 eu-west-1compute amazonawscom
DNS

37.62.75.3.in-addr.arpa

Request

37.62.75.3.in-addr.arpa

IN PTR

Response

37.62.75.3.in-addr.arpa

IN PTR

ec2-3-75-62-37eu-central-1compute amazonawscom
DNS

37.62.75.3.in-addr.arpa

Request

37.62.75.3.in-addr.arpa

IN PTR

Response

37.62.75.3.in-addr.arpa

IN PTR

ec2-3-75-62-37eu-central-1compute amazonawscom
DNS

84.5.157.37.in-addr.arpa

Request

84.5.157.37.in-addr.arpa

IN PTR

Response
DNS

84.5.157.37.in-addr.arpa

Request

84.5.157.37.in-addr.arpa

IN PTR

Response
DNS

rtb.adxpremium.services

Request

rtb.adxpremium.services

IN A

Response

rtb.adxpremium.services

IN A

185.106.140.18
DNS

rtb.adxpremium.services

Request

rtb.adxpremium.services

IN Unknown

Response
DNS

user-sync.adxpremium.services

Request

user-sync.adxpremium.services

IN A

Response

user-sync.adxpremium.services

IN A

209.192.201.180
DNS

vid.vidoomy.com

Request

vid.vidoomy.com

IN A

Response

vid.vidoomy.com

IN CNAME

1651846316.rsc.cdn77.org

1651846316.rsc.cdn77.org

IN A

87.249.137.2
DNS

user-sync.adxpremium.services

Request

user-sync.adxpremium.services

IN A

Response

user-sync.adxpremium.services

IN A

209.192.201.180
DNS

vid.vidoomy.com

Request

vid.vidoomy.com

IN A

Response

vid.vidoomy.com

IN CNAME

1651846316.rsc.cdn77.org

1651846316.rsc.cdn77.org

IN A

87.249.137.3
DNS

user-sync.adxpremium.services

Request

user-sync.adxpremium.services

IN A

Response

user-sync.adxpremium.services

IN A

209.192.201.180
DNS

vid.vidoomy.com

Request

vid.vidoomy.com

IN A

Response

vid.vidoomy.com

IN CNAME

1651846316.rsc.cdn77.org

1651846316.rsc.cdn77.org

IN A

87.249.137.2
DNS

a.nel.cloudflare.com

Request

a.nel.cloudflare.com

IN A

Response

a.nel.cloudflare.com

IN A

35.190.80.1
DNS

a.nel.cloudflare.com

Request

a.nel.cloudflare.com

IN Unknown

Response
DNS

1.80.190.35.in-addr.arpa

Request

1.80.190.35.in-addr.arpa

IN PTR

Response

1.80.190.35.in-addr.arpa

IN PTR

18019035bcgoogleusercontentcom
DNS

csm.nl3.eu.criteo.net

Request

csm.nl3.eu.criteo.net

IN A

Response

csm.nl3.eu.criteo.net

IN CNAME

csm.nl3.vip.prod.criteo.net

csm.nl3.vip.prod.criteo.net

IN A

178.250.1.25
DNS

csm.nl3.eu.criteo.net

Request

csm.nl3.eu.criteo.net

IN Unknown

Response

csm.nl3.eu.criteo.net

IN CNAME

csm.nl3.vip.prod.criteo.net
DNS

25.1.250.178.in-addr.arpa

Request

25.1.250.178.in-addr.arpa

IN PTR

Response
DNS

update.googleapis.com

Request

update.googleapis.com

IN A

Response

update.googleapis.com

IN A

142.250.178.3
DNS

update.googleapis.com

Request

update.googleapis.com

IN Unknown

Response
DNS

edge-mobile-static.azureedge.net

Request

edge-mobile-static.azureedge.net

IN A

Response

edge-mobile-static.azureedge.net

IN CNAME

edge-mobile-static.afd.azureedge.net

edge-mobile-static.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net

part-0036.t-0009.t-msedge.net

IN A

13.107.246.64

part-0036.t-0009.t-msedge.net

IN A

13.107.213.64
DNS

edge-mobile-static.azureedge.net

Request

edge-mobile-static.azureedge.net

IN Unknown

Response

edge-mobile-static.azureedge.net

IN CNAME

edge-mobile-static.afd.azureedge.net

edge-mobile-static.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net
DNS

clients2.googleusercontent.com

Request

clients2.googleusercontent.com

IN A

Response

clients2.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.178.1
DNS

clients2.googleusercontent.com

Request

clients2.googleusercontent.com

IN Unknown

Response

clients2.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com
DNS

3.178.250.142.in-addr.arpa

Request

3.178.250.142.in-addr.arpa

IN PTR

Response

3.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f31e100net
DNS

1.178.250.142.in-addr.arpa

Request

1.178.250.142.in-addr.arpa

IN PTR

Response

1.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f11e100net
DNS

edge-consumer-static.azureedge.net

Request

edge-consumer-static.azureedge.net

IN A

Response

edge-consumer-static.azureedge.net

IN CNAME

edge-consumer-static.afd.azureedge.net

edge-consumer-static.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net

part-0036.t-0009.t-msedge.net

IN A

13.107.246.64

part-0036.t-0009.t-msedge.net

IN A

13.107.213.64
DNS

edge-consumer-static.azureedge.net

Request

edge-consumer-static.azureedge.net

IN Unknown

Response

edge-consumer-static.azureedge.net

IN CNAME

edge-consumer-static.afd.azureedge.net

edge-consumer-static.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net
DNS

183.59.114.20.in-addr.arpa

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

183.59.114.20.in-addr.arpa

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

17.160.190.20.in-addr.arpa

Request

17.160.190.20.in-addr.arpa

IN PTR

Response
DNS

17.160.190.20.in-addr.arpa

Request

17.160.190.20.in-addr.arpa

IN PTR

Response
DNS

14.34.115.104.in-addr.arpa

Request

14.34.115.104.in-addr.arpa

IN PTR

Response

14.34.115.104.in-addr.arpa

IN PTR

a104-115-34-14deploystaticakamaitechnologiescom
DNS

14.34.115.104.in-addr.arpa

Request

14.34.115.104.in-addr.arpa

IN PTR

Response

14.34.115.104.in-addr.arpa

IN PTR

a104-115-34-14deploystaticakamaitechnologiescom
DNS

56.126.166.20.in-addr.arpa

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

56.126.166.20.in-addr.arpa

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

104.241.123.92.in-addr.arpa

Request

104.241.123.92.in-addr.arpa

IN PTR

Response

104.241.123.92.in-addr.arpa

IN PTR

a92-123-241-104deploystaticakamaitechnologiescom
DNS

104.241.123.92.in-addr.arpa

Request

104.241.123.92.in-addr.arpa

IN PTR
DNS

119.110.54.20.in-addr.arpa

Request

119.110.54.20.in-addr.arpa

IN PTR

Response
DNS

225.66.18.2.in-addr.arpa

Request

225.66.18.2.in-addr.arpa

IN PTR

Response

225.66.18.2.in-addr.arpa

IN PTR

a2-18-66-225deploystaticakamaitechnologiescom
DNS

154.110.86.104.in-addr.arpa

Request

154.110.86.104.in-addr.arpa

IN PTR

Response

154.110.86.104.in-addr.arpa

IN PTR

a104-86-110-154deploystaticakamaitechnologiescom
DNS

172.210.232.199.in-addr.arpa

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

192.142.123.92.in-addr.arpa

Request

192.142.123.92.in-addr.arpa

IN PTR

Response

192.142.123.92.in-addr.arpa

IN PTR

a92-123-142-192deploystaticakamaitechnologiescom

52.142.223.178:80

104 B
2
13.249.9.21:443

https://encdn.ldmnq.com/player_files/en/leidianex

tls, http

LDPlayer9_ru_1007_ld.exe

1.2kB
9.1kB
15
12

HTTP Request

GET https://encdn.ldmnq.com/player_files/en/leidianex

HTTP Response

200
172.217.16.238:80

http://www.google-analytics.com/collect?v=1&t=event&tid=UA-134765723-4&cid=9c259aa7f6a49091c1e506721add63a0&ec=app2&ea=download_installBtnClick3.0&el=1007&ev=100&z=6334

http

LDPlayer9_ru_1007_ld.exe

1.3kB
1.5kB
10
6

HTTP Request

GET http://www.google-analytics.com/collect?v=1&t=event&tid=UA-134765723-4&cid=9c259aa7f6a49091c1e506721add63a0&ec=app2&ea=download_run&el=1007&ev=100&z=41

HTTP Response

200

HTTP Request

GET http://www.google-analytics.com/collect?v=1&t=event&tid=UA-134765723-4&cid=9c259aa7f6a49091c1e506721add63a0&ec=app2&ea=YanDex_show&el=1007&ev=100&z=18467

HTTP Response

200

HTTP Request

GET http://www.google-analytics.com/collect?v=1&t=event&tid=UA-134765723-4&cid=9c259aa7f6a49091c1e506721add63a0&ec=app2&ea=download_installBtnClick3.0&el=1007&ev=100&z=6334

HTTP Response

200
3.162.38.43:443

https://cdn.ldplayer.net/download/package/LDPlayer_9.0.68.3.exe

tls, http

LDPlayer9_ru_1007_ld.exe

25.5MB
707.1MB
506637
506172

HTTP Request

GET https://cdn.ldplayer.net/download/package/LDPlayer_9.0.68.3.exe

HTTP Response

200
13.107.246.64:443

46 B
40 B
1
1
172.217.16.238:80

http://www.google-analytics.com/collect?v=1&t=event&tid=UA-134765723-4&cid=9c259aa7f6a49091c1e506721add63a0&ec=app2&ea=download_Success&el=1007_90&ev=100&z=26500

http

LDPlayer9_ru_1007_ld.exe

569 B
601 B
6
4

HTTP Request

GET http://www.google-analytics.com/collect?v=1&t=event&tid=UA-134765723-4&cid=9c259aa7f6a49091c1e506721add63a0&ec=app2&ea=download_Success&el=1007_90&ev=100&z=26500

HTTP Response

200
172.217.16.238:80

http://www.google-analytics.com/collect?v=1&t=event&tid=UA-156094621-1&cid=9c259aa7f6a49091c1e506721add63a0&ec=0900006803&ea=playerInstallStart&el=1007&ev=100&z=6334

http

LDPlayer.exe

1.3kB
1.5kB
10
6

HTTP Request

GET http://www.google-analytics.com/collect?v=1&t=event&tid=UA-156094621-1&cid=9c259aa7f6a49091c1e506721add63a0&ec=0900006803&ea=playerInstallNew&el=1007&ev=100&z=41

HTTP Response

200

HTTP Request

GET http://www.google-analytics.com/collect?v=1&t=event&tid=UA-156094621-1&cid=9c259aa7f6a49091c1e506721add63a0&ec=0900006803&ea=installRun&el=1007_downloader&ev=100&z=18467

HTTP Response

200

HTTP Request

GET http://www.google-analytics.com/collect?v=1&t=event&tid=UA-156094621-1&cid=9c259aa7f6a49091c1e506721add63a0&ec=0900006803&ea=playerInstallStart&el=1007&ev=100&z=6334

HTTP Response

200
8.219.4.49:443

https://middledata.ldplayer.net/collection/biz/upload

tls, http

LDPlayer.exe

1.4kB
4.9kB
10
10

HTTP Request

POST https://middledata.ldplayer.net/collection/biz/upload

HTTP Response

200
172.217.16.238:80

http://www.google-analytics.com/collect?v=1&t=event&tid=UA-134765723-4&cid=9c259aa7f6a49091c1e506721add63a0&ec=app2&ea=download_installComplete&el=1007_errWaitTimeout&ev=100&z=19169

http

LDPlayer9_ru_1007_ld.exe

543 B
561 B
5
3

HTTP Request

GET http://www.google-analytics.com/collect?v=1&t=event&tid=UA-134765723-4&cid=9c259aa7f6a49091c1e506721add63a0&ec=app2&ea=download_installComplete&el=1007_errWaitTimeout&ev=100&z=19169

HTTP Response

200
13.249.9.34:443

https://encdn.ldmnq.com/player_files/ru/apps_must_config.data

tls, http

dnplayer.exe

963 B
13.9kB
11
16

HTTP Request

GET https://encdn.ldmnq.com/player_files/ru/apps_must_config.data

HTTP Response

200
13.249.9.34:443

https://encdn.ldmnq.com/player_files/en/apps_max.data

tls, http

dnplayer.exe

955 B
8.8kB
11
12

HTTP Request

GET https://encdn.ldmnq.com/player_files/en/apps_max.data

HTTP Response

200
163.181.154.249:443

https://en.ldplayer.net/ows/en/ip/checkIpArea

tls, http

dnplayer.exe

947 B
6.0kB
11
11

HTTP Request

GET https://en.ldplayer.net/ows/en/ip/checkIpArea

HTTP Response

200
52.222.149.79:443

https://ad.ldplayer.net/getIpCountryJsonFile

tls, http

dnplayer.exe

992 B
7.4kB
12
14

HTTP Request

GET https://ad.ldplayer.net/getIpCountryJsonFile

HTTP Response

200
13.249.9.34:443

https://encdn.ldmnq.com/player_files/en/leidianex

tls, http

dnplayer.exe

954 B
3.1kB
9
8

HTTP Request

GET https://encdn.ldmnq.com/player_files/en/leidianex

HTTP Response

200
13.249.9.34:443

https://encdn.ldmnq.com/player_files/en/apps_plugin.data

tls, http

dnplayer.exe

961 B
1.4kB
9
7

HTTP Request

GET https://encdn.ldmnq.com/player_files/en/apps_plugin.data

HTTP Response

200
13.249.9.34:443

encdn.ldmnq.com

tls

dnplayer.exe

1.2kB
8.4kB
10
13
163.181.154.215:443

https://advertise.ldplayer.net/ad/gb/cpt_ad.data

tls, http

dnplayer.exe

1.0kB
8.3kB
12
13

HTTP Request

GET https://advertise.ldplayer.net/ad/gb/cpt_ad.data

HTTP Response

200
3.162.38.36:443

https://cdn.ldplayer.net/rms/ldplayer/process/img/3aa137d179074e8b80a79e397daa198c1711962911.webp

tls, http

dnplayer.exe

6.4kB
376.4kB
119
275

HTTP Request

GET https://cdn.ldplayer.net/rms/ldplayer/process/img/3aa137d179074e8b80a79e397daa198c1711962911.webp

HTTP Response

200
3.162.38.36:443

https://cdn.ldplayer.net/rms/ldplayer/process/img/93e3c2fd56504aed983fbfd31cb1c02f1711962957.webp

tls, http

dnplayer.exe

4.4kB
396.8kB
83
290

HTTP Request

GET https://cdn.ldplayer.net/rms/ldplayer/process/img/93e3c2fd56504aed983fbfd31cb1c02f1711962957.webp

HTTP Response

200
3.162.38.36:443

https://cdn.ldplayer.net/rms/ldplayer/process/img/03d9c83a54ba4b0d81df23f0a54239991711962918.webp

tls, http

dnplayer.exe

1.6kB
135.1kB
21
103

HTTP Request

GET https://cdn.ldplayer.net/rms/ldplayer/process/img/03d9c83a54ba4b0d81df23f0a54239991711962918.webp

HTTP Response

200
3.162.38.36:443

https://cdn.ldplayer.net/rms/ldplayer/process/img/f238f16857114ae28385c0d5e0c140351711962974.webp

tls, http

dnplayer.exe

2.0kB
135.1kB
30
103

HTTP Request

GET https://cdn.ldplayer.net/rms/ldplayer/process/img/f238f16857114ae28385c0d5e0c140351711962974.webp

HTTP Response

200
3.162.38.36:443

https://cdn.ldplayer.net/rms/ldplayer/process/img/4f4f3f79f3404e46a05e78c89b3c62601712154143.webp

tls, http

dnplayer.exe

2.1kB
247.2kB
33
184

HTTP Request

GET https://cdn.ldplayer.net/rms/ldplayer/process/img/4f4f3f79f3404e46a05e78c89b3c62601712154143.webp

HTTP Response

200
3.162.38.36:443

https://cdn.ldplayer.net/rms/ldplayer/process/img/720b7aef1925457985eee4d860f2343e1712154148.webp

tls, http

dnplayer.exe

2.0kB
255.3kB
30
189

HTTP Request

GET https://cdn.ldplayer.net/rms/ldplayer/process/img/720b7aef1925457985eee4d860f2343e1712154148.webp

HTTP Response

200
13.249.9.34:443

https://encdn.ldmnq.com/ldstore/CHzyNa-1620808132426.png

tls, http

dnplayer.exe

1.2kB
36.5kB
14
32

HTTP Request

GET https://encdn.ldmnq.com/ldstore/CHzyNa-1620808132426.png

HTTP Response

200
163.181.154.215:443

https://advertise.ldplayer.net/ad/gb/cpi_ad.data

tls, http

dnplayer.exe

1.9kB
57.8kB
27
48

HTTP Request

GET https://advertise.ldplayer.net/ad/gb/cpi_ad.data

HTTP Response

200
52.222.149.79:443

https://ad.ldplayer.net/cptAdExposure?cptId=0&language=ru_RU&placement=loading_video&version=9.0.68

tls, http

dnplayer.exe

1.0kB
1.1kB
9
8

HTTP Request

GET https://ad.ldplayer.net/cptAdExposure?cptId=0&language=ru_RU&placement=loading_video&version=9.0.68

HTTP Response

200
52.222.149.79:443

https://ad.ldplayer.net/cptAdExposure?cptId=9724&language=ru_RU&placement=loading&version=9.0.68

tls, http

dnplayer.exe

1.0kB
1.1kB
10
8

HTTP Request

GET https://ad.ldplayer.net/cptAdExposure?cptId=9724&language=ru_RU&placement=loading&version=9.0.68

HTTP Response

200
18.155.129.58:80

http://apiru.ldmnq.com/checkVersion2?pid=dnplayer-ru&openid=1007&t=20240404062537&sv=0900006803&m=9c259aa7f6a49091c1e506721add63a0&architecture=x64&multiplayer=1&androidimei=010067029042170&androidmac=00DB5BEF69A5

http

dnplayer.exe

594 B
957 B
6
4

HTTP Request

GET http://apiru.ldmnq.com/checkVersion2?pid=dnplayer-ru&openid=1007&t=20240404062537&sv=0900006803&m=9c259aa7f6a49091c1e506721add63a0&architecture=x64&multiplayer=1&androidimei=010067029042170&androidmac=00DB5BEF69A5

HTTP Response

301
18.155.129.58:443

https://apiru.ldmnq.com/checkVersion2?pid=dnplayer-ru&openid=1007&t=20240404062537&sv=0900006803&m=9c259aa7f6a49091c1e506721add63a0&architecture=x64&multiplayer=1&androidimei=010067029042170&androidmac=00DB5BEF69A5

tls, http

dnplayer.exe

1.1kB
7.2kB
11
12

HTTP Request

GET https://apiru.ldmnq.com/checkVersion2?pid=dnplayer-ru&openid=1007&t=20240404062537&sv=0900006803&m=9c259aa7f6a49091c1e506721add63a0&architecture=x64&multiplayer=1&androidimei=010067029042170&androidmac=00DB5BEF69A5

HTTP Response

200
52.222.149.79:443

https://ad.ldplayer.net/cptAdExposure?cptId=9761&language=ru_RU&placement=loading&version=9.0.68

tls, http

dnplayer.exe

1.0kB
1.1kB
10
8

HTTP Request

GET https://ad.ldplayer.net/cptAdExposure?cptId=9761&language=ru_RU&placement=loading&version=9.0.68

HTTP Response

200
18.155.129.58:443

https://apiru.ldmnq.com/checkMnqVersion?pid=dnplayer-ru9&openid=1007&t=20240404062540&sv=0900006803&n=4ed820ed97a93942be2094ffcb6edd56&updatetype=1

tls, http

dnplayer.exe

1.1kB
914 B
9
7

HTTP Request

GET https://apiru.ldmnq.com/checkMnqVersion?pid=dnplayer-ru9&openid=1007&t=20240404062540&sv=0900006803&n=4ed820ed97a93942be2094ffcb6edd56&updatetype=1

HTTP Response

204
163.181.154.240:443

ru.ldplayer.net

tls

2.4kB
98.8kB
25
83
163.181.154.240:443

ru.ldplayer.net

tls

1.2kB
668 B
8
9
51.140.244.186:443

nav-edge.smartscreen.microsoft.com

tls

60.3kB
50.7kB
102
94
13.107.6.158:443

business.bing.com

tls

1.9kB
9.8kB
15
23
51.140.244.186:443

nav-edge.smartscreen.microsoft.com

tls

1.1kB
6.7kB
11
9
92.123.241.137:443

www.microsoft.com

tls

2.6kB
22.5kB
22
35
3.162.38.96:443

cdn.ldplayer.net

tls

14.2kB
429.2kB
204
326
3.162.38.96:443

cdn.ldplayer.net

tls

1.0kB
6.6kB
9
11
3.162.38.96:443

cdn.ldplayer.net

tls

1.0kB
6.6kB
9
11
104.86.110.144:443

bzib.nelreports.net

tls

2.5kB
6.0kB
14
15
104.26.4.6:443

cmp.setupcmp.com

tls

2.2kB
44.0kB
20
51
13.249.9.34:443

encdn.ldmnq.com

tls

3.1kB
138.4kB
37
107
13.249.9.34:443

encdn.ldmnq.com

tls

1.1kB
6.5kB
9
10
13.249.9.34:443

encdn.ldmnq.com

tls

949 B
6.3kB
9
8
13.249.9.34:443

encdn.ldmnq.com

tls

1.1kB
6.3kB
10
8
142.250.179.238:443

www.youtube.com

tls

17.0kB
1.1MB
314
782
142.250.179.238:443

www.youtube.com

tls

1.1kB
8.4kB
10
11
77.88.55.88:443

yandex.ru

tls

4.1kB
113.3kB
64
105
142.250.187.206:443

fundingchoicesmessages.google.com

tls

2.4kB
32.6kB
22
39
3.162.38.30:443

encdn01.ldmnq.com

tls

2.9kB
92.1kB
32
75
3.162.38.30:443

encdn01.ldmnq.com

tls

997 B
5.8kB
10
8
3.162.38.30:443

encdn01.ldmnq.com

tls

1.1kB
5.8kB
10
8
52.222.201.89:443

encdn09.ldmnq.com

tls

3.0kB
138.8kB
38
109
104.26.4.6:443

cmp.setupcmp.com

tls

2.9kB
125.6kB
34
106
99.86.91.95:443

encdn03.ldmnq.com

tls

3.5kB
108.3kB
47
88
99.86.91.95:443

encdn03.ldmnq.com

tls

1.0kB
6.0kB
8
10
104.18.31.49:443

stpd.cloud

tls

4.7kB
399.0kB
76
306
142.250.200.54:443

i.ytimg.com

tls

2.5kB
74.3kB
27
62
2.18.66.162:443

www.bing.com

tls

13.7kB
871.3kB
272
636
77.88.21.119:443

mc.yandex.ru

tls

1.1kB
4.6kB
11
12
87.250.247.182:443

avatars.mds.yandex.net

tls

1.1kB
6.0kB
10
16
178.154.131.215:443

yastatic.net

tls

964 B
4.0kB
8
6
178.154.131.215:443

yastatic.net

tls

885 B
4.0kB
8
6
178.154.131.215:443

yastatic.net

tls

932 B
4.0kB
8
6
178.154.131.215:443

yastatic.net

tls

978 B
4.0kB
9
7
178.154.131.215:443

yastatic.net

tls

5.3kB
209.4kB
83
162
178.154.131.215:443

yastatic.net

tls

900 B
4.0kB
8
6
178.154.131.215:443

yastatic.net

tls

1.0kB
4.9kB
9
11
52.222.201.65:443

apiru.ldplayer.net

tls

1.9kB
9.3kB
15
20
47.236.4.49:443

usersdk.ldmnq.com

tls

2.4kB
6.9kB
17
14
142.250.187.194:443

www.googletagservices.com

tls

2.2kB
37.3kB
23
36
77.88.21.179:443

ads.adfox.ru

tls

1.2kB
5.6kB
11
13
47.236.4.49:443

usersdk.ldmnq.com

tls

1.1kB
6.0kB
10
11
142.250.187.226:443

securepubads.g.doubleclick.net

tls

13.4kB
184.9kB
72
155
142.250.187.226:443

securepubads.g.doubleclick.net

tls

2.0kB
7.8kB
17
18
108.177.15.84:443

accounts.google.com

tls

2.2kB
9.1kB
16
22
13.107.246.64:443

edgestatic.azureedge.net

tls

42.6kB
4.4MB
800
3201
13.107.246.64:443

edgestatic.azureedge.net

tls

1.9kB
7.9kB
12
14
13.107.246.64:443

edgestatic.azureedge.net

tls

1.7kB
7.9kB
12
14
172.217.169.10:443

jnn-pa.googleapis.com

tls

2.8kB
52.2kB
27
51
216.58.204.70:443

static.doubleclick.net

tls

1.8kB
6.8kB
13
12
172.217.16.228:443

www.google.com

tls

2.4kB
28.8kB
20
37
99.86.91.39:443

tagan.adlightning.com

tls

2.3kB
76.9kB
24
66
151.101.1.229:443

cdn.jsdelivr.net

tls

1.8kB
7.1kB
13
16
52.222.168.86:443

c.amazon-adsystem.com

tls

2.5kB
88.9kB
28
73
172.217.169.65:443

yt3.ggpht.com

tls

2.0kB
14.9kB
16
20
52.222.168.86:443

c.amazon-adsystem.com

tls

1.7kB
10.2kB
13
18
52.84.174.40:443

config.aps.amazon-adsystem.com

tls

1.8kB
7.7kB
14
14
104.78.175.230:443

secure.cdn.fastclick.net

tls

1.1kB
4.7kB
10
9
104.78.175.230:443

secure.cdn.fastclick.net

tls

2.3kB
46.8kB
23
46
52.84.179.171:443

aax.amazon-adsystem.com

tls

3.2kB
8.5kB
16
22
52.84.179.171:443

aax.amazon-adsystem.com

tls

929 B
6.5kB
7
8
52.84.179.171:443

aax.amazon-adsystem.com

tls

839 B
6.5kB
7
8
104.22.52.173:443

cdn.hadronid.net

tls

1.9kB
16.3kB
14
26
18.155.129.39:443

tags.crwdcntrl.net

tls

1.6kB
19.3kB
13
23
172.67.38.106:443

cdn.id5-sync.com

tls

1.9kB
32.3kB
17
39
104.22.5.69:443

id.hadron.ad.gt

tls

2.0kB
5.5kB
13
14
54.155.27.174:443

bcp.crwdcntrl.net

tls

3.7kB
7.7kB
19
21
54.155.27.174:443

bcp.crwdcntrl.net

tls

1.2kB
6.1kB
11
11
54.155.27.174:443

bcp.crwdcntrl.net

tls

1.1kB
6.1kB
10
10
89.207.16.210:443

proc.ad.cpe.dotomi.com

tls

1.1kB
4.8kB
11
13
89.207.16.210:443

proc.ad.cpe.dotomi.com

tls

1.2kB
4.9kB
12
14
13.89.179.12:443

https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

tls, http

14.3kB
7.9kB
19
14

HTTP Request

POST https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

HTTP Response

200
172.217.16.238:80

http://www.google-analytics.com/collect?v=1&t=event&tid=UA-156094621-1&cid=9c259aa7f6a49091c1e506721add63a0&ec=0900006803&ea=mainCheckOK&el=1007&ev=100&z=26500

http

LDPlayer.exe

494 B
561 B
5
3

HTTP Request

GET http://www.google-analytics.com/collect?v=1&t=event&tid=UA-156094621-1&cid=9c259aa7f6a49091c1e506721add63a0&ec=0900006803&ea=mainCheckOK&el=1007&ev=100&z=26500

HTTP Response

200
172.67.23.234:443

a.ad.gt

tls

1.8kB
9.8kB
15
17
142.250.200.42:443

chromewebstore.googleapis.com

tls

2.0kB
8.8kB
18
19
162.19.138.117:443

id5-sync.com

tls

2.5kB
5.5kB
19
24
178.250.1.11:443

gum.criteo.com

tls

1.1kB
4.2kB
10
8
178.250.1.11:443

gum.criteo.com

tls

1.1kB
4.2kB
10
8
178.250.1.11:443

gum.criteo.com

tls

5.5kB
5.9kB
15
16
35.227.252.103:443

rtb.openx.net

tls

19.6kB
6.0kB
32
26
185.106.140.18:443

rtb.adxpremium.services

tls

4.4kB
21.3kB
18
25
35.227.252.103:443

rtb.openx.net

tls

991 B
4.1kB
8
7
185.64.189.112:443

hbopenbid.pubmatic.com

tls

1.1kB
4.9kB
10
10
104.26.8.178:443

prebid-stag.setupad.net

tls

969 B
4.5kB
8
7
104.26.8.178:443

prebid-stag.setupad.net

tls

32.2kB
15.7kB
54
54
104.26.8.178:443

prebid-stag.setupad.net

tls

969 B
4.5kB
8
7
104.26.8.178:443

prebid-stag.setupad.net

tls

1.0kB
4.5kB
8
7
185.64.189.112:443

hbopenbid.pubmatic.com

tls

10.1kB
5.7kB
20
22
185.106.140.18:443

rtb.adxpremium.services

tls

4.4kB
21.3kB
18
25
104.26.9.169:443

script.4dex.io

tls

3.0kB
6.6kB
14
12
162.19.138.120:443

lb.eu-1-id5-sync.com

tls

2.1kB
5.6kB
19
21
185.184.8.90:443

prebid-eu.creativecdn.com

tls

9.7kB
5.5kB
23
18
185.184.8.90:443

prebid-eu.creativecdn.com

tls

1.1kB
4.3kB
10
8
37.157.6.233:443

adx.adform.net

tls

9.2kB
7.9kB
23
23
37.157.6.233:443

adx.adform.net

tls

1.0kB
5.1kB
9
7
104.26.8.178:443

prebid-stag.setupad.net

tls

819 B
3.9kB
6
5
104.26.8.178:443

prebid-stag.setupad.net

tls

885 B
4.0kB
8
6
104.18.34.178:443

mp.4dex.io

tls

19.7kB
9.7kB
31
26
104.18.34.178:443

mp.4dex.io

tls

956 B
3.0kB
8
6
185.106.140.18:443

rtb.adxpremium.services

tls

4.3kB
21.3kB
19
25
35.227.252.103:443

rtb.openx.net

tls

901 B
3.5kB
8
6
185.64.189.112:443

hbopenbid.pubmatic.com

tls

1.0kB
4.8kB
10
8
178.250.1.8:443

bidder.criteo.com

tls

1.1kB
4.2kB
10
8
178.250.1.8:443

bidder.criteo.com

tls

13.5kB
6.1kB
26
21
104.18.34.178:443

mp.4dex.io

tls

839 B
2.4kB
7
5
145.40.97.67:443

prebid.a-mo.net

tls

885 B
3.3kB
8
6
145.40.97.67:443

prebid.a-mo.net

tls

16.2kB
10.8kB
31
25
185.184.8.90:443

prebid-eu.creativecdn.com

tls

886 B
3.6kB
8
5
145.40.97.67:443

prebid.a-mo.net

tls

903 B
3.3kB
8
6
18.155.129.82:443

ldcdn.ldmnq.com

tls

1.8kB
17.4kB
14
22
37.157.6.233:443

adx.adform.net

tls

980 B
5.1kB
9
7
178.250.1.8:443

bidder.criteo.com

tls

969 B
3.4kB
8
5
185.86.138.124:443

prg.smartadserver.com

tls

7.1kB
5.1kB
16
13
185.86.138.124:443

prg.smartadserver.com

tls

7.0kB
7.4kB
16
14
185.86.138.124:443

prg.smartadserver.com

tls

7.1kB
7.3kB
16
15
172.217.16.225:443

tpc.googlesyndication.com

tls

2.7kB
21.1kB
24
34
178.250.1.11:443

gum.criteo.com

tls

5.7kB
7.4kB
18
17
162.19.138.117:443

id5-sync.com

tls

15.6kB
7.2kB
31
30
104.26.9.169:443

script.4dex.io

tls

3.3kB
31.4kB
17
34
5.196.111.69:443

ssbsync-global.smartadserver.com

tls

21.4kB
27.7kB
40
41
104.115.32.236:443

ads.pubmatic.com

tls

1.0kB
4.6kB
8
10
104.115.32.236:443

ads.pubmatic.com

tls

11.6kB
37.0kB
33
48
35.244.159.8:443

u.openx.net

tls

1.1kB
5.4kB
10
10
35.244.159.8:443

u.openx.net

tls

8.6kB
10.6kB
24
27
172.217.16.225:443

tpc.googlesyndication.com

tls

991 B
4.8kB
9
7
172.217.16.225:443

tpc.googlesyndication.com

tls

991 B
4.8kB
9
7
172.217.16.225:443

tpc.googlesyndication.com

tls

931 B
4.8kB
7
7
172.217.16.225:443

tpc.googlesyndication.com

tls

4.1kB
64.9kB
40
60
172.217.16.225:443

tpc.googlesyndication.com

tls

1.0kB
4.8kB
9
7
172.217.16.225:443

tpc.googlesyndication.com

tls

981 B
5.8kB
8
8
104.18.22.145:443

cadmus.script.ac

tls

1.6kB
5.1kB
12
13
172.217.16.225:443

tpc.googlesyndication.com

tls

1.1kB
5.8kB
9
9
104.26.9.169:443

script.4dex.io

tls

1.1kB
1.1kB
6
7
142.250.180.1:443

14e3182e46bc0479742cdf3d1ffcbdac.safeframe.googlesyndication.com

tls

1.1kB
6.2kB
9
9
52.200.122.91:443

1x1.a-mo.net

tls

2.0kB
6.3kB
12
12
142.250.180.1:443

14e3182e46bc0479742cdf3d1ffcbdac.safeframe.googlesyndication.com

tls

2.4kB
12.9kB
18
23
178.250.7.13:443

dnacdn.net

tls

1.8kB
6.2kB
14
15
142.250.180.1:443

0d4f329be38a4f08801ad5706670162d.safeframe.googlesyndication.com

tls

1.1kB
6.2kB
10
9
142.250.180.1:443

0d4f329be38a4f08801ad5706670162d.safeframe.googlesyndication.com

tls

2.0kB
9.8kB
14
17
35.244.159.8:443

u.openx.net

tls

8.5kB
10.7kB
24
26
37.157.5.133:443

cm.adform.net

tls

5.9kB
7.2kB
18
23
104.26.9.178:443

prebid-stag.setupad.net

tls

6.3kB
7.0kB
20
18
34.149.40.38:443

u.4dex.io

tls

4.9kB
7.0kB
19
16
51.89.9.253:443

onetag-sys.com

tls

32.3kB
20.3kB
52
48
172.217.16.225:443

cdn.ampproject.org

tls

3.6kB
141.0kB
45
111

8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

encdn.ldmnq.com

dns

dnplayer.exe

61 B
168 B
1
1

DNS Request

encdn.ldmnq.com

DNS Response

13.249.9.21

13.249.9.19

13.249.9.78

13.249.9.34
8.8.8.8:53

21.9.249.13.in-addr.arpa

dns

70 B
125 B
1
1

DNS Request

21.9.249.13.in-addr.arpa
8.8.8.8:53

238.16.217.172.in-addr.arpa

dns

73 B
142 B
1
1

DNS Request

238.16.217.172.in-addr.arpa
8.8.8.8:53

163.128.155.18.in-addr.arpa

dns

73 B
131 B
1
1

DNS Request

163.128.155.18.in-addr.arpa
8.8.8.8:53

90.193.84.52.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

90.193.84.52.in-addr.arpa
8.8.8.8:53

133.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

133.32.126.40.in-addr.arpa
8.8.8.8:53

cdn.ldplayer.net

dns

dnplayer.exe

62 B
166 B
1
1

DNS Request

cdn.ldplayer.net

DNS Response

3.162.38.43

3.162.38.36

3.162.38.96

3.162.38.2
8.8.8.8:53

43.38.162.3.in-addr.arpa

dns

70 B
125 B
1
1

DNS Request

43.38.162.3.in-addr.arpa
8.8.8.8:53

152.33.115.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

152.33.115.104.in-addr.arpa
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

21.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

21.236.111.52.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

145.110.86.104.in-addr.arpa

dns

365 B
139 B
5
1

DNS Request

145.110.86.104.in-addr.arpa

DNS Request

145.110.86.104.in-addr.arpa

DNS Request

145.110.86.104.in-addr.arpa

DNS Request

145.110.86.104.in-addr.arpa

DNS Request

145.110.86.104.in-addr.arpa
8.8.8.8:53

235.17.178.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

235.17.178.52.in-addr.arpa
8.8.8.8:53

middledata.ldplayer.net

dns

LDPlayer.exe

69 B
185 B
1
1

DNS Request

middledata.ldplayer.net

DNS Response

8.219.4.49

8.219.48.146

8.219.136.97
8.8.8.8:53

49.4.219.8.in-addr.arpa

dns

69 B
140 B
1
1

DNS Request

49.4.219.8.in-addr.arpa
8.8.8.8:53

ad.ldplayer.net

dns

dnplayer.exe

122 B
330 B
2
2

DNS Request

ad.ldplayer.net

DNS Request

ad.ldplayer.net

DNS Response

52.222.149.79

52.222.149.30

52.222.149.101

52.222.149.35

DNS Response

52.222.149.79

52.222.149.101

52.222.149.30

52.222.149.35
8.8.8.8:53

en.ldplayer.net

dns

dnplayer.exe

122 B
466 B
2
2

DNS Request

en.ldplayer.net

DNS Request

en.ldplayer.net

DNS Response

163.181.154.249

163.181.154.244

163.181.154.242

163.181.154.241

163.181.154.240

163.181.154.243

163.181.154.248

163.181.154.239

DNS Response

163.181.154.241

163.181.154.249

163.181.154.239

163.181.154.242

163.181.154.240

163.181.154.244

163.181.154.243

163.181.154.248
8.8.8.8:53

encdn.ldmnq.com

dns

dnplayer.exe

122 B
336 B
2
2

DNS Request

encdn.ldmnq.com

DNS Request

encdn.ldmnq.com

DNS Response

13.249.9.34

13.249.9.19

13.249.9.78

13.249.9.21

DNS Response

13.249.9.78

13.249.9.34

13.249.9.19

13.249.9.21
8.8.8.8:53

advertise.ldplayer.net

dns

dnplayer.exe

136 B
276 B
2
2

DNS Request

advertise.ldplayer.net

DNS Request

advertise.ldplayer.net

DNS Response

163.181.154.215

DNS Response

163.181.154.215
8.8.8.8:53

cdn.ldplayer.net

dns

dnplayer.exe

124 B
332 B
2
2

DNS Request

cdn.ldplayer.net

DNS Request

cdn.ldplayer.net

DNS Response

3.162.38.36

3.162.38.96

3.162.38.43

3.162.38.2

DNS Response

3.162.38.36

3.162.38.43

3.162.38.2

3.162.38.96
8.8.8.8:53

34.9.249.13.in-addr.arpa

dns

70 B
125 B
1
1

DNS Request

34.9.249.13.in-addr.arpa
8.8.8.8:53

249.154.181.163.in-addr.arpa

dns

74 B
145 B
1
1

DNS Request

249.154.181.163.in-addr.arpa
8.8.8.8:53

79.149.222.52.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

79.149.222.52.in-addr.arpa
8.8.8.8:53

215.154.181.163.in-addr.arpa

dns

74 B
145 B
1
1

DNS Request

215.154.181.163.in-addr.arpa
8.8.8.8:53

36.38.162.3.in-addr.arpa

dns

70 B
125 B
1
1

DNS Request

36.38.162.3.in-addr.arpa
8.8.8.8:53

apiru.ldmnq.com

dns

dnplayer.exe

122 B
336 B
2
2

DNS Request

apiru.ldmnq.com

DNS Request

apiru.ldmnq.com

DNS Response

18.155.129.58

18.155.129.20

18.155.129.44

18.155.129.118

DNS Response

18.155.129.58

18.155.129.20

18.155.129.44

18.155.129.118
8.8.8.8:53

58.129.155.18.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

58.129.155.18.in-addr.arpa
8.8.8.8:53

ru.ldplayer.net

dns

61 B
233 B
1
1

DNS Request

ru.ldplayer.net

DNS Response

163.181.154.240

163.181.154.242

163.181.154.244

163.181.154.243

163.181.154.249

163.181.154.241

163.181.154.248

163.181.154.239
8.8.8.8:53

ru.ldplayer.net

dns

61 B
157 B
1
1

DNS Request

ru.ldplayer.net
8.8.8.8:53

ru.ldplayer.net

dns

61 B
233 B
1
1

DNS Request

ru.ldplayer.net

DNS Response

163.181.154.241

163.181.154.240

163.181.154.249

163.181.154.243

163.181.154.239

163.181.154.242

163.181.154.244

163.181.154.248
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
199 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com

DNS Response

51.140.244.186
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
244 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com
8.8.8.8:53

business.bing.com

dns

63 B
144 B
1
1

DNS Request

business.bing.com

DNS Response

13.107.6.158
8.8.8.8:53

business.bing.com

dns

63 B
185 B
1
1

DNS Request

business.bing.com
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

92.123.241.137
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

92.123.241.137
8.8.8.8:53

www.microsoft.com

dns

63 B
275 B
1
1

DNS Request

www.microsoft.com
8.8.8.8:53

cdn.ldplayer.net

dns

dnplayer.exe

62 B
166 B
1
1

DNS Request

cdn.ldplayer.net

DNS Response

3.162.38.96

3.162.38.2

3.162.38.43

3.162.38.36
8.8.8.8:53

cdn.ldplayer.net

dns

dnplayer.exe

62 B
187 B
1
1

DNS Request

cdn.ldplayer.net
8.8.8.8:53

bzib.nelreports.net

dns

65 B
172 B
1
1

DNS Request

bzib.nelreports.net

DNS Response

104.86.110.144

104.86.110.131
8.8.8.8:53

bzib.nelreports.net

dns

65 B
204 B
1
1

DNS Request

bzib.nelreports.net
8.8.8.8:53

cmp.setupcmp.com

dns

62 B
110 B
1
1

DNS Request

cmp.setupcmp.com

DNS Response

104.26.4.6

104.26.5.6

172.67.70.36
8.8.8.8:53

cmp.setupcmp.com

dns

62 B
152 B
1
1

DNS Request

cmp.setupcmp.com
8.8.8.8:53

240.154.181.163.in-addr.arpa

dns

74 B
145 B
1
1

DNS Request

240.154.181.163.in-addr.arpa
8.8.8.8:53

186.244.140.51.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

186.244.140.51.in-addr.arpa
8.8.8.8:53

137.241.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

137.241.123.92.in-addr.arpa
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

92.123.241.137
8.8.8.8:53

encdn.ldmnq.com

dns

dnplayer.exe

61 B
168 B
1
1

DNS Request

encdn.ldmnq.com

DNS Response

13.249.9.34

13.249.9.19

13.249.9.78

13.249.9.21
8.8.8.8:53

encdn.ldmnq.com

dns

dnplayer.exe

61 B
188 B
1
1

DNS Request

encdn.ldmnq.com
3.162.38.96:443

cdn.ldplayer.net

https

20.3kB
335.4kB
115
276
8.8.8.8:53

www.youtube.com

dns

61 B
319 B
1
1

DNS Request

www.youtube.com

DNS Response

142.250.179.238

142.250.180.14

142.250.187.206

142.250.187.238

142.250.178.14

172.217.16.238

142.250.200.14

142.250.200.46

216.58.201.110

216.58.204.78

216.58.213.14

172.217.169.14

216.58.212.238

172.217.169.78
8.8.8.8:53

www.youtube.com

dns

61 B
110 B
1
1

DNS Request

www.youtube.com
8.8.8.8:53

www.youtube.com

dns

61 B
319 B
1
1

DNS Request

www.youtube.com

DNS Response

142.250.179.238

142.250.180.14

142.250.187.206

142.250.187.238

142.250.178.14

172.217.16.238

142.250.200.14

142.250.200.46

216.58.201.110

216.58.204.78

216.58.213.14

172.217.169.14

216.58.212.238

172.217.169.78
8.8.8.8:53

yandex.ru

dns

55 B
119 B
1
1

DNS Request

yandex.ru

DNS Response

77.88.55.88

77.88.55.60

5.255.255.70

5.255.255.77
8.8.8.8:53

yandex.ru

dns

55 B
116 B
1
1

DNS Request

yandex.ru
8.8.8.8:53

fundingchoicesmessages.google.com

dns

79 B
116 B
1
1

DNS Request

fundingchoicesmessages.google.com

DNS Response

142.250.187.206
8.8.8.8:53

fundingchoicesmessages.google.com

dns

221 B
420 B
3
3

DNS Request

fundingchoicesmessages.google.com

DNS Request

179.21.88.77.in-addr.arpa

DNS Request

179.21.88.77.in-addr.arpa
8.8.8.8:53

encdn01.ldmnq.com

dns

63 B
170 B
1
1

DNS Request

encdn01.ldmnq.com

DNS Response

3.162.38.30

3.162.38.93

3.162.38.68

3.162.38.60
8.8.8.8:53

encdn01.ldmnq.com

dns

63 B
190 B
1
1

DNS Request

encdn01.ldmnq.com
8.8.8.8:53

encdn09.ldmnq.com

dns

63 B
169 B
1
1

DNS Request

encdn09.ldmnq.com

DNS Response

52.222.201.89

52.222.201.15

52.222.201.32

52.222.201.31
8.8.8.8:53

encdn09.ldmnq.com

dns

63 B
189 B
1
1

DNS Request

encdn09.ldmnq.com
8.8.8.8:53

encdn03.ldmnq.com

dns

63 B
169 B
1
1

DNS Request

encdn03.ldmnq.com

DNS Response

99.86.91.95

99.86.91.45

99.86.91.86

99.86.91.121
8.8.8.8:53

encdn03.ldmnq.com

dns

63 B
189 B
1
1

DNS Request

encdn03.ldmnq.com
142.250.179.238:443

www.youtube.com

https

23.3kB
923.8kB
160
739
8.8.8.8:53

stpd.cloud

dns

56 B
88 B
1
1

DNS Request

stpd.cloud

DNS Response

104.18.31.49

104.18.30.49
8.8.8.8:53

stpd.cloud

dns

56 B
126 B
1
1

DNS Request

stpd.cloud
142.250.187.206:443

fundingchoicesmessages.google.com

https

5.5kB
124.4kB
56
108
8.8.8.8:53

i.ytimg.com

dns

57 B
297 B
1
1

DNS Request

i.ytimg.com

DNS Response

142.250.200.54

216.58.201.118

216.58.204.86

216.58.213.22

172.217.169.22

216.58.212.246

172.217.169.86

172.217.169.54

142.250.179.246

142.250.180.22

142.250.187.214

142.250.187.246

142.250.178.22

172.217.16.246

142.250.200.22
8.8.8.8:53

i.ytimg.com

dns

57 B
114 B
1
1

DNS Request

i.ytimg.com
8.8.8.8:53

67.204.58.216.in-addr.arpa

dns

144 B
338 B
2
2

DNS Request

67.204.58.216.in-addr.arpa

DNS Request

67.204.58.216.in-addr.arpa
8.8.8.8:53

10.180.250.142.in-addr.arpa

dns

146 B
224 B
2
2

DNS Request

10.180.250.142.in-addr.arpa

DNS Request

10.180.250.142.in-addr.arpa
8.8.8.8:53

144.110.86.104.in-addr.arpa

dns

146 B
278 B
2
2

DNS Request

144.110.86.104.in-addr.arpa

DNS Request

144.110.86.104.in-addr.arpa
8.8.8.8:53

6.4.26.104.in-addr.arpa

dns

198 B
338 B
3
3

DNS Request

6.4.26.104.in-addr.arpa

DNS Request

6.4.26.104.in-addr.arpa

DNS Request

www.google.com

DNS Response

172.217.16.228
8.8.8.8:53

96.38.162.3.in-addr.arpa

dns

140 B
250 B
2
2

DNS Request

96.38.162.3.in-addr.arpa

DNS Request

96.38.162.3.in-addr.arpa
8.8.8.8:53

238.179.250.142.in-addr.arpa

dns

148 B
226 B
2
2

DNS Request

238.179.250.142.in-addr.arpa

DNS Request

238.179.250.142.in-addr.arpa
8.8.8.8:53

206.187.250.142.in-addr.arpa

dns

148 B
226 B
2
2

DNS Request

206.187.250.142.in-addr.arpa

DNS Request

206.187.250.142.in-addr.arpa
8.8.8.8:53

30.38.162.3.in-addr.arpa

dns

140 B
250 B
2
2

DNS Request

30.38.162.3.in-addr.arpa

DNS Request

30.38.162.3.in-addr.arpa
8.8.8.8:53

88.55.88.77.in-addr.arpa

dns

140 B
186 B
2
2

DNS Request

88.55.88.77.in-addr.arpa

DNS Request

88.55.88.77.in-addr.arpa
8.8.8.8:53

89.201.222.52.in-addr.arpa

dns

144 B
258 B
2
2

DNS Request

89.201.222.52.in-addr.arpa

DNS Request

89.201.222.52.in-addr.arpa
8.8.8.8:53

apis.google.com

dns

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.187.206
8.8.8.8:53

apis.google.com

dns

61 B
132 B
1
1

DNS Request

apis.google.com
142.250.179.238:443

www.youtube.com

https

3.4kB
8.7kB
9
12
8.8.8.8:53

www.youtube.com

dns

61 B
319 B
1
1

DNS Request

www.youtube.com

DNS Response

142.250.179.238

142.250.180.14

142.250.187.206

142.250.187.238

142.250.178.14

172.217.16.238

142.250.200.14

142.250.200.46

216.58.201.110

216.58.204.78

216.58.213.14

172.217.169.14

216.58.212.238

172.217.169.78
8.8.8.8:53

apiru.ldplayer.net

dns

64 B
168 B
1
1

DNS Request

apiru.ldplayer.net

DNS Response

52.222.201.65

52.222.201.24

52.222.201.93

52.222.201.89
8.8.8.8:53

apiru.ldplayer.net

dns

64 B
189 B
1
1

DNS Request

apiru.ldplayer.net
8.8.8.8:53

usersdk.ldmnq.com

dns

63 B
160 B
1
1

DNS Request

usersdk.ldmnq.com

DNS Response

47.236.4.49

8.219.223.66
8.8.8.8:53

usersdk.ldmnq.com

dns

63 B
195 B
1
1

DNS Request

usersdk.ldmnq.com
8.8.8.8:53

yastatic.net

dns

58 B
106 B
1
1

DNS Request

yastatic.net

DNS Response

178.154.131.215

178.154.131.216

178.154.131.217
8.8.8.8:53

yastatic.net

dns

58 B
128 B
1
1

DNS Request

yastatic.net
8.8.8.8:53

avatars.mds.yandex.net

dns

68 B
132 B
1
1

DNS Request

avatars.mds.yandex.net

DNS Response

87.250.247.182

87.250.247.183

87.250.247.184

87.250.247.181
8.8.8.8:53

avatars.mds.yandex.net

dns

68 B
126 B
1
1

DNS Request

avatars.mds.yandex.net
8.8.8.8:53

mc.yandex.ru

dns

58 B
122 B
1
1

DNS Request

mc.yandex.ru

DNS Response

77.88.21.119

93.158.134.119

87.250.251.119

87.250.250.119
8.8.8.8:53

mc.yandex.ru

dns

58 B
119 B
1
1

DNS Request

mc.yandex.ru
8.8.8.8:53

www.googletagservices.com

dns

71 B
87 B
1
1

DNS Request

www.googletagservices.com

DNS Response

142.250.187.194
8.8.8.8:53

www.googletagservices.com

dns

71 B
128 B
1
1

DNS Request

www.googletagservices.com
8.8.8.8:53

ads.adfox.ru

dns

58 B
74 B
1
1

DNS Request

ads.adfox.ru

DNS Response

77.88.21.179
8.8.8.8:53

ads.adfox.ru

dns

58 B
114 B
1
1

DNS Request

ads.adfox.ru
8.8.8.8:53

googleads.g.doubleclick.net

dns

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

216.58.212.194
8.8.8.8:53

googleads.g.doubleclick.net

dns

73 B
98 B
1
1

DNS Request

googleads.g.doubleclick.net
52.222.201.65:443

apiru.ldplayer.net

https

2.8kB
9.6kB
20
20
8.8.8.8:53

securepubads.g.doubleclick.net

dns

76 B
121 B
1
1

DNS Request

securepubads.g.doubleclick.net

DNS Response

142.250.187.226
8.8.8.8:53

securepubads.g.doubleclick.net

dns

76 B
165 B
1
1

DNS Request

securepubads.g.doubleclick.net
216.58.212.194:443

googleads.g.doubleclick.net

https

3.1kB
9.1kB
19
23
8.8.8.8:53

95.91.86.99.in-addr.arpa

dns

140 B
250 B
2
2

DNS Request

95.91.86.99.in-addr.arpa

DNS Request

95.91.86.99.in-addr.arpa
8.8.8.8:53

49.31.18.104.in-addr.arpa

dns

142 B
266 B
2
2

DNS Request

49.31.18.104.in-addr.arpa

DNS Request

49.31.18.104.in-addr.arpa
8.8.8.8:53

54.200.250.142.in-addr.arpa

dns

146 B
224 B
2
2

DNS Request

54.200.250.142.in-addr.arpa

DNS Request

54.200.250.142.in-addr.arpa
8.8.8.8:53

162.66.18.2.in-addr.arpa

dns

140 B
266 B
2
2

DNS Request

162.66.18.2.in-addr.arpa

DNS Request

162.66.18.2.in-addr.arpa
8.8.8.8:53

2.213.58.216.in-addr.arpa

dns

142 B
276 B
2
2

DNS Request

2.213.58.216.in-addr.arpa

DNS Request

2.213.58.216.in-addr.arpa
8.8.8.8:53

65.201.222.52.in-addr.arpa

dns

144 B
258 B
2
2

DNS Request

65.201.222.52.in-addr.arpa

DNS Request

65.201.222.52.in-addr.arpa
8.8.8.8:53

215.131.154.178.in-addr.arpa

dns

148 B
210 B
2
2

DNS Request

215.131.154.178.in-addr.arpa

DNS Request

215.131.154.178.in-addr.arpa
8.8.8.8:53

182.247.250.87.in-addr.arpa

dns

212 B
345 B
3
3

DNS Request

182.247.250.87.in-addr.arpa

DNS Request

182.247.250.87.in-addr.arpa

DNS Request

ssum.casalemedia.com
8.8.8.8:53

119.21.88.77.in-addr.arpa

dns

286 B
398 B
4
4

DNS Request

119.21.88.77.in-addr.arpa

DNS Request

119.21.88.77.in-addr.arpa

DNS Request

246.83.36.212.in-addr.arpa

DNS Request

246.83.36.212.in-addr.arpa
8.8.8.8:53

194.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

194.187.250.142.in-addr.arpa
8.8.8.8:53

accounts.google.com

dns

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

108.177.15.84
8.8.8.8:53

accounts.google.com

dns

65 B
115 B
1
1

DNS Request

accounts.google.com
8.8.8.8:53

accounts.google.com

dns

65 B
81 B
1
1

DNS Request

accounts.google.com

DNS Response

108.177.15.84
8.8.8.8:53

googleads.g.doubleclick.net

dns

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

142.250.200.34
8.8.8.8:53

googleads.g.doubleclick.net

dns

73 B
98 B
1
1

DNS Request

googleads.g.doubleclick.net
142.250.200.34:443

googleads.g.doubleclick.net

https

24.0kB
160.6kB
96
168
8.8.8.8:53

49.4.236.47.in-addr.arpa

dns

140 B
282 B
2
2

DNS Request

49.4.236.47.in-addr.arpa

DNS Request

49.4.236.47.in-addr.arpa
8.8.8.8:53

194.212.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

194.212.58.216.in-addr.arpa
8.8.8.8:53

226.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

226.187.250.142.in-addr.arpa
8.8.8.8:53

84.15.177.108.in-addr.arpa

dns

72 B
105 B
1
1

DNS Request

84.15.177.108.in-addr.arpa
8.8.8.8:53

34.200.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

34.200.250.142.in-addr.arpa
8.8.8.8:53

c.s-microsoft.com

dns

63 B
193 B
1
1

DNS Request

c.s-microsoft.com

DNS Response

104.115.33.219
8.8.8.8:53

c.s-microsoft.com

dns

63 B
238 B
1
1

DNS Request

c.s-microsoft.com
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
245 B
1
1

DNS Request

edgestatic.azureedge.net

DNS Response

13.107.246.64

13.107.213.64
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
259 B
1
1

DNS Request

edgestatic.azureedge.net
8.8.8.8:53

jnn-pa.googleapis.com

dns

124 B
380 B
2
2

DNS Request

jnn-pa.googleapis.com

DNS Response

172.217.169.10

216.58.212.202

172.217.169.42

142.250.179.234

142.250.180.10

142.250.187.202

142.250.187.234

142.250.178.10

172.217.16.234

142.250.200.10

142.250.200.42

216.58.201.106

216.58.204.74

216.58.213.10

DNS Request

adxbid.info

DNS Response

172.67.138.13

104.21.48.215
8.8.8.8:53

jnn-pa.googleapis.com

dns

67 B
124 B
1
1

DNS Request

jnn-pa.googleapis.com
8.8.8.8:53

static.doubleclick.net

dns

68 B
84 B
1
1

DNS Request

static.doubleclick.net

DNS Response

216.58.204.70
8.8.8.8:53

static.doubleclick.net

dns

68 B
128 B
1
1

DNS Request

static.doubleclick.net
8.8.8.8:53

www.google.com

dns

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

172.217.16.228
8.8.8.8:53

www.google.com

dns

60 B
85 B
1
1

DNS Request

www.google.com
8.8.8.8:53

yt3.ggpht.com

dns

59 B
120 B
1
1

DNS Request

yt3.ggpht.com

DNS Response

172.217.169.65
8.8.8.8:53

yt3.ggpht.com

dns

59 B
161 B
1
1

DNS Request

yt3.ggpht.com
8.8.8.8:53

tagan.adlightning.com

dns

67 B
131 B
1
1

DNS Request

tagan.adlightning.com

DNS Response

99.86.91.39

99.86.91.84

99.86.91.98

99.86.91.43
8.8.8.8:53

tagan.adlightning.com

dns

67 B
145 B
1
1

DNS Request

tagan.adlightning.com
8.8.8.8:53

c.amazon-adsystem.com

dns

67 B
126 B
1
1

DNS Request

c.amazon-adsystem.com

DNS Response

52.222.168.86
8.8.8.8:53

c.amazon-adsystem.com

dns

67 B
188 B
1
1

DNS Request

c.amazon-adsystem.com
8.8.8.8:53

cdn.jsdelivr.net

dns

62 B
160 B
1
1

DNS Request

cdn.jsdelivr.net

DNS Response

151.101.1.229

151.101.65.229

151.101.129.229

151.101.193.229
8.8.8.8:53

cdn.jsdelivr.net

dns

62 B
157 B
1
1

DNS Request

cdn.jsdelivr.net
172.217.169.10:443

jnn-pa.googleapis.com

https

5.6kB
10.5kB
17
20
8.8.8.8:53

10.169.217.172.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

10.169.217.172.in-addr.arpa
8.8.8.8:53

70.204.58.216.in-addr.arpa

dns

144 B
338 B
2
2

DNS Request

70.204.58.216.in-addr.arpa

DNS Request

70.204.58.216.in-addr.arpa
8.8.8.8:53

228.16.217.172.in-addr.arpa

dns

73 B
140 B
1
1

DNS Request

228.16.217.172.in-addr.arpa
8.8.8.8:53

39.91.86.99.in-addr.arpa

dns

70 B
125 B
1
1

DNS Request

39.91.86.99.in-addr.arpa
8.8.8.8:53

229.1.101.151.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

229.1.101.151.in-addr.arpa
8.8.8.8:53

65.169.217.172.in-addr.arpa

dns

146 B
222 B
2
2

DNS Request

65.169.217.172.in-addr.arpa

DNS Request

65.169.217.172.in-addr.arpa
8.8.8.8:53

86.168.222.52.in-addr.arpa

dns

144 B
258 B
2
2

DNS Request

86.168.222.52.in-addr.arpa

DNS Request

86.168.222.52.in-addr.arpa
8.8.8.8:53

config.aps.amazon-adsystem.com

dns

76 B
140 B
1
1

DNS Request

config.aps.amazon-adsystem.com

DNS Response

52.84.174.40

52.84.174.60

52.84.174.6

52.84.174.75
8.8.8.8:53

config.aps.amazon-adsystem.com

dns

76 B
158 B
1
1

DNS Request

config.aps.amazon-adsystem.com
8.8.8.8:53

aax.amazon-adsystem.com

dns

69 B
201 B
1
1

DNS Request

aax.amazon-adsystem.com

DNS Response

52.84.179.171
8.8.8.8:53

aax.amazon-adsystem.com

dns

69 B
262 B
1
1

DNS Request

aax.amazon-adsystem.com
8.8.8.8:53

secure.cdn.fastclick.net

dns

70 B
167 B
1
1

DNS Request

secure.cdn.fastclick.net

DNS Response

104.78.175.230
8.8.8.8:53

secure.cdn.fastclick.net

dns

70 B
212 B
1
1

DNS Request

secure.cdn.fastclick.net
8.8.8.8:53

tags.crwdcntrl.net

dns

64 B
128 B
1
1

DNS Request

tags.crwdcntrl.net

DNS Response

18.155.129.39

18.155.129.34

18.155.129.56

18.155.129.21
8.8.8.8:53

tags.crwdcntrl.net

dns

64 B
145 B
1
1

DNS Request

tags.crwdcntrl.net
8.8.8.8:53

cdn.hadronid.net

dns

62 B
110 B
1
1

DNS Request

cdn.hadronid.net

DNS Response

104.22.52.173

104.22.53.173

172.67.36.110
8.8.8.8:53

cdn.hadronid.net

dns

62 B
152 B
1
1

DNS Request

cdn.hadronid.net
8.8.8.8:53

cdn.id5-sync.com

dns

62 B
110 B
1
1

DNS Request

cdn.id5-sync.com

DNS Response

172.67.38.106

104.22.53.86

104.22.52.86
8.8.8.8:53

cdn.id5-sync.com

dns

62 B
152 B
1
1

DNS Request

cdn.id5-sync.com
108.177.15.84:443

accounts.google.com

https

1.7kB
7.2kB
7
8
8.8.8.8:53

id.hadron.ad.gt

dns

61 B
157 B
1
1

DNS Request

id.hadron.ad.gt

DNS Response

104.22.5.69

104.22.4.69

172.67.23.234
8.8.8.8:53

id.hadron.ad.gt

dns

61 B
199 B
1
1

DNS Request

id.hadron.ad.gt
8.8.8.8:53

bcp.crwdcntrl.net

dns

63 B
191 B
1
1

DNS Request

bcp.crwdcntrl.net

DNS Response

54.155.27.174

54.77.0.180

52.210.166.25

52.49.44.122

54.155.211.205

52.214.182.85

54.229.184.161

108.128.218.76
8.8.8.8:53

bcp.crwdcntrl.net

dns

63 B
144 B
1
1

DNS Request

bcp.crwdcntrl.net
8.8.8.8:53

proc.ad.cpe.dotomi.com

dns

68 B
214 B
1
1

DNS Request

proc.ad.cpe.dotomi.com

DNS Response

89.207.16.210

63.215.202.146

89.207.16.146

64.158.223.146

63.215.202.178
8.8.8.8:53

proc.ad.cpe.dotomi.com

dns

68 B
197 B
1
1

DNS Request

proc.ad.cpe.dotomi.com
8.8.8.8:53

40.174.84.52.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

40.174.84.52.in-addr.arpa
8.8.8.8:53

230.175.78.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

230.175.78.104.in-addr.arpa
8.8.8.8:53

173.52.22.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

173.52.22.104.in-addr.arpa
8.8.8.8:53

106.38.67.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

106.38.67.172.in-addr.arpa
8.8.8.8:53

171.179.84.52.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

171.179.84.52.in-addr.arpa
8.8.8.8:53

69.5.22.104.in-addr.arpa

dns

70 B
132 B
1
1

DNS Request

69.5.22.104.in-addr.arpa
8.8.8.8:53

39.129.155.18.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

39.129.155.18.in-addr.arpa
8.8.8.8:53

174.27.155.54.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

174.27.155.54.in-addr.arpa
8.8.8.8:53

210.16.207.89.in-addr.arpa

dns

72 B
116 B
1
1

DNS Request

210.16.207.89.in-addr.arpa
8.8.8.8:53

76.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

76.32.126.40.in-addr.arpa
8.8.8.8:53

nw-umwatson.events.data.microsoft.com

dns

166 B
214 B
2
1

DNS Request

nw-umwatson.events.data.microsoft.com

DNS Request

nw-umwatson.events.data.microsoft.com

DNS Response

13.89.179.12
8.8.8.8:53

12.179.89.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

12.179.89.13.in-addr.arpa
8.8.8.8:53

a.ad.gt

dns

53 B
141 B
1
1

DNS Request

a.ad.gt

DNS Response

172.67.23.234

104.22.4.69

104.22.5.69
8.8.8.8:53

a.ad.gt

dns

53 B
183 B
1
1

DNS Request

a.ad.gt
8.8.8.8:53

chromewebstore.googleapis.com

dns

75 B
267 B
1
1

DNS Request

chromewebstore.googleapis.com

DNS Response

142.250.200.42

216.58.201.106

216.58.204.74

216.58.212.202

216.58.212.234

142.250.179.234

142.250.180.10

142.250.187.202

142.250.187.234

142.250.178.10

172.217.16.234

142.250.200.10
8.8.8.8:53

chromewebstore.googleapis.com

dns

75 B
132 B
1
1

DNS Request

chromewebstore.googleapis.com
2.18.66.162:443

www.bing.com

https

3.0kB
5.3kB
8
9
142.250.200.34:443

googleads.g.doubleclick.net

https

2.9kB
6.5kB
5
8
8.8.8.8:53

googleads.g.doubleclick.net

dns

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

172.217.16.226
8.8.8.8:53

googleads.g.doubleclick.net

dns

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

142.250.200.2
8.8.8.8:53

id5-sync.com

dns

58 B
218 B
1
1

DNS Request

id5-sync.com

DNS Response

162.19.138.117

162.19.138.116

141.95.98.65

162.19.138.118

162.19.138.119

162.19.138.120

162.19.138.83

162.19.138.82

141.95.98.64

141.95.33.120
8.8.8.8:53

id5-sync.com

dns

58 B
117 B
1
1

DNS Request

id5-sync.com
8.8.8.8:53

googleads.g.doubleclick.net

dns

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

216.58.201.98
8.8.8.8:53

234.23.67.172.in-addr.arpa

dns

202 B
374 B
3
3

DNS Request

234.23.67.172.in-addr.arpa

DNS Request

234.23.67.172.in-addr.arpa

DNS Request

um.simpli.fi

DNS Response

35.204.158.49

34.91.62.186

35.204.74.118
8.8.8.8:53

42.200.250.142.in-addr.arpa

dns

146 B
224 B
2
2

DNS Request

42.200.250.142.in-addr.arpa

DNS Request

42.200.250.142.in-addr.arpa
8.8.8.8:53

gum.criteo.com

dns

60 B
107 B
1
1

DNS Request

gum.criteo.com

DNS Response

178.250.1.11
8.8.8.8:53

gum.criteo.com

dns

60 B
135 B
1
1

DNS Request

gum.criteo.com
8.8.8.8:53

prebid-stag.setupad.net

dns

69 B
117 B
1
1

DNS Request

prebid-stag.setupad.net

DNS Response

104.26.8.178

104.26.9.178

172.67.68.162
8.8.8.8:53

prebid-stag.setupad.net

dns

69 B
107 B
1
1

DNS Request

prebid-stag.setupad.net
8.8.8.8:53

rtb.openx.net

dns

59 B
91 B
1
1

DNS Request

rtb.openx.net

DNS Response

35.227.252.103

35.186.253.211
8.8.8.8:53

rtb.openx.net

dns

59 B
152 B
1
1

DNS Request

rtb.openx.net
8.8.8.8:53

hbopenbid.pubmatic.com

dns

68 B
146 B
1
1

DNS Request

hbopenbid.pubmatic.com

DNS Response

185.64.189.112
8.8.8.8:53

hbopenbid.pubmatic.com

dns

68 B
196 B
1
1

DNS Request

hbopenbid.pubmatic.com
8.8.8.8:53

rtb.adxpremium.services

dns

69 B
85 B
1
1

DNS Request

rtb.adxpremium.services

DNS Response

185.106.140.18
8.8.8.8:53

rtb.adxpremium.services

dns

69 B
138 B
1
1

DNS Request

rtb.adxpremium.services
8.8.8.8:53

adx.adform.net

dns

60 B
180 B
1
1

DNS Request

adx.adform.net

DNS Response

37.157.6.233

37.157.6.254

37.157.6.237

37.157.6.243

37.157.6.232
8.8.8.8:53

adx.adform.net

dns

60 B
166 B
1
1

DNS Request

adx.adform.net
8.8.8.8:53

script.4dex.io

dns

60 B
108 B
1
1

DNS Request

script.4dex.io

DNS Response

104.26.9.169

104.26.8.169

172.67.75.241
8.8.8.8:53

script.4dex.io

dns

60 B
150 B
1
1

DNS Request

script.4dex.io
8.8.8.8:53

lb.eu-1-id5-sync.com

dns

66 B
226 B
1
1

DNS Request

lb.eu-1-id5-sync.com

DNS Response

162.19.138.120

162.19.138.118

141.95.33.120

141.95.98.64

162.19.138.82

162.19.138.119

162.19.138.116

141.95.98.65

162.19.138.83

162.19.138.117
8.8.8.8:53

lb.eu-1-id5-sync.com

dns

66 B
125 B
1
1

DNS Request

lb.eu-1-id5-sync.com
8.8.8.8:53

ldcdn.ldmnq.com

dns

61 B
168 B
1
1

DNS Request

ldcdn.ldmnq.com

DNS Response

18.155.129.82

18.155.129.4

18.155.129.106

18.155.129.47
8.8.8.8:53

ldcdn.ldmnq.com

dns

61 B
186 B
1
1

DNS Request

ldcdn.ldmnq.com
8.8.8.8:53

mp.4dex.io

dns

56 B
88 B
1
1

DNS Request

mp.4dex.io

DNS Response

104.18.34.178

172.64.153.78
8.8.8.8:53

mp.4dex.io

dns

56 B
126 B
1
1

DNS Request

mp.4dex.io
8.8.8.8:53

prebid-eu.creativecdn.com

dns

71 B
87 B
1
1

DNS Request

prebid-eu.creativecdn.com

DNS Response

185.184.8.90
8.8.8.8:53

prebid-eu.creativecdn.com

dns

71 B
142 B
1
1

DNS Request

prebid-eu.creativecdn.com
8.8.8.8:53

prebid.a-mo.net

dns

61 B
139 B
1
1

DNS Request

prebid.a-mo.net

DNS Response

145.40.97.67

145.40.97.66

147.75.84.158
8.8.8.8:53

prebid.a-mo.net

dns

61 B
172 B
1
1

DNS Request

prebid.a-mo.net
8.8.8.8:53

bidder.criteo.com

dns

63 B
113 B
1
1

DNS Request

bidder.criteo.com

DNS Response

178.250.1.8
8.8.8.8:53

bidder.criteo.com

dns

63 B
141 B
1
1

DNS Request

bidder.criteo.com
8.8.8.8:53

prg.smartadserver.com

dns

67 B
250 B
1
1

DNS Request

prg.smartadserver.com

DNS Response

185.86.138.124

185.86.138.121

185.86.138.16

185.86.138.32

185.86.138.123

185.86.138.122
8.8.8.8:53

prg.smartadserver.com

dns

67 B
220 B
1
1

DNS Request

prg.smartadserver.com
8.8.8.8:53

tpc.googlesyndication.com

dns

71 B
87 B
1
1

DNS Request

tpc.googlesyndication.com

DNS Response

172.217.16.225
8.8.8.8:53

tpc.googlesyndication.com

dns

71 B
128 B
1
1

DNS Request

tpc.googlesyndication.com
8.8.8.8:53

ssbsync-global.smartadserver.com

dns

78 B
455 B
1
1

DNS Request

ssbsync-global.smartadserver.com

DNS Response

5.196.111.69

5.196.111.68

5.135.209.101

178.32.210.230

217.182.178.228

149.202.238.100

149.202.238.101

5.135.209.100

91.134.110.133

51.178.195.212

164.132.25.181

178.32.197.52

51.178.195.213

178.32.210.231

217.182.178.229

91.134.110.132

164.132.25.180

178.32.197.53
8.8.8.8:53

ssbsync-global.smartadserver.com

dns

78 B
233 B
1
1

DNS Request

ssbsync-global.smartadserver.com
8.8.8.8:53

ads.pubmatic.com

dns

62 B
145 B
1
1

DNS Request

ads.pubmatic.com

DNS Response

104.115.32.236
8.8.8.8:53

ads.pubmatic.com

dns

62 B
187 B
1
1

DNS Request

ads.pubmatic.com
8.8.8.8:53

ads.pubmatic.com

dns

62 B
145 B
1
1

DNS Request

ads.pubmatic.com

DNS Response

104.115.32.236
8.8.8.8:53

u.openx.net

dns

57 B
89 B
1
1

DNS Request

u.openx.net

DNS Response

35.244.159.8

34.98.64.218
8.8.8.8:53

u.openx.net

dns

57 B
150 B
1
1

DNS Request

u.openx.net
8.8.8.8:53

u.openx.net

dns

57 B
89 B
1
1

DNS Request

u.openx.net

DNS Response

34.98.64.218

35.244.159.8
8.8.8.8:53

tpc.googlesyndication.com

dns

71 B
87 B
1
1

DNS Request

tpc.googlesyndication.com

DNS Response

172.217.16.225
8.8.8.8:53

tpc.googlesyndication.com

dns

71 B
128 B
1
1

DNS Request

tpc.googlesyndication.com
8.8.8.8:53

cadmus.script.ac

dns

62 B
94 B
1
1

DNS Request

cadmus.script.ac

DNS Response

104.18.22.145

104.18.23.145
8.8.8.8:53

cadmus.script.ac

dns

62 B
132 B
1
1

DNS Request

cadmus.script.ac
8.8.8.8:53

117.138.19.162.in-addr.arpa

dns

73 B
114 B
1
1

DNS Request

117.138.19.162.in-addr.arpa
8.8.8.8:53

googleads.g.doubleclick.net

dns

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

142.250.200.2
8.8.8.8:53

103.252.227.35.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

103.252.227.35.in-addr.arpa
8.8.8.8:53

11.1.250.178.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

11.1.250.178.in-addr.arpa
8.8.8.8:53

googleads.g.doubleclick.net

dns

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

142.250.200.2
8.8.8.8:53

178.8.26.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

178.8.26.104.in-addr.arpa
8.8.8.8:53

169.9.26.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

169.9.26.104.in-addr.arpa
8.8.8.8:53

112.189.64.185.in-addr.arpa

dns

73 B
133 B
1
1

DNS Request

112.189.64.185.in-addr.arpa
8.8.8.8:53

18.140.106.185.in-addr.arpa

dns

146 B
292 B
2
2

DNS Request

18.140.106.185.in-addr.arpa

DNS Request

18.140.106.185.in-addr.arpa
8.8.8.8:53

90.8.184.185.in-addr.arpa

dns

142 B
226 B
2
2

DNS Request

90.8.184.185.in-addr.arpa

DNS Request

90.8.184.185.in-addr.arpa
8.8.8.8:53

233.6.157.37.in-addr.arpa

dns

142 B
286 B
2
2

DNS Request

233.6.157.37.in-addr.arpa

DNS Request

233.6.157.37.in-addr.arpa
8.8.8.8:53

178.34.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

178.34.18.104.in-addr.arpa
8.8.8.8:53

120.138.19.162.in-addr.arpa

dns

146 B
228 B
2
2

DNS Request

120.138.19.162.in-addr.arpa

DNS Request

120.138.19.162.in-addr.arpa
8.8.8.8:53

8.1.250.178.in-addr.arpa

dns

140 B
248 B
2
2

DNS Request

8.1.250.178.in-addr.arpa

DNS Request

8.1.250.178.in-addr.arpa
8.8.8.8:53

67.97.40.145.in-addr.arpa

dns

142 B
272 B
2
2

DNS Request

67.97.40.145.in-addr.arpa

DNS Request

67.97.40.145.in-addr.arpa
8.8.8.8:53

82.129.155.18.in-addr.arpa

dns

144 B
258 B
2
2

DNS Request

82.129.155.18.in-addr.arpa

DNS Request

82.129.155.18.in-addr.arpa
8.8.8.8:53

124.138.86.185.in-addr.arpa

dns

146 B
266 B
2
2

DNS Request

124.138.86.185.in-addr.arpa

DNS Request

124.138.86.185.in-addr.arpa
8.8.8.8:53

225.16.217.172.in-addr.arpa

dns

146 B
280 B
2
2

DNS Request

225.16.217.172.in-addr.arpa

DNS Request

225.16.217.172.in-addr.arpa
8.8.8.8:53

14e3182e46bc0479742cdf3d1ffcbdac.safeframe.googlesyndication.com

dns

110 B
169 B
1
1

DNS Request

14e3182e46bc0479742cdf3d1ffcbdac.safeframe.googlesyndication.com

DNS Response

142.250.180.1
8.8.8.8:53

14e3182e46bc0479742cdf3d1ffcbdac.safeframe.googlesyndication.com

dns

110 B
203 B
1
1

DNS Request

14e3182e46bc0479742cdf3d1ffcbdac.safeframe.googlesyndication.com
8.8.8.8:53

14e3182e46bc0479742cdf3d1ffcbdac.safeframe.googlesyndication.com

dns

110 B
169 B
1
1

DNS Request

14e3182e46bc0479742cdf3d1ffcbdac.safeframe.googlesyndication.com

DNS Response

142.250.180.1
8.8.8.8:53

dnacdn.net

dns

56 B
72 B
1
1

DNS Request

dnacdn.net

DNS Response

178.250.7.13
8.8.8.8:53

dnacdn.net

dns

56 B
110 B
1
1

DNS Request

dnacdn.net
8.8.8.8:53

1x1.a-mo.net

dns

58 B
154 B
1
1

DNS Request

1x1.a-mo.net

DNS Response

52.200.122.91

34.197.15.32

34.234.115.171

54.198.51.14

52.22.241.133

3.92.5.209
8.8.8.8:53

1x1.a-mo.net

dns

58 B
145 B
1
1

DNS Request

1x1.a-mo.net
142.250.187.226:443

securepubads.g.doubleclick.net

https

12.3kB
21.9kB
30
36
8.8.8.8:53

0d4f329be38a4f08801ad5706670162d.safeframe.googlesyndication.com

dns

110 B
169 B
1
1

DNS Request

0d4f329be38a4f08801ad5706670162d.safeframe.googlesyndication.com

DNS Response

142.250.180.1
8.8.8.8:53

0d4f329be38a4f08801ad5706670162d.safeframe.googlesyndication.com

dns

110 B
203 B
1
1

DNS Request

0d4f329be38a4f08801ad5706670162d.safeframe.googlesyndication.com
8.8.8.8:53

0d4f329be38a4f08801ad5706670162d.safeframe.googlesyndication.com

dns

110 B
169 B
1
1

DNS Request

0d4f329be38a4f08801ad5706670162d.safeframe.googlesyndication.com

DNS Response

142.250.180.1
8.8.8.8:53

tpc.googlesyndication.com

dns

71 B
87 B
1
1

DNS Request

tpc.googlesyndication.com

DNS Response

172.217.16.225
172.217.16.228:443

www.google.com

https

2.4kB
8.6kB
11
14
8.8.8.8:53

u.openx.net

dns

57 B
89 B
1
1

DNS Request

u.openx.net

DNS Response

35.244.159.8

34.98.64.218
8.8.8.8:53

u.openx.net

dns

57 B
150 B
1
1

DNS Request

u.openx.net
8.8.8.8:53

cm.adform.net

dns

59 B
179 B
1
1

DNS Request

cm.adform.net

DNS Response

37.157.5.133

37.157.4.28

37.157.5.132

37.157.5.84

37.157.4.29
8.8.8.8:53

cm.adform.net

dns

59 B
165 B
1
1

DNS Request

cm.adform.net
35.244.159.8:443

u.openx.net

https

11.4kB
13.1kB
34
43
8.8.8.8:53

www.google.com

dns

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

172.217.16.228
8.8.8.8:53

googleads.g.doubleclick.net

dns

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

216.58.201.98
172.217.16.228:443

www.google.com

https

3.7kB
7.6kB
12
13
8.8.8.8:53

tpc.googlesyndication.com

dns

71 B
87 B
1
1

DNS Request

tpc.googlesyndication.com

DNS Response

172.217.16.225
172.217.16.225:443

tpc.googlesyndication.com

https

3.3kB
7.9kB
12
10
8.8.8.8:53

www.google.com

dns

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

172.217.16.228
8.8.8.8:53

googleads.g.doubleclick.net

dns

73 B
1

DNS Request

googleads.g.doubleclick.net
8.8.8.8:53

ads.pubmatic.com

dns

62 B
145 B
1
1

DNS Request

ads.pubmatic.com

DNS Response

104.115.32.236
35.244.159.8:443

u.openx.net

https

3.5kB
5.7kB
8
10
8.8.8.8:53

prebid-stag.setupad.net

dns

69 B
117 B
1
1

DNS Request

prebid-stag.setupad.net

DNS Response

104.26.9.178

172.67.68.162

104.26.8.178
8.8.8.8:53

prebid-stag.setupad.net

dns

69 B
107 B
1
1

DNS Request

prebid-stag.setupad.net
8.8.8.8:53

ads.pubmatic.com

dns

62 B
145 B
1
1

DNS Request

ads.pubmatic.com

DNS Response

104.115.32.236
8.8.8.8:53

googleads.g.doubleclick.net

dns

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

172.217.16.226
8.8.8.8:53

u.4dex.io

dns

55 B
71 B
1
1

DNS Request

u.4dex.io

DNS Response

34.149.40.38
8.8.8.8:53

u.4dex.io

dns

55 B
117 B
1
1

DNS Request

u.4dex.io
8.8.8.8:53

tpc.googlesyndication.com

dns

71 B
87 B
1
1

DNS Request

tpc.googlesyndication.com

DNS Response

172.217.16.225
8.8.8.8:53

www.google.com

dns

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

172.217.16.228
8.8.8.8:53

googleads.g.doubleclick.net

dns

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

216.58.201.98
8.8.8.8:53

69.111.196.5.in-addr.arpa

dns

71 B
105 B
1
1

DNS Request

69.111.196.5.in-addr.arpa
8.8.8.8:53

236.32.115.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

236.32.115.104.in-addr.arpa
8.8.8.8:53

8.159.244.35.in-addr.arpa

dns

142 B
244 B
2
2

DNS Request

8.159.244.35.in-addr.arpa

DNS Request

8.159.244.35.in-addr.arpa
8.8.8.8:53

145.22.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

145.22.18.104.in-addr.arpa
8.8.8.8:53

1.180.250.142.in-addr.arpa

dns

144 B
220 B
2
2

DNS Request

1.180.250.142.in-addr.arpa

DNS Request

1.180.250.142.in-addr.arpa
8.8.8.8:53

13.7.250.178.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

13.7.250.178.in-addr.arpa
8.8.8.8:53

91.122.200.52.in-addr.arpa

dns

72 B
127 B
1
1

DNS Request

91.122.200.52.in-addr.arpa
8.8.8.8:53

133.5.157.37.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

133.5.157.37.in-addr.arpa
8.8.8.8:53

googleads.g.doubleclick.net

dns

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

216.58.201.98
8.8.8.8:53

googleads.g.doubleclick.net

dns

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

172.217.16.226
172.217.16.225:443

tpc.googlesyndication.com

https

4.7kB
8.9kB
21
24
8.8.8.8:53

ads.pubmatic.com

dns

62 B
145 B
1
1

DNS Request

ads.pubmatic.com

DNS Response

104.115.32.236
8.8.8.8:53

onetag-sys.com

dns

60 B
156 B
1
1

DNS Request

onetag-sys.com

DNS Response

51.89.9.253

51.75.86.98

51.89.9.254

51.89.9.252

51.89.9.251

51.38.120.206
8.8.8.8:53

onetag-sys.com

dns

60 B
116 B
1
1

DNS Request

onetag-sys.com
8.8.8.8:53

onetag-sys.com

dns

60 B
156 B
1
1

DNS Request

onetag-sys.com

DNS Response

51.89.9.251

51.75.86.98

51.89.9.254

51.38.120.206

51.89.9.252

51.89.9.253
8.8.8.8:53

cdn.ampproject.org

dns

64 B
106 B
1
1

DNS Request

cdn.ampproject.org

DNS Response

172.217.16.225
8.8.8.8:53

cdn.ampproject.org

dns

64 B
150 B
1
1

DNS Request

cdn.ampproject.org
8.8.8.8:53

onetag-sys.com

dns

60 B
156 B
1
1

DNS Request

onetag-sys.com

DNS Response

51.89.9.252

51.89.9.253

51.89.9.254

51.75.86.98

51.38.120.206

51.89.9.251
8.8.8.8:53

u.openx.net

dns

57 B
89 B
1
1

DNS Request

u.openx.net

DNS Response

34.98.64.218

35.244.159.8
35.244.159.8:443

u.openx.net

https

2.8kB
3.8kB
4
6
8.8.8.8:53

www.google.com

dns

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

172.217.16.228
8.8.8.8:53

googleads.g.doubleclick.net

dns

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

142.250.200.34
8.8.8.8:53

178.9.26.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

178.9.26.104.in-addr.arpa
8.8.8.8:53

38.40.149.34.in-addr.arpa

dns

71 B
122 B
1
1

DNS Request

38.40.149.34.in-addr.arpa
8.8.8.8:53

6.178.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

6.178.250.142.in-addr.arpa
8.8.8.8:53

2.178.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

2.178.250.142.in-addr.arpa
8.8.8.8:53

253.9.89.51.in-addr.arpa

dns

70 B
103 B
1
1

DNS Request

253.9.89.51.in-addr.arpa
8.8.8.8:53

node.setupad.com

dns

62 B
78 B
1
1

DNS Request

node.setupad.com

DNS Response

159.89.25.223
8.8.8.8:53

node.setupad.com

dns

62 B
120 B
1
1

DNS Request

node.setupad.com

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\LDPlayer\LDPlayer9\LDPlayer.exe

Filesize
652.1MB

MD5
8367968abf3c0f20606e1c521c6ca5ec

SHA1
245a4a002eed800c3e79f6617ab075f751d1f125

SHA256
6af5aa10c1882719736d9c6005d8d1861299601318060b2b39853d05f4f9b4c1

SHA512
6672583c37d6d5adf123da55c76b59c3039d031eb4d6465d16c96fa89d8b905621beeb7f21f7fb3c8f93e0a33097777a92120c64fe384ebaca23f8e3590a2576

Download Submit
C:\LDPlayer\LDPlayer9\MSVCP120.dll

Filesize
444KB

MD5
50260b0f19aaa7e37c4082fecef8ff41

SHA1
ce672489b29baa7119881497ed5044b21ad8fe30

SHA256
891603d569fc6f1afed7c7d935b0a3c7363c35a0eb4a76c9e57ef083955bc2c9

SHA512
6f99d39bfe9d4126417ff65571c78c279d75fc9547ee767a594620c0c6f45f4bb42fd0c5173d9bc91a68a0636205a637d5d1c7847bd5f8ce57e120d210b0c57d

Download Submit
C:\LDPlayer\LDPlayer9\MSVCR120.dll

Filesize
947KB

MD5
50097ec217ce0ebb9b4caa09cd2cd73a

SHA1
8cd3018c4170072464fbcd7cba563df1fc2b884c

SHA256
2a2ff2c61977079205c503e0bcfb96bf7aa4d5c9a0d1b1b62d3a49a9aa988112

SHA512
ac2d02e9bfc2be4c3cb1c2fff41a2dafcb7ce1123998bbf3eb5b4dc6410c308f506451de9564f7f28eb684d8119fb6afe459ab87237df7956f4256892bbab058

Download Submit
C:\LDPlayer\LDPlayer9\crashreport.dll

Filesize
51KB

MD5
34fefa38fa335d649823e4dafc3d48dc

SHA1
ea0d475f6accfc1db65930254fd0b7f60e78354a

SHA256
01c7ed024ff64c9a390b45a7e3b5c0662014b44cafe388cf664e8aa47672df99

SHA512
13411b190c503cb7ec83fe4e7c7227a919f6c7ddd8d89cb5d0c338544e17bd04c628a162c4da289b6248ea0f6a94bd6333bdb03cbd2a1fba67b07ce71386061c

Download Submit
C:\LDPlayer\LDPlayer9\dnmultiplayer.exe

Filesize
1.2MB

MD5
35b4310b193b87d140283176c1d89bd9

SHA1
a1f5cb8c20fa257fe31246f3a9236c43b1f9c7fb

SHA256
7d3b7377901479bc3db8296c3566d14fcdc82c3261e1b00653eee37d0d94eb22

SHA512
5fa786d7ae10bdbb6c5977a1b2a6256e2a014cdcb5b79429b42b4f7f7ee176b5776180b3779fc4f62b4646a77253497d654bb62cbbfb544a433f455e76876f84

Download Submit
C:\LDPlayer\LDPlayer9\dnplayer.exe

Filesize
3.5MB

MD5
4defa75cb82c7ff460309ca692881797

SHA1
a4216308b86461f461cafd02eac15f996d20889d

SHA256
52d74f59a47815854effe4c10bc5e04ee7092df82a7ea87003d2ec1803634818

SHA512
808c2fc247323954b91d33fb27330ab7948fdc46468ab26c75a3cff3b6921dc348f9ebf23c382a795d049ae04a568c739142668bf58f7391ed54ed6ce83a59b8

Download Submit
C:\LDPlayer\LDPlayer9\dnrepairer.exe

Filesize
41.9MB

MD5
31749348b5726e3d21a35a748b2714f3

SHA1
72b5ab7fca36bedbf62068ee6ff1cce90b385e03

SHA256
f975a234a4ce7fd51d5f6c022c90ef326c42cc9c925bd769f8e29f75ca8d15b2

SHA512
5e2c2f3c9e8eb9500d40bce7e5de65b78186da1feef727bde7d4b0b0f5ef03ff91887a7cad5ded941f3062d3bb95b953f7bb212976e4d1fffb2b254dc0ca4022

Download Submit
C:\LDPlayer\LDPlayer9\dnresource.rcc

Filesize
5.0MB

MD5
f845753af4cc7b94f180fb76787e3bc2

SHA1
76ca7babbb655d749c9ed69e0b8875370320cc5a

SHA256
a19a6c0c644ce0e655eaf38a8dbddf05e55048ba52309366a5333e1b50bde990

SHA512
0a3062057622ffcff80c9c5f872abdf59a36131bfc60532c853ea858774d89fed27343f838dfe341dafe8444538fc6e2103d3aa19ef9d264e0f8e761c4bfce81

Download Submit
C:\LDPlayer\LDPlayer9\fonts\NotoSans-Regular.otf

Filesize
17.4MB

MD5
93b877811441a5ae311762a7cb6fb1e1

SHA1
339e033fd4fbb131c2d9b964354c68cd2cf18bd1

SHA256
b3899a2bb84ce5e0d61cc55c49df2d29ba90d301b71a84e8c648416ec96efc8b

SHA512
7f053cec61fbddae0184d858c3ef3e8bf298b4417d25b84ac1fc888c052eca252b24f7abfff7783442a1b80cc9fc2ce777dda323991cc4dc79039f4c17e21df4

Download Submit
C:\LDPlayer\LDPlayer9\fonts\Roboto-Regular.otf

Filesize
103KB

MD5
4acd5f0e312730f1d8b8805f3699c184

SHA1
67c957e102bf2b2a86c5708257bc32f91c006739

SHA256
72336333d602f1c3506e642e0d0393926c0ec91225bf2e4d216fcebd82bb6cb5

SHA512
9982c1c53cee1b44fd0c3df6806b8cbf6b441d3ed97aeb466dba568adce1144373ce7833d8f44ac3fa58d01d8cdb7e8621b4bb125c4d02092c355444651a4837

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\7za.exe

Filesize
652KB

MD5
ad9d7cbdb4b19fb65960d69126e3ff68

SHA1
dcdc0e609a4e9d5ff9d96918c30cb79c6602cb3d

SHA256
a6c324f2925b3b3dbd2ad989e8d09c33ecc150496321ae5a1722ab097708f326

SHA512
f0196bee7ad8005a36eea86e31429d2c78e96d57b53ff4a64b3e529a54670fa042322a3c3a21557c96b0b3134bf81f238a9e35124b2d0ce80c61ed548a9791e7

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\cximagecrt.dll

Filesize
1.5MB

MD5
66df6f7b7a98ff750aade522c22d239a

SHA1
f69464fe18ed03de597bb46482ae899f43c94617

SHA256
91e3035a01437b54adda33d424060c57320504e7e6a0c85db2654815ba29c71f

SHA512
48d4513e09edd7f270614258b2750d5e98f0dbce671ba41a524994e96ed3df657fce67545153ca32d2bf7efcb35371cae12c4264df9053e4eb5e6b28014ed20e

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcrypto-1_1.dll

Filesize
2.0MB

MD5
01c4246df55a5fff93d086bb56110d2b

SHA1
e2939375c4dd7b478913328b88eaa3c91913cfdc

SHA256
c9501469ad2a2745509ab2d0db8b846f2bfb4ec019b98589d311a4bd7ac89889

SHA512
39524d5b8fc7c9d0602bc6733776237522dcca5f51cc6ceebd5a5d2c4cbda904042cee2f611a9c9477cc7e08e8eadd8915bf41c7c78e097b5e50786143e98196

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libcurl.dll

Filesize
442KB

MD5
2d40f6c6a4f88c8c2685ee25b53ec00d

SHA1
faf96bac1e7665aa07029d8f94e1ac84014a863b

SHA256
1d7037da4222de3d7ca0af6a54b2942d58589c264333ef814cb131d703b5c334

SHA512
4e6d0dc0dc3fb7e57c6d7843074ee7c89c777e9005893e089939eb765d9b6fb12f0e774dc1814f6a34e75d1775e19e62782465731fd5605182e7984d798ba779

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssh2.dll

Filesize
192KB

MD5
52c43baddd43be63fbfb398722f3b01d

SHA1
be1b1064fdda4dde4b72ef523b8e02c050ccd820

SHA256
8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f

SHA512
04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\libssl-1_1.dll

Filesize
511KB

MD5
e8fd6da54f056363b284608c3f6a832e

SHA1
32e88b82fd398568517ab03b33e9765b59c4946d

SHA256
b681fd3c3b3f2d59f6a14be31e761d5929e104be06aa77c883ada9675ca6e9fd

SHA512
4f997deebf308de29a044e4ff2e8540235a41ea319268aa202e41a2be738b8d50f990ecc68f4a737a374f6d5f39ce8855edf0e2bb30ce274f75388e3ddd8c10b

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcp110.dll

Filesize
522KB

MD5
3e29914113ec4b968ba5eb1f6d194a0a

SHA1
557b67e372e85eb39989cb53cffd3ef1adabb9fe

SHA256
c8d5572ca8d7624871188f0acabc3ae60d4c5a4f6782d952b9038de3bc28b39a

SHA512
75078c9eaa5a7ae39408e5db1ce7dbce5a3180d1c644bcb5e481b0810b07cb7d001d68d1b4f462cd5355e98951716f041ef570fcc866d289a68ea19b3f500c43

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\msvcr110.dll

Filesize
854KB

MD5
4ba25d2cbe1587a841dcfb8c8c4a6ea6

SHA1
52693d4b5e0b55a929099b680348c3932f2c3c62

SHA256
b30160e759115e24425b9bcdf606ef6ebce4657487525ede7f1ac40b90ff7e49

SHA512
82e86ec67a5c6cddf2230872f66560f4b0c3e4c1bb672507bbb8446a8d6f62512cbd0475fe23b619db3a67bb870f4f742761cf1f87d50db7f14076f54006f6c6

Download Submit
C:\LDPlayer\LDPlayer9\ldmutiplayer\ssleay32.dll

Filesize
283KB

MD5
0054560df6c69d2067689433172088ef

SHA1
a30042b77ebd7c704be0e986349030bcdb82857d

SHA256
72553b45a5a7d2b4be026d59ceb3efb389c686636c6da926ffb0ca653494e750

SHA512
418190401b83de32a8ce752f399b00c091afad5e3b21357a53c134cce3b4199e660572ee71e18b5c2f364d3b2509b5365d7b569d6d9da5c79ae78c572c1d0ba0

Download Submit
C:\LDPlayer\LDPlayer9\system.vmdk

Filesize
1520.8MB

MD5
d96a1150cbb4a6260eee24a31d91555c

SHA1
a46fa24f26a80104cc0dee54c382b07ec7c2809a

SHA256
c9aa7ae55e620c1f2bf627b3ff2bec5d550bf8439657834410d285b3ab42770b

SHA512
3530d1792ccc65a3660b1190a2f2b13938472518352fe312538ac89c473ee0786b82dd8cebf7e23593ca2ab1585fbebbd46f409bad031a03ad2c22e55f215d80

Download Submit
C:\LDPlayer\LDPlayer9\system.vmdk

Filesize
1520.8MB

MD5
935d970c948ec3eb71de71207f2777c8

SHA1
f7e68e4427e8a52cbd9415fddd52b1f0646d8f08

SHA256
140ee27b147e7c1dc9e429474395a529e302ddfd21ab545024cc13fe78ab2d19

SHA512
addcf9c0fc5a5f46735127790e756d96ad45394fa0d03bfb2e925ef3edbd8eb9448e882d7c50b9e60929165f81a873b45a13a630e4b23062a0e5d0c9158a0d07

Download Submit
C:\LDPlayer\LDPlayer9\system.vmdk.lck\E60795.lck

Filesize
512B

MD5
b3ac4ae7b57332d2468a3d528328ee06

SHA1
dc2a656cfeffb52968533ebf60d4939df74200dc

SHA256
30d77e57de4220b53bd2faadac23f30ab4e7e82098f62c6697d7e9b4ccdf4b1f

SHA512
02b9e2bc8cd62a941bdeb1c3ed59d38be77190d5d8095a472ebb3370d7a3109c60ca2adcd62b6808879c08b4819744268f61656160812452ea5521c3f025fe7b

Download Submit
C:\LDPlayer\LDPlayer9\vms\config\leidian0.config

Filesize
641B

MD5
3c5825d8dd4634077bac552064f43f16

SHA1
a9cd49fe1dace67a95aefacf52759254a2f34861

SHA256
f1e3c1e05d40419ce7325f0939868d9e559314d3edb8782d075ee9d3afe68c98

SHA512
e5e88eed116463179ecba07ad708e6a35578c10042c9e79a47bc7705f90cbbcce42a245dd7b61144ef786cbce8c241179e4d2eeca2c0a76034a53144dbb128bd

Download Submit
C:\LDPlayer\LDPlayer9\vms\leidian0\sdcard.vmdk

Filesize
35.1MB

MD5
4d592fd525e977bf3d832cdb1482faa0

SHA1
131c31bcff32d11b6eda41c9f1e2e26cc5fbc0ef

SHA256
f90ace0994c8cae3a6a95e8c68ca460e68f1662a78a77a2b38eba13cc8e487b6

SHA512
afa31b31e1d137a559190528998085c52602d79a618d930e8c425001fdfbd2437f732beda3d53f2d0e1fc770187184c3fb407828ac39f00967bf4ae015c6ba77

Download Submit
C:\LDPlayer\ldmutiplayer\libeay32.dll

Filesize
1.2MB

MD5
ba46e6e1c5861617b4d97de00149b905

SHA1
4affc8aab49c7dc3ceeca81391c4f737d7672b32

SHA256
2eac0a690be435dd72b7a269ee761340099bf444edb4f447fa0030023cbf8e1e

SHA512
bf892b86477d63287f42385c0a944eee6354c7ae557b039516bf8932c7140ca8811b7ae7ac111805773495cf6854586e8a0e75e14dbb24eba56e4683029767b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
24KB

MD5
0c537f8805c0fcb9f08ba00be56fc2ff

SHA1
127a37d729ac1541dc349043e57b4e5ea8f6fc64

SHA256
628961cd7dde852b0c5f5ffe46f97756f0e346394afbc3d33a9f450cca3e99d1

SHA512
91505d91a5e1455ae1c4f99f02bd58c94d7cfa37e9cefb87e433279f16c6037ba66ccc1dcd919be84da768c52d57072098b29e3829065ef9714a815ab8e99c79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
a0a0c708b7e6992715dd3d1fb9c37ec4

SHA1
d0102f103372ccd85987c224bc210990f3d78737

SHA256
1cec527b83260865e72b91427f689d607f04b50f57bece4cb8723ea37397c0e2

SHA512
69b91bb4b9cfea4acb006120a019861d140bc1f18a58c6dc12fefe9026aa2dc89c01ae5ef62ee6dfded0c0802145ed2cb412396e4a63d476a17cdb543c0ae1dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
2dcbc77ae3b156c8552e8bcec794e384

SHA1
a1c9fbf89326991145872a33fbca6f91cf07ab19

SHA256
29c4590c1244929314de7b1a73d440c8a625a076faf3550c6c565af62308b5b7

SHA512
57b0d890923c3749ad269ef4a0038267d9463972358ccf67bf25b077a3973e7b4b943f07fcf5443afdef0fd954856167f441f33e503372a44ae5cd67b76da491

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
80KB

MD5
b41787a8747be5f52cfad7527472fc3e

SHA1
f887adb20da45ce722d605ad6e65cb25231c7154

SHA256
bbe902cacc384c33ac2596640468f42fcedb5e366efcfe7635afdc0828ef2f8e

SHA512
f21f7ac6d78358e83648d4aa3de9ce276ca6cb6e1594c054afcfba940f4aa2a42ce706c0506ddeaae37cb3b02d780692b73664161d59462baf839ac6cb51c918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
80KB

MD5
0800c11bda754217ace9cd4118aaba6b

SHA1
2fe2461694707d2bc5f1eac274f31db2b6f1a81a

SHA256
553c5b59b34cc03a42c2ab94394c7b24afba8d3af77e8eef9e4633ce8da99699

SHA512
d3c6852a7ea574dcb4fd299b13ad9ed13a601e960e5e156c2e9d24377d6c9ccb410a8c5d84f09bfbd5a2d4a88ab23b0b092fb7dfd4d760011ba1041ba7ac968a

Download Submit
C:\Users\Admin\AppData\Local\Temp\3c09cfb6-467e-4977-a27a-d653224c0aaf.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\AppxProvider.dll

Filesize
554KB

MD5
a7927846f2bd5e6ab6159fbe762990b1

SHA1
8e3b40c0783cc88765bbc02ccc781960e4592f3f

SHA256
913f97dd219eeb7d5f7534361037fe1ecc3a637eb48d67b1c8afa8b5f951ba2f

SHA512
1eafece2f6aa881193e6374b81d7a7c8555346756ed53b11ca1678f1f3ffb70ae3dea0a30c5a0aab8be45db9c31d78f30f026bb22a7519a0930483d50507243f

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\AssocProvider.dll

Filesize
112KB

MD5
94dc379aa020d365ea5a32c4fab7f6a3

SHA1
7270573fd7df3f3c996a772f85915e5982ad30a1

SHA256
dc6a5930c2b9a11204d2e22a3e8d14c28e5bdac548548e256ba7ffa79bd8c907

SHA512
998fd10a1f43024a2398491e3764748c0b990b37d8b3c820d281296f8da8f1a2f97073f4fd83543994a6e326fa7e299cb5f59e609358cd77af996175782eeaca

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\CbsProvider.dll

Filesize
875KB

MD5
6ad0376a375e747e66f29fb7877da7d0

SHA1
a0de5966453ff2c899f00f165bbff50214b5ea39

SHA256
4c9a4ab6596626482dd2190034fcb3fafebe88a961423962ad577e873ef5008f

SHA512
8a97b2cc96ec975188e53e428d0fc2c562f4c3493d3c354e316c7f89a0bd25c84246807c9977f0afdda3291b8c23d518a36fd967d8f9d4d2ce7b0af11b96eb18

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\DismCore.dll

Filesize
402KB

MD5
b1f793773dc727b4af1648d6d61f5602

SHA1
be7ed4e121c39989f2fb343558171ef8b5f7af68

SHA256
af7f342adf5b533ea6978b68064f39bfb1e4ad3b572ae1b7f2287f5533334d4e

SHA512
66a92bff5869a56a7931d7ed9881d79c22ba741c55fb42c11364f037e1ec99902db2679b67a7e60cbf760740d5b47dcf1a6dcfae5ad6711a0bd7f086cc054eed

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\DismCorePS.dll

Filesize
183KB

MD5
a033f16836d6f8acbe3b27b614b51453

SHA1
716297072897aea3ec985640793d2cdcbf996cf9

SHA256
e3b3a4c9c6403cb8b0aa12d34915b67e4eaa5bb911e102cf77033aa315d66a1e

SHA512
ad5b641d93ad35b3c7a3b56cdf576750d1ad4c63e2a16006739888f0702280cad57dd0a6553ef426111c04ceafd6d1e87f6e7486a171fff77f243311aee83871

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\DismHost.exe

Filesize
142KB

MD5
e5d5e9c1f65b8ec7aa5b7f1b1acdd731

SHA1
dbb14dcda6502ab1d23a7c77d405dafbcbeb439e

SHA256
e30508e2088bc16b2a84233ced64995f738deaef2366ac6c86b35c93bbcd9d80

SHA512
7cf80d4a16c5dbbf61fcb22ebe30cf78ca42a030b7d7b4ad017f28fba2c9b111e8cf5b3064621453a44869bbaed124d6fb1e8d2c8fe8202f1e47579d874fa4bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\DismProv.dll

Filesize
255KB

MD5
490be3119ea17fa29329e77b7e416e80

SHA1
c71191c3415c98b7d9c9bbcf1005ce6a813221da

SHA256
ef1e263e1bcc05d9538cb9469dd7dba5093956aa325479c3d2607168cc1c000a

SHA512
6339b030008b7d009d36abf0f9595da9b793264ebdce156d4a330d095a5d7602ba074075ea05fef3dde474fc1d8e778480429de308c121df0bf3075177f26f13

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\DmiProvider.dll

Filesize
415KB

MD5
ea8488990b95ce4ef6b4e210e0d963b2

SHA1
cd8bf723aa9690b8ca9a0215321e8148626a27d1

SHA256
04f851b9d5e58ed002ad768bdcc475f22905fb1dab8341e9b3128df6eaa25b98

SHA512
56562131cbe5f0ea5a2508f5bfed88f21413526f1539fe4864ece5b0e03a18513f3db33c07e7abd7b8aaffc34a7587952b96bb9990d9f4efa886f613d95a5b1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\FfuProvider.dll

Filesize
619KB

MD5
df785c5e4aacaee3bd16642d91492815

SHA1
286330d2ab07512e1f636b90613afcd6529ada1e

SHA256
56cc8d139be12e969fff3bbf47b1f5c62c3db887e3fb97c79cf7d285076f9271

SHA512
3566de60fe76b63940cff3579da94f404c0bc713f2476ba00b9de12dc47973c7c22d5eed1fd667d20cea29b3c3c4fa648e5f44667e8369c192a4b69046e6f745

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\FolderProvider.dll

Filesize
59KB

MD5
4f3250ecb7a170a5eb18295aa768702d

SHA1
70eb14976ddab023f85bc778621ade1d4b5f4d9d

SHA256
a235317ab7ed89e6530844a78b933d50f6f48ea5df481de158eb99dd8c4ba461

SHA512
e9ce6cced5029d931d82e78e7e609a892bfe239096b55062b78e8ff38cce34ce6dd4e91efb41c4cd6ecf6017d098e4c9b13d6cb4408d761051468ee7f74bc569

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\GenericProvider.dll

Filesize
149KB

MD5
ef7e2760c0a24453fc78359aea3d7869

SHA1
0ea67f1fd29df2615da43e023e86046e8e46e2e1

SHA256
d39f38402a9309ddd1cba67be470ede348f2bc1bab2f8d565e8f15510761087a

SHA512
be785ba6b564cc4e755b4044ae27f916c009b7d942fcd092aed2ae630b1704e8a2f8b4692648eed481a5eb5355fd2e1ef7f94f6fb519b7e1ff6fc3c5f1aaa06f

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\IBSProvider.dll

Filesize
59KB

MD5
120f0a2022f423fc9aadb630250f52c4

SHA1
826df2b752c4f1bba60a77e2b2cf908dd01d3cf7

SHA256
5425382aaa32ffc133adb6458ff516db0e2ad60fac52dd595d53c370f4ba6fa0

SHA512
23e50735c06cef93d11873fc8e5e29fc63dcf3f01dc56822a17c11ca57bbfb10d46fac6351f84ba30050a16d6bd0744a08a4042a9743a6df87ac8a12e81e2764

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\ImagingProvider.dll

Filesize
218KB

MD5
35e989a1df828378baa340f4e0b2dfcb

SHA1
59ecc73a0b3f55e43dace3b05ff339f24ec2c406

SHA256
874137ee906f91285b9a018735683a0dd21bdeaf2e340cbc54296551ccf8be2d

SHA512
c8d69e37c918881786a8fdab2a2c5d1632411b1f75082aeb3eb24a8ba5f93dcb39b3f4000e651f95452263525d98fd1d3cb834de93bed16fa6f92ef271c3a92a

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\IntlProvider.dll

Filesize
296KB

MD5
510e132215cef8d09be40402f355879b

SHA1
cae8659f2d3fd54eb321a8f690267ba93d56c6f1

SHA256
1bb39f3389aa4258a923fa265afa2279688e6cdb14ff771f1621a56b03ddcf52

SHA512
2f7b2ec0e94738838f755759cd35e20ab2138b8eca023ee6ef630ab83a3de1bc0792f12ea0d722abe9a6953626cbddf8ba55ea32fc794d2df677a0625e498ab0

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\LogProvider.dll

Filesize
77KB

MD5
815a4e7a7342224a239232f2c788d7c0

SHA1
430b7526d864cfbd727b75738197230d148de21a

SHA256
a9c8787c79a952779eca82e7389cf5bbde7556e4491b8bfcfd6617740ac7d8a2

SHA512
0c19d1e388ed0855a660135dec7a5e6b72ecbb7eb67ff94000f2399bd07df431be538055a61cfb2937319a0ce060898bb9b6996765117b5acda8fc0bad47a349

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\MsiProvider.dll

Filesize
207KB

MD5
9a760ddc9fdca758501faf7e6d9ec368

SHA1
5d395ad119ceb41b776690f9085f508eaaddb263

SHA256
7ff3939e1ef015da8c9577af4edfdd46f0029a2cfe4e3dac574d3175516e095f

SHA512
59d095246b62a7777e7d2d50c2474f4b633a1ae96056e4a4cb5265ccf7432fed0ea5df9b350f44d70b55a726241da10f228d8b5cbee9b0890c0b9dc9e810b139

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\OSProvider.dll

Filesize
149KB

MD5
db4c3a07a1d3a45af53a4cf44ed550ad

SHA1
5dea737faadf0422c94f8f50e9588033d53d13b3

SHA256
2165d567aa47264abe2a866bb1bcb01a1455a75a6ea530b1b9a4dda54d08f758

SHA512
5182b80459447f3c1fb63b70ad0370e1da26828a7f73083bec0af875b37888dd12ec5a6d9dc84157fc5b535f473ad7019eb6a53b9a47a2e64e6a8b7fae4cddde

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\OfflineSetupProvider.dll

Filesize
182KB

MD5
9cd7292cca75d278387d2bdfb940003c

SHA1
bab579889ed3ac9cb0f124842c3e495cb2ec92ac

SHA256
b38d322af8e614cc54299effd2164247c75bd7e68e0eb1a428376fcedaca9a6f

SHA512
ebf96839e47bef9e240836b1d02065c703547a2424e05074467fe70f83c1ebf3db6cb71bf0d38848ec25e2e81b4cbb506ced7973b85e2ab2d8e4273de720779d

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\ProvProvider.dll

Filesize
753KB

MD5
70c34975e700a9d7e120aaecf9d8f14b

SHA1
e24d47f025c0ec0f60ec187bfc664e9347dc2c9c

SHA256
a3e652c0bbe2082f2e0290da73485fb2c6e35c33ac60daa51a65f8c782dbd7a7

SHA512
7f6a24345f5724d710e0b6c23b3b251e96d656fac58ea67b2b84d7d9a38d7723eae2c278e6e218e7f69f79d1cce240d91a8b0fd0d99960cacc65d82eb614a260

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\SetupPlatformProvider.dll

Filesize
159KB

MD5
1ae66f4524911b2728201fff6776903c

SHA1
68bea62eb0f616af0729dbcbb80dc27de5816a83

SHA256
367e73f97318b6663018a83a11019147e67b62ab83988730ebbda93984664dd3

SHA512
7abf07d1338e08dc8b65b4f987eaff96d99aa46c892b5d2d79684ca7cf5f139d2634d9b990e5f6730f7f8a647e4fbb3d5905f9f2a5680250852671599f15ee69

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\SmiProvider.dll

Filesize
246KB

MD5
ad7bbb62335f6dc36214d8c9fe1aaca0

SHA1
f03cb2db64c361d47a1c21f6d714e090d695b776

SHA256
ac1e7407317859981d253fd9d977e246a4d0da24572c45efe0ade1745376bffb

SHA512
4ad7132f0ad5a7228ec116c28d23ee9acfdbf4adf535b0b9995f2e7eec8776e652a0a18539c02b6f4b3e0c8fa2f75d5181577dec16993fa55cb971d7e82faac5

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\SysprepProvider.dll

Filesize
778KB

MD5
8bd67d87dbdcf881fb9c1f4f6bf83f46

SHA1
10bd2e541b6a125c29f05958f496edf31ff9abb1

SHA256
f9b4d0afe87f434e8319556961b292ddc7d3a8c6fc06b8a08a50b5a96e28a204

SHA512
258a4075a3149669ccd6ff602f71a721b195c9d15dea22d994d4d3e35cdf27beb0b8b8f5da8f52914f769642f89edbb1d9d857087778be713a874571a2ec6f89

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\en-US\AppxProvider.dll.mui

Filesize
22KB

MD5
bd0dd9c5a602cb0ad7eabc16b3c1abfc

SHA1
cede6e6a55d972c22da4bc9e0389759690e6b37f

SHA256
8af0073f8a023f55866e48bf3b902dfa7f41c51b0e8b0fe06f8c496d41f9a7b3

SHA512
86351dc31118fc5a12fad6f549aa60c45ebe92b3ce5b90376e41f60d6d168a8a9f6c35320fc2cdcc750e67a5751651657fe64cf42690943500afd0d1dae2cd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\en-US\AssocProvider.dll.mui

Filesize
8KB

MD5
8833761572f0964bdc1bea6e1667f458

SHA1
166260a12c3399a9aa298932862569756b4ecc45

SHA256
b18c6ce1558c9ef6942a3bce246a46557c2a7d12aec6c4a07e4fa84dd5c422f5

SHA512
2a907354ec9a1920b9d1d2aeb9ff7c7314854b36a27f7d88aca17825e74a87413dbe7d1c3fde6a2410b5934f8c80a76f8bb6b7f12e7cfc643ce6622ca516d9b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\en-US\CbsProvider.dll.mui

Filesize
53KB

MD5
6c51a3187d2464c48cc8550b141e25c5

SHA1
a42e5ae0a3090b5ab4376058e506b111405d5508

SHA256
d7a0253d6586e7bbfb0acb6facd9a326b32ba1642b458f5b5ed27feccb4fc199

SHA512
87a9e997d55bc6dbd05af1291fb78cd02266641d018ccfeb6826cb0de205aaf8a57b49e587462dbb6df2b86b54f91c0c5d3f87e64d7dbb2aea75ef143c5447ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\en-US\DismCore.dll.mui

Filesize
7KB

MD5
7a15f6e845f0679de593c5896fe171f9

SHA1
0c923dfaffb56b56cba0c28a4eacb66b1b91a1f4

SHA256
f91e3c35b472f95d7b1ae3dc83f9d6bfde33515aa29e8b310f55d9fe66466419

SHA512
5a0373f1fb076a0059cac8f30fe415e06ed880795f84283911bec75de0977baf52432b740b429496999cedf5cca45efd6ef010700e2d9a1887438056c8c573ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\en-US\DmiProvider.dll.mui

Filesize
17KB

MD5
b7252234aa43b7295bb62336adc1b85c

SHA1
b2c42a5af79530e7cf9bcf54fd76ae9d5f234d7f

SHA256
73709c25dc5300a435e53df97fc01a7dc184b56796cae48ee728d54d26076d6c

SHA512
88241009b342eb1205b10f7725a7cb1ec2c7135606459d038c4b8847efd9d5e0ad4749621f8df93746dd3ba8ab92d1b0f513ed10e2ba712a7991716f4c062358

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\en-US\FfuProvider.dll.mui

Filesize
9KB

MD5
dc826a9cb121e2142b670d0b10022e22

SHA1
b2fe459ede8ba99602ae6ea5fa24f0133cca2bc9

SHA256
ba6695148f96a5d45224324006ae29becfd2a6aa1de947e27371a4eb84e7451a

SHA512
038e9abff445848c882a71836574df0394e73690bc72642c2aa949c1ad820c5cbb4dedc4ee7b5b75fd5ac8a43813d416f23d28973de7a7f0e5c3f7112da6fe1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\en-US\FolderProvider.dll.mui

Filesize
2KB

MD5
22b4a3a1ec3b6d7aa3bc61d0812dc85f

SHA1
97ae3504a29eb555632d124022d8406fc5b6f662

SHA256
c81a992ecebd9260ff34e41383aaca1c64a9fa4706a4744ac814f0f5daa1e105

SHA512
9329b60a60c45b2486000ed0aff8d260fdac3d0a8789823eaa015eab1a6d577012f9d12502f81bad9902e41545c3c3e77f434bc1a753b4f8430d01db2cdbe26c

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\en-US\GenericProvider.dll.mui

Filesize
5KB

MD5
d6b02daf9583f640269b4d8b8496a5dd

SHA1
e3bc2acd8e6a73b6530bc201902ab714e34b3182

SHA256
9102fa05ed98d902bf6e95b74fdbb745399d4ce4536a29607b2156a0edfeddf0

SHA512
189e87fcc2902e2a8e59773783d80a7d4dd5d2991bd291b0976cbd304f78bd225b353703735b84de41b5f59c37402db634c4acc805d73176cde75ca662efff50

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\en-US\IBSProvider.dll.mui

Filesize
2KB

MD5
d4b67a347900e29392613b5d86fe4ac2

SHA1
fb84756d11bfd638c4b49268b96d0007b26ba2fb

SHA256
4ccfe7883bce7785b1387ad3872230159899a5337d30a2f81a937b74bcbc4ce5

SHA512
af0a2a3f813e1adfff972285c9655f50ce6916caaeff5cb82f6c7d76491ffc9b365a47f19750fc02d7122182bf65aae79ed167886c33f202d5a781ab83d75662

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\en-US\ImagingProvider.dll.mui

Filesize
18KB

MD5
f2e2ba029f26341158420f3c4db9a68f

SHA1
1dee9d3dddb41460995ad8913ad701546be1e59d

SHA256
32d8c8fb9a746be209db5c3bdad14f361cf2bef8144c32e5af419c28efd35da3

SHA512
3d45d7bcf21d5df56b516fc18f7dc1bf80e44258b0c810b199a7bc06047a547060956c9d79575b82d9b6992fb5fe64f5b0ef1e408363887ae81a64b6ff9fa03e

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\en-US\IntlProvider.dll.mui

Filesize
27KB

MD5
2eb303db5753eb7a6bb3ab773eeabdcb

SHA1
44c6c38e6ae5f9ce9d7ca9d45a3cc3020b1353e4

SHA256
aa43b64db4fdcd89e56ba5309f3ba2ffac2663ba30514e87c160687f4314221f

SHA512
df1c8cefed4b5ef5a47f9bc0c42776611b3af709938a0900db79c6c9f4fae21acbbb6c4b1cad3c5a2051b622fe7e6e01486d34622742a981623fed933f1b1427

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\en-US\LogProvider.dll.mui

Filesize
6KB

MD5
8933c8d708e5acf5a458824b19fd97da

SHA1
de55756ddbeebc5ad9d3ce950acba5d2fb312331

SHA256
6e51af7cfda6be5419f89d6705c44587556a4abffd388020d7f19e007e122cd6

SHA512
ead5017d9d024a1d7c53634ae725438ea3a34eed8c9056ebbc4ebe5aab2055c0e67687ce7608724e4f66f55aa486a63024967b76a5638cde3dd88b3d3432ca1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\en-US\MsiProvider.dll.mui

Filesize
15KB

MD5
c5e60ee2d8534f57fddb81ffce297763

SHA1
78e6b0e03c8bf5802b3ef429b105d7ae3092a8f2

SHA256
1ec7b04a8c25812db99abec82c7b7bf915ae3f7594c5d071231cafab9c1fa145

SHA512
ce654295e8b16da7bd004453ae4a422fe8296a8c2343e56d819883b835c391a02537ecf4d155a281a9d38f2291ee0004506b7fd48a99c0f8881ff1e38ae8ebcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\en-US\OSProvider.dll.mui

Filesize
3KB

MD5
0633e0fccd477d9b22de4dd5a84abe53

SHA1
e04fb5c3acb35d128c1ea6ee6fb0e9b3fe90d5a9

SHA256
b6758aba17f6cd74923ca0976dd580222851ef6435cd16b3b2b04e85280ce706

SHA512
e95ed1d8069d6f200f0a2ea8dd7688404af9db9ce5e229afcb625a1f9eb46ac9e7a1c2c4c5ce156b190514415679e82e213732e8e890ed1a89af9026e4e73fe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\en-US\OfflineSetupProvider.dll.mui

Filesize
2KB

MD5
015271d46ab128a854a4e9d214ab8a43

SHA1
2569deff96fb5ad6db924cee2e08a998ddc80b2a

SHA256
692744ce4bba1e82ad1a91ab97eec2bac7146bc995e8e8ed59bc2c7d366af7ec

SHA512
6ba678da0475a6b1872c2e2c151b395a4d97390bed4671d3f918aab5e69cbc9ceafe72c3100ba060ac6586fd37682499fdeef7d7b1ab10f5ec2411c1438ed438

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\en-US\ProvProvider.dll.mui

Filesize
4KB

MD5
b8a8c6c4cd89eeda1e299c212dc9c198

SHA1
f88c8a563b20864e0fc6f3d63fadda507aa2e96e

SHA256
50ad19e21b6425d12aa57cd4656748877db1f147189ec44abb19ba90be8505ea

SHA512
4a6f0dac5b3b18e4942ce5f51b566ce3ba465baa43457384ee785d1c0e7c33f9b9396a143aac0398a34e4e2f7d704ba06d3cc68761fd3cb6f53f4043a906e475

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\en-US\SetupPlatformProvider.dll.mui

Filesize
5KB

MD5
73e78fbbf6e6679fa643441c66628d37

SHA1
57b70e6226c0cf3f8bc9a939f8b1ec411dedeff5

SHA256
5d4dfc9bde18be1ec0b3834a65de6abab581e04c8c4f66ee14a62fb4b1b4cd06

SHA512
a045a6cdf9ca989b3ed9a50cda208affa17372f65b1d86e1bf4c10b5d5e3fee58c5d4b8ec0749a54e2e2156ed0e9776b59a8d3b78f062349873cb574ab3f77fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\en-US\SmiProvider.dll.mui

Filesize
2KB

MD5
f32e38247d0b21476bbfb49989478f7e

SHA1
b950fd72ea2a6a94ee049454df562aed79ca1e35

SHA256
a1a302e940f6d6718700737b787af7a2053ef68b5ea2ec61497e7ae2444c5835

SHA512
f483807d790a4bc3e68d6d1f986bd4a57b4a67c91fb3dbef88220a4b510f11d1190cdd98a857eb1937e921e668dff2bcb5e4a7df640b1f3639ce6d2239ff8106

Download Submit
C:\Users\Admin\AppData\Local\Temp\71EF00F0-91CE-4B7B-B379-1E36E5AA9890\en-US\dismprov.dll.mui

Filesize
2KB

MD5
7d06108999cc83eb3a23eadcebb547a5

SHA1
200866d87a490d17f6f8b17b26225afeb6d39446

SHA256
cf8cc85cdd12cf4a02df5274f8d0cdc625c6409fe80866b3052b7d5a862ac311

SHA512
9f024aa89392fbbbabe62a58857e5ad5250e05f23d7f78fc9a09f535463446796dd6e37aab5e38dfc0bf5b15533844f63b3bddcb5cb9335901e099f65f9d8002

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fafzawqs.cap.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\XuanZhi9\cache\httpscdn_ldplayer_netrmsldplayerprocessimg03d9c83a54ba4b0d81df23f0a54239991711962918_webp.png

Filesize
126KB

MD5
c253061449d3f88386cf5fa678943c1b

SHA1
d28f6cf632ade929d0a2ebc1896789049b165579

SHA256
4a9628c068780eb453917f50bfea898f2584c58e8168ee8623649ca154734528

SHA512
b6b789cb47a08ba1a872d543153dc2beb0ba1c92107e16497a12cf2b8137a3039d7adf8341f90cf73dbf2b972b8dda8387c870e662271142606cc6e599b93674

Download Submit
C:\Users\Admin\AppData\Roaming\XuanZhi9\ldopengl32x.dll

Filesize
73KB

MD5
9b48a556688043fd98267db3b2a4117f

SHA1
60bd9fc7ae9e2b69121a702b72443aca98ab2f0e

SHA256
344f9abc57786282a47d3594a5e4dbdbde696b085edcfa7d55b573335efb7737

SHA512
5ffe2223a996b76031c8a8395197eb2d9ab9e187ea20cd4011da15b04f4605f1db42f534a41314190d0aa055714928329969bd29f6584ce92c9aa4b2ea2bfd9e

Download Submit
C:\Windows\Logs\DISM\dism.log

Filesize
236KB

MD5
47878b4fb80d7c3cdea2635484b3aec3

SHA1
d6f94a86d2ddc9253b0cc4cd35d12391e8ed4ce6

SHA256
a0d556f9a46686c08d645401289b884ef105fd99058d118be78dff60b709619e

SHA512
2de8d51e360ed13176d00c30f8065293e1c79c795fcb33b403df1f616d1b4c6b55036ae6628163113e8d8a3b7ef5a299332a786318ca7b4479dccb8ee3c87299

Download Submit
C:\Windows\Logs\DISM\dism.log

Filesize
277KB

MD5
5db2edc9051fc075a2caa69b17ebe2ac

SHA1
92798b971058a787a9f3ddbab5d5297eb0b56381

SHA256
73cdc087d7b0c2eafd7d295c1ecdb8649fff99ee930be022d438eb227bb8a9c9

SHA512
e639b8972c0d04939546123c2529879fe05ac3677015971f34899495cdbace28a693591b193e983ca50c82aa9d7e5d2bcb235a9d4e06de1e1487f216803babeb

Download Submit
memory/1744-1151-0x00000000766E0000-0x00000000767D0000-memory.dmp

Filesize
960KB

Download
memory/1744-1077-0x00000000766E0000-0x00000000767D0000-memory.dmp

Filesize
960KB

Download
memory/1744-1075-0x00000000366E0000-0x00000000366F0000-memory.dmp

Filesize
64KB

Download
memory/1744-1058-0x0000000072590000-0x00000000725B4000-memory.dmp

Filesize
144KB

Download
memory/1744-1057-0x0000000071BE0000-0x0000000071E31000-memory.dmp

Filesize
2.3MB

Download
memory/1800-956-0x0000000071BF0000-0x00000000723A0000-memory.dmp

Filesize
7.7MB

Download
memory/1800-957-0x0000000004B80000-0x0000000004B90000-memory.dmp

Filesize
64KB

Download
memory/1800-967-0x000000007F820000-0x000000007F830000-memory.dmp

Filesize
64KB

Download
memory/1800-968-0x000000006E4F0000-0x000000006E53C000-memory.dmp

Filesize
304KB

Download
memory/1800-979-0x0000000071BF0000-0x00000000723A0000-memory.dmp

Filesize
7.7MB

Download
memory/4080-904-0x0000000005C80000-0x0000000005C9E000-memory.dmp

Filesize
120KB

Download
memory/4080-930-0x0000000071BF0000-0x00000000723A0000-memory.dmp

Filesize
7.7MB

Download
memory/4080-905-0x0000000005CB0000-0x0000000005CFC000-memory.dmp

Filesize
304KB

Download
memory/4080-919-0x0000000006220000-0x000000000623E000-memory.dmp

Filesize
120KB

Download
memory/4080-903-0x00000000058E0000-0x0000000005C34000-memory.dmp

Filesize
3.3MB

Download
memory/4080-898-0x0000000005640000-0x00000000056A6000-memory.dmp

Filesize
408KB

Download
memory/4080-892-0x00000000055D0000-0x0000000005636000-memory.dmp

Filesize
408KB

Download
memory/4080-907-0x000000007FBC0000-0x000000007FBD0000-memory.dmp

Filesize
64KB

Download
memory/4080-891-0x0000000004DA0000-0x0000000004DC2000-memory.dmp

Filesize
136KB

Download
memory/4080-890-0x0000000004F00000-0x0000000005528000-memory.dmp

Filesize
6.2MB

Download
memory/4080-889-0x00000000048C0000-0x00000000048D0000-memory.dmp

Filesize
64KB

Download
memory/4080-888-0x00000000048C0000-0x00000000048D0000-memory.dmp

Filesize
64KB

Download
memory/4080-909-0x000000006E4F0000-0x000000006E53C000-memory.dmp

Filesize
304KB

Download
memory/4080-908-0x0000000006270000-0x00000000062A2000-memory.dmp

Filesize
200KB

Download
memory/4080-920-0x0000000006C70000-0x0000000006D13000-memory.dmp

Filesize
652KB

Download
memory/4080-921-0x00000000075D0000-0x0000000007C4A000-memory.dmp

Filesize
6.5MB

Download
memory/4080-922-0x0000000006F80000-0x0000000006F9A000-memory.dmp

Filesize
104KB

Download
memory/4080-887-0x0000000071BF0000-0x00000000723A0000-memory.dmp

Filesize
7.7MB

Download
memory/4080-886-0x0000000000EC0000-0x0000000000EF6000-memory.dmp

Filesize
216KB

Download
memory/4080-923-0x0000000007000000-0x000000000700A000-memory.dmp

Filesize
40KB

Download
memory/4080-924-0x0000000007200000-0x0000000007296000-memory.dmp

Filesize
600KB

Download
memory/4080-925-0x0000000007180000-0x0000000007191000-memory.dmp

Filesize
68KB

Download
memory/4080-906-0x00000000048C0000-0x00000000048D0000-memory.dmp

Filesize
64KB

Download
memory/4080-927-0x00000000072A0000-0x00000000072BA000-memory.dmp

Filesize
104KB

Download
memory/4080-926-0x00000000071C0000-0x00000000071CE000-memory.dmp

Filesize
56KB

Download
memory/4352-931-0x0000000071BF0000-0x00000000723A0000-memory.dmp

Filesize
7.7MB

Download
memory/4352-932-0x0000000002EB0000-0x0000000002EC0000-memory.dmp

Filesize
64KB

Download
memory/4352-933-0x0000000006260000-0x00000000065B4000-memory.dmp

Filesize
3.3MB

Download
memory/4352-943-0x0000000002EB0000-0x0000000002EC0000-memory.dmp

Filesize
64KB

Download
memory/4352-944-0x000000006E4F0000-0x000000006E53C000-memory.dmp

Filesize
304KB

Download
memory/4352-955-0x0000000071BF0000-0x00000000723A0000-memory.dmp

Filesize
7.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request