hxxps://google[.]onsimple[.]workers[.]dev

Resubmissions

24/08/2024, 10:34 UTC

240824-ml72xawbph 5

24/08/2024, 10:30 UTC

240824-mj478swarf 5

24/08/2024, 10:28 UTC

240824-mhzalaxejr 1

24/08/2024, 10:24 UTC

240824-mfgyjavhmb 5

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 10:34 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.onsimple.workers.dev

Score

5^/10

google discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand google.
phishing google
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2592	msedge.exe
2592	msedge.exe
2028	msedge.exe
2028	msedge.exe
3572	identity_helper.exe
3572	identity_helper.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 1840	2028	msedge.exe	84
PID 2028 wrote to memory of 1840	2028	msedge.exe	84
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 1560	2028	msedge.exe	85
PID 2028 wrote to memory of 2592	2028	msedge.exe	86
PID 2028 wrote to memory of 2592	2028	msedge.exe	86
PID 2028 wrote to memory of 32	2028	msedge.exe	87
PID 2028 wrote to memory of 32	2028	msedge.exe	87
PID 2028 wrote to memory of 32	2028	msedge.exe	87
PID 2028 wrote to memory of 32	2028	msedge.exe	87
PID 2028 wrote to memory of 32	2028	msedge.exe	87
PID 2028 wrote to memory of 32	2028	msedge.exe	87
PID 2028 wrote to memory of 32	2028	msedge.exe	87
PID 2028 wrote to memory of 32	2028	msedge.exe	87
PID 2028 wrote to memory of 32	2028	msedge.exe	87
PID 2028 wrote to memory of 32	2028	msedge.exe	87
PID 2028 wrote to memory of 32	2028	msedge.exe	87
PID 2028 wrote to memory of 32	2028	msedge.exe	87
PID 2028 wrote to memory of 32	2028	msedge.exe	87
PID 2028 wrote to memory of 32	2028	msedge.exe	87
PID 2028 wrote to memory of 32	2028	msedge.exe	87
PID 2028 wrote to memory of 32	2028	msedge.exe	87
PID 2028 wrote to memory of 32	2028	msedge.exe	87
PID 2028 wrote to memory of 32	2028	msedge.exe	87
PID 2028 wrote to memory of 32	2028	msedge.exe	87
PID 2028 wrote to memory of 32	2028	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.onsimple.workers.dev
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0dc446f8,0x7fff0dc44708,0x7fff0dc44718
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,18218692266207102572,14866367761047448022,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,18218692266207102572,14866367761047448022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,18218692266207102572,14866367761047448022,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,18218692266207102572,14866367761047448022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,18218692266207102572,14866367761047448022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,18218692266207102572,14866367761047448022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,18218692266207102572,14866367761047448022,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3896 /prefetch:8
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,18218692266207102572,14866367761047448022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,18218692266207102572,14866367761047448022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,18218692266207102572,14866367761047448022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,18218692266207102572,14866367761047448022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,18218692266207102572,14866367761047448022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,18218692266207102572,14866367761047448022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,18218692266207102572,14866367761047448022,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,18218692266207102572,14866367761047448022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2664 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,18218692266207102572,14866367761047448022,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,18218692266207102572,14866367761047448022,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,18218692266207102572,14866367761047448022,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1596

Network

DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

google.onsimple.workers.dev

msedge.exe

Remote address:

8.8.8.8:53

Request

google.onsimple.workers.dev

IN A

Response

google.onsimple.workers.dev

IN A

172.67.197.234

google.onsimple.workers.dev

IN A

104.21.34.45
GET

https://google.onsimple.workers.dev/

msedge.exe

Remote address:

172.67.197.234:443

Request

GET / HTTP/2.0
host: google.onsimple.workers.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
sec-ch-ua-mobile: ?0
dnt: 1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 24 Aug 2024 10:34:27 GMT
content-type: text/html; charset=UTF-8
cf-ray: 8b82b0a0fe5463bf-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: public, max-age=14400
expires: -1
set-cookie: AEC=AVYB7cqdygPn4UvrDnnarRWJX82hoyG1_2kb6MyzyCo2sQIK7BGCGgIxEgs; expires=Thu, 20-Feb-2025 10:34:27 GMT; path=/; domain=.google.com.hk; Secure; HttpOnly; SameSite=lax
accept-ch: Sec-CH-UA-Platform
accept-ch: Sec-CH-UA-Platform-Version
accept-ch: Sec-CH-UA-Full-Version
accept-ch: Sec-CH-UA-Arch
accept-ch: Sec-CH-UA-Model
accept-ch: Sec-CH-UA-Bitness
accept-ch: Sec-CH-UA-Full-Version-List
accept-ch: Sec-CH-UA-WoW64
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: unload=()
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
set-cookie: __Secure-ENID=21.SE=sLDbcslhWS6WfSTw0Q49wQMMhUzhxx5MU4u9TLjvOG69bYXt5mEsM-4U1EcCj1z_9fXn84Hi8syUMGeJ12Thl82X_ezTUuDAKEP3yQO1sDgwYVqBFhoXPfxuFWTk30ltcfhdjFwXs9KQ4ylMjUFUu6Y_4GETzLDMoI3ovg5-lTXsUqpVZ2GUJCtV2dYgmLHL; expires=Wed, 24-Sep-2025 02:52:45 GMT; path=/; domain=.google.com.hk; Secure; HttpOnly; SameSite=lax
x-frame-options: SAMEORIGIN
x-xss-protection: 0
vary: Accept-Encoding
server: cloudflare
content-encoding: br
GET

https://google.onsimple.workers.dev/xjs/_/ss/k=xjs.hd.5quDWl5YgmQ.L.W.O/am=AFEAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAEAAACAAAAAAAAoAAISACAAAA2ACAAAAAAAgAIAAAAAABAAQAAAQQwAAAAAEAAAEQABAAIEAAAQAAQAgIAEKAAIVCABASAIAoBAAAABgAAQhAYYBiAUAHAKEAAAAAAgIAIAAAAAGoEIEAAgDwCAeAAIEYAAAgBHYAAAAgAEAACABAQwAAZQAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAACCAACAAoAAAAAAAAAAAAAAAAAAAAAAE/d=1/ed=1/rs=ACT90oG-2fg6zs6V71LA_-psr1SHaaoDmA/m=cdos,cr,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl

msedge.exe

Remote address:

172.67.197.234:443

Request

GET /xjs/_/ss/k=xjs.hd.5quDWl5YgmQ.L.W.O/am=AFEAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAEAAACAAAAAAAAoAAISACAAAA2ACAAAAAAAgAIAAAAAABAAQAAAQQwAAAAAEAAAEQABAAIEAAAQAAQAgIAEKAAIVCABASAIAoBAAAABgAAQhAYYBiAUAHAKEAAAAAAgIAIAAAAAGoEIEAAgDwCAeAAIEYAAAgBHYAAAAgAEAACABAQwAAZQAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAACCAACAAoAAAAAAAAAAAAAAAAAAAAAAE/d=1/ed=1/rs=ACT90oG-2fg6zs6V71LA_-psr1SHaaoDmA/m=cdos,cr,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl HTTP/2.0
host: google.onsimple.workers.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 24 Aug 2024 10:34:27 GMT
content-type: text/css; charset=UTF-8
content-length: 1795
cf-ray: 8b82b0a3795b63bf-LHR
cf-cache-status: DYNAMIC
accept-ranges: bytes
access-control-allow-origin: *
age: 7486
cache-control: public, max-age=14400
content-encoding: gzip
expires: Sun, 24 Aug 2025 08:29:41 GMT
last-modified: Fri, 23 Aug 2024 22:21:07 GMT
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin; report-to="gws-team"
cross-origin-resource-policy: cross-origin
report-to: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]}
x-content-type-options: nosniff
x-xss-protection: 0
server: cloudflare
GET

https://google.onsimple.workers.dev/xjs/_/js/k=xjs.hd.en.rGUuk8I9qQM.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAhAAFAACAAgAAAAAAAAAAAAAAAAQIAQBAAQAAAgA4AICCABAAQEAAACBAEIBH2QAAAsAEACAAAEAAAASAAAAQAAAABgAAQBAAAAAAQAEAAAAAAAAAAAAAAADAAAIIAAAAAAAAAAAAAAQAAAAAHQAAAAAABAAABAQAwAAZQAAAIAAAAAA9AAgegIMUFgAAAAAAAAAAAAAACGCCYC4koCAAAgAAAAAAAAAAAAAAACAlTVzY/d=1/ed=1/dg=3/rs=ACT90oGj4dHIv49zE7dPtZ8QAIVFFYi7zA/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:wJqrrd;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;Erl4fe:FloWmf,FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hPyGBb;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IZrNqe:P8ha2c;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe,KG2eXe;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,cr,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl

msedge.exe

Remote address:

172.67.197.234:443

Request

GET /xjs/_/js/k=xjs.hd.en.rGUuk8I9qQM.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAhAAFAACAAgAAAAAAAAAAAAAAAAQIAQBAAQAAAgA4AICCABAAQEAAACBAEIBH2QAAAsAEACAAAEAAAASAAAAQAAAABgAAQBAAAAAAQAEAAAAAAAAAAAAAAADAAAIIAAAAAAAAAAAAAAQAAAAAHQAAAAAABAAABAQAwAAZQAAAIAAAAAA9AAgegIMUFgAAAAAAAAAAAAAACGCCYC4koCAAAgAAAAAAAAAAAAAAACAlTVzY/d=1/ed=1/dg=3/rs=ACT90oGj4dHIv49zE7dPtZ8QAIVFFYi7zA/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:wJqrrd;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;Erl4fe:FloWmf,FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hPyGBb;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IZrNqe:P8ha2c;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe,KG2eXe;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,cr,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl HTTP/2.0
host: google.onsimple.workers.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 24 Aug 2024 10:34:27 GMT
content-type: text/javascript; charset=UTF-8
content-length: 376090
cf-ray: 8b82b0a3795f63bf-LHR
cf-cache-status: DYNAMIC
accept-ranges: bytes
access-control-allow-origin: *
age: 16826
cache-control: public, max-age=14400
content-encoding: gzip
expires: Sun, 24 Aug 2025 05:54:01 GMT
last-modified: Fri, 23 Aug 2024 23:34:05 GMT
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin; report-to="gws-team"
cross-origin-resource-policy: cross-origin
report-to: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]}
x-content-type-options: nosniff
x-xss-protection: 0
server: cloudflare
GET

https://google.onsimple.workers.dev/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

msedge.exe

Remote address:

172.67.197.234:443

Request

GET /images/branding/googlelogo/1x/googlelogo_color_272x92dp.png HTTP/2.0
host: google.onsimple.workers.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 24 Aug 2024 10:34:27 GMT
content-type: image/png
content-length: 5969
cf-ray: 8b82b0a40a4e63bf-LHR
cf-cache-status: BYPASS
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=14400
expires: Sat, 24 Aug 2024 10:34:27 GMT
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
vary: Accept-Encoding
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
cross-origin-resource-policy: cross-origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
x-content-type-options: nosniff
x-xss-protection: 0
server: cloudflare
GET

https://google.onsimple.workers.dev/images/searchbox/desktop_searchbox_sprites318_hr.webp

msedge.exe

Remote address:

172.67.197.234:443

Request

GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/2.0
host: google.onsimple.workers.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 24 Aug 2024 10:34:27 GMT
content-type: image/webp
content-length: 660
cf-ray: 8b82b0a41a5863bf-LHR
cf-cache-status: BYPASS
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=14400
expires: Sat, 24 Aug 2024 10:34:27 GMT
last-modified: Wed, 22 Apr 2020 22:00:00 GMT
vary: Accept-Encoding
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
cross-origin-resource-policy: cross-origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
x-content-type-options: nosniff
x-xss-protection: 0
server: cloudflare
POST

https://google.onsimple.workers.dev/gen_204?ei=M7fJZvHBH7CLhbIP9Om1-AI&vet=10ahUKEwixp7f9to2IAxWwRUEAHfR0DS8QhJAHCCA..s&bl=IRRk&s=webhp&gl=uk&pc=SEARCH_HOMEPAGE&isMobile=false

msedge.exe

Remote address:

172.67.197.234:443

Request

POST /gen_204?ei=M7fJZvHBH7CLhbIP9Om1-AI&vet=10ahUKEwixp7f9to2IAxWwRUEAHfR0DS8QhJAHCCA..s&bl=IRRk&s=webhp&gl=uk&pc=SEARCH_HOMEPAGE&isMobile=false HTTP/2.0
host: google.onsimple.workers.dev
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
content-type: text/plain;charset=UTF-8
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://google.onsimple.workers.dev
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Sat, 24 Aug 2024 10:34:28 GMT
content-type: text/html; charset=UTF-8
cf-ray: 8b82b0a57c6c63bf-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: public, max-age=14400
set-cookie: __Secure-ENID=21.SE=MO5contVV2OX0ihtRAcmY_WkMn4uejuerKAVxlTzJkOKNfrZHT3px8SVMD1pfNNm_VPvuo-EAFNFjmURySTY4MfbCGOiUnnkL4quHwpJkHnla8ebJhumf5v5t_uxYqY2arxhrwP5uPtNgdIYsjMekVWxVBbYs-gka0FPdcGCiNYqSra8ooPzYCaZtmUvlg; expires=Wed, 24-Sep-2025 02:52:46 GMT; path=/; domain=.google.com.hk; Secure; HttpOnly; SameSite=lax
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: unload=()
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
x-frame-options: SAMEORIGIN
x-xss-protection: 0
vary: Accept-Encoding
server: cloudflare
GET

https://google.onsimple.workers.dev/gen_204?atyp=i&ct=bxjs&cad=&b=0&ei=M7fJZvHBH7CLhbIP9Om1-AI&zx=1724495666793&opi=89978449

msedge.exe

Remote address:

172.67.197.234:443

Request

GET /gen_204?atyp=i&ct=bxjs&cad=&b=0&ei=M7fJZvHBH7CLhbIP9Om1-AI&zx=1724495666793&opi=89978449 HTTP/2.0
host: google.onsimple.workers.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Sat, 24 Aug 2024 10:34:28 GMT
content-type: text/html; charset=UTF-8
cf-ray: 8b82b0a5acb063bf-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: public, max-age=14400
set-cookie: __Secure-ENID=21.SE=imaIMlvj5eqXC6hcfspbd1bnZDsM6Qpxm9MX9NvHLVqh1rtQwPPcV0SWt3TOfiupfrr8JOeudPfNaaUUfcGRWWGYbErodEUua3y7vyUSXMBKWNM7-WNSLzEFtupmPQQgKv01TnC6gEwgCeL2AsZFhWEv2M741SIBcPzObd9gG9g1XQfBay0wfbB3OOvD; expires=Wed, 24-Sep-2025 02:52:46 GMT; path=/; domain=.google.com.hk; Secure; HttpOnly; SameSite=lax
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: unload=()
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
x-frame-options: SAMEORIGIN
x-xss-protection: 0
vary: Accept-Encoding
server: cloudflare
GET

https://google.onsimple.workers.dev/complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en-GB&authuser=0&psi=M7fJZvHBH7CLhbIP9Om1-AI.1724495667026&dpr=1&nolsbt=1

msedge.exe

Remote address:

172.67.197.234:443

Request

GET /complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en-GB&authuser=0&psi=M7fJZvHBH7CLhbIP9Om1-AI.1724495667026&dpr=1&nolsbt=1 HTTP/2.0
host: google.onsimple.workers.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 24 Aug 2024 10:34:28 GMT
content-type: application/json; charset=UTF-8
cf-ray: 8b82b0a6fe2663bf-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: public, max-age=14400
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
expires: Sat, 24 Aug 2024 10:34:28 GMT
accept-ch: Sec-CH-UA-Form-Factors
accept-ch: Sec-CH-UA-Platform
accept-ch: Sec-CH-UA-Platform-Version
accept-ch: Sec-CH-UA-Full-Version
accept-ch: Sec-CH-UA-Arch
accept-ch: Sec-CH-UA-Model
accept-ch: Sec-CH-UA-Bitness
accept-ch: Sec-CH-UA-Full-Version-List
accept-ch: Sec-CH-UA-WoW64
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
permissions-policy: unload=()
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/web"}]}
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
vary: Accept-Encoding
server: cloudflare
POST

https://google.onsimple.workers.dev/gen_204?s=webhp&t=aft&atyp=csi&ei=M7fJZvHBH7CLhbIP9Om1-AI&rt=wsrt.630,aft.699,afti.699,hst.74,prt.434&imn=12&ima=2&imad=0&imac=1&wh=609&aftie=0ahUKEwixp7f9to2IAxWwRUEAHfR0DS8QhJAHCCA&aft=1&aftp=609&opi=89978449

msedge.exe

Remote address:

172.67.197.234:443

Request

POST /gen_204?s=webhp&t=aft&atyp=csi&ei=M7fJZvHBH7CLhbIP9Om1-AI&rt=wsrt.630,aft.699,afti.699,hst.74,prt.434&imn=12&ima=2&imad=0&imac=1&wh=609&aftie=0ahUKEwixp7f9to2IAxWwRUEAHfR0DS8QhJAHCCA&aft=1&aftp=609&opi=89978449 HTTP/2.0
host: google.onsimple.workers.dev
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
content-type: text/plain;charset=UTF-8
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://google.onsimple.workers.dev
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Sat, 24 Aug 2024 10:34:28 GMT
content-type: text/html; charset=UTF-8
cf-ray: 8b82b0a74eb863bf-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: public, max-age=14400
set-cookie: __Secure-ENID=21.SE=I7GLw3plVyN56AEV141CCfNYB2nOdyqhAeNRNLTKSGCC03mZSQe5YJ3RcKdD8GqoQYCSpdoWBVXqDjD32DqdGzTciJEzDoOZw79puEzcdXW2HZp4zmS1znS2r7N6-sX6mGSM3tQwBy2K09HzoPE9qtZyWHyvK_HvaRJYJJvDBE_0FzUWdk_X0yGbWXzq; expires=Wed, 24-Sep-2025 02:52:46 GMT; path=/; domain=.google.com.hk; Secure; HttpOnly; SameSite=lax
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: unload=()
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
x-frame-options: SAMEORIGIN
x-xss-protection: 0
vary: Accept-Encoding
server: cloudflare
POST

https://google.onsimple.workers.dev/gen_204?atyp=csi&ei=M7fJZvHBH7CLhbIP9Om1-AI&s=webhp&t=all&imn=12&ima=2&imad=0&imac=1&wh=609&aftie=0ahUKEwixp7f9to2IAxWwRUEAHfR0DS8QhJAHCCA&aft=1&aftp=609&adh=&ime=2&imeae=0&imeap=0&imex=2&imeh=0&imeha=0&imehb=0&imea=0&imeb=0&imel=0&imed=0&imeeb=0&scp=0&cb=81345&ucb=275989&mem=ujhs.9,tjhs.11,jhsl.2173,dm.8&hp=&sys=hc.8&p=bs.true&rt=hst.74,prt.434,xjses.453,xjsee.586,xjs.586,dcl.640,afti.699,aftip.674,aft.699,lcp.371,fcp.371,aftqf.703,wsrt.630,cst.119,dnst.0,rqst.343,rspt.39,sslt.89,rqstt.326,unt.23,cstt.206,dit.1066&zx=1724495667097&opi=89978449

msedge.exe

Remote address:

172.67.197.234:443

Request

POST /gen_204?atyp=csi&ei=M7fJZvHBH7CLhbIP9Om1-AI&s=webhp&t=all&imn=12&ima=2&imad=0&imac=1&wh=609&aftie=0ahUKEwixp7f9to2IAxWwRUEAHfR0DS8QhJAHCCA&aft=1&aftp=609&adh=&ime=2&imeae=0&imeap=0&imex=2&imeh=0&imeha=0&imehb=0&imea=0&imeb=0&imel=0&imed=0&imeeb=0&scp=0&cb=81345&ucb=275989&mem=ujhs.9,tjhs.11,jhsl.2173,dm.8&hp=&sys=hc.8&p=bs.true&rt=hst.74,prt.434,xjses.453,xjsee.586,xjs.586,dcl.640,afti.699,aftip.674,aft.699,lcp.371,fcp.371,aftqf.703,wsrt.630,cst.119,dnst.0,rqst.343,rspt.39,sslt.89,rqstt.326,unt.23,cstt.206,dit.1066&zx=1724495667097&opi=89978449 HTTP/2.0
host: google.onsimple.workers.dev
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
content-type: text/plain;charset=UTF-8
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://google.onsimple.workers.dev
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Sat, 24 Aug 2024 10:34:28 GMT
content-type: text/html; charset=UTF-8
cf-ray: 8b82b0a75ec563bf-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: public, max-age=14400
set-cookie: __Secure-ENID=21.SE=Tz-Jsw1LNYWNZyVQ3hSFr-dacOK852FmZkkKT6-bTYFb2jnMOWBoma5evLXxawMV4Y8zGHd6a_Z9_BLqbwA4bWwcaKEIdMjSaaHG9klrEapWQxdBY9YIR9_NIdESzQysssiC4RCYjuuxfxHqTTTUkaiPsg6-MS9aPl-CwsMFLXaLcQuTnAN-xhheJPGZRQ; expires=Wed, 24-Sep-2025 02:52:46 GMT; path=/; domain=.google.com.hk; Secure; HttpOnly; SameSite=lax
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: unload=()
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
x-frame-options: SAMEORIGIN
x-xss-protection: 0
vary: Accept-Encoding
server: cloudflare
GET

https://google.onsimple.workers.dev/xjs/_/js/md=2/k=xjs.hd.en.rGUuk8I9qQM.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAhAAFAACAAgAAAAAAAAAAAAAAAAQIAQBAAQAAAgA4AICCABAAQEAAACBAEIBH2QAAAsAEACAAAEAAAASAAAAQAAAABgAAQBAAAAAAQAEAAAAAAAAAAAAAAADAAAIIAAAAAAAAAAAAAAQAAAAAHQAAAAAABAAABAQAwAAZQAAAIAAAAAA9AAgegIMUFgAAAAAAAAAAAAAACGCCYC4koCAAAgAAAAAAAAAAAAAAACAlTVzY/rs=ACT90oGj4dHIv49zE7dPtZ8QAIVFFYi7zA

msedge.exe

Remote address:

172.67.197.234:443

Request

GET /xjs/_/js/md=2/k=xjs.hd.en.rGUuk8I9qQM.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAhAAFAACAAgAAAAAAAAAAAAAAAAQIAQBAAQAAAgA4AICCABAAQEAAACBAEIBH2QAAAsAEACAAAEAAAASAAAAQAAAABgAAQBAAAAAAQAEAAAAAAAAAAAAAAADAAAIIAAAAAAAAAAAAAAQAAAAAHQAAAAAABAAABAQAwAAZQAAAIAAAAAA9AAgegIMUFgAAAAAAAAAAAAAACGCCYC4koCAAAgAAAAAAAAAAAAAAACAlTVzY/rs=ACT90oGj4dHIv49zE7dPtZ8QAIVFFYi7zA HTTP/2.0
host: google.onsimple.workers.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 24 Aug 2024 10:34:28 GMT
content-type: text/javascript; charset=UTF-8
content-length: 1404
cf-ray: 8b82b0a78f1163bf-LHR
cf-cache-status: DYNAMIC
accept-ranges: bytes
access-control-allow-origin: *
age: 16827
cache-control: public, max-age=14400
content-encoding: gzip
expires: Sun, 24 Aug 2025 05:54:01 GMT
last-modified: Fri, 23 Aug 2024 23:34:05 GMT
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin; report-to="gws-team"
cross-origin-resource-policy: cross-origin
report-to: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]}
x-content-type-options: nosniff
x-xss-protection: 0
server: cloudflare
GET

https://google.onsimple.workers.dev/xjs/_/js/k=xjs.hd.en.rGUuk8I9qQM.O/ck=xjs.hd.5quDWl5YgmQ.L.W.O/am=AFEAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAEAAACAAAAAAAApAANSACAAgA2ACAAAAAAAgAIAAQIAQBAAQAAAwQ4AICCAFAAQEQABCBIEIBH2QAQAsIEEKAAIVCABASAIAoRAAAABgAAQhAYYBiAUAHAKEAAAAAAgIAIAADAAGoMIEAAgDwCAeAAIEYAAAgBHYAAAAgAFAACBBQQwAAZQAAAIAAAAAA9AAgegIMUFgAAAAAAAAAAAAAACGCCYC4koCAAAgAAAAAAAAAAAAAAACAlTVzY/d=0/dg=0/ujg=1/rs=ACT90oEKbk5zDyz9VO__fdLlZ4ZetSHqXA/m=sb_wiz,aa,abd,sytv,sytu,sytp,syfz,sytt,sytf,sy103,syz9,sytk,syz8,sytq,syts,syto,syu9,sytd,syua,syub,syu2,syu6,sytl,syu0,syu3,syu4,sytx,syty,sytg,syth,sys6,syrw,syru,syrt,sytj,syz7,syui,syuj,syuh,async,ifl,pHXghd,sf,sy1c5,sy1c8,sy4du,sonic,TxCJfd,sy4dy,qzxzOb,IsdWVc,sy4e0,sy1gu,sy1d6,sy1d2,syrs,syrq,syrr,syrp,syro,sy4cf,sy4ci,sy2ib,sy18s,sy18u,sy13o,sy13p,syrl,syrj,syfd,sybx,syc0,sybv,sybz,syby,sycr,spch,MpJwZc,UUJqVe,sy7n,sOXFj,sy7m,s39S4,oGtAuc,NTMZac,nAFL3,sy8f,sy8e,q0xTif,y05UD,syxy,sy1de,sy1du,sy1dm,sy174,syvr,syy0,sy7u,syxz,syxx,syxw,syxv,syy1,sya9,syb5,sy1dl,sy1dv,sy14a,sy1dt,sy144,sy1dn,sy16w,sy1da,sy171,sy1dk,sy1df,sy1db,sy172,sy173,sy1do,sy13r,sy1dj,sy1di,sy1dg,syk2,sy1dh,sy1dq,sy1d4,sy1dc,sy1d3,sy1d9,sy1d5,sy17z,sy1dd,sy1cz,sy176,sy177,syy3,syy4,epYOx,sys9,sys8,rtH1bd,sy1ec,sy19u,sy18j,sygb,sy1eb,sy13w,sy1ea,sy18k,sygd,sy1ed,SMquOb,sy8h,sygj,sygh,sygi,sygk,sygg,sygr,sygp,sygn,sygf,syco,sycj,sycm,syam,syae,syb8,syal,syak,sya7,syb3,syaj,syas,sy9u,sy9t,syck,syc2,syc3,syc9,syaq,sybb,syc8,syc1,sybu,sybt,syah,syao,syc4,sybp,sybm,sybl,sybn,syag,syb9,sybg,sybe,sybi,sybf,sybh,syaa,syab,syb6,syct,syd8,sycu,syd9,syac,syb7,sya8,syb4,syar,syad,sycs,sych,sycd,syce,sy9x,sya1,sy9y,sya2,sy9z,sy9r,sy9o,sy9q,sya6,syc5,syg5,syge,syga,syg8,sy80,sy7x,sy7z,syg7,sygc,syg6,syg4,syg1,syg0,sy83,uxMpU,syfv,syd3,syd1,sycv,syda,sycx,sycw,sybj,sycz,sycq,sy90,sy8z,sy8y,Mlhmy,QGR0gd,aurFic,sy99,fKUV3e,OTA3Ae,sy8i,OmgaI,EEDORb,PoEs9b,Pjplud,sy8v,sy8o,COQbmf,uY49fb,sy7s,sy7t,sy7r,sy7q,byfTOb,lsjVmc,LEikZe,kWgXee,U0aPgd,ovKuLd,sgY6Zb,io8t5d,KG2eXe,Oj465e,sy1eh,sy1ee,syyo,syt0,d5EhJe,sy1ey,fCxEDd,syvs,sy1ex,sy1ew,sy1ev,sy1er,sy1ep,sy1el,sy1en,sy1em,sy1eq,sy1br,sy1bk,sy191,sy19b,T1HOxc,sy1eo,sy1ek,zx30Y,sy1ez,sy1et,sy1a6,Wo3n8,syuu,loL8vb,syuy,syux,syuw,ms4mZb,syqj,B2qlPe,syv5,NzU6V,sy10f,syvl,zGLm3b,syx0,syx1,syws,DhPYme?xjs=s3

msedge.exe

Remote address:

172.67.197.234:443

Request

GET /xjs/_/js/k=xjs.hd.en.rGUuk8I9qQM.O/ck=xjs.hd.5quDWl5YgmQ.L.W.O/am=AFEAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAEAAACAAAAAAAApAANSACAAgA2ACAAAAAAAgAIAAQIAQBAAQAAAwQ4AICCAFAAQEQABCBIEIBH2QAQAsIEEKAAIVCABASAIAoRAAAABgAAQhAYYBiAUAHAKEAAAAAAgIAIAADAAGoMIEAAgDwCAeAAIEYAAAgBHYAAAAgAFAACBBQQwAAZQAAAIAAAAAA9AAgegIMUFgAAAAAAAAAAAAAACGCCYC4koCAAAgAAAAAAAAAAAAAAACAlTVzY/d=0/dg=0/ujg=1/rs=ACT90oEKbk5zDyz9VO__fdLlZ4ZetSHqXA/m=sb_wiz,aa,abd,sytv,sytu,sytp,syfz,sytt,sytf,sy103,syz9,sytk,syz8,sytq,syts,syto,syu9,sytd,syua,syub,syu2,syu6,sytl,syu0,syu3,syu4,sytx,syty,sytg,syth,sys6,syrw,syru,syrt,sytj,syz7,syui,syuj,syuh,async,ifl,pHXghd,sf,sy1c5,sy1c8,sy4du,sonic,TxCJfd,sy4dy,qzxzOb,IsdWVc,sy4e0,sy1gu,sy1d6,sy1d2,syrs,syrq,syrr,syrp,syro,sy4cf,sy4ci,sy2ib,sy18s,sy18u,sy13o,sy13p,syrl,syrj,syfd,sybx,syc0,sybv,sybz,syby,sycr,spch,MpJwZc,UUJqVe,sy7n,sOXFj,sy7m,s39S4,oGtAuc,NTMZac,nAFL3,sy8f,sy8e,q0xTif,y05UD,syxy,sy1de,sy1du,sy1dm,sy174,syvr,syy0,sy7u,syxz,syxx,syxw,syxv,syy1,sya9,syb5,sy1dl,sy1dv,sy14a,sy1dt,sy144,sy1dn,sy16w,sy1da,sy171,sy1dk,sy1df,sy1db,sy172,sy173,sy1do,sy13r,sy1dj,sy1di,sy1dg,syk2,sy1dh,sy1dq,sy1d4,sy1dc,sy1d3,sy1d9,sy1d5,sy17z,sy1dd,sy1cz,sy176,sy177,syy3,syy4,epYOx,sys9,sys8,rtH1bd,sy1ec,sy19u,sy18j,sygb,sy1eb,sy13w,sy1ea,sy18k,sygd,sy1ed,SMquOb,sy8h,sygj,sygh,sygi,sygk,sygg,sygr,sygp,sygn,sygf,syco,sycj,sycm,syam,syae,syb8,syal,syak,sya7,syb3,syaj,syas,sy9u,sy9t,syck,syc2,syc3,syc9,syaq,sybb,syc8,syc1,sybu,sybt,syah,syao,syc4,sybp,sybm,sybl,sybn,syag,syb9,sybg,sybe,sybi,sybf,sybh,syaa,syab,syb6,syct,syd8,sycu,syd9,syac,syb7,sya8,syb4,syar,syad,sycs,sych,sycd,syce,sy9x,sya1,sy9y,sya2,sy9z,sy9r,sy9o,sy9q,sya6,syc5,syg5,syge,syga,syg8,sy80,sy7x,sy7z,syg7,sygc,syg6,syg4,syg1,syg0,sy83,uxMpU,syfv,syd3,syd1,sycv,syda,sycx,sycw,sybj,sycz,sycq,sy90,sy8z,sy8y,Mlhmy,QGR0gd,aurFic,sy99,fKUV3e,OTA3Ae,sy8i,OmgaI,EEDORb,PoEs9b,Pjplud,sy8v,sy8o,COQbmf,uY49fb,sy7s,sy7t,sy7r,sy7q,byfTOb,lsjVmc,LEikZe,kWgXee,U0aPgd,ovKuLd,sgY6Zb,io8t5d,KG2eXe,Oj465e,sy1eh,sy1ee,syyo,syt0,d5EhJe,sy1ey,fCxEDd,syvs,sy1ex,sy1ew,sy1ev,sy1er,sy1ep,sy1el,sy1en,sy1em,sy1eq,sy1br,sy1bk,sy191,sy19b,T1HOxc,sy1eo,sy1ek,zx30Y,sy1ez,sy1et,sy1a6,Wo3n8,syuu,loL8vb,syuy,syux,syuw,ms4mZb,syqj,B2qlPe,syv5,NzU6V,sy10f,syvl,zGLm3b,syx0,syx1,syws,DhPYme?xjs=s3 HTTP/2.0
host: google.onsimple.workers.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Sat, 24 Aug 2024 10:34:28 GMT
content-type: text/html; charset=UTF-8
cf-ray: 8b82b0a78f1c63bf-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: public, max-age=14400
set-cookie: __Secure-ENID=21.SE=ZU06-q8hTnmjRjLbAe5_RGiM5HuZ7OncFJMUTWDysoxIxLXODmU2SVH0gREcboahMnzeJu3HROs4RQfn-tSSyNT4ggUC_8tykYSsdwfNVJSCQqPFrbHAA02bZtfL9c-pIX-T8g9ANPuGtlWa36vR9aH--D1m1AvkJvyhrKYu84ad0ZxToSr0tpkRYy_XtQ; expires=Wed, 24-Sep-2025 02:52:46 GMT; path=/; domain=.google.com.hk; Secure; HttpOnly; SameSite=lax
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: unload=()
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
x-frame-options: SAMEORIGIN
x-xss-protection: 0
vary: Accept-Encoding
server: cloudflare
POST

https://google.onsimple.workers.dev/gen_204?atyp=csi&ei=M7fJZvHBH7CLhbIP9Om1-AI&s=webhp&nt=navigate&t=fi&st=1123&fid=150&zx=1724495667123&opi=89978449

msedge.exe

Remote address:

172.67.197.234:443

Request

POST /gen_204?atyp=csi&ei=M7fJZvHBH7CLhbIP9Om1-AI&s=webhp&nt=navigate&t=fi&st=1123&fid=150&zx=1724495667123&opi=89978449 HTTP/2.0
host: google.onsimple.workers.dev
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
content-type: text/plain;charset=UTF-8
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://google.onsimple.workers.dev
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Sat, 24 Aug 2024 10:34:28 GMT
content-type: text/html; charset=UTF-8
cf-ray: 8b82b0a78f2263bf-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: public, max-age=14400
set-cookie: __Secure-ENID=21.SE=1_IfQNLfyFRa2ZaUXt1KLAQvM_D-t8aYw0jkh36Wvc1i1C4spwHWCYAjS027vyJFgUsEb9elu5p49z1BjkCoWiMCX6WlrVVH1vEQKPv4wNZXnO4BI5Wnk48YF8jVisP4TT3CJVm555dnLe5EeYc4G_k1W8oIlx2PWoeVkikUBForrIlNw09zdQtTNiJXYQ; expires=Wed, 24-Sep-2025 02:52:46 GMT; path=/; domain=.google.com.hk; Secure; HttpOnly; SameSite=lax
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: unload=()
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/web"}]}
x-frame-options: SAMEORIGIN
x-xss-protection: 0
vary: Accept-Encoding
server: cloudflare
GET

https://google.onsimple.workers.dev/client_204?atyp=i&biw=1280&bih=609&ei=M7fJZvHBH7CLhbIP9Om1-AI&opi=89978449

msedge.exe

Remote address:

172.67.197.234:443

Request

GET /client_204?atyp=i&biw=1280&bih=609&ei=M7fJZvHBH7CLhbIP9Om1-AI&opi=89978449 HTTP/2.0
host: google.onsimple.workers.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 24 Aug 2024 10:34:28 GMT
content-type: text/javascript; charset=UTF-8
content-length: 162028
cf-ray: 8b82b0a78f1363bf-LHR
cf-cache-status: DYNAMIC
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=14400
content-encoding: gzip
expires: Sun, 24 Aug 2025 10:34:28 GMT
last-modified: Fri, 23 Aug 2024 22:21:07 GMT
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin; report-to="gws-team"
cross-origin-resource-policy: cross-origin
report-to: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]}
x-content-type-options: nosniff
x-xss-protection: 0
server: cloudflare
GET

https://google.onsimple.workers.dev/xjs/_/ss/k=xjs.hd.5quDWl5YgmQ.L.W.O/am=AFEAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAEAAACAAAAAAAAoAAISACAAAA2ACAAAAAAAgAIAAAAAABAAQAAAQQwAAAAAEAAAEQABAAIEAAAQAAQAgIAEKAAIVCABASAIAoBAAAABgAAQhAYYBiAUAHAKEAAAAAAgIAIAAAAAGoEIEAAgDwCAeAAIEYAAAgBHYAAAAgAEAACABAQwAAZQAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAACCAACAAoAAAAAAAAAAAAAAAAAAAAAAE/d=0/rs=ACT90oG-2fg6zs6V71LA_-psr1SHaaoDmA/m=syjw,syl1?xjs=s4

msedge.exe

Remote address:

172.67.197.234:443

Request

GET /xjs/_/ss/k=xjs.hd.5quDWl5YgmQ.L.W.O/am=AFEAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAEAAACAAAAAAAAoAAISACAAAA2ACAAAAAAAgAIAAAAAABAAQAAAQQwAAAAAEAAAEQABAAIEAAAQAAQAgIAEKAAIVCABASAIAoBAAAABgAAQhAYYBiAUAHAKEAAAAAAgIAIAAAAAGoEIEAAgDwCAeAAIEYAAAgBHYAAAAgAEAACABAQwAAZQAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAACCAACAAoAAAAAAAAAAAAAAAAAAAAAAE/d=0/rs=ACT90oG-2fg6zs6V71LA_-psr1SHaaoDmA/m=syjw,syl1?xjs=s4 HTTP/2.0
host: google.onsimple.workers.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 24 Aug 2024 10:34:28 GMT
content-type: text/css; charset=UTF-8
content-length: 784
cf-ray: 8b82b0a979dd63bf-LHR
cf-cache-status: DYNAMIC
accept-ranges: bytes
access-control-allow-origin: *
age: 7487
cache-control: public, max-age=14400
content-encoding: gzip
expires: Sun, 24 Aug 2025 08:29:41 GMT
last-modified: Fri, 23 Aug 2024 22:21:07 GMT
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin; report-to="gws-team"
cross-origin-resource-policy: cross-origin
report-to: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]}
x-content-type-options: nosniff
x-xss-protection: 0
server: cloudflare
GET

https://google.onsimple.workers.dev/xjs/_/js/k=xjs.hd.en.rGUuk8I9qQM.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAhAAFAACAAgAAAAAAAAAAAAAAAAQIAQBAAQAAAgA4AICCABAAQEAAACBAEIBH2QAAAsAEACAAAEAAAASAAAAQAAAABgAAQBAAAAAAQAEAAAAAAAAAAAAAAADAAAIIAAAAAAAAAAAAAAQAAAAAHQAAAAAABAAABAQAwAAZQAAAIAAAAAA9AAgegIMUFgAAAAAAAAAAAAAACGCCYC4koCAAAgAAAAAAAAAAAAAAACAlTVzY/d=0/dg=0/rs=ACT90oGj4dHIv49zE7dPtZ8QAIVFFYi7zA/m=sy1g2,P10Owf,sy1eu,sy1es,syrb,gSZvdb,syzy,syzx,WlNQGd,syrg,syrd,syrc,syra,DPreE,sy10a,sy108,nabPbb,syzs,syzq,syjw,syl1,CnSW2d,kQvlef,sy109,fXO0xe?xjs=s4

msedge.exe

Remote address:

172.67.197.234:443

Request

GET /xjs/_/js/k=xjs.hd.en.rGUuk8I9qQM.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAhAAFAACAAgAAAAAAAAAAAAAAAAQIAQBAAQAAAgA4AICCABAAQEAAACBAEIBH2QAAAsAEACAAAEAAAASAAAAQAAAABgAAQBAAAAAAQAEAAAAAAAAAAAAAAADAAAIIAAAAAAAAAAAAAAQAAAAAHQAAAAAABAAABAQAwAAZQAAAIAAAAAA9AAgegIMUFgAAAAAAAAAAAAAACGCCYC4koCAAAgAAAAAAAAAAAAAAACAlTVzY/d=0/dg=0/rs=ACT90oGj4dHIv49zE7dPtZ8QAIVFFYi7zA/m=sy1g2,P10Owf,sy1eu,sy1es,syrb,gSZvdb,syzy,syzx,WlNQGd,syrg,syrd,syrc,syra,DPreE,sy10a,sy108,nabPbb,syzs,syzq,syjw,syl1,CnSW2d,kQvlef,sy109,fXO0xe?xjs=s4 HTTP/2.0
host: google.onsimple.workers.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 24 Aug 2024 10:34:28 GMT
content-type: text/javascript; charset=UTF-8
content-length: 8238
cf-ray: 8b82b0a979e063bf-LHR
cf-cache-status: DYNAMIC
accept-ranges: bytes
access-control-allow-origin: *
age: 16827
cache-control: public, max-age=14400
content-encoding: gzip
expires: Sun, 24 Aug 2025 05:54:01 GMT
last-modified: Fri, 23 Aug 2024 23:34:05 GMT
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin; report-to="gws-team"
cross-origin-resource-policy: cross-origin
report-to: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]}
x-content-type-options: nosniff
x-xss-protection: 0
server: cloudflare
POST

https://google.onsimple.workers.dev/gen_204?atyp=csi&ei=M7fJZvHBH7CLhbIP9Om1-AI&s=promo&rt=hpbas.1055&zx=1724495667447&opi=89978449

msedge.exe

Remote address:

172.67.197.234:443

Request

POST /gen_204?atyp=csi&ei=M7fJZvHBH7CLhbIP9Om1-AI&s=promo&rt=hpbas.1055&zx=1724495667447&opi=89978449 HTTP/2.0
host: google.onsimple.workers.dev
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
content-type: text/plain;charset=UTF-8
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://google.onsimple.workers.dev
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Sat, 24 Aug 2024 10:34:28 GMT
content-type: text/html; charset=UTF-8
cf-ray: 8b82b0a999f863bf-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: public, max-age=14400
set-cookie: __Secure-ENID=21.SE=jnqGi6Y68Bw1sTHxRtAcZA2X5AvBnXlT6VbDLJnoKEK6-U_hBY-oO9h6lT15HNE9tvJM_K42gPUUZoegLgEJ1Ls-pHpZZMfXdKJY3V7ZbOoTmZfa6P-adxVVks_9a5OG27gEq4ed7VTmP4pr5K6O87EbRsyXhF3WHG_2j7jwpxwDpWcTbzLX0CcGOBkOuL8HL5ufoNk; expires=Wed, 24-Sep-2025 02:52:46 GMT; path=/; domain=.google.com.hk; Secure; HttpOnly; SameSite=lax
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: unload=()
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/web"}]}
x-frame-options: SAMEORIGIN
x-xss-protection: 0
vary: Accept-Encoding
server: cloudflare
POST

https://google.onsimple.workers.dev/gen_204?atyp=i&ei=M7fJZvHBH7CLhbIP9Om1-AI&dt19=2&prm23=0&zx=1724495667458&opi=89978449

msedge.exe

Remote address:

172.67.197.234:443

Request

POST /gen_204?atyp=i&ei=M7fJZvHBH7CLhbIP9Om1-AI&dt19=2&prm23=0&zx=1724495667458&opi=89978449 HTTP/2.0
host: google.onsimple.workers.dev
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
content-type: text/plain;charset=UTF-8
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://google.onsimple.workers.dev
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Sat, 24 Aug 2024 10:34:28 GMT
content-type: text/html; charset=UTF-8
cf-ray: 8b82b0a989ec63bf-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: public, max-age=14400
set-cookie: __Secure-ENID=21.SE=fMeZODl9JAYeTlwVRt5dClKjejiNzki_eDEmLxdxb8F6sQJct1D30Bnpxw511VkxPkgajESC0DkUk3MDCgqznnRKSd93S_tQ-gjjuX6ZZn-gfB--9D_9DNUokj_0xK1K8PY4QTLX_gAUM3a7zlYJLTSQPHglzgcAJNXO0TjFBtgIY3rSpA1kTg_fpwqk; expires=Wed, 24-Sep-2025 02:52:46 GMT; path=/; domain=.google.com.hk; Secure; HttpOnly; SameSite=lax
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: unload=()
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
x-frame-options: SAMEORIGIN
x-xss-protection: 0
vary: Accept-Encoding
server: cloudflare
GET

https://google.onsimple.workers.dev/client_204?cs=1&opi=89978449

msedge.exe

Remote address:

172.67.197.234:443

Request

GET /client_204?cs=1&opi=89978449 HTTP/2.0
host: google.onsimple.workers.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Sat, 24 Aug 2024 10:34:28 GMT
content-type: text/html; charset=UTF-8
cf-ray: 8b82b0a999f763bf-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: public, max-age=14400
set-cookie: __Secure-ENID=21.SE=wwH87k1lRBNkVO55THSHnpH0U9gxvI3l6aqllIf0iG6pPXR1nWV0EZFhngdLSFZ2Ng2K0ho-gFqoTevRjKsJuoEQYk4kJLrwAVKBeqkYkoUUJcu6rtrKlY_5gljtLxQ4GHqnD2o4hW2E0imErD81p3w3ye1M60t2YFSK24sviK2YFYglD4wD6B4IwlFBHw; expires=Wed, 24-Sep-2025 02:52:46 GMT; path=/; domain=.google.com.hk; Secure; HttpOnly; SameSite=lax
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: unload=()
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
x-frame-options: SAMEORIGIN
x-xss-protection: 0
vary: Accept-Encoding
server: cloudflare
GET

https://google.onsimple.workers.dev/async/hpba?vet=10ahUKEwixp7f9to2IAxWwRUEAHfR0DS8Qj-0KCBU..i&ei=M7fJZvHBH7CLhbIP9Om1-AI&opi=89978449&yv=3&sp_imghp=false&sp_hpep=1&stick=&cs=0&async=_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.rGUuk8I9qQM.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAhAAFAACAAgAAAAAAAAAAAAAAAAQIAQBAAQAAAgA4AICCABAAQEAAACBAEIBH2QAAAsAEACAAAEAAAASAAAAQAAAABgAAQBAAAAAAQAEAAAAAAAAAAAAAAADAAAIIAAAAAAAAAAAAAAQAAAAAHQAAAAAABAAABAQAwAAZQAAAIAAAAAA9AAgegIMUFgAAAAAAAAAAAAAACGCCYC4koCAAAgAAAAAAAAAAAAAAACAlTVzY%2Fdg%3D0%2Frs%3DACT90oGj4dHIv49zE7dPtZ8QAIVFFYi7zA,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.5quDWl5YgmQ.L.W.O%2Fam%3DAFEAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAEAAACAAAAAAAAoAAISACAAAA2ACAAAAAAAgAIAAAAAABAAQAAAQQwAAAAAEAAAEQABAAIEAAAQAAQAgIAEKAAIVCABASAIAoBAAAABgAAQhAYYBiAUAHAKEAAAAAAgIAIAAAAAGoEIEAAgDwCAeAAIEYAAAgBHYAAAAgAEAACABAQwAAZQAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAACCAACAAoAAAAAAAAAAAAAAAAAAAAAAE%2Frs%3DACT90oG-2fg6zs6V71LA_-psr1SHaaoDmA,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.rGUuk8I9qQM.O%2Fck%3Dxjs.hd.5quDWl5YgmQ.L.W.O%2Fam%3DAFEAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAEAAACAAAAAAAApAANSACAAgA2ACAAAAAAAgAIAAQIAQBAAQAAAwQ4AICCAFAAQEQABCBIEIBH2QAQAsIEEKAAIVCABASAIAoRAAAABgAAQhAYYBiAUAHAKEAAAAAAgIAIAADAAGoMIEAAgDwCAeAAIEYAAAgBHYAAAAgAFAACBBQQwAAZQAAAIAAAAAA9AAgegIMUFgAAAAAAAAAAAAAACGCCYC4koCAAAgAAAAAAAAAAAAAAACAlTVzY%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fujg%3D1%2Frs%3DACT90oEKbk5zDyz9VO__fdLlZ4ZetSHqXA,_fmt:prog,_id:_M7fJZvHBH7CLhbIP9Om1-AI_8

msedge.exe

Remote address:

172.67.197.234:443

Request

GET /async/hpba?vet=10ahUKEwixp7f9to2IAxWwRUEAHfR0DS8Qj-0KCBU..i&ei=M7fJZvHBH7CLhbIP9Om1-AI&opi=89978449&yv=3&sp_imghp=false&sp_hpep=1&stick=&cs=0&async=_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.rGUuk8I9qQM.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAhAAFAACAAgAAAAAAAAAAAAAAAAQIAQBAAQAAAgA4AICCABAAQEAAACBAEIBH2QAAAsAEACAAAEAAAASAAAAQAAAABgAAQBAAAAAAQAEAAAAAAAAAAAAAAADAAAIIAAAAAAAAAAAAAAQAAAAAHQAAAAAABAAABAQAwAAZQAAAIAAAAAA9AAgegIMUFgAAAAAAAAAAAAAACGCCYC4koCAAAgAAAAAAAAAAAAAAACAlTVzY%2Fdg%3D0%2Frs%3DACT90oGj4dHIv49zE7dPtZ8QAIVFFYi7zA,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.5quDWl5YgmQ.L.W.O%2Fam%3DAFEAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAEAAACAAAAAAAAoAAISACAAAA2ACAAAAAAAgAIAAAAAABAAQAAAQQwAAAAAEAAAEQABAAIEAAAQAAQAgIAEKAAIVCABASAIAoBAAAABgAAQhAYYBiAUAHAKEAAAAAAgIAIAAAAAGoEIEAAgDwCAeAAIEYAAAgBHYAAAAgAEAACABAQwAAZQAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAACCAACAAoAAAAAAAAAAAAAAAAAAAAAAE%2Frs%3DACT90oG-2fg6zs6V71LA_-psr1SHaaoDmA,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.rGUuk8I9qQM.O%2Fck%3Dxjs.hd.5quDWl5YgmQ.L.W.O%2Fam%3DAFEAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAEAAACAAAAAAAApAANSACAAgA2ACAAAAAAAgAIAAQIAQBAAQAAAwQ4AICCAFAAQEQABCBIEIBH2QAQAsIEEKAAIVCABASAIAoRAAAABgAAQhAYYBiAUAHAKEAAAAAAgIAIAADAAGoMIEAAgDwCAeAAIEYAAAgBHYAAAAgAFAACBBQQwAAZQAAAIAAAAAA9AAgegIMUFgAAAAAAAAAAAAAACGCCYC4koCAAAgAAAAAAAAAAAAAAACAlTVzY%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fujg%3D1%2Frs%3DACT90oEKbk5zDyz9VO__fdLlZ4ZetSHqXA,_fmt:prog,_id:_M7fJZvHBH7CLhbIP9Om1-AI_8 HTTP/2.0
host: google.onsimple.workers.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 24 Aug 2024 10:34:28 GMT
content-type: text/plain; charset=UTF-8
cf-ray: 8b82b0a9ba1363bf-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: public, max-age=14400
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
expires: Sat, 24 Aug 2024 10:34:28 GMT
set-cookie: __Secure-ENID=21.SE=G4U5YFHWh4eTokV9-YMNR9TgX4x20W-CjdIZuxJ2dd6npwaK96b3fJrCrV3ZJ0UiUK-QOrwMzZrbbCjeViBo9VQg2Ou4emsbv3Vn1ZhtaEbUS2Nkmp6AooeIwydQmD20wkoW8YlXpGw_AxNRlHdaajifCuw2iI7vSZK7Q7B0SEGFwBWMOrbrNB9nhSqx; expires=Wed, 24-Sep-2025 02:52:46 GMT; path=/; domain=.google.com.hk; Secure; HttpOnly; SameSite=lax
accept-ch: Sec-CH-UA-Platform
accept-ch: Sec-CH-UA-Platform-Version
accept-ch: Sec-CH-UA-Full-Version
accept-ch: Sec-CH-UA-Arch
accept-ch: Sec-CH-UA-Model
accept-ch: Sec-CH-UA-Bitness
accept-ch: Sec-CH-UA-Full-Version-List
accept-ch: Sec-CH-UA-WoW64
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: unload=()
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
version: 666218662
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
vary: Accept-Encoding
server: cloudflare
GET

https://google.onsimple.workers.dev/xjs/_/js/k=xjs.hd.en.rGUuk8I9qQM.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAhAAFAACAAgAAAAAAAAAAAAAAAAQIAQBAAQAAAgA4AICCABAAQEAAACBAEIBH2QAAAsAEACAAAEAAAASAAAAQAAAABgAAQBAAAAAAQAEAAAAAAAAAAAAAAADAAAIIAAAAAAAAAAAAAAQAAAAAHQAAAAAABAAABAQAwAAZQAAAIAAAAAA9AAgegIMUFgAAAAAAAAAAAAAACGCCYC4koCAAAgAAAAAAAAAAAAAAACAlTVzY/d=0/dg=0/rs=ACT90oGj4dHIv49zE7dPtZ8QAIVFFYi7zA/m=syfy,aLUfP?xjs=s4

msedge.exe

Remote address:

172.67.197.234:443

Request

GET /xjs/_/js/k=xjs.hd.en.rGUuk8I9qQM.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAhAAFAACAAgAAAAAAAAAAAAAAAAQIAQBAAQAAAgA4AICCABAAQEAAACBAEIBH2QAAAsAEACAAAEAAAASAAAAQAAAABgAAQBAAAAAAQAEAAAAAAAAAAAAAAADAAAIIAAAAAAAAAAAAAAQAAAAAHQAAAAAABAAABAQAwAAZQAAAIAAAAAA9AAgegIMUFgAAAAAAAAAAAAAACGCCYC4koCAAAgAAAAAAAAAAAAAAACAlTVzY/d=0/dg=0/rs=ACT90oGj4dHIv49zE7dPtZ8QAIVFFYi7zA/m=syfy,aLUfP?xjs=s4 HTTP/2.0
host: google.onsimple.workers.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 24 Aug 2024 10:34:28 GMT
content-type: text/javascript; charset=UTF-8
content-length: 696
cf-ray: 8b82b0aa0a4e63bf-LHR
cf-cache-status: DYNAMIC
accept-ranges: bytes
access-control-allow-origin: *
age: 16826
cache-control: public, max-age=14400
content-encoding: gzip
expires: Sun, 24 Aug 2025 05:54:02 GMT
last-modified: Fri, 23 Aug 2024 23:34:05 GMT
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin; report-to="gws-team"
cross-origin-resource-policy: cross-origin
report-to: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]}
x-content-type-options: nosniff
x-xss-protection: 0
server: cloudflare
POST

https://google.onsimple.workers.dev/gen_204?atyp=csi&ei=NLfJZuLqMMGji-gPzKeWKQ&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.9,tjhs.11,jhsl.2173,dm.8&hp=&rt=ttfb.139,st.140,bs.27,aaft.142,acrt.144,art.144&zx=1724495667594&opi=89978449

msedge.exe

Remote address:

172.67.197.234:443

Request

POST /gen_204?atyp=csi&ei=NLfJZuLqMMGji-gPzKeWKQ&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.9,tjhs.11,jhsl.2173,dm.8&hp=&rt=ttfb.139,st.140,bs.27,aaft.142,acrt.144,art.144&zx=1724495667594&opi=89978449 HTTP/2.0
host: google.onsimple.workers.dev
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
content-type: text/plain;charset=UTF-8
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://google.onsimple.workers.dev
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Sat, 24 Aug 2024 10:34:28 GMT
content-type: text/html; charset=UTF-8
cf-ray: 8b82b0aa7ad763bf-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: public, max-age=14400
set-cookie: __Secure-ENID=21.SE=b3eCTA62l4dJbugJjcNRh7HLOe59NSCNo6f774rBmzQ8CXPHXnUkbnxkR6OP7XW94l83kWwUT0CyOU2Wy_lU27U12XPix8SwhOhIWWStL108HwVsuvDmi3tfeyGMpRT0Ln_biaYO_2LfcK4sKtW5ZNvtfoX87ifmHDvS4934DV47avjdCd_hP4Txx7sQ; expires=Wed, 24-Sep-2025 02:52:46 GMT; path=/; domain=.google.com.hk; Secure; HttpOnly; SameSite=lax
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: unload=()
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
x-frame-options: SAMEORIGIN
x-xss-protection: 0
vary: Accept-Encoding
server: cloudflare
POST

https://google.onsimple.workers.dev/gen_204?atyp=csi&ei=M7fJZvHBH7CLhbIP9Om1-AI&s=promo&rt=hpbas.1055,hpbarr.149&zx=1724495667596&opi=89978449

msedge.exe

Remote address:

172.67.197.234:443

Request

POST /gen_204?atyp=csi&ei=M7fJZvHBH7CLhbIP9Om1-AI&s=promo&rt=hpbas.1055,hpbarr.149&zx=1724495667596&opi=89978449 HTTP/2.0
host: google.onsimple.workers.dev
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
content-type: text/plain;charset=UTF-8
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://google.onsimple.workers.dev
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 24 Aug 2024 10:34:28 GMT
content-type: text/javascript; charset=UTF-8
content-length: 821
cf-ray: 8b82b0aa8aeb63bf-LHR
cf-cache-status: DYNAMIC
accept-ranges: bytes
access-control-allow-origin: *
age: 16826
cache-control: public, max-age=14400
content-encoding: gzip
expires: Sun, 24 Aug 2025 05:54:02 GMT
last-modified: Fri, 23 Aug 2024 23:34:05 GMT
vary: Accept-Encoding, Origin
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin; report-to="gws-team"
cross-origin-resource-policy: cross-origin
report-to: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]}
x-content-type-options: nosniff
x-xss-protection: 0
server: cloudflare
GET

https://google.onsimple.workers.dev/xjs/_/js/k=xjs.hd.en.rGUuk8I9qQM.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAhAAFAACAAgAAAAAAAAAAAAAAAAQIAQBAAQAAAgA4AICCABAAQEAAACBAEIBH2QAAAsAEACAAAEAAAASAAAAQAAAABgAAQBAAAAAAQAEAAAAAAAAAAAAAAADAAAIIAAAAAAAAAAAAAAQAAAAAHQAAAAAABAAABAQAwAAZQAAAIAAAAAA9AAgegIMUFgAAAAAAAAAAAAAACGCCYC4koCAAAgAAAAAAAAAAAAAAACAlTVzY/d=0/dg=0/rs=ACT90oGj4dHIv49zE7dPtZ8QAIVFFYi7zA/m=kMFpHd,sy8w,bm51tf?xjs=s4

msedge.exe

Remote address:

172.67.197.234:443

Request

GET /xjs/_/js/k=xjs.hd.en.rGUuk8I9qQM.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAhAAFAACAAgAAAAAAAAAAAAAAAAQIAQBAAQAAAgA4AICCABAAQEAAACBAEIBH2QAAAsAEACAAAEAAAASAAAAQAAAABgAAQBAAAAAAQAEAAAAAAAAAAAAAAADAAAIIAAAAAAAAAAAAAAQAAAAAHQAAAAAABAAABAQAwAAZQAAAIAAAAAA9AAgegIMUFgAAAAAAAAAAAAAACGCCYC4koCAAAgAAAAAAAAAAAAAAACAlTVzY/d=0/dg=0/rs=ACT90oGj4dHIv49zE7dPtZ8QAIVFFYi7zA/m=kMFpHd,sy8w,bm51tf?xjs=s4 HTTP/2.0
host: google.onsimple.workers.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Sat, 24 Aug 2024 10:34:28 GMT
content-type: text/html; charset=UTF-8
cf-ray: 8b82b0aa7adc63bf-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: public, max-age=14400
set-cookie: __Secure-ENID=21.SE=NGc6lY1HX0Fk8sPm_bIyqBsAMqZ3j6vPpwrN4naWdq67WHY0qb_NuUU8sD_VCVhD-2eXX91jfC9cHt2_cDjm5XhpzP9E6LXqQNkFJRz-nn4wUVQoHqzODGbE82gWmpO1p7tfJDhpir_G3vRvINo8IPmhDw8wwqYO1UbjujIZ7LzYGpGZ8Wuf-tBotKIKnQ; expires=Wed, 24-Sep-2025 02:52:46 GMT; path=/; domain=.google.com.hk; Secure; HttpOnly; SameSite=lax
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: unload=()
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
x-frame-options: SAMEORIGIN
x-xss-protection: 0
vary: Accept-Encoding
server: cloudflare
GET

https://google.onsimple.workers.dev/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=M7fJZvHBH7CLhbIP9Om1-AI&zx=1724495667665&opi=89978449

msedge.exe

Remote address:

172.67.197.234:443

Request

GET /gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=M7fJZvHBH7CLhbIP9Om1-AI&zx=1724495667665&opi=89978449 HTTP/2.0
host: google.onsimple.workers.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sat, 24 Aug 2024 10:34:28 GMT
content-type: image/x-icon
content-length: 1494
cf-ray: 8b82b0aafb5363bf-LHR
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 601
cache-control: public, max-age=14400
content-encoding: gzip
expires: Thu, 29 Aug 2024 11:18:22 GMT
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
vary: Accept-Encoding
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
cross-origin-resource-policy: cross-origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
x-content-type-options: nosniff
x-xss-protection: 0
server: cloudflare
GET

https://google.onsimple.workers.dev/favicon.ico

msedge.exe

Remote address:

172.67.197.234:443

Request

GET /favicon.ico HTTP/2.0
host: google.onsimple.workers.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Sat, 24 Aug 2024 10:34:28 GMT
content-type: text/html; charset=UTF-8
cf-ray: 8b82b0aaeb3c63bf-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: public, max-age=14400
set-cookie: __Secure-ENID=21.SE=Ay1M4NRtSkldGc9vsDaGNuc50sQS6GyBvG0eLCs3itvG12zb4S4uilS3jTktK5bzya3Ob2ydzEx6EQh3Ff4XctqkxUNfR_A53CrRcGFbzOFkEbFrWrw0JRBU6p_84butPI71bzJ8sG_SNfQINRbHTHR0hMDyYuUWAy4PvgN7mXhd5xEobGeifJluB2EDsQ; expires=Wed, 24-Sep-2025 02:52:46 GMT; path=/; domain=.google.com.hk; Secure; HttpOnly; SameSite=lax
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: unload=()
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
x-frame-options: SAMEORIGIN
x-xss-protection: 0
vary: Accept-Encoding
server: cloudflare
POST

https://google.onsimple.workers.dev/gen_204?ei=M7fJZvHBH7CLhbIP9Om1-AI&ved=0ahUKEwixp7f9to2IAxWwRUEAHfR0DS8QiZAHCH0&uact=3&bl=IRRk&s=webhp

msedge.exe

Remote address:

172.67.197.234:443

Request

POST /gen_204?ei=M7fJZvHBH7CLhbIP9Om1-AI&ved=0ahUKEwixp7f9to2IAxWwRUEAHfR0DS8QiZAHCH0&uact=3&bl=IRRk&s=webhp HTTP/2.0
host: google.onsimple.workers.dev
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
content-type: text/plain;charset=UTF-8
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://google.onsimple.workers.dev
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Sat, 24 Aug 2024 10:34:32 GMT
content-type: text/html; charset=UTF-8
cf-ray: 8b82b0c16b0663bf-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: public, max-age=14400
set-cookie: __Secure-ENID=21.SE=TnnhM4c4YL6Lon5smL3sw7CJcdrM38LsHXBlaJJfZ4WAmUNwDaYS_44bZqACcUy-n4Cgx52NIgvKFYnmD6Y0AC9_h3lBRFwMo6u7wZlzEi-vbsNWPR5w6dDzW0qYSGAGkGlsBwKtdZV9j8BhOAZDYiaaYkkUtGV_ay965YYVqDA0qVtiU7_HYQ07STI4GA; expires=Wed, 24-Sep-2025 02:52:50 GMT; path=/; domain=.google.com.hk; Secure; HttpOnly; SameSite=lax
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: unload=()
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
x-frame-options: SAMEORIGIN
x-xss-protection: 0
vary: Accept-Encoding
server: cloudflare
POST

https://google.onsimple.workers.dev/gen_204?ei=M7fJZvHBH7CLhbIP9Om1-AI&vet=10ahUKEwixp7f9to2IAxWwRUEAHfR0DS8QhJAHCCA..h&bl=IRRk&s=webhp&cdot=4477

msedge.exe

Remote address:

172.67.197.234:443

Request

POST /gen_204?ei=M7fJZvHBH7CLhbIP9Om1-AI&vet=10ahUKEwixp7f9to2IAxWwRUEAHfR0DS8QhJAHCCA..h&bl=IRRk&s=webhp&cdot=4477 HTTP/2.0
host: google.onsimple.workers.dev
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
content-type: text/plain;charset=UTF-8
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://google.onsimple.workers.dev
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Sat, 24 Aug 2024 10:34:32 GMT
content-type: text/html; charset=UTF-8
cf-ray: 8b82b0c16b0a63bf-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: public, max-age=14400
set-cookie: __Secure-ENID=21.SE=Sk3HnfXB02sd0VSmDrjoXcIxXbr5hIrZBYbugUHQ1m028St4noExEEelK64kclOxg5e5gmTXDxbkGsf1mKnhD2_tq7ZU0KGfNFPlVTezZd71Ccq-KLLnoafagJTrENpBRsfiq6M4Q4jz6vOE5jAR2LeiA-3-j2lMXIeJryKrDtlRtCXHb9hyJm7qRu_lSA; expires=Wed, 24-Sep-2025 02:52:50 GMT; path=/; domain=.google.com.hk; Secure; HttpOnly; SameSite=lax
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: unload=()
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
x-frame-options: SAMEORIGIN
x-xss-protection: 0
vary: Accept-Encoding
server: cloudflare
GET

https://google.onsimple.workers.dev/gen_204?atyp=i&ct=bxjs&cad=&b=1&ei=M7fJZvHBH7CLhbIP9Om1-AI&zx=1724495671273&opi=89978449

msedge.exe

Remote address:

172.67.197.234:443

Request

GET /gen_204?atyp=i&ct=bxjs&cad=&b=1&ei=M7fJZvHBH7CLhbIP9Om1-AI&zx=1724495671273&opi=89978449 HTTP/2.0
host: google.onsimple.workers.dev
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Sat, 24 Aug 2024 10:34:32 GMT
content-type: text/html; charset=UTF-8
cf-ray: 8b82b0c18b1e63bf-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: public, max-age=14400
set-cookie: __Secure-ENID=21.SE=L0IBSPj-XTdNP6mjFa2qq57l7CaFtD1kiPTfyZE3TR67Rg9IY7znTISAgS_eab4262BkLaJSidSVONxKf4VanjPtDPC3m4Ge92zguj-ta6CcwQfbNfRsaBWkp_4f0XAGhcMrIgkgltBWr3UYlvivGR-ohVwmtaDIiISzyeXpo1gYpny9gDM_v-X07rdl; expires=Wed, 24-Sep-2025 02:52:50 GMT; path=/; domain=.google.com.hk; Secure; HttpOnly; SameSite=lax
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: unload=()
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
x-frame-options: SAMEORIGIN
x-xss-protection: 0
vary: Accept-Encoding
server: cloudflare
POST

https://google.onsimple.workers.dev/gen_204?atyp=i&ei=M7fJZvHBH7CLhbIP9Om1-AI&ct=slh&v=t1&m=HV&pv=0.8117379638998257&me=1:1724495666826,V,0,0,1280,609:0,B,609:0,N,1,M7fJZvHBH7CLhbIP9Om1-AI:0,R,1,1,0,0,1280,609:635,x:3820,h,1,1,i:3377,e,B&zx=1724495674833&opi=89978449

msedge.exe

Remote address:

172.67.197.234:443

Request

POST /gen_204?atyp=i&ei=M7fJZvHBH7CLhbIP9Om1-AI&ct=slh&v=t1&m=HV&pv=0.8117379638998257&me=1:1724495666826,V,0,0,1280,609:0,B,609:0,N,1,M7fJZvHBH7CLhbIP9Om1-AI:0,R,1,1,0,0,1280,609:635,x:3820,h,1,1,i:3377,e,B&zx=1724495674833&opi=89978449 HTTP/2.0
host: google.onsimple.workers.dev
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-ch-ua-arch: "x86"
sec-ch-ua-full-version: "92.0.902.67"
sec-ch-ua-platform-version: "10.0"
content-type: text/plain;charset=UTF-8
sec-ch-ua-model:
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://google.onsimple.workers.dev
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Sat, 24 Aug 2024 10:34:36 GMT
content-type: text/html; charset=UTF-8
cf-ray: 8b82b0d7b9ca63bf-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: *
cache-control: public, max-age=14400
set-cookie: __Secure-ENID=21.SE=xDPmtcLhaNG2_gGh8cPIBaX4y3EX007M1Yq4SO9mrZEgkX8QibEE3pPycCVctrlK0JR6KIvbMz-erHWgjompupGCuR-FWq7wPv2wjithjvo4SoNZAoq2NMZcP9sYJ97R3eqxCsUA9HhFXfk17oid8issbetf2GOoHt4Z9U9ivPidUmQpIs6UQ2pk24wMRA; expires=Wed, 24-Sep-2025 02:52:54 GMT; path=/; domain=.google.com.hk; Secure; HttpOnly; SameSite=lax
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy: unload=()
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
x-frame-options: SAMEORIGIN
x-xss-protection: 0
vary: Accept-Encoding
server: cloudflare
DNS

fonts.gstatic.cn

msedge.exe

Remote address:

8.8.8.8:53

Request

fonts.gstatic.cn

IN A

Response

fonts.gstatic.cn

IN A

172.217.20.163
GET

https://fonts.gstatic.cn/s/i/productlogos/googleg/v6/24px.svg

msedge.exe

Remote address:

172.217.20.163:443

Request

GET /s/i/productlogos/googleg/v6/24px.svg HTTP/2.0
host: fonts.gstatic.cn
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

234.197.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.197.67.172.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

72.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

72.32.126.40.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

www.gstatic.cn

msedge.exe

Remote address:

8.8.8.8:53

Request

www.gstatic.cn

IN A

Response

www.gstatic.cn

IN A

142.250.201.163
GET

https://www.gstatic.cn/og/_/ss/k=og.qtm.hDmynL79n0s.L.W.O/m=qcwid,d_b_gm3,d_wi_gm3,d_lo_gm3/excm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/ct=zgms/rs=AA2YrTvdf0Ja9-cFHLh-nlOYGyOfmAxP9w

msedge.exe

Remote address:

142.250.201.163:443

Request

GET /og/_/ss/k=og.qtm.hDmynL79n0s.L.W.O/m=qcwid,d_b_gm3,d_wi_gm3,d_lo_gm3/excm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/ct=zgms/rs=AA2YrTvdf0Ja9-cFHLh-nlOYGyOfmAxP9w HTTP/2.0
host: www.gstatic.cn
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.gstatic.cn/og/_/js/k=og.qtm.en_US.eBMffMiMTMs.2019.O/rt=j/m=qabr,q_dnp,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/rs=AA2YrTuegSNGpEiwrVAs-2oG6bhvd2dkhg

msedge.exe

Remote address:

142.250.201.163:443

Request

GET /og/_/js/k=og.qtm.en_US.eBMffMiMTMs.2019.O/rt=j/m=qabr,q_dnp,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/rs=AA2YrTuegSNGpEiwrVAs-2oG6bhvd2dkhg HTTP/2.0
host: www.gstatic.cn
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

ogads-pa.googleapis.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ogads-pa.googleapis.com

IN A

Response

ogads-pa.googleapis.com

IN A

172.217.20.170

ogads-pa.googleapis.com

IN A

216.58.214.170

ogads-pa.googleapis.com

IN A

216.58.214.74

ogads-pa.googleapis.com

IN A

172.217.20.202

ogads-pa.googleapis.com

IN A

142.250.201.170

ogads-pa.googleapis.com

IN A

172.217.18.202

ogads-pa.googleapis.com

IN A

216.58.215.42

ogads-pa.googleapis.com

IN A

142.250.75.234

ogads-pa.googleapis.com

IN A

216.58.213.74

ogads-pa.googleapis.com

IN A

142.250.179.74

ogads-pa.googleapis.com

IN A

142.250.178.138

ogads-pa.googleapis.com

IN A

142.250.179.106
DNS

apis.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

142.250.178.142
OPTIONS

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

msedge.exe

Remote address:

172.217.20.170:443

Request

OPTIONS /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://google.onsimple.workers.dev
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
POST

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

msedge.exe

Remote address:

172.217.20.170:443

Request

POST /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.googleapis.com
content-length: 103
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
x-user-agent: grpc-web-javascript/0.1
dnt: 1
x-goog-api-key: AIzaSyCbsbvGCe7C9mCtdaTycZB2eUFuzsYKG_E
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/json+protobuf
accept: */*
origin: https://google.onsimple.workers.dev
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.MGCxJbnW_Xw.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo9xa4htLEVH9xe6c4ToUehtTaLWvA/cb=gapi.loaded_0

msedge.exe

Remote address:

142.250.178.142:443

Request

GET /_/scs/abc-static/_/js/k=gapi.gapi.en.MGCxJbnW_Xw.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo9xa4htLEVH9xe6c4ToUehtTaLWvA/cb=gapi.loaded_0 HTTP/2.0
host: apis.google.com
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

163.20.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

163.20.217.172.in-addr.arpa

IN PTR

Response

163.20.217.172.in-addr.arpa

IN PTR

waw02s07-in-f31e100net

163.20.217.172.in-addr.arpa

IN PTR

par10s49-in-f3�H

163.20.217.172.in-addr.arpa

IN PTR

waw02s07-in-f163�H
DNS

163.201.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

163.201.250.142.in-addr.arpa

IN PTR

Response

163.201.250.142.in-addr.arpa

IN PTR

par21s23-in-f31e100net
DNS

170.20.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

170.20.217.172.in-addr.arpa

IN PTR

Response

170.20.217.172.in-addr.arpa

IN PTR

waw02s07-in-f101e100net

170.20.217.172.in-addr.arpa

IN PTR

par10s49-in-f10�I

170.20.217.172.in-addr.arpa

IN PTR

waw02s07-in-f170�I
DNS

142.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

142.178.250.142.in-addr.arpa

IN PTR

Response

142.178.250.142.in-addr.arpa

IN PTR

par21s22-in-f141e100net
DNS

play.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

142.250.75.238
POST

https://play.google.com/log?format=json&hasfast=true

msedge.exe

Remote address:

142.250.75.238:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
content-length: 1514
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
content-type: application/x-www-form-urlencoded;charset=UTF-8
accept: */*
origin: https://google.onsimple.workers.dev
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.ax-0001.ax-msedge.net

g-bing-com.ax-0001.ax-msedge.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ba22c2b4979745d198334bd4cc6d44a8&localId=w:7D3940AF-3C75-1CBE-D2B7-F59822175060&deviceId=6966569430314798&anid=

Remote address:

150.171.28.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ba22c2b4979745d198334bd4cc6d44a8&localId=w:7D3940AF-3C75-1CBE-D2B7-F59822175060&deviceId=6966569430314798&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=253F7BF4E6BF63B513C36F11E7986251; domain=.bing.com; expires=Thu, 18-Sep-2025 10:34:30 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AA1B8B673C2D45F7AADD22FF4FAA7BD4 Ref B: LON04EDGE0611 Ref C: 2024-08-24T10:34:30Z
date: Sat, 24 Aug 2024 10:34:29 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ba22c2b4979745d198334bd4cc6d44a8&localId=w:7D3940AF-3C75-1CBE-D2B7-F59822175060&deviceId=6966569430314798&anid=

Remote address:

150.171.28.10:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ba22c2b4979745d198334bd4cc6d44a8&localId=w:7D3940AF-3C75-1CBE-D2B7-F59822175060&deviceId=6966569430314798&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=253F7BF4E6BF63B513C36F11E7986251

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=Qrw0ippZr4f8YTv3dKgXIaYWBSBKO0rhHM2Kel5PTS0; domain=.bing.com; expires=Thu, 18-Sep-2025 10:34:30 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FE3A9AE3A72E499FA15E5BAACA55B168 Ref B: LON04EDGE0611 Ref C: 2024-08-24T10:34:30Z
date: Sat, 24 Aug 2024 10:34:29 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ba22c2b4979745d198334bd4cc6d44a8&localId=w:7D3940AF-3C75-1CBE-D2B7-F59822175060&deviceId=6966569430314798&anid=

Remote address:

150.171.28.10:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ba22c2b4979745d198334bd4cc6d44a8&localId=w:7D3940AF-3C75-1CBE-D2B7-F59822175060&deviceId=6966569430314798&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=253F7BF4E6BF63B513C36F11E7986251; MSPTC=Qrw0ippZr4f8YTv3dKgXIaYWBSBKO0rhHM2Kel5PTS0

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0DB1725796004C45B1ADBE7FA20A1043 Ref B: LON04EDGE0611 Ref C: 2024-08-24T10:34:30Z
date: Sat, 24 Aug 2024 10:34:29 GMT
DNS

238.75.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.75.250.142.in-addr.arpa

IN PTR

Response

238.75.250.142.in-addr.arpa

IN PTR

par10s41-in-f141e100net
DNS

10.28.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.28.171.150.in-addr.arpa

IN PTR

Response
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

consent.google.com.hk

msedge.exe

Remote address:

8.8.8.8:53

Request

consent.google.com.hk

IN A

Response

consent.google.com.hk

IN A

142.250.179.78
POST

https://consent.google.com.hk/save?continue=https://google.onsimple.workers.dev/&gl=UK&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20240822-0_RC1&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true

msedge.exe

Remote address:

142.250.179.78:443

Request

POST /save?continue=https://google.onsimple.workers.dev/&gl=UK&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20240822-0_RC1&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true HTTP/2.0
host: consent.google.com.hk
content-length: 0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Microsoft Edge";v="92"
dnt: 1
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept: */*
origin: https://google.onsimple.workers.dev
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://google.onsimple.workers.dev/
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
DNS

78.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

78.179.250.142.in-addr.arpa

IN PTR

Response

78.179.250.142.in-addr.arpa

IN PTR

par21s19-in-f141e100net
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

192.142.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

192.142.123.92.in-addr.arpa

IN PTR

Response

192.142.123.92.in-addr.arpa

IN PTR

a92-123-142-192deploystaticakamaitechnologiescom
DNS

81.144.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.144.22.2.in-addr.arpa

IN PTR

Response

81.144.22.2.in-addr.arpa

IN PTR

a2-22-144-81deploystaticakamaitechnologiescom
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360284736_11427X8L96F0YA4AW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239360284736_11427X8L96F0YA4AW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 679182
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6EF1820D7937472EA9F03A386880D7C5 Ref B: LON04EDGE0814 Ref C: 2024-08-24T10:36:10Z
date: Sat, 24 Aug 2024 10:36:09 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301480_1GLUO11W92SWCVMG3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239317301480_1GLUO11W92SWCVMG3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 769326
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 841B102DB35D4A49ACD41ACFF3A4FF75 Ref B: LON04EDGE0814 Ref C: 2024-08-24T10:36:10Z
date: Sat, 24 Aug 2024 10:36:09 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418551_1MWHJRW59UCHVWKN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239340418551_1MWHJRW59UCHVWKN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 534196
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EC2BAEAE92884CBB8D4C0995E99F99BC Ref B: LON04EDGE0814 Ref C: 2024-08-24T10:36:10Z
date: Sat, 24 Aug 2024 10:36:09 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301047_1S8G2IIVJ6Z2H00N1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239317301047_1S8G2IIVJ6Z2H00N1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 874040
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 241B75EF536845079F23870B4E1A40FD Ref B: LON04EDGE0814 Ref C: 2024-08-24T10:36:10Z
date: Sat, 24 Aug 2024 10:36:09 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360284735_1J9G8ZRD0Q7KNETKQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239360284735_1J9G8ZRD0Q7KNETKQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 666327
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1EEA670A1D254EA880AE3345F6DEFAC5 Ref B: LON04EDGE0814 Ref C: 2024-08-24T10:36:10Z
date: Sat, 24 Aug 2024 10:36:09 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.27.10:443

Request

GET /th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 522409
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B01393A7C7134BDDB2B09C5F641C3C59 Ref B: LON04EDGE0814 Ref C: 2024-08-24T10:36:10Z
date: Sat, 24 Aug 2024 10:36:10 GMT
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response

172.67.197.234:443

https://google.onsimple.workers.dev/gen_204?atyp=i&ei=M7fJZvHBH7CLhbIP9Om1-AI&ct=slh&v=t1&m=HV&pv=0.8117379638998257&me=1:1724495666826,V,0,0,1280,609:0,B,609:0,N,1,M7fJZvHBH7CLhbIP9Om1-AI:0,R,1,1,0,0,1280,609:635,x:3820,h,1,1,i:3377,e,B&zx=1724495674833&opi=89978449

tls, http2

msedge.exe

29.1kB
684.4kB
373
568

HTTP Request

GET https://google.onsimple.workers.dev/

HTTP Response

200

HTTP Request

GET https://google.onsimple.workers.dev/xjs/_/ss/k=xjs.hd.5quDWl5YgmQ.L.W.O/am=AFEAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAEAAACAAAAAAAAoAAISACAAAA2ACAAAAAAAgAIAAAAAABAAQAAAQQwAAAAAEAAAEQABAAIEAAAQAAQAgIAEKAAIVCABASAIAoBAAAABgAAQhAYYBiAUAHAKEAAAAAAgIAIAAAAAGoEIEAAgDwCAeAAIEYAAAgBHYAAAAgAEAACABAQwAAZQAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAACCAACAAoAAAAAAAAAAAAAAAAAAAAAAE/d=1/ed=1/rs=ACT90oG-2fg6zs6V71LA_-psr1SHaaoDmA/m=cdos,cr,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl

HTTP Request

GET https://google.onsimple.workers.dev/xjs/_/js/k=xjs.hd.en.rGUuk8I9qQM.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAhAAFAACAAgAAAAAAAAAAAAAAAAQIAQBAAQAAAgA4AICCABAAQEAAACBAEIBH2QAAAsAEACAAAEAAAASAAAAQAAAABgAAQBAAAAAAQAEAAAAAAAAAAAAAAADAAAIIAAAAAAAAAAAAAAQAAAAAHQAAAAAABAAABAQAwAAZQAAAIAAAAAA9AAgegIMUFgAAAAAAAAAAAAAACGCCYC4koCAAAgAAAAAAAAAAAAAAACAlTVzY/d=1/ed=1/dg=3/rs=ACT90oGj4dHIv49zE7dPtZ8QAIVFFYi7zA/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:wJqrrd;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;Erl4fe:FloWmf,FloWmf;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hPyGBb;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IZrNqe:P8ha2c;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;Oj465e:KG2eXe,KG2eXe;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZMvdv:PHFPjb;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;daB6be:lMxGPd;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;io8t5d:sgY6Zb;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lkq0A:JyBE3e;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:mg5CW;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;sP4Vbe:VwDzFe;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uY49fb:COQbmf;uuQkY:u2V3ud;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;whEZac:F4AmNb;xBbsrc:NEW1Qc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,cr,hsm,jsa,mb4ZUb,d,csi,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl

HTTP Response

200

HTTP Request

GET https://google.onsimple.workers.dev/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png

HTTP Response

200

HTTP Request

GET https://google.onsimple.workers.dev/images/searchbox/desktop_searchbox_sprites318_hr.webp

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://google.onsimple.workers.dev/gen_204?ei=M7fJZvHBH7CLhbIP9Om1-AI&vet=10ahUKEwixp7f9to2IAxWwRUEAHfR0DS8QhJAHCCA..s&bl=IRRk&s=webhp&gl=uk&pc=SEARCH_HOMEPAGE&isMobile=false

HTTP Request

GET https://google.onsimple.workers.dev/gen_204?atyp=i&ct=bxjs&cad=&b=0&ei=M7fJZvHBH7CLhbIP9Om1-AI&zx=1724495666793&opi=89978449

HTTP Response

204

HTTP Response

204

HTTP Request

GET https://google.onsimple.workers.dev/complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en-GB&authuser=0&psi=M7fJZvHBH7CLhbIP9Om1-AI.1724495667026&dpr=1&nolsbt=1

HTTP Request

POST https://google.onsimple.workers.dev/gen_204?s=webhp&t=aft&atyp=csi&ei=M7fJZvHBH7CLhbIP9Om1-AI&rt=wsrt.630,aft.699,afti.699,hst.74,prt.434&imn=12&ima=2&imad=0&imac=1&wh=609&aftie=0ahUKEwixp7f9to2IAxWwRUEAHfR0DS8QhJAHCCA&aft=1&aftp=609&opi=89978449

HTTP Request

POST https://google.onsimple.workers.dev/gen_204?atyp=csi&ei=M7fJZvHBH7CLhbIP9Om1-AI&s=webhp&t=all&imn=12&ima=2&imad=0&imac=1&wh=609&aftie=0ahUKEwixp7f9to2IAxWwRUEAHfR0DS8QhJAHCCA&aft=1&aftp=609&adh=&ime=2&imeae=0&imeap=0&imex=2&imeh=0&imeha=0&imehb=0&imea=0&imeb=0&imel=0&imed=0&imeeb=0&scp=0&cb=81345&ucb=275989&mem=ujhs.9,tjhs.11,jhsl.2173,dm.8&hp=&sys=hc.8&p=bs.true&rt=hst.74,prt.434,xjses.453,xjsee.586,xjs.586,dcl.640,afti.699,aftip.674,aft.699,lcp.371,fcp.371,aftqf.703,wsrt.630,cst.119,dnst.0,rqst.343,rspt.39,sslt.89,rqstt.326,unt.23,cstt.206,dit.1066&zx=1724495667097&opi=89978449

HTTP Request

GET https://google.onsimple.workers.dev/xjs/_/js/md=2/k=xjs.hd.en.rGUuk8I9qQM.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAhAAFAACAAgAAAAAAAAAAAAAAAAQIAQBAAQAAAgA4AICCABAAQEAAACBAEIBH2QAAAsAEACAAAEAAAASAAAAQAAAABgAAQBAAAAAAQAEAAAAAAAAAAAAAAADAAAIIAAAAAAAAAAAAAAQAAAAAHQAAAAAABAAABAQAwAAZQAAAIAAAAAA9AAgegIMUFgAAAAAAAAAAAAAACGCCYC4koCAAAgAAAAAAAAAAAAAAACAlTVzY/rs=ACT90oGj4dHIv49zE7dPtZ8QAIVFFYi7zA

HTTP Request

GET https://google.onsimple.workers.dev/xjs/_/js/k=xjs.hd.en.rGUuk8I9qQM.O/ck=xjs.hd.5quDWl5YgmQ.L.W.O/am=AFEAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAEAAACAAAAAAAApAANSACAAgA2ACAAAAAAAgAIAAQIAQBAAQAAAwQ4AICCAFAAQEQABCBIEIBH2QAQAsIEEKAAIVCABASAIAoRAAAABgAAQhAYYBiAUAHAKEAAAAAAgIAIAADAAGoMIEAAgDwCAeAAIEYAAAgBHYAAAAgAFAACBBQQwAAZQAAAIAAAAAA9AAgegIMUFgAAAAAAAAAAAAAACGCCYC4koCAAAgAAAAAAAAAAAAAAACAlTVzY/d=0/dg=0/ujg=1/rs=ACT90oEKbk5zDyz9VO__fdLlZ4ZetSHqXA/m=sb_wiz,aa,abd,sytv,sytu,sytp,syfz,sytt,sytf,sy103,syz9,sytk,syz8,sytq,syts,syto,syu9,sytd,syua,syub,syu2,syu6,sytl,syu0,syu3,syu4,sytx,syty,sytg,syth,sys6,syrw,syru,syrt,sytj,syz7,syui,syuj,syuh,async,ifl,pHXghd,sf,sy1c5,sy1c8,sy4du,sonic,TxCJfd,sy4dy,qzxzOb,IsdWVc,sy4e0,sy1gu,sy1d6,sy1d2,syrs,syrq,syrr,syrp,syro,sy4cf,sy4ci,sy2ib,sy18s,sy18u,sy13o,sy13p,syrl,syrj,syfd,sybx,syc0,sybv,sybz,syby,sycr,spch,MpJwZc,UUJqVe,sy7n,sOXFj,sy7m,s39S4,oGtAuc,NTMZac,nAFL3,sy8f,sy8e,q0xTif,y05UD,syxy,sy1de,sy1du,sy1dm,sy174,syvr,syy0,sy7u,syxz,syxx,syxw,syxv,syy1,sya9,syb5,sy1dl,sy1dv,sy14a,sy1dt,sy144,sy1dn,sy16w,sy1da,sy171,sy1dk,sy1df,sy1db,sy172,sy173,sy1do,sy13r,sy1dj,sy1di,sy1dg,syk2,sy1dh,sy1dq,sy1d4,sy1dc,sy1d3,sy1d9,sy1d5,sy17z,sy1dd,sy1cz,sy176,sy177,syy3,syy4,epYOx,sys9,sys8,rtH1bd,sy1ec,sy19u,sy18j,sygb,sy1eb,sy13w,sy1ea,sy18k,sygd,sy1ed,SMquOb,sy8h,sygj,sygh,sygi,sygk,sygg,sygr,sygp,sygn,sygf,syco,sycj,sycm,syam,syae,syb8,syal,syak,sya7,syb3,syaj,syas,sy9u,sy9t,syck,syc2,syc3,syc9,syaq,sybb,syc8,syc1,sybu,sybt,syah,syao,syc4,sybp,sybm,sybl,sybn,syag,syb9,sybg,sybe,sybi,sybf,sybh,syaa,syab,syb6,syct,syd8,sycu,syd9,syac,syb7,sya8,syb4,syar,syad,sycs,sych,sycd,syce,sy9x,sya1,sy9y,sya2,sy9z,sy9r,sy9o,sy9q,sya6,syc5,syg5,syge,syga,syg8,sy80,sy7x,sy7z,syg7,sygc,syg6,syg4,syg1,syg0,sy83,uxMpU,syfv,syd3,syd1,sycv,syda,sycx,sycw,sybj,sycz,sycq,sy90,sy8z,sy8y,Mlhmy,QGR0gd,aurFic,sy99,fKUV3e,OTA3Ae,sy8i,OmgaI,EEDORb,PoEs9b,Pjplud,sy8v,sy8o,COQbmf,uY49fb,sy7s,sy7t,sy7r,sy7q,byfTOb,lsjVmc,LEikZe,kWgXee,U0aPgd,ovKuLd,sgY6Zb,io8t5d,KG2eXe,Oj465e,sy1eh,sy1ee,syyo,syt0,d5EhJe,sy1ey,fCxEDd,syvs,sy1ex,sy1ew,sy1ev,sy1er,sy1ep,sy1el,sy1en,sy1em,sy1eq,sy1br,sy1bk,sy191,sy19b,T1HOxc,sy1eo,sy1ek,zx30Y,sy1ez,sy1et,sy1a6,Wo3n8,syuu,loL8vb,syuy,syux,syuw,ms4mZb,syqj,B2qlPe,syv5,NzU6V,sy10f,syvl,zGLm3b,syx0,syx1,syws,DhPYme?xjs=s3

HTTP Request

POST https://google.onsimple.workers.dev/gen_204?atyp=csi&ei=M7fJZvHBH7CLhbIP9Om1-AI&s=webhp&nt=navigate&t=fi&st=1123&fid=150&zx=1724495667123&opi=89978449

HTTP Request

GET https://google.onsimple.workers.dev/client_204?atyp=i&biw=1280&bih=609&ei=M7fJZvHBH7CLhbIP9Om1-AI&opi=89978449

HTTP Response

200

HTTP Response

204

HTTP Response

204

HTTP Response

200

HTTP Response

204

HTTP Response

204

HTTP Response

200

HTTP Request

GET https://google.onsimple.workers.dev/xjs/_/ss/k=xjs.hd.5quDWl5YgmQ.L.W.O/am=AFEAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAEAAACAAAAAAAAoAAISACAAAA2ACAAAAAAAgAIAAAAAABAAQAAAQQwAAAAAEAAAEQABAAIEAAAQAAQAgIAEKAAIVCABASAIAoBAAAABgAAQhAYYBiAUAHAKEAAAAAAgIAIAAAAAGoEIEAAgDwCAeAAIEYAAAgBHYAAAAgAEAACABAQwAAZQAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAACCAACAAoAAAAAAAAAAAAAAAAAAAAAAE/d=0/rs=ACT90oG-2fg6zs6V71LA_-psr1SHaaoDmA/m=syjw,syl1?xjs=s4

HTTP Request

GET https://google.onsimple.workers.dev/xjs/_/js/k=xjs.hd.en.rGUuk8I9qQM.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAhAAFAACAAgAAAAAAAAAAAAAAAAQIAQBAAQAAAgA4AICCABAAQEAAACBAEIBH2QAAAsAEACAAAEAAAASAAAAQAAAABgAAQBAAAAAAQAEAAAAAAAAAAAAAAADAAAIIAAAAAAAAAAAAAAQAAAAAHQAAAAAABAAABAQAwAAZQAAAIAAAAAA9AAgegIMUFgAAAAAAAAAAAAAACGCCYC4koCAAAgAAAAAAAAAAAAAAACAlTVzY/d=0/dg=0/rs=ACT90oGj4dHIv49zE7dPtZ8QAIVFFYi7zA/m=sy1g2,P10Owf,sy1eu,sy1es,syrb,gSZvdb,syzy,syzx,WlNQGd,syrg,syrd,syrc,syra,DPreE,sy10a,sy108,nabPbb,syzs,syzq,syjw,syl1,CnSW2d,kQvlef,sy109,fXO0xe?xjs=s4

HTTP Request

POST https://google.onsimple.workers.dev/gen_204?atyp=csi&ei=M7fJZvHBH7CLhbIP9Om1-AI&s=promo&rt=hpbas.1055&zx=1724495667447&opi=89978449

HTTP Request

POST https://google.onsimple.workers.dev/gen_204?atyp=i&ei=M7fJZvHBH7CLhbIP9Om1-AI&dt19=2&prm23=0&zx=1724495667458&opi=89978449

HTTP Request

GET https://google.onsimple.workers.dev/client_204?cs=1&opi=89978449

HTTP Request

GET https://google.onsimple.workers.dev/async/hpba?vet=10ahUKEwixp7f9to2IAxWwRUEAHfR0DS8Qj-0KCBU..i&ei=M7fJZvHBH7CLhbIP9Om1-AI&opi=89978449&yv=3&sp_imghp=false&sp_hpep=1&stick=&cs=0&async=_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.rGUuk8I9qQM.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAhAAFAACAAgAAAAAAAAAAAAAAAAQIAQBAAQAAAgA4AICCABAAQEAAACBAEIBH2QAAAsAEACAAAEAAAASAAAAQAAAABgAAQBAAAAAAQAEAAAAAAAAAAAAAAADAAAIIAAAAAAAAAAAAAAQAAAAAHQAAAAAABAAABAQAwAAZQAAAIAAAAAA9AAgegIMUFgAAAAAAAAAAAAAACGCCYC4koCAAAgAAAAAAAAAAAAAAACAlTVzY%2Fdg%3D0%2Frs%3DACT90oGj4dHIv49zE7dPtZ8QAIVFFYi7zA,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.5quDWl5YgmQ.L.W.O%2Fam%3DAFEAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAEAAACAAAAAAAAoAAISACAAAA2ACAAAAAAAgAIAAAAAABAAQAAAQQwAAAAAEAAAEQABAAIEAAAQAAQAgIAEKAAIVCABASAIAoBAAAABgAAQhAYYBiAUAHAKEAAAAAAgIAIAAAAAGoEIEAAgDwCAeAAIEYAAAgBHYAAAAgAEAACABAQwAAZQAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAACCAACAAoAAAAAAAAAAAAAAAAAAAAAAE%2Frs%3DACT90oG-2fg6zs6V71LA_-psr1SHaaoDmA,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en.rGUuk8I9qQM.O%2Fck%3Dxjs.hd.5quDWl5YgmQ.L.W.O%2Fam%3DAFEAAAAAAAAAAAwAAAAAAAAAAAAAAAAAAAAEAAACAAAAAAAApAANSACAAgA2ACAAAAAAAgAIAAQIAQBAAQAAAwQ4AICCAFAAQEQABCBIEIBH2QAQAsIEEKAAIVCABASAIAoRAAAABgAAQhAYYBiAUAHAKEAAAAAAgIAIAADAAGoMIEAAgDwCAeAAIEYAAAgBHYAAAAgAFAACBBQQwAAZQAAAIAAAAAA9AAgegIMUFgAAAAAAAAAAAAAACGCCYC4koCAAAgAAAAAAAAAAAAAAACAlTVzY%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fujg%3D1%2Frs%3DACT90oEKbk5zDyz9VO__fdLlZ4ZetSHqXA,_fmt:prog,_id:_M7fJZvHBH7CLhbIP9Om1-AI_8

HTTP Response

200

HTTP Response

200

HTTP Response

204

HTTP Response

204

HTTP Request

GET https://google.onsimple.workers.dev/xjs/_/js/k=xjs.hd.en.rGUuk8I9qQM.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAhAAFAACAAgAAAAAAAAAAAAAAAAQIAQBAAQAAAgA4AICCABAAQEAAACBAEIBH2QAAAsAEACAAAEAAAASAAAAQAAAABgAAQBAAAAAAQAEAAAAAAAAAAAAAAADAAAIIAAAAAAAAAAAAAAQAAAAAHQAAAAAABAAABAQAwAAZQAAAIAAAAAA9AAgegIMUFgAAAAAAAAAAAAAACGCCYC4koCAAAgAAAAAAAAAAAAAAACAlTVzY/d=0/dg=0/rs=ACT90oGj4dHIv49zE7dPtZ8QAIVFFYi7zA/m=syfy,aLUfP?xjs=s4

HTTP Response

204

HTTP Response

200

HTTP Response

200

HTTP Request

POST https://google.onsimple.workers.dev/gen_204?atyp=csi&ei=NLfJZuLqMMGji-gPzKeWKQ&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.9,tjhs.11,jhsl.2173,dm.8&hp=&rt=ttfb.139,st.140,bs.27,aaft.142,acrt.144,art.144&zx=1724495667594&opi=89978449

HTTP Request

POST https://google.onsimple.workers.dev/gen_204?atyp=csi&ei=M7fJZvHBH7CLhbIP9Om1-AI&s=promo&rt=hpbas.1055,hpbarr.149&zx=1724495667596&opi=89978449

HTTP Request

GET https://google.onsimple.workers.dev/xjs/_/js/k=xjs.hd.en.rGUuk8I9qQM.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAhAAFAACAAgAAAAAAAAAAAAAAAAQIAQBAAQAAAgA4AICCABAAQEAAACBAEIBH2QAAAsAEACAAAEAAAASAAAAQAAAABgAAQBAAAAAAQAEAAAAAAAAAAAAAAADAAAIIAAAAAAAAAAAAAAQAAAAAHQAAAAAABAAABAQAwAAZQAAAIAAAAAA9AAgegIMUFgAAAAAAAAAAAAAACGCCYC4koCAAAgAAAAAAAAAAAAAAACAlTVzY/d=0/dg=0/rs=ACT90oGj4dHIv49zE7dPtZ8QAIVFFYi7zA/m=kMFpHd,sy8w,bm51tf?xjs=s4

HTTP Response

204

HTTP Response

200

HTTP Request

GET https://google.onsimple.workers.dev/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=M7fJZvHBH7CLhbIP9Om1-AI&zx=1724495667665&opi=89978449

HTTP Request

GET https://google.onsimple.workers.dev/favicon.ico

HTTP Response

204

HTTP Response

200

HTTP Response

204

HTTP Request

POST https://google.onsimple.workers.dev/gen_204?ei=M7fJZvHBH7CLhbIP9Om1-AI&ved=0ahUKEwixp7f9to2IAxWwRUEAHfR0DS8QiZAHCH0&uact=3&bl=IRRk&s=webhp

HTTP Request

POST https://google.onsimple.workers.dev/gen_204?ei=M7fJZvHBH7CLhbIP9Om1-AI&vet=10ahUKEwixp7f9to2IAxWwRUEAHfR0DS8QhJAHCCA..h&bl=IRRk&s=webhp&cdot=4477

HTTP Request

GET https://google.onsimple.workers.dev/gen_204?atyp=i&ct=bxjs&cad=&b=1&ei=M7fJZvHBH7CLhbIP9Om1-AI&zx=1724495671273&opi=89978449

HTTP Response

204

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://google.onsimple.workers.dev/gen_204?atyp=i&ei=M7fJZvHBH7CLhbIP9Om1-AI&ct=slh&v=t1&m=HV&pv=0.8117379638998257&me=1:1724495666826,V,0,0,1280,609:0,B,609:0,N,1,M7fJZvHBH7CLhbIP9Om1-AI:0,R,1,1,0,0,1280,609:635,x:3820,h,1,1,i:3377,e,B&zx=1724495674833&opi=89978449

HTTP Response

204
172.217.20.163:443

https://fonts.gstatic.cn/s/i/productlogos/googleg/v6/24px.svg

tls, http2

msedge.exe

1.9kB
9.5kB
16
17

HTTP Request

GET https://fonts.gstatic.cn/s/i/productlogos/googleg/v6/24px.svg
142.250.201.163:443

https://www.gstatic.cn/og/_/js/k=og.qtm.en_US.eBMffMiMTMs.2019.O/rt=j/m=qabr,q_dnp,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/rs=AA2YrTuegSNGpEiwrVAs-2oG6bhvd2dkhg

tls, http2

msedge.exe

4.2kB
94.5kB
61
78

HTTP Request

GET https://www.gstatic.cn/og/_/ss/k=og.qtm.hDmynL79n0s.L.W.O/m=qcwid,d_b_gm3,d_wi_gm3,d_lo_gm3/excm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/ct=zgms/rs=AA2YrTvdf0Ja9-cFHLh-nlOYGyOfmAxP9w

HTTP Request

GET https://www.gstatic.cn/og/_/js/k=og.qtm.en_US.eBMffMiMTMs.2019.O/rt=j/m=qabr,q_dnp,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/rs=AA2YrTuegSNGpEiwrVAs-2oG6bhvd2dkhg
142.250.201.163:443

www.gstatic.cn

tls, http2

msedge.exe

999 B
8.1kB
9
9
172.217.20.170:443

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

tls, http2

msedge.exe

2.6kB
7.8kB
21
25

HTTP Request

OPTIONS https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

HTTP Request

POST https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData
142.250.178.142:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.MGCxJbnW_Xw.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo9xa4htLEVH9xe6c4ToUehtTaLWvA/cb=gapi.loaded_0

tls, http2

msedge.exe

3.1kB
50.7kB
41
45

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.MGCxJbnW_Xw.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo9xa4htLEVH9xe6c4ToUehtTaLWvA/cb=gapi.loaded_0
142.250.75.238:443

https://play.google.com/log?format=json&hasfast=true

tls, http2

msedge.exe

3.5kB
9.1kB
18
20

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true
150.171.28.10:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ba22c2b4979745d198334bd4cc6d44a8&localId=w:7D3940AF-3C75-1CBE-D2B7-F59822175060&deviceId=6966569430314798&anid=

tls, http2

2.0kB
9.3kB
22
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ba22c2b4979745d198334bd4cc6d44a8&localId=w:7D3940AF-3C75-1CBE-D2B7-F59822175060&deviceId=6966569430314798&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=ba22c2b4979745d198334bd4cc6d44a8&localId=w:7D3940AF-3C75-1CBE-D2B7-F59822175060&deviceId=6966569430314798&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=ba22c2b4979745d198334bd4cc6d44a8&localId=w:7D3940AF-3C75-1CBE-D2B7-F59822175060&deviceId=6966569430314798&anid=

HTTP Response

204
142.250.179.78:443

https://consent.google.com.hk/save?continue=https://google.onsimple.workers.dev/&gl=UK&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20240822-0_RC1&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true

tls, http2

msedge.exe

2.0kB
7.9kB
16
18

HTTP Request

POST https://consent.google.com.hk/save?continue=https://google.onsimple.workers.dev/&gl=UK&m=0&pc=shp&x=5&src=2&hl=en&bl=gws_20240822-0_RC1&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true
150.171.27.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

145.5kB
4.2MB
3032
3029

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360284736_11427X8L96F0YA4AW&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301480_1GLUO11W92SWCVMG3&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418551_1MWHJRW59UCHVWKN4&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301047_1S8G2IIVJ6Z2H00N1&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360284735_1J9G8ZRD0Q7KNETKQ&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418552_1AAPCBWXWYRQF23F9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.27.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13

8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

google.onsimple.workers.dev

dns

msedge.exe

73 B
105 B
1
1

DNS Request

google.onsimple.workers.dev

DNS Response

172.67.197.234

104.21.34.45
8.8.8.8:53

fonts.gstatic.cn

dns

msedge.exe

62 B
78 B
1
1

DNS Request

fonts.gstatic.cn

DNS Response

172.217.20.163
8.8.8.8:53

234.197.67.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

234.197.67.172.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

72.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

72.32.126.40.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

www.gstatic.cn

dns

msedge.exe

60 B
76 B
1
1

DNS Request

www.gstatic.cn

DNS Response

142.250.201.163
8.8.8.8:53

ogads-pa.googleapis.com

dns

msedge.exe

69 B
261 B
1
1

DNS Request

ogads-pa.googleapis.com

DNS Response

172.217.20.170

216.58.214.170

216.58.214.74

172.217.20.202

142.250.201.170

172.217.18.202

216.58.215.42

142.250.75.234

216.58.213.74

142.250.179.74

142.250.178.138

142.250.179.106
8.8.8.8:53

apis.google.com

dns

msedge.exe

61 B
98 B
1
1

DNS Request

apis.google.com

DNS Response

142.250.178.142
172.217.20.170:443

ogads-pa.googleapis.com

https

msedge.exe

3.1kB
6.6kB
5
7
8.8.8.8:53

163.20.217.172.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

163.20.217.172.in-addr.arpa
8.8.8.8:53

163.201.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

163.201.250.142.in-addr.arpa
8.8.8.8:53

170.20.217.172.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

170.20.217.172.in-addr.arpa
8.8.8.8:53

142.178.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

142.178.250.142.in-addr.arpa
8.8.8.8:53

play.google.com

dns

msedge.exe

61 B
77 B
1
1

DNS Request

play.google.com

DNS Response

142.250.75.238
8.8.8.8:53

g.bing.com

dns

56 B
148 B
1
1

DNS Request

g.bing.com

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

238.75.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

238.75.250.142.in-addr.arpa
224.0.0.251:5353

580 B
9
8.8.8.8:53

10.28.171.150.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

10.28.171.150.in-addr.arpa
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
142.250.75.238:443

play.google.com

https

msedge.exe

8.9kB
9.2kB
17
19
8.8.8.8:53

consent.google.com.hk

dns

msedge.exe

67 B
83 B
1
1

DNS Request

consent.google.com.hk

DNS Response

142.250.179.78
8.8.8.8:53

78.179.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

78.179.250.142.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

192.142.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

192.142.123.92.in-addr.arpa
8.8.8.8:53

81.144.22.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

81.144.22.2.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.227.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.27.10

150.171.28.10
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
097333e5431cbe209534f0d482b5d950

SHA1
1812667da378cdce0249c08697152aaa2a58e527

SHA256
bab52dca33c28538c9174ab2bfe8bd18135fd95588f50c84fd48d6fe3c696938

SHA512
c31748523f2eb926829693722b5b113c8fe34c4ff42e0386998bf9b04d4164860cf310ae4c691ae3da3ad290265c2d7d34158b01e4f8b1b83f7923e7ba032269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8bd502f350bdd04a65af2a60b2e73fb4

SHA1
6502abc3af939e0fa473c0e845eb142a40d30836

SHA256
c7718820f9269989740f2f25638bdc5714023c25c8bfbfe74d18939b78888147

SHA512
468a55603877c16dd0b1a621d4b1a2b343922b1eb38a11f1b05f30b251c6880b7df302553f0e01ddeac232d201b83f1ef7512e1d218ea34385a0440968aadc23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
71086025f30cd502485e9fb6aec1b7fc

SHA1
4701e8495aa0416c3b246e7dc34c43c4f99b6bde

SHA256
20634f528192a75b3d16527a183808ccc3774bf3446a96a0c1241c26ecc2d2d8

SHA512
31cfe897a6b5221a449a4b5dec1601182198d74358e9a18437d9787a66e7f619c07f87ee6ff232aed65f032b71062b2eae48ff3fbab45c42b97754fbfe594a35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c0cca253bcebfab236468c11624cf654

SHA1
cc5053f38710b8a42f7844739383cb741548401e

SHA256
1512973611c3095e3d73e96f47ddc4b796155fc1f4364ba1eda5401656409136

SHA512
3ac97d8c98b2d2f18a96a723e2fc20ab7930815ca8d9f7408d41e8e786de08dfca83e3f1ebed719d76ed7f1cb1bf5a13f02a3109bbf6086a062a8990308ef131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cb6b06597386a6a93c033d7110a4a0f0

SHA1
97931e6ad80127b4db663e11810de44d2b228120

SHA256
a17e185bc3be50b95de265bff397b7ad13437d1e7917e2de265078f866bcdaf2

SHA512
6a785ffa168694c002f34c148fcf9627c3f511632d4a3b32c7c768e2bc9bfef51b62121bf7fd673ff84adff3627cabac2f784ab253624bd000773ebf6ef4d5d1

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request