hxxp://Google[.]com

Analysis

max time kernel
2699s
max time network
2685s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
24/04/2024, 16:12 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Google.com

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
123	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133584488058452489"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe
2500	chrome.exe
2500	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeCreatePagefilePrivilege	2624	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 3000	2624	chrome.exe	85
PID 2624 wrote to memory of 3000	2624	chrome.exe	85
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 2288	2624	chrome.exe	86
PID 2624 wrote to memory of 3400	2624	chrome.exe	87
PID 2624 wrote to memory of 3400	2624	chrome.exe	87
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88
PID 2624 wrote to memory of 5060	2624	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://Google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd71e7ab58,0x7ffd71e7ab68,0x7ffd71e7ab78
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1980,i,18078995752560258465,5753876167278941562,131072 /prefetch:2
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1980,i,18078995752560258465,5753876167278941562,131072 /prefetch:8
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1980,i,18078995752560258465,5753876167278941562,131072 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2756 --field-trial-handle=1980,i,18078995752560258465,5753876167278941562,131072 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2764 --field-trial-handle=1980,i,18078995752560258465,5753876167278941562,131072 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4308 --field-trial-handle=1980,i,18078995752560258465,5753876167278941562,131072 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1980,i,18078995752560258465,5753876167278941562,131072 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4320 --field-trial-handle=1980,i,18078995752560258465,5753876167278941562,131072 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4992 --field-trial-handle=1980,i,18078995752560258465,5753876167278941562,131072 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4980 --field-trial-handle=1980,i,18078995752560258465,5753876167278941562,131072 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4168 --field-trial-handle=1980,i,18078995752560258465,5753876167278941562,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2500

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3532

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x350 0x3dc
1⤵
PID:3568

Network

DNS

google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

142.250.179.238
GET

http://google.com/

chrome.exe

Remote address:

142.250.179.238:80

Request

GET / HTTP/1.1
Host: google.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 301 Moved Permanently

Location: http://www.google.com/
Content-Type: text/html; charset=UTF-8
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-pewq46tjqs-LKMvd6_f9hw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
Permissions-Policy: unload=()
Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
Date: Wed, 24 Apr 2024 16:13:21 GMT
Expires: Fri, 24 May 2024 16:13:21 GMT
Cache-Control: public, max-age=2592000
Server: gws
Content-Length: 219
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
DNS

www.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

216.58.204.68
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

0.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.159.190.20.in-addr.arpa

IN PTR

Response
DNS

238.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.179.250.142.in-addr.arpa

IN PTR

Response

238.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f141e100net
DNS

234.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.187.250.142.in-addr.arpa

IN PTR

Response

234.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f101e100net
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=efc0472351a54e058c8298dd831057b3&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=efc0472351a54e058c8298dd831057b3&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=15637C9F5AA469972B2068F45B83682D; domain=.bing.com; expires=Mon, 19-May-2025 16:13:23 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DE069542DF0646F68BCFA3C42FAF9370 Ref B: LON04EDGE0713 Ref C: 2024-04-24T16:13:23Z
date: Wed, 24 Apr 2024 16:13:22 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=efc0472351a54e058c8298dd831057b3&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=efc0472351a54e058c8298dd831057b3&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=15637C9F5AA469972B2068F45B83682D

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=DaKDiSmvF3Oz-YggApBnt9Ov3yzqSnFQ-Iqhq3dLuE4; domain=.bing.com; expires=Mon, 19-May-2025 16:13:23 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7749F65C67354D8A82810614E0ABA78B Ref B: LON04EDGE0713 Ref C: 2024-04-24T16:13:23Z
date: Wed, 24 Apr 2024 16:13:22 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=efc0472351a54e058c8298dd831057b3&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=efc0472351a54e058c8298dd831057b3&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=15637C9F5AA469972B2068F45B83682D; MSPTC=DaKDiSmvF3Oz-YggApBnt9Ov3yzqSnFQ-Iqhq3dLuE4

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 378905D8D95D4B82A464D71CEE522871 Ref B: LON04EDGE0713 Ref C: 2024-04-24T16:13:23Z
date: Wed, 24 Apr 2024 16:13:23 GMT
DNS

68.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.204.58.216.in-addr.arpa

IN PTR

Response

68.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f681e100net

68.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f4�H

68.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f4�H
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

35.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.200.250.142.in-addr.arpa

IN PTR

Response

35.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f31e100net
DNS

content-autofill.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

172.217.169.10

content-autofill.googleapis.com

IN A

216.58.212.202

content-autofill.googleapis.com

IN A

172.217.169.74

content-autofill.googleapis.com

IN A

172.217.169.42

content-autofill.googleapis.com

IN A

142.250.179.234

content-autofill.googleapis.com

IN A

142.250.180.10

content-autofill.googleapis.com

IN A

142.250.187.202

content-autofill.googleapis.com

IN A

142.250.187.234

content-autofill.googleapis.com

IN A

142.250.200.42

content-autofill.googleapis.com

IN A

172.217.16.234

content-autofill.googleapis.com

IN A

142.250.200.10

content-autofill.googleapis.com

IN A

142.250.178.10

content-autofill.googleapis.com

IN A

216.58.201.106

content-autofill.googleapis.com

IN A

216.58.204.74
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTEwLjAuNTQ4MS4xMDQSEAn11VQ7sgCk8RIFDWlIR0c=?alt=proto

chrome.exe

Remote address:

172.217.169.10:443

Request

GET /v1/pages/ChVDaHJvbWUvMTEwLjAuNTQ4MS4xMDQSEAn11VQ7sgCk8RIFDWlIR0c=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CLqIywE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTEwLjAuNTQ4MS4xMDQSEAkF4z3jqyy9UxIFDYS_YqQ=?alt=proto

chrome.exe

Remote address:

172.217.169.10:443

Request

GET /v1/pages/ChVDaHJvbWUvMTEwLjAuNTQ4MS4xMDQSEAkF4z3jqyy9UxIFDYS_YqQ=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CLqIywE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

10.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.169.217.172.in-addr.arpa

IN PTR

Response

10.169.217.172.in-addr.arpa

IN PTR

lhr25s26-in-f101e100net
DNS

10.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.169.217.172.in-addr.arpa

IN PTR
DNS

10.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.169.217.172.in-addr.arpa

IN PTR
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR
DNS

apis.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.187.206
DNS

3.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.200.250.142.in-addr.arpa

IN PTR

Response

3.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f31e100net
DNS

3.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.200.250.142.in-addr.arpa

IN PTR
DNS

206.221.208.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.221.208.4.in-addr.arpa

IN PTR

Response
DNS

206.221.208.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.221.208.4.in-addr.arpa

IN PTR
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

21.114.53.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.114.53.23.in-addr.arpa

IN PTR

Response

21.114.53.23.in-addr.arpa

IN PTR

a23-53-114-21deploystaticakamaitechnologiescom
DNS

209.205.72.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.205.72.20.in-addr.arpa

IN PTR

Response
DNS

consent.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

consent.google.com

IN A

Response

consent.google.com

IN A

216.58.212.206
POST

https://consent.google.com/save?continue=https://www.google.com/&gl=UK&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20240417-0_RC5&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true

chrome.exe

Remote address:

216.58.212.206:443

Request

POST /save?continue=https://www.google.com/&gl=UK&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20240417-0_RC5&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true HTTP/2.0
host: consent.google.com
content-length: 0
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.google.com
x-client-data: CLqIywE=
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: AEC=AQTF6HxoOsgvwqipYUsyvY_mt7eQkQc0-ayt--kpeCcm5F4R17RzcIb-X8o
cookie: __Secure-ENID=19.SE=Tju4yxBxU0OGp8TJyPWpt1AGkTlxPlS-hXoJV_W3fsdv4ydNJ-DoJ28ipj_pBFLPKk8cWEkVo22xlOJin3wRtNNZCGFdxLpC7kfDHhMRouWCw2fIw4K7yMr-z3JkEaxmY3hsFltCQ06kkUYyRllBrGPkMAOzgXvAzBs2MooWmcjX6Yg3fI0vKEBBLDdseTxOqNePauA
cookie: SOCS=CAISHAgBEhJnd3NfMjAyNDA0MTctMF9SQzUaAmVuIAEaBgiAl6GxBg
DNS

206.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.212.58.216.in-addr.arpa

IN PTR

Response

206.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f141e100net

206.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f14�I

206.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f206�I
DNS

228.249.119.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

228.249.119.40.in-addr.arpa

IN PTR

Response
DNS

encrypted-tbn0.gstatic.com

chrome.exe

Remote address:

8.8.8.8:53

Request

encrypted-tbn0.gstatic.com

IN A

Response

encrypted-tbn0.gstatic.com

IN A

142.250.179.238
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcR7zHBCyMzjCh5BOAXTsQVI-sGc60YzQ75_jCvjB7Y&s=10

chrome.exe

Remote address:

142.250.179.238:443

Request

GET /images?q=tbn:ANd9GcR7zHBCyMzjCh5BOAXTsQVI-sGc60YzQ75_jCvjB7Y&s=10 HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CLqIywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTIMN7m5lIt5LnQKNTxpom5_4T7PpPM4qC-MwK15nA&s=10

chrome.exe

Remote address:

142.250.179.238:443

Request

GET /images?q=tbn:ANd9GcTIMN7m5lIt5LnQKNTxpom5_4T7PpPM4qC-MwK15nA&s=10 HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CLqIywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTI1T2098jI7mr1NxhOU4RSBivUGvlq6a2Lkxg0Lmw&s=10

chrome.exe

Remote address:

142.250.179.238:443

Request

GET /images?q=tbn:ANd9GcTI1T2098jI7mr1NxhOU4RSBivUGvlq6a2Lkxg0Lmw&s=10 HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CLqIywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSEjPuDQBNQpsW_BOtWcGhLm568wQe9F3iIVfFMWA0&s=10

chrome.exe

Remote address:

142.250.179.238:443

Request

GET /images?q=tbn:ANd9GcSEjPuDQBNQpsW_BOtWcGhLm568wQe9F3iIVfFMWA0&s=10 HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CLqIywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRHc-_daLHkgWkUAxfVhCzcvBitHx_i5ioqEQryNg0&s=10

chrome.exe

Remote address:

142.250.179.238:443

Request

GET /images?q=tbn:ANd9GcRHc-_daLHkgWkUAxfVhCzcvBitHx_i5ioqEQryNg0&s=10 HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CLqIywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTHY2D1_Fe5dnns_rulBDvzV6B9UXt4067guI4BKP8&s=10

chrome.exe

Remote address:

142.250.179.238:443

Request

GET /images?q=tbn:ANd9GcTHY2D1_Fe5dnns_rulBDvzV6B9UXt4067guI4BKP8&s=10 HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CLqIywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTd2xNKTRDrixys46WrrWHWIHoZxp45AEOX18fNbwo&s=10

chrome.exe

Remote address:

142.250.179.238:443

Request

GET /images?q=tbn:ANd9GcTd2xNKTRDrixys46WrrWHWIHoZxp45AEOX18fNbwo&s=10 HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CLqIywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRsVbma3W9rXZk1XA7RT6vibRnf-4pDp79KgnGY97A&s=10

chrome.exe

Remote address:

142.250.179.238:443

Request

GET /images?q=tbn:ANd9GcRsVbma3W9rXZk1XA7RT6vibRnf-4pDp79KgnGY97A&s=10 HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CLqIywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQ3WnmO_JBn18tWsjc8LRmQ0FRWSG7HidgYgNKPODs&s=10

chrome.exe

Remote address:

142.250.179.238:443

Request

GET /images?q=tbn:ANd9GcQ3WnmO_JBn18tWsjc8LRmQ0FRWSG7HidgYgNKPODs&s=10 HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CLqIywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSvuwA5M_KrxCcyvrdoEzf9wg5oA6ZEhOLgm-s3cfk&s=10

chrome.exe

Remote address:

142.250.179.238:443

Request

GET /images?q=tbn:ANd9GcSvuwA5M_KrxCcyvrdoEzf9wg5oA6ZEhOLgm-s3cfk&s=10 HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CLqIywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQgSQhRk14EPJHSTX-Pn1EatXhuT-6XXt9REYezhReQMrWijqCVJJoyR-U&s=10

chrome.exe

Remote address:

142.250.179.238:443

Request

GET /images?q=tbn:ANd9GcQgSQhRk14EPJHSTX-Pn1EatXhuT-6XXt9REYezhReQMrWijqCVJJoyR-U&s=10 HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CLqIywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcR55q_iTpFEgvEb0bqsjLvSyY5wWJF_nLCy5xruY-Q&s=10

chrome.exe

Remote address:

142.250.179.238:443

Request

GET /images?q=tbn:ANd9GcR55q_iTpFEgvEb0bqsjLvSyY5wWJF_nLCy5xruY-Q&s=10 HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CLqIywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSE7y_clp9I4XEFxl3kT-NeWEe--QzPEj9G9gk7NW4&s=10

chrome.exe

Remote address:

142.250.179.238:443

Request

GET /images?q=tbn:ANd9GcSE7y_clp9I4XEFxl3kT-NeWEe--QzPEj9G9gk7NW4&s=10 HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CLqIywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTfMiXvFfQngv8wNO2GQ1aCHA4iv38xalrhNF_6PkvJW1SJQaPws1Q99oI&s=10

chrome.exe

Remote address:

142.250.179.238:443

Request

GET /images?q=tbn:ANd9GcTfMiXvFfQngv8wNO2GQ1aCHA4iv38xalrhNF_6PkvJW1SJQaPws1Q99oI&s=10 HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CLqIywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRBXlFrPOOlbus20zPphqvWkLqIB9KqzawXth8s4jpbwyxWN6GAQ88AtaQ&s=10

chrome.exe

Remote address:

142.250.179.238:443

Request

GET /images?q=tbn:ANd9GcRBXlFrPOOlbus20zPphqvWkLqIB9KqzawXth8s4jpbwyxWN6GAQ88AtaQ&s=10 HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CLqIywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQudzlh09KVTIL0jVtePGkiEH2TZJTTo0VsSw4QugFPzo6395RopkiDmMc&s=10

chrome.exe

Remote address:

142.250.179.238:443

Request

GET /images?q=tbn:ANd9GcQudzlh09KVTIL0jVtePGkiEH2TZJTTo0VsSw4QugFPzo6395RopkiDmMc&s=10 HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CLqIywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQgOvqiB1YKC4QkK154HLxT02fjxpp4bUe8n70leoLZgTyQ3x5G1eSXjRI&s=10

chrome.exe

Remote address:

142.250.179.238:443

Request

GET /images?q=tbn:ANd9GcQgOvqiB1YKC4QkK154HLxT02fjxpp4bUe8n70leoLZgTyQ3x5G1eSXjRI&s=10 HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CLqIywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcS3aZVMmndRXYkgklgLdK_kiOP8aA-flGQmjuCpBW0aYrdYC9vDdbIfLU4&s=10

chrome.exe

Remote address:

142.250.179.238:443

Request

GET /images?q=tbn:ANd9GcS3aZVMmndRXYkgklgLdK_kiOP8aA-flGQmjuCpBW0aYrdYC9vDdbIfLU4&s=10 HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CLqIywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQEQ6ZxeUTKP_ASALZHdopWgsT9awWgtXoSRDIV5hRYZCfL5p1wZJTo&s=10

chrome.exe

Remote address:

142.250.179.238:443

Request

GET /images?q=tbn:ANd9GcQEQ6ZxeUTKP_ASALZHdopWgsT9awWgtXoSRDIV5hRYZCfL5p1wZJTo&s=10 HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CLqIywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSK1jhUTAYGJJ_gi9VJX0-cEYFLFtppbnNfMLlaTgw&s=10

chrome.exe

Remote address:

142.250.179.238:443

Request

GET /images?q=tbn:ANd9GcSK1jhUTAYGJJ_gi9VJX0-cEYFLFtppbnNfMLlaTgw&s=10 HTTP/2.0
host: encrypted-tbn0.gstatic.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CLqIywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

id.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

id.google.com

IN A

Response

id.google.com

IN A

216.58.212.195
DNS

id.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

id.google.com

IN A

Response

id.google.com

IN A

216.58.212.195
GET

https://id.google.com/verify/AAtmn1YvFX_oJWdDxchOliQqxwc7yxbKou9TdHjcpcAjOyn6tjXQQHnp4PxBdFZsoTQsUU2tYg1TuOZbNba7phcbEJ7NjsjbnnulbuUIV3oXk1pgmQ

chrome.exe

Remote address:

216.58.212.195:443

Request

GET /verify/AAtmn1YvFX_oJWdDxchOliQqxwc7yxbKou9TdHjcpcAjOyn6tjXQQHnp4PxBdFZsoTQsUU2tYg1TuOZbNba7phcbEJ7NjsjbnnulbuUIV3oXk1pgmQ HTTP/2.0
host: id.google.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CLqIywE=
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: AEC=AQTF6HxoOsgvwqipYUsyvY_mt7eQkQc0-ayt--kpeCcm5F4R17RzcIb-X8o
cookie: SOCS=CAISHAgBEhJnd3NfMjAyNDA0MTctMF9SQzUaAmVuIAEaBgiAl6GxBg
cookie: NID=513=ccr9NRMvRXAc8U6BsQngrfkIUG_MEsO6RtUrgL4_VmtYUH7M-gRylUV0qOkpsVDRB0XlGE_jRGGAo9EIPF5XPwKlW4-YuRaz5LYQBRNvdcIKUZr3qePLFAQRI15E_9p6WFwizL-Nv7ExTobAXt9LPCnjIy48yfUJmApCRy4LoUfKbVeQt72BneHFgiGyUKcSzJxV
DNS

195.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.212.58.216.in-addr.arpa

IN PTR

Response

195.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f31e100net

195.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f3�H

195.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f195�H
DNS

195.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.212.58.216.in-addr.arpa

IN PTR
DNS

now.gg

chrome.exe

Remote address:

8.8.8.8:53

Request

now.gg

IN A

Response

now.gg

IN A

18.66.171.21

now.gg

IN A

18.66.171.121

now.gg

IN A

18.66.171.97

now.gg

IN A

18.66.171.76
DNS

now.gg

chrome.exe

Remote address:

8.8.8.8:53

Request

now.gg

IN A

Response

now.gg

IN A

18.66.171.21

now.gg

IN A

18.66.171.121

now.gg

IN A

18.66.171.97

now.gg

IN A

18.66.171.76
GET

https://now.gg/

chrome.exe

Remote address:

18.66.171.21:443

Request

GET / HTTP/2.0
host: now.gg
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://www.google.com/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/html; charset=utf-8
server: CloudFront
date: Wed, 24 Apr 2024 14:04:04 GMT
x-dns-prefetch-control: on
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
cache-control: max-age=604800
origin-trial: AvMr6po3gTaT4OpuXfY9YTGvZbqaucNa2efqoqhBqnGeCzR7LaTl2jfFSLKXe5bAeNVZ5LQd9VzK67nt82sdrQsAAABweyJvcmlnaW4iOiJodHRwczovL25vdy5nZzo0NDMiLCJmZWF0dXJlIjoiVW5yZXN0cmljdGVkU2hhcmVkQXJyYXlCdWZmZXIiLCJleHBpcnkiOjE3MTkzNTk5OTksImlzU3ViZG9tYWluIjp0cnVlfQ==
etag: W/"4419a-MtlWwhN8mCJ3s0lOTASB/BhdjSY"
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 33388636a7cb2afa812b276d900f88d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: QkB65fnqjzqFRHWkzO2-bgVCKNG6O4KH-WxzsOTeBR4jnXiiDE5x0g==
age: 7792
GET

https://now.gg/4/play/assets/_next/static/css/3d0ae4c613f4697f.css

chrome.exe

Remote address:

18.66.171.21:443

Request

GET /4/play/assets/_next/static/css/3d0ae4c613f4697f.css HTTP/2.0
host: now.gg
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/css; charset=UTF-8
vary: Accept-Encoding
date: Wed, 24 Apr 2024 16:13:56 GMT
x-dns-prefetch-control: on
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 24 Apr 2024 11:59:33 GMT
etag: W/"5c5a-18f0ff9b088"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 33388636a7cb2afa812b276d900f88d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 7qzh0E889L-vlLaj7-5jPZ-4gjng2iNcjkVWEK5dy-5YUk3RZpO67w==
POST

https://now.gg/4/api/play/v1/reportEvent

chrome.exe

Remote address:

18.66.171.21:443

Request

POST /4/api/play/v1/reportEvent HTTP/2.0
host: now.gg
content-length: 785
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
x-ngg-skip-evar-check: false
content-type: application/json
sec-ch-ua-mobile: ?0
x-ngg-fe-version: berlin-v1.29.260.2
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://now.gg
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript; charset=UTF-8
content-length: 4855
date: Wed, 24 Apr 2024 16:13:57 GMT
x-dns-prefetch-control: on
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Wed, 24 Apr 2024 11:59:33 GMT
etag: W/"12f7-18f0ff9b088"
x-cache: Miss from cloudfront
via: 1.1 33388636a7cb2afa812b276d900f88d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: o5xW_fop4v6oZb86iVzdZ203jvGTmzGl8RFk9MigPLYzzpKfAbxcjw==
GET

https://now.gg/4/play/assets/_next/static/chunks/387-f6254b434f9fd859.js

chrome.exe

Remote address:

18.66.171.21:443

Request

GET /4/play/assets/_next/static/chunks/387-f6254b434f9fd859.js HTTP/2.0
host: now.gg
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript; charset=UTF-8
content-length: 108120
date: Wed, 24 Apr 2024 16:13:57 GMT
x-dns-prefetch-control: on
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Wed, 24 Apr 2024 11:59:33 GMT
etag: W/"1a658-18f0ff9b088"
x-cache: Miss from cloudfront
via: 1.1 33388636a7cb2afa812b276d900f88d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 8-qK1OjgPq6cjBy0UGp0QCDf4pg7MazX13lbI5-xSUY_VWgr5c0xbA==
GET

https://now.gg/4/play/assets/_next/static/chunks/977-ec7a464880d8438b.js

chrome.exe

Remote address:

18.66.171.21:443

Request

GET /4/play/assets/_next/static/chunks/977-ec7a464880d8438b.js HTTP/2.0
host: now.gg
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript; charset=UTF-8
content-length: 24925
date: Wed, 24 Apr 2024 16:13:57 GMT
x-dns-prefetch-control: on
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Wed, 24 Apr 2024 11:59:33 GMT
etag: W/"615d-18f0ff9b088"
x-cache: Miss from cloudfront
via: 1.1 33388636a7cb2afa812b276d900f88d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: ompDd09j5Q7SbaUOy7pT0NOqvv-8XDC5O82Dyq6WMkOIpjdEj8sxAA==
GET

https://now.gg/4/play/assets/_next/static/chunks/761.48273ba4ec340813.js

chrome.exe

Remote address:

18.66.171.21:443

Request

GET /4/play/assets/_next/static/chunks/761.48273ba4ec340813.js HTTP/2.0
host: now.gg
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript; charset=UTF-8
content-length: 187047
date: Wed, 24 Apr 2024 16:13:57 GMT
x-dns-prefetch-control: on
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Wed, 24 Apr 2024 11:59:33 GMT
etag: W/"2daa7-18f0ff9b088"
x-cache: Miss from cloudfront
via: 1.1 33388636a7cb2afa812b276d900f88d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: -bWHlAAc0tjTxy6iuORvWj7BkB9qSuZgvkdoN7ksYBJJUaA0E9MCoQ==
GET

https://now.gg/4/play/assets/_next/static/chunks/342.a04cdb571dd2fb92.js

chrome.exe

Remote address:

18.66.171.21:443

Request

GET /4/play/assets/_next/static/chunks/342.a04cdb571dd2fb92.js HTTP/2.0
host: now.gg
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript; charset=UTF-8
content-length: 87449
date: Wed, 24 Apr 2024 16:13:57 GMT
x-dns-prefetch-control: on
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Wed, 24 Apr 2024 11:59:33 GMT
etag: W/"15599-18f0ff9b088"
x-cache: Miss from cloudfront
via: 1.1 33388636a7cb2afa812b276d900f88d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: v-eOI70jWxwzlSR83r7DG12LWx_vctQguOV7cV9XJaidxIi_1zfSgQ==
GET

https://now.gg/4/play/assets/_next/static/chunks/880-d27f1c351dda280d.js

chrome.exe

Remote address:

18.66.171.21:443

Request

GET /4/play/assets/_next/static/chunks/880-d27f1c351dda280d.js HTTP/2.0
host: now.gg
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript; charset=UTF-8
content-length: 29649
date: Wed, 24 Apr 2024 16:13:57 GMT
x-dns-prefetch-control: on
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Wed, 24 Apr 2024 11:59:33 GMT
etag: W/"73d1-18f0ff9b088"
x-cache: Miss from cloudfront
via: 1.1 33388636a7cb2afa812b276d900f88d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: UkXX7ZZsx13oMRb9KflvK3uYhAl2xZz7s-kOwy8bXWOINwuRg9AtUw==
GET

https://now.gg/4/play/assets/_next/static/chunks/762.bf3c4693a9b035d5.js

chrome.exe

Remote address:

18.66.171.21:443

Request

GET /4/play/assets/_next/static/chunks/762.bf3c4693a9b035d5.js HTTP/2.0
host: now.gg
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript; charset=UTF-8
content-length: 77
date: Wed, 24 Apr 2024 16:13:57 GMT
x-dns-prefetch-control: on
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Wed, 24 Apr 2024 11:59:33 GMT
etag: W/"4d-18f0ff9b088"
x-cache: Miss from cloudfront
via: 1.1 33388636a7cb2afa812b276d900f88d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: P3FeOSZtVq-HkYaVrRqp48ZNtYnc09vPz3dXXJh41iQbhkFNrUOegw==
GET

https://now.gg/4/play/assets/_next/static/chunks/webpack-863ad52a87b32f60.js

chrome.exe

Remote address:

18.66.171.21:443

Request

GET /4/play/assets/_next/static/chunks/webpack-863ad52a87b32f60.js HTTP/2.0
host: now.gg
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript; charset=UTF-8
content-length: 332
date: Wed, 24 Apr 2024 16:13:57 GMT
x-dns-prefetch-control: on
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Wed, 24 Apr 2024 11:59:33 GMT
etag: W/"14c-18f0ff9b088"
x-cache: Miss from cloudfront
via: 1.1 33388636a7cb2afa812b276d900f88d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: Ze_XTvhszzx1ycI4anZRKJsnzDXgGe3CsXnTtOma2bPR1zcv0cwnMQ==
GET

https://now.gg/4/play/assets/_next/static/chunks/framework-0e1b29c5be962d52.js

chrome.exe

Remote address:

18.66.171.21:443

Request

GET /4/play/assets/_next/static/chunks/framework-0e1b29c5be962d52.js HTTP/2.0
host: now.gg
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript; charset=UTF-8
content-length: 9831690
date: Wed, 24 Apr 2024 16:13:57 GMT
x-dns-prefetch-control: on
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Wed, 24 Apr 2024 11:59:33 GMT
etag: W/"96050a-18f0ff9b088"
x-cache: Miss from cloudfront
via: 1.1 33388636a7cb2afa812b276d900f88d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: lEcbrwKAEhxUAQCfspqsjbcDV1tXV-cECajyjupFEgt8eLwpYNnmnA==
GET

https://now.gg/4/play/assets/_next/static/chunks/main-d59f0ad61824b1ab.js

chrome.exe

Remote address:

18.66.171.21:443

Request

GET /4/play/assets/_next/static/chunks/main-d59f0ad61824b1ab.js HTTP/2.0
host: now.gg
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript; charset=UTF-8
content-length: 92
date: Wed, 24 Apr 2024 16:13:57 GMT
x-dns-prefetch-control: on
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Wed, 24 Apr 2024 12:01:28 GMT
etag: W/"5c-18f0ffb71c0"
x-cache: Miss from cloudfront
via: 1.1 33388636a7cb2afa812b276d900f88d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: qCCpLbLVzC3i4VZbYoquRo18jVA15a3JK3mnbeF7B2Whbe-54OA8cw==
GET

https://now.gg/4/play/assets/_next/static/chunks/pages/_app-6b4509ba4647772b.js

chrome.exe

Remote address:

18.66.171.21:443

Request

GET /4/play/assets/_next/static/chunks/pages/_app-6b4509ba4647772b.js HTTP/2.0
host: now.gg
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript; charset=UTF-8
content-length: 1864
date: Wed, 24 Apr 2024 16:13:57 GMT
x-dns-prefetch-control: on
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Wed, 24 Apr 2024 11:59:33 GMT
etag: W/"748-18f0ff9b088"
x-cache: Miss from cloudfront
via: 1.1 33388636a7cb2afa812b276d900f88d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: _n7YYSxw2NctgwKSPtZB2CvU__OCcnV5_LIPfM1Ms0LSoF3DadnVLQ==
GET

https://now.gg/4/play/assets/_next/static/chunks/744-820c4e9d6c74878d.js

chrome.exe

Remote address:

18.66.171.21:443

Request

GET /4/play/assets/_next/static/chunks/744-820c4e9d6c74878d.js HTTP/2.0
host: now.gg
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/png
content-length: 42365
date: Wed, 24 Apr 2024 16:13:57 GMT
x-dns-prefetch-control: on
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
last-modified: Wed, 24 Apr 2024 11:59:32 GMT
etag: W/"a57d-18f0ff9aca0"
x-cache: Miss from cloudfront
via: 1.1 33388636a7cb2afa812b276d900f88d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: mG1YXaSNVqEeXHT1ua35ID2L53Em-4jNBUEilEWyzpqSiYafTBEx8g==
GET

https://now.gg/4/play/assets/_next/static/chunks/935-4b9e2d1de342a001.js

chrome.exe

Remote address:

18.66.171.21:443

Request

GET /4/play/assets/_next/static/chunks/935-4b9e2d1de342a001.js HTTP/2.0
host: now.gg
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
date: Wed, 24 Apr 2024 16:13:57 GMT
x-dns-prefetch-control: on
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 24 Apr 2024 11:59:33 GMT
etag: W/"368c-18f0ff9b088"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 33388636a7cb2afa812b276d900f88d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: qPyFWF9Pv9lN3Iobbde-3eXanjURrYP09I1saR3NklUVw4eyyHFOOA==
GET

https://now.gg/4/play/assets/_next/static/chunks/791-9b9ba1ed595f533a.js

chrome.exe

Remote address:

18.66.171.21:443

Request

GET /4/play/assets/_next/static/chunks/791-9b9ba1ed595f533a.js HTTP/2.0
host: now.gg
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
date: Wed, 24 Apr 2024 16:13:57 GMT
x-dns-prefetch-control: on
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 24 Apr 2024 11:59:33 GMT
etag: W/"607f-18f0ff9b088"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 33388636a7cb2afa812b276d900f88d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 8Le76WDeJX4CjdA0lsVO43IEWmBhqh6wU8p3DG_lsCKKMfGJMVh04g==
GET

https://now.gg/4/play/assets/_next/static/chunks/pages/browse-524736e549a67608.js

chrome.exe

Remote address:

18.66.171.21:443

Request

GET /4/play/assets/_next/static/chunks/pages/browse-524736e549a67608.js HTTP/2.0
host: now.gg
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
date: Wed, 24 Apr 2024 16:13:57 GMT
x-dns-prefetch-control: on
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 24 Apr 2024 11:59:33 GMT
etag: W/"20c2-18f0ff9b088"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 33388636a7cb2afa812b276d900f88d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: sE1MPtRrkw1CEzKrUNfc3Yb7hAUHE2pQ75A1gXBToYPyeOprbRuS-g==
GET

https://now.gg/4/play/assets/_next/static/hYwyX6eoqb0OVWs2wk_ns/_buildManifest.js

chrome.exe

Remote address:

18.66.171.21:443

Request

GET /4/play/assets/_next/static/hYwyX6eoqb0OVWs2wk_ns/_buildManifest.js HTTP/2.0
host: now.gg
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
date: Wed, 24 Apr 2024 16:13:57 GMT
x-dns-prefetch-control: on
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 24 Apr 2024 11:59:33 GMT
etag: W/"3480-18f0ff9b088"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 33388636a7cb2afa812b276d900f88d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: c7cNyoH_CndFJUwWpPIlUBuTNnRyJH_Bq-8cC7lEVDpA7XX45ETYvQ==
GET

https://now.gg/4/play/assets/_next/static/hYwyX6eoqb0OVWs2wk_ns/_ssgManifest.js

chrome.exe

Remote address:

18.66.171.21:443

Request

GET /4/play/assets/_next/static/hYwyX6eoqb0OVWs2wk_ns/_ssgManifest.js HTTP/2.0
host: now.gg
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
date: Wed, 24 Apr 2024 16:13:57 GMT
x-dns-prefetch-control: on
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 24 Apr 2024 11:59:33 GMT
etag: W/"489-18f0ff9b088"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 33388636a7cb2afa812b276d900f88d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: HE6SSb-NaSAZLCPJlrFNrIoL_JoJVLxgeZjcLxpLN-l6re1xbueFXA==
GET

https://now.gg/4/play/assets/_next/static/hYwyX6eoqb0OVWs2wk_ns/_middlewareManifest.js

chrome.exe

Remote address:

18.66.171.21:443

Request

GET /4/play/assets/_next/static/hYwyX6eoqb0OVWs2wk_ns/_middlewareManifest.js HTTP/2.0
host: now.gg
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
date: Wed, 24 Apr 2024 16:13:57 GMT
x-dns-prefetch-control: on
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
cache-control: public, max-age=31536000, immutable
last-modified: Wed, 24 Apr 2024 11:59:33 GMT
etag: W/"24ab-18f0ff9b088"
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 33388636a7cb2afa812b276d900f88d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: GuzPQ0D_FqbsQDlDMT6iZeURNoaVvuEyl0iGfmCKEyAKzXhDGW9RUQ==
GET

https://now.gg/4/play/assets/_next/static/media/hue.e6540d39.png

chrome.exe

Remote address:

18.66.171.21:443

Request

GET /4/play/assets/_next/static/media/hue.e6540d39.png HTTP/2.0
host: now.gg
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
content-length: 93
date: Wed, 24 Apr 2024 16:13:57 GMT
x-cache: Miss from cloudfront
via: 1.1 33388636a7cb2afa812b276d900f88d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: jEzfejQ-Al3MbUP64fQK4a1mWbnpa7Mk0t6ZjXjIecJsFXFq0oZcNw==
POST

https://now.gg/4/api/play/v1/reportEvent

chrome.exe

Remote address:

18.66.171.21:443

Request

POST /4/api/play/v1/reportEvent HTTP/2.0
host: now.gg
content-length: 999
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
x-ngg-skip-evar-check: true
content-type: application/json
sec-ch-ua-mobile: ?0
x-ngg-fe-version: berlin-v1.29.260.2
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://now.gg
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: usprivacy=1Y--
cookie: euconsent-v2=CP9kvMAP9kvMAAKA0AENAxEgAAAAAEPgACiQAAAUNALMNCogD7IkJCDQMIoEAKgrCAigQAAAAkDRAQAmDAp2BgEusJEAIAUAAwQAgABRkACAAASABCIAJACgQAAQCBQAAgAACAQAMDAAGACwEAgABAdAhTAggUCwASMyIhTAhCgSCAlsqEEgCBBXCEIs8CCAREwUAAAJABWAAICwWBxJICViQQJcQbQAAEACAQQgVCKTswBBAmbLVXiibRlaQFo-cAAA.YAAAAAAAAAAA
cookie: addtl_consent=1~
cookie: _ga=GA1.1.1556258050.1713975245
cookie: _ga_8VVPTD9ZTY=GS1.1.1713975244.1.0.1713975244.0.0.0

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
content-length: 20
date: Wed, 24 Apr 2024 16:15:00 GMT
x-cache: Miss from cloudfront
via: 1.1 33388636a7cb2afa812b276d900f88d4.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: StIeK708_GZp29xvvR7Hx8COo_wpK6ZyG3d_rr3zXRit4HglKMFcmg==
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

21.171.66.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.171.66.18.in-addr.arpa

IN PTR

Response

21.171.66.18.in-addr.arpa

IN PTR

server-18-66-171-21dub56r cloudfrontnet
DNS

21.171.66.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.171.66.18.in-addr.arpa

IN PTR

Response

21.171.66.18.in-addr.arpa

IN PTR

server-18-66-171-21dub56r cloudfrontnet
DNS

cdn.now.gg

chrome.exe

Remote address:

8.8.8.8:53

Request

cdn.now.gg

IN A

Response

cdn.now.gg

IN CNAME

cdn.now.gg.akamaized.net

cdn.now.gg.akamaized.net

IN CNAME

a1184.dscd.akamai.net

a1184.dscd.akamai.net

IN A

104.109.143.8

a1184.dscd.akamai.net

IN A

104.109.143.22
DNS

cdn.now.gg

chrome.exe

Remote address:

8.8.8.8:53

Request

cdn.now.gg

IN A

Response

cdn.now.gg

IN CNAME

cdn.now.gg.akamaized.net

cdn.now.gg.akamaized.net

IN CNAME

a1184.dscd.akamai.net

a1184.dscd.akamai.net

IN A

104.109.143.22

a1184.dscd.akamai.net

IN A

104.109.143.8
GET

https://cdn.now.gg/nowgg-static/social/discord.svg

chrome.exe

Remote address:

104.109.143.8:443

Request

GET /nowgg-static/social/discord.svg HTTP/1.1
Host: cdn.now.gg
Connection: keep-alive
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://now.gg/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

x-amz-id-2: LwvnKrSPorzXkyecrBnfTOOxy6+6duGlJa/UBjcVg0eMCpXWj03IRXksbhBnrNvDYCwfWamnxkI=
x-amz-request-id: GMDX2SHYYAE3XBZK
Last-Modified: Wed, 06 Sep 2023 11:32:46 GMT
ETag: "a0338a9a2590126e104d62df21b20cc2"
x-amz-server-side-encryption: AES256
x-amz-version-id: dNPwO7CWhX9IMGjvkhqDzfvvXO4u0osv
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 1320
cross-origin-resource-policy: cross-origin
Cache-Control: max-age=267658
Date: Wed, 24 Apr 2024 16:14:01 GMT
Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Connection: keep-alive
GET

https://cdn.now.gg/nowgg-static/social/tiktok.svg

chrome.exe

Remote address:

104.109.143.8:443

Request

GET /nowgg-static/social/tiktok.svg HTTP/1.1
Host: cdn.now.gg
Connection: keep-alive
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://now.gg/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

x-amz-id-2: e0FbCbWvFfNKwFhR+bWuo3I2R8geLD0OnzHq8E36NtQqoVUkk8EyFnlRXCs192bMl5HAUzdmAu/RNhHA/D2cFg==
x-amz-request-id: GMDS4NCHYB1THBYK
Last-Modified: Wed, 06 Sep 2023 11:32:48 GMT
ETag: "24987da44ef707b8b15f2f2a7969e11b"
x-amz-server-side-encryption: AES256
x-amz-version-id: GQQXYOSRnYi0X6zw9.w0XaxnrK5PqPK0
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 2395
cross-origin-resource-policy: cross-origin
Cache-Control: max-age=162392
Date: Wed, 24 Apr 2024 16:13:57 GMT
Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Connection: keep-alive
GET

https://cdn.now.gg/nowgg-static/star.svg

chrome.exe

Remote address:

104.109.143.8:443

Request

GET /nowgg-static/star.svg HTTP/1.1
Host: cdn.now.gg
Connection: keep-alive
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://now.gg/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

x-amz-id-2: 1w0sZpXFzsGuLQuwg9P3qNOxBEwdZZyP6DZJCr6hYeJnTlvrlFkMw+XrZpHf5YlqsgEft7vs47I=
x-amz-request-id: HABACJR0B4W98E9D
Last-Modified: Thu, 07 Sep 2023 13:19:24 GMT
ETag: "cc08e5a68c2bd312d3212835f2d3db9c"
x-amz-server-side-encryption: AES256
x-amz-version-id: VcT1OOXBWp37wBosMeP9OaTfaA4jkDX_
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 800
cross-origin-resource-policy: cross-origin
Cache-Control: max-age=266286
Date: Wed, 24 Apr 2024 16:13:57 GMT
Connection: keep-alive
GET

https://cdn.now.gg/nowgg-static/social/youtube.gif

chrome.exe

Remote address:

104.109.143.8:443

Request

GET /nowgg-static/social/youtube.gif HTTP/1.1
Host: cdn.now.gg
Connection: keep-alive
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://now.gg/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

x-amz-id-2: hk23BVxlW23W8krcE6Z0kF7dDygwva4WFxgciK8RSxYyot+BbvbqftZN2x4rRe8v3tkhc9FY0Gw=
x-amz-request-id: CJHQ0TXS2Y58GJ6N
Last-Modified: Wed, 06 Sep 2023 11:05:38 GMT
ETag: "1714f0a3f9c3613d0d8edeaa23d2e268"
x-amz-server-side-encryption: AES256
x-amz-version-id: DFMN1efpRfwi0BRoUmzlaNmiKvFKlS6i
Accept-Ranges: bytes
Content-Type: image/gif
Server: AmazonS3
Content-Length: 14876
cross-origin-resource-policy: cross-origin
Cache-Control: max-age=305636
Date: Wed, 24 Apr 2024 16:13:57 GMT
Connection: keep-alive
GET

https://cdn.now.gg/nowgg-static/social/tiktok.gif

chrome.exe

Remote address:

104.109.143.8:443

Request

GET /nowgg-static/social/tiktok.gif HTTP/1.1
Host: cdn.now.gg
Connection: keep-alive
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://now.gg/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

x-amz-id-2: RdC53TnOgjuisi6M76cbaqfP1gdyqIarYGSc+rNLO/luMqHSV6LTgGmFP5JK+EtCR9eBAz/gQdw=
x-amz-request-id: 4PZGXJJYE09R0SKX
Last-Modified: Wed, 06 Sep 2023 11:05:37 GMT
ETag: "1b2529a830689e1447f5c8bdf7290cca"
x-amz-server-side-encryption: AES256
x-amz-version-id: TAyAMe3awkbmkp3Y03ix11ry4t3pfHe9
Accept-Ranges: bytes
Content-Type: image/gif
Server: AmazonS3
Content-Length: 20800
cross-origin-resource-policy: cross-origin
Cache-Control: max-age=305702
Date: Wed, 24 Apr 2024 16:13:57 GMT
Connection: keep-alive
GET

https://cdn.now.gg/nowgg-static/fonts/fonts.css

chrome.exe

Remote address:

104.109.143.8:443

Request

GET /nowgg-static/fonts/fonts.css HTTP/1.1
Host: cdn.now.gg
Connection: keep-alive
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: text/css,*/*;q=0.1
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: style
Referer: https://now.gg/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

x-amz-id-2: Ersjh7/ZmAv2Q1hG992eqW7J4zRuAK0/DkkTSEHToOWcy6JnUGpNbPu1dfpXcDf5WjUSpiHTPTs=
x-amz-request-id: B77FXZBGPD8B17KK
Last-Modified: Fri, 08 Sep 2023 04:54:26 GMT
ETag: "33e0f1a762acd1978ea3c57fc8f47f73"
x-amz-server-side-encryption: AES256
x-amz-version-id: xtmHumASrYoYPky7RnsMsGxMJ86NwvVa
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
cross-origin-resource-policy: cross-origin
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=275246
Date: Wed, 24 Apr 2024 16:13:57 GMT
Content-Length: 698
Connection: keep-alive
GET

https://cdn.now.gg/assets-opt/_next/image?url=https%3A%2F%2Fcdn.now.gg%2Fapps-content%2Fcom.ea.gp.fifamobile%2Fbanner%2Fdesktop%2Fea-sports-fc-mobile-24-soccer.jpg&w=1200&q=80

chrome.exe

Remote address:

104.109.143.8:443

Request

GET /assets-opt/_next/image?url=https%3A%2F%2Fcdn.now.gg%2Fapps-content%2Fcom.ea.gp.fifamobile%2Fbanner%2Fdesktop%2Fea-sports-fc-mobile-24-soccer.jpg&w=1200&q=80 HTTP/1.1
Host: cdn.now.gg
Connection: keep-alive
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://now.gg/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Content-Type: image/webp
Content-Length: 90040
content-disposition: inline; filename="ea-sports-fc-mobile-24-soccer.webp"
Content-Security-Policy: script-src 'none'; frame-src 'none'; sandbox;
ETag: BJD4IFWGr2gbCsCUHh2gSIh7SUTDV-8foQ0nATg7xEA=
x-nextjs-cache: MISS
cross-origin-resource-policy: cross-origin
Cache-Control: public, must-revalidate, max-age=1653
Date: Wed, 24 Apr 2024 16:13:58 GMT
Connection: keep-alive
X-Forward-Proto: http
CDN-Origin-Protocol: HTTP
GET

https://cdn.now.gg/nowgg-static/logo/nowgg-logo.svg

chrome.exe

Remote address:

104.109.143.8:443

Request

GET /nowgg-static/logo/nowgg-logo.svg HTTP/1.1
Host: cdn.now.gg
Connection: keep-alive
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://now.gg/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

x-amz-id-2: YMkfjTaZjwvk9IX+Xnwy0cLlcxMkoklpazRpClHVjUEB6HfF3nZjiGItj8u4nCe964vdGhsSf+c=
x-amz-request-id: DNG3S214Q6S4R8J6
Last-Modified: Thu, 07 Sep 2023 12:25:00 GMT
ETag: "66dda0b4da0f8e513ab2a0acdf496cb2"
x-amz-server-side-encryption: AES256
x-amz-version-id: W49ImHrXVRQsjl6NvJrueoak1AlEWt0S
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 9582
cross-origin-resource-policy: cross-origin
Cache-Control: max-age=265683
Date: Wed, 24 Apr 2024 16:14:01 GMT
Connection: keep-alive
GET

https://cdn.now.gg/nowgg-static/social/youtube.svg

chrome.exe

Remote address:

104.109.143.8:443

Request

GET /nowgg-static/social/youtube.svg HTTP/1.1
Host: cdn.now.gg
Connection: keep-alive
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://now.gg/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

x-amz-id-2: 5IeSXjdFycjmkZZKL3fH9xCJlqM27zEyJBoyf+5+XQvEDmDAOi/V9hxzXcGf9RKY3uUh09u2FhQ=
x-amz-request-id: GMDKA1JWYNCBP8GG
Last-Modified: Wed, 06 Sep 2023 11:32:47 GMT
ETag: "23507d16b6e9e25cc8e991b4809effca"
x-amz-server-side-encryption: AES256
x-amz-version-id: sAnDyxd2j7xdVXUZr0D20Mh8i5EXwumY
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 871
cross-origin-resource-policy: cross-origin
Cache-Control: max-age=581314
Date: Wed, 24 Apr 2024 16:14:01 GMT
Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Connection: keep-alive
GET

https://cdn.now.gg/nowgg-static/social/discord.gif

chrome.exe

Remote address:

104.109.143.8:443

Request

GET /nowgg-static/social/discord.gif HTTP/1.1
Host: cdn.now.gg
Connection: keep-alive
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://now.gg/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

x-amz-id-2: 2SDdWhC7wG3TOeJLmB1vrjHFGym7BvPg4VhhsUt8M5f9OaBHUOWPB2LoIp/Fix8X7xNSL8D7EB8=
x-amz-request-id: MCVERMQGHKTHFRDS
Last-Modified: Wed, 06 Sep 2023 11:05:36 GMT
ETag: "dce7e9664a505432b8cf66338de47424"
x-amz-server-side-encryption: AES256
x-amz-version-id: .1LLhdt8h_yuSs6uhvokEFZsuzUA8V_u
Accept-Ranges: bytes
Content-Type: image/gif
Server: AmazonS3
Content-Length: 23103
cross-origin-resource-policy: cross-origin
Cache-Control: max-age=441467
Date: Wed, 24 Apr 2024 16:14:01 GMT
Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Connection: keep-alive
DNS

cmp.inmobi.com

chrome.exe

Remote address:

8.8.8.8:53

Request

cmp.inmobi.com

IN A

Response

cmp.inmobi.com

IN CNAME

cmp-prod.inmobi-choice.io

cmp-prod.inmobi-choice.io

IN CNAME

d23sp3kzv1t6m5.cloudfront.net

d23sp3kzv1t6m5.cloudfront.net

IN A

18.66.171.103

d23sp3kzv1t6m5.cloudfront.net

IN A

18.66.171.49

d23sp3kzv1t6m5.cloudfront.net

IN A

18.66.171.20

d23sp3kzv1t6m5.cloudfront.net

IN A

18.66.171.48
DNS

cmp.inmobi.com

chrome.exe

Remote address:

8.8.8.8:53

Request

cmp.inmobi.com

IN A
DNS

discord.com

chrome.exe

Remote address:

8.8.8.8:53

Request

discord.com

IN A

Response

discord.com

IN A

162.159.135.232

discord.com

IN A

162.159.138.232

discord.com

IN A

162.159.128.233

discord.com

IN A

162.159.137.232

discord.com

IN A

162.159.136.232
DNS

discord.com

chrome.exe

Remote address:

8.8.8.8:53

Request

discord.com

IN A

Response

discord.com

IN A

162.159.135.232

discord.com

IN A

162.159.138.232

discord.com

IN A

162.159.128.233

discord.com

IN A

162.159.137.232

discord.com

IN A

162.159.136.232
DNS

now.us

chrome.exe

Remote address:

8.8.8.8:53

Request

now.us

IN A

Response

now.us

IN A

3.162.140.51

now.us

IN A

3.162.140.65

now.us

IN A

3.162.140.122

now.us

IN A

3.162.140.48
DNS

now.us

chrome.exe

Remote address:

8.8.8.8:53

Request

now.us

IN A

Response

now.us

IN A

3.162.140.48

now.us

IN A

3.162.140.122

now.us

IN A

3.162.140.51

now.us

IN A

3.162.140.65
DNS

www.tiktok.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.tiktok.com

IN A

Response

www.tiktok.com

IN CNAME

www.tiktok.com.edgesuite.net

www.tiktok.com.edgesuite.net

IN CNAME

a2047.api10.akamai.net

a2047.api10.akamai.net

IN A

23.209.125.16

a2047.api10.akamai.net

IN A

23.209.125.11

a2047.api10.akamai.net

IN A

23.209.125.9

a2047.api10.akamai.net

IN A

23.209.125.15

a2047.api10.akamai.net

IN A

23.209.125.13

a2047.api10.akamai.net

IN A

23.209.125.12

a2047.api10.akamai.net

IN A

23.209.125.17

a2047.api10.akamai.net

IN A

23.209.125.10

a2047.api10.akamai.net

IN A

23.209.125.14
DNS

www.tiktok.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.tiktok.com

IN A

Response

www.tiktok.com

IN CNAME

www.tiktok.com.edgesuite.net

www.tiktok.com.edgesuite.net

IN CNAME

a2047.api10.akamai.net

a2047.api10.akamai.net

IN A

23.209.125.16

a2047.api10.akamai.net

IN A

23.209.125.11

a2047.api10.akamai.net

IN A

23.209.125.9

a2047.api10.akamai.net

IN A

23.209.125.15

a2047.api10.akamai.net

IN A

23.209.125.13

a2047.api10.akamai.net

IN A

23.209.125.12

a2047.api10.akamai.net

IN A

23.209.125.17

a2047.api10.akamai.net

IN A

23.209.125.10

a2047.api10.akamai.net

IN A

23.209.125.14
GET

https://cmp.inmobi.com/choice/mw9xJtqPQGFbC/now.gg/choice.js?tag_version=V3

chrome.exe

Remote address:

18.66.171.103:443

Request

GET /choice/mw9xJtqPQGFbC/now.gg/choice.js?tag_version=V3 HTTP/2.0
host: cmp.inmobi.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
last-modified: Mon, 05 Feb 2024 16:45:49 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
cross-origin-resource-policy: cross-origin
content-encoding: br
cache-control: max-age=900
date: Wed, 24 Apr 2024 16:13:58 GMT
etag: W/"b369f93f53be67b1fcf6c847414a67e3"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 2568eb8f0175e7f74a0500dd2f6869da.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
x-amz-cf-id: Zs3PGjhBnhgUepBeeskVdZLGj0QBrTyTGRj3O256BPjuxwQdeUUqJw==
GET

https://cmp.inmobi.com/tcfv2/cmp2.js?referer=now.gg

chrome.exe

Remote address:

18.66.171.103:443

Request

GET /tcfv2/cmp2.js?referer=now.gg HTTP/2.0
host: cmp.inmobi.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/javascript;charset=UTF-8
access-control-max-age: 86400
last-modified: Mon, 08 Apr 2024 05:55:44 GMT
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
x-amz-meta-qc-ineu: True
server: AmazonS3
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: gzip
cache-control: max-age=3600
date: Wed, 24 Apr 2024 15:51:24 GMT
etag: W/"0c68dd584ff370af61aaded5d3f2be99"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2568eb8f0175e7f74a0500dd2f6869da.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
x-amz-cf-id: cRxb8r9u1UMixRLhyxaEtHbiLsnOsoBmhH4M-4FXHRxVouhMqKCMKg==
age: 1354
GET

https://cmp.inmobi.com/tcfv2/52/cmp2ui-en.js

chrome.exe

Remote address:

18.66.171.103:443

Request

GET /tcfv2/52/cmp2ui-en.js HTTP/2.0
host: cmp.inmobi.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/javascript;charset=UTF-8
access-control-max-age: 86400
last-modified: Mon, 08 Apr 2024 05:55:37 GMT
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
server: AmazonS3
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
access-control-allow-methods: GET
content-encoding: br
cache-control: max-age=172800
date: Tue, 23 Apr 2024 00:44:21 GMT
etag: W/"9c564132396970ef282cd03113b4e575"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 2568eb8f0175e7f74a0500dd2f6869da.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
x-amz-cf-id: IC_RpnNslnpZZpmzlv0cyrHywoqen4zC9n5DHswDnmcYqbzguc3XPQ==
age: 142178
DNS

nowgg.zendesk.com

chrome.exe

Remote address:

8.8.8.8:53

Request

nowgg.zendesk.com

IN A

Response

nowgg.zendesk.com

IN A

104.16.53.111

nowgg.zendesk.com

IN A

104.16.51.111
DNS

nowgg.zendesk.com

chrome.exe

Remote address:

8.8.8.8:53

Request

nowgg.zendesk.com

IN A

Response

nowgg.zendesk.com

IN A

104.16.53.111

nowgg.zendesk.com

IN A

104.16.51.111
DNS

www.youtube.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

216.58.213.14

youtube-ui.l.google.com

IN A

172.217.169.14

youtube-ui.l.google.com

IN A

216.58.212.238

youtube-ui.l.google.com

IN A

142.250.179.238
DNS

www.youtube.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

216.58.213.14

youtube-ui.l.google.com

IN A

172.217.169.14

youtube-ui.l.google.com

IN A

216.58.212.238

youtube-ui.l.google.com

IN A

142.250.179.238
DNS

202.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.187.250.142.in-addr.arpa

IN PTR

Response

202.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f101e100net
DNS

202.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.187.250.142.in-addr.arpa

IN PTR
DNS

8.143.109.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.143.109.104.in-addr.arpa

IN PTR

Response

8.143.109.104.in-addr.arpa

IN PTR

a104-109-143-8deploystaticakamaitechnologiescom
DNS

8.143.109.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.143.109.104.in-addr.arpa

IN PTR
DNS

103.171.66.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.171.66.18.in-addr.arpa

IN PTR

Response

103.171.66.18.in-addr.arpa

IN PTR

server-18-66-171-103dub56r cloudfrontnet
DNS

103.171.66.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.171.66.18.in-addr.arpa

IN PTR

Response

103.171.66.18.in-addr.arpa

IN PTR

server-18-66-171-103dub56r cloudfrontnet
DNS

40.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

40.200.250.142.in-addr.arpa

IN PTR

Response

40.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f81e100net
DNS

40.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

40.200.250.142.in-addr.arpa

IN PTR

Response

40.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f81e100net
GET

https://cmp.inmobi.com/GVL-v2/cmp-list.json

chrome.exe

Remote address:

18.66.171.103:443

Request

GET /GVL-v2/cmp-list.json HTTP/2.0
host: cmp.inmobi.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
accept: application/json, text/plain, */*
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
origin: https://now.gg
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json
access-control-max-age: 3000
cache-control: max-age=172800
date: Wed, 24 Apr 2024 03:00:45 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-credentials: true
last-modified: Wed, 24 Apr 2024 03:00:42 GMT
etag: W/"9405c4e9a76571d9c55b00b877224cf0"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: br
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 93bbc6688f0d24cc7122c5dfa105d524.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
x-amz-cf-id: QKC6ctWXwFFCMsQdg2kER5IY9cti81zTfyGMWhC6uzCRT4w2HIyGQQ==
age: 47594
GET

https://cmp.inmobi.com/GVL-v3/vendor-list-trimmed-v1.json

chrome.exe

Remote address:

18.66.171.103:443

Request

GET /GVL-v3/vendor-list-trimmed-v1.json HTTP/2.0
host: cmp.inmobi.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://now.gg
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json
access-control-max-age: 3000
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-credentials: true
last-modified: Thu, 18 Apr 2024 23:59:20 GMT
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Wed, 24 Apr 2024 00:00:27 GMT
cache-control: max-age=86400
etag: W/"01b2596462ed2344c7848e33dfefc12e"
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 93bbc6688f0d24cc7122c5dfa105d524.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
x-amz-cf-id: 50NJDdWz_kpv1GubJ0NFUO2Z40M-tdY8Hgm7Q8QHTZbzChi5nNvFlQ==
age: 58474
GET

https://cmp.inmobi.com/tcfv2/google-atp-list.json

chrome.exe

Remote address:

18.66.171.103:443

Request

GET /tcfv2/google-atp-list.json HTTP/2.0
host: cmp.inmobi.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
accept: application/json, text/plain, */*
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
origin: https://now.gg
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json
access-control-max-age: 3000
cache-control: max-age=172800
date: Wed, 24 Apr 2024 03:00:27 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-credentials: true
last-modified: Wed, 24 Apr 2024 03:00:25 GMT
etag: W/"85d9d870b67b583c07d95394af52785d"
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: br
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 93bbc6688f0d24cc7122c5dfa105d524.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
x-amz-cf-id: 68BTSqOoPMhSKpGJilhDdlWl6FY_6vRxz2iDbsCCD15GcnJI9tYFAA==
age: 47612
GET

https://cmp.inmobi.com/geoip

chrome.exe

Remote address:

18.66.171.103:443

Request

GET /geoip HTTP/2.0
host: cmp.inmobi.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
accept: application/json, text/plain, */*
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
origin: https://now.gg
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: CloudFront
date: Wed, 24 Apr 2024 16:13:59 GMT
content-type: application/json
content-length: 48
x-cache: FunctionGeneratedResponse from cloudfront
via: 1.1 93bbc6688f0d24cc7122c5dfa105d524.cloudfront.net (CloudFront)
x-amz-cf-pop: DUB56-P1
x-amz-cf-id: WKZNCNckiSOb3AGohHReAS-TPiqsuq41HaJEYAW0Es7E71ANGL7UzA==
access-control-allow-origin: *
access-control-expose-headers: *
GET

https://cdn.now.gg/nowgg-static/fonts/icomoon.ttf?o6vr2n

chrome.exe

Remote address:

104.109.143.8:443

Request

GET /nowgg-static/fonts/icomoon.ttf?o6vr2n HTTP/1.1
Host: cdn.now.gg
Connection: keep-alive
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
Origin: https://now.gg
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: font
Referer: https://cdn.now.gg/nowgg-static/fonts/fonts.css
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

x-amz-id-2: pUS/1z6sI59xh6veoVHLw3iZaoigCk+F6EDlXNJKtfTDKGHVx+2gwmk2ZAqweNQTOhS1cKeDfI4=
x-amz-request-id: P1RR9DJ9FXP94CG2
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Last-Modified: Fri, 08 Sep 2023 04:38:52 GMT
ETag: "b0c67f43007689138131c9781feed588"
x-amz-server-side-encryption: AES256
x-amz-version-id: s6fnHzJH0HB5k_8DT6lMWJYkJA7sUilU
Accept-Ranges: bytes
Content-Type: binary/octet-stream
Server: AmazonS3
Content-Length: 11896
cross-origin-resource-policy: cross-origin
Cache-Control: max-age=131775
Date: Wed, 24 Apr 2024 16:13:58 GMT
Alt-Svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
Connection: keep-alive
DNS

api.cmp.inmobi.com

chrome.exe

Remote address:

8.8.8.8:53

Request

api.cmp.inmobi.com

IN A

Response

api.cmp.inmobi.com

IN CNAME

cmp-api-prod.inmobi-choice.io

cmp-api-prod.inmobi-choice.io

IN CNAME

choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com

choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com

IN A

3.77.60.206

choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com

IN A

18.159.4.156

choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com

IN A

52.28.50.229
DNS

api.cmp.inmobi.com

chrome.exe

Remote address:

8.8.8.8:53

Request

api.cmp.inmobi.com

IN A

Response

api.cmp.inmobi.com

IN CNAME

cmp-api-prod.inmobi-choice.io

cmp-api-prod.inmobi-choice.io

IN CNAME

choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com

choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com

IN A

3.77.60.206

choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com

IN A

18.159.4.156

choice-apis-prod-2120274730.eu-central-1.elb.amazonaws.com

IN A

52.28.50.229
GET

https://api.cmp.inmobi.com/?log=%7B%22accountId%22%3A%22mw9xJtqPQGFbC%22%2C%22domain%22%3A%22now.gg%22%2C%22publisher%22%3A%22now.gg%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.52%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22qUckPGoSvWyKIzNFcuKTYA%22%2C%22tagVersion%22%3A%22V3%22%2C%22gvlVersion%22%3A3%2C%22clientTimestamp%22%3A1713975238496%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-ue5dduzbkro14ijac7xq%22%7D

chrome.exe

Remote address:

3.77.60.206:443

Request

GET /?log=%7B%22accountId%22%3A%22mw9xJtqPQGFbC%22%2C%22domain%22%3A%22now.gg%22%2C%22publisher%22%3A%22now.gg%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.52%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22qUckPGoSvWyKIzNFcuKTYA%22%2C%22tagVersion%22%3A%22V3%22%2C%22gvlVersion%22%3A3%2C%22clientTimestamp%22%3A1713975238496%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-ue5dduzbkro14ijac7xq%22%7D HTTP/2.0
host: api.cmp.inmobi.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
accept: application/json, text/plain, */*
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
origin: https://now.gg
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 24 Apr 2024 16:14:00 GMT
content-type: text/plain; charset=utf-8
content-length: 2
access-control-allow-origin: *
GET

https://api.cmp.inmobi.com/?log=%7B%22userEvents%22%3A%5B%7B%22clientTimestamp%22%3A1713975238496%2C%22event%22%3A%22startOnPage%3AGDPR_0%22%7D%2C%7B%22clientTimestamp%22%3A1713975243445%2C%22event%22%3A%22rejectAll%3Aclick%22%7D%5D%2C%22acceptanceState%22%3A%22Reject%22%2C%22objectionState%22%3A%22None%22%2C%22tcData%22%3A%22CP9kvMAP9kvMAAKA0AENAxEgAAAAAEPgACiQAAAUNALMNCogD7IkJCDQMIoEAKgrCAigQAAAAkDRAQAmDAp2BgEusJEAIAUAAwQAgABRkACAAASABCIAJACgQAAQCBQAAgAACAQAMDAAGACwEAgABAdAhTAggUCwASMyIhTAhCgSCAlsqEEgCBBXCEIs8CCAREwUAAAJABWAAICwWBxJICViQQJcQbQAAEACAQQgVCKTswBBAmbLVXiibRlaQFo-cAAA.YAAAAAAAAAAA%22%2C%22nonIabConsentData%22%3A%22%22%2C%22clientTimestamp%22%3A1713975243445%2C%22operationType%22%3A%22done%22%2C%22sessionId%22%3A%22GDPR-ue5dduzbkro14ijac7xq%22%7D

chrome.exe

Remote address:

3.77.60.206:443

Request

GET /?log=%7B%22userEvents%22%3A%5B%7B%22clientTimestamp%22%3A1713975238496%2C%22event%22%3A%22startOnPage%3AGDPR_0%22%7D%2C%7B%22clientTimestamp%22%3A1713975243445%2C%22event%22%3A%22rejectAll%3Aclick%22%7D%5D%2C%22acceptanceState%22%3A%22Reject%22%2C%22objectionState%22%3A%22None%22%2C%22tcData%22%3A%22CP9kvMAP9kvMAAKA0AENAxEgAAAAAEPgACiQAAAUNALMNCogD7IkJCDQMIoEAKgrCAigQAAAAkDRAQAmDAp2BgEusJEAIAUAAwQAgABRkACAAASABCIAJACgQAAQCBQAAgAACAQAMDAAGACwEAgABAdAhTAggUCwASMyIhTAhCgSCAlsqEEgCBBXCEIs8CCAREwUAAAJABWAAICwWBxJICViQQJcQbQAAEACAQQgVCKTswBBAmbLVXiibRlaQFo-cAAA.YAAAAAAAAAAA%22%2C%22nonIabConsentData%22%3A%22%22%2C%22clientTimestamp%22%3A1713975243445%2C%22operationType%22%3A%22done%22%2C%22sessionId%22%3A%22GDPR-ue5dduzbkro14ijac7xq%22%7D HTTP/2.0
host: api.cmp.inmobi.com
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
accept: application/json, text/plain, */*
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
origin: https://now.gg
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Wed, 24 Apr 2024 16:14:04 GMT
content-type: text/plain; charset=utf-8
content-length: 2
access-control-allow-origin: *
DNS

206.60.77.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.60.77.3.in-addr.arpa

IN PTR

Response

206.60.77.3.in-addr.arpa

IN PTR

ec2-3-77-60-206eu-central-1compute amazonawscom
DNS

206.60.77.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.60.77.3.in-addr.arpa

IN PTR
DNS

sessions.bugsnag.com

chrome.exe

Remote address:

8.8.8.8:53

Request

sessions.bugsnag.com

IN A

Response

sessions.bugsnag.com

IN A

35.190.88.7
DNS

sessions.bugsnag.com

chrome.exe

Remote address:

8.8.8.8:53

Request

sessions.bugsnag.com

IN A

Response

sessions.bugsnag.com

IN A

35.190.88.7
OPTIONS

https://sessions.bugsnag.com/

chrome.exe

Remote address:

35.190.88.7:443

Request

OPTIONS / HTTP/2.0
host: sessions.bugsnag.com
accept: */*
access-control-request-method: POST
access-control-request-headers: bugsnag-api-key,bugsnag-payload-version,bugsnag-sent-at,content-type
origin: https://now.gg
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
OPTIONS

https://sessions.bugsnag.com/

chrome.exe

Remote address:

35.190.88.7:443

Request

OPTIONS / HTTP/2.0
host: sessions.bugsnag.com
accept: */*
access-control-request-method: POST
access-control-request-headers: bugsnag-api-key,bugsnag-payload-version,bugsnag-sent-at,content-type
origin: https://now.gg
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://sessions.bugsnag.com/

chrome.exe

Remote address:

35.190.88.7:443

Request

POST / HTTP/2.0
host: sessions.bugsnag.com
content-length: 511
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
bugsnag-api-key: 5409ce593426cf95bd284a5b809c62c5
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
content-type: application/json
bugsnag-payload-version: 1
bugsnag-sent-at: 2024-04-24T16:13:59.384Z
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://now.gg
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

7.88.190.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

7.88.190.35.in-addr.arpa

IN PTR

Response

7.88.190.35.in-addr.arpa

IN PTR

78819035bcgoogleusercontentcom
DNS

7.88.190.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

7.88.190.35.in-addr.arpa

IN PTR
DNS

region1.google-analytics.com

chrome.exe

Remote address:

8.8.8.8:53

Request

region1.google-analytics.com

IN A

Response

region1.google-analytics.com

IN A

216.239.34.36

region1.google-analytics.com

IN A

216.239.32.36
DNS

region1.google-analytics.com

chrome.exe

Remote address:

8.8.8.8:53

Request

region1.google-analytics.com

IN A

Response

region1.google-analytics.com

IN A

216.239.32.36

region1.google-analytics.com

IN A

216.239.34.36
POST

https://region1.google-analytics.com/g/collect?v=2&tid=G-8VVPTD9ZTY&gtm=45je44m0v883457966za200&_p=1713975236133&gcs=G10-&gcd=13m3l3m3m5&npa=1&dma_cps=-&dma=1&tcfd=10a4m&cid=1556258050.1713975245&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Chromium%3B110.0.5481.104%7CNot%2520A(Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B110.0.5481.104&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&pscdl=denied&_s=1&sid=1713975244&sct=1&seg=0&dl=https%3A%2F%2Fnow.gg%2F&dr=https%3A%2F%2Fwww.google.com%2F&dt=Play%20Online%20Games%20for%20Free%20%7C%20now.gg%20Mobile%20Cloud&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=9046

chrome.exe

Remote address:

216.239.34.36:443

Request

POST /g/collect?v=2&tid=G-8VVPTD9ZTY&gtm=45je44m0v883457966za200&_p=1713975236133&gcs=G10-&gcd=13m3l3m3m5&npa=1&dma_cps=-&dma=1&tcfd=10a4m&cid=1556258050.1713975245&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Chromium%3B110.0.5481.104%7CNot%2520A(Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B110.0.5481.104&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&pscdl=denied&_s=1&sid=1713975244&sct=1&seg=0&dl=https%3A%2F%2Fnow.gg%2F&dr=https%3A%2F%2Fwww.google.com%2F&dt=Play%20Online%20Games%20for%20Free%20%7C%20now.gg%20Mobile%20Cloud&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=9046 HTTP/2.0
host: region1.google-analytics.com
content-length: 0
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://now.gg
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://region1.google-analytics.com/g/collect?v=2&tid=G-8VVPTD9ZTY&gtm=45je44m0v883457966za200&_p=1713975236133&gcs=G10-&gcd=13m3l3m3m5&npa=1&dma_cps=-&dma=1&tcfd=10a4m&cid=1556258050.1713975245&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Chromium%3B110.0.5481.104%7CNot%2520A(Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B110.0.5481.104&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&pscdl=denied&_eu=AEA&_s=2&sid=1713975244&sct=1&seg=0&dl=https%3A%2F%2Fnow.gg%2F&dr=https%3A%2F%2Fwww.google.com%2F&dt=Play%20Online%20Games%20for%20Free%20%7C%20now.gg%20Mobile%20Cloud&en=scroll&epn.percent_scrolled=90&_et=5&tfd=14059

chrome.exe

Remote address:

216.239.34.36:443

Request

POST /g/collect?v=2&tid=G-8VVPTD9ZTY&gtm=45je44m0v883457966za200&_p=1713975236133&gcs=G10-&gcd=13m3l3m3m5&npa=1&dma_cps=-&dma=1&tcfd=10a4m&cid=1556258050.1713975245&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Chromium%3B110.0.5481.104%7CNot%2520A(Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B110.0.5481.104&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&pscdl=denied&_eu=AEA&_s=2&sid=1713975244&sct=1&seg=0&dl=https%3A%2F%2Fnow.gg%2F&dr=https%3A%2F%2Fwww.google.com%2F&dt=Play%20Online%20Games%20for%20Free%20%7C%20now.gg%20Mobile%20Cloud&en=scroll&epn.percent_scrolled=90&_et=5&tfd=14059 HTTP/2.0
host: region1.google-analytics.com
content-length: 0
sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://now.gg
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://now.gg/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

36.34.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

36.34.239.216.in-addr.arpa

IN PTR

Response
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

192.178.49.163
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

192.178.49.163:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 1232
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

192.178.49.163:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 528
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

163.49.178.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

163.49.178.192.in-addr.arpa

IN PTR

Response

163.49.178.192.in-addr.arpa

IN PTR

phx19s05-in-f31e100net
DNS

163.49.178.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

163.49.178.192.in-addr.arpa

IN PTR
DNS

163.49.178.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

163.49.178.192.in-addr.arpa

IN PTR
DNS

14.251.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.251.17.2.in-addr.arpa

IN PTR

Response

14.251.17.2.in-addr.arpa

IN PTR

a2-17-251-14deploystaticakamaitechnologiescom
DNS

249.197.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

249.197.17.2.in-addr.arpa

IN PTR

Response

249.197.17.2.in-addr.arpa

IN PTR

a2-17-197-249deploystaticakamaitechnologiescom
DNS

30.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.243.111.52.in-addr.arpa

IN PTR

Response
DNS

30.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.243.111.52.in-addr.arpa

IN PTR

Response
DNS

beacons4.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons4.gvt2.com

IN A

Response

beacons4.gvt2.com

IN A

216.239.32.116
DNS

beacons4.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons4.gvt2.com

IN A

Response

beacons4.gvt2.com

IN A

216.239.32.116
OPTIONS

https://beacons4.gvt2.com/domainreliability/upload-nel

chrome.exe

Remote address:

216.239.32.116:443

Request

OPTIONS /domainreliability/upload-nel HTTP/2.0
host: beacons4.gvt2.com
origin: https://beacons.gcp.gvt2.com
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://beacons4.gvt2.com/domainreliability/upload-nel

chrome.exe

Remote address:

216.239.32.116:443

Request

POST /domainreliability/upload-nel HTTP/2.0
host: beacons4.gvt2.com
content-length: 408
content-type: application/reports+json
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

116.32.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

116.32.239.216.in-addr.arpa

IN PTR

Response

116.32.239.216.in-addr.arpa

IN PTR

e2agooglecom
DNS

116.32.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

116.32.239.216.in-addr.arpa

IN PTR

Response

116.32.239.216.in-addr.arpa

IN PTR

e2agooglecom
DNS

e2c44.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

e2c44.gcp.gvt2.com

IN A

Response

e2c44.gcp.gvt2.com

IN A

35.216.230.172
DNS

e2c44.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

e2c44.gcp.gvt2.com

IN A

Response

e2c44.gcp.gvt2.com

IN A

35.216.230.172
POST

https://e2c44.gcp.gvt2.com/nel/

chrome.exe

Remote address:

35.216.230.172:443

Request

POST /nel/ HTTP/2.0
host: e2c44.gcp.gvt2.com
content-length: 528
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Wed, 24 Apr 2024 16:15:00 GMT
DNS

now.gg

chrome.exe

Remote address:

8.8.8.8:53

Request

now.gg

IN A

Response

now.gg

IN A

18.66.171.76

now.gg

IN A

18.66.171.21

now.gg

IN A

18.66.171.97

now.gg

IN A

18.66.171.121
DNS

now.gg

chrome.exe

Remote address:

8.8.8.8:53

Request

now.gg

IN A
DNS

172.230.216.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.230.216.35.in-addr.arpa

IN PTR

Response

172.230.216.35.in-addr.arpa

IN PTR

17223021635bcgoogleusercontentcom
DNS

172.230.216.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.230.216.35.in-addr.arpa

IN PTR

Response

172.230.216.35.in-addr.arpa

IN PTR

17223021635bcgoogleusercontentcom
DNS

76.171.66.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.171.66.18.in-addr.arpa

IN PTR

Response

76.171.66.18.in-addr.arpa

IN PTR

server-18-66-171-76dub56r cloudfrontnet
DNS

76.171.66.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

76.171.66.18.in-addr.arpa

IN PTR

Response

76.171.66.18.in-addr.arpa

IN PTR

server-18-66-171-76dub56r cloudfrontnet
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 682798
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F5DE18B0A6354390874675051F154026 Ref B: LON04EDGE1221 Ref C: 2024-04-24T16:15:08Z
date: Wed, 24 Apr 2024 16:15:07 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360313429_1X5GXWWD8KTODKAD6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360313429_1X5GXWWD8KTODKAD6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 664406
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BE27E2AA88624C4287726B9869A4BA46 Ref B: LON04EDGE1221 Ref C: 2024-04-24T16:15:08Z
date: Wed, 24 Apr 2024 16:15:07 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 394521
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 347680562F684AA28DED01AD125BB826 Ref B: LON04EDGE1221 Ref C: 2024-04-24T16:15:08Z
date: Wed, 24 Apr 2024 16:15:07 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 442324
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 80A12967FB74471E92AB0FF283D7A441 Ref B: LON04EDGE1221 Ref C: 2024-04-24T16:15:08Z
date: Wed, 24 Apr 2024 16:15:07 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 496166
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CE28C23131A04BAFA61663EBDE2A0AFD Ref B: LON04EDGE1221 Ref C: 2024-04-24T16:15:08Z
date: Wed, 24 Apr 2024 16:15:07 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360313429_1X5GXWWD8KTODKAD6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360313429_1X5GXWWD8KTODKAD6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 664406
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1B194EBCA79049309B4DEAAEEEFF4282 Ref B: LON04EDGE1221 Ref C: 2024-04-24T16:17:13Z
date: Wed, 24 Apr 2024 16:17:12 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 442324
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AF4173E97BC84BC5BE10319BDEBA652F Ref B: LON04EDGE1221 Ref C: 2024-04-24T16:17:13Z
date: Wed, 24 Apr 2024 16:17:12 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 496166
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6E60658D921A4B458485F753718AF768 Ref B: LON04EDGE1221 Ref C: 2024-04-24T16:17:13Z
date: Wed, 24 Apr 2024 16:17:12 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 394521
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D871317762BD41B1A67BB07706E7026B Ref B: LON04EDGE1221 Ref C: 2024-04-24T16:17:13Z
date: Wed, 24 Apr 2024 16:17:12 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
DNS

beacons.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gvt2.com

IN A

Response

beacons.gvt2.com

IN A

192.178.48.227
DNS

beacons.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gvt2.com

IN A

Response

beacons.gvt2.com

IN A

192.178.48.227
POST

https://beacons.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

192.178.48.227:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gvt2.com
content-length: 528
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

227.48.178.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.48.178.192.in-addr.arpa

IN PTR

Response

227.48.178.192.in-addr.arpa

IN PTR

phx18s07-in-f31e100net
DNS

227.48.178.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.48.178.192.in-addr.arpa

IN PTR
DNS

beacons3.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons3.gvt2.com

IN A

Response

beacons3.gvt2.com

IN A

216.58.213.3
DNS

beacons3.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons3.gvt2.com

IN A

Response

beacons3.gvt2.com

IN A

216.58.213.3
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

216.58.212.206
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

216.58.212.206
OPTIONS

https://beacons3.gvt2.com/domainreliability/upload-nel

chrome.exe

Remote address:

216.58.213.3:443

Request

OPTIONS /domainreliability/upload-nel HTTP/2.0
host: beacons3.gvt2.com
origin: https://beacons4.gvt2.com
access-control-request-method: POST
access-control-request-headers: content-type
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://beacons3.gvt2.com/domainreliability/upload-nel

chrome.exe

Remote address:

216.58.213.3:443

Request

POST /domainreliability/upload-nel HTTP/2.0
host: beacons3.gvt2.com
content-length: 408
content-type: application/reports+json
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

3.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.213.58.216.in-addr.arpa

IN PTR

Response

3.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f31e100net

3.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f3�F
DNS

3.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.213.58.216.in-addr.arpa

IN PTR

Response

3.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f31e100net

3.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f3�F
DNS

89.65.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

89.65.42.20.in-addr.arpa

IN PTR

Response
DNS

89.65.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

89.65.42.20.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 394521
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A27A44EE1CC1498B92CB8F0AE9C2C1F9 Ref B: LON04EDGE1113 Ref C: 2024-04-24T16:19:43Z
date: Wed, 24 Apr 2024 16:19:43 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 496229
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 15C9031E7ED64E68A8C9842C7FDF70AE Ref B: LON04EDGE1113 Ref C: 2024-04-24T16:21:21Z
date: Wed, 24 Apr 2024 16:21:21 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 682798
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DF53D50514F64EA597EBFF4B7ED062D4 Ref B: LON04EDGE1113 Ref C: 2024-04-24T16:21:21Z
date: Wed, 24 Apr 2024 16:21:21 GMT
DNS

beacons3.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons3.gvt2.com

IN A

Response

beacons3.gvt2.com

IN A

216.58.213.3
DNS

beacons3.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons3.gvt2.com

IN A

Response

beacons3.gvt2.com

IN A

216.58.213.3
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

192.178.49.163
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

192.178.49.163
DNS

159.113.53.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

159.113.53.23.in-addr.arpa

IN PTR

Response

159.113.53.23.in-addr.arpa

IN PTR

a23-53-113-159deploystaticakamaitechnologiescom
DNS

159.113.53.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

159.113.53.23.in-addr.arpa

IN PTR

Response

159.113.53.23.in-addr.arpa

IN PTR

a23-53-113-159deploystaticakamaitechnologiescom
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

216.58.212.206
DNS

clients2.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

216.58.212.206
DNS

beacons.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gvt2.com

IN A

Response

beacons.gvt2.com

IN A

192.178.48.227
DNS

beacons.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gvt2.com

IN A

Response

beacons.gvt2.com

IN A

192.178.48.227
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 682798
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E28FA32C55154D86AF58ACBC7C1F2E5E Ref B: LON04EDGE1008 Ref C: 2024-04-24T16:23:52Z
date: Wed, 24 Apr 2024 16:23:51 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 682798
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: ADF8C2645DE84FB7B6C632C8AA119DA6 Ref B: LON04EDGE1008 Ref C: 2024-04-24T16:25:56Z
date: Wed, 24 Apr 2024 16:25:55 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 496229
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8A077948407140F097664CF581C218B8 Ref B: LON04EDGE1008 Ref C: 2024-04-24T16:27:21Z
date: Wed, 24 Apr 2024 16:27:21 GMT
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 496229
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F28AD55D6926436A9A6E193430DD840F Ref B: LON04EDGE1106 Ref C: 2024-04-24T16:33:22Z
date: Wed, 24 Apr 2024 16:33:21 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 682798
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D6AAD72FA73848298C5AEFB9FFB62F18 Ref B: LON04EDGE1106 Ref C: 2024-04-24T16:33:22Z
date: Wed, 24 Apr 2024 16:33:21 GMT
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 682798
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3342999049FF4041B740F9166E50D6F7 Ref B: LON04EDGE1206 Ref C: 2024-04-24T16:35:52Z
date: Wed, 24 Apr 2024 16:35:51 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 682798
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B46D6B1B7CE54688B79E37FAD63E8FD0 Ref B: LON04EDGE1207 Ref C: 2024-04-24T16:40:27Z
date: Wed, 24 Apr 2024 16:40:26 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 496229
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CBD20E0DB1AD4B3D93D9F76815F1A87A Ref B: LON04EDGE1207 Ref C: 2024-04-24T16:41:53Z
date: Wed, 24 Apr 2024 16:41:52 GMT
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 682798
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F08C56003F3942289517C412A7CFE058 Ref B: LON04EDGE1108 Ref C: 2024-04-24T16:44:23Z
date: Wed, 24 Apr 2024 16:44:23 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 496229
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 918C3943F7A543189E693C2523C6FD30 Ref B: LON04EDGE1108 Ref C: 2024-04-24T16:47:53Z
date: Wed, 24 Apr 2024 16:47:53 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 682798
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 43C2A444237643078A3690385F11FC17 Ref B: LON04EDGE1108 Ref C: 2024-04-24T16:47:53Z
date: Wed, 24 Apr 2024 16:47:53 GMT
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 682798
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0FD6476A98964241B11C05FCCE56F41B Ref B: LON04EDGE0806 Ref C: 2024-04-24T16:50:23Z
date: Wed, 24 Apr 2024 16:50:23 GMT
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 682798
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}&ndcParam=QUZE
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5955A264383B4FEAB27C524BE7CDEB5E Ref B: LON04EDGE1017 Ref C: 2024-04-24T16:52:53Z
date: Wed, 24 Apr 2024 16:52:53 GMT
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 682798
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4259F32FB06A4C64938A2A585DB92FF7 Ref B: LON04EDGE0710 Ref C: 2024-04-24T16:56:23Z
date: Wed, 24 Apr 2024 16:56:23 GMT

142.250.179.238:80

google.com

chrome.exe

282 B
144 B
6
3
142.250.179.238:80

http://google.com/

http

chrome.exe

983 B
2.0kB
12
10

HTTP Request

GET http://google.com/

HTTP Response

301
204.79.197.237:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=efc0472351a54e058c8298dd831057b3&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

tls, http2

2.0kB
9.3kB
22
20

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=efc0472351a54e058c8298dd831057b3&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=efc0472351a54e058c8298dd831057b3&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=efc0472351a54e058c8298dd831057b3&localId=w:82014CF4-DC18-5C6E-6DB2-ACA702FC47E3&deviceId=6896199938616243&anid=

HTTP Response

204
216.58.204.68:443

www.google.com

tls

chrome.exe

953 B
4.8kB
8
9
172.217.169.10:443

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTEwLjAuNTQ4MS4xMDQSEAkF4z3jqyy9UxIFDYS_YqQ=?alt=proto

tls, http2

chrome.exe

2.5kB
7.8kB
25
28

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTEwLjAuNTQ4MS4xMDQSEAn11VQ7sgCk8RIFDWlIR0c=?alt=proto

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTEwLjAuNTQ4MS4xMDQSEAkF4z3jqyy9UxIFDYS_YqQ=?alt=proto
142.250.187.206:443

apis.google.com

tls, http2

chrome.exe

1.1kB
5.8kB
11
9
216.58.212.206:443

consent.google.com

tls, http2

chrome.exe

1.3kB
1.6kB
9
6
216.58.212.206:443

https://consent.google.com/save?continue=https://www.google.com/&gl=UK&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20240417-0_RC5&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true

tls, http2

chrome.exe

2.5kB
10.7kB
21
22

HTTP Request

POST https://consent.google.com/save?continue=https://www.google.com/&gl=UK&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20240417-0_RC5&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true
142.250.179.238:443

encrypted-tbn0.gstatic.com

tls

chrome.exe

931 B
4.8kB
9
7
142.250.179.238:443

encrypted-tbn0.gstatic.com

chrome.exe

98 B
52 B
2
1
142.250.179.238:443

encrypted-tbn0.gstatic.com

chrome.exe

98 B
52 B
2
1
142.250.179.238:443

encrypted-tbn0.gstatic.com

tls, http2

chrome.exe

999 B
5.8kB
9
8
142.250.179.238:443

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSK1jhUTAYGJJ_gi9VJX0-cEYFLFtppbnNfMLlaTgw&s=10

tls, http2

chrome.exe

8.8kB
37.7kB
62
55

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcR7zHBCyMzjCh5BOAXTsQVI-sGc60YzQ75_jCvjB7Y&s=10

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTIMN7m5lIt5LnQKNTxpom5_4T7PpPM4qC-MwK15nA&s=10

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTI1T2098jI7mr1NxhOU4RSBivUGvlq6a2Lkxg0Lmw&s=10

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSEjPuDQBNQpsW_BOtWcGhLm568wQe9F3iIVfFMWA0&s=10

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRHc-_daLHkgWkUAxfVhCzcvBitHx_i5ioqEQryNg0&s=10

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTHY2D1_Fe5dnns_rulBDvzV6B9UXt4067guI4BKP8&s=10

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTd2xNKTRDrixys46WrrWHWIHoZxp45AEOX18fNbwo&s=10

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRsVbma3W9rXZk1XA7RT6vibRnf-4pDp79KgnGY97A&s=10

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQ3WnmO_JBn18tWsjc8LRmQ0FRWSG7HidgYgNKPODs&s=10

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSvuwA5M_KrxCcyvrdoEzf9wg5oA6ZEhOLgm-s3cfk&s=10

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQgSQhRk14EPJHSTX-Pn1EatXhuT-6XXt9REYezhReQMrWijqCVJJoyR-U&s=10

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcR55q_iTpFEgvEb0bqsjLvSyY5wWJF_nLCy5xruY-Q&s=10

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSE7y_clp9I4XEFxl3kT-NeWEe--QzPEj9G9gk7NW4&s=10

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTfMiXvFfQngv8wNO2GQ1aCHA4iv38xalrhNF_6PkvJW1SJQaPws1Q99oI&s=10

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRBXlFrPOOlbus20zPphqvWkLqIB9KqzawXth8s4jpbwyxWN6GAQ88AtaQ&s=10

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQudzlh09KVTIL0jVtePGkiEH2TZJTTo0VsSw4QugFPzo6395RopkiDmMc&s=10

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQgOvqiB1YKC4QkK154HLxT02fjxpp4bUe8n70leoLZgTyQ3x5G1eSXjRI&s=10

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcS3aZVMmndRXYkgklgLdK_kiOP8aA-flGQmjuCpBW0aYrdYC9vDdbIfLU4&s=10

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQEQ6ZxeUTKP_ASALZHdopWgsT9awWgtXoSRDIV5hRYZCfL5p1wZJTo&s=10

HTTP Request

GET https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSK1jhUTAYGJJ_gi9VJX0-cEYFLFtppbnNfMLlaTgw&s=10
142.250.179.238:443

encrypted-tbn0.gstatic.com

tls, http2

chrome.exe

999 B
5.8kB
9
8
216.58.212.195:443

https://id.google.com/verify/AAtmn1YvFX_oJWdDxchOliQqxwc7yxbKou9TdHjcpcAjOyn6tjXQQHnp4PxBdFZsoTQsUU2tYg1TuOZbNba7phcbEJ7NjsjbnnulbuUIV3oXk1pgmQ

tls, http2

chrome.exe

3.6kB
10.1kB
25
23

HTTP Request

GET https://id.google.com/verify/AAtmn1YvFX_oJWdDxchOliQqxwc7yxbKou9TdHjcpcAjOyn6tjXQQHnp4PxBdFZsoTQsUU2tYg1TuOZbNba7phcbEJ7NjsjbnnulbuUIV3oXk1pgmQ
18.66.171.21:443

https://now.gg/4/api/play/v1/reportEvent

tls, http2

chrome.exe

492.3kB
10.7MB
7272
7723

HTTP Request

GET https://now.gg/

HTTP Response

200

HTTP Request

GET https://now.gg/4/play/assets/_next/static/css/3d0ae4c613f4697f.css

HTTP Request

POST https://now.gg/4/api/play/v1/reportEvent

HTTP Request

GET https://now.gg/4/play/assets/_next/static/chunks/387-f6254b434f9fd859.js

HTTP Request

GET https://now.gg/4/play/assets/_next/static/chunks/977-ec7a464880d8438b.js

HTTP Request

GET https://now.gg/4/play/assets/_next/static/chunks/761.48273ba4ec340813.js

HTTP Request

GET https://now.gg/4/play/assets/_next/static/chunks/342.a04cdb571dd2fb92.js

HTTP Request

GET https://now.gg/4/play/assets/_next/static/chunks/880-d27f1c351dda280d.js

HTTP Request

GET https://now.gg/4/play/assets/_next/static/chunks/762.bf3c4693a9b035d5.js

HTTP Request

GET https://now.gg/4/play/assets/_next/static/chunks/webpack-863ad52a87b32f60.js

HTTP Request

GET https://now.gg/4/play/assets/_next/static/chunks/framework-0e1b29c5be962d52.js

HTTP Request

GET https://now.gg/4/play/assets/_next/static/chunks/main-d59f0ad61824b1ab.js

HTTP Request

GET https://now.gg/4/play/assets/_next/static/chunks/pages/_app-6b4509ba4647772b.js

HTTP Request

GET https://now.gg/4/play/assets/_next/static/chunks/744-820c4e9d6c74878d.js

HTTP Request

GET https://now.gg/4/play/assets/_next/static/chunks/935-4b9e2d1de342a001.js

HTTP Request

GET https://now.gg/4/play/assets/_next/static/chunks/791-9b9ba1ed595f533a.js

HTTP Request

GET https://now.gg/4/play/assets/_next/static/chunks/pages/browse-524736e549a67608.js

HTTP Request

GET https://now.gg/4/play/assets/_next/static/hYwyX6eoqb0OVWs2wk_ns/_buildManifest.js

HTTP Request

GET https://now.gg/4/play/assets/_next/static/hYwyX6eoqb0OVWs2wk_ns/_ssgManifest.js

HTTP Request

GET https://now.gg/4/play/assets/_next/static/hYwyX6eoqb0OVWs2wk_ns/_middlewareManifest.js

HTTP Response

200

HTTP Request

GET https://now.gg/4/play/assets/_next/static/media/hue.e6540d39.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://now.gg/4/api/play/v1/reportEvent

HTTP Response

200
18.66.171.21:443

now.gg

tls, http2

chrome.exe

1.2kB
6.3kB
13
14
104.109.143.8:443

https://cdn.now.gg/nowgg-static/social/discord.svg

tls, http

chrome.exe

2.7kB
3.3kB
18
15

HTTP Request

GET https://cdn.now.gg/nowgg-static/social/discord.svg

HTTP Response

200
104.109.143.8:443

https://cdn.now.gg/nowgg-static/logo/nowgg-logo.svg

tls, http

chrome.exe

12.2kB
157.0kB
107
131

HTTP Request

GET https://cdn.now.gg/nowgg-static/social/tiktok.svg

HTTP Response

200

HTTP Request

GET https://cdn.now.gg/nowgg-static/star.svg

HTTP Response

200

HTTP Request

GET https://cdn.now.gg/nowgg-static/social/youtube.gif

HTTP Response

200

HTTP Request

GET https://cdn.now.gg/nowgg-static/social/tiktok.gif

HTTP Response

200

HTTP Request

GET https://cdn.now.gg/nowgg-static/fonts/fonts.css

HTTP Response

200

HTTP Request

GET https://cdn.now.gg/assets-opt/_next/image?url=https%3A%2F%2Fcdn.now.gg%2Fapps-content%2Fcom.ea.gp.fifamobile%2Fbanner%2Fdesktop%2Fea-sports-fc-mobile-24-soccer.jpg&w=1200&q=80

HTTP Response

200

HTTP Request

GET https://cdn.now.gg/nowgg-static/logo/nowgg-logo.svg

HTTP Response

200
104.109.143.8:443

https://cdn.now.gg/nowgg-static/social/youtube.svg

tls, http

chrome.exe

2.7kB
6.8kB
21
20

HTTP Request

GET https://cdn.now.gg/nowgg-static/social/youtube.svg

HTTP Response

200
104.109.143.8:443

https://cdn.now.gg/nowgg-static/social/discord.gif

tls, http

chrome.exe

3.2kB
25.8kB
27
32

HTTP Request

GET https://cdn.now.gg/nowgg-static/social/discord.gif

HTTP Response

200
104.109.143.8:443

cdn.now.gg

tls

chrome.exe

1.7kB
5.0kB
13
13
104.109.143.8:443

cdn.now.gg

tls

chrome.exe

1.7kB
5.0kB
13
13
18.66.171.103:443

https://cmp.inmobi.com/tcfv2/52/cmp2ui-en.js

tls, http2

chrome.exe

5.8kB
132.8kB
87
111

HTTP Request

GET https://cmp.inmobi.com/choice/mw9xJtqPQGFbC/now.gg/choice.js?tag_version=V3

HTTP Response

200

HTTP Request

GET https://cmp.inmobi.com/tcfv2/cmp2.js?referer=now.gg

HTTP Response

200

HTTP Request

GET https://cmp.inmobi.com/tcfv2/52/cmp2ui-en.js

HTTP Response

200
18.66.171.103:443

https://cmp.inmobi.com/geoip

tls, http2

chrome.exe

6.9kB
124.5kB
94
104

HTTP Request

GET https://cmp.inmobi.com/GVL-v2/cmp-list.json

HTTP Response

200

HTTP Request

GET https://cmp.inmobi.com/GVL-v3/vendor-list-trimmed-v1.json

HTTP Request

GET https://cmp.inmobi.com/tcfv2/google-atp-list.json

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cmp.inmobi.com/geoip

HTTP Response

200
104.109.143.8:443

cdn.now.gg

tls

chrome.exe

1.1kB
913 B
9
8
104.109.143.8:443

https://cdn.now.gg/nowgg-static/fonts/icomoon.ttf?o6vr2n

tls, http

chrome.exe

2.2kB
18.0kB
22
27

HTTP Request

GET https://cdn.now.gg/nowgg-static/fonts/icomoon.ttf?o6vr2n

HTTP Response

200
3.77.60.206:443

https://api.cmp.inmobi.com/?log=%7B%22userEvents%22%3A%5B%7B%22clientTimestamp%22%3A1713975238496%2C%22event%22%3A%22startOnPage%3AGDPR_0%22%7D%2C%7B%22clientTimestamp%22%3A1713975243445%2C%22event%22%3A%22rejectAll%3Aclick%22%7D%5D%2C%22acceptanceState%22%3A%22Reject%22%2C%22objectionState%22%3A%22None%22%2C%22tcData%22%3A%22CP9kvMAP9kvMAAKA0AENAxEgAAAAAEPgACiQAAAUNALMNCogD7IkJCDQMIoEAKgrCAigQAAAAkDRAQAmDAp2BgEusJEAIAUAAwQAgABRkACAAASABCIAJACgQAAQCBQAAgAACAQAMDAAGACwEAgABAdAhTAggUCwASMyIhTAhCgSCAlsqEEgCBBXCEIs8CCAREwUAAAJABWAAICwWBxJICViQQJcQbQAAEACAQQgVCKTswBBAmbLVXiibRlaQFo-cAAA.YAAAAAAAAAAA%22%2C%22nonIabConsentData%22%3A%22%22%2C%22clientTimestamp%22%3A1713975243445%2C%22operationType%22%3A%22done%22%2C%22sessionId%22%3A%22GDPR-ue5dduzbkro14ijac7xq%22%7D

tls, http2

chrome.exe

3.1kB
6.8kB
23
22

HTTP Request

GET https://api.cmp.inmobi.com/?log=%7B%22accountId%22%3A%22mw9xJtqPQGFbC%22%2C%22domain%22%3A%22now.gg%22%2C%22publisher%22%3A%22now.gg%22%2C%22cmpId%22%3A10%2C%22cmpVersion%22%3A%222.52%22%2C%22displayType%22%3A%22tcfui%3Amandatory%22%2C%22configurationHashCode%22%3A%22qUckPGoSvWyKIzNFcuKTYA%22%2C%22tagVersion%22%3A%22V3%22%2C%22gvlVersion%22%3A3%2C%22clientTimestamp%22%3A1713975238496%2C%22operationType%22%3A%22init%22%2C%22sessionId%22%3A%22GDPR-ue5dduzbkro14ijac7xq%22%7D

HTTP Response

200

HTTP Request

GET https://api.cmp.inmobi.com/?log=%7B%22userEvents%22%3A%5B%7B%22clientTimestamp%22%3A1713975238496%2C%22event%22%3A%22startOnPage%3AGDPR_0%22%7D%2C%7B%22clientTimestamp%22%3A1713975243445%2C%22event%22%3A%22rejectAll%3Aclick%22%7D%5D%2C%22acceptanceState%22%3A%22Reject%22%2C%22objectionState%22%3A%22None%22%2C%22tcData%22%3A%22CP9kvMAP9kvMAAKA0AENAxEgAAAAAEPgACiQAAAUNALMNCogD7IkJCDQMIoEAKgrCAigQAAAAkDRAQAmDAp2BgEusJEAIAUAAwQAgABRkACAAASABCIAJACgQAAQCBQAAgAACAQAMDAAGACwEAgABAdAhTAggUCwASMyIhTAhCgSCAlsqEEgCBBXCEIs8CCAREwUAAAJABWAAICwWBxJICViQQJcQbQAAEACAQQgVCKTswBBAmbLVXiibRlaQFo-cAAA.YAAAAAAAAAAA%22%2C%22nonIabConsentData%22%3A%22%22%2C%22clientTimestamp%22%3A1713975243445%2C%22operationType%22%3A%22done%22%2C%22sessionId%22%3A%22GDPR-ue5dduzbkro14ijac7xq%22%7D

HTTP Response

200
35.190.88.7:443

sessions.bugsnag.com

tls

chrome.exe

793 B
1.5kB
6
4
35.190.88.7:443

https://sessions.bugsnag.com/

tls, http2

chrome.exe

3.5kB
6.1kB
34
29

HTTP Request

OPTIONS https://sessions.bugsnag.com/

HTTP Request

OPTIONS https://sessions.bugsnag.com/

HTTP Request

POST https://sessions.bugsnag.com/
18.66.171.21:443

now.gg

tls, http2

chrome.exe

1.0kB
6.2kB
10
12
216.239.34.36:443

https://region1.google-analytics.com/g/collect?v=2&tid=G-8VVPTD9ZTY&gtm=45je44m0v883457966za200&_p=1713975236133&gcs=G10-&gcd=13m3l3m3m5&npa=1&dma_cps=-&dma=1&tcfd=10a4m&cid=1556258050.1713975245&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Chromium%3B110.0.5481.104%7CNot%2520A(Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B110.0.5481.104&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&pscdl=denied&_eu=AEA&_s=2&sid=1713975244&sct=1&seg=0&dl=https%3A%2F%2Fnow.gg%2F&dr=https%3A%2F%2Fwww.google.com%2F&dt=Play%20Online%20Games%20for%20Free%20%7C%20now.gg%20Mobile%20Cloud&en=scroll&epn.percent_scrolled=90&_et=5&tfd=14059

tls, http2

chrome.exe

3.0kB
7.6kB
22
23

HTTP Request

POST https://region1.google-analytics.com/g/collect?v=2&tid=G-8VVPTD9ZTY&gtm=45je44m0v883457966za200&_p=1713975236133&gcs=G10-&gcd=13m3l3m3m5&npa=1&dma_cps=-&dma=1&tcfd=10a4m&cid=1556258050.1713975245&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Chromium%3B110.0.5481.104%7CNot%2520A(Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B110.0.5481.104&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&pscdl=denied&_s=1&sid=1713975244&sct=1&seg=0&dl=https%3A%2F%2Fnow.gg%2F&dr=https%3A%2F%2Fwww.google.com%2F&dt=Play%20Online%20Games%20for%20Free%20%7C%20now.gg%20Mobile%20Cloud&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=9046

HTTP Request

POST https://region1.google-analytics.com/g/collect?v=2&tid=G-8VVPTD9ZTY&gtm=45je44m0v883457966za200&_p=1713975236133&gcs=G10-&gcd=13m3l3m3m5&npa=1&dma_cps=-&dma=1&tcfd=10a4m&cid=1556258050.1713975245&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Chromium%3B110.0.5481.104%7CNot%2520A(Brand%3B24.0.0.0%7CGoogle%2520Chrome%3B110.0.5481.104&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&pscdl=denied&_eu=AEA&_s=2&sid=1713975244&sct=1&seg=0&dl=https%3A%2F%2Fnow.gg%2F&dr=https%3A%2F%2Fwww.google.com%2F&dt=Play%20Online%20Games%20for%20Free%20%7C%20now.gg%20Mobile%20Cloud&en=scroll&epn.percent_scrolled=90&_et=5&tfd=14059
192.178.49.163:443

beacons.gcp.gvt2.com

tls, http2

chrome.exe

1.4kB
2.7kB
11
8
192.178.49.163:443

https://beacons.gcp.gvt2.com/domainreliability/upload

tls, http2

chrome.exe

4.4kB
7.8kB
32
26

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload
216.239.32.116:443

beacons4.gvt2.com

tls, http2

chrome.exe

1.7kB
2.4kB
18
12
216.239.32.116:443

https://beacons4.gvt2.com/domainreliability/upload-nel

tls, http2

chrome.exe

2.9kB
8.2kB
27
24

HTTP Request

OPTIONS https://beacons4.gvt2.com/domainreliability/upload-nel

HTTP Request

POST https://beacons4.gvt2.com/domainreliability/upload-nel
35.216.230.172:443

https://e2c44.gcp.gvt2.com/nel/

tls, http2

chrome.exe

2.3kB
5.7kB
17
14

HTTP Request

POST https://e2c44.gcp.gvt2.com/nel/

HTTP Response

204
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.2kB
16
15
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.5kB
8.2kB
17
15
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.5kB
8.2kB
17
15
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

131.1kB
3.2MB
2299
2346

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360313429_1X5GXWWD8KTODKAD6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360313429_1X5GXWWD8KTODKAD6&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255189_1E7XE0SO5A57SENIS&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239351691769_17S178H4I11J3APXJ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.2kB
16
15
192.178.48.227:443

https://beacons.gvt2.com/domainreliability/upload

tls, http2

chrome.exe

2.8kB
7.6kB
25
23

HTTP Request

POST https://beacons.gvt2.com/domainreliability/upload
192.178.48.227:443

beacons.gvt2.com

tls, http2

chrome.exe

1.2kB
6.0kB
14
13
216.58.213.3:443

https://beacons3.gvt2.com/domainreliability/upload-nel

tls, http2

chrome.exe

2.8kB
7.8kB
25
25

HTTP Request

OPTIONS https://beacons3.gvt2.com/domainreliability/upload-nel

HTTP Request

POST https://beacons3.gvt2.com/domainreliability/upload-nel
216.58.212.206:443

clients2.google.com

tls, http2

chrome.exe

1.4kB
8.6kB
17
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

tls, http2

25.3kB
665.2kB
512
506

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360313430_12K7UVO7ZVIINTRIE&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200
52.142.223.178:80

46 B
1
192.178.48.227:443

beacons.gvt2.com

tls, http2

chrome.exe

1.5kB
2.2kB
14
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

21.7kB
574.1kB
449
442

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

9.2kB
221.9kB
178
172

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

tls, http2

6.4kB
141.8kB
118
113

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

40.6kB
1.1MB
848
853

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

tls, http2

48.5kB
1.3MB
1007
1001

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239351691770_1IUJHOACLFVRNOEKH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

tls, http2

8.8kB
221.8kB
173
170

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

tls, http2

8.8kB
223.2kB
173
168

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

tls, http2

4.2kB
87.7kB
74
73

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239370255188_1EKPMYV01DV13G64K&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

8.8.8.8:53

google.com

dns

chrome.exe

56 B
72 B
1
1

DNS Request

google.com

DNS Response

142.250.179.238
8.8.8.8:53

www.google.com

dns

chrome.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

216.58.204.68
216.58.204.68:443

www.google.com

https

chrome.exe

63.8kB
1.7MB
432
1509
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

0.159.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

0.159.190.20.in-addr.arpa
8.8.8.8:53

238.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

238.179.250.142.in-addr.arpa
8.8.8.8:53

234.187.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

234.187.250.142.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

68.204.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

68.204.58.216.in-addr.arpa
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

35.200.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

35.200.250.142.in-addr.arpa
8.8.8.8:53

content-autofill.googleapis.com

dns

chrome.exe

77 B
301 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

172.217.169.10

216.58.212.202

172.217.169.74

172.217.169.42

142.250.179.234

142.250.180.10

142.250.187.202

142.250.187.234

142.250.200.42

172.217.16.234

142.250.200.10

142.250.178.10

216.58.201.106

216.58.204.74
8.8.8.8:53

10.169.217.172.in-addr.arpa

dns

219 B
112 B
3
1

DNS Request

10.169.217.172.in-addr.arpa

DNS Request

10.169.217.172.in-addr.arpa

DNS Request

10.169.217.172.in-addr.arpa
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

216 B
158 B
3
1

DNS Request

241.154.82.20.in-addr.arpa

DNS Request

241.154.82.20.in-addr.arpa

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

apis.google.com

dns

chrome.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.187.206
142.250.187.206:443

apis.google.com

https

chrome.exe

6.3kB
50.9kB
30
44
8.8.8.8:53

3.200.250.142.in-addr.arpa

dns

144 B
110 B
2
1

DNS Request

3.200.250.142.in-addr.arpa

DNS Request

3.200.250.142.in-addr.arpa
8.8.8.8:53

206.221.208.4.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

206.221.208.4.in-addr.arpa

DNS Request

206.221.208.4.in-addr.arpa
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

21.114.53.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

21.114.53.23.in-addr.arpa
8.8.8.8:53

209.205.72.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

209.205.72.20.in-addr.arpa
8.8.8.8:53

consent.google.com

dns

chrome.exe

64 B
80 B
1
1

DNS Request

consent.google.com

DNS Response

216.58.212.206
8.8.8.8:53

206.212.58.216.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

206.212.58.216.in-addr.arpa
8.8.8.8:53

228.249.119.40.in-addr.arpa

dns

73 B
159 B
1
1

DNS Request

228.249.119.40.in-addr.arpa
8.8.8.8:53

encrypted-tbn0.gstatic.com

dns

chrome.exe

72 B
88 B
1
1

DNS Request

encrypted-tbn0.gstatic.com

DNS Response

142.250.179.238
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
142.250.179.238:443

encrypted-tbn0.gstatic.com

https

chrome.exe

3.5kB
7.5kB
8
11
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

140 B
288 B
2
2

DNS Request

18.31.95.13.in-addr.arpa

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

id.google.com

dns

chrome.exe

118 B
150 B
2
2

DNS Request

id.google.com

DNS Request

id.google.com

DNS Response

216.58.212.195

DNS Response

216.58.212.195
8.8.8.8:53

195.212.58.216.in-addr.arpa

dns

146 B
171 B
2
1

DNS Request

195.212.58.216.in-addr.arpa

DNS Request

195.212.58.216.in-addr.arpa
8.8.8.8:53

now.gg

dns

chrome.exe

104 B
232 B
2
2

DNS Request

now.gg

DNS Request

now.gg

DNS Response

18.66.171.21

18.66.171.121

18.66.171.97

18.66.171.76

DNS Response

18.66.171.21

18.66.171.121

18.66.171.97

18.66.171.76
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

148 B
256 B
2
2

DNS Request

172.210.232.199.in-addr.arpa

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

21.171.66.18.in-addr.arpa

dns

142 B
254 B
2
2

DNS Request

21.171.66.18.in-addr.arpa

DNS Request

21.171.66.18.in-addr.arpa
8.8.8.8:53

cdn.now.gg

dns

chrome.exe

112 B
316 B
2
2

DNS Request

cdn.now.gg

DNS Request

cdn.now.gg

DNS Response

104.109.143.8

104.109.143.22

DNS Response

104.109.143.22

104.109.143.8
18.66.171.21:443

now.gg

https

chrome.exe

36.6kB
28.0kB
63
56
8.8.8.8:53

cmp.inmobi.com

dns

chrome.exe

120 B
206 B
2
1

DNS Request

cmp.inmobi.com

DNS Request

cmp.inmobi.com

DNS Response

18.66.171.103

18.66.171.49

18.66.171.20

18.66.171.48
8.8.8.8:53

discord.com

dns

chrome.exe

114 B
274 B
2
2

DNS Request

discord.com

DNS Request

discord.com

DNS Response

162.159.135.232

162.159.138.232

162.159.128.233

162.159.137.232

162.159.136.232

DNS Response

162.159.135.232

162.159.138.232

162.159.128.233

162.159.137.232

162.159.136.232
8.8.8.8:53

now.us

dns

chrome.exe

104 B
232 B
2
2

DNS Request

now.us

DNS Request

now.us

DNS Response

3.162.140.51

3.162.140.65

3.162.140.122

3.162.140.48

DNS Response

3.162.140.48

3.162.140.122

3.162.140.51

3.162.140.65
8.8.8.8:53

www.tiktok.com

dns

chrome.exe

120 B
558 B
2
2

DNS Request

www.tiktok.com

DNS Request

www.tiktok.com

DNS Response

23.209.125.16

23.209.125.11

23.209.125.9

23.209.125.15

23.209.125.13

23.209.125.12

23.209.125.17

23.209.125.10

23.209.125.14

DNS Response

23.209.125.16

23.209.125.11

23.209.125.9

23.209.125.15

23.209.125.13

23.209.125.12

23.209.125.17

23.209.125.10

23.209.125.14
8.8.8.8:53

nowgg.zendesk.com

dns

chrome.exe

126 B
190 B
2
2

DNS Request

nowgg.zendesk.com

DNS Request

nowgg.zendesk.com

DNS Response

104.16.53.111

104.16.51.111

DNS Response

104.16.53.111

104.16.51.111
8.8.8.8:53

www.youtube.com

dns

chrome.exe

122 B
606 B
2
2

DNS Request

www.youtube.com

DNS Response

142.250.180.14

142.250.187.206

142.250.187.238

142.250.200.46

172.217.16.238

142.250.200.14

142.250.178.14

216.58.201.110

216.58.204.78

216.58.213.14

172.217.169.14

216.58.212.238

142.250.179.238

DNS Request

www.youtube.com

DNS Response

142.250.180.14

142.250.187.206

142.250.187.238

142.250.200.46

172.217.16.238

142.250.200.14

142.250.178.14

216.58.201.110

216.58.204.78

216.58.213.14

172.217.169.14

216.58.212.238

142.250.179.238
104.109.143.8:443

cdn.now.gg

https

chrome.exe

438.7kB
45.4MB
4869
35764
8.8.8.8:53

202.187.250.142.in-addr.arpa

dns

148 B
113 B
2
1

DNS Request

202.187.250.142.in-addr.arpa

DNS Request

202.187.250.142.in-addr.arpa
8.8.8.8:53

8.143.109.104.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

8.143.109.104.in-addr.arpa

DNS Request

8.143.109.104.in-addr.arpa
8.8.8.8:53

103.171.66.18.in-addr.arpa

dns

144 B
258 B
2
2

DNS Request

103.171.66.18.in-addr.arpa

DNS Request

103.171.66.18.in-addr.arpa
8.8.8.8:53

40.200.250.142.in-addr.arpa

dns

146 B
222 B
2
2

DNS Request

40.200.250.142.in-addr.arpa

DNS Request

40.200.250.142.in-addr.arpa
104.109.143.8:443

cdn.now.gg

https

chrome.exe

5.7kB
6.1kB
9
11
8.8.8.8:53

api.cmp.inmobi.com

dns

chrome.exe

128 B
448 B
2
2

DNS Request

api.cmp.inmobi.com

DNS Request

api.cmp.inmobi.com

DNS Response

3.77.60.206

18.159.4.156

52.28.50.229

DNS Response

3.77.60.206

18.159.4.156

52.28.50.229
8.8.8.8:53

206.60.77.3.in-addr.arpa

dns

140 B
134 B
2
1

DNS Request

206.60.77.3.in-addr.arpa

DNS Request

206.60.77.3.in-addr.arpa
8.8.8.8:53

sessions.bugsnag.com

dns

chrome.exe

132 B
164 B
2
2

DNS Request

sessions.bugsnag.com

DNS Request

sessions.bugsnag.com

DNS Response

35.190.88.7

DNS Response

35.190.88.7
172.217.169.10:443

content-autofill.googleapis.com

https

chrome.exe

2.9kB
6.6kB
5
8
18.66.171.21:443

now.gg

https

chrome.exe

8.7kB
110.0kB
62
99
35.190.88.7:443

sessions.bugsnag.com

https

chrome.exe

4.1kB
4.2kB
9
10
8.8.8.8:53

7.88.190.35.in-addr.arpa

dns

140 B
120 B
2
1

DNS Request

7.88.190.35.in-addr.arpa

DNS Request

7.88.190.35.in-addr.arpa
8.8.8.8:53

region1.google-analytics.com

dns

chrome.exe

148 B
212 B
2
2

DNS Request

region1.google-analytics.com

DNS Request

region1.google-analytics.com

DNS Response

216.239.34.36

216.239.32.36

DNS Response

216.239.32.36

216.239.34.36
8.8.8.8:53

36.34.239.216.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

36.34.239.216.in-addr.arpa
216.239.34.36:443

region1.google-analytics.com

https

chrome.exe

2.2kB
7.9kB
8
9
8.8.8.8:53

beacons.gcp.gvt2.com

dns

chrome.exe

198 B
112 B
3
1

DNS Request

beacons.gcp.gvt2.com

DNS Request

beacons.gcp.gvt2.com

DNS Request

beacons.gcp.gvt2.com

DNS Response

192.178.49.163
8.8.8.8:53

163.49.178.192.in-addr.arpa

dns

219 B
111 B
3
1

DNS Request

163.49.178.192.in-addr.arpa

DNS Request

163.49.178.192.in-addr.arpa

DNS Request

163.49.178.192.in-addr.arpa
8.8.8.8:53

14.251.17.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

14.251.17.2.in-addr.arpa
8.8.8.8:53

249.197.17.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

249.197.17.2.in-addr.arpa
8.8.8.8:53

30.243.111.52.in-addr.arpa

dns

144 B
316 B
2
2

DNS Request

30.243.111.52.in-addr.arpa

DNS Request

30.243.111.52.in-addr.arpa
8.8.8.8:53

beacons4.gvt2.com

dns

chrome.exe

126 B
158 B
2
2

DNS Request

beacons4.gvt2.com

DNS Request

beacons4.gvt2.com

DNS Response

216.239.32.116

DNS Response

216.239.32.116
216.239.32.116:443

beacons4.gvt2.com

https

chrome.exe

3.2kB
8.2kB
10
10
192.178.49.163:443

beacons.gcp.gvt2.com

https

chrome.exe

2.9kB
5.3kB
5
7
8.8.8.8:53

116.32.239.216.in-addr.arpa

dns

146 B
202 B
2
2

DNS Request

116.32.239.216.in-addr.arpa

DNS Request

116.32.239.216.in-addr.arpa
8.8.8.8:53

e2c44.gcp.gvt2.com

dns

chrome.exe

128 B
160 B
2
2

DNS Request

e2c44.gcp.gvt2.com

DNS Request

e2c44.gcp.gvt2.com

DNS Response

35.216.230.172

DNS Response

35.216.230.172
8.8.8.8:53

now.gg

dns

chrome.exe

104 B
116 B
2
1

DNS Request

now.gg

DNS Request

now.gg

DNS Response

18.66.171.76

18.66.171.21

18.66.171.97

18.66.171.121
18.66.171.76:443

now.gg

https

chrome.exe

9.0kB
10.4kB
25
26
8.8.8.8:53

172.230.216.35.in-addr.arpa

dns

146 B
252 B
2
2

DNS Request

172.230.216.35.in-addr.arpa

DNS Request

172.230.216.35.in-addr.arpa
8.8.8.8:53

76.171.66.18.in-addr.arpa

dns

142 B
254 B
2
2

DNS Request

76.171.66.18.in-addr.arpa

DNS Request

76.171.66.18.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
346 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

beacons.gvt2.com

dns

chrome.exe

124 B
156 B
2
2

DNS Request

beacons.gvt2.com

DNS Request

beacons.gvt2.com

DNS Response

192.178.48.227

DNS Response

192.178.48.227
8.8.8.8:53

227.48.178.192.in-addr.arpa

dns

146 B
111 B
2
1

DNS Request

227.48.178.192.in-addr.arpa

DNS Request

227.48.178.192.in-addr.arpa
192.178.49.163:443

beacons.gcp.gvt2.com

https

chrome.exe

2.6kB
3.6kB
8
9
216.58.204.68:443

www.google.com

https

chrome.exe

12.8kB
10.9kB
58
65
216.239.34.36:443

region1.google-analytics.com

https

chrome.exe

3.8kB
2.9kB
9
9
142.250.179.238:443

www.youtube.com

https

chrome.exe

2.5kB
7.5kB
11
12
8.8.8.8:53

beacons3.gvt2.com

dns

chrome.exe

126 B
158 B
2
2

DNS Request

beacons3.gvt2.com

DNS Request

beacons3.gvt2.com

DNS Response

216.58.213.3

DNS Response

216.58.213.3
8.8.8.8:53

clients2.google.com

dns

chrome.exe

130 B
210 B
2
2

DNS Request

clients2.google.com

DNS Request

clients2.google.com

DNS Response

216.58.212.206

DNS Response

216.58.212.206
216.58.212.206:443

clients2.google.com

https

chrome.exe

3.5kB
9.4kB
12
11
216.58.213.3:443

beacons3.gvt2.com

https

chrome.exe

3.3kB
7.7kB
9
10
8.8.8.8:53

3.213.58.216.in-addr.arpa

dns

142 B
276 B
2
2

DNS Request

3.213.58.216.in-addr.arpa

DNS Request

3.213.58.216.in-addr.arpa
216.239.32.116:443

beacons4.gvt2.com

https

chrome.exe

4.4kB
5.1kB
13
10
192.178.49.163:443

beacons.gcp.gvt2.com

https

chrome.exe

2.8kB
3.8kB
11
13
8.8.8.8:53

89.65.42.20.in-addr.arpa

dns

140 B
312 B
2
2

DNS Request

89.65.42.20.in-addr.arpa

DNS Request

89.65.42.20.in-addr.arpa
192.178.49.163:443

beacons.gcp.gvt2.com

https

chrome.exe

3.7kB
3.8kB
15
14
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
173 B
2
1

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
216.58.212.206:443

clients2.google.com

https

chrome.exe

2.3kB
4.6kB
12
11
8.8.8.8:53

beacons3.gvt2.com

dns

chrome.exe

126 B
158 B
2
2

DNS Request

beacons3.gvt2.com

DNS Request

beacons3.gvt2.com

DNS Response

216.58.213.3

DNS Response

216.58.213.3
216.58.213.3:443

beacons3.gvt2.com

https

chrome.exe

2.8kB
3.9kB
13
14
8.8.8.8:53

beacons.gcp.gvt2.com

dns

chrome.exe

132 B
224 B
2
2

DNS Request

beacons.gcp.gvt2.com

DNS Request

beacons.gcp.gvt2.com

DNS Response

192.178.49.163

DNS Response

192.178.49.163
192.178.49.163:443

beacons.gcp.gvt2.com

https

chrome.exe

2.8kB
3.6kB
10
10
8.8.8.8:53

159.113.53.23.in-addr.arpa

dns

144 B
274 B
2
2

DNS Request

159.113.53.23.in-addr.arpa

DNS Request

159.113.53.23.in-addr.arpa
192.178.49.163:443

beacons.gcp.gvt2.com

https

chrome.exe

3.8kB
3.6kB
11
10
8.8.8.8:53

clients2.google.com

dns

chrome.exe

130 B
210 B
2
2

DNS Request

clients2.google.com

DNS Request

clients2.google.com

DNS Response

216.58.212.206

DNS Response

216.58.212.206
216.58.212.206:443

clients2.google.com

https

chrome.exe

2.1kB
4.5kB
9
10
8.8.8.8:53

beacons.gvt2.com

dns

chrome.exe

124 B
156 B
2
2

DNS Request

beacons.gvt2.com

DNS Request

beacons.gvt2.com

DNS Response

192.178.48.227

DNS Response

192.178.48.227
192.178.48.227:443

beacons.gvt2.com

https

chrome.exe

4.2kB
7.6kB
14
15
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
346 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
346 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
346 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
346 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
346 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
346 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
346 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

DNS Response

204.79.197.200

13.107.21.200

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
1024KB

MD5
7b7fb52fc9471ea920e710cc0fe4b809

SHA1
c73e0b9b56118d928fb22a2b30c0d632037cd557

SHA256
e7ecfe84fbdc838f4305bcdfc6883672d3cf3b83b816f6e423152e00512d1dcf

SHA512
be318c58d355d86c0449c43b33500b54e84e25d47f19875e42bb15055f4c4cff9fea5fb3f0a423100dcf5ef7b0f4852eead38f1e0662d588e439b6d02f44a327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
1015KB

MD5
9c3c40537eae11bd94edf6baaeed71bf

SHA1
e3353cfc46eac0b17f28e7c6655b858bdc0ab5cf

SHA256
fb3d38e4f1f31de2955c145e1cc0b4024ebc0ba5598279791335144d4b532afa

SHA512
e2c61a7aa0339e326f535831b31f4e7d3713e7477fbfd2d320fd30acae7215afc05775a600de4daf5b951654268de5b937aee06d24b57ce7b96426180172a1e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
1024KB

MD5
262f7256ab87bb5baae7c1c6d462bae3

SHA1
16f7afdf7f4e88a914522ee47306d14a6e9577bf

SHA256
bc4863bd2ef1d23d28cd9b473c040b0fd90144fe5c6ff5332ff26f85c8bd84be

SHA512
50c9d13dec8a9d480c9ac50d38116dfa1c74589514f37591a7843884fabbdb7f644f324c80fc36672b61b25651f1ef87468c8410b1f8d20a9a91ece726886259

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
1024KB

MD5
4c854f6a720679c21e3dde00ee038b9e

SHA1
72e1207b3bc3c6ac1c1979feb2c125f4c78c9844

SHA256
c238d5a6a17192cf7addeec1c10ab944872755ec0418ff5f7e60fa69635a2f3c

SHA512
ab4c7ae50bc4797ffe8886ae48041896e02037a8588bb3be7eeea500531943c07dcd9135111d0583eb203a44a14a0332ce46e7b21e4580b309f24bcb5c3eadb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
1024KB

MD5
f880e5d621107dd435f3ed74df80522d

SHA1
53fc8d2a747f1f0d7194585f956611ec6839a821

SHA256
1394824159131d82f945a96a8b50fc3c5015bdd94b37e53cd0eb0251c7c3878d

SHA512
32ab049f08b31f1ffe5bcd29fd8cc64e134b5132060a5ab9c8bbd386c26b34f6dfef487ed2a52eec665d8084df69cf5ecad4e8853c8d21e2153c81266f3d8126

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
943KB

MD5
449e7fae4863f1b10edfaead29867352

SHA1
6ab3e953e92de97d0f663fc96be3ec8f2dcd2b30

SHA256
fea10ffcdb1d1f9e3058222c2dd50daba799e82e8d32716213e0be574a1facc8

SHA512
99b26f620da0193be6471747003e375f98b86a0bd3eab8734c9e16b8a3682810ec113597b5e196cbcc209a64f811976d41d86544fd54b14b228f2ebe3080d2ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
1024KB

MD5
17afb5e62a7288fef19d7804849f39d9

SHA1
633a9b95dcd1ca50d1e594dcb47b500f8efcb5d7

SHA256
ec5da423bf6db5c0224d777cceb85c142b1fff7d36f48ba255602b9f42f0fd5b

SHA512
2ff0c66677b99d7597909a2ed44fa36423d1d16b62cd6c085868653ae3e7f6cac611442efe4e470c8db778de98f69e6ee076a7d664036203c37d0786d40ca615

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
1024KB

MD5
05ef52ddf5cbcf0991218279d6f21845

SHA1
6bba1d2495eed4daf5c0b8667223f828a37bb44c

SHA256
a38e2ef831702d04bd041b662b5213a25fad56dc630786e8829516f1eba2f7aa

SHA512
d6fae391e4a3c86217ed96e1bcc47ca4f84208c2f40e89f9cc684c81d0246b1ddf56db98468e19a58dd9aac22fb3e28cb043584d229249fd85838a0d1d04b81d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
1024KB

MD5
bda6147b324f6d1c522cc7e379f2fc82

SHA1
2b7b81867e20e91b91868eb1d48cae5360dd1a86

SHA256
4801ba71eddd7737f7f4f6fce6e401890cc10829d3029ba654b9057be1950d9a

SHA512
422a2919b134443dcd205998794375a9de1574cefbbf1d9e5f2a3e040e9adfc934234f976e79cbecfe3232095746b0a1353a780126450a818f15a13d4f1a1d53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
733KB

MD5
46b068660e469e3d67cfac9c4db6048b

SHA1
143b88c463a74e5b138472a459d0b5040c7cc66a

SHA256
d1dde8d3e590ebabd307729c2d5b3b110943a5d4489833f26aa9fd28b10af05d

SHA512
6a2e1a7d442761299e8d6c3bc2eb5e7de57cda18135e8a958e06b4fa5823ce159b370899ada04b39b3ec640714c33af1124105be40680cd810ba82ed5c00dd27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
733KB

MD5
d0b57c83517e7cf9d4bf3e82e721726a

SHA1
863255225a87782b6299b03b66d61c8350dba522

SHA256
9fc07b4379d608bdb9cb3517e027713a1d9f1cd039a0a5d7572d329dc3855023

SHA512
847ad61c5ecf18560511176d11d5d65734c3389f0a44316bba0d3c0990e95b3a1da37418c706ec9f7487d1e9c6950ca84e910686eadac7aa680c3cbf65559da5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
1024KB

MD5
4f5d308c586b936ac71cf7ad2249af9f

SHA1
6b6703785da84d9eca95122b06844c003edb6a3b

SHA256
a0e8d1c5eb572e3e66b6e17b967ac645bd1b8e13a296d6a6de7e6a0ee09ccb3c

SHA512
aa3908a0c198b17f853f647b0276f9341c8f0b56cc9e30a29a50c92dba8c224ca8d8907511be95bfaa9ab4ac0e79289a8e80c53f13e3ea59fd048e0bc06904f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

Filesize
1024KB

MD5
96958d53bace93f213b273dda3c1b4b6

SHA1
ee7af5ee1206f677291285583fd90a8a0f102bac

SHA256
cdbc8304a99c65edf33d26a5536c0f9ecbab4194844928d160a7967b85c96de1

SHA512
e81d9ae790440b2850cb81153a5630923e1f44f31988cec3359932780465a8ea9e3b8ba4c56c91a6d3f0cf2f5e811b59788fd3d21756144537bc527ebedb68c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
1024KB

MD5
15171971e6c97c015c4512e80becc6b7

SHA1
710904fa97e5eb480f4393e641a12a4dc33e1966

SHA256
4226be2ccb339bb5932e415408d7d5af0e22a8bd5dd4df8b33d92c446f0cf6c1

SHA512
1bb65710947da88f3e30a4995ef0373e1dccc7cd308124be236cf629c3db5c31918f38d2e4622cc8846e780c2a1b697f252c31cca8657cadefa61b69bae1ec3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

Filesize
1024KB

MD5
0e66883c88c4c08e6f617ad95e8ddcb8

SHA1
f169cc837fbafedcbb462e47beb7bf6c7ff5991a

SHA256
6e224451b52908856e92197707f3c67703549759557d8cbdee088f9d78a4ec5f

SHA512
d5cef266f5216c36a202ba4c5f90009f33115cafdfcf85743aebbf22d2b2cd986d8c727ce30dab8e27aebacc6cccc2d9904aa97210836fede240123f7797f101

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
1024KB

MD5
24eedb20c62b020a19b7616294013012

SHA1
e7d75c3dc76cc5138f5ade7eaaccc35999028e73

SHA256
d3278a167a1ec236287a3c0c2970f4d46c907b5d62284e696c16cdd2929423cb

SHA512
63d9ffd7c9324669fcf5e0a6b2da18db1e2d5718b29afe0ed894f1e737fe87be4cbcf5747c3d7ef38f7fe2639f5bdff24debf76155d6e232da19c9a1245dd20c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

Filesize
1024KB

MD5
3e72cb741014136dbd20dc2baf81213f

SHA1
b85b1a405d5cff6f0f54fd5333a180401462c947

SHA256
cd08af323a47c3b3a19fdd4734bcd083dfce9d0b6bcdd5552bda710fb90028ec

SHA512
f352e1c56cdc21f3c0e94cc087a8dad28cea4c1ee0f98b4ad067d3cd17a431a4dcb41f7e17c1b50abc2cbe88df48a6cb45b0b187eb08661519f1809fb9c2c434

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
73KB

MD5
3fd6ba057dc973d0852d12031c5b4948

SHA1
4b230ca42913e8283101e39a2759a19cedd9861a

SHA256
a6cb111cb472300a4a377f751378db2d9f109945397f56667fa3ffdfd4b394df

SHA512
ee8482365ea7628bcfbeb907a84ab56bc6a7f2dc258625606cb03084509353ef0693c06ea1696334d73978c24b568090b98317dbc93d145059ed59f127748ed4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

Filesize
1024KB

MD5
c866c1e4f53e2e0a1ff25b9764b018a6

SHA1
554580485e02b923a0686a43fe74e737ad0cf72a

SHA256
a6d6811130156b23b7ef11509df0e47b25c2c07e897bff0d989ff82fe413d23e

SHA512
6547fdbd343ba19440877c005c8bc6f4641a16d5bf264e6bf258ed5c1a1f6a6ffa0e1f85edb28c2b53623d0ca276737aac2a41246c56e78e4ea4cf3a205870d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044

Filesize
1024KB

MD5
ce860df8d1e54058984528206708b2ce

SHA1
52664aa0d046118fbafe15213773bcc729e67d89

SHA256
3919f1d6b4b52562969cf17a4a545b30ebad85bf2b001c1241661795cdc7314c

SHA512
808606932b2f33e54579a2ed1f051f1eb5f2a4b049df6fb1e2e793f244b1886346d08003e6a6fccc35cdb2eba406fafadc43fa8bef310530231d66a03ac1870c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

Filesize
1024KB

MD5
928e0facc108e9ef4c9135002c24a67b

SHA1
840042c34117b8f7c3086bcbf16c35e9ba83cb41

SHA256
b6f0853089fccef19aae9f3b4a9a9e12a9e92447f96650029868cf0be3797f45

SHA512
989dbb2e6ebafd64dec57ce597d4c4f1f3ef4e87f677285fe1128974e9c126da499dc925f8d0aa7328b225e5e051723dcc9d84aa33731d7e12cd6842e509d264

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046

Filesize
1024KB

MD5
efb66916dd3643124e87c152ce0dd77d

SHA1
08ba9ce114ca2a11c78668b656e6a849558e6936

SHA256
39b57c03a8bc869a50041e7bc0f285d4fa228a0bdba9839024a4ba87774fa76a

SHA512
199ca700c3265eeb993f55eee70614a025c62de73bebd8403d1d3ae7a173a2db1c8d36c7481c7dc239052945a4498bb16b2c1e717c5205e33f85751d59ba63c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

Filesize
197KB

MD5
ab0ff3e89438c7e48f550484c6c5f339

SHA1
bb79388ca94d1d59dceab2986f6b9dfc10292a43

SHA256
1f358bd8401c9d8bf7411f10b230bf90bae4e5071b01cd664a4f71ad78d6e8da

SHA512
2b6d8aafeed934277024f8d9171045de9e7b8d34e51634e3df33ff055071a25d960b5c8f90c92827bf6559f5a9b037bf46dd67f8588fb1dd7fb8c9527547dc58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048

Filesize
1024KB

MD5
8ddd7a7c91d792369d7b9c262498b780

SHA1
bd9a7e2e6fa4c0f49e03aa6ea9b7edbca18f92d2

SHA256
ff84c1ed6baa87a719dec1552d8b156d5c5f22aedc6f6262f1411a0bed67571e

SHA512
3dd2908ae6360dc23ab798c33fae115c4f2e7b4ae9091a26667f554d5ce301e9caaa41633d35b58b235ffea0eedfe54703d90d335d5cf2da93ad3ba2eb90c142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000049

Filesize
1024KB

MD5
c85fa306d96798a9beee79c1c13c4e85

SHA1
4b4acaa03cf110b444e1b2f3d1b8ad1551d2f7d2

SHA256
6e70e4632b46f2f4230007adb07f511d8be8e002d974e1261a7949a02e23387e

SHA512
e253ee13c8e6a67899342a85021d78c85ca19f3f75a28e43912b664134706338262245c56628ea09465977bdf5ecebbb00ad089d221d63a86d588cfb3825774d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a

Filesize
1024KB

MD5
caa8ec8ead8329d67a5f07f94ab12b42

SHA1
6e1d05601859d2a0170865ecb6c14f2e517bc225

SHA256
a83d42e04cb34b11cd8ab3ad286a00c0e5da8b06ab5b42cbc5a27358befe9785

SHA512
9cfb163a6ad2e54dcad088c38bfae682f8ae3c6bd21874d6327480205cc72f4c1ea92f4fb0a27b1f6d65793f613ad25689eac11e7c679643e99515969d4f6690

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004b

Filesize
1024KB

MD5
a5f6d23648c09fbc3338e7b7785bd061

SHA1
ec297248e95f1e22db6b75335c07bca5be8474c3

SHA256
d0cd64fa4fd365cf77d0b06b23433bf1e370feb1a6499c71f9b9b8e234b0f8af

SHA512
7a1e6aed68c92b0539578db7fe49e363a6815bca815c598af802a968fc5f45cd13aa37f56113056ecbd89c240cc070e582b53760b5ef6d221da10972bce8394d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c

Filesize
1024KB

MD5
cc14e6006353e400895d76231b057b91

SHA1
3158d3eda2e0970a7bd24bc9e3362ef49c040f97

SHA256
e56523e387bdc6761aee25ef61d8af3ca8b4cfe9ea8402ba95b24dd642c59bf0

SHA512
72c63db33b92deb8f2c46b1ed590158fae01178b411ead1b6df3b085d1249fad06561f2f9e39d52836058346cfcd3aaf3425808f440910ffab0e6fe704696db8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e95eb8b540de14ff8f39367c6b0f06f4

SHA1
9654299968783994b4b305843abc510df68ed0d6

SHA256
3e7435d9693374eb9d63b4ac160d68258bda5d123cf944feeeac54e3097049ff

SHA512
91d0fe92bd09a1d7e5fb1fe535d381bd95f2d020190e7b6bac0125f6e5e85d0393227b6644b13277769f336ed8a143394b7ce563d157f10d9c387d9d4bfa6bb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
6bada75deffa8474432d81ef67418111

SHA1
9815c7f955aac0f57266896fa35dc5c542228ee8

SHA256
5bb42de45910f7a158b0f3a249054f713adaa0af22582159732cb72c2c88bfc9

SHA512
04e6b5a211da52466ffa58d81b3c931102e3d4aa4ba2fadeed95876c96a17883701188454393c6e91226e2d14abc94af538cf3819870102a8d33fcfcb53257d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
3daff5ec6fe5e8bcbff347744b0d828f

SHA1
519049919e865c140da4327b1e22b65d7e237074

SHA256
c91f78c62eca0fb705d26cc8c9f53127e44e7befe656c04f0073d4e41da0d88b

SHA512
ffde6db5068ce07f039df0372f5bdced0f5b354e95b10d7f777da2ddb8c2c5ffdb7e9b1ab14ae58e71732f929b65c4420bfad26e4e1eaed63e0987f6ef851af2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ccdecab31ac24d0151f93e6c206655d6

SHA1
d85622dc6e3daaa3710996549bc2b8b27f51e465

SHA256
ce1afb58907b8c7d4fb7224bbe02c99ec19f6dd02b69cf1e811115538c5b625b

SHA512
6259f3030fd1182522b23757dac932f448eb9ba4ffd62cfb12d6b14a5eb6f720f1e4dab37c13432c625b156fb494303b25c9f0d173d379daa74c6b65f8170241

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
c90b1a07a43acf490dab1711034b1ba0

SHA1
4ccb6625284831c4bfbf65262d3176a27698e5c1

SHA256
152b1ba924c06b7260adc526126b96c9b08a49b6bc49e103b98a0179fcf8d915

SHA512
a047c199ec51b61d2132c1ab97f03bdaa845c59ada995706c5b15aab253246c7d1a4700613ca5e77ab8e047b8840848b8a61594d3df5189799e4c931909c7620

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
2ae739c6f55e79697d48b11f1fb352b6

SHA1
e0213f2676fc4109a3308c1774ed059adf2973af

SHA256
cc6e6fe98aa90341042bf821b5249d5e741312fb80aa1b4da3daa876e89dc569

SHA512
67ead19f34246ef8b1473f057f2b59aac243295765b41c7306c8227ab6a3e970b3d9f2aaf320787276e808c94851d8dabafee90ef0ce248e619bc22407961cb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
6c2dc4b40d8de6eb95a52377cabed330

SHA1
c78c4e386e6711fa284d835389741675f7adde12

SHA256
c3850d53a4f1486696b3db4c018af7b86827c66350babdc828f66abf2b3a618e

SHA512
7d9954c741bc603dfe5991724eb9f4109e27c106ce5bdab109622ba84c5a3b7e2ab44dbdec998be5e760cb6b4ffd0d6aa2663ba3914909c1908570de2551087c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
fdc4891a2f318440b67d3cd5d9788a91

SHA1
20e3b60f222cb65643886f3db47ddbb4d23b6c4a

SHA256
9bfb433a0711434b059d73e134ce86e667ea2bea69b025c17deae2a1d5529870

SHA512
a074c38ec41433c8e8fe9c38010f30dcb0d3ef664f7bfd815e03afa44299ca91f3f743bdf67cb92d7e34cdb9cfe3b5bcab1487953f97cec92334b4fa44867c66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
2164c45b9c5819205499b1540f6f9513

SHA1
26171b700ce4d8be03823fb7e83bc692543cda7f

SHA256
bd2fc0a5251c913f50a8ccfc61430ddbf4efc385270a73094014e7ea1616b157

SHA512
85193a5346a5031929b6470f9d82aff0d19a0ad23fcbd0a3af829bb64e4ce052fc48e7ca563ca2954c2129e28dfd4041a7be9a43174e620a326ed5b628d49a8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
053d3ad1f73843e7c84f9f71f2fee916

SHA1
da6cdd945445cff2ee109980ae131f96fd34ee73

SHA256
138179ad5eb60266916e3be4030d8767782824f1c373766cc2b8f15e8297f72e

SHA512
ebc5cf3238aa2f901c53ba2a48cb5e290e17d8cafd57451231ed669fc9dcaedca97431a48fda6f599073a5c6ea9721958f544645e1c6dcbb84f85974037dccf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
c666180d350995227ad1e90c8bbec32b

SHA1
63b5d2e33ca65bea01cb6af7f6f0b81e913be955

SHA256
448ea38778497a6f38a525e1ab23058cc7f5d85aa6d79914f4a43a545b2d1d00

SHA512
4382ba64362ee15e94435a1f204b78c498802e7fa60bb6afc1443b29aee9bfaf5b05a8208094e05e18bb1bd7f284d197c3cc9e36521cfa229cc94a0d23312bbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
4d5fb7e3be52943dc3e1b7ac3e67cae4

SHA1
686ff546646d79a24b08e87d0d44b593756b2413

SHA256
5dde526d4ec0f3202c6a4497349cb92b6b2095c954eae33449c18737e3f2d9b0

SHA512
2a5fcda85bf73397118962311ea61e51342ab7d8a5c1b0ef99a2d4fcd37e70f552d36ae509bba0eef14884fefbd8dcb4de11d6126d22fa596d7d859edceade53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
cd355e4fb8262efcd30785217f9000bc

SHA1
3021ad97156b9726bf3066bc0aec4259e4df22b6

SHA256
fbc73153125ccc4d123648d82fd7c71643fa2bb233e73009dafb2e579c7bb6ae

SHA512
bd9d3da6c7f6ed6c4c5075f964d953fd28a2fca576c17ada151754ca7618415bc5feb38c79987a3ca7ba900c4c94fe8a33768f50c944499c01460dcac4e18398

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
56ae90d30847ed0aa0d639c24c29a578

SHA1
bda1b64162a0cfc3c0bacb9e494ddff89e97b559

SHA256
8c1237fe4710c7332d73869de3fd3d96d7b16c994a86f2237622edd38bc6fbe1

SHA512
a9b277cf3dfa0063d0eb3ebbdb2b82e678c9952732f1607c74f857aaafac9aa512d00897cf300db7e0cfd54370fad02cd28d30ca78a5a282baf3f96f0c3e8f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
411ea447dfdd5657302742dfcb1c48c0

SHA1
f8b53cdc2d774c5cf3b55a9adb99ae3f64e158f3

SHA256
03c672da71d0c85cc414af7a41df23bdfc82c0a083b3faa17b571db4bd67fa1d

SHA512
ef26cafc407600622155d5caf548987d3d7a7d162d0f411fa781e5311d54ac66a519d7165d5f9950a4e4781622e149f6a396d627fc2c1b3e671f09eb001871c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6b77003c44a69058ea399f912038bc4f

SHA1
520897f537ba2aa0973eb81250b0783663e71b5d

SHA256
f6d0e4c2abbfbddb2e5528cddd3b45bdc92744edd5fb0e431043ab4f367b0351

SHA512
97940e33f481a5d386fe7aca69496627b9097f591bc08fab4cb9c604ce94dd1fa2f675f6ec608025c2df75435db9b7ad261319419566799ec55ae8069fde0a29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
1990435d88c580b8274500ee1992dcff

SHA1
810c59f1af5cfd8ac5f1a23a189cf520b55038c9

SHA256
0329da8b905573079467357d406dd1ba7f3a97d6bd8ae72f105d00d182d75b5e

SHA512
97984c5144eed6217c0d464f3a8fe3ba77517417e153331ec7ca3f11fd85becd5cabe26101335863dd6b424da5c36a16546bc912752a90dd1264d056fdb392a5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response