ed76f67f840bc1f242c8e1b2dcb9b9921a322a53454865014b485ba04d8c9bf7

Analysis

max time kernel
1789s
max time network
1806s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 11:25 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

artist-the-weeknd-474869 (1).html
Size

153KB
MD5

245dafdb1f248a2dd86f115e08c63f9b
SHA1

2853fc97da8ea15bda96bb3de94f797b60c45f1a
SHA256

ed76f67f840bc1f242c8e1b2dcb9b9921a322a53454865014b485ba04d8c9bf7
SHA512

96486543b82d444845bb3c44dcd67637659b452d1e5649761df62bce45e7c4312de05c304926e8125222f5423966e86855f93699d02bcffa8113b4cc6973c588
SSDEEP

1536:oAljg3KCm4lDJgG6/cfrMDjElFsN7pDGu9TRhj5HYcF:okhcMjeFqxLP

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
6092	chrome.exe
6092	chrome.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\artist-the-weeknd-474869 (1).html
1⤵
PID:3616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4004 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1
1⤵
PID:1136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4864 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1
1⤵
PID:4296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2144 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
1⤵
PID:3136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5548 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1
1⤵
PID:2376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca2e29758,0x7ffca2e29768,0x7ffca2e29778
1⤵
PID:4772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1888,i,15836565980031830724,11409359521447587562,131072 /prefetch:2
1⤵
PID:3324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1888,i,15836565980031830724,11409359521447587562,131072 /prefetch:8
1⤵
PID:4612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1888,i,15836565980031830724,11409359521447587562,131072 /prefetch:8
1⤵
PID:4416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=1888,i,15836565980031830724,11409359521447587562,131072 /prefetch:1
1⤵
PID:4900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1888,i,15836565980031830724,11409359521447587562,131072 /prefetch:1
1⤵
PID:4284

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=4700 --field-trial-handle=1888,i,15836565980031830724,11409359521447587562,131072 /prefetch:1
1⤵
PID:3032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1756 --field-trial-handle=1888,i,15836565980031830724,11409359521447587562,131072 /prefetch:8
1⤵
PID:3828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4920 --field-trial-handle=1888,i,15836565980031830724,11409359521447587562,131072 /prefetch:8
1⤵
PID:1416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1888,i,15836565980031830724,11409359521447587562,131072 /prefetch:8
1⤵
PID:3904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 --field-trial-handle=1888,i,15836565980031830724,11409359521447587562,131072 /prefetch:8
1⤵
PID:5240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5556 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
1⤵
PID:5536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=5116 --field-trial-handle=1888,i,15836565980031830724,11409359521447587562,131072 /prefetch:1
1⤵
PID:5548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=3672 --field-trial-handle=1888,i,15836565980031830724,11409359521447587562,131072 /prefetch:1
1⤵
PID:5636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=5780 --field-trial-handle=1888,i,15836565980031830724,11409359521447587562,131072 /prefetch:1
1⤵
PID:5832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=1376 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
1⤵
PID:5980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=3228 --field-trial-handle=1888,i,15836565980031830724,11409359521447587562,131072 /prefetch:1
1⤵
PID:6044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=3184 --field-trial-handle=1888,i,15836565980031830724,11409359521447587562,131072 /prefetch:1
1⤵
PID:6052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=6264 --field-trial-handle=1888,i,15836565980031830724,11409359521447587562,131072 /prefetch:1
1⤵
PID:5408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=6164 --field-trial-handle=1888,i,15836565980031830724,11409359521447587562,131072 /prefetch:1
1⤵
PID:5904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=6412 --field-trial-handle=1888,i,15836565980031830724,11409359521447587562,131072 /prefetch:1
1⤵
PID:4880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3196 --field-trial-handle=1888,i,15836565980031830724,11409359521447587562,131072 /prefetch:1
1⤵
PID:1608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 --field-trial-handle=1888,i,15836565980031830724,11409359521447587562,131072 /prefetch:2
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:6092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6012 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
1⤵
PID:5432

Network

DNS

4.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.159.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

203.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

203.197.79.204.in-addr.arpa

IN PTR

Response

203.197.79.204.in-addr.arpa

IN PTR

a-0003a-msedgenet
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN A

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net

business-bing-com.b-0005.b-msedge.net

IN CNAME

b-0005.b-msedge.net

b-0005.b-msedge.net

IN A

13.107.6.158
DNS

business.bing.com

Remote address:

8.8.8.8:53

Request

business.bing.com

IN Unknown

Response

business.bing.com

IN CNAME

business-bing-com.b-0005.b-msedge.net
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN A

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-us-1.uksouth.cloudapp.azure.com

prod-agic-us-1.uksouth.cloudapp.azure.com

IN A

13.87.96.169
DNS

nav-edge.smartscreen.microsoft.com

Remote address:

8.8.8.8:53

Request

nav-edge.smartscreen.microsoft.com

IN Unknown

Response

nav-edge.smartscreen.microsoft.com

IN CNAME

tm-prod-wd-csp-edge.trafficmanager.net

tm-prod-wd-csp-edge.trafficmanager.net

IN CNAME

prod-agic-us-3.uksouth.cloudapp.azure.com
DNS

150.1.37.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

150.1.37.23.in-addr.arpa

IN PTR

Response

150.1.37.23.in-addr.arpa

IN PTR

a23-37-1-150deploystaticakamaitechnologiescom
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

72.246.173.187
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

72.246.173.187
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN Unknown

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN A

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net

a416.dscd.akamai.net

IN A

104.97.14.73

a416.dscd.akamai.net

IN A

104.97.14.88
DNS

bzib.nelreports.net

Remote address:

8.8.8.8:53

Request

bzib.nelreports.net

IN Unknown

Response

bzib.nelreports.net

IN CNAME

bzib.nelreports.net.akamaized.net

bzib.nelreports.net.akamaized.net

IN CNAME

a416.dscd.akamai.net
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

72.246.173.187
DNS

187.173.246.72.in-addr.arpa

Remote address:

8.8.8.8:53

Request

187.173.246.72.in-addr.arpa

IN PTR

Response

187.173.246.72.in-addr.arpa

IN PTR

a72-246-173-187deploystaticakamaitechnologiescom
DNS

0.204.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.204.248.87.in-addr.arpa

IN PTR

Response

0.204.248.87.in-addr.arpa

IN PTR

https-87-248-204-0lhrllnwnet
DNS

73.14.97.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.14.97.104.in-addr.arpa

IN PTR

Response

73.14.97.104.in-addr.arpa

IN PTR

a104-97-14-73deploystaticakamaitechnologiescom
DNS

staticmedia.livenationinternational.com

Remote address:

8.8.8.8:53

Request

staticmedia.livenationinternational.com

IN A

Response

staticmedia.livenationinternational.com

IN CNAME

ticketmaster4.map.fastly.net

ticketmaster4.map.fastly.net

IN A

151.101.2.87

ticketmaster4.map.fastly.net

IN A

151.101.66.87

ticketmaster4.map.fastly.net

IN A

151.101.130.87

ticketmaster4.map.fastly.net

IN A

151.101.194.87
DNS

staticmedia.livenationinternational.com

Remote address:

8.8.8.8:53

Request

staticmedia.livenationinternational.com

IN Unknown

Response

staticmedia.livenationinternational.com

IN CNAME

ticketmaster4.map.fastly.net
DNS

130.160.0.193.in-addr.arpa

Remote address:

8.8.8.8:53

Request

130.160.0.193.in-addr.arpa

IN PTR

Response
DNS

dynamicmedia.livenationinternational.com

Remote address:

8.8.8.8:53

Request

dynamicmedia.livenationinternational.com

IN A

Response

dynamicmedia.livenationinternational.com

IN CNAME

ticketmaster4.map.fastly.net

ticketmaster4.map.fastly.net

IN A

151.101.2.87

ticketmaster4.map.fastly.net

IN A

151.101.66.87

ticketmaster4.map.fastly.net

IN A

151.101.130.87

ticketmaster4.map.fastly.net

IN A

151.101.194.87
DNS

dynamicmedia.livenationinternational.com

Remote address:

8.8.8.8:53

Request

dynamicmedia.livenationinternational.com

IN Unknown

Response

dynamicmedia.livenationinternational.com

IN CNAME

ticketmaster4.map.fastly.net
DNS

l.betrad.com

Remote address:

8.8.8.8:53

Request

l.betrad.com

IN A

Response

l.betrad.com

IN CNAME

privacycollector-production-457481513.us-east-1.elb.amazonaws.com

privacycollector-production-457481513.us-east-1.elb.amazonaws.com

IN A

54.198.157.193

privacycollector-production-457481513.us-east-1.elb.amazonaws.com

IN A

3.231.35.194

privacycollector-production-457481513.us-east-1.elb.amazonaws.com

IN A

107.22.91.90
DNS

l.betrad.com

Remote address:

8.8.8.8:53

Request

l.betrad.com

IN Unknown

Response

l.betrad.com

IN CNAME

privacycollector-production-457481513.us-east-1.elb.amazonaws.com
DNS

8.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.169.217.172.in-addr.arpa

IN PTR

Response

8.169.217.172.in-addr.arpa

IN PTR

lhr25s26-in-f81e100net
DNS

193.157.198.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

193.157.198.54.in-addr.arpa

IN PTR

Response

193.157.198.54.in-addr.arpa

IN PTR

ec2-54-198-157-193 compute-1 amazonawscom
DNS

87.2.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

87.2.101.151.in-addr.arpa

IN PTR

Response
DNS

99.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.201.58.216.in-addr.arpa

IN PTR

Response

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f991e100net

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f3�H

99.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f3�H
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

www.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.178.4
GET

https://www.google.com/async/ddljson?async=ntp:2

chrome.exe

Remote address:

142.250.178.4:443

Request

GET /async/ddljson?async=ntp:2 HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

241.150.49.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.150.49.20.in-addr.arpa

IN PTR

Response
DNS

apis.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

216.58.201.110
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.t9Zh0qeJgQI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo8xcqML2Fy6h-M-Lik1g9vgy2nGUw/cb=gapi.loaded_0

chrome.exe

Remote address:

216.58.201.110:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.t9Zh0qeJgQI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo8xcqML2Fy6h-M-Lik1g9vgy2nGUw/cb=gapi.loaded_0 HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

3.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.180.250.142.in-addr.arpa

IN PTR

Response

3.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f31e100net
DNS

110.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

110.201.58.216.in-addr.arpa

IN PTR

Response

110.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f141e100net

110.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f110�I

110.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f14�I
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

17.14.97.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.14.97.104.in-addr.arpa

IN PTR

Response

17.14.97.104.in-addr.arpa

IN PTR

a104-97-14-17deploystaticakamaitechnologiescom
DNS

nw-umwatson.events.data.microsoft.com

Remote address:

8.8.8.8:53

Request

nw-umwatson.events.data.microsoft.com

IN A

Response

nw-umwatson.events.data.microsoft.com

IN CNAME

blobcollector.events.data.trafficmanager.net

blobcollector.events.data.trafficmanager.net

IN CNAME

onedsblobprdcus15.centralus.cloudapp.azure.com

onedsblobprdcus15.centralus.cloudapp.azure.com

IN A

52.182.143.212
POST

https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

Remote address:

52.182.143.212:443

Request

POST /Telemetry.Request HTTP/1.1
Connection: Keep-Alive
Content-Type: application/xml
User-Agent: Crashpad/0.8.0 WinHTTP/10.0.19041.1151 Windows_NT/10.0.19041.1202 (x64)
MSA_DeviceTicket: t=EwC4AlN5BAAUu1V9OkIAK55tj6h8OjaXgvkszYkAARqhXjqc9qsKTrr+st8Y5QOalRFOZBnPJyilemgPfT21ZGlmIEPSM10ykSmmlJbMxt15M/mX7P4oYpS3Fu9ceCN9LScSb9pCfbIjPV+Tp3pveX9NCS6m9jLBixUn6d2aleTkhiFmR9ne7p9F/sZPJi2HSPmlkpN9H/rpX7vRWJ5TS2WMbRHq+O5RIbpTM/cWAbxbCYVUOYi7h5BwFSI3eOfQ+q6TjTSbGaVGVgb2Ex2zj3Sj3yFUZuWhFJWDESrCg4u4+ZIMIv9/05eZYF3tFebaI5uRIHA3mgY44ueG9k0TtO4XQfIHurK4mQ5Y8BB1cYDuv3zqFd7IcUa/y/rIcmUDZgAACAiwyxuUyb31iAHP0vSlPRUbKxprvbcy4Al/bD4bWQBt7m7tp3ouhPP1hPnZykzREigAyjGUK3kQA4xkDmiqAXZ1TEcN+duzO+SfroNoGqKaoIoWVJgIwj3DCtChLwvvHizadZC7ir5x1nVrRPTFuPh6l0uQ1jRqshtzNGutM/60F0bmqr2WVQTvDNtabCKzElXcUonv7Y7BrCUNNPguWSauFF2HaMyD2CImjTfuHKDDIR9wfgNZ1vzrm4PusKl/hPuIMkuQYAUwG6S2WJZ0Je9H1s90ZtVu4rAl4CNQmfG4PABT946SY9f8Yc9fXv+AXqqcvyjw7pfaZjAPf1zPTfyJqsKe3l10rLKKWG4sLW+i4nVTvSKuoVhy0t5RQUuBEMyHxKJiuzQXvJ1Kr9lh4ztAxiQZ3FSbV3QB4iGsCCeNWLlnQDawKuZMVsp2IXEgOLueqcTYK1C6cc+MhOUa4I5/ccXqxupAsPbCZ6e2/vxC5HiEuR7PfxIW2oyPKzXmo5IqgSDvVp4we5cv4wEAejz/2LgB&p=
Content-Length: 3685
Host: nw-umwatson.events.data.microsoft.com

Response

HTTP/1.1 200 200 OK

Content-Length: 634
Content-Type: text/xml
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000
Date: Wed, 10 Apr 2024 11:27:04 GMT
DNS

212.143.182.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

212.143.182.52.in-addr.arpa

IN PTR

Response
DNS

chromewebstore.googleapis.com

Remote address:

8.8.8.8:53

Request

chromewebstore.googleapis.com

IN A

Response

chromewebstore.googleapis.com

IN A

216.58.212.202

chromewebstore.googleapis.com

IN A

172.217.169.74

chromewebstore.googleapis.com

IN A

172.217.169.42

chromewebstore.googleapis.com

IN A

142.250.179.234

chromewebstore.googleapis.com

IN A

142.250.180.10

chromewebstore.googleapis.com

IN A

142.250.187.202

chromewebstore.googleapis.com

IN A

142.250.187.234

chromewebstore.googleapis.com

IN A

142.250.178.10

chromewebstore.googleapis.com

IN A

172.217.16.234

chromewebstore.googleapis.com

IN A

142.250.200.10

chromewebstore.googleapis.com

IN A

142.250.200.42

chromewebstore.googleapis.com

IN A

216.58.201.106

chromewebstore.googleapis.com

IN A

216.58.204.74

chromewebstore.googleapis.com

IN A

216.58.213.10
DNS

chromewebstore.googleapis.com

Remote address:

8.8.8.8:53

Request

chromewebstore.googleapis.com

IN Unknown

Response
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN A

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net

e13678.dscg.akamaiedge.net

IN A

23.37.1.217
DNS

c.s-microsoft.com

Remote address:

8.8.8.8:53

Request

c.s-microsoft.com

IN Unknown

Response

c.s-microsoft.com

IN CNAME

c-s.cms.ms.akadns.net

c-s.cms.ms.akadns.net

IN CNAME

c.s-microsoft.com-c.edgekey.net

c.s-microsoft.com-c.edgekey.net

IN CNAME

e13678.dscg.akamaiedge.net
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN A

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net

part-0036.t-0009.t-msedge.net

IN A

13.107.246.64

part-0036.t-0009.t-msedge.net

IN A

13.107.213.64
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN Unknown

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

202.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.212.58.216.in-addr.arpa

IN PTR

Response

202.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f101e100net

202.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f10�I

202.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f202�I
DNS

3.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.169.217.172.in-addr.arpa

IN PTR

Response

3.169.217.172.in-addr.arpa

IN PTR

lhr25s26-in-f31e100net
DNS

orteil.dashnet.org

chrome.exe

Remote address:

8.8.8.8:53

Request

orteil.dashnet.org

IN A

Response

orteil.dashnet.org

IN A

104.22.60.206

orteil.dashnet.org

IN A

104.22.61.206

orteil.dashnet.org

IN A

172.67.36.94
GET

https://orteil.dashnet.org/cookieclicker/

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/ HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:14 GMT
content-type: text/html
last-modified: Tue, 02 Jan 2024 00:51:32 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 872262f3e8cf0a48-AMS
content-encoding: br
GET

https://orteil.dashnet.org/cookieclicker/base64.js

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/base64.js HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://orteil.dashnet.org/cookieclicker/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:14 GMT
content-type: text/javascript
last-modified: Mon, 02 Sep 2013 16:54:18 GMT
etag: W/"bba-4e5696c4aa280-gzip"
vary: Accept-Encoding
cache-control: max-age=432000
cf-cache-status: HIT
age: 130
server: cloudflare
cf-ray: 872262f59b270a48-AMS
content-encoding: br
GET

https://orteil.dashnet.org/cookieclicker/style.css?v=9

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/style.css?v=9 HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://orteil.dashnet.org/cookieclicker/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:14 GMT
content-type: text/css
last-modified: Sun, 30 Apr 2023 22:43:53 GMT
etag: W/"fd7f-5fa9570cb5c40-gzip"
vary: Accept-Encoding
cache-control: max-age=432000
cf-cache-status: HIT
age: 5000
server: cloudflare
cf-ray: 872262f59b2f0a48-AMS
content-encoding: br
GET

https://orteil.dashnet.org/cookieclicker/main.js?v=10b

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/main.js?v=10b HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://orteil.dashnet.org/cookieclicker/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:14 GMT
content-type: text/javascript
last-modified: Sun, 03 Mar 2019 19:23:17 GMT
etag: W/"fd-583359271f340-gzip"
vary: Accept-Encoding
cache-control: max-age=432000
cf-cache-status: HIT
age: 5000
server: cloudflare
cf-ray: 872262f59b390a48-AMS
content-encoding: br
GET

https://orteil.dashnet.org/cookieclicker/showads.js

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/showads.js HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://orteil.dashnet.org/cookieclicker/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:14 GMT
content-type: text/javascript
last-modified: Tue, 02 Jan 2024 00:50:43 GMT
etag: W/"e5ec8-60debe358fec0-gzip"
vary: Accept-Encoding
cache-control: max-age=432000
cf-cache-status: HIT
age: 141
server: cloudflare
cf-ray: 872262f59b360a48-AMS
content-encoding: br
GET

https://orteil.dashnet.org/cookieclicker/img/darkNoise.jpg

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/darkNoise.jpg HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/style.css?v=9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:15 GMT
content-type: image/jpeg
content-length: 50322
cf-bgj: imgq:100,h2pri
cf-polished: origSize=54212
etag: "d3c4-500886411e580"
last-modified: Wed, 13 Aug 2014 20:11:18 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 142
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872262fb09ae0a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/darkNoiseTopBar.jpg

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/darkNoiseTopBar.jpg HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/style.css?v=9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:15 GMT
content-type: image/jpeg
content-length: 7407
cf-bgj: imgq:100,h2pri
cf-polished: origSize=8525
etag: "214d-5008be4b3dc40"
last-modified: Thu, 14 Aug 2014 00:22:01 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 5000
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872262fb19b40a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/discord.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/discord.png HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:15 GMT
content-type: image/png
content-length: 1476
cf-bgj: imgq:100,h2pri
cf-polished: origSize=2357
etag: "935-565ab4f315780"
last-modified: Tue, 20 Feb 2018 21:15:26 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 131
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872262fb29c70a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/weeHoodie.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/weeHoodie.png HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:15 GMT
content-type: image/png
content-length: 1710
cf-bgj: imgq:100,h2pri
cf-polished: origSize=2651
etag: "a5b-522d4feb15940"
last-modified: Sat, 24 Oct 2015 07:51:25 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 3261
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872262fb29c80a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/patreon.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/patreon.png HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:15 GMT
content-type: image/png
content-length: 1335
cf-bgj: imgq:100,h2pri
cf-polished: origSize=2413
etag: "96d-577db4a8003c0"
last-modified: Wed, 10 Oct 2018 08:03:35 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 4999
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872262fb39cc0a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/tinyglobeSheet.gif

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/tinyglobeSheet.gif HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:15 GMT
content-type: image/png
content-length: 10070
cf-bgj: imgq:100,h2pri
cf-polished: origSize=12180
etag: "2f94-5237f34128140"
last-modified: Sun, 01 Nov 2015 18:55:25 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 4036
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872262fb39d80a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/shadedBorders.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/shadedBorders.png HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/style.css?v=9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:15 GMT
content-type: image/png
content-length: 3689
cf-bgj: imgq:100,h2pri
cf-polished: origSize=5400
etag: "1518-522cef2764d80"
last-modified: Sat, 24 Oct 2015 00:38:30 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 131
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872262fb39db0a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/spinnyBig.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/spinnyBig.png HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/style.css?v=9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:15 GMT
content-type: image/png
content-length: 1316
cf-bgj: imgq:100,h2pri
cf-polished: origSize=2812
etag: "afc-522cef31e2640"
last-modified: Sat, 24 Oct 2015 00:38:41 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 4036
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872262fb49e00a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/spinnySmall.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/spinnySmall.png HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/style.css?v=9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:15 GMT
content-type: image/gif
content-length: 10644
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
etag: "2994-5e294e4aaf6c0"
last-modified: Wed, 29 Jun 2022 12:00:03 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 4998
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872262fb39d00a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/blackGradient.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/blackGradient.png HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/style.css?v=9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:16 GMT
content-type: image/png
content-length: 157
cf-bgj: imgq:100,h2pri
cf-polished: origSize=561
etag: "231-4eea01d9f4d80"
last-modified: Sat, 28 Dec 2013 22:56:06 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 132
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872262fe7d3f0a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/shadedBordersSoft.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/shadedBordersSoft.png HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/style.css?v=9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:16 GMT
content-type: image/png
content-length: 143
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1002
etag: "3ea-51e42a2a5c140"
last-modified: Thu, 27 Aug 2015 03:33:49 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 132
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872262fe8d4d0a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/frameBorder.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/frameBorder.png HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/style.css?v=9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:16 GMT
content-type: image/png
content-length: 161
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1012
etag: "3f4-521922d452000"
last-modified: Thu, 08 Oct 2015 06:43:12 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 132
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872262fe8d510a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/empty.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/empty.png HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/style.css?v=9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:16 GMT
content-type: image/png
content-length: 95
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
etag: "5f-4eea026531600"
last-modified: Sat, 28 Dec 2013 22:58:32 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 132
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872262fe8d4f0a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/panelGradientTop.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/panelGradientTop.png HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/style.css?v=9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:16 GMT
content-type: image/png
content-length: 1968
cf-bgj: imgq:100,h2pri
cf-polished: origSize=3483
etag: "d9b-5243d6acd55c0"
last-modified: Wed, 11 Nov 2015 05:51:27 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 132
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872262fe7d450a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/panelGradientBottom.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/panelGradientBottom.png HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/style.css?v=9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:16 GMT
content-type: image/png
content-length: 153
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1004
etag: "3ec-521922e94d180"
last-modified: Thu, 08 Oct 2015 06:43:34 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 3271
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872262fe9d5d0a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/panelVertical.png?v=2

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/panelVertical.png?v=2 HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/style.css?v=9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:16 GMT
content-type: image/png
content-length: 5981
cf-bgj: imgq:100,h2pri
cf-polished: origSize=7206
etag: "1c26-51e57528529c0"
last-modified: Fri, 28 Aug 2015 04:14:39 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 4037
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872262fe9d600a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/panelMenu3.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/panelMenu3.png HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/style.css?v=9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:16 GMT
content-type: image/png
content-length: 21629
cf-bgj: imgq:100,h2pri
cf-polished: origSize=50357
etag: "c4b5-51e5ec460f180"
last-modified: Fri, 28 Aug 2015 13:07:34 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 4037
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872262fe9d610a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/prestigeBar.jpg

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/prestigeBar.jpg HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/style.css?v=9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:16 GMT
content-type: image/jpeg
content-length: 1326
cf-bgj: imgq:100,h2pri
cf-polished: origSize=2452
etag: "994-527574113adc0"
last-modified: Sun, 20 Dec 2015 16:56:31 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 4997
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872262fead750a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/prestigeBarCap.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/prestigeBarCap.png HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/style.css?v=9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:16 GMT
content-type: image/png
content-length: 164
cf-bgj: imgq:100,h2pri
cf-polished: origSize=974
etag: "3ce-5275747df2e40"
last-modified: Sun, 20 Dec 2015 16:58:25 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 3176
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872262fecd930a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/panelGradientLeft.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/panelGradientLeft.png HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/style.css?v=9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:16 GMT
content-type: image/png
content-length: 132
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1003
etag: "3eb-521922fa77a00"
last-modified: Thu, 08 Oct 2015 06:43:52 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 4037
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872262fecd980a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/panelGradientRight.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/panelGradientRight.png HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/style.css?v=9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:16 GMT
content-type: image/png
content-length: 5733
cf-bgj: imgq:100,h2pri
cf-polished: origSize=6718
etag: "1a3e-51e5751ce0ec0"
last-modified: Fri, 28 Aug 2015 04:14:27 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 132
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872262fecda10a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/panelHorizontal.png?v=2

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/panelHorizontal.png?v=2 HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/style.css?v=9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:16 GMT
content-type: image/png
content-length: 129
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1003
etag: "3eb-52192307d1980"
last-modified: Thu, 08 Oct 2015 06:44:06 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 132
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872262fecd9a0a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/blackGradientSmallTop.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/blackGradientSmallTop.png HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/style.css?v=9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:16 GMT
content-type: image/png
content-length: 106
cf-bgj: imgq:100,h2pri
cf-polished: origSize=971
etag: "3cb-5009ca663a680"
last-modified: Thu, 14 Aug 2014 20:21:30 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 132
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87226302798d0a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/playsaurusbanner2.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/playsaurusbanner2.png HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:17 GMT
content-type: image/png
content-length: 38275
cf-bgj: imgq:100,h2pri
cf-polished: origSize=41701
etag: "a2e5-5e21ccc4b4580"
last-modified: Thu, 23 Jun 2022 12:43:18 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 2394
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87226303eabd0a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/AQWorlds_CookieClicker_300x40.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/AQWorlds_CookieClicker_300x40.png HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:17 GMT
content-type: image/png
content-length: 25883
cf-bgj: imgq:100,h2pri
cf-polished: origSize=31477
etag: "7af5-5f660313e19c0"
last-modified: Wed, 08 Mar 2023 09:31:27 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 2515
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87226303eabe0a48-AMS
GET

https://orteil.dashnet.org/cookieconsent.css

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieconsent.css HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://orteil.dashnet.org/cookieclicker/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: FCNEC=%5B%5B%22AKsRol-_PiIdlRKTQVeLPdyClMWUfTLk2R238_w-zzcK4NP4KP6B071kCjYorfpvHskXo1XlBOcgcj8Nh2KRVWZhz5KvtKBgnd0IP3VXh-n4tMwK1lj44W3ZsJhfOIxZ7OdfZjhdaFMs63Pxwlv0aylw1iFptEAlAg%3D%3D%22%5D%5D
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:31 GMT
content-type: image/vnd.microsoft.icon
last-modified: Mon, 02 Sep 2013 16:44:46 GMT
etag: W/"13e-4e5694a329b80"
cache-control: max-age=432000
cf-cache-status: HIT
age: 2998
vary: Accept-Encoding
server: cloudflare
cf-ray: 87226360583c0a48-AMS
content-encoding: br
GET

https://orteil.dashnet.org/cookieclicker/img/favicon.ico

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/favicon.ico HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: FCNEC=%5B%5B%22AKsRol-_PiIdlRKTQVeLPdyClMWUfTLk2R238_w-zzcK4NP4KP6B071kCjYorfpvHskXo1XlBOcgcj8Nh2KRVWZhz5KvtKBgnd0IP3VXh-n4tMwK1lj44W3ZsJhfOIxZ7OdfZjhdaFMs63Pxwlv0aylw1iFptEAlAg%3D%3D%22%5D%5D
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:31 GMT
content-type: text/css
last-modified: Fri, 24 Feb 2023 18:56:19 GMT
etag: W/"c7b-5f576af447ac0-gzip"
vary: Accept-Encoding
cache-control: max-age=432000
cf-cache-status: HIT
age: 5805
server: cloudflare
cf-ray: 87226360583a0a48-AMS
content-encoding: br
GET

https://orteil.dashnet.org/cookieclicker/loc/EN.js?v=2.052

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/loc/EN.js?v=2.052 HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://orteil.dashnet.org/cookieclicker/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: FCNEC=%5B%5B%22AKsRol-_PiIdlRKTQVeLPdyClMWUfTLk2R238_w-zzcK4NP4KP6B071kCjYorfpvHskXo1XlBOcgcj8Nh2KRVWZhz5KvtKBgnd0IP3VXh-n4tMwK1lj44W3ZsJhfOIxZ7OdfZjhdaFMs63Pxwlv0aylw1iFptEAlAg%3D%3D%22%5D%5D
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:31 GMT
content-type: text/javascript
last-modified: Mon, 01 May 2023 18:00:37 GMT
etag: W/"3064a-5faa599985b40-gzip"
vary: Accept-Encoding
cache-control: max-age=432000
cf-cache-status: HIT
age: 3399
server: cloudflare
cf-ray: 87226360583e0a48-AMS
content-encoding: br
GET

https://cdn.dashnet.org/cookieclicker/img/goldCookie.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/goldCookie.png HTTP/2.0
host: cdn.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: FCNEC=%5B%5B%22AKsRol-_PiIdlRKTQVeLPdyClMWUfTLk2R238_w-zzcK4NP4KP6B071kCjYorfpvHskXo1XlBOcgcj8Nh2KRVWZhz5KvtKBgnd0IP3VXh-n4tMwK1lj44W3ZsJhfOIxZ7OdfZjhdaFMs63Pxwlv0aylw1iFptEAlAg%3D%3D%22%5D%5D
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:36 GMT
content-type: image/png
content-length: 22589
cdn-pullzone: 892302
cdn-uid: 50cc9c91-6c99-40f6-b142-9e20ea88ade5
cdn-requestcountrycode: DE
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=432000
etag: "5bd4-4f2039fe12a00"
last-modified: Mon, 10 Feb 2014 01:54:48 GMT
cf-bgj: imgq:100,h2pri
cf-polished: origSize=23508
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 11/10/2023 22:13:59
cdn-edgestorageid: 1047
link: <https://orteil.dashnet.org/cookieclicker/img/hearts.png>; rel="canonical"
cdn-status: 200
cdn-requestid: 7e8ec16b8c1801ebb11d53c380e42883
cdn-cache: HIT
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8722637f4f3b0a48-AMS
GET

https://cdn.dashnet.org/cookieclicker/img/wrathCookie.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/wrathCookie.png HTTP/2.0
host: cdn.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: FCNEC=%5B%5B%22AKsRol-_PiIdlRKTQVeLPdyClMWUfTLk2R238_w-zzcK4NP4KP6B071kCjYorfpvHskXo1XlBOcgcj8Nh2KRVWZhz5KvtKBgnd0IP3VXh-n4tMwK1lj44W3ZsJhfOIxZ7OdfZjhdaFMs63Pxwlv0aylw1iFptEAlAg%3D%3D%22%5D%5D
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:36 GMT
content-type: image/png
content-length: 4088
cdn-pullzone: 892302
cdn-uid: 50cc9c91-6c99-40f6-b142-9e20ea88ade5
cdn-requestcountrycode: DE
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=432000
etag: "134b-4f5ec5ea80800"
last-modified: Mon, 31 Mar 2014 19:50:56 GMT
cf-bgj: imgq:100,h2pri
cf-polished: origSize=4939
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 10/18/2023 18:33:18
cdn-edgestorageid: 1079
link: <https://orteil.dashnet.org/cookieclicker/img/contract.png>; rel="canonical"
cdn-status: 200
cdn-requestid: f4cdd716ab7e22b36351697fcf05b7da
cdn-cache: HIT
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8722637f4f380a48-AMS
GET

https://cdn.dashnet.org/cookieclicker/img/spookyCookie.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/spookyCookie.png HTTP/2.0
host: cdn.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: FCNEC=%5B%5B%22AKsRol-_PiIdlRKTQVeLPdyClMWUfTLk2R238_w-zzcK4NP4KP6B071kCjYorfpvHskXo1XlBOcgcj8Nh2KRVWZhz5KvtKBgnd0IP3VXh-n4tMwK1lj44W3ZsJhfOIxZ7OdfZjhdaFMs63Pxwlv0aylw1iFptEAlAg%3D%3D%22%5D%5D
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:36 GMT
content-type: image/png
content-length: 4731
cdn-pullzone: 892302
cdn-uid: 50cc9c91-6c99-40f6-b142-9e20ea88ade5
cdn-requestcountrycode: DE
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=432000
etag: "131e-4eea035d25f00"
last-modified: Sat, 28 Dec 2013 23:02:52 GMT
cf-bgj: imgq:100,h2pri
cf-polished: origSize=4894
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 03/08/2024 04:16:52
cdn-edgestorageid: 865
link: <https://orteil.dashnet.org/cookieclicker/img/wrathCookie.png>; rel="canonical"
cdn-status: 200
cdn-requestid: df51a0e51eb9ed45beeb27b839c9f56b
cdn-cache: HIT
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8722637f4f340a48-AMS
GET

https://cdn.dashnet.org/cookieclicker/img/contract.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/contract.png HTTP/2.0
host: cdn.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: FCNEC=%5B%5B%22AKsRol-_PiIdlRKTQVeLPdyClMWUfTLk2R238_w-zzcK4NP4KP6B071kCjYorfpvHskXo1XlBOcgcj8Nh2KRVWZhz5KvtKBgnd0IP3VXh-n4tMwK1lj44W3ZsJhfOIxZ7OdfZjhdaFMs63Pxwlv0aylw1iFptEAlAg%3D%3D%22%5D%5D
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:36 GMT
content-type: image/png
content-length: 3856
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cache: HIT
cdn-cachedat: 05/07/2023 01:45:49
cdn-edgestorageid: 1075
cdn-proxyver: 1.03
cdn-pullzone: 892302
cdn-requestcountrycode: DE
cdn-requestid: 52e45781dd2d960f418c3e014e4fe515
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-status: 200
cdn-uid: 50cc9c91-6c99-40f6-b142-9e20ea88ade5
cache-control: public, max-age=432000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=4099
etag: "1003-4eea0270a3100"
last-modified: Sat, 28 Dec 2013 22:58:44 GMT
link: <https://orteil.dashnet.org/cookieclicker/img/goldCookie.png>; rel="canonical"
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8722637f4f310a48-AMS
GET

https://cdn.dashnet.org/cookieclicker/img/hearts.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/hearts.png HTTP/2.0
host: cdn.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: FCNEC=%5B%5B%22AKsRol-_PiIdlRKTQVeLPdyClMWUfTLk2R238_w-zzcK4NP4KP6B071kCjYorfpvHskXo1XlBOcgcj8Nh2KRVWZhz5KvtKBgnd0IP3VXh-n4tMwK1lj44W3ZsJhfOIxZ7OdfZjhdaFMs63Pxwlv0aylw1iFptEAlAg%3D%3D%22%5D%5D
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:36 GMT
content-type: image/png
content-length: 4216
cdn-pullzone: 892302
cdn-uid: 50cc9c91-6c99-40f6-b142-9e20ea88ade5
cdn-requestcountrycode: DE
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=432000
etag: "146f-4f5ec754e5f00"
last-modified: Mon, 31 Mar 2014 19:57:16 GMT
cf-bgj: imgq:100,h2pri
cf-polished: origSize=5231
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 10/31/2023 19:01:51
cdn-edgestorageid: 1077
link: <https://orteil.dashnet.org/cookieclicker/img/wrathContract.png>; rel="canonical"
cdn-status: 200
cdn-requestid: 0c5a0e35a85e43130d53dbcac46be384
cdn-cache: HIT
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8722637f4f3e0a48-AMS
GET

https://cdn.dashnet.org/cookieclicker/img/wrathContract.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/wrathContract.png HTTP/2.0
host: cdn.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: FCNEC=%5B%5B%22AKsRol-_PiIdlRKTQVeLPdyClMWUfTLk2R238_w-zzcK4NP4KP6B071kCjYorfpvHskXo1XlBOcgcj8Nh2KRVWZhz5KvtKBgnd0IP3VXh-n4tMwK1lj44W3ZsJhfOIxZ7OdfZjhdaFMs63Pxwlv0aylw1iFptEAlAg%3D%3D%22%5D%5D
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:36 GMT
content-type: image/png
content-length: 4436
cdn-pullzone: 892302
cdn-uid: 50cc9c91-6c99-40f6-b142-9e20ea88ade5
cdn-requestcountrycode: DE
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=432000
etag: "1154-4eea035584d00"
last-modified: Sat, 28 Dec 2013 23:02:44 GMT
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 10/31/2023 18:58:46
cdn-edgestorageid: 1048
link: <https://orteil.dashnet.org/cookieclicker/img/spookyCookie.png>; rel="canonical"
cdn-status: 200
cdn-requestid: f1aaf5633b03f68504d427790e8faaf6
cdn-cache: HIT
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8722637f4f360a48-AMS
GET

https://cdn.dashnet.org/cookieclicker/img/bunnies.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/bunnies.png HTTP/2.0
host: cdn.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: FCNEC=%5B%5B%22AKsRol-_PiIdlRKTQVeLPdyClMWUfTLk2R238_w-zzcK4NP4KP6B071kCjYorfpvHskXo1XlBOcgcj8Nh2KRVWZhz5KvtKBgnd0IP3VXh-n4tMwK1lj44W3ZsJhfOIxZ7OdfZjhdaFMs63Pxwlv0aylw1iFptEAlAg%3D%3D%22%5D%5D
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:37 GMT
content-type: image/png
content-length: 9619
cdn-pullzone: 892302
cdn-uid: 50cc9c91-6c99-40f6-b142-9e20ea88ade5
cdn-requestcountrycode: US
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=432000
etag: "26e5-4eea026ebac80"
last-modified: Sat, 28 Dec 2013 22:58:42 GMT
cf-bgj: imgq:100,h2pri
cf-polished: origSize=9957
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 01/03/2024 12:29:49
cdn-edgestorageid: 1029
link: <https://orteil.dashnet.org/cookieclicker/img/frostedReindeer.png>; rel="canonical"
cdn-status: 200
cdn-requestid: 9add5f40342a3b982172d1fc430dc94a
cdn-cache: HIT
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87226385fe750a48-AMS
GET

https://cdn.dashnet.org/cookieclicker/img/frostedReindeer.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/frostedReindeer.png HTTP/2.0
host: cdn.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: FCNEC=%5B%5B%22AKsRol-_PiIdlRKTQVeLPdyClMWUfTLk2R238_w-zzcK4NP4KP6B071kCjYorfpvHskXo1XlBOcgcj8Nh2KRVWZhz5KvtKBgnd0IP3VXh-n4tMwK1lj44W3ZsJhfOIxZ7OdfZjhdaFMs63Pxwlv0aylw1iFptEAlAg%3D%3D%22%5D%5D
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:37 GMT
content-type: image/png
content-length: 22373
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cache: HIT
cdn-cachedat: 05/07/2023 01:45:50
cdn-edgestorageid: 723
cdn-proxyver: 1.03
cdn-pullzone: 892302
cdn-requestcountrycode: DE
cdn-requestid: 2654cafca42976eecd4265f11a1fe8b4
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-status: 200
cdn-uid: 50cc9c91-6c99-40f6-b142-9e20ea88ade5
cache-control: public, max-age=432000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=23224
etag: "5ab8-4f7aa39427400"
last-modified: Tue, 22 Apr 2014 23:46:24 GMT
link: <https://orteil.dashnet.org/cookieclicker/img/bunnies.png>; rel="canonical"
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87226385fe710a48-AMS
GET

https://orteil.dashnet.org/patreon/grab.php?nocache=1712748452476

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /patreon/grab.php?nocache=1712748452476 HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://orteil.dashnet.org/cookieclicker/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: FCNEC=%5B%5B%22AKsRol-_PiIdlRKTQVeLPdyClMWUfTLk2R238_w-zzcK4NP4KP6B071kCjYorfpvHskXo1XlBOcgcj8Nh2KRVWZhz5KvtKBgnd0IP3VXh-n4tMwK1lj44W3ZsJhfOIxZ7OdfZjhdaFMs63Pxwlv0aylw1iFptEAlAg%3D%3D%22%5D%5D
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:38 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87226387d85f0a48-AMS
content-encoding: br
GET

https://orteil.dashnet.org/cookieclicker/img/heraldFlag.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/heraldFlag.png HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: FCNEC=%5B%5B%22AKsRol-_PiIdlRKTQVeLPdyClMWUfTLk2R238_w-zzcK4NP4KP6B071kCjYorfpvHskXo1XlBOcgcj8Nh2KRVWZhz5KvtKBgnd0IP3VXh-n4tMwK1lj44W3ZsJhfOIxZ7OdfZjhdaFMs63Pxwlv0aylw1iFptEAlAg%3D%3D%22%5D%5D
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:38 GMT
content-type: image/png
content-length: 2773
cf-bgj: imgq:100,h2pri
cf-polished: origSize=3725
etag: "e8d-577ce7d6fcac0"
last-modified: Tue, 09 Oct 2018 16:47:15 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 169
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8722638b6bfa0a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/lockOn.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/lockOn.png HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: FCNEC=%5B%5B%22AKsRol-_PiIdlRKTQVeLPdyClMWUfTLk2R238_w-zzcK4NP4KP6B071kCjYorfpvHskXo1XlBOcgcj8Nh2KRVWZhz5KvtKBgnd0IP3VXh-n4tMwK1lj44W3ZsJhfOIxZ7OdfZjhdaFMs63Pxwlv0aylw1iFptEAlAg%3D%3D%22%5D%5D
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:38 GMT
content-type: image/png
content-length: 326
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1180
etag: "49c-592a2e3566300"
last-modified: Mon, 16 Sep 2019 03:06:20 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 3816
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8722638b6bfc0a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/featherLeft.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/featherLeft.png HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/style.css?v=9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: FCNEC=%5B%5B%22AKsRol-_PiIdlRKTQVeLPdyClMWUfTLk2R238_w-zzcK4NP4KP6B071kCjYorfpvHskXo1XlBOcgcj8Nh2KRVWZhz5KvtKBgnd0IP3VXh-n4tMwK1lj44W3ZsJhfOIxZ7OdfZjhdaFMs63Pxwlv0aylw1iFptEAlAg%3D%3D%22%5D%5D
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:39 GMT
content-type: image/png
content-length: 2032
cf-bgj: imgq:100,h2pri
cf-polished: origSize=2973
etag: "b9d-526bbc73da8c0"
last-modified: Sat, 12 Dec 2015 23:27:07 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 3759
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8722638d7e0a0a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/featherRight.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/featherRight.png HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/style.css?v=9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: FCNEC=%5B%5B%22AKsRol-_PiIdlRKTQVeLPdyClMWUfTLk2R238_w-zzcK4NP4KP6B071kCjYorfpvHskXo1XlBOcgcj8Nh2KRVWZhz5KvtKBgnd0IP3VXh-n4tMwK1lj44W3ZsJhfOIxZ7OdfZjhdaFMs63Pxwlv0aylw1iFptEAlAg%3D%3D%22%5D%5D
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:39 GMT
content-type: image/jpeg
content-length: 17730
cf-bgj: imgq:100,h2pri
cf-polished: origSize=18462
etag: "481e-4eeae0ba62280"
last-modified: Sun, 29 Dec 2013 15:33:14 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 170
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8722638d9e250a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/storeTile.jpg

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/storeTile.jpg HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/style.css?v=9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: FCNEC=%5B%5B%22AKsRol-_PiIdlRKTQVeLPdyClMWUfTLk2R238_w-zzcK4NP4KP6B071kCjYorfpvHskXo1XlBOcgcj8Nh2KRVWZhz5KvtKBgnd0IP3VXh-n4tMwK1lj44W3ZsJhfOIxZ7OdfZjhdaFMs63Pxwlv0aylw1iFptEAlAg%3D%3D%22%5D%5D
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:39 GMT
content-type: image/png
content-length: 259
cf-bgj: imgq:100,h2pri
cf-polished: origSize=280
etag: "118-4eea02df43600"
last-modified: Sat, 28 Dec 2013 23:00:40 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 5022
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8722638d9e290a48-AMS
GET

https://cdn.dashnet.org/cookieclicker/img/buildings.png?v=2.052

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/buildings.png?v=2.052 HTTP/2.0
host: cdn.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: FCNEC=%5B%5B%22AKsRol-_PiIdlRKTQVeLPdyClMWUfTLk2R238_w-zzcK4NP4KP6B071kCjYorfpvHskXo1XlBOcgcj8Nh2KRVWZhz5KvtKBgnd0IP3VXh-n4tMwK1lj44W3ZsJhfOIxZ7OdfZjhdaFMs63Pxwlv0aylw1iFptEAlAg%3D%3D%22%5D%5D
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:39 GMT
content-type: image/png
content-length: 1985
cf-bgj: imgq:100,h2pri
cf-polished: origSize=3000
etag: "bb8-526bbc8410f00"
last-modified: Sat, 12 Dec 2015 23:27:24 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 1288
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8722638d9e220a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/money.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/money.png HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/style.css?v=9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: FCNEC=%5B%5B%22AKsRol-_PiIdlRKTQVeLPdyClMWUfTLk2R238_w-zzcK4NP4KP6B071kCjYorfpvHskXo1XlBOcgcj8Nh2KRVWZhz5KvtKBgnd0IP3VXh-n4tMwK1lj44W3ZsJhfOIxZ7OdfZjhdaFMs63Pxwlv0aylw1iFptEAlAg%3D%3D%22%5D%5D
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:39 GMT
content-type: image/png
content-length: 39907
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cache: HIT
cdn-cachedat: 06/15/2023 08:25:06
cdn-edgestorageid: 874
cdn-proxyver: 1.03
cdn-pullzone: 892302
cdn-requestcountrycode: DE
cdn-requestid: c89f6364237fd739e1530a13182f064f
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-status: 200
cdn-uid: 50cc9c91-6c99-40f6-b142-9e20ea88ade5
cache-control: public, max-age=432000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=45091
etag: "b023-5f7871136c140"
last-modified: Thu, 23 Mar 2023 01:19:25 GMT
link: <https://orteil.dashnet.org/cookieclicker/img/buildings.png>; rel="canonical"
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8722638d9e260a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/tinyglobe.gif

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/tinyglobe.gif HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/style.css?v=9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: FCNEC=%5B%5B%22AKsRol-_PiIdlRKTQVeLPdyClMWUfTLk2R238_w-zzcK4NP4KP6B071kCjYorfpvHskXo1XlBOcgcj8Nh2KRVWZhz5KvtKBgnd0IP3VXh-n4tMwK1lj44W3ZsJhfOIxZ7OdfZjhdaFMs63Pxwlv0aylw1iFptEAlAg%3D%3D%22%5D%5D
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:44 GMT
content-type: image/gif
content-length: 11600
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
etag: "2d50-5e27ce7d6f640"
last-modified: Tue, 28 Jun 2022 07:22:57 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 6784
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872263ae0eb60a48-AMS
GET

https://cdn.dashnet.org/cookieclicker/snd/smallTick.mp3

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/snd/smallTick.mp3 HTTP/2.0
host: cdn.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
accept-encoding: identity;q=1, *;q=0
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: audio
referer: https://orteil.dashnet.org/
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: FCNEC=%5B%5B%22AKsRol-_PiIdlRKTQVeLPdyClMWUfTLk2R238_w-zzcK4NP4KP6B071kCjYorfpvHskXo1XlBOcgcj8Nh2KRVWZhz5KvtKBgnd0IP3VXh-n4tMwK1lj44W3ZsJhfOIxZ7OdfZjhdaFMs63Pxwlv0aylw1iFptEAlAg%3D%3D%22%5D%5D
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt
range: bytes=0-

Response

HTTP/2.0 206

date: Wed, 10 Apr 2024 11:27:44 GMT
content-type: audio/mpeg
content-length: 2176
cdn-pullzone: 892302
cdn-uid: 50cc9c91-6c99-40f6-b142-9e20ea88ade5
cdn-requestcountrycode: US
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=432000
etag: "880-523889de358c0"
last-modified: Mon, 02 Nov 2015 06:09:15 GMT
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 10/31/2023 18:51:52
cdn-edgestorageid: 865
link: <https://orteil.dashnet.org/cookieclicker/snd/smallTick.mp3>; rel="canonical"
cdn-status: 200
cdn-requestid: cfcdfd46bd7386c50ea9fee197237df9
cdn-cache: HIT
cf-cache-status: REVALIDATED
content-range: bytes 0-2175/2176
vary: Accept-Encoding
server: cloudflare
cf-ray: 872263ae0ebd0a48-AMS
GET

https://cdn.dashnet.org/cookieclicker/snd/tick.mp3

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/snd/tick.mp3 HTTP/2.0
host: cdn.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
accept-encoding: identity;q=1, *;q=0
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: audio
referer: https://orteil.dashnet.org/
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: FCNEC=%5B%5B%22AKsRol-_PiIdlRKTQVeLPdyClMWUfTLk2R238_w-zzcK4NP4KP6B071kCjYorfpvHskXo1XlBOcgcj8Nh2KRVWZhz5KvtKBgnd0IP3VXh-n4tMwK1lj44W3ZsJhfOIxZ7OdfZjhdaFMs63Pxwlv0aylw1iFptEAlAg%3D%3D%22%5D%5D
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt
range: bytes=0-

Response

HTTP/2.0 206

date: Wed, 10 Apr 2024 11:27:44 GMT
content-type: audio/mpeg
content-length: 2688
cdn-pullzone: 892302
cdn-uid: 50cc9c91-6c99-40f6-b142-9e20ea88ade5
cdn-requestcountrycode: DE
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=432000
etag: "a80-5234dae4896c0"
last-modified: Fri, 30 Oct 2015 07:50:27 GMT
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 05/07/2023 01:49:39
cdn-edgestorageid: 1055
link: <https://orteil.dashnet.org/cookieclicker/snd/tick.mp3>; rel="canonical"
cdn-status: 200
cdn-requestid: 35b633df5c4a141c9407197bb6863f5c
cdn-cache: HIT
cf-cache-status: REVALIDATED
content-range: bytes 0-2687/2688
vary: Accept-Encoding
server: cloudflare
cf-ray: 872263af78260a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/ HTTP/2.0
host: orteil.dashnet.org
cache-control: max-age=0
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://orteil.dashnet.org/cookieclicker/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: FCNEC=%5B%5B%22AKsRol-_PiIdlRKTQVeLPdyClMWUfTLk2R238_w-zzcK4NP4KP6B071kCjYorfpvHskXo1XlBOcgcj8Nh2KRVWZhz5KvtKBgnd0IP3VXh-n4tMwK1lj44W3ZsJhfOIxZ7OdfZjhdaFMs63Pxwlv0aylw1iFptEAlAg%3D%3D%22%5D%5D
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt
if-modified-since: Tue, 02 Jan 2024 00:51:32 GMT

Response

HTTP/2.0 304

date: Wed, 10 Apr 2024 11:27:44 GMT
last-modified: Tue, 02 Jan 2024 00:51:32 GMT
etag: "3bae-60debe644ad00"
accept-ranges: bytes
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 872263af782d0a48-AMS
GET

https://orteil.dashnet.org/cookieclicker/img/playsaurusbanner1.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/playsaurusbanner1.png HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/cookieclicker/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: FCNEC=%5B%5B%22AKsRol-_PiIdlRKTQVeLPdyClMWUfTLk2R238_w-zzcK4NP4KP6B071kCjYorfpvHskXo1XlBOcgcj8Nh2KRVWZhz5KvtKBgnd0IP3VXh-n4tMwK1lj44W3ZsJhfOIxZ7OdfZjhdaFMs63Pxwlv0aylw1iFptEAlAg%3D%3D%22%5D%5D
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:45 GMT
content-type: image/png
content-length: 34389
cf-bgj: imgq:100,h2pri
cf-polished: origSize=38886
etag: "97e6-5e21d279bbc80"
last-modified: Thu, 23 Jun 2022 13:08:50 GMT
cache-control: max-age=432000
cf-cache-status: HIT
age: 7005
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872263b57d210a48-AMS
GET

https://orteil.dashnet.org/patreon/grab.php?nocache=1712748471050

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /patreon/grab.php?nocache=1712748471050 HTTP/2.0
host: orteil.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://orteil.dashnet.org/cookieclicker/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt
cookie: FCNEC=%5B%5B%22AKsRol-2a3hkazSdDFK32BJQESLPbDAULPZpoc-1kga30EVbw7bp-kzuRQWBBNzDe7TUWvYfN7tV3txNKroS3jcGupGXfjbfGb48pa2_OB21dFMERLb5RoP1SCEP6c9L74ocU2DO-H8CwKnuAVZD_R7mWEjiX0Ystg%3D%3D%22%5D%5D

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:57 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 872263fcbc510a48-AMS
content-encoding: br
GET

https://cdn.dashnet.org/cookieclicker/img/icons.png?v=2.052

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/icons.png?v=2.052 HTTP/2.0
host: cdn.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: _fbp=fb.1.1712748432721.888817575
cookie: __gads=ID=63690af4b1f01307:T=1712748438:RT=1712748438:S=ALNI_Ma5MRcIsOEsISZe1zSqz3AlrcOeZw
cookie: __gpi=UID=00000d5b684c1cfc:T=1712748438:RT=1712748438:S=ALNI_MZqGUE6CY5eSdBp-ZWiKrrwLoywgQ
cookie: __eoi=ID=8dfe288dc66c521b:T=1712748438:RT=1712748438:S=AA-AfjarLgE43yxdZg0wF6A0CEyt
cookie: FCNEC=%5B%5B%22AKsRol-2a3hkazSdDFK32BJQESLPbDAULPZpoc-1kga30EVbw7bp-kzuRQWBBNzDe7TUWvYfN7tV3txNKroS3jcGupGXfjbfGb48pa2_OB21dFMERLb5RoP1SCEP6c9L74ocU2DO-H8CwKnuAVZD_R7mWEjiX0Ystg%3D%3D%22%5D%5D

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:58 GMT
content-type: image/png
content-length: 181368
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cache: HIT
cdn-cachedat: 05/07/2023 01:45:50
cdn-edgestorageid: 722
cdn-proxyver: 1.03
cdn-pullzone: 892302
cdn-requestcountrycode: DE
cdn-requestid: bb472205a73d3b250f29749eed8a711c
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-status: 200
cdn-uid: 50cc9c91-6c99-40f6-b142-9e20ea88ade5
cache-control: public, max-age=432000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=197679
etag: "3042f-5f65e73a364c0"
last-modified: Wed, 08 Mar 2023 07:26:51 GMT
link: <https://orteil.dashnet.org/cookieclicker/img/icons.png>; rel="canonical"
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872264054d680a48-AMS
DNS

cdnjs.cloudflare.com

chrome.exe

Remote address:

8.8.8.8:53

Request

cdnjs.cloudflare.com

IN A

Response

cdnjs.cloudflare.com

IN A

104.17.25.14

cdnjs.cloudflare.com

IN A

104.17.24.14
GET

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/cookieconsent.min.js

chrome.exe

Remote address:

104.17.25.14:443

Request

GET /ajax/libs/cookieconsent2/1.0.9/cookieconsent.min.js HTTP/2.0
host: cdnjs.cloudflare.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:15 GMT
content-type: application/javascript; charset=utf-8
content-length: 1618
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e2d-11d8"
last-modified: Mon, 04 May 2020 16:09:17 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 503520
expires: Mon, 31 Mar 2025 11:27:15 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ghzf%2Fgi6sJhSCqZKpm0OELph0O0R4HymvpwOOpV%2FssVLGFbTIT7H6KAqJ0mbiIU%2BOof3jsgaKkDfZKdiW2l36sxB9TzMwQIwsSbut3w%2BivKw4kkFq5CK3FzPH%2B823uahz133cWxK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 872262f969b7947c-LHR
alt-svc: h3=":443"; ma=86400
DNS

googleads.g.doubleclick.net

chrome.exe

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.250.179.226
DNS

connect.facebook.net

chrome.exe

Remote address:

8.8.8.8:53

Request

connect.facebook.net

IN A

Response

connect.facebook.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

157.240.221.16
DNS

10.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.178.250.142.in-addr.arpa

IN PTR

Response

10.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f101e100net
DNS

206.60.22.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.60.22.104.in-addr.arpa

IN PTR

Response
DNS

34.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.200.250.142.in-addr.arpa

IN PTR

Response

34.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f21e100net
DNS

14.25.17.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.25.17.104.in-addr.arpa

IN PTR

Response
DNS

226.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.179.250.142.in-addr.arpa

IN PTR

Response

226.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f21e100net
DNS

16.221.240.157.in-addr.arpa

Remote address:

8.8.8.8:53

Request

16.221.240.157.in-addr.arpa

IN PTR

Response

16.221.240.157.in-addr.arpa

IN PTR

xx-fbcdn-shv-01-lhr8fbcdnnet
DNS

www.facebook.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

163.70.151.35
DNS

fundingchoicesmessages.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

fundingchoicesmessages.google.com

IN A

Response

fundingchoicesmessages.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

172.217.16.238
GET

https://fundingchoicesmessages.google.com/i/ca-pub-8491708950677704?ers=2

chrome.exe

Remote address:

172.217.16.238:443

Request

GET /i/ca-pub-8491708950677704?ers=2 HTTP/2.0
host: fundingchoicesmessages.google.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: NID=513=WHssl5trAhT4FFV0iF9kogSpkv451HvB08vC6qja_BrB4Al0i19h1OisX4b0UNV3nYkO1ae38-5BriiKDSCEfSTPXn0dFFliuSSc709-WTqmJ4N2ox_0MCCok6b2d6SabUJ62qR4_5BND3jyuiIpVtFgraz8IyDX-awjHjeU4yA
DNS

tpc.googlesyndication.com

chrome.exe

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

142.250.200.33
GET

https://tpc.googlesyndication.com/pagead/js/r20240408/r20110914/client/qs_click_protection_fy2021.js

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /pagead/js/r20240408/r20110914/client/qs_click_protection_fy2021.js HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://tpc.googlesyndication.com/pagead/js/r20240408/r20110914/client/window_focus_fy2021.js

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /pagead/js/r20240408/r20110914/client/window_focus_fy2021.js HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

s0.2mdn.net

chrome.exe

Remote address:

8.8.8.8:53

Request

s0.2mdn.net

IN A

Response

s0.2mdn.net

IN A

172.217.169.70
DNS

35.151.70.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.151.70.163.in-addr.arpa

IN PTR

Response

35.151.70.163.in-addr.arpa

IN PTR

edge-star-mini-shv-02-lhr6facebookcom
GET

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

chrome.exe

Remote address:

172.217.169.70:443

Request

GET /879366/express_html_inpage_rendering_lib_200_278.js HTTP/2.0
host: s0.2mdn.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://googleads.g.doubleclick.net
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

chrome.exe

Remote address:

172.217.169.70:443

Request

GET /879366/html_inpage_rendering_lib_200_278.js HTTP/2.0
host: s0.2mdn.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://googleads.g.doubleclick.net
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

238.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.16.217.172.in-addr.arpa

IN PTR

Response

238.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f141e100net

238.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f14�I
DNS

33.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.200.250.142.in-addr.arpa

IN PTR

Response

33.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f11e100net
DNS

cm.g.doubleclick.net

chrome.exe

Remote address:

8.8.8.8:53

Request

cm.g.doubleclick.net

IN A

Response

cm.g.doubleclick.net

IN A

216.58.201.98
DNS

dsum-sec.casalemedia.com

chrome.exe

Remote address:

8.8.8.8:53

Request

dsum-sec.casalemedia.com

IN A

Response

dsum-sec.casalemedia.com

IN A

104.18.36.155

dsum-sec.casalemedia.com

IN A

172.64.151.101
DNS

ib.adnxs.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ib.adnxs.com

IN A

Response

ib.adnxs.com

IN CNAME

g.geo.appnexusgslb.net

g.geo.appnexusgslb.net

IN CNAME

ib.anycast.adnxs.com

ib.anycast.adnxs.com

IN A

185.89.210.46

ib.anycast.adnxs.com

IN A

185.89.211.116

ib.anycast.adnxs.com

IN A

185.89.210.212

ib.anycast.adnxs.com

IN A

185.89.210.141

ib.anycast.adnxs.com

IN A

185.89.210.153

ib.anycast.adnxs.com

IN A

185.89.210.82

ib.anycast.adnxs.com

IN A

185.89.210.180

ib.anycast.adnxs.com

IN A

185.89.211.84

ib.anycast.adnxs.com

IN A

185.89.210.90

ib.anycast.adnxs.com

IN A

185.89.210.122

ib.anycast.adnxs.com

IN A

185.89.210.244

ib.anycast.adnxs.com

IN A

185.89.210.20
DNS

70.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

70.169.217.172.in-addr.arpa

IN PTR

Response

70.169.217.172.in-addr.arpa

IN PTR

lhr48s09-in-f61e100net
GET

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D

chrome.exe

Remote address:

104.18.36.155:443

Request

GET /rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP/2.0
host: dsum-sec.casalemedia.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Wed, 10 Apr 2024 11:27:22 GMT
content-length: 0
location: /rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
cf-ray: 87226324d8d8633d-LHR
cf-cache-status: DYNAMIC
cache-control: no-cache
expires: 0
set-cookie: CMID=ZhZ3mrmqPkwAAGAbAVJjKgAA; Path=/; Domain=casalemedia.com; Expires=Thu, 10 Apr 2025 11:27:22 GMT; Max-Age=31536000; Secure; SameSite=None
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
set-cookie: CMPS=5054; Path=/; Domain=casalemedia.com; Expires=Tue, 09 Jul 2024 11:27:22 GMT; Max-Age=7776000; Secure; SameSite=None
set-cookie: CMPRO=5054; Path=/; Domain=casalemedia.com; Expires=Tue, 09 Jul 2024 11:27:22 GMT; Max-Age=7776000; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CPCAnP6uttyI8XahP%2FgQtBiiKZp1u1QW15QRtfetmA9ObnMgp5YxY3OZvZKb7xJFmOqowuUBZt2yNskn%2Fv26VF3QN5G%2F%2BZFaHebd%2FA%2BUHpUO21ihwyCLf3Ekg70ip6%2FdOWfCjQR890q1tg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400
GET

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm

chrome.exe

Remote address:

216.58.201.98:443

Request

GET /pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP/2.0
host: cm.g.doubleclick.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: IDE=AHWqTUnnE7yx81Vt5G8IZNewtH9OJUPfPe6WAvWV9tMDGZhN9eT_DmtlbAo9NeCE
GET

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm

chrome.exe

Remote address:

216.58.201.98:443

Request

GET /pixel?google_nid=appnexus&google_cm&google_dbm HTTP/2.0
host: cm.g.doubleclick.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: IDE=AHWqTUnnE7yx81Vt5G8IZNewtH9OJUPfPe6WAvWV9tMDGZhN9eT_DmtlbAo9NeCE
DNS

46.210.89.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.210.89.185.in-addr.arpa

IN PTR

Response

46.210.89.185.in-addr.arpa

IN PTR

940bm-nginx-loadbalancermgmtams3adnexusnet
DNS

155.36.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

155.36.18.104.in-addr.arpa

IN PTR

Response
DNS

98.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

98.201.58.216.in-addr.arpa

IN PTR

Response

98.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f21e100net

98.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f2�G

98.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f98�G
DNS

googleads4.g.doubleclick.net

chrome.exe

Remote address:

8.8.8.8:53

Request

googleads4.g.doubleclick.net

IN A

Response

googleads4.g.doubleclick.net

IN A

172.217.169.2
GET

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstYs1OMhAhzls8wrU_50iQuXXAcUqiRrBURd51OtxZYtxd5m-VWSc5h-Td_3Xzd1PiLMDWpveWEF9Pda7ppjD0v79X2KFy6KcAWTr4eIo6jIBOLRZAn2fCg8ysZE0qv_adSkEPfZpWZZD_FQlt6lYX5nKbU1RTa2v41-jl0yjGr3iVYzUqJqwahd__4XboDa8XFnFtCnYzxfr9foFY7OD7vI5QWmldnS9BWJar9BtN0JyfzO39jlJe4J7UyYCLUwCUF4-OHpp5vsz6chQ2uZDjvLcwAJI39_bxC2dpBIvSdw7KNM24JJNZ0C3wk19DF6DKoNctzBizzFtHl9WCzhI5TU-MG3_5HVg2eJ8ZmgFR16eo401BiF6uRikf7rBrmhTZnPw4tUOXW1bxV5ZkLoALCR-f-6sSZf_pSBCkqo3WVs7JLoujpF1YWGXLsDI1V7PVf_8xug-X7GmZuray8G94ItIHPTI20-DZxEgIrNfZBMGJlEYlz8_pXs1G_DF3U66VXapW_3sPbYy52OHL-5Iezzc2ByV8bBZX8E6vUuV74ioSCiO2yL89TgVVSXZv64yXvIi95Xg1w8up-AGrvouREMwXycPBK7Kep-LMaZk7R-Wn8kYXsDdWcJ_QZDiMNnSO1pW5ur5kJRiaOI3JzK_MHDbPLzYuUnvhjDqJI6dmZDWvoTSDgIKXs0rYfguXlb_OMNDbU1EDlRJMVqHxq0sHOV6ADsCkYg7EHaeTAlUWk3x8x2ON4OuK5fubbKtIWKBJrlAgVvYxgt5PfcU1GHGoauTV7CpFlZWPpHQve3XBJVYRrV8mVsq_9xCrbj8cgxwEy5HOzSIQoe1SwAVMTi62PRXCc3-Fq2Q6rr8KeYLb7iUe0vHibLfrPSwFOsiJj6DFdimAhu38uXVc9e-BHT9PSSudAT4x-avLyo47uA2kgkrvu8MsydbUkBRATTdKyMwDp4jd39q_MFT5YgYtEOkEF8dwf13nVvUYSJIi3koaQ7k0W4TVzvP8YlTDYwYdSEYrSGFLz_YNyxyl2viPPC-3tf7eu2CkpVdgneJMgVOhAy24YQzyZFOcKM9cR4kmwuzLexhiiyirA7kA7eR9JckGQuv-N-XIgaJbLJFCm0nje1oqaazOx3Jv63A-9cRHVCso2TWZYpi1DKUOHg0dn4mpFUwealBEqzru3EzAb-NaGiFHG873v7Vvn6qX2fuNKKnHhtDb1JK8qM7I3dRD70fu5gPb6rG2NcEukq2g33Jktof3BS6RtJRUd-PSKo54CGvI3D5-DquNgZdYCS_s7Z55JcUVQp2ozfUjpgxjJIDbKgsbnxnzBkp-cfLO2aB8OdU2yDpC-cKam&sai=AMfl-YSyVdABCgG3pbqrstv08s78dtueczc4jl9MHFYnK_iSmXexj6UCCenhixr2FdQr9gOCqQiGERDYNeZcFwlTyvyj4Tzg2naGYeWQ1BqBo356anHJF24ygv3HIBQuVrALrJi4j4ZAnJnd_PME75P_Dofr7PeFPiLYaAZBq-j4JJ5GMaJYxjghr-a_zaQ9syUuLreWZcpHCr3ruZAi88bk5Xumnlhbkb_-_rBpUQ3JkoRbEakCdJo13fScMmTXVB7BZmzOdrZeSuAL5ncBoBW6xNvQtC1l6aM9itYI6bALlgArO54ag8r0KeEk6xhJyV65lcjlbYDvNvP21xegDWqz2_cA0O8P_69LGQEc1VSjw4ZSsZa8uSkwfWoBV-YDgaKRbf-OxFkcTNS_VSWiIJ-ACYasDkRrgI6Q0_Qn2tSiIo66KQVZhWlkdpJEvF1_bs4s4wdkW6AeSLp9Q8y4QjZuIWB9HTn_-EJqTL0ncurZL_M2v-H-LJhETwA&sig=Cg0ArKJSzAnsaJQGr63cEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=2822&cbvp=1&cstd=2804&cisv=r20240408.85842&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTA2LjAuNTI0OS4xMTkiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxMDYuMC41MjQ5LjExOSJdLFsiR29vZ2xlIENocm9tZSIsIjEwNi4wLjUyNDkuMTE5Il0sWyJOb3Q7QT1CcmFuZCIsIjk5LjAuMC4wIl1dLDBd&arae=0&ftch=1&adurl=

chrome.exe

Remote address:

172.217.169.2:443

Request

GET /pcs/view?xai=AKAOjstYs1OMhAhzls8wrU_50iQuXXAcUqiRrBURd51OtxZYtxd5m-VWSc5h-Td_3Xzd1PiLMDWpveWEF9Pda7ppjD0v79X2KFy6KcAWTr4eIo6jIBOLRZAn2fCg8ysZE0qv_adSkEPfZpWZZD_FQlt6lYX5nKbU1RTa2v41-jl0yjGr3iVYzUqJqwahd__4XboDa8XFnFtCnYzxfr9foFY7OD7vI5QWmldnS9BWJar9BtN0JyfzO39jlJe4J7UyYCLUwCUF4-OHpp5vsz6chQ2uZDjvLcwAJI39_bxC2dpBIvSdw7KNM24JJNZ0C3wk19DF6DKoNctzBizzFtHl9WCzhI5TU-MG3_5HVg2eJ8ZmgFR16eo401BiF6uRikf7rBrmhTZnPw4tUOXW1bxV5ZkLoALCR-f-6sSZf_pSBCkqo3WVs7JLoujpF1YWGXLsDI1V7PVf_8xug-X7GmZuray8G94ItIHPTI20-DZxEgIrNfZBMGJlEYlz8_pXs1G_DF3U66VXapW_3sPbYy52OHL-5Iezzc2ByV8bBZX8E6vUuV74ioSCiO2yL89TgVVSXZv64yXvIi95Xg1w8up-AGrvouREMwXycPBK7Kep-LMaZk7R-Wn8kYXsDdWcJ_QZDiMNnSO1pW5ur5kJRiaOI3JzK_MHDbPLzYuUnvhjDqJI6dmZDWvoTSDgIKXs0rYfguXlb_OMNDbU1EDlRJMVqHxq0sHOV6ADsCkYg7EHaeTAlUWk3x8x2ON4OuK5fubbKtIWKBJrlAgVvYxgt5PfcU1GHGoauTV7CpFlZWPpHQve3XBJVYRrV8mVsq_9xCrbj8cgxwEy5HOzSIQoe1SwAVMTi62PRXCc3-Fq2Q6rr8KeYLb7iUe0vHibLfrPSwFOsiJj6DFdimAhu38uXVc9e-BHT9PSSudAT4x-avLyo47uA2kgkrvu8MsydbUkBRATTdKyMwDp4jd39q_MFT5YgYtEOkEF8dwf13nVvUYSJIi3koaQ7k0W4TVzvP8YlTDYwYdSEYrSGFLz_YNyxyl2viPPC-3tf7eu2CkpVdgneJMgVOhAy24YQzyZFOcKM9cR4kmwuzLexhiiyirA7kA7eR9JckGQuv-N-XIgaJbLJFCm0nje1oqaazOx3Jv63A-9cRHVCso2TWZYpi1DKUOHg0dn4mpFUwealBEqzru3EzAb-NaGiFHG873v7Vvn6qX2fuNKKnHhtDb1JK8qM7I3dRD70fu5gPb6rG2NcEukq2g33Jktof3BS6RtJRUd-PSKo54CGvI3D5-DquNgZdYCS_s7Z55JcUVQp2ozfUjpgxjJIDbKgsbnxnzBkp-cfLO2aB8OdU2yDpC-cKam&sai=AMfl-YSyVdABCgG3pbqrstv08s78dtueczc4jl9MHFYnK_iSmXexj6UCCenhixr2FdQr9gOCqQiGERDYNeZcFwlTyvyj4Tzg2naGYeWQ1BqBo356anHJF24ygv3HIBQuVrALrJi4j4ZAnJnd_PME75P_Dofr7PeFPiLYaAZBq-j4JJ5GMaJYxjghr-a_zaQ9syUuLreWZcpHCr3ruZAi88bk5Xumnlhbkb_-_rBpUQ3JkoRbEakCdJo13fScMmTXVB7BZmzOdrZeSuAL5ncBoBW6xNvQtC1l6aM9itYI6bALlgArO54ag8r0KeEk6xhJyV65lcjlbYDvNvP21xegDWqz2_cA0O8P_69LGQEc1VSjw4ZSsZa8uSkwfWoBV-YDgaKRbf-OxFkcTNS_VSWiIJ-ACYasDkRrgI6Q0_Qn2tSiIo66KQVZhWlkdpJEvF1_bs4s4wdkW6AeSLp9Q8y4QjZuIWB9HTn_-EJqTL0ncurZL_M2v-H-LJhETwA&sig=Cg0ArKJSzAnsaJQGr63cEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=2822&cbvp=1&cstd=2804&cisv=r20240408.85842&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTA2LjAuNTI0OS4xMTkiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxMDYuMC41MjQ5LjExOSJdLFsiR29vZ2xlIENocm9tZSIsIjEwNi4wLjUyNDkuMTE5Il0sWyJOb3Q7QT1CcmFuZCIsIjk5LjAuMC4wIl1dLDBd&arae=0&ftch=1&adurl= HTTP/2.0
host: googleads4.g.doubleclick.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: IDE=AHWqTUnnE7yx81Vt5G8IZNewtH9OJUPfPe6WAvWV9tMDGZhN9eT_DmtlbAo9NeCE
DNS

fw.adsafeprotected.com

chrome.exe

Remote address:

8.8.8.8:53

Request

fw.adsafeprotected.com

IN A

Response

fw.adsafeprotected.com

IN CNAME

iefw.adsafeprotected.com

iefw.adsafeprotected.com

IN CNAME

firewall-external-2134955858.eu-west-1.elb.amazonaws.com

firewall-external-2134955858.eu-west-1.elb.amazonaws.com

IN A

52.51.159.211

firewall-external-2134955858.eu-west-1.elb.amazonaws.com

IN A

54.195.41.163

firewall-external-2134955858.eu-west-1.elb.amazonaws.com

IN A

34.243.8.6

firewall-external-2134955858.eu-west-1.elb.amazonaws.com

IN A

54.154.20.75

firewall-external-2134955858.eu-west-1.elb.amazonaws.com

IN A

34.249.118.238

firewall-external-2134955858.eu-west-1.elb.amazonaws.com

IN A

34.250.132.186

firewall-external-2134955858.eu-west-1.elb.amazonaws.com

IN A

34.247.157.243

firewall-external-2134955858.eu-west-1.elb.amazonaws.com

IN A

54.77.58.207
DNS

code.createjs.com

chrome.exe

Remote address:

8.8.8.8:53

Request

code.createjs.com

IN A

Response

code.createjs.com

IN CNAME

san-download-stls.adobe.com.edgesuite.net

san-download-stls.adobe.com.edgesuite.net

IN CNAME

a1806.dscd.akamai.net

a1806.dscd.akamai.net

IN A

104.97.14.99

a1806.dscd.akamai.net

IN A

104.97.14.90
DNS

2.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.169.217.172.in-addr.arpa

IN PTR

Response

2.169.217.172.in-addr.arpa

IN PTR

lhr25s26-in-f21e100net
DNS

211.159.51.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

211.159.51.52.in-addr.arpa

IN PTR

Response

211.159.51.52.in-addr.arpa

IN PTR

ec2-52-51-159-211 eu-west-1compute amazonawscom
DNS

99.14.97.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.14.97.104.in-addr.arpa

IN PTR

Response

99.14.97.104.in-addr.arpa

IN PTR

a104-97-14-99deploystaticakamaitechnologiescom
DNS

6.39.156.108.in-addr.arpa

Remote address:

8.8.8.8:53

Request

6.39.156.108.in-addr.arpa

IN PTR

Response

6.39.156.108.in-addr.arpa

IN PTR

server-108-156-39-6lhr50r cloudfrontnet
DNS

static.adsafeprotected.com

chrome.exe

Remote address:

8.8.8.8:53

Request

static.adsafeprotected.com

IN A

Response

static.adsafeprotected.com

IN CNAME

d162h6x3rxav67.cloudfront.net

d162h6x3rxav67.cloudfront.net

IN A

18.239.236.119

d162h6x3rxav67.cloudfront.net

IN A

18.239.236.113

d162h6x3rxav67.cloudfront.net

IN A

18.239.236.27

d162h6x3rxav67.cloudfront.net

IN A

18.239.236.30
GET

https://static.adsafeprotected.com/sca.17.6.2.js

chrome.exe

Remote address:

18.239.236.119:443

Request

GET /sca.17.6.2.js HTTP/2.0
host: static.adsafeprotected.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
date: Tue, 09 Apr 2024 22:12:35 GMT
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 02462ba58311d13c5134d2086aba8b32.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR5-P6
x-amz-cf-id: k9vtpgm4BhPfgA2UpRRXLAbm3y2c42mSPZ3bfT84W1jIpuPULLfT7Q==
age: 47694
GET

https://static.adsafeprotected.com/4a.js

chrome.exe

Remote address:

18.239.236.119:443

Request

GET /4a.js HTTP/2.0
host: static.adsafeprotected.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
date: Tue, 09 Apr 2024 22:12:35 GMT
x-amz-replication-status: COMPLETED
last-modified: Mon, 08 Apr 2024 18:30:51 GMT
etag: W/"2105f244154aad4862ff53a961b1f1a4"
x-amz-server-side-encryption: AES256
x-amz-version-id: dlqjxtfSBnHUu.uvz6pjFhGjycpBOuyh
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 02462ba58311d13c5134d2086aba8b32.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR5-P6
x-amz-cf-id: fLsdRyDodsM3mVrOSeJGA9-OSeSIOdutbh7aEsitz43gE71JZ2TE6g==
age: 47694
GET

https://static.adsafeprotected.com/passback_300x250.js

chrome.exe

Remote address:

18.239.236.119:443

Request

GET /passback_300x250.js HTTP/2.0
host: static.adsafeprotected.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
date: Tue, 09 Apr 2024 22:12:35 GMT
x-amz-replication-status: COMPLETED
last-modified: Fri, 18 Feb 2022 23:29:42 GMT
etag: W/"44f0ac540dc9c11f94344414c879b658"
x-amz-server-side-encryption: AES256
cache-control: max-age=604800
x-amz-version-id: vr1Fa3eAVtG7AGe6kPa1Y0WAZAHvQkII
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 02462ba58311d13c5134d2086aba8b32.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR5-P6
x-amz-cf-id: eOorbTex8OFymXnbHVv396ECQn0RRjZEug9uf7sNdSyyMext9ZzMPw==
age: 47695
GET

https://static.adsafeprotected.com/IAS_PassbackAds_300x250.png

chrome.exe

Remote address:

18.239.236.119:443

Request

GET /IAS_PassbackAds_300x250.png HTTP/2.0
host: static.adsafeprotected.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/png
content-length: 14233
date: Tue, 09 Apr 2024 22:12:35 GMT
x-amz-replication-status: COMPLETED
last-modified: Fri, 18 Feb 2022 23:28:59 GMT
etag: "65a8b98b798ce416d94c2847aca40c71"
x-amz-server-side-encryption: AES256
cache-control: max-age=604800
x-amz-version-id: 5gVOAFoF.BCvnrybv6D.a4lGJXzJNSyO
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 02462ba58311d13c5134d2086aba8b32.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR5-P6
x-amz-cf-id: 4sV9kX1OveHeuUAiR_LgH3Ui7HcH3M6K6V_gphtZow7SZt3Z3UKeKQ==
age: 47695
DNS

dt.adsafeprotected.com

chrome.exe

Remote address:

8.8.8.8:53

Request

dt.adsafeprotected.com

IN A

Response

dt.adsafeprotected.com

IN CNAME

ordt.adsafeprotected.com

ordt.adsafeprotected.com

IN CNAME

dt-external-521234871.us-west-2.elb.amazonaws.com

dt-external-521234871.us-west-2.elb.amazonaws.com

IN A

35.160.91.236

dt-external-521234871.us-west-2.elb.amazonaws.com

IN A

35.165.40.164

dt-external-521234871.us-west-2.elb.amazonaws.com

IN A

54.69.40.206

dt-external-521234871.us-west-2.elb.amazonaws.com

IN A

34.210.225.85

dt-external-521234871.us-west-2.elb.amazonaws.com

IN A

35.162.160.167

dt-external-521234871.us-west-2.elb.amazonaws.com

IN A

52.41.232.236

dt-external-521234871.us-west-2.elb.amazonaws.com

IN A

54.71.6.100

dt-external-521234871.us-west-2.elb.amazonaws.com

IN A

44.229.80.8
DNS

119.236.239.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.236.239.18.in-addr.arpa

IN PTR

Response

119.236.239.18.in-addr.arpa

IN PTR

server-18-239-236-119lhr5r cloudfrontnet
DNS

236.91.160.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

236.91.160.35.in-addr.arpa

IN PTR

Response

236.91.160.35.in-addr.arpa

IN PTR

ec2-35-160-91-236 us-west-2compute amazonawscom
DNS

cdn.dashnet.org

chrome.exe

Remote address:

8.8.8.8:53

Request

cdn.dashnet.org

IN A

Response

cdn.dashnet.org

IN A

104.22.60.206

cdn.dashnet.org

IN A

172.67.36.94

cdn.dashnet.org

IN A

104.22.61.206
GET

https://cdn.dashnet.org/cookieclicker/img/filler.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/filler.png HTTP/2.0
host: cdn.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://orteil.dashnet.org
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:38 GMT
content-type: image/png
content-length: 98
cdn-pullzone: 892302
cdn-uid: 50cc9c91-6c99-40f6-b142-9e20ea88ade5
cdn-requestcountrycode: DE
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=432000
etag: "3b9-4f6ca2ac19900"
last-modified: Fri, 11 Apr 2014 20:27:48 GMT
cf-bgj: imgq:100,h2pri
cf-polished: origSize=953
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 10/31/2023 19:00:10
cdn-edgestorageid: 1077
link: <https://orteil.dashnet.org/cookieclicker/img/filler.png>; rel="canonical"
cdn-status: 200
cdn-requestid: 73122ae63098b987df6513a161a49c47
cdn-cache: HIT
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872263868ac40119-AMS
GET

https://cdn.dashnet.org/cookieclicker/img/you.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/you.png HTTP/2.0
host: cdn.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://orteil.dashnet.org
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:40 GMT
content-type: image/png
content-length: 981
cdn-pullzone: 892302
cdn-uid: 50cc9c91-6c99-40f6-b142-9e20ea88ade5
cdn-requestcountrycode: DE
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=432000
etag: "7a2-5f5528f120700"
last-modified: Wed, 22 Feb 2023 23:50:20 GMT
cf-bgj: imgq:100,h2pri
cf-polished: origSize=1954
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 07/07/2023 03:04:45
cdn-edgestorageid: 1075
link: <https://orteil.dashnet.org/cookieclicker/img/you.png>; rel="canonical"
cdn-status: 200
cdn-requestid: 536ee18d27544e81041812cba0be90ac
cdn-cache: HIT
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87226393099e0119-AMS
GET

https://cdn.dashnet.org/cookieclicker/img/youAddons.png?v=2.052

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/youAddons.png?v=2.052 HTTP/2.0
host: cdn.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://orteil.dashnet.org
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:40 GMT
content-type: image/png
content-length: 3842
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cache: HIT
cdn-cachedat: 10/20/2023 18:27:56
cdn-edgestorageid: 752
cdn-proxyver: 1.04
cdn-pullzone: 892302
cdn-requestcountrycode: DE
cdn-requestid: c3f640988e96270698b18dfcf300fa24
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-status: 200
cdn-uid: 50cc9c91-6c99-40f6-b142-9e20ea88ade5
cache-control: public, max-age=432000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=5409
etag: "1521-5f783f41ef800"
last-modified: Wed, 22 Mar 2023 21:36:32 GMT
link: <https://orteil.dashnet.org/cookieclicker/img/youAddons.png?v=2.052>; rel="canonical"
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87226393099f0119-AMS
GET

https://cdn.dashnet.org/cookieclicker/img/brokenCookie.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/brokenCookie.png HTTP/2.0
host: cdn.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://orteil.dashnet.org
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:40 GMT
content-type: image/png
content-length: 32609
cdn-pullzone: 892302
cdn-uid: 50cc9c91-6c99-40f6-b142-9e20ea88ade5
cdn-requestcountrycode: DE
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=432000
etag: "8e58-522e4b4471b00"
last-modified: Sun, 25 Oct 2015 02:35:56 GMT
cf-bgj: imgq:100,h2pri
cf-polished: origSize=36440
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 10/31/2023 18:58:43
cdn-edgestorageid: 1047
link: <https://orteil.dashnet.org/cookieclicker/img/brokenCookie.png>; rel="canonical"
cdn-status: 200
cdn-requestid: e76ff9c4bdfd3ca48b0a2452b193ea19
cdn-cache: HIT
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8722639339c10119-AMS
GET

https://cdn.dashnet.org/cookieclicker/img/brokenCookieHalo.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/brokenCookieHalo.png HTTP/2.0
host: cdn.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://orteil.dashnet.org
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:40 GMT
content-type: image/jpeg
content-length: 186949
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cache: HIT
cdn-cachedat: 10/31/2023 18:59:57
cdn-edgestorageid: 1075
cdn-proxyver: 1.04
cdn-pullzone: 892302
cdn-requestcountrycode: DE
cdn-requestid: 46e1a50e218dd432f770171e3189975a
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-status: 200
cdn-uid: 50cc9c91-6c99-40f6-b142-9e20ea88ade5
cache-control: public, max-age=432000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=192942
etag: "2f1ae-4ffb195e5c400"
last-modified: Sun, 03 Aug 2014 03:54:56 GMT
link: <https://orteil.dashnet.org/cookieclicker/img/starbg.jpg>; rel="canonical"
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8722639349c70119-AMS
GET

https://cdn.dashnet.org/cookieclicker/img/starbg.jpg

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/starbg.jpg HTTP/2.0
host: cdn.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://orteil.dashnet.org
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:40 GMT
content-type: image/png
content-length: 20385
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cache: HIT
cdn-cachedat: 10/31/2023 18:48:19
cdn-edgestorageid: 752
cdn-proxyver: 1.04
cdn-pullzone: 892302
cdn-requestcountrycode: DE
cdn-requestid: 84db283f26e4a0dfec9312ebfbd2a42a
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-status: 200
cdn-uid: 50cc9c91-6c99-40f6-b142-9e20ea88ade5
cache-control: public, max-age=432000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=22932
etag: "5994-5009eedbd6b40"
last-modified: Thu, 14 Aug 2014 23:04:37 GMT
link: <https://orteil.dashnet.org/cookieclicker/img/brokenCookieHalo.png>; rel="canonical"
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8722639349c40119-AMS
GET

https://cdn.dashnet.org/cookieclicker/img/bgBlue.jpg

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/bgBlue.jpg HTTP/2.0
host: cdn.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://orteil.dashnet.org
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:40 GMT
content-type: image/png
content-length: 1968
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cache: HIT
cdn-cachedat: 08/08/2023 20:38:59
cdn-edgestorageid: 1055
cdn-proxyver: 1.04
cdn-pullzone: 892302
cdn-requestcountrycode: DE
cdn-requestid: 540addc47fdc269330f31fdbf1b5aeca
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-status: 200
cdn-uid: 50cc9c91-6c99-40f6-b142-9e20ea88ade5
cache-control: public, max-age=432000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=3483
etag: "d9b-5243d6acd55c0"
last-modified: Wed, 11 Nov 2015 05:51:27 GMT
link: <https://orteil.dashnet.org/cookieclicker/img/shadedBordersSoft.png>; rel="canonical"
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8722639389f60119-AMS
GET

https://cdn.dashnet.org/cookieclicker/img/shadedBordersSoft.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/shadedBordersSoft.png HTTP/2.0
host: cdn.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://orteil.dashnet.org
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:40 GMT
content-type: image/jpeg
content-length: 82381
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cache: HIT
cdn-cachedat: 05/07/2023 01:45:50
cdn-edgestorageid: 722
cdn-proxyver: 1.03
cdn-pullzone: 892302
cdn-requestcountrycode: DE
cdn-requestid: e39191b5f04f686804597839b1ca2db1
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-status: 200
cdn-uid: 50cc9c91-6c99-40f6-b142-9e20ea88ade5
cache-control: public, max-age=432000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=87012
etag: "153e4-5d790d39b8340"
last-modified: Wed, 09 Feb 2022 07:31:49 GMT
link: <https://orteil.dashnet.org/cookieclicker/img/bgBlue.jpg>; rel="canonical"
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8722639389f50119-AMS
GET

https://cdn.dashnet.org/cookieclicker/img/shine.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/shine.png HTTP/2.0
host: cdn.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://orteil.dashnet.org
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:40 GMT
content-type: image/png
content-length: 6172
cdn-pullzone: 892302
cdn-uid: 50cc9c91-6c99-40f6-b142-9e20ea88ade5
cdn-requestcountrycode: US
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=432000
etag: "181c-4eea034de3b00"
last-modified: Sat, 28 Dec 2013 23:02:36 GMT
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 10/31/2023 18:59:57
cdn-edgestorageid: 1068
link: <https://orteil.dashnet.org/cookieclicker/img/shine.png>; rel="canonical"
cdn-status: 200
cdn-requestid: 620d822ae23d8a005183328a688d70d6
cdn-cache: HIT
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87226393aa020119-AMS
GET

https://cdn.dashnet.org/cookieclicker/img/cookieShadow.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/cookieShadow.png HTTP/2.0
host: cdn.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://orteil.dashnet.org
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:40 GMT
content-type: image/png
content-length: 1529
cdn-pullzone: 892302
cdn-uid: 50cc9c91-6c99-40f6-b142-9e20ea88ade5
cdn-requestcountrycode: DE
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=432000
etag: "a2a-5c955f8cad9c0"
last-modified: Thu, 12 Aug 2021 05:26:07 GMT
cf-bgj: imgq:100,h2pri
cf-polished: origSize=2602
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 09/22/2023 13:09:21
cdn-edgestorageid: 1079
link: <https://orteil.dashnet.org/cookieclicker/img/cookieShadow.png>; rel="canonical"
cdn-status: 200
cdn-requestid: d6b78e5ca81d37593445fff16f8abce0
cdn-cache: HIT
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87226393fa390119-AMS
GET

https://cdn.dashnet.org/cookieclicker/img/perfectCookie.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/perfectCookie.png HTTP/2.0
host: cdn.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://orteil.dashnet.org
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:40 GMT
content-type: image/png
content-length: 43330
cdn-pullzone: 892302
cdn-uid: 50cc9c91-6c99-40f6-b142-9e20ea88ade5
cdn-requestcountrycode: DE
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=432000
etag: "aaac-5202bc9a0e280"
last-modified: Sun, 20 Sep 2015 11:08:42 GMT
cf-bgj: imgq:100,h2pri
cf-polished: origSize=43692
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 07/28/2023 09:37:56
cdn-edgestorageid: 865
link: <https://orteil.dashnet.org/cookieclicker/img/milkPlain.png>; rel="canonical"
cdn-status: 200
cdn-requestid: a22ff84939417f046e41439ee11ca341
cdn-cache: HIT
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872263951aff0119-AMS
GET

https://cdn.dashnet.org/cookieclicker/img/cursor.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/cursor.png HTTP/2.0
host: cdn.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://orteil.dashnet.org
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:40 GMT
content-type: image/png
content-length: 98484
cdn-pullzone: 892302
cdn-uid: 50cc9c91-6c99-40f6-b142-9e20ea88ade5
cdn-requestcountrycode: DE
access-control-allow-origin: *
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=432000
etag: "180b4-4eea031c4c600"
last-modified: Sat, 28 Dec 2013 23:01:44 GMT
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 10/31/2023 18:58:46
cdn-edgestorageid: 1049
link: <https://orteil.dashnet.org/cookieclicker/img/perfectCookie.png>; rel="canonical"
cdn-status: 200
cdn-requestid: 092c9e0a18c6601c12aa21136406b395
cdn-cache: HIT
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872263951afc0119-AMS
GET

https://cdn.dashnet.org/cookieclicker/img/milkPlain.png

chrome.exe

Remote address:

104.22.60.206:443

Request

GET /cookieclicker/img/milkPlain.png HTTP/2.0
host: cdn.dashnet.org
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
origin: https://orteil.dashnet.org
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: image
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 10 Apr 2024 11:27:40 GMT
content-type: image/png
content-length: 745
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cache: HIT
cdn-cachedat: 10/31/2023 18:48:43
cdn-edgestorageid: 723
cdn-proxyver: 1.04
cdn-pullzone: 892302
cdn-requestcountrycode: DE
cdn-requestid: bd651c78b157c816d93e48307618725e
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-status: 200
cdn-uid: 50cc9c91-6c99-40f6-b142-9e20ea88ade5
cache-control: public, max-age=432000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=2248
etag: "8c8-522682a77f100"
last-modified: Sun, 18 Oct 2015 22:01:08 GMT
link: <https://orteil.dashnet.org/cookieclicker/img/cursor.png>; rel="canonical"
cf-cache-status: REVALIDATED
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 872263951afd0119-AMS
DNS

ade.googlesyndication.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ade.googlesyndication.com

IN A

Response

ade.googlesyndication.com

IN A

142.250.180.2
GET

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIivCWksW3hQMVV2n2CB10HwgKEAEYACDxk_9l;dc_eps=AHas8cAmhie5Jh77fTEfHDOPreS6gIUSrb4Y83bjxRL8erRze2bYz1QNS-06tYjdD_-r8cd_hqUv9O7MpAVnH_rx6VU;met=1;&timestamp=1712748452362;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

chrome.exe

Remote address:

142.250.180.2:443

Request

GET /ddm/activity/dc_oe=ChMIivCWksW3hQMVV2n2CB10HwgKEAEYACDxk_9l;dc_eps=AHas8cAmhie5Jh77fTEfHDOPreS6gIUSrb4Y83bjxRL8erRze2bYz1QNS-06tYjdD_-r8cd_hqUv9O7MpAVnH_rx6VU;met=1;&timestamp=1712748452362;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10; HTTP/2.0
host: ade.googlesyndication.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

2.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.180.250.142.in-addr.arpa

IN PTR

Response

2.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f21e100net
DNS

csi.gstatic.com

chrome.exe

Remote address:

8.8.8.8:53

Request

csi.gstatic.com

IN A

Response

csi.gstatic.com

IN A

142.250.77.35
POST

https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=1~lutq73gs&ctx=0&uet=2&met.1=24.nhp

chrome.exe

Remote address:

142.250.77.35:443

Request

POST /csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=1~lutq73gs&ctx=0&uet=2&met.1=24.nhp HTTP/2.0
host: csi.gstatic.com
content-length: 0
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://orteil.dashnet.org
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://orteil.dashnet.org/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

35.77.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.77.250.142.in-addr.arpa

IN PTR

Response

35.77.250.142.in-addr.arpa

IN PTR

bom07s26-in-f31e100net
DNS

23.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.236.111.52.in-addr.arpa

IN PTR

Response
DNS

ajax.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ajax.googleapis.com

IN A

Response

ajax.googleapis.com

IN A

142.250.200.42
DNS

ad.turn.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ad.turn.com

IN A

Response

ad.turn.com

IN CNAME

ad.turn.com.akadns.net

ad.turn.com.akadns.net

IN A

46.228.164.11
DNS

ums.acuityplatform.com

chrome.exe

Remote address:

8.8.8.8:53

Request

ums.acuityplatform.com

IN A

Response

ums.acuityplatform.com

IN A

154.59.122.79
DNS

x.bidswitch.net

chrome.exe

Remote address:

8.8.8.8:53

Request

x.bidswitch.net

IN A

Response

x.bidswitch.net

IN CNAME

user-data-eu.bidswitch.net

user-data-eu.bidswitch.net

IN A

35.214.149.91
DNS

d5p.de17a.com

chrome.exe

Remote address:

8.8.8.8:53

Request

d5p.de17a.com

IN A

Response

d5p.de17a.com

IN A

213.155.156.181

d5p.de17a.com

IN A

213.155.156.185

d5p.de17a.com

IN A

213.155.156.167

d5p.de17a.com

IN A

213.155.156.184

d5p.de17a.com

IN A

213.155.156.165

d5p.de17a.com

IN A

213.155.156.180

d5p.de17a.com

IN A

213.155.156.164

d5p.de17a.com

IN A

213.155.156.182

d5p.de17a.com

IN A

213.155.156.168

d5p.de17a.com

IN A

213.155.156.166

d5p.de17a.com

IN A

213.155.156.169

d5p.de17a.com

IN A

213.155.156.183
DNS

dis.criteo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

dis.criteo.com

IN A

Response

dis.criteo.com

IN CNAME

widget.nl3.vip.prod.criteo.com

widget.nl3.vip.prod.criteo.com

IN A

178.250.1.9
DNS

c1.adform.net

chrome.exe

Remote address:

8.8.8.8:53

Request

c1.adform.net

IN A

Response

c1.adform.net

IN CNAME

track.adformnet.akadns.net

track.adformnet.akadns.net

IN A

37.157.2.230

track.adformnet.akadns.net

IN A

37.157.2.228

track.adformnet.akadns.net

IN A

37.157.3.26

track.adformnet.akadns.net

IN A

37.157.3.20

track.adformnet.akadns.net

IN A

37.157.2.229
DNS

analytics.pangle-ads.com

chrome.exe

Remote address:

8.8.8.8:53

Request

analytics.pangle-ads.com

IN A

Response

analytics.pangle-ads.com

IN CNAME

analytics.pangle-ads.com.edgesuite.net

analytics.pangle-ads.com.edgesuite.net

IN CNAME

a2047.w185.akamai.net

a2047.w185.akamai.net

IN A

23.33.40.21

a2047.w185.akamai.net

IN A

23.33.40.27

a2047.w185.akamai.net

IN A

23.33.40.22

a2047.w185.akamai.net

IN A

23.33.40.4

a2047.w185.akamai.net

IN A

23.33.40.28

a2047.w185.akamai.net

IN A

23.33.40.25

a2047.w185.akamai.net

IN A

23.33.40.23

a2047.w185.akamai.net

IN A

23.33.40.24

a2047.w185.akamai.net

IN A

23.33.40.26
GET

https://ajax.googleapis.com/ajax/libs/jquery/3.6.1/jquery.min.js

chrome.exe

Remote address:

142.250.200.42:443

Request

GET /ajax/libs/jquery/3.6.1/jquery.min.js HTTP/2.0
host: ajax.googleapis.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://tpc.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://ums.acuityplatform.com/tum?umid=4&uid=CAESEIq_9HJ8DTMwrj5t5Sr83fQ&google_cver=1&google_push=AXcoOmQIB0kmSGxZlLf3JVBhexcI6UNpxJVmpm9RQrqE3Myu2OlRxbzmVnUBGRLfG6gZbkfa8H3sfHeEU3s0X92k6bbmTrP3QWHQg4Q

chrome.exe

Remote address:

154.59.122.79:443

Request

GET /tum?umid=4&uid=CAESEIq_9HJ8DTMwrj5t5Sr83fQ&google_cver=1&google_push=AXcoOmQIB0kmSGxZlLf3JVBhexcI6UNpxJVmpm9RQrqE3Myu2OlRxbzmVnUBGRLfG6gZbkfa8H3sfHeEU3s0X92k6bbmTrP3QWHQg4Q HTTP/1.1
Host: ums.acuityplatform.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://pagead2.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content
GET

https://d5p.de17a.com/cookies/google?google_gid=CAESEDaKpczlpGytV0lyc5ybp9I&google_cver=1&google_push=AXcoOmTutZuqq-s3v30U_Pj4NLRjSJT7ZoQHcJT1ta8ISR7twdJUrxyVh7UTcD-_nZMnWd-kk4U5DZLGexUWQATNU3qh8-JEuYPnagg

chrome.exe

Remote address:

213.155.156.181:443

Request

GET /cookies/google?google_gid=CAESEDaKpczlpGytV0lyc5ybp9I&google_cver=1&google_push=AXcoOmTutZuqq-s3v30U_Pj4NLRjSJT7ZoQHcJT1ta8ISR7twdJUrxyVh7UTcD-_nZMnWd-kk4U5DZLGexUWQATNU3qh8-JEuYPnagg HTTP/2.0
host: d5p.de17a.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pagead2.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

location: https://d5p.de17a.com/cookies/google;c?google_gid=CAESEDaKpczlpGytV0lyc5ybp9I&google_cver=1&google_push=AXcoOmTutZuqq-s3v30U_Pj4NLRjSJT7ZoQHcJT1ta8ISR7twdJUrxyVh7UTcD-_nZMnWd-kk4U5DZLGexUWQATNU3qh8-JEuYPnagg
set-cookie: guid=1.186118968761820796; Max-Age=31104000; Path=/; Domain=.de17a.com; SameSite=None; Secure;
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV
GET

https://d5p.de17a.com/cookies/google;c?google_gid=CAESEDaKpczlpGytV0lyc5ybp9I&google_cver=1&google_push=AXcoOmTutZuqq-s3v30U_Pj4NLRjSJT7ZoQHcJT1ta8ISR7twdJUrxyVh7UTcD-_nZMnWd-kk4U5DZLGexUWQATNU3qh8-JEuYPnagg

chrome.exe

Remote address:

213.155.156.181:443

Request

GET /cookies/google;c?google_gid=CAESEDaKpczlpGytV0lyc5ybp9I&google_cver=1&google_push=AXcoOmTutZuqq-s3v30U_Pj4NLRjSJT7ZoQHcJT1ta8ISR7twdJUrxyVh7UTcD-_nZMnWd-kk4U5DZLGexUWQATNU3qh8-JEuYPnagg HTTP/2.0
host: d5p.de17a.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pagead2.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: guid=1.186118968761820796

Response

HTTP/2.0 302

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmTutZuqq-s3v30U_Pj4NLRjSJT7ZoQHcJT1ta8ISR7twdJUrxyVh7UTcD-_nZMnWd-kk4U5DZLGexUWQATNU3qh8-JEuYPnagg
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV
GET

https://ad.turn.com/r/cs?pid=3&google_gid=CAESENmcDGEDLOYW2PNWaeRIoDU&google_cver=1&google_push=AXcoOmQTT76IOUHP5nHNJV0THPVSelTpM3fkpToUaTQ7ZCvkhlxx8neSvHlSXG3OsFscNtOAOwM8ve8FK1pvlozAl7t3YFklotLn_DA

chrome.exe

Remote address:

46.228.164.11:443

Request

GET /r/cs?pid=3&google_gid=CAESENmcDGEDLOYW2PNWaeRIoDU&google_cver=1&google_push=AXcoOmQTT76IOUHP5nHNJV0THPVSelTpM3fkpToUaTQ7ZCvkhlxx8neSvHlSXG3OsFscNtOAOwM8ve8FK1pvlozAl7t3YFklotLn_DA HTTP/2.0
host: ad.turn.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pagead2.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
pragma: no-cache
set-cookie: uid=3228278312243550637; Domain=.turn.com; Expires=Mon, 07-Oct-2024 11:27:51 GMT; Path=/; Secure; SameSite=None
location: https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MzIyODI3ODMxMjI0MzU1MDYzNw==&gdpr=&gdpr_consent=&process_consent=T
content-length: 0
date: Wed, 10 Apr 2024 11:27:51 GMT
GET

https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENmcDGEDLOYW2PNWaeRIoDU&google_cver=1

chrome.exe

Remote address:

46.228.164.11:443

Request

GET /r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENmcDGEDLOYW2PNWaeRIoDU&google_cver=1 HTTP/2.0
host: r.turn.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pagead2.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: uid=3228278312243550637

Response

HTTP/2.0 200

p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
pragma: no-cache
set-cookie: uid=3228278312243550637; Domain=.turn.com; Expires=Mon, 07-Oct-2024 11:27:53 GMT; Path=/; Secure; SameSite=None
content-type: image/gif
content-length: 43
date: Wed, 10 Apr 2024 11:27:52 GMT
GET

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmQvelEpF1UIz6QrhoofhyEaZIqD5a7Twlm0xPtSblQHl0dkaW9CQvRqLMvkCQUQICA2c3XVmbRjKPo3GO7kGxHrYv9hT-1hb3E&google_gid=CAESEPF7KRgEteXhtP1laM6Av04&google_cver=1

chrome.exe

Remote address:

178.250.1.9:443

Request

GET /dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmQvelEpF1UIz6QrhoofhyEaZIqD5a7Twlm0xPtSblQHl0dkaW9CQvRqLMvkCQUQICA2c3XVmbRjKPo3GO7kGxHrYv9hT-1hb3E&google_gid=CAESEPF7KRgEteXhtP1laM6Av04&google_cver=1 HTTP/2.0
host: dis.criteo.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pagead2.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/gif
date: Wed, 10 Apr 2024 11:27:50 GMT
server: Kestrel
cache-control: no-cache
expires: Wed, 10 Apr 2024 00:00:00 GMT
pragma: no-cache
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 229139
strict-transport-security: max-age=31536000; preload;
GET

https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEHN94fUwp2sJRamyPY5fZcM&google_cver=1&google_push=AXcoOmRkvH95KQn6QtDJwW5Xl-1hWWizXIgMchmDDJjuaphCnEd00OJv0FfnOy_6K24-RvoC5rupJN47XSCO9oEFiqNkC1Pv3lB1CQ_A

chrome.exe

Remote address:

23.33.40.21:443

Request

GET /api/ad/union/gg_cookie_matching?google_gid=CAESEHN94fUwp2sJRamyPY5fZcM&google_cver=1&google_push=AXcoOmRkvH95KQn6QtDJwW5Xl-1hWWizXIgMchmDDJjuaphCnEd00OJv0FfnOy_6K24-RvoC5rupJN47XSCO9oEFiqNkC1Pv3lB1CQ_A HTTP/2.0
host: analytics.pangle-ads.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pagead2.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

server: nginx
content-length: 0
location: https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmRkvH95KQn6QtDJwW5Xl-1hWWizXIgMchmDDJjuaphCnEd00OJv0FfnOy_6K24-RvoC5rupJN47XSCO9oEFiqNkC1Pv3lB1CQ_A
x-bytefaas-execution-duration: 3.97
x-bytefaas-request-id: 202404101127509EB8A31AEFE1D7AC83B2
x-gw-dst-psm: ad.union.pangle_web_traffic
x-tt-logid: 202404101127509EB8A31AEFE1D7AC83B2
x-tt-trace-host: 01632df19481b59d7a5a20dfaf54b4c74aa5ee6690f2200eebf2f471d9a615399c97904e847fdd1bab116dd65efd327e3d52937937b43575253990e93e0deacea10cd1f76b009ca10bb83b10d800af8b89bfacff31c64847024c25f95319c7e1626a8edb9b02ca33d891196a2465a15a9a
x-tt-trace-id: 00-2404101127509EB8A31AEFE1D7AC83B2-18311A143AFF6CC0-00
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: *
access-control-allow-credentials: true
access-control-max-age: 86400
x-origin-response-time: 10,23.218.220.26
x-akamai-request-id: 1dce05a7.8fde9096
expires: Wed, 10 Apr 2024 11:27:50 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 10 Apr 2024 11:27:50 GMT
x-cache: TCP_MISS from a23-33-41-85.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55336823) (-)
x-cache-remote: TCP_MISS from a23-218-220-26.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55336823) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=15, origin; dur=10
server-timing: inner; dur=5
x-parent-response-time: 25,23.33.41.85
DNS

match.adsrvr.org

chrome.exe

Remote address:

8.8.8.8:53

Request

match.adsrvr.org

IN A

Response

match.adsrvr.org

IN A

52.223.40.198

match.adsrvr.org

IN A

35.71.131.137

match.adsrvr.org

IN A

15.197.193.217

match.adsrvr.org

IN A

3.33.220.150
DNS

match.adsby.bidtheatre.com

chrome.exe

Remote address:

8.8.8.8:53

Request

match.adsby.bidtheatre.com

IN A

Response

match.adsby.bidtheatre.com

IN A

134.122.57.34

match.adsby.bidtheatre.com

IN A

188.166.17.21

match.adsby.bidtheatre.com

IN A

64.227.64.62
DNS

pr-bh.ybp.yahoo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

pr-bh.ybp.yahoo.com

IN A

Response

pr-bh.ybp.yahoo.com

IN CNAME

ds-pr-bh.ybp.gysm.yahoodns.net

ds-pr-bh.ybp.gysm.yahoodns.net

IN A

52.51.195.53

ds-pr-bh.ybp.gysm.yahoodns.net

IN A

52.30.158.183

ds-pr-bh.ybp.gysm.yahoodns.net

IN A

63.35.81.137

ds-pr-bh.ybp.gysm.yahoodns.net

IN A

54.170.176.233
DNS

s.uuidksinc.net

chrome.exe

Remote address:

8.8.8.8:53

Request

s.uuidksinc.net

IN A

Response

s.uuidksinc.net

IN A

31.220.27.155

s.uuidksinc.net

IN A

31.220.27.134

s.uuidksinc.net

IN A

31.220.27.135

s.uuidksinc.net

IN A

185.98.54.153
DNS

a.rfihub.com

chrome.exe

Remote address:

8.8.8.8:53

Request

a.rfihub.com

IN A

Response

a.rfihub.com

IN CNAME

a.rfihub.com.akadns.net

a.rfihub.com.akadns.net

IN CNAME

a-emea.rfihub.com.akadns.net

a-emea.rfihub.com.akadns.net

IN A

193.0.160.130
DNS

t.adx.opera.com

chrome.exe

Remote address:

8.8.8.8:53

Request

t.adx.opera.com

IN A

Response

t.adx.opera.com

IN CNAME

outspot2-ams.adx.opera.com

outspot2-ams.adx.opera.com

IN A

82.145.213.8
DNS

sync.gonet-ads.com

chrome.exe

Remote address:

8.8.8.8:53

Request

sync.gonet-ads.com

IN A

Response

sync.gonet-ads.com

IN A

188.42.105.236

sync.gonet-ads.com

IN A

188.42.105.220
GET

https://sync.gonet-ads.com/match/google?google_gid=CAESENz165J3ifq2ipbRLjQeUCg&google_cver=1&google_push=AXcoOmSEUQcyDcPP87A7qym22RZZ9U5EOzOsBh7dsdPa9VKF4e_bZssCpVegveZ3F1lZ_l1ZxcZjsPCjRODIbX7aFaJyQhRpT1bZ-XlPUw

chrome.exe

Remote address:

188.42.105.236:443

Request

GET /match/google?google_gid=CAESENz165J3ifq2ipbRLjQeUCg&google_cver=1&google_push=AXcoOmSEUQcyDcPP87A7qym22RZZ9U5EOzOsBh7dsdPa9VKF4e_bZssCpVegveZ3F1lZ_l1ZxcZjsPCjRODIbX7aFaJyQhRpT1bZ-XlPUw HTTP/2.0
host: sync.gonet-ads.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pagead2.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

server: nginx
date: Wed, 10 Apr 2024 11:27:51 GMT
content-length: 0
location: https://sync.gonet-ads.com/match/google?google_gid=CAESENz165J3ifq2ipbRLjQeUCg&google_cver=1&google_push=AXcoOmSEUQcyDcPP87A7qym22RZZ9U5EOzOsBh7dsdPa9VKF4e_bZssCpVegveZ3F1lZ_l1ZxcZjsPCjRODIbX7aFaJyQhRpT1bZ-XlPUw&chk=1
set-cookie: chk=1; path=/; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
GET

https://sync.gonet-ads.com/match/google?google_gid=CAESENz165J3ifq2ipbRLjQeUCg&google_cver=1&google_push=AXcoOmSEUQcyDcPP87A7qym22RZZ9U5EOzOsBh7dsdPa9VKF4e_bZssCpVegveZ3F1lZ_l1ZxcZjsPCjRODIbX7aFaJyQhRpT1bZ-XlPUw&chk=1

chrome.exe

Remote address:

188.42.105.236:443

Request

GET /match/google?google_gid=CAESENz165J3ifq2ipbRLjQeUCg&google_cver=1&google_push=AXcoOmSEUQcyDcPP87A7qym22RZZ9U5EOzOsBh7dsdPa9VKF4e_bZssCpVegveZ3F1lZ_l1ZxcZjsPCjRODIbX7aFaJyQhRpT1bZ-XlPUw&chk=1 HTTP/2.0
host: sync.gonet-ads.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pagead2.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: chk=1

Response

HTTP/2.0 302

server: nginx
date: Wed, 10 Apr 2024 11:27:52 GMT
content-length: 0
location: https://cm.g.doubleclick.net/pixel?google_nid=gonet_ads_&google_hm=NDA1YWExOTc2YzAyYjRhNA&google_push=AXcoOmSEUQcyDcPP87A7qym22RZZ9U5EOzOsBh7dsdPa9VKF4e_bZssCpVegveZ3F1lZ_l1ZxcZjsPCjRODIbX7aFaJyQhRpT1bZ-XlPUw
set-cookie: pid=NDA1YWExOTc2YzAyYjRhNA; expires=Thu, 10 Apr 2025 11:27:52 GMT; domain=.gonet-ads.com; path=/; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
GET

https://sync.gonet-ads.com/match/google

chrome.exe

Remote address:

188.42.105.236:443

Request

GET /match/google HTTP/2.0
host: sync.gonet-ads.com
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pagead2.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: chk=1
cookie: pid=NDA1YWExOTc2YzAyYjRhNA

Response

HTTP/2.0 302

server: nginx
date: Wed, 10 Apr 2024 11:27:53 GMT
content-length: 0
location: https://cm.g.doubleclick.net/pixel?google_nid=gonet_ads_&google_hm=NDA1YWExOTc2YzAyYjRhNA&google_push=
set-cookie: pid=NDA1YWExOTc2YzAyYjRhNA; expires=Thu, 10 Apr 2025 11:27:53 GMT; domain=.gonet-ads.com; path=/; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
GET

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEC9hzrihvJFstb5qfc5E7EU&google_cver=1&google_push=AXcoOmTpZqrp4MPD47Py6LETBPuRxLykTSTI1rG5WeVTjPyYrFXEALENjikozbEW-PaM0cZWgpmzapsdve6C5fmO-VxN_o3yAZWBYIc

chrome.exe

Remote address:

134.122.57.34:443

Request

GET /adxcookie?id=&google_gid=CAESEC9hzrihvJFstb5qfc5E7EU&google_cver=1&google_push=AXcoOmTpZqrp4MPD47Py6LETBPuRxLykTSTI1rG5WeVTjPyYrFXEALENjikozbEW-PaM0cZWgpmzapsdve6C5fmO-VxN_o3yAZWBYIc HTTP/1.1
Host: match.adsby.bidtheatre.com
Connection: keep-alive
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://pagead2.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 302

Date: Wed, 10 Apr 2024 11:27:51 GMT
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"
Set-Cookie: __kuid=ff3c6ca7-5433-46ef-98d1-c735160997fe.481962471; Max-Age=604800; Domain=.adsby.bidtheatre.com; SameSite=None; Secure
Location: https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AXcoOmTpZqrp4MPD47Py6LETBPuRxLykTSTI1rG5WeVTjPyYrFXEALENjikozbEW-PaM0cZWgpmzapsdve6C5fmO-VxN_o3yAZWBYIc
Content-Length: 0
Keep-Alive: timeout=5, max=3000
Connection: Keep-Alive
GET

https://s.uuidksinc.net/match/47/?remote_uid=CAESEHNn-c0svus9Y-XN1mm3Xzg&c_param1=AXcoOmRXMSBMdVCroS9z-jX_MnnizGSUSQvOlJdNWtmEA8lL3m2ANeTnk7zWOqjY5OfjB9J9uSALdW6VrohSniaSPrDvtpXHiD-h391Y&gdpr=%%GDPR%%&addtl_consent=%%ADDTL_CONSENT%%&google_cver=1

chrome.exe

Remote address:

31.220.27.155:443

Request

GET /match/47/?remote_uid=CAESEHNn-c0svus9Y-XN1mm3Xzg&c_param1=AXcoOmRXMSBMdVCroS9z-jX_MnnizGSUSQvOlJdNWtmEA8lL3m2ANeTnk7zWOqjY5OfjB9J9uSALdW6VrohSniaSPrDvtpXHiD-h391Y&gdpr=%%GDPR%%&addtl_consent=%%ADDTL_CONSENT%%&google_cver=1 HTTP/2.0
host: s.uuidksinc.net
sec-ch-ua: "Chromium";v="106", "Google Chrome";v="106", "Not;A=Brand";v="99"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://pagead2.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

server: nginx/1.23.2
date: Wed, 10 Apr 2024 11:27:51 GMT
content-length: 0
location: https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AXcoOmRXMSBMdVCroS9z-jX_MnnizGSUSQvOlJdNWtmEA8lL3m2ANeTnk7zWOqjY5OfjB9J9uSALdW6VrohSniaSPrDvtpXHiD-h391Y
set-cookie: jcsuuid=ZcDIp0dIPD6zWJFPNvMt; expires=Thu, 10 Apr 2025 11:27:51 GMT; domain=uuidksinc.net; path=/; secure; SameSite=None
DNS

42.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.200.250.142.in-addr.arpa

IN PTR

Response

42.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f101e100net
DNS

79.122.59.154.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.122.59.154.in-addr.arpa

IN PTR

Response
DNS

11.164.228.46.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.164.228.46.in-addr.arpa

IN PTR

Response

11.164.228.46.in-addr.arpa

IN PTR

presentation-ams1turncom
DNS

9.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.1.250.178.in-addr.arpa

IN PTR

Response
DNS

181.156.155.213.in-addr.arpa

Remote address:

8.8.8.8:53

Request

181.156.155.213.in-addr.arpa

IN PTR

Response
DNS

230.2.157.37.in-addr.arpa

Remote address:

8.8.8.8:53

Request

230.2.157.37.in-addr.arpa

IN PTR

Response
DNS

21.40.33.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.40.33.23.in-addr.arpa

IN PTR

Response

21.40.33.23.in-addr.arpa

IN PTR

a23-33-40-21deploystaticakamaitechnologiescom
DNS

91.149.214.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

91.149.214.35.in-addr.arpa

IN PTR

Response

91.149.214.35.in-addr.arpa

IN PTR

9114921435bcgoogleusercontentcom
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

192.178.49.163
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

192.178.49.163:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 537
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

192.178.49.163:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 268
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

198.40.223.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.40.223.52.in-addr.arpa

IN PTR

Response

198.40.223.52.in-addr.arpa

IN PTR

a6370ebea231e0c9aawsglobalacceleratorcom
DNS

53.195.51.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

53.195.51.52.in-addr.arpa

IN PTR

Response

53.195.51.52.in-addr.arpa

IN PTR

ec2-52-51-195-53 eu-west-1compute amazonawscom
DNS

236.105.42.188.in-addr.arpa

Remote address:

8.8.8.8:53

Request

236.105.42.188.in-addr.arpa

IN PTR

Response
DNS

8.213.145.82.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.213.145.82.in-addr.arpa

IN PTR

Response

8.213.145.82.in-addr.arpa

IN PTR

n-sysadmin-jumpbox-03feednewsopera technology
DNS

155.27.220.31.in-addr.arpa

Remote address:

8.8.8.8:53

Request

155.27.220.31.in-addr.arpa

IN PTR

Response
DNS

r.turn.com

chrome.exe

Remote address:

8.8.8.8:53

Request

r.turn.com

IN A

Response

r.turn.com

IN CNAME

r.turn.com.akadns.net

r.turn.com.akadns.net

IN A

46.228.164.11
DNS

34.57.122.134.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.57.122.134.in-addr.arpa

IN PTR

Response
DNS

163.49.178.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

163.49.178.192.in-addr.arpa

IN PTR

Response

163.49.178.192.in-addr.arpa

IN PTR

phx19s05-in-f31e100net
DNS

133.2.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.2.101.151.in-addr.arpa

IN PTR

Response
DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
DNS

staticmedia.livenationinternational.com

Remote address:

8.8.8.8:53

Request

staticmedia.livenationinternational.com

IN A

Response

staticmedia.livenationinternational.com

IN CNAME

ticketmaster4.map.fastly.net

ticketmaster4.map.fastly.net

IN A

151.101.2.87

ticketmaster4.map.fastly.net

IN A

151.101.66.87

ticketmaster4.map.fastly.net

IN A

151.101.130.87

ticketmaster4.map.fastly.net

IN A

151.101.194.87
DNS

staticmedia.livenationinternational.com

Remote address:

8.8.8.8:53

Request

staticmedia.livenationinternational.com

IN Unknown

Response

staticmedia.livenationinternational.com

IN CNAME

ticketmaster4.map.fastly.net
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN A

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net

part-0036.t-0009.t-msedge.net

IN A

13.107.246.64

part-0036.t-0009.t-msedge.net

IN A

13.107.213.64
DNS

wcpstatic.microsoft.com

Remote address:

8.8.8.8:53

Request

wcpstatic.microsoft.com

IN Unknown

Response

wcpstatic.microsoft.com

IN CNAME

consentdeliveryfd.azurefd.net

consentdeliveryfd.azurefd.net

IN CNAME

firstparty-azurefd-prod.trafficmanager.net

firstparty-azurefd-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN A

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net

part-0036.t-0009.t-msedge.net

IN A

13.107.246.64

part-0036.t-0009.t-msedge.net

IN A

13.107.213.64
DNS

edgestatic.azureedge.net

Remote address:

8.8.8.8:53

Request

edgestatic.azureedge.net

IN Unknown

Response

edgestatic.azureedge.net

IN CNAME

edgestatic.afd.azureedge.net

edgestatic.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.part-0036.t-0009.t-msedge.net

shed.dual-low.part-0036.t-0009.t-msedge.net

IN CNAME

part-0036.t-0009.t-msedge.net
DNS

dynamicmedia.livenationinternational.com

Remote address:

8.8.8.8:53

Request

dynamicmedia.livenationinternational.com

IN A

Response

dynamicmedia.livenationinternational.com

IN CNAME

ticketmaster4.map.fastly.net

ticketmaster4.map.fastly.net

IN A

151.101.2.87

ticketmaster4.map.fastly.net

IN A

151.101.66.87

ticketmaster4.map.fastly.net

IN A

151.101.130.87

ticketmaster4.map.fastly.net

IN A

151.101.194.87
DNS

dynamicmedia.livenationinternational.com

Remote address:

8.8.8.8:53

Request

dynamicmedia.livenationinternational.com

IN Unknown

Response

dynamicmedia.livenationinternational.com

IN CNAME

ticketmaster4.map.fastly.net
DNS

networksites.livenationinternational.com

Remote address:

8.8.8.8:53

Request

networksites.livenationinternational.com

IN A

Response

networksites.livenationinternational.com

IN CNAME

ticketmaster4.map.fastly.net

ticketmaster4.map.fastly.net

IN A

151.101.2.87

ticketmaster4.map.fastly.net

IN A

151.101.66.87

ticketmaster4.map.fastly.net

IN A

151.101.130.87

ticketmaster4.map.fastly.net

IN A

151.101.194.87
DNS

networksites.livenationinternational.com

Remote address:

8.8.8.8:53

Request

networksites.livenationinternational.com

IN Unknown

Response

networksites.livenationinternational.com

IN CNAME

ticketmaster4.map.fastly.net
DNS

235.17.178.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

235.17.178.52.in-addr.arpa

IN PTR

Response
DNS

google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

142.250.200.14
POST

https://google.com/domainreliability/upload

chrome.exe

Remote address:

142.250.200.14:443

Request

POST /domainreliability/upload HTTP/2.0
host: google.com
content-length: 287
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

172.217.169.67
DNS

google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

142.250.200.14
DNS

e2c70.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

e2c70.gcp.gvt2.com

IN A

Response

e2c70.gcp.gvt2.com

IN A

34.0.63.29
POST

https://e2c70.gcp.gvt2.com/nel/

chrome.exe

Remote address:

34.0.63.29:443

Request

POST /nel/ HTTP/2.0
host: e2c70.gcp.gvt2.com
content-length: 275
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Wed, 10 Apr 2024 11:31:10 GMT
DNS

67.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.169.217.172.in-addr.arpa

IN PTR

Response

67.169.217.172.in-addr.arpa

IN PTR

lhr48s09-in-f31e100net
DNS

29.63.0.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.63.0.34.in-addr.arpa

IN PTR

Response
DNS

171.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.61.62.23.in-addr.arpa

IN PTR

Response

171.61.62.23.in-addr.arpa

IN PTR

a23-62-61-171deploystaticakamaitechnologiescom
DNS

beacons4.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons4.gvt2.com

IN A

Response

beacons4.gvt2.com

IN A

216.239.32.116
OPTIONS

https://beacons4.gvt2.com/domainreliability/upload-nel

chrome.exe

Remote address:

216.239.32.116:443

Request

OPTIONS /domainreliability/upload-nel HTTP/2.0
host: beacons4.gvt2.com
origin: https://beacons.gcp.gvt2.com
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

beacons.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gvt2.com

IN A

Response

beacons.gvt2.com

IN A

192.178.48.227
POST

https://beacons.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

192.178.48.227:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gvt2.com
content-length: 275
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://beacons.gvt2.com/domainreliability/upload-nel

chrome.exe

Remote address:

192.178.48.227:443

Request

OPTIONS /domainreliability/upload-nel HTTP/2.0
host: beacons.gvt2.com
origin: https://beacons.gcp.gvt2.com
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

116.32.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

116.32.239.216.in-addr.arpa

IN PTR

Response

116.32.239.216.in-addr.arpa

IN PTR

e2agooglecom
DNS

227.48.178.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.48.178.192.in-addr.arpa

IN PTR

Response

227.48.178.192.in-addr.arpa

IN PTR

phx18s07-in-f31e100net
DNS

227.48.178.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.48.178.192.in-addr.arpa

IN PTR
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

172.217.169.67

13.107.6.158:443

business.bing.com

tls

2.1kB
9.9kB
19
23
13.87.96.169:443

nav-edge.smartscreen.microsoft.com

tls

10.7kB
13.0kB
32
35
13.107.6.158:443

business.bing.com

tls

1.2kB
8.0kB
11
13
72.246.173.187:443

www.microsoft.com

tls

2.7kB
22.5kB
26
36
104.97.14.73:443

bzib.nelreports.net

tls

2.9kB
6.3kB
22
24
151.101.2.87:443

staticmedia.livenationinternational.com

tls

26.3kB
783.5kB
442
633
151.101.2.87:443

dynamicmedia.livenationinternational.com

tls

1.2kB
7.9kB
13
15
54.198.157.193:443

l.betrad.com

tls

1.3kB
6.3kB
12
14
142.250.178.4:443

https://www.google.com/async/ddljson?async=ntp:2

tls, http2

chrome.exe

1.9kB
7.6kB
21
23

HTTP Request

GET https://www.google.com/async/ddljson?async=ntp:2
216.58.201.110:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.t9Zh0qeJgQI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo8xcqML2Fy6h-M-Lik1g9vgy2nGUw/cb=gapi.loaded_0

tls, http2

chrome.exe

3.1kB
50.1kB
42
48

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.t9Zh0qeJgQI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo8xcqML2Fy6h-M-Lik1g9vgy2nGUw/cb=gapi.loaded_0
52.182.143.212:443

https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

tls, http

5.9kB
7.6kB
13
11

HTTP Request

POST https://nw-umwatson.events.data.microsoft.com/Telemetry.Request

HTTP Response

200
216.58.212.202:443

chromewebstore.googleapis.com

tls

2.3kB
8.3kB
22
23
13.107.246.64:443

edgestatic.azureedge.net

tls

90.5kB
4.4MB
1843
3219
104.22.60.206:443

orteil.dashnet.org

tls, http2

chrome.exe

989 B
5.1kB
9
8
104.22.60.206:443

https://cdn.dashnet.org/cookieclicker/img/icons.png?v=2.052

tls, http2

chrome.exe

46.2kB
958.3kB
689
900

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/

HTTP Response

200

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/base64.js

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/style.css?v=9

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/main.js?v=10b

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/showads.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/darkNoise.jpg

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/darkNoiseTopBar.jpg

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/discord.png

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/weeHoodie.png

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/patreon.png

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/tinyglobeSheet.gif

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/shadedBorders.png

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/spinnyBig.png

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/spinnySmall.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/blackGradient.png

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/shadedBordersSoft.png

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/frameBorder.png

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/empty.png

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/panelGradientTop.png

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/panelGradientBottom.png

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/panelVertical.png?v=2

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/panelMenu3.png

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/prestigeBar.jpg

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/prestigeBarCap.png

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/panelGradientLeft.png

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/panelGradientRight.png

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/panelHorizontal.png?v=2

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/blackGradientSmallTop.png

HTTP Response

200

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/playsaurusbanner2.png

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/AQWorlds_CookieClicker_300x40.png

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://orteil.dashnet.org/cookieconsent.css

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/favicon.ico

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/loc/EN.js?v=2.052

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cdn.dashnet.org/cookieclicker/img/goldCookie.png

HTTP Request

GET https://cdn.dashnet.org/cookieclicker/img/wrathCookie.png

HTTP Request

GET https://cdn.dashnet.org/cookieclicker/img/spookyCookie.png

HTTP Request

GET https://cdn.dashnet.org/cookieclicker/img/contract.png

HTTP Request

GET https://cdn.dashnet.org/cookieclicker/img/hearts.png

HTTP Request

GET https://cdn.dashnet.org/cookieclicker/img/wrathContract.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cdn.dashnet.org/cookieclicker/img/bunnies.png

HTTP Request

GET https://cdn.dashnet.org/cookieclicker/img/frostedReindeer.png

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://orteil.dashnet.org/patreon/grab.php?nocache=1712748452476

HTTP Response

200

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/heraldFlag.png

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/lockOn.png

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/featherLeft.png

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/featherRight.png

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/storeTile.jpg

HTTP Request

GET https://cdn.dashnet.org/cookieclicker/img/buildings.png?v=2.052

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/money.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/tinyglobe.gif

HTTP Request

GET https://cdn.dashnet.org/cookieclicker/snd/smallTick.mp3

HTTP Response

200

HTTP Response

206

HTTP Request

GET https://cdn.dashnet.org/cookieclicker/snd/tick.mp3

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/

HTTP Response

206

HTTP Response

304

HTTP Request

GET https://orteil.dashnet.org/cookieclicker/img/playsaurusbanner1.png

HTTP Response

200

HTTP Request

GET https://orteil.dashnet.org/patreon/grab.php?nocache=1712748471050

HTTP Response

200

HTTP Request

GET https://cdn.dashnet.org/cookieclicker/img/icons.png?v=2.052

HTTP Response

200
104.17.25.14:443

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/cookieconsent.min.js

tls, http2

chrome.exe

2.0kB
6.1kB
21
22

HTTP Request

GET https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/cookieconsent.min.js

HTTP Response

200
172.217.169.8:445

www.googletagmanager.com

260 B
5
157.240.221.16:443

connect.facebook.net

tls

chrome.exe

3.0kB
65.4kB
42
57
172.217.169.8:139

www.googletagmanager.com

260 B
5
163.70.151.35:443

www.facebook.com

tls

chrome.exe

1.9kB
3.6kB
13
14
172.217.16.238:443

https://fundingchoicesmessages.google.com/i/ca-pub-8491708950677704?ers=2

tls, http2

chrome.exe

4.1kB
74.7kB
54
68

HTTP Request

GET https://fundingchoicesmessages.google.com/i/ca-pub-8491708950677704?ers=2
142.250.200.33:443

https://tpc.googlesyndication.com/pagead/js/r20240408/r20110914/client/window_focus_fy2021.js

tls, http2

chrome.exe

2.5kB
17.1kB
27
26

HTTP Request

GET https://tpc.googlesyndication.com/pagead/js/r20240408/r20110914/client/qs_click_protection_fy2021.js

HTTP Request

GET https://tpc.googlesyndication.com/pagead/js/r20240408/r20110914/client/window_focus_fy2021.js
142.250.200.33:443

tpc.googlesyndication.com

tls, http2

chrome.exe

999 B
5.8kB
9
8
172.217.169.70:443

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

tls, http2

chrome.exe

4.4kB
113.4kB
68
96

HTTP Request

GET https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

HTTP Request

GET https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
185.89.210.46:443

ib.adnxs.com

tls

chrome.exe

2.8kB
9.5kB
19
18
104.18.36.155:443

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D

tls, http2

chrome.exe

2.1kB
4.5kB
19
18

HTTP Request

GET https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D

HTTP Response

302
216.58.201.98:443

cm.g.doubleclick.net

tls, http2

chrome.exe

999 B
6.0kB
9
8
216.58.201.98:443

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm

tls, http2

chrome.exe

2.3kB
8.1kB
22
22

HTTP Request

GET https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm

HTTP Request

GET https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
172.217.169.2:443

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstYs1OMhAhzls8wrU_50iQuXXAcUqiRrBURd51OtxZYtxd5m-VWSc5h-Td_3Xzd1PiLMDWpveWEF9Pda7ppjD0v79X2KFy6KcAWTr4eIo6jIBOLRZAn2fCg8ysZE0qv_adSkEPfZpWZZD_FQlt6lYX5nKbU1RTa2v41-jl0yjGr3iVYzUqJqwahd__4XboDa8XFnFtCnYzxfr9foFY7OD7vI5QWmldnS9BWJar9BtN0JyfzO39jlJe4J7UyYCLUwCUF4-OHpp5vsz6chQ2uZDjvLcwAJI39_bxC2dpBIvSdw7KNM24JJNZ0C3wk19DF6DKoNctzBizzFtHl9WCzhI5TU-MG3_5HVg2eJ8ZmgFR16eo401BiF6uRikf7rBrmhTZnPw4tUOXW1bxV5ZkLoALCR-f-6sSZf_pSBCkqo3WVs7JLoujpF1YWGXLsDI1V7PVf_8xug-X7GmZuray8G94ItIHPTI20-DZxEgIrNfZBMGJlEYlz8_pXs1G_DF3U66VXapW_3sPbYy52OHL-5Iezzc2ByV8bBZX8E6vUuV74ioSCiO2yL89TgVVSXZv64yXvIi95Xg1w8up-AGrvouREMwXycPBK7Kep-LMaZk7R-Wn8kYXsDdWcJ_QZDiMNnSO1pW5ur5kJRiaOI3JzK_MHDbPLzYuUnvhjDqJI6dmZDWvoTSDgIKXs0rYfguXlb_OMNDbU1EDlRJMVqHxq0sHOV6ADsCkYg7EHaeTAlUWk3x8x2ON4OuK5fubbKtIWKBJrlAgVvYxgt5PfcU1GHGoauTV7CpFlZWPpHQve3XBJVYRrV8mVsq_9xCrbj8cgxwEy5HOzSIQoe1SwAVMTi62PRXCc3-Fq2Q6rr8KeYLb7iUe0vHibLfrPSwFOsiJj6DFdimAhu38uXVc9e-BHT9PSSudAT4x-avLyo47uA2kgkrvu8MsydbUkBRATTdKyMwDp4jd39q_MFT5YgYtEOkEF8dwf13nVvUYSJIi3koaQ7k0W4TVzvP8YlTDYwYdSEYrSGFLz_YNyxyl2viPPC-3tf7eu2CkpVdgneJMgVOhAy24YQzyZFOcKM9cR4kmwuzLexhiiyirA7kA7eR9JckGQuv-N-XIgaJbLJFCm0nje1oqaazOx3Jv63A-9cRHVCso2TWZYpi1DKUOHg0dn4mpFUwealBEqzru3EzAb-NaGiFHG873v7Vvn6qX2fuNKKnHhtDb1JK8qM7I3dRD70fu5gPb6rG2NcEukq2g33Jktof3BS6RtJRUd-PSKo54CGvI3D5-DquNgZdYCS_s7Z55JcUVQp2ozfUjpgxjJIDbKgsbnxnzBkp-cfLO2aB8OdU2yDpC-cKam&sai=AMfl-YSyVdABCgG3pbqrstv08s78dtueczc4jl9MHFYnK_iSmXexj6UCCenhixr2FdQr9gOCqQiGERDYNeZcFwlTyvyj4Tzg2naGYeWQ1BqBo356anHJF24ygv3HIBQuVrALrJi4j4ZAnJnd_PME75P_Dofr7PeFPiLYaAZBq-j4JJ5GMaJYxjghr-a_zaQ9syUuLreWZcpHCr3ruZAi88bk5Xumnlhbkb_-_rBpUQ3JkoRbEakCdJo13fScMmTXVB7BZmzOdrZeSuAL5ncBoBW6xNvQtC1l6aM9itYI6bALlgArO54ag8r0KeEk6xhJyV65lcjlbYDvNvP21xegDWqz2_cA0O8P_69LGQEc1VSjw4ZSsZa8uSkwfWoBV-YDgaKRbf-OxFkcTNS_VSWiIJ-ACYasDkRrgI6Q0_Qn2tSiIo66KQVZhWlkdpJEvF1_bs4s4wdkW6AeSLp9Q8y4QjZuIWB9HTn_-EJqTL0ncurZL_M2v-H-LJhETwA&sig=Cg0ArKJSzAnsaJQGr63cEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=2822&cbvp=1&cstd=2804&cisv=r20240408.85842&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTA2LjAuNTI0OS4xMTkiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxMDYuMC41MjQ5LjExOSJdLFsiR29vZ2xlIENocm9tZSIsIjEwNi4wLjUyNDkuMTE5Il0sWyJOb3Q7QT1CcmFuZCIsIjk5LjAuMC4wIl1dLDBd&arae=0&ftch=1&adurl=

tls, http2

chrome.exe

3.9kB
7.3kB
21
20

HTTP Request

GET https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstYs1OMhAhzls8wrU_50iQuXXAcUqiRrBURd51OtxZYtxd5m-VWSc5h-Td_3Xzd1PiLMDWpveWEF9Pda7ppjD0v79X2KFy6KcAWTr4eIo6jIBOLRZAn2fCg8ysZE0qv_adSkEPfZpWZZD_FQlt6lYX5nKbU1RTa2v41-jl0yjGr3iVYzUqJqwahd__4XboDa8XFnFtCnYzxfr9foFY7OD7vI5QWmldnS9BWJar9BtN0JyfzO39jlJe4J7UyYCLUwCUF4-OHpp5vsz6chQ2uZDjvLcwAJI39_bxC2dpBIvSdw7KNM24JJNZ0C3wk19DF6DKoNctzBizzFtHl9WCzhI5TU-MG3_5HVg2eJ8ZmgFR16eo401BiF6uRikf7rBrmhTZnPw4tUOXW1bxV5ZkLoALCR-f-6sSZf_pSBCkqo3WVs7JLoujpF1YWGXLsDI1V7PVf_8xug-X7GmZuray8G94ItIHPTI20-DZxEgIrNfZBMGJlEYlz8_pXs1G_DF3U66VXapW_3sPbYy52OHL-5Iezzc2ByV8bBZX8E6vUuV74ioSCiO2yL89TgVVSXZv64yXvIi95Xg1w8up-AGrvouREMwXycPBK7Kep-LMaZk7R-Wn8kYXsDdWcJ_QZDiMNnSO1pW5ur5kJRiaOI3JzK_MHDbPLzYuUnvhjDqJI6dmZDWvoTSDgIKXs0rYfguXlb_OMNDbU1EDlRJMVqHxq0sHOV6ADsCkYg7EHaeTAlUWk3x8x2ON4OuK5fubbKtIWKBJrlAgVvYxgt5PfcU1GHGoauTV7CpFlZWPpHQve3XBJVYRrV8mVsq_9xCrbj8cgxwEy5HOzSIQoe1SwAVMTi62PRXCc3-Fq2Q6rr8KeYLb7iUe0vHibLfrPSwFOsiJj6DFdimAhu38uXVc9e-BHT9PSSudAT4x-avLyo47uA2kgkrvu8MsydbUkBRATTdKyMwDp4jd39q_MFT5YgYtEOkEF8dwf13nVvUYSJIi3koaQ7k0W4TVzvP8YlTDYwYdSEYrSGFLz_YNyxyl2viPPC-3tf7eu2CkpVdgneJMgVOhAy24YQzyZFOcKM9cR4kmwuzLexhiiyirA7kA7eR9JckGQuv-N-XIgaJbLJFCm0nje1oqaazOx3Jv63A-9cRHVCso2TWZYpi1DKUOHg0dn4mpFUwealBEqzru3EzAb-NaGiFHG873v7Vvn6qX2fuNKKnHhtDb1JK8qM7I3dRD70fu5gPb6rG2NcEukq2g33Jktof3BS6RtJRUd-PSKo54CGvI3D5-DquNgZdYCS_s7Z55JcUVQp2ozfUjpgxjJIDbKgsbnxnzBkp-cfLO2aB8OdU2yDpC-cKam&sai=AMfl-YSyVdABCgG3pbqrstv08s78dtueczc4jl9MHFYnK_iSmXexj6UCCenhixr2FdQr9gOCqQiGERDYNeZcFwlTyvyj4Tzg2naGYeWQ1BqBo356anHJF24ygv3HIBQuVrALrJi4j4ZAnJnd_PME75P_Dofr7PeFPiLYaAZBq-j4JJ5GMaJYxjghr-a_zaQ9syUuLreWZcpHCr3ruZAi88bk5Xumnlhbkb_-_rBpUQ3JkoRbEakCdJo13fScMmTXVB7BZmzOdrZeSuAL5ncBoBW6xNvQtC1l6aM9itYI6bALlgArO54ag8r0KeEk6xhJyV65lcjlbYDvNvP21xegDWqz2_cA0O8P_69LGQEc1VSjw4ZSsZa8uSkwfWoBV-YDgaKRbf-OxFkcTNS_VSWiIJ-ACYasDkRrgI6Q0_Qn2tSiIo66KQVZhWlkdpJEvF1_bs4s4wdkW6AeSLp9Q8y4QjZuIWB9HTn_-EJqTL0ncurZL_M2v-H-LJhETwA&sig=Cg0ArKJSzAnsaJQGr63cEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=2822&cbvp=1&cstd=2804&cisv=r20240408.85842&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTA2LjAuNTI0OS4xMTkiLG51bGwsMCxudWxsLCI2NCIsW1siQ2hyb21pdW0iLCIxMDYuMC41MjQ5LjExOSJdLFsiR29vZ2xlIENocm9tZSIsIjEwNi4wLjUyNDkuMTE5Il0sWyJOb3Q7QT1CcmFuZCIsIjk5LjAuMC4wIl1dLDBd&arae=0&ftch=1&adurl=
52.51.159.211:443

fw.adsafeprotected.com

tls

chrome.exe

5.8kB
91.9kB
48
79
52.51.159.211:443

fw.adsafeprotected.com

tls

chrome.exe

1.1kB
6.5kB
11
11
104.97.14.99:443

code.createjs.com

tls

chrome.exe

2.9kB
71.0kB
39
66
18.239.236.119:443

https://static.adsafeprotected.com/IAS_PassbackAds_300x250.png

tls, http2

chrome.exe

3.6kB
49.9kB
38
55

HTTP Request

GET https://static.adsafeprotected.com/sca.17.6.2.js

HTTP Request

GET https://static.adsafeprotected.com/4a.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.adsafeprotected.com/passback_300x250.js

HTTP Response

200

HTTP Request

GET https://static.adsafeprotected.com/IAS_PassbackAds_300x250.png

HTTP Response

200
35.160.91.236:443

dt.adsafeprotected.com

tls

chrome.exe

6.4kB
8.8kB
26
32
35.160.91.236:443

dt.adsafeprotected.com

tls

chrome.exe

1.1kB
6.1kB
10
10
35.160.91.236:443

dt.adsafeprotected.com

tls

chrome.exe

931 B
5.7kB
9
7
104.22.60.206:443

https://cdn.dashnet.org/cookieclicker/img/milkPlain.png

tls, http2

chrome.exe

21.7kB
508.8kB
389
416

HTTP Request

GET https://cdn.dashnet.org/cookieclicker/img/filler.png

HTTP Response

200

HTTP Request

GET https://cdn.dashnet.org/cookieclicker/img/you.png

HTTP Request

GET https://cdn.dashnet.org/cookieclicker/img/youAddons.png?v=2.052

HTTP Request

GET https://cdn.dashnet.org/cookieclicker/img/brokenCookie.png

HTTP Request

GET https://cdn.dashnet.org/cookieclicker/img/brokenCookieHalo.png

HTTP Request

GET https://cdn.dashnet.org/cookieclicker/img/starbg.jpg

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cdn.dashnet.org/cookieclicker/img/bgBlue.jpg

HTTP Request

GET https://cdn.dashnet.org/cookieclicker/img/shadedBordersSoft.png

HTTP Request

GET https://cdn.dashnet.org/cookieclicker/img/shine.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cdn.dashnet.org/cookieclicker/img/cookieShadow.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cdn.dashnet.org/cookieclicker/img/perfectCookie.png

HTTP Request

GET https://cdn.dashnet.org/cookieclicker/img/cursor.png

HTTP Request

GET https://cdn.dashnet.org/cookieclicker/img/milkPlain.png

HTTP Response

200

HTTP Response

200

HTTP Response

200
142.250.180.2:443

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIivCWksW3hQMVV2n2CB10HwgKEAEYACDxk_9l;dc_eps=AHas8cAmhie5Jh77fTEfHDOPreS6gIUSrb4Y83bjxRL8erRze2bYz1QNS-06tYjdD_-r8cd_hqUv9O7MpAVnH_rx6VU;met=1;&timestamp=1712748452362;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

tls, http2

chrome.exe

2.2kB
7.2kB
19
21

HTTP Request

GET https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIivCWksW3hQMVV2n2CB10HwgKEAEYACDxk_9l;dc_eps=AHas8cAmhie5Jh77fTEfHDOPreS6gIUSrb4Y83bjxRL8erRze2bYz1QNS-06tYjdD_-r8cd_hqUv9O7MpAVnH_rx6VU;met=1;&timestamp=1712748452362;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
142.250.77.35:443

https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=1~lutq73gs&ctx=0&uet=2&met.1=24.nhp

tls, http2

chrome.exe

2.1kB
6.9kB
20
23

HTTP Request

POST https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=1~lutq73gs&ctx=0&uet=2&met.1=24.nhp
142.250.77.35:443

csi.gstatic.com

tls, http2

chrome.exe

1.1kB
5.9kB
11
11
142.250.200.42:443

https://ajax.googleapis.com/ajax/libs/jquery/3.6.1/jquery.min.js

tls, http2

chrome.exe

2.9kB
40.0kB
38
41

HTTP Request

GET https://ajax.googleapis.com/ajax/libs/jquery/3.6.1/jquery.min.js
154.59.122.79:443

https://ums.acuityplatform.com/tum?umid=4&uid=CAESEIq_9HJ8DTMwrj5t5Sr83fQ&google_cver=1&google_push=AXcoOmQIB0kmSGxZlLf3JVBhexcI6UNpxJVmpm9RQrqE3Myu2OlRxbzmVnUBGRLfG6gZbkfa8H3sfHeEU3s0X92k6bbmTrP3QWHQg4Q

tls, http

chrome.exe

2.0kB
6.8kB
13
12

HTTP Request

GET https://ums.acuityplatform.com/tum?umid=4&uid=CAESEIq_9HJ8DTMwrj5t5Sr83fQ&google_cver=1&google_push=AXcoOmQIB0kmSGxZlLf3JVBhexcI6UNpxJVmpm9RQrqE3Myu2OlRxbzmVnUBGRLfG6gZbkfa8H3sfHeEU3s0X92k6bbmTrP3QWHQg4Q

HTTP Response

204
213.155.156.181:443

https://d5p.de17a.com/cookies/google;c?google_gid=CAESEDaKpczlpGytV0lyc5ybp9I&google_cver=1&google_push=AXcoOmTutZuqq-s3v30U_Pj4NLRjSJT7ZoQHcJT1ta8ISR7twdJUrxyVh7UTcD-_nZMnWd-kk4U5DZLGexUWQATNU3qh8-JEuYPnagg

tls, http2

chrome.exe

2.4kB
7.9kB
20
18

HTTP Request

GET https://d5p.de17a.com/cookies/google?google_gid=CAESEDaKpczlpGytV0lyc5ybp9I&google_cver=1&google_push=AXcoOmTutZuqq-s3v30U_Pj4NLRjSJT7ZoQHcJT1ta8ISR7twdJUrxyVh7UTcD-_nZMnWd-kk4U5DZLGexUWQATNU3qh8-JEuYPnagg

HTTP Response

302

HTTP Request

GET https://d5p.de17a.com/cookies/google;c?google_gid=CAESEDaKpczlpGytV0lyc5ybp9I&google_cver=1&google_push=AXcoOmTutZuqq-s3v30U_Pj4NLRjSJT7ZoQHcJT1ta8ISR7twdJUrxyVh7UTcD-_nZMnWd-kk4U5DZLGexUWQATNU3qh8-JEuYPnagg

HTTP Response

302
46.228.164.11:443

https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENmcDGEDLOYW2PNWaeRIoDU&google_cver=1

tls, http2

chrome.exe

2.1kB
8.1kB
16
17

HTTP Request

GET https://ad.turn.com/r/cs?pid=3&google_gid=CAESENmcDGEDLOYW2PNWaeRIoDU&google_cver=1&google_push=AXcoOmQTT76IOUHP5nHNJV0THPVSelTpM3fkpToUaTQ7ZCvkhlxx8neSvHlSXG3OsFscNtOAOwM8ve8FK1pvlozAl7t3YFklotLn_DA

HTTP Response

302

HTTP Request

GET https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESENmcDGEDLOYW2PNWaeRIoDU&google_cver=1

HTTP Response

200
178.250.1.9:443

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmQvelEpF1UIz6QrhoofhyEaZIqD5a7Twlm0xPtSblQHl0dkaW9CQvRqLMvkCQUQICA2c3XVmbRjKPo3GO7kGxHrYv9hT-1hb3E&google_gid=CAESEPF7KRgEteXhtP1laM6Av04&google_cver=1

tls, http2

chrome.exe

1.9kB
4.8kB
13
12

HTTP Request

GET https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmQvelEpF1UIz6QrhoofhyEaZIqD5a7Twlm0xPtSblQHl0dkaW9CQvRqLMvkCQUQICA2c3XVmbRjKPo3GO7kGxHrYv9hT-1hb3E&google_gid=CAESEPF7KRgEteXhtP1laM6Av04&google_cver=1

HTTP Response

200
37.157.2.230:443

c1.adform.net

tls

chrome.exe

2.4kB
7.6kB
18
21
23.33.40.21:443

https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEHN94fUwp2sJRamyPY5fZcM&google_cver=1&google_push=AXcoOmRkvH95KQn6QtDJwW5Xl-1hWWizXIgMchmDDJjuaphCnEd00OJv0FfnOy_6K24-RvoC5rupJN47XSCO9oEFiqNkC1Pv3lB1CQ_A

tls, http2

chrome.exe

2.0kB
5.4kB
16
20

HTTP Request

GET https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEHN94fUwp2sJRamyPY5fZcM&google_cver=1&google_push=AXcoOmRkvH95KQn6QtDJwW5Xl-1hWWizXIgMchmDDJjuaphCnEd00OJv0FfnOy_6K24-RvoC5rupJN47XSCO9oEFiqNkC1Pv3lB1CQ_A

HTTP Response

302
23.33.40.21:443

analytics.pangle-ads.com

tls, http2

chrome.exe

1.1kB
3.9kB
10
13
35.214.149.91:443

x.bidswitch.net

tls

chrome.exe

2.0kB
4.1kB
12
11
52.223.40.198:443

match.adsrvr.org

tls

chrome.exe

2.0kB
4.5kB
15
16
52.51.195.53:443

pr-bh.ybp.yahoo.com

tls

chrome.exe

2.0kB
5.3kB
14
16
193.0.160.130:443

a.rfihub.com

tls

chrome.exe

2.2kB
8.0kB
16
19
188.42.105.236:443

https://sync.gonet-ads.com/match/google

tls, http2

chrome.exe

2.9kB
9.5kB
21
27

HTTP Request

GET https://sync.gonet-ads.com/match/google?google_gid=CAESENz165J3ifq2ipbRLjQeUCg&google_cver=1&google_push=AXcoOmSEUQcyDcPP87A7qym22RZZ9U5EOzOsBh7dsdPa9VKF4e_bZssCpVegveZ3F1lZ_l1ZxcZjsPCjRODIbX7aFaJyQhRpT1bZ-XlPUw

HTTP Response

302

HTTP Request

GET https://sync.gonet-ads.com/match/google?google_gid=CAESENz165J3ifq2ipbRLjQeUCg&google_cver=1&google_push=AXcoOmSEUQcyDcPP87A7qym22RZZ9U5EOzOsBh7dsdPa9VKF4e_bZssCpVegveZ3F1lZ_l1ZxcZjsPCjRODIbX7aFaJyQhRpT1bZ-XlPUw&chk=1

HTTP Response

302

HTTP Request

GET https://sync.gonet-ads.com/match/google

HTTP Response

302
134.122.57.34:443

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEC9hzrihvJFstb5qfc5E7EU&google_cver=1&google_push=AXcoOmTpZqrp4MPD47Py6LETBPuRxLykTSTI1rG5WeVTjPyYrFXEALENjikozbEW-PaM0cZWgpmzapsdve6C5fmO-VxN_o3yAZWBYIc

tls, http

chrome.exe

2.0kB
7.5kB
14
14

HTTP Request

GET https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEC9hzrihvJFstb5qfc5E7EU&google_cver=1&google_push=AXcoOmTpZqrp4MPD47Py6LETBPuRxLykTSTI1rG5WeVTjPyYrFXEALENjikozbEW-PaM0cZWgpmzapsdve6C5fmO-VxN_o3yAZWBYIc

HTTP Response

302
82.145.213.8:443

t.adx.opera.com

tls

chrome.exe

2.0kB
5.6kB
16
17
31.220.27.155:443

https://s.uuidksinc.net/match/47/?remote_uid=CAESEHNn-c0svus9Y-XN1mm3Xzg&c_param1=AXcoOmRXMSBMdVCroS9z-jX_MnnizGSUSQvOlJdNWtmEA8lL3m2ANeTnk7zWOqjY5OfjB9J9uSALdW6VrohSniaSPrDvtpXHiD-h391Y&gdpr=%%GDPR%%&addtl_consent=%%ADDTL_CONSENT%%&google_cver=1

tls, http2

chrome.exe

1.9kB
4.8kB
13
15

HTTP Request

GET https://s.uuidksinc.net/match/47/?remote_uid=CAESEHNn-c0svus9Y-XN1mm3Xzg&c_param1=AXcoOmRXMSBMdVCroS9z-jX_MnnizGSUSQvOlJdNWtmEA8lL3m2ANeTnk7zWOqjY5OfjB9J9uSALdW6VrohSniaSPrDvtpXHiD-h391Y&gdpr=%%GDPR%%&addtl_consent=%%ADDTL_CONSENT%%&google_cver=1

HTTP Response

302
134.122.57.34:443

match.adsby.bidtheatre.com

tls

chrome.exe

1.1kB
7.5kB
11
13
31.220.27.155:443

s.uuidksinc.net

tls

chrome.exe

989 B
4.0kB
9
8
82.145.213.8:443

t.adx.opera.com

tls

chrome.exe

1.0kB
4.1kB
9
8
188.42.105.236:443

sync.gonet-ads.com

tls

chrome.exe

1.5kB
7.3kB
12
14
192.178.49.163:443

https://beacons.gcp.gvt2.com/domainreliability/upload

tls, http2

chrome.exe

3.2kB
7.9kB
27
28

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload
192.178.49.163:443

beacons.gcp.gvt2.com

tls, http2

chrome.exe

1.0kB
5.8kB
10
9
151.101.2.87:443

staticmedia.livenationinternational.com

tls

3.6kB
51.2kB
45
65
13.107.246.64:443

wcpstatic.microsoft.com

tls

4.4kB
91.0kB
55
78
13.107.246.64:443

edgestatic.azureedge.net

tls

10.7kB
272.5kB
157
213
142.250.200.14:443

https://google.com/domainreliability/upload

tls, http2

chrome.exe

2.3kB
9.9kB
22
22

HTTP Request

POST https://google.com/domainreliability/upload
34.0.63.29:443

https://e2c70.gcp.gvt2.com/nel/

tls, http2

chrome.exe

2.0kB
5.8kB
16
15

HTTP Request

POST https://e2c70.gcp.gvt2.com/nel/

HTTP Response

204
34.0.63.29:443

e2c70.gcp.gvt2.com

tls, http2

chrome.exe

1.0kB
5.4kB
10
9
23.62.61.171:443

www.bing.com

tls

2.6kB
6.3kB
19
19
216.239.32.116:443

https://beacons4.gvt2.com/domainreliability/upload-nel

tls, http2

chrome.exe

2.0kB
7.2kB
21
21

HTTP Request

OPTIONS https://beacons4.gvt2.com/domainreliability/upload-nel
192.178.48.227:443

https://beacons.gvt2.com/domainreliability/upload-nel

tls, http2

chrome.exe

2.9kB
8.1kB
30
30

HTTP Request

POST https://beacons.gvt2.com/domainreliability/upload

HTTP Request

OPTIONS https://beacons.gvt2.com/domainreliability/upload-nel

8.8.8.8:53

4.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

4.159.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

203.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

203.197.79.204.in-addr.arpa
8.8.8.8:53

business.bing.com

dns

63 B
144 B
1
1

DNS Request

business.bing.com

DNS Response

13.107.6.158
8.8.8.8:53

business.bing.com

dns

63 B
171 B
1
1

DNS Request

business.bing.com
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
200 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com

DNS Response

13.87.96.169
8.8.8.8:53

nav-edge.smartscreen.microsoft.com

dns

80 B
244 B
1
1

DNS Request

nav-edge.smartscreen.microsoft.com
8.8.8.8:53

150.1.37.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

150.1.37.23.in-addr.arpa
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

72.246.173.187
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

72.246.173.187
8.8.8.8:53

www.microsoft.com

dns

63 B
275 B
1
1

DNS Request

www.microsoft.com
8.8.8.8:53

bzib.nelreports.net

dns

65 B
172 B
1
1

DNS Request

bzib.nelreports.net

DNS Response

104.97.14.73

104.97.14.88
8.8.8.8:53

bzib.nelreports.net

dns

65 B
204 B
1
1

DNS Request

bzib.nelreports.net
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

72.246.173.187
8.8.8.8:53

187.173.246.72.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

187.173.246.72.in-addr.arpa
8.8.8.8:53

0.204.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.204.248.87.in-addr.arpa
8.8.8.8:53

73.14.97.104.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

73.14.97.104.in-addr.arpa
8.8.8.8:53

staticmedia.livenationinternational.com

dns

85 B
191 B
1
1

DNS Request

staticmedia.livenationinternational.com

DNS Response

151.101.2.87

151.101.66.87

151.101.130.87

151.101.194.87
8.8.8.8:53

staticmedia.livenationinternational.com

dns

157 B
324 B
2
2

DNS Request

staticmedia.livenationinternational.com

DNS Request

130.160.0.193.in-addr.arpa
8.8.8.8:53

dynamicmedia.livenationinternational.com

dns

86 B
192 B
1
1

DNS Request

dynamicmedia.livenationinternational.com

DNS Response

151.101.2.87

151.101.66.87

151.101.130.87

151.101.194.87
8.8.8.8:53

dynamicmedia.livenationinternational.com

dns

86 B
186 B
1
1

DNS Request

dynamicmedia.livenationinternational.com
8.8.8.8:53

l.betrad.com

dns

58 B
182 B
1
1

DNS Request

l.betrad.com

DNS Response

54.198.157.193

3.231.35.194

107.22.91.90
8.8.8.8:53

l.betrad.com

dns

58 B
216 B
1
1

DNS Request

l.betrad.com
8.8.8.8:53

8.169.217.172.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

8.169.217.172.in-addr.arpa
8.8.8.8:53

193.157.198.54.in-addr.arpa

dns

73 B
129 B
1
1

DNS Request

193.157.198.54.in-addr.arpa
8.8.8.8:53

87.2.101.151.in-addr.arpa

dns

71 B
131 B
1
1

DNS Request

87.2.101.151.in-addr.arpa
8.8.8.8:53

99.201.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

99.201.58.216.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

www.google.com

dns

chrome.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.178.4
142.250.178.4:443

www.google.com

https

chrome.exe

12.0kB
262.9kB
108
263
224.0.0.251:5353

408 B
6
8.8.8.8:53

241.150.49.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.150.49.20.in-addr.arpa
8.8.8.8:53

apis.google.com

dns

chrome.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

216.58.201.110
8.8.8.8:53

3.180.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.180.250.142.in-addr.arpa
8.8.8.8:53

110.201.58.216.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

110.201.58.216.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

17.14.97.104.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

17.14.97.104.in-addr.arpa
8.8.8.8:53

nw-umwatson.events.data.microsoft.com

dns

83 B
214 B
1
1

DNS Request

nw-umwatson.events.data.microsoft.com

DNS Response

52.182.143.212
8.8.8.8:53

212.143.182.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

212.143.182.52.in-addr.arpa
8.8.8.8:53

chromewebstore.googleapis.com

dns

75 B
299 B
1
1

DNS Request

chromewebstore.googleapis.com

DNS Response

216.58.212.202

172.217.169.74

172.217.169.42

142.250.179.234

142.250.180.10

142.250.187.202

142.250.187.234

142.250.178.10

172.217.16.234

142.250.200.10

142.250.200.42

216.58.201.106

216.58.204.74

216.58.213.10
8.8.8.8:53

chromewebstore.googleapis.com

dns

75 B
132 B
1
1

DNS Request

chromewebstore.googleapis.com
8.8.8.8:53

c.s-microsoft.com

dns

63 B
193 B
1
1

DNS Request

c.s-microsoft.com

DNS Response

23.37.1.217
8.8.8.8:53

c.s-microsoft.com

dns

63 B
238 B
1
1

DNS Request

c.s-microsoft.com
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
245 B
1
1

DNS Request

edgestatic.azureedge.net

DNS Response

13.107.246.64

13.107.213.64
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
273 B
1
1

DNS Request

edgestatic.azureedge.net
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

202.212.58.216.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

202.212.58.216.in-addr.arpa
8.8.8.8:53

3.169.217.172.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.169.217.172.in-addr.arpa
8.8.8.8:53

orteil.dashnet.org

dns

chrome.exe

64 B
112 B
1
1

DNS Request

orteil.dashnet.org

DNS Response

104.22.60.206

104.22.61.206

172.67.36.94
8.8.8.8:53

cdnjs.cloudflare.com

dns

chrome.exe

66 B
98 B
1
1

DNS Request

cdnjs.cloudflare.com

DNS Response

104.17.25.14

104.17.24.14
8.8.8.8:53

googleads.g.doubleclick.net

dns

chrome.exe

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

142.250.179.226
8.8.8.8:53

connect.facebook.net

dns

chrome.exe

66 B
114 B
1
1

DNS Request

connect.facebook.net

DNS Response

157.240.221.16
8.8.8.8:53

10.178.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

10.178.250.142.in-addr.arpa
8.8.8.8:53

206.60.22.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

206.60.22.104.in-addr.arpa
8.8.8.8:53

34.200.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

34.200.250.142.in-addr.arpa
8.8.8.8:53

14.25.17.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

14.25.17.104.in-addr.arpa
8.8.8.8:53

226.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

226.179.250.142.in-addr.arpa
8.8.8.8:53

16.221.240.157.in-addr.arpa

dns

73 B
117 B
1
1

DNS Request

16.221.240.157.in-addr.arpa
157.240.221.16:443

connect.facebook.net

https

chrome.exe

4.2kB
19.1kB
12
21
8.8.8.8:53

www.facebook.com

dns

chrome.exe

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

163.70.151.35
8.8.8.8:53

fundingchoicesmessages.google.com

dns

chrome.exe

79 B
116 B
1
1

DNS Request

fundingchoicesmessages.google.com

DNS Response

172.217.16.238
8.8.8.8:53

tpc.googlesyndication.com

dns

chrome.exe

71 B
87 B
1
1

DNS Request

tpc.googlesyndication.com

DNS Response

142.250.200.33
8.8.8.8:53

s0.2mdn.net

dns

chrome.exe

57 B
73 B
1
1

DNS Request

s0.2mdn.net

DNS Response

172.217.169.70
8.8.8.8:53

35.151.70.163.in-addr.arpa

dns

72 B
125 B
1
1

DNS Request

35.151.70.163.in-addr.arpa
8.8.8.8:53

238.16.217.172.in-addr.arpa

dns

73 B
142 B
1
1

DNS Request

238.16.217.172.in-addr.arpa
172.217.16.238:443

fundingchoicesmessages.google.com

https

chrome.exe

9.4kB
94.4kB
67
107
142.250.200.33:443

tpc.googlesyndication.com

https

chrome.exe

20.1kB
514.0kB
204
511
8.8.8.8:53

33.200.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

33.200.250.142.in-addr.arpa
172.217.16.238:443

fundingchoicesmessages.google.com

https

chrome.exe

7.3kB
13.4kB
39
49
8.8.8.8:53

cm.g.doubleclick.net

dns

chrome.exe

66 B
82 B
1
1

DNS Request

cm.g.doubleclick.net

DNS Response

216.58.201.98
8.8.8.8:53

dsum-sec.casalemedia.com

dns

chrome.exe

70 B
102 B
1
1

DNS Request

dsum-sec.casalemedia.com

DNS Response

104.18.36.155

172.64.151.101
8.8.8.8:53

ib.adnxs.com

dns

chrome.exe

58 B
311 B
1
1

DNS Request

ib.adnxs.com

DNS Response

185.89.210.46

185.89.211.116

185.89.210.212

185.89.210.141

185.89.210.153

185.89.210.82

185.89.210.180

185.89.211.84

185.89.210.90

185.89.210.122

185.89.210.244

185.89.210.20
8.8.8.8:53

70.169.217.172.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

70.169.217.172.in-addr.arpa
8.8.8.8:53

46.210.89.185.in-addr.arpa

dns

72 B
133 B
1
1

DNS Request

46.210.89.185.in-addr.arpa
8.8.8.8:53

155.36.18.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

155.36.18.104.in-addr.arpa
8.8.8.8:53

98.201.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

98.201.58.216.in-addr.arpa
172.217.169.70:443

s0.2mdn.net

https

chrome.exe

11.3kB
170.3kB
101
175
104.18.36.155:443

dsum-sec.casalemedia.com

https

chrome.exe

7.3kB
11.4kB
20
23
216.58.201.98:443

cm.g.doubleclick.net

https

chrome.exe

10.1kB
16.9kB
74
89
8.8.8.8:53

googleads4.g.doubleclick.net

dns

chrome.exe

74 B
90 B
1
1

DNS Request

googleads4.g.doubleclick.net

DNS Response

172.217.169.2
8.8.8.8:53

fw.adsafeprotected.com

dns

chrome.exe

68 B
282 B
1
1

DNS Request

fw.adsafeprotected.com

DNS Response

52.51.159.211

54.195.41.163

34.243.8.6

54.154.20.75

34.249.118.238

34.250.132.186

34.247.157.243

54.77.58.207
172.217.169.70:443

s0.2mdn.net

https

chrome.exe

3.6kB
9.2kB
11
13
8.8.8.8:53

code.createjs.com

dns

chrome.exe

63 B
182 B
1
1

DNS Request

code.createjs.com

DNS Response

104.97.14.99

104.97.14.90
8.8.8.8:53

2.169.217.172.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

2.169.217.172.in-addr.arpa
8.8.8.8:53

211.159.51.52.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

211.159.51.52.in-addr.arpa
8.8.8.8:53

99.14.97.104.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

99.14.97.104.in-addr.arpa
172.217.169.2:443

googleads4.g.doubleclick.net

https

chrome.exe

10.6kB
9.2kB
25
25
8.8.8.8:53

6.39.156.108.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

6.39.156.108.in-addr.arpa
8.8.8.8:53

static.adsafeprotected.com

dns

chrome.exe

72 B
179 B
1
1

DNS Request

static.adsafeprotected.com

DNS Response

18.239.236.119

18.239.236.113

18.239.236.27

18.239.236.30
8.8.8.8:53

dt.adsafeprotected.com

dns

chrome.exe

68 B
275 B
1
1

DNS Request

dt.adsafeprotected.com

DNS Response

35.160.91.236

35.165.40.164

54.69.40.206

34.210.225.85

35.162.160.167

52.41.232.236

54.71.6.100

44.229.80.8
8.8.8.8:53

119.236.239.18.in-addr.arpa

dns

73 B
130 B
1
1

DNS Request

119.236.239.18.in-addr.arpa
8.8.8.8:53

236.91.160.35.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

236.91.160.35.in-addr.arpa
8.8.8.8:53

cdn.dashnet.org

dns

chrome.exe

61 B
109 B
1
1

DNS Request

cdn.dashnet.org

DNS Response

104.22.60.206

172.67.36.94

104.22.61.206
8.8.8.8:53

ade.googlesyndication.com

dns

chrome.exe

71 B
87 B
1
1

DNS Request

ade.googlesyndication.com

DNS Response

142.250.180.2
8.8.8.8:53

2.180.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

2.180.250.142.in-addr.arpa
163.70.151.35:443

www.facebook.com

https

chrome.exe

4.6kB
5.1kB
9
12
8.8.8.8:53

csi.gstatic.com

dns

chrome.exe

61 B
77 B
1
1

DNS Request

csi.gstatic.com

DNS Response

142.250.77.35
8.8.8.8:53

35.77.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

35.77.250.142.in-addr.arpa
8.8.8.8:53

23.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

23.236.111.52.in-addr.arpa
8.8.8.8:53

ajax.googleapis.com

dns

chrome.exe

65 B
81 B
1
1

DNS Request

ajax.googleapis.com

DNS Response

142.250.200.42
8.8.8.8:53

ad.turn.com

dns

chrome.exe

57 B
109 B
1
1

DNS Request

ad.turn.com

DNS Response

46.228.164.11
8.8.8.8:53

ums.acuityplatform.com

dns

chrome.exe

68 B
84 B
1
1

DNS Request

ums.acuityplatform.com

DNS Response

154.59.122.79
8.8.8.8:53

x.bidswitch.net

dns

chrome.exe

61 B
104 B
1
1

DNS Request

x.bidswitch.net

DNS Response

35.214.149.91
8.8.8.8:53

d5p.de17a.com

dns

chrome.exe

59 B
251 B
1
1

DNS Request

d5p.de17a.com

DNS Response

213.155.156.181

213.155.156.185

213.155.156.167

213.155.156.184

213.155.156.165

213.155.156.180

213.155.156.164

213.155.156.182

213.155.156.168

213.155.156.166

213.155.156.169

213.155.156.183
8.8.8.8:53

dis.criteo.com

dns

chrome.exe

60 B
110 B
1
1

DNS Request

dis.criteo.com

DNS Response

178.250.1.9
8.8.8.8:53

c1.adform.net

dns

chrome.exe

59 B
176 B
1
1

DNS Request

c1.adform.net

DNS Response

37.157.2.230

37.157.2.228

37.157.3.26

37.157.3.20

37.157.2.229
8.8.8.8:53

analytics.pangle-ads.com

dns

chrome.exe

70 B
298 B
1
1

DNS Request

analytics.pangle-ads.com

DNS Response

23.33.40.21

23.33.40.27

23.33.40.22

23.33.40.4

23.33.40.28

23.33.40.25

23.33.40.23

23.33.40.24

23.33.40.26
8.8.8.8:53

match.adsrvr.org

dns

chrome.exe

62 B
126 B
1
1

DNS Request

match.adsrvr.org

DNS Response

52.223.40.198

35.71.131.137

15.197.193.217

3.33.220.150
8.8.8.8:53

match.adsby.bidtheatre.com

dns

chrome.exe

72 B
120 B
1
1

DNS Request

match.adsby.bidtheatre.com

DNS Response

134.122.57.34

188.166.17.21

64.227.64.62
8.8.8.8:53

pr-bh.ybp.yahoo.com

dns

chrome.exe

65 B
173 B
1
1

DNS Request

pr-bh.ybp.yahoo.com

DNS Response

52.51.195.53

52.30.158.183

63.35.81.137

54.170.176.233
8.8.8.8:53

s.uuidksinc.net

dns

chrome.exe

61 B
125 B
1
1

DNS Request

s.uuidksinc.net

DNS Response

31.220.27.155

31.220.27.134

31.220.27.135

185.98.54.153
8.8.8.8:53

a.rfihub.com

dns

chrome.exe

58 B
132 B
1
1

DNS Request

a.rfihub.com

DNS Response

193.0.160.130
8.8.8.8:53

t.adx.opera.com

dns

chrome.exe

61 B
104 B
1
1

DNS Request

t.adx.opera.com

DNS Response

82.145.213.8
8.8.8.8:53

sync.gonet-ads.com

dns

chrome.exe

64 B
96 B
1
1

DNS Request

sync.gonet-ads.com

DNS Response

188.42.105.236

188.42.105.220
8.8.8.8:53

42.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

42.200.250.142.in-addr.arpa
8.8.8.8:53

79.122.59.154.in-addr.arpa

dns

72 B
72 B
1
1

DNS Request

79.122.59.154.in-addr.arpa
8.8.8.8:53

11.164.228.46.in-addr.arpa

dns

72 B
112 B
1
1

DNS Request

11.164.228.46.in-addr.arpa
8.8.8.8:53

9.1.250.178.in-addr.arpa

dns

70 B
124 B
1
1

DNS Request

9.1.250.178.in-addr.arpa
8.8.8.8:53

181.156.155.213.in-addr.arpa

dns

74 B
136 B
1
1

DNS Request

181.156.155.213.in-addr.arpa
8.8.8.8:53

230.2.157.37.in-addr.arpa

dns

71 B
155 B
1
1

DNS Request

230.2.157.37.in-addr.arpa
8.8.8.8:53

21.40.33.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

21.40.33.23.in-addr.arpa
8.8.8.8:53

91.149.214.35.in-addr.arpa

dns

72 B
124 B
1
1

DNS Request

91.149.214.35.in-addr.arpa
8.8.8.8:53

beacons.gcp.gvt2.com

dns

chrome.exe

66 B
112 B
1
1

DNS Request

beacons.gcp.gvt2.com

DNS Response

192.178.49.163
8.8.8.8:53

198.40.223.52.in-addr.arpa

dns

72 B
128 B
1
1

DNS Request

198.40.223.52.in-addr.arpa
8.8.8.8:53

53.195.51.52.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

53.195.51.52.in-addr.arpa
8.8.8.8:53

236.105.42.188.in-addr.arpa

dns

73 B
146 B
1
1

DNS Request

236.105.42.188.in-addr.arpa
8.8.8.8:53

8.213.145.82.in-addr.arpa

dns

71 B
132 B
1
1

DNS Request

8.213.145.82.in-addr.arpa
8.8.8.8:53

155.27.220.31.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

155.27.220.31.in-addr.arpa
8.8.8.8:53

r.turn.com

dns

chrome.exe

56 B
107 B
1
1

DNS Request

r.turn.com

DNS Response

46.228.164.11
8.8.8.8:53

34.57.122.134.in-addr.arpa

dns

72 B
139 B
1
1

DNS Request

34.57.122.134.in-addr.arpa
8.8.8.8:53

163.49.178.192.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

163.49.178.192.in-addr.arpa
8.8.8.8:53

133.2.101.151.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

133.2.101.151.in-addr.arpa
192.178.49.163:443

beacons.gcp.gvt2.com

https

chrome.exe

3.3kB
7.7kB
9
10
8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

staticmedia.livenationinternational.com

dns

85 B
191 B
1
1

DNS Request

staticmedia.livenationinternational.com

DNS Response

151.101.2.87

151.101.66.87

151.101.130.87

151.101.194.87
8.8.8.8:53

staticmedia.livenationinternational.com

dns

85 B
185 B
1
1

DNS Request

staticmedia.livenationinternational.com
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
265 B
1
1

DNS Request

wcpstatic.microsoft.com

DNS Response

13.107.246.64

13.107.213.64
8.8.8.8:53

wcpstatic.microsoft.com

dns

69 B
280 B
1
1

DNS Request

wcpstatic.microsoft.com
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
245 B
1
1

DNS Request

edgestatic.azureedge.net

DNS Response

13.107.246.64

13.107.213.64
8.8.8.8:53

edgestatic.azureedge.net

dns

70 B
273 B
1
1

DNS Request

edgestatic.azureedge.net
8.8.8.8:53

dynamicmedia.livenationinternational.com

dns

86 B
192 B
1
1

DNS Request

dynamicmedia.livenationinternational.com

DNS Response

151.101.2.87

151.101.66.87

151.101.130.87

151.101.194.87
8.8.8.8:53

dynamicmedia.livenationinternational.com

dns

86 B
186 B
1
1

DNS Request

dynamicmedia.livenationinternational.com
8.8.8.8:53

networksites.livenationinternational.com

dns

86 B
192 B
1
1

DNS Request

networksites.livenationinternational.com

DNS Response

151.101.2.87

151.101.66.87

151.101.130.87

151.101.194.87
8.8.8.8:53

networksites.livenationinternational.com

dns

86 B
186 B
1
1

DNS Request

networksites.livenationinternational.com
8.8.8.8:53

235.17.178.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

235.17.178.52.in-addr.arpa
8.8.8.8:53

google.com

dns

chrome.exe

56 B
72 B
1
1

DNS Request

google.com

DNS Response

142.250.200.14
192.178.49.163:443

beacons.gcp.gvt2.com

https

chrome.exe

6.0kB
4.0kB
16
17
8.8.8.8:53

beacons.gcp.gvt2.com

dns

chrome.exe

66 B
112 B
1
1

DNS Request

beacons.gcp.gvt2.com

DNS Response

172.217.169.67
8.8.8.8:53

google.com

dns

chrome.exe

56 B
72 B
1
1

DNS Request

google.com

DNS Response

142.250.200.14
172.217.169.67:443

beacons.gcp.gvt2.com

https

chrome.exe

5.3kB
7.9kB
21
21
142.250.200.14:443

google.com

https

chrome.exe

2.3kB
8.2kB
7
11
8.8.8.8:53

e2c70.gcp.gvt2.com

dns

chrome.exe

64 B
80 B
1
1

DNS Request

e2c70.gcp.gvt2.com

DNS Response

34.0.63.29
8.8.8.8:53

67.169.217.172.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

67.169.217.172.in-addr.arpa
8.8.8.8:53

29.63.0.34.in-addr.arpa

dns

69 B
123 B
1
1

DNS Request

29.63.0.34.in-addr.arpa
8.8.8.8:53

171.61.62.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

171.61.62.23.in-addr.arpa
8.8.8.8:53

beacons4.gvt2.com

dns

chrome.exe

63 B
79 B
1
1

DNS Request

beacons4.gvt2.com

DNS Response

216.239.32.116
172.217.169.67:443

beacons.gcp.gvt2.com

https

chrome.exe

3.9kB
3.8kB
11
13
8.8.8.8:53

beacons.gvt2.com

dns

chrome.exe

62 B
78 B
1
1

DNS Request

beacons.gvt2.com

DNS Response

192.178.48.227
216.239.32.116:443

beacons4.gvt2.com

https

chrome.exe

4.1kB
7.8kB
9
11
8.8.8.8:53

116.32.239.216.in-addr.arpa

dns

73 B
101 B
1
1

DNS Request

116.32.239.216.in-addr.arpa
8.8.8.8:53

227.48.178.192.in-addr.arpa

dns

146 B
111 B
2
1

DNS Request

227.48.178.192.in-addr.arpa

DNS Request

227.48.178.192.in-addr.arpa
192.178.48.227:443

beacons.gvt2.com

https

chrome.exe

4.1kB
8.7kB
12
14
8.8.8.8:53

beacons.gcp.gvt2.com

dns

chrome.exe

66 B
112 B
1
1

DNS Request

beacons.gcp.gvt2.com

DNS Response

172.217.169.67
172.217.169.67:443

beacons.gcp.gvt2.com

https

chrome.exe

5.5kB
4.2kB
20
20
172.217.169.67:443

beacons.gcp.gvt2.com

https

chrome.exe

4.2kB
3.6kB
9
9

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
65KB

MD5
68b24c33a1084c384158245ee07e703f

SHA1
1f40cdfc988534806606faf81344ba79a1528ed9

SHA256
f95947735f1ba1e43b46a1ddc7229b71d37aee7821495f87f1f2d25563d47fcc

SHA512
1af1c596736b46a538a06285196d05054c062f29335080d136d325dc305d2d65d266517386d8d54a37de94036c878d9ababa76d9a5f5e8d8d07236d5ac0bb9ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
19KB

MD5
9d43bb045f7444664c73333b4fc58220

SHA1
bdcf0fc36256f6893fc367dac9e4e439a78cd370

SHA256
f9034ce9158cc96e9733081513717b58b14f843d82bc6b06e89e8e421f68f7da

SHA512
fd886e47eb0ba8401db2f8a8fca40a3d046922e6825f200f6cbebed7f8a79d09f8f8f65cbb9a3e8d2eb7e36470bac0f8c185898084cecdde59b4997ac1ac41af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
adccc00ec1193be82a05d732e187c518

SHA1
b2039d47df1638d88620ecbddd9be13a24050e3b

SHA256
5d6dfb9d9ed1241a7a89f9bc4797b8a35c6e138af770c49befcd6a86617b3bdb

SHA512
cf7776dadc65e39ad5f1c7d0e8f15b8450b56cb64ab6821368636421b072909d8bf9a3ae1626b5848a02c71acc4f65baca815f55365759c7e1c516ee9f13a91f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
810ef888e593d31b5b95ec1c36c0ffa6

SHA1
61f39e25915f43a2be5602ff972928a8363e4cbb

SHA256
b24e4f741270ad7527ceafc7ed3adb1589544b891ffa9860d168598082ccc2ba

SHA512
be6fc78ceab3ea86de5bba7bd29fdacb71cf61daced70d514febfcc692e781d6cd9d0d46be28f0cb73fa692d7b3f04ea54c95bb6d066369edeed7cb947ddfb64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f3bdb785d3afb8154fa0b70605595bb3

SHA1
20ec915d29150adccdfaedb038bbd94f15ed379b

SHA256
6e1165ca77e39030781de38850b3c71e2ddb2362aab68ea764b90616a2322ab6

SHA512
cceabdbcb360e416afe70bf9e0e7df5ec6522fc895fcffda1a9f81b201df3629f45643f64ac4d0a9a7f713cb7907337632201707e8c72eb6f891789eab2bee30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
fd43f81d2de187555a8bf4b19617c9a5

SHA1
00956f782e66b12777a01c3a9f729750de349bde

SHA256
25611c6fedc5e1bb2dcdfba2dec1450bb3785ef6781a53b16f97a000d4a13189

SHA512
70fe6bbfdd4f7f680b94579e182852253e167004cba5e0d44ae33407c5361f40bad58db822b16530edaea6fe54c88849e2f806eeb0742a17a2d3fd8245f5be56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
965566f30f02cb83d32d1eb62a778f5c

SHA1
1032463f0193174e3020eaff3efca4cfeeadc65f

SHA256
236da5b6d6f0c807e7e222773a956d0ccc913459b4e096fdd57a5c5f1a1ae173

SHA512
a306d6ed37915c1f9e13713b84599e3888e6163c32114a85ebcf263c5e296d3c94a8efce20b5077fd8be1485d5156c4f197e29d4096d135a378c46b1294e5069

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
84c708033eda6aa8d6de46eacc2c23b3

SHA1
3bb27cb4d22a3aaeb72d986a20e0234202107c94

SHA256
c0ebdb8b15f6ef4669c072d4bc2981489d66ef2eeb94c9e18b1cb44a4aceabd6

SHA512
056852c671e77d38d4f4885df1cd8c2a87043682d262270a080ebea5278a0103499203139c9baf4a99613c82e542fdee3367dcac169b276af08eabd89d2b37a3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request