56ac2bb0bea575eb85089eb2ab8059408d16100a46b5fe5aafb7eb14440cfb22

Change Default File Association

T1546.001

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}"	OneDrive.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx	OneDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx	OneDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}"	OneDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ FileSyncEx\ = "{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}"	OneDrive.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\Update\\OneDriveSetup.exe\""	OneDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Delete Cached Standalone Update Binary = "C:\\Windows\\system32\\cmd.exe /q /c del /q \"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\StandaloneUpdater\\OneDriveSetup.exe\""	OneDriveSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	FileSyncConfig.exe

Checks system information in the registry 2 TTPs 6 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	OneDrive.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	OneDriveSetup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	OneDriveSetup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	OneDriveSetup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	OneDriveSetup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	OneDrive.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OneDriveSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileSyncConfig.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OneDrive.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OneDrive.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OneDriveSetup.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	OneDrive.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	OneDrive.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 11 IoCs

adware spyware

Modify Registry

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Internet Explorer\Main	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Internet Explorer\GPU	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	OneDrive.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	OneDriveSetup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\OneDrive.exe = "11000"	OneDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	OneDrive.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1"	OneDrive.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133732872658885663"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\ShellFolder\Attributes = "4034920525"	FileSyncConfig.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\BannerNotificationHandler.BannerNotificationHandler\shell\import\DropTarget\CLSID = "{2e7c0a19-0438-41e9-81e3-3ad3d64f55ba}"	OneDriveSetup.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}	OneDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Interface\{3A4E62AE-45D9-41D5-85F5-A45B77AB44E5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	OneDrive.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_CLASSES\WOW6432NODE\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\INSTANCE\INITPROPERTYBAG	FileSyncConfig.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\Interface\{6A821279-AB49-48F8-9A27-F6C59B4FF024}	OneDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\LocalServer32	OneDrive.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}	OneDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}	OneDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}\TypeLib\ = "{082D3FEC-D0D0-4DF6-A988-053FECE7B884}"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\Interface\{f0440f4e-4884-4a8F-8a45-ba89c00f96f2}\ProxyStubClsid32	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Interface\{22A68885-0FD9-42F6-9DED-4FB174DC7344}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\Interface\{1196AE48-D92B-4BC7-85DE-664EC3F761F1}\ = "ISyncItemPathCallback"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Interface\{385ED83D-B50C-4580-B2C3-9E64DBE7F511}\ = "IItemActivityCallback"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\Interface\{B54E7079-90C9-4C62-A6B8-B2834C33A04A}\ = "IGetSpecialFolderInfoCallback"	OneDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\Interface\{f0440f4e-4884-4a8F-8a45-ba89c00f96f2}\TypeLib	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32\ThreadingModel = "Apartment"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}	OneDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}	OneDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\TypeLib	OneDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Interface\{e9de26a1-51b2-47b4-b1bf-c87059cc02a7}\TypeLib	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\Interface\{5d65dd0d-81bf-4ff4-aeea-6effb445cb3f}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\VersionIndependentProgID\ = "SyncEngineCOMServer.SyncEngineCOMServer"	OneDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\TypeLib\{C9F3F6BB-3172-4CD8-9EB7-37C9BE601C87}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\21.220.1024.0005"	OneDrive.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\SyncEngineCOMServer.SyncEngineCOMServer.1	OneDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E}\ProxyStubClsid32	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\Interface\{b5c25645-7426-433f-8a5f-42b7ff27a7b2}\TypeLib\Version = "1.0"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\Interface\{2EB31403-EBE0-41EA-AE91-A1953104EA55}\ProxyStubClsid32	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\odopen\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /url:\"%1\""	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\VersionIndependentProgID\ = "StorageProviderUriSource.StorageProviderUriSource"	OneDrive.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\odopen\UseOriginalUrlEncoding = "1"	OneDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\BannerNotificationHandler.BannerNotificationHandler\shell\import\DropTarget	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Interface\{F062BA81-ADFE-4A92-886A-23FD851D6406}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}"	OneDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Interface\{53de12aa-df96-413d-a25e-c75b6528abf2}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}"	OneDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\SyncEngineStorageProviderHandlerProxy.SyncEngineStorageProviderHandlerProxy\CLSID	OneDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\ = "ReadOnlyOverlayHandler Class"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Interface\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\Interface\{1b7aed4f-fcaf-4da4-8795-c03e635d8edc}	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\Interface\{c1439245-96b4-47fc-b391-679386c5d40f}\TypeLib	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32	OneDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\VersionIndependentProgID	OneDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32\ThreadingModel = "Apartment"	OneDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Interface\{1B71F23B-E61F-45C9-83BA-235D55F50CF9}\TypeLib	OneDrive.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_CLASSES\WOW6432NODE\INTERFACE\{1EDD003E-C446-43C5-8BA0-3778CC4792CC}\PROXYSTUBCLSID32	OneDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Interface\{b5c25645-7426-433f-8a5f-42b7ff27a7b2}\TypeLib\Version = "1.0"	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\Interface\{8B9F14F4-9559-4A3F-B7D0-312E992B6D98}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\Root\CRLs	TextInputHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Interface\{B54E7079-90C9-4C62-A6B8-B2834C33A04A}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Interface\{6A821279-AB49-48F8-9A27-F6C59B4FF024}	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\Interface\{50487D09-FFA9-45E1-8DF5-D457F646CD83}\TypeLib	OneDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\Interface\{390AF5A7-1390-4255-9BC9-935BFCFA5D57}	OneDrive.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\Interface\{2EB31403-EBE0-41EA-AE91-A1953104EA55}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	OneDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32	OneDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\Interface\{0776ae27-5ab9-4e18-9063-1836da63117a}\ProxyStubClsid32	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Interface\{1196AE48-D92B-4BC7-85DE-664EC3F761F1}\TypeLib	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\Interface\{049FED7E-C3EA-4B66-9D92-10E8085D60FB}\ProxyStubClsid32	OneDriveSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\Interface\{ACDB5DB0-C9D5-461C-BAAA-5DCE0B980E40}	OneDrive.exe
Key deleted	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\WOW6432Node\Interface\{8B9F14F4-9559-4A3F-B7D0-312E992B6D98}\TypeLib	OneDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Interface\{AF60000F-661D-472A-9588-F062F6DB7A0E}\TypeLib\ = "{BAE13F6C-0E2A-4DEB-AA46-B8F55319347C}"	OneDriveSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\odopen\ = "URL: OneDrive Client Protocol"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Interface\{0f872661-c863-47a4-863f-c065c182858a}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	OneDrive.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Interface\{385ED83D-B50C-4580-B2C3-9E64DBE7F511}	OneDrive.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\#Ȿe-tUp_4225-Ᵽ@ṩꞩW0rḏᎦᎦ#!!.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	chrome.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
5328	TextInputHost.exe
2560	OneDrive.exe
4720	OneDrive.exe

Suspicious behavior: EnumeratesProcesses 60 IoCs

pid	Process
3792	msedge.exe
3792	msedge.exe
4844	msedge.exe
4844	msedge.exe
4984	msedge.exe
4984	msedge.exe
3120	identity_helper.exe
3120	identity_helper.exe
4500	chrome.exe
4500	chrome.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
1968	chrome.exe
1968	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
4920	chrome.exe
2560	OneDrive.exe
2560	OneDrive.exe
5540	OneDriveSetup.exe
5540	OneDriveSetup.exe
5540	OneDriveSetup.exe
5540	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
5268	OneDriveSetup.exe
4720	OneDrive.exe
4720	OneDrive.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 42 IoCs

pid	Process
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4844	msedge.exe
4844	msedge.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe
Token: SeShutdownPrivilege	4500	chrome.exe
Token: SeCreatePagefilePrivilege	4500	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe

Suspicious use of SendNotifyMessage 52 IoCs

pid	Process
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
4500	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
2560	OneDrive.exe
2560	OneDrive.exe
2560	OneDrive.exe
2560	OneDrive.exe
4720	OneDrive.exe
4720	OneDrive.exe
4720	OneDrive.exe
4720	OneDrive.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
4476	OpenWith.exe
4476	OpenWith.exe
4476	OpenWith.exe
4476	OpenWith.exe
4492	winrar-x64-701.exe
4492	winrar-x64-701.exe
4492	winrar-x64-701.exe
5316	winrar-x64-701.exe
5316	winrar-x64-701.exe
5316	winrar-x64-701.exe
1968	chrome.exe
1968	chrome.exe
5328	TextInputHost.exe
5328	TextInputHost.exe
5328	TextInputHost.exe
5328	TextInputHost.exe
2560	OneDrive.exe
4720	OneDrive.exe
4720	OneDrive.exe
4720	OneDrive.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4844 wrote to memory of 2576	4844	msedge.exe	79
PID 4844 wrote to memory of 2576	4844	msedge.exe	79
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 4636	4844	msedge.exe	80
PID 4844 wrote to memory of 3792	4844	msedge.exe	81
PID 4844 wrote to memory of 3792	4844	msedge.exe	81
PID 4844 wrote to memory of 5104	4844	msedge.exe	82
PID 4844 wrote to memory of 5104	4844	msedge.exe	82
PID 4844 wrote to memory of 5104	4844	msedge.exe	82
PID 4844 wrote to memory of 5104	4844	msedge.exe	82
PID 4844 wrote to memory of 5104	4844	msedge.exe	82
PID 4844 wrote to memory of 5104	4844	msedge.exe	82
PID 4844 wrote to memory of 5104	4844	msedge.exe	82
PID 4844 wrote to memory of 5104	4844	msedge.exe	82
PID 4844 wrote to memory of 5104	4844	msedge.exe	82
PID 4844 wrote to memory of 5104	4844	msedge.exe	82
PID 4844 wrote to memory of 5104	4844	msedge.exe	82
PID 4844 wrote to memory of 5104	4844	msedge.exe	82
PID 4844 wrote to memory of 5104	4844	msedge.exe	82
PID 4844 wrote to memory of 5104	4844	msedge.exe	82
PID 4844 wrote to memory of 5104	4844	msedge.exe	82
PID 4844 wrote to memory of 5104	4844	msedge.exe	82
PID 4844 wrote to memory of 5104	4844	msedge.exe	82
PID 4844 wrote to memory of 5104	4844	msedge.exe	82
PID 4844 wrote to memory of 5104	4844	msedge.exe	82
PID 4844 wrote to memory of 5104	4844	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc27423cb8,0x7ffc27423cc8,0x7ffc27423cd8
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,14145799473247504452,3142665942917558630,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,14145799473247504452,3142665942917558630,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,14145799473247504452,3142665942917558630,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14145799473247504452,3142665942917558630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14145799473247504452,3142665942917558630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,14145799473247504452,3142665942917558630,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,14145799473247504452,3142665942917558630,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14145799473247504452,3142665942917558630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14145799473247504452,3142665942917558630,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14145799473247504452,3142665942917558630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14145799473247504452,3142665942917558630,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14145799473247504452,3142665942917558630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,14145799473247504452,3142665942917558630,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4732 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14145799473247504452,3142665942917558630,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14145799473247504452,3142665942917558630,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
  2⤵
  PID:3408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc13e0cc40,0x7ffc13e0cc4c,0x7ffc13e0cc58
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1852,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1836,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1916 /prefetch:3
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4452,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3644 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3104,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4756,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4616,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4612 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:1880
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7c3944698,0x7ff7c39446a4,0x7ff7c39446b0
    3⤵
    - Drops file in Windows directory
    PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4936,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3500,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3404,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3384,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4648 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3464,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5360,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5328,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5668,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5536,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5944,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6088,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5928,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6184,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6336,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6296 /prefetch:8
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6332,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6316 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6116,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6340,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6672 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1136,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6528,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6876 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6908,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3812,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  PID:5472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7088,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7100 /prefetch:8
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6132,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7192 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6416,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7200 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5724,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6152 /prefetch:8
  2⤵
  PID:5244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5956,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7248 /prefetch:8
  2⤵
  PID:5252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6240,i,14220674548484668495,701250110588633170,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:3456
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4492

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4128

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1816

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1216

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4476

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\2a72f12f26754f6b9e5a87cd84097154 /t 2472 /p 4492
1⤵
PID:5980

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5316

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\2f85b19dea9f451c8d9cea4adb6984f6 /t 2356 /p 5316
1⤵
PID:2380

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:5800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc13e0cc40,0x7ffc13e0cc4c,0x7ffc13e0cc58
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,17581977541476657103,15676515317801447166,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2100,i,17581977541476657103,15676515317801447166,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,17581977541476657103,15676515317801447166,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,17581977541476657103,15676515317801447166,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3232,i,17581977541476657103,15676515317801447166,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3804,i,17581977541476657103,15676515317801447166,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4604,i,17581977541476657103,15676515317801447166,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4612 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4608,i,17581977541476657103,15676515317801447166,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4860,i,17581977541476657103,15676515317801447166,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4648 /prefetch:8
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4940,i,17581977541476657103,15676515317801447166,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=1160,i,17581977541476657103,15676515317801447166,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5280,i,17581977541476657103,15676515317801447166,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3464,i,17581977541476657103,15676515317801447166,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5296,i,17581977541476657103,15676515317801447166,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3296,i,17581977541476657103,15676515317801447166,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5700,i,17581977541476657103,15676515317801447166,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4504,i,17581977541476657103,15676515317801447166,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5784,i,17581977541476657103,15676515317801447166,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5872,i,17581977541476657103,15676515317801447166,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5732,i,17581977541476657103,15676515317801447166,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5276,i,17581977541476657103,15676515317801447166,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4520,i,17581977541476657103,15676515317801447166,262144 --variations-seed-version=20241011-130141.903000 --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:5620

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3240

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3168

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5328

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
"C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe"
1⤵
- Modifies system executable filetype association
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2560
- C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
  "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" /update /restart
  2⤵
  - Executes dropped EXE
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5540
- - C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
    C:\Users\Admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe /update /restart /peruser /childprocess /extractFilesWithLessThreadCount /renameReplaceOneDriveExe /renameReplaceODSUExe /removeNonCurrentVersions /enableODSUReportingMode
    3⤵
    - Executes dropped EXE
    - Modifies system executable filetype association
    - Adds Run key to start application
    - Checks system information in the registry
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:5268
  - - C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe
      "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileSyncConfig.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops desktop.ini file(s)
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:1648
  - - C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
      /updateInstalled /background
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies system executable filetype association
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Modifies registry class
      Suspicious behavior: AddClipboardFormatListener
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:4720

C:\Windows\SysWOW64\DllHost.exe
"C:\Windows\SysWOW64\DllHost.exe" /Processid:{5250E46F-BB09-D602-5891-F476DC89B700}
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5064

Network

DNS

36.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

36.200.250.142.in-addr.arpa

IN PTR

Response

36.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f41e100net
DNS

www.googleadservices.com

Remote address:

8.8.8.8:53

Request

www.googleadservices.com

IN A

Response

www.googleadservices.com

IN A

216.58.212.194
DNS

ctldl.windowsupdate.com

Remote address:

8.8.8.8:53

Request

ctldl.windowsupdate.com

IN A

Response

ctldl.windowsupdate.com

IN CNAME

ctldl.windowsupdate.com.delivery.microsoft.com

ctldl.windowsupdate.com.delivery.microsoft.com

IN CNAME

wu-b-net.trafficmanager.net

wu-b-net.trafficmanager.net

IN CNAME

bg.microsoft.map.fastly.net

bg.microsoft.map.fastly.net

IN A

199.232.214.172

bg.microsoft.map.fastly.net

IN A

199.232.210.172
DNS

179.31.115.190.in-addr.arpa

Remote address:

8.8.8.8:53

Request

179.31.115.190.in-addr.arpa

IN PTR

Response

179.31.115.190.in-addr.arpa

IN PTR

ddos-guardnet
DNS

static.doubleclick.net

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN A

Response

static.doubleclick.net

IN A

142.250.179.230
DNS

230.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

230.179.250.142.in-addr.arpa

IN PTR

Response

230.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f61e100net
DNS

disqus.com

Remote address:

8.8.8.8:53

Request

disqus.com

IN A

Response

disqus.com

IN A

151.101.64.134

disqus.com

IN A

151.101.0.134

disqus.com

IN A

151.101.192.134

disqus.com

IN A

151.101.128.134
DNS

63.208.239.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

63.208.239.18.in-addr.arpa

IN PTR

Response

63.208.239.18.in-addr.arpa

IN PTR

server-18-239-208-63bru50r cloudfrontnet
DNS

10.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.200.250.142.in-addr.arpa

IN PTR

Response

10.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f101e100net
DNS

73.79.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.79.16.104.in-addr.arpa

IN PTR

Response
DNS

transferbox.cfd

Remote address:

8.8.8.8:53

Request

transferbox.cfd

IN A

Response

transferbox.cfd

IN A

172.67.154.60

transferbox.cfd

IN A

104.21.4.233
DNS

4.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.200.250.142.in-addr.arpa

IN PTR

Response

4.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f41e100net
DNS

translate.googleapis.com

Remote address:

8.8.8.8:53

Request

translate.googleapis.com

IN A

Response

translate.googleapis.com

IN A

172.217.169.10
DNS

117.150.17.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

117.150.17.104.in-addr.arpa

IN PTR

Response
DNS

google.com

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

172.217.169.14
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

fp.msedge.net

Remote address:

8.8.8.8:53

Request

fp.msedge.net

IN A

Response

fp.msedge.net

IN CNAME

1.perf.msedge.net

1.perf.msedge.net

IN CNAME

a-0019.a-msedge.net

a-0019.a-msedge.net

IN CNAME

a-0019.a.dns.azurefd.net

a-0019.a.dns.azurefd.net

IN CNAME

a-0019.standard.a-msedge.net

a-0019.standard.a-msedge.net

IN A

204.79.197.222
DNS

fp.msedge.net

Remote address:

8.8.8.8:53

Request

fp.msedge.net

IN A
DNS

3.178.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.178.250.142.in-addr.arpa

IN PTR

Response

3.178.250.142.in-addr.arpa

IN PTR

lhr48s27-in-f31e100net
DNS

play.google.com

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

216.58.201.110
DNS

67.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.204.58.216.in-addr.arpa

IN PTR

Response

67.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f671e100net

67.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f3�H

67.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f3�H
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

3.76.0.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.76.0.192.in-addr.arpa

IN PTR

Response
DNS

googleads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

216.58.213.2
DNS

2.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.213.58.216.in-addr.arpa

IN PTR

Response

2.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f21e100net

2.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f2�F
DNS

s.w.org

Remote address:

8.8.8.8:53

Request

s.w.org

IN A

Response

s.w.org

IN A

192.0.77.48
DNS

141.150.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

141.150.67.172.in-addr.arpa

IN PTR

Response
DNS

realtime.services.disqus.com

Remote address:

8.8.8.8:53

Request

realtime.services.disqus.com

IN A

Response

realtime.services.disqus.com

IN A

52.5.112.135

realtime.services.disqus.com

IN A

54.227.133.51

realtime.services.disqus.com

IN A

54.227.95.54

realtime.services.disqus.com

IN A

34.233.138.108
DNS

static.cloudflareinsights.com

Remote address:

8.8.8.8:53

Request

static.cloudflareinsights.com

IN A

Response

static.cloudflareinsights.com

IN A

104.16.79.73

static.cloudflareinsights.com

IN A

104.16.80.73
DNS

directtransfer.cfd

Remote address:

8.8.8.8:53

Request

directtransfer.cfd

IN A

Response

directtransfer.cfd

IN A

104.21.95.242

directtransfer.cfd

IN A

172.67.149.166
DNS

137.2.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

137.2.101.151.in-addr.arpa

IN PTR

Response
DNS

cdn.amplitude.com

Remote address:

8.8.8.8:53

Request

cdn.amplitude.com

IN A

Response

cdn.amplitude.com

IN A

65.9.95.77

cdn.amplitude.com

IN A

65.9.95.107

cdn.amplitude.com

IN A

65.9.95.70

cdn.amplitude.com

IN A

65.9.95.31
DNS

translate-pa.googleapis.com

Remote address:

8.8.8.8:53

Request

translate-pa.googleapis.com

IN A

Response

translate-pa.googleapis.com

IN A

142.250.179.234

translate-pa.googleapis.com

IN A

142.250.200.42

translate-pa.googleapis.com

IN A

172.217.16.234

translate-pa.googleapis.com

IN A

216.58.204.74

translate-pa.googleapis.com

IN A

142.250.200.10

translate-pa.googleapis.com

IN A

216.58.201.106

translate-pa.googleapis.com

IN A

142.250.187.202

translate-pa.googleapis.com

IN A

142.250.187.234

translate-pa.googleapis.com

IN A

172.217.169.42

translate-pa.googleapis.com

IN A

216.58.212.234

translate-pa.googleapis.com

IN A

142.250.180.10

translate-pa.googleapis.com

IN A

172.217.169.10

translate-pa.googleapis.com

IN A

216.58.212.202

translate-pa.googleapis.com

IN A

142.250.178.10
DNS

195.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.187.250.142.in-addr.arpa

IN PTR

Response

195.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f31e100net
DNS

id.google.com

Remote address:

8.8.8.8:53

Request

id.google.com

IN A

Response

id.google.com

IN A

142.250.187.195
DNS

67.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

67.169.217.172.in-addr.arpa

IN PTR

Response

67.169.217.172.in-addr.arpa

IN PTR

lhr48s09-in-f31e100net
DNS

222.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

222.197.79.204.in-addr.arpa

IN PTR

Response
DNS

42.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.200.250.142.in-addr.arpa

IN PTR

Response

42.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f101e100net
DNS

ocsp.pki.goog

Remote address:

8.8.8.8:53

Request

ocsp.pki.goog

IN A

Response

ocsp.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

ocsp.pki.goog

Remote address:

8.8.8.8:53

Request

ocsp.pki.goog

IN A

Response

ocsp.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

238.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.179.250.142.in-addr.arpa

IN PTR

Response

238.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f141e100net
DNS

fonts.gstatic.com

Remote address:

8.8.8.8:53

Request

fonts.gstatic.com

IN A

Response

fonts.gstatic.com

IN A

216.58.204.67
DNS

157.34.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.34.239.216.in-addr.arpa

IN PTR

Response
DNS

www.youtube.com

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

216.58.213.14

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

172.217.169.78

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

172.217.169.14

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

216.58.204.78
DNS

i.ytimg.com

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

142.250.200.54

i.ytimg.com

IN A

216.58.204.86

i.ytimg.com

IN A

142.250.179.246

i.ytimg.com

IN A

216.58.201.118

i.ytimg.com

IN A

142.250.180.22

i.ytimg.com

IN A

172.217.169.86

i.ytimg.com

IN A

172.217.169.22

i.ytimg.com

IN A

142.250.187.214

i.ytimg.com

IN A

142.250.200.22

i.ytimg.com

IN A

216.58.212.214

i.ytimg.com

IN A

142.250.178.22

i.ytimg.com

IN A

216.58.212.246

i.ytimg.com

IN A

142.250.187.246

i.ytimg.com

IN A

172.217.16.246
DNS

2.77.0.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.77.0.192.in-addr.arpa

IN PTR

Response

2.77.0.192.in-addr.arpa

IN PTR

i0wpcom

2.77.0.192.in-addr.arpa

IN PTR

i1�8

2.77.0.192.in-addr.arpa

IN PTR

i2�8
DNS

torrent-stats.info

Remote address:

8.8.8.8:53

Request

torrent-stats.info

IN A

Response

torrent-stats.info

IN A

87.98.254.167
DNS

c.disquscdn.com

Remote address:

8.8.8.8:53

Request

c.disquscdn.com

IN A

Response

c.disquscdn.com

IN CNAME

d231vab146qzfb.cloudfront.net

d231vab146qzfb.cloudfront.net

IN A

18.239.208.63

d231vab146qzfb.cloudfront.net

IN A

18.239.208.19

d231vab146qzfb.cloudfront.net

IN A

18.239.208.121

d231vab146qzfb.cloudfront.net

IN A

18.239.208.52
DNS

48.77.0.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.77.0.192.in-addr.arpa

IN PTR

Response

48.77.0.192.in-addr.arpa

IN PTR

sworg
DNS

a.disquscdn.com

Remote address:

8.8.8.8:53

Request

a.disquscdn.com

IN A

Response

a.disquscdn.com

IN CNAME

l2.shared.us-eu.fastly.net

l2.shared.us-eu.fastly.net

IN A

199.232.194.49

l2.shared.us-eu.fastly.net

IN A

199.232.198.49
DNS

challenges.cloudflare.com

Remote address:

8.8.8.8:53

Request

challenges.cloudflare.com

IN A

Response

challenges.cloudflare.com

IN A

104.18.94.41

challenges.cloudflare.com

IN A

104.18.95.41
DNS

242.95.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

242.95.21.104.in-addr.arpa

IN PTR

Response
DNS

www.google.com

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.200.4
DNS

static.mediafire.com

Remote address:

8.8.8.8:53

Request

static.mediafire.com

IN A

Response

static.mediafire.com

IN A

104.17.150.117

static.mediafire.com

IN A

104.17.151.117
DNS

www.google.co.uk

Remote address:

8.8.8.8:53

Request

www.google.co.uk

IN A

Response

www.google.co.uk

IN A

142.250.187.195
DNS

232.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.16.217.172.in-addr.arpa

IN PTR

Response

232.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f81e100net

232.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f8�H
DNS

129.155.91.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

129.155.91.199.in-addr.arpa

IN PTR

Response
DNS

ocsp.digicert.com

Remote address:

8.8.8.8:53

Request

ocsp.digicert.com

IN A

Response

ocsp.digicert.com

IN CNAME

ocsp.edge.digicert.com

ocsp.edge.digicert.com

IN CNAME

fp2e7a.wpc.2be4.phicdn.net

fp2e7a.wpc.2be4.phicdn.net

IN CNAME

fp2e7a.wpc.phicdn.net

fp2e7a.wpc.phicdn.net

IN A

192.229.221.95
DNS

168.128.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

168.128.123.92.in-addr.arpa

IN PTR

Response

168.128.123.92.in-addr.arpa

IN PTR

a92-123-128-168deploystaticakamaitechnologiescom
DNS

ogads-pa.googleapis.com

Remote address:

8.8.8.8:53

Request

ogads-pa.googleapis.com

IN A

Response

ogads-pa.googleapis.com

IN A

142.250.200.42

ogads-pa.googleapis.com

IN A

142.250.187.202

ogads-pa.googleapis.com

IN A

216.58.204.74

ogads-pa.googleapis.com

IN A

142.250.180.10

ogads-pa.googleapis.com

IN A

172.217.169.74

ogads-pa.googleapis.com

IN A

216.58.213.10

ogads-pa.googleapis.com

IN A

142.250.179.234

ogads-pa.googleapis.com

IN A

142.250.200.10

ogads-pa.googleapis.com

IN A

216.58.212.234

ogads-pa.googleapis.com

IN A

142.250.178.10

ogads-pa.googleapis.com

IN A

216.58.201.106

ogads-pa.googleapis.com

IN A

172.217.16.234

ogads-pa.googleapis.com

IN A

142.250.187.234
DNS

ogads-pa.googleapis.com

Remote address:

8.8.8.8:53

Request

ogads-pa.googleapis.com

IN A

Response

ogads-pa.googleapis.com

IN A

172.217.169.74

ogads-pa.googleapis.com

IN A

216.58.204.74

ogads-pa.googleapis.com

IN A

142.250.180.10

ogads-pa.googleapis.com

IN A

142.250.187.202

ogads-pa.googleapis.com

IN A

142.250.187.234

ogads-pa.googleapis.com

IN A

142.250.178.10

ogads-pa.googleapis.com

IN A

142.250.200.42

ogads-pa.googleapis.com

IN A

216.58.213.10

ogads-pa.googleapis.com

IN A

216.58.212.234

ogads-pa.googleapis.com

IN A

142.250.179.234

ogads-pa.googleapis.com

IN A

142.250.200.10

ogads-pa.googleapis.com

IN A

216.58.201.106

ogads-pa.googleapis.com

IN A

172.217.16.234
DNS

10.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.180.250.142.in-addr.arpa

IN PTR

Response

10.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f101e100net
DNS

78.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

78.169.217.172.in-addr.arpa

IN PTR

Response

78.169.217.172.in-addr.arpa

IN PTR

lhr48s09-in-f141e100net
DNS

194.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.212.58.216.in-addr.arpa

IN PTR

Response

194.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f1941e100net

194.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f2�J

194.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f2�J
DNS

stats.wp.com

Remote address:

8.8.8.8:53

Request

stats.wp.com

IN A

Response

stats.wp.com

IN A

192.0.76.3
DNS

content-autofill.googleapis.com

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

142.250.178.10

content-autofill.googleapis.com

IN A

142.250.187.234

content-autofill.googleapis.com

IN A

216.58.201.106

content-autofill.googleapis.com

IN A

172.217.169.42

content-autofill.googleapis.com

IN A

142.250.180.10

content-autofill.googleapis.com

IN A

142.250.179.234

content-autofill.googleapis.com

IN A

142.250.200.10

content-autofill.googleapis.com

IN A

216.58.212.202

content-autofill.googleapis.com

IN A

216.58.213.10

content-autofill.googleapis.com

IN A

142.250.187.202

content-autofill.googleapis.com

IN A

216.58.204.74

content-autofill.googleapis.com

IN A

172.217.169.10

content-autofill.googleapis.com

IN A

172.217.16.234

content-autofill.googleapis.com

IN A

142.250.200.42
DNS

54.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

54.200.250.142.in-addr.arpa

IN PTR

Response

54.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f221e100net
DNS

s01.riotpixels.net

Remote address:

8.8.8.8:53

Request

s01.riotpixels.net

IN A

Response

s01.riotpixels.net

IN A

172.67.150.141

s01.riotpixels.net

IN A

104.21.30.45
DNS

17.61.146.82.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.61.146.82.in-addr.arpa

IN PTR

Response

17.61.146.82.in-addr.arpa

IN PTR

i3imagebanru
DNS

135.112.5.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

135.112.5.52.in-addr.arpa

IN PTR

Response

135.112.5.52.in-addr.arpa

IN PTR

ec2-52-5-112-135 compute-1 amazonawscom
DNS

214.72.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

214.72.67.172.in-addr.arpa

IN PTR

Response
DNS

60.154.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

60.154.67.172.in-addr.arpa

IN PTR

Response
DNS

beacons.gcp.gvt2.com

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

172.217.169.3
DNS

www.google-analytics.com

Remote address:

8.8.8.8:53

Request

www.google-analytics.com

IN A

Response

www.google-analytics.com

IN A

142.250.178.14
DNS

77.95.9.65.in-addr.arpa

Remote address:

8.8.8.8:53

Request

77.95.9.65.in-addr.arpa

IN PTR

Response

77.95.9.65.in-addr.arpa

IN PTR

server-65-9-95-77prg50r cloudfrontnet
DNS

238.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.16.217.172.in-addr.arpa

IN PTR

Response

238.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f141e100net

238.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f14�I
DNS

3.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.180.250.142.in-addr.arpa

IN PTR

Response

3.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f31e100net
DNS

clientservices.googleapis.com

Remote address:

8.8.8.8:53

Request

clientservices.googleapis.com

IN A

Response

clientservices.googleapis.com

IN A

216.58.201.99
DNS

clients2.google.com

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

172.217.169.78
DNS

clients2.google.com

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

172.217.169.78
CONNECT

chrome.exe

Remote address:

216.239.34.157:443

Request

CONNECT HTTP/2.0
host: fitgirl-repacks.site:443
chrome-tunnel: key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response

HTTP/2.0 200

content-type: text/plain; charset=utf-8
date: Sun, 13 Oct 2024 10:01:32 GMT
OPTIONS

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

chrome.exe

Remote address:

142.250.180.10:443

Request

OPTIONS /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://www.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json+protobuf; charset=UTF-8
vary: Origin
vary: X-Origin
vary: Referer
content-encoding: gzip
date: Sun, 13 Oct 2024 10:01:32 GMT
content-type: application/json+protobuf; charset=UTF-8
cache-control: private
content-length: 30
vary: X-Origin
vary: Referer
content-encoding: gzip
vary: Origin
content-type: application/json+protobuf; charset=UTF-8
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: gfet4t7; dur=13
content-length: 30
POST

https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

chrome.exe

Remote address:

142.250.180.10:443

Request

POST /$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData HTTP/2.0
host: ogads-pa.googleapis.com
content-length: 65
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
x-user-agent: grpc-web-javascript/0.1
x-goog-api-key: AIzaSyCbsbvGCe7C9mCtdaTycZB2eUFuzsYKG_E
content-type: application/json+protobuf
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.google.com
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQlL1An4iaKj4hIFDUqFnlIhoEC7x3ryJrM=?alt=proto

chrome.exe

Remote address:

142.250.180.10:443

Request

GET /v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQlL1An4iaKj4hIFDUqFnlIhoEC7x3ryJrM=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CMHZygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
CONNECT

chrome.exe

Remote address:

216.239.34.157:443

Request

CONNECT HTTP/2.0
host: www.reddit.com:443
chrome-tunnel: key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response

HTTP/2.0 200

content-type: text/plain; charset=utf-8
date: Sun, 13 Oct 2024 10:01:32 GMT
POST

https://play.google.com/log?format=json&hasfast=true

chrome.exe

Remote address:

216.58.201.110:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
content-length: 1454
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: application/x-www-form-urlencoded;charset=UTF-8
accept: */*
origin: https://www.google.com
x-client-data: CMHZygE=
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: AEC=AVYB7crrAmhGTQO9SmxCFl3GLyLY7IwkNGN0Pda_YuILR5L0riPu-7GdM9g
cookie: __Secure-ENID=23.SE=LvFsEpA-gsvOZLld7PNDTqixAe7Ksx_B_fYBCy6sitheasgCZZlUIraGpr5_RpmFX1CwFrHz0zikO5XrlJRsBtBXsvxlRJaNqPGT2PmA_20mOG-wYwTBMO3pDrkSOvCPaQqOpA7T8Xgrw-tL5cHnA0UAnztu064IgTO8UztFumaFrSAMkY8dsnsR4JxQjtV4Fwgu4kCK5K3vKHyJ6VzsqW5icq2LPQ
POST

https://consent.google.com/save?continue=https://www.google.com/search?q%3DGta%2BJv%2Bfitgirl%2Brepack%26oq%3DGta%2BJv%2Bfitgirl%2Brepack%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCjI2MjM3ajBqMTWoAgCwAgA%26sourceid%3Dchrome%26ie%3DUTF-8&gl=UK&m=0&pc=srp&x=5&src=2&hl=en&bl=gws_20241009-0_RC1&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true

chrome.exe

Remote address:

216.58.201.110:443

Request

POST /save?continue=https://www.google.com/search?q%3DGta%2BJv%2Bfitgirl%2Brepack%26oq%3DGta%2BJv%2Bfitgirl%2Brepack%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCjI2MjM3ajBqMTWoAgCwAgA%26sourceid%3Dchrome%26ie%3DUTF-8&gl=UK&m=0&pc=srp&x=5&src=2&hl=en&bl=gws_20241009-0_RC1&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true HTTP/2.0
host: consent.google.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.google.com
x-client-data: CMHZygE=
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: AEC=AVYB7crrAmhGTQO9SmxCFl3GLyLY7IwkNGN0Pda_YuILR5L0riPu-7GdM9g
cookie: __Secure-ENID=23.SE=LvFsEpA-gsvOZLld7PNDTqixAe7Ksx_B_fYBCy6sitheasgCZZlUIraGpr5_RpmFX1CwFrHz0zikO5XrlJRsBtBXsvxlRJaNqPGT2PmA_20mOG-wYwTBMO3pDrkSOvCPaQqOpA7T8Xgrw-tL5cHnA0UAnztu064IgTO8UztFumaFrSAMkY8dsnsR4JxQjtV4Fwgu4kCK5K3vKHyJ6VzsqW5icq2LPQ
cookie: SOCS=CAISHAgCEhJnd3NfMjAyNDEwMDktMF9SQzEaAmVuIAEaBgiAm6y4Bg
POST

https://play.google.com/log?format=json&hasfast=true

chrome.exe

Remote address:

216.58.201.110:443

Request

POST /log?format=json&hasfast=true HTTP/2.0
host: play.google.com
content-length: 1452
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: application/x-www-form-urlencoded;charset=UTF-8
accept: */*
origin: https://www.google.com
x-client-data: CMHZygE=
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: AEC=AVYB7crrAmhGTQO9SmxCFl3GLyLY7IwkNGN0Pda_YuILR5L0riPu-7GdM9g
cookie: SOCS=CAISHAgCEhJnd3NfMjAyNDEwMDktMF9SQzEaAmVuIAEaBgiAm6y4Bg
cookie: __Secure-BUCKET=CM4D
cookie: NID=518=ymnnCjaikt96BEGLEhCPIAp9yWGEldFGmoOiBwivdeZPFDLGiVibkJZuQvWWL4zWRfseYnuKP7nTpHHPMPIovTq8cZzmYtUxD-NsSUKbyvQMyyaBWcxhMNk-Cx_YkKi0Mz9VTpsPtdw6_mQATFxdF5LgYoW1y_2_bV6XYfUwHlKsVC7Ekf8FDOPqNCR7txawnlHrrn5P_eloRg8wU6rCCebnwRFrfN7Tb0CB6NY
GET

https://fitgirl-repacks.site/wp-content/plugins/jetpack/modules/theme-tools/compat/twentyfourteen.css?ver=13.3

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/plugins/jetpack/modules/theme-tools/compat/twentyfourteen.css?ver=13.3 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=mX4IRBk3dlzyW0fF; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg10_=1728813703; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 20:58:54 GMT
content-type: text/css
last-modified: Sat, 30 Mar 2024 01:28:09 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
content-encoding: gzip
etag: "66076aa9-142d6"
expires: Tue, 05 Nov 2024 20:58:54 GMT
age: 565369
content-length: 14785
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=mZJN8liNKmsXDl4c; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg10_=1728813703; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 20:58:54 GMT
content-type: text/css
last-modified: Sat, 06 Apr 2024 07:32:24 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
content-encoding: gzip
etag: "6610fa88-1e00"
expires: Tue, 05 Nov 2024 20:58:54 GMT
age: 565369
content-length: 1701
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-content/plugins/wp-polls/polls-css.css?ver=2.77.2

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/plugins/wp-polls/polls-css.css?ver=2.77.2 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=FBPZOQE0cCKtSua4; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg10_=1728813703; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 20:58:54 GMT
content-type: text/css
last-modified: Fri, 29 Nov 2019 03:31:28 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
content-encoding: gzip
etag: "5de09110-105a"
expires: Tue, 05 Nov 2024 20:58:54 GMT
age: 565369
content-length: 1156
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-includes/css/dist/block-library/style.min.css?ver=6.4.1

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.4.1 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=0VxKqtlvuyL9CN6c; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg10_=1728813703; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 20:58:54 GMT
content-type: text/css
last-modified: Thu, 02 Nov 2023 16:22:18 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
content-encoding: gzip
etag: "6543ccba-20f3"
expires: Tue, 05 Nov 2024 20:58:54 GMT
age: 565369
content-length: 1757
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.4.1

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.4.1 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=QboUAhu9WiVJVbg9; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg10_=1728813703; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 20:58:54 GMT
content-type: text/css
last-modified: Fri, 11 Dec 2020 00:43:50 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
content-encoding: gzip
etag: "5fd2c0c6-2bf8"
expires: Tue, 05 Nov 2024 20:58:54 GMT
age: 565369
content-length: 2592
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-content/themes/twentyfourteen/css/blocks.css?ver=20230630

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/themes/twentyfourteen/css/blocks.css?ver=20230630 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=AovMAMTSmrlUICH8; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg10_=1728813703; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 20:58:54 GMT
content-type: text/css
last-modified: Sat, 25 Nov 2023 12:58:45 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
content-encoding: gzip
etag: "6561ef85-1add3"
expires: Tue, 05 Nov 2024 20:58:54 GMT
age: 565369
content-length: 14498
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-content/themes/twentyfourteen/style.css?ver=20230808

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/themes/twentyfourteen/style.css?ver=20230808 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=XvZir3wuDQinnZw5; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg10_=1728813703; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 20:58:54 GMT
content-type: text/css
last-modified: Sat, 06 Apr 2024 07:32:24 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
content-encoding: gzip
etag: "6610fa88-6e6a"
expires: Tue, 05 Nov 2024 20:58:54 GMT
age: 565369
content-length: 16291
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-content/plugins/jetpack/_inc/genericons/genericons/genericons.css?ver=3.1

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/plugins/jetpack/_inc/genericons/genericons/genericons.css?ver=3.1 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=G566BRFSEIHYQZ1D; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg10_=1728813703; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 20:58:54 GMT
content-type: text/css
last-modified: Thu, 02 Nov 2023 16:18:40 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
content-encoding: gzip
etag: "6543cbe0-a94"
expires: Tue, 05 Nov 2024 20:58:54 GMT
age: 565369
content-length: 723
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-content/themes/twentyfourteen/fonts/font-lato.css?ver=20230328

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/themes/twentyfourteen/fonts/font-lato.css?ver=20230328 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=H6MF0qlyWC8F0mds; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg10_=1728813703; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 20:58:54 GMT
content-type: text/css
last-modified: Thu, 02 Nov 2023 16:17:05 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
content-encoding: gzip
etag: "6543cb81-3744"
expires: Tue, 05 Nov 2024 20:58:54 GMT
age: 565369
content-length: 3629
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-content/plugins/wp-latest-posts/css/wplp_front.css?ver=5.0.5

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/plugins/wp-latest-posts/css/wplp_front.css?ver=5.0.5 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=dKv7rYtsXTekLwKy; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg10_=1728813703; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 20:58:54 GMT
content-type: text/css
last-modified: Thu, 02 Nov 2023 16:22:18 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
content-encoding: gzip
etag: "6543ccba-17af"
expires: Tue, 05 Nov 2024 20:58:54 GMT
age: 565369
content-length: 623
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-content/plugins/jetpack/css/jetpack.css?ver=13.3

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/plugins/jetpack/css/jetpack.css?ver=13.3 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=jjCvZwZ18gtKlsyK; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg10_=1728813703; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 20:58:54 GMT
content-type: text/css
last-modified: Sat, 06 Apr 2024 07:32:23 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
content-encoding: gzip
etag: "6610fa87-1a512"
expires: Tue, 05 Nov 2024 20:58:54 GMT
age: 565369
content-length: 19374
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-includes/js/masonry.min.js?ver=4.2.2

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-includes/js/masonry.min.js?ver=4.2.2 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=NgAYueHn5Eu6LcNu; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg10_=1728813703; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 20:58:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 432
last-modified: Thu, 02 Nov 2023 16:19:39 GMT
cache-control: max-age=2592000
accept-ranges: bytes
etag: "6543cc1b-1b0"
expires: Tue, 05 Nov 2024 20:58:54 GMT
age: 565369
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-includes/js/imagesloaded.min.js?ver=5.0.0

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-includes/js/imagesloaded.min.js?ver=5.0.0 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=CWASixM2dBDh1kAV; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg10_=1728813703; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 20:58:54 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 25 Nov 2023 12:58:45 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
content-encoding: gzip
etag: "6561ef85-15601"
expires: Tue, 05 Nov 2024 20:58:54 GMT
age: 565369
content-length: 30419
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-content/plugins/wp-polls/polls-js.js?ver=2.77.2

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/plugins/wp-polls/polls-js.js?ver=2.77.2 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=rJd5VJkc3tA2QLkY; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg10_=1728813703; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
content-security-policy: upgrade-insecure-requests;
date: Wed, 18 Sep 2024 00:14:33 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 02 Nov 2023 16:22:39 GMT
vary: Accept-Encoding
etag: W/"6543cccf-3509"
expires: Fri, 18 Oct 2024 00:14:33 GMT
cache-control: max-age=2592000
content-encoding: gzip
age: 2195230
content-length: 4872
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-content/plugins/social-polls-by-opinionstage/public/js/shortcodes.js?ver=19.8.18

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/plugins/social-polls-by-opinionstage/public/js/shortcodes.js?ver=19.8.18 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=SGgDD904VCUNF1YV; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg10_=1728813703; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 20:58:54 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 07 Oct 2016 01:29:44 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
content-encoding: gzip
etag: "57f6fa88-71b"
expires: Tue, 05 Nov 2024 20:58:54 GMT
age: 565369
content-length: 716
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=FII7lxzCcmxJrv2m; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg10_=1728813703; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 20:58:54 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 16 Aug 2020 00:18:50 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
content-encoding: gzip
etag: "5f387b6a-5e4a"
expires: Tue, 05 Nov 2024 20:58:54 GMT
age: 565369
content-length: 7382
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=9GCyjpiGWtmwSccl; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg10_=1728813703; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 20:58:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 02 Nov 2023 16:18:40 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
content-encoding: gzip
etag: "6543cbe0-caa"
expires: Tue, 05 Nov 2024 20:58:53 GMT
age: 565370
content-length: 648
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-content/themes/twentyfourteen/js/functions.js?ver=20230526

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/themes/twentyfourteen/js/functions.js?ver=20230526 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=tZ2bNdGmcliuvUV2; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg10_=1728813703; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 20:58:54 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 02 Nov 2023 16:22:18 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
content-encoding: gzip
etag: "6543ccba-1521"
expires: Tue, 05 Nov 2024 20:58:54 GMT
age: 565369
content-length: 1837
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=GusaIqDLR8W0w9l7; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
set-cookie: __ddg10_=1728813703; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:43 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 20:58:54 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 25 Nov 2023 12:58:45 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
content-encoding: gzip
etag: "6561ef85-1590"
expires: Tue, 05 Nov 2024 20:58:54 GMT
age: 565369
content-length: 1803
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-content/themes/twentyfourteen/fonts/font-lato.css?ver=20230328

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/themes/twentyfourteen/fonts/font-lato.css?ver=20230328 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=AzUL821iUsVU1z3s; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:44 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:44 GMT
set-cookie: __ddg10_=1728813704; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:44 GMT
content-security-policy: upgrade-insecure-requests;
date: Mon, 07 Oct 2024 10:40:59 GMT
content-type: font/woff2
content-length: 23236
last-modified: Thu, 02 Nov 2023 16:22:18 GMT
etag: "6543ccba-5ac4"
expires: Wed, 06 Nov 2024 10:40:59 GMT
cache-control: max-age=2592000
accept-ranges: bytes
age: 516045
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-content/plugins/wp-latest-posts/css/wplp_front.css?ver=5.0.5

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/plugins/wp-latest-posts/css/wplp_front.css?ver=5.0.5 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=T9IcCx8wSpBJpw6a; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:44 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:44 GMT
set-cookie: __ddg10_=1728813704; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:44 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 22:33:27 GMT
content-type: font/woff2
content-length: 22504
last-modified: Thu, 02 Nov 2023 16:22:18 GMT
etag: "6543ccba-57e8"
expires: Tue, 05 Nov 2024 22:33:27 GMT
cache-control: max-age=2592000
accept-ranges: bytes
age: 559697
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-content/plugins/jetpack/css/jetpack.css?ver=13.3

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/plugins/jetpack/css/jetpack.css?ver=13.3 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=sKPj4EPnH5PELEpf; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:44 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:44 GMT
set-cookie: __ddg10_=1728813704; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:44 GMT
content-security-policy: upgrade-insecure-requests;
date: Mon, 07 Oct 2024 05:58:23 GMT
content-type: font/woff2
content-length: 23040
last-modified: Thu, 02 Nov 2023 16:22:18 GMT
etag: "6543ccba-5a00"
expires: Wed, 06 Nov 2024 05:58:23 GMT
cache-control: max-age=2592000
accept-ranges: bytes
age: 533001
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-content/plugins/social-polls-by-opinionstage/public/js/shortcodes.js?ver=19.8.18

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/plugins/social-polls-by-opinionstage/public/js/shortcodes.js?ver=19.8.18 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=xfFFkdJB65gpKw74; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:44 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:44 GMT
set-cookie: __ddg10_=1728813704; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:44 GMT
content-security-policy: upgrade-insecure-requests;
date: Mon, 07 Oct 2024 11:44:40 GMT
content-type: font/woff2
content-length: 23580
last-modified: Thu, 02 Nov 2023 16:22:18 GMT
etag: "6543ccba-5c1c"
expires: Wed, 06 Nov 2024 11:44:40 GMT
cache-control: max-age=2592000
accept-ranges: bytes
age: 512224
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=p3TBIsJM3dXa9TkA; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:44 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:44 GMT
set-cookie: __ddg10_=1728813704; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:44 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 20:58:55 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 10 Apr 2023 22:12:05 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
content-encoding: gzip
etag: "643489b5-4904"
expires: Tue, 05 Nov 2024 20:58:55 GMT
age: 565369
content-length: 5035
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=2jMNjx8xrolxCOw1; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:45 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:45 GMT
set-cookie: __ddg10_=1728813705; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:45 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 20:58:55 GMT
content-type: image/jpeg
content-length: 1104
last-modified: Mon, 01 Aug 2016 21:55:54 GMT
cache-control: max-age=2592000
accept-ranges: bytes
etag: "579fc56a-450"
expires: Tue, 05 Nov 2024 20:58:55 GMT
age: 565370
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=bwZnqJuDThB9YcwI; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
set-cookie: __ddg10_=1728813706; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 13 Oct 2024 10:01:46 GMT
content-type: text/html; charset=UTF-8
x-pingback: https://fitgirl-repacks.site/xmlrpc.php
last-modified: Sun, 13 Oct 2024 09:08:05 GMT
expires: Sun, 13 Oct 2024 09:14:05 GMT
pragma: public
cache-control: max-age=0, public
etag: "a6296855b5cec0cf9b7313dc41c83583"
content-encoding: gzip
vary: Accept-Encoding
GET

https://fitgirl-repacks.site/wp-includes/js/masonry.min.js?ver=4.2.2

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-includes/js/masonry.min.js?ver=4.2.2 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=cLyKop1ZSO1rAIYy; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
set-cookie: __ddg10_=1728813706; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 20:58:54 GMT
content-type: text/css
last-modified: Thu, 02 Nov 2023 16:19:42 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
content-encoding: gzip
etag: "6543cc1e-b1e3"
expires: Tue, 05 Nov 2024 20:58:54 GMT
age: 565372
content-length: 7768
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-content/plugins/wp-polls/polls-js.js?ver=2.77.2

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/plugins/wp-polls/polls-js.js?ver=2.77.2 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=vWF80b04YPuQLiUN; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
set-cookie: __ddg10_=1728813706; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 21 Sep 2024 10:23:29 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 19 Apr 2023 12:59:43 GMT
vary: Accept-Encoding
etag: W/"643fe5bf-4d0"
expires: Mon, 21 Oct 2024 10:23:29 GMT
cache-control: max-age=2592000
content-encoding: gzip
age: 1899497
content-length: 519
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-content/themes/twentyfourteen/js/functions.js?ver=20230526

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/themes/twentyfourteen/js/functions.js?ver=20230526 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=Ne0gxPC0Tyrrtb3W; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
set-cookie: __ddg10_=1728813706; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 20:58:54 GMT
content-type: text/css
last-modified: Thu, 02 Nov 2023 16:19:42 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
content-encoding: gzip
etag: "6543cc1e-9273"
expires: Tue, 05 Nov 2024 20:58:54 GMT
age: 565372
content-length: 8867
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-includes/js/imagesloaded.min.js?ver=5.0.0

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-includes/js/imagesloaded.min.js?ver=5.0.0 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg8_=T8sWTLUKbdi7pQCd
cookie: __ddg9_=72.14.201.64
cookie: __ddg10_=1728813692
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=ZBM6HUAOpWB60S24; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
set-cookie: __ddg10_=1728813706; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 20:58:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 889
last-modified: Wed, 19 Apr 2023 12:59:43 GMT
cache-control: max-age=2592000
accept-ranges: bytes
etag: "643fe5bf-379"
expires: Tue, 05 Nov 2024 20:58:54 GMT
age: 565372
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-content/themes/twentyfourteen/fonts/lato/lato-latin-400-normal.woff2?ver=23

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/themes/twentyfourteen/fonts/lato/lato-latin-400-normal.woff2?ver=23 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://fitgirl-repacks.site
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://fitgirl-repacks.site/wp-content/themes/twentyfourteen/fonts/font-lato.css?ver=20230328
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg10_=1728813703
cookie: __ddg8_=GusaIqDLR8W0w9l7

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=W8SLOZcJ9wCLRB3c; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
set-cookie: __ddg10_=1728813706; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
content-security-policy: upgrade-insecure-requests;
date: Mon, 07 Oct 2024 04:50:01 GMT
content-type: image/jpeg
content-length: 6885
last-modified: Mon, 01 Aug 2016 21:55:54 GMT
etag: "579fc56a-1ae5"
expires: Wed, 06 Nov 2024 04:50:01 GMT
cache-control: max-age=2592000
accept-ranges: bytes
age: 537105
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-content/themes/twentyfourteen/fonts/lato/lato-latin-700-normal.woff2?ver=23

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/themes/twentyfourteen/fonts/lato/lato-latin-700-normal.woff2?ver=23 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://fitgirl-repacks.site
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://fitgirl-repacks.site/wp-content/themes/twentyfourteen/fonts/font-lato.css?ver=20230328
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg10_=1728813703
cookie: __ddg8_=GusaIqDLR8W0w9l7

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=qLfYbq8w5ivdWNor; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
set-cookie: __ddg10_=1728813706; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 20:58:54 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 02 Nov 2023 16:19:42 GMT
vary: Accept-Encoding
cache-control: max-age=2592000
content-encoding: gzip
etag: "6543cc1e-3da1"
expires: Tue, 05 Nov 2024 20:58:54 GMT
age: 565372
content-length: 4379
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-content/themes/twentyfourteen/fonts/lato/lato-latin-900-normal.woff2?ver=23

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/themes/twentyfourteen/fonts/lato/lato-latin-900-normal.woff2?ver=23 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://fitgirl-repacks.site
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://fitgirl-repacks.site/wp-content/themes/twentyfourteen/fonts/font-lato.css?ver=20230328
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg10_=1728813703
cookie: __ddg8_=GusaIqDLR8W0w9l7

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=gyFPiFPaUmxq84Cb; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
set-cookie: __ddg10_=1728813706; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
content-security-policy: upgrade-insecure-requests;
date: Wed, 18 Sep 2024 06:57:29 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 06 Sep 2022 16:27:35 GMT
vary: Accept-Encoding
etag: W/"631774f7-ba5"
expires: Fri, 18 Oct 2024 06:57:29 GMT
cache-control: max-age=2592000
content-encoding: gzip
age: 2171057
content-length: 1351
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-content/themes/twentyfourteen/fonts/lato/lato-latin-300-normal.woff2?ver=23

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/themes/twentyfourteen/fonts/lato/lato-latin-300-normal.woff2?ver=23 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://fitgirl-repacks.site
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://fitgirl-repacks.site/wp-content/themes/twentyfourteen/fonts/font-lato.css?ver=20230328
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg10_=1728813703
cookie: __ddg8_=GusaIqDLR8W0w9l7

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=0Shjf3qMO5f3pgjW; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
set-cookie: __ddg10_=1728813706; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 06 Oct 2024 22:33:27 GMT
content-type: image/png
content-length: 5938
last-modified: Mon, 15 Aug 2022 19:25:38 GMT
etag: "62fa9db2-1732"
expires: Tue, 05 Nov 2024 22:33:27 GMT
cache-control: max-age=2592000
accept-ranges: bytes
age: 559699
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-includes/js/wp-emoji-release.min.js?ver=6.4.1

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-includes/js/wp-emoji-release.min.js?ver=6.4.1 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg10_=1728813703
cookie: __ddg8_=GusaIqDLR8W0w9l7

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=UhaIIdlBo8YeE8tl; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
set-cookie: __ddg10_=1728813706; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
content-security-policy: upgrade-insecure-requests;
date: Mon, 07 Oct 2024 05:58:23 GMT
content-type: image/jpeg
content-length: 16590
last-modified: Sun, 05 May 2024 11:46:37 GMT
etag: "6637719d-40ce"
expires: Wed, 06 Nov 2024 05:58:23 GMT
cache-control: max-age=2592000
accept-ranges: bytes
age: 533003
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/wp-content/uploads/2016/08/cropped-icon-32x32.jpg

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/uploads/2016/08/cropped-icon-32x32.jpg HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg10_=1728813704
cookie: __ddg8_=p3TBIsJM3dXa9TkA

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=CkYSeMItqdySjFi5; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
set-cookie: __ddg10_=1728813706; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:46 GMT
content-security-policy: upgrade-insecure-requests;
date: Mon, 07 Oct 2024 04:50:00 GMT
content-type: font/woff2
content-length: 109916
last-modified: Thu, 02 Nov 2023 16:19:42 GMT
etag: "6543cc1e-1ad5c"
expires: Wed, 06 Nov 2024 04:50:00 GMT
cache-control: max-age=2592000
accept-ranges: bytes
age: 537106
ddg-cache-status: HIT
GET

https://fitgirl-repacks.site/grand-theft-auto-v/

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /grand-theft-auto-v/ HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://fitgirl-repacks.site/popular-repacks/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg8_=2jMNjx8xrolxCOw1
cookie: __ddg10_=1728813705
GET

https://fitgirl-repacks.site/wp-content/plugins/shortcodes-ultimate/includes/css/icons.css?ver=1.1.5

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/plugins/shortcodes-ultimate/includes/css/icons.css?ver=1.1.5 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://fitgirl-repacks.site/grand-theft-auto-v/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg8_=bwZnqJuDThB9YcwI
cookie: __ddg10_=1728813706
GET

https://fitgirl-repacks.site/wp-content/plugins/shortcodes-ultimate/includes/css/shortcodes.css?ver=5.13.2

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/plugins/shortcodes-ultimate/includes/css/shortcodes.css?ver=5.13.2 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://fitgirl-repacks.site/grand-theft-auto-v/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg8_=bwZnqJuDThB9YcwI
cookie: __ddg10_=1728813706
GET

https://fitgirl-repacks.site/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.23

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.23 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fitgirl-repacks.site/grand-theft-auto-v/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg8_=bwZnqJuDThB9YcwI
cookie: __ddg10_=1728813706
GET

https://fitgirl-repacks.site/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.23

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.23 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fitgirl-repacks.site/grand-theft-auto-v/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg8_=bwZnqJuDThB9YcwI
cookie: __ddg10_=1728813706
GET

https://fitgirl-repacks.site/wp-content/plugins/shortcodes-ultimate/includes/js/shortcodes/index.js?ver=5.13.2

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/plugins/shortcodes-ultimate/includes/js/shortcodes/index.js?ver=5.13.2 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fitgirl-repacks.site/grand-theft-auto-v/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg8_=bwZnqJuDThB9YcwI
cookie: __ddg10_=1728813706
GET

https://fitgirl-repacks.site/wp-content/uploads/2016/08/cropped-icon-192x192.jpg

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/uploads/2016/08/cropped-icon-192x192.jpg HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/grand-theft-auto-v/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg8_=bwZnqJuDThB9YcwI
cookie: __ddg10_=1728813706
GET

https://fitgirl-repacks.site/wp-includes/js/comment-reply.min.js?ver=6.4.1

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-includes/js/comment-reply.min.js?ver=6.4.1 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fitgirl-repacks.site/grand-theft-auto-v/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg8_=bwZnqJuDThB9YcwI
cookie: __ddg10_=1728813706
GET

https://fitgirl-repacks.site/wp-content/uploads/2022/08/paw.png

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/uploads/2022/08/paw.png HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/grand-theft-auto-v/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg8_=bwZnqJuDThB9YcwI
cookie: __ddg10_=1728813706
GET

https://fitgirl-repacks.site/wp-content/uploads/2024/05/support2.jpg

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/uploads/2024/05/support2.jpg HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/grand-theft-auto-v/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg10_=1728813706
cookie: __ddg8_=gyFPiFPaUmxq84Cb
GET

https://fitgirl-repacks.site/wp-content/plugins/shortcodes-ultimate/vendor/fork-awesome/fonts/forkawesome-webfont.woff2?v=1.2.0

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /wp-content/plugins/shortcodes-ultimate/vendor/fork-awesome/fonts/forkawesome-webfont.woff2?v=1.2.0 HTTP/2.0
host: fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://fitgirl-repacks.site
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://fitgirl-repacks.site/wp-content/plugins/shortcodes-ultimate/includes/css/icons.css?ver=1.1.5
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg10_=1728813706
cookie: __ddg8_=0Shjf3qMO5f3pgjW
GET

https://stats.wp.com/e-202441.js

chrome.exe

Remote address:

192.0.76.3:443

Request

GET /e-202441.js HTTP/2.0
host: stats.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:43 GMT
content-type: application/javascript
vary: Accept-Encoding
x-minify: t
x-minify-cache: hit
etag: W/14421-1717166114261.106
content-encoding: br
expires: Sun, 05 Oct 2025 11:43:32 GMT
cache-control: max-age=31536000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
x-nc: HIT lhr
alt-svc: h3=":443"; ma=86400
GET

https://pixel.wp.com/g.gif?v=ext&blog=114849652&post=39712&tz=3&srv=fitgirl-repacks.site&j=1%3A13.3&host=fitgirl-repacks.site&ref=https%3A%2F%2Fwww.google.com%2F&fcp=358&rand=0.9935011378308793

chrome.exe

Remote address:

192.0.76.3:443

Request

GET /g.gif?v=ext&blog=114849652&post=39712&tz=3&srv=fitgirl-repacks.site&j=1%3A13.3&host=fitgirl-repacks.site&ref=https%3A%2F%2Fwww.google.com%2F&fcp=358&rand=0.9935011378308793 HTTP/2.0
host: pixel.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/gif
content-length: 50
cache-control: no-cache
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
GET

https://www.youtube.com/embed/72QAAOaYW2M

chrome.exe

Remote address:

216.58.201.110:443

Request

GET /embed/72QAAOaYW2M HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.youtube.com/embed/IFzUTKsrbN8

chrome.exe

Remote address:

216.58.201.110:443

Request

GET /embed/IFzUTKsrbN8 HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.youtube.com/s/player/2f238d39/www-player.css

chrome.exe

Remote address:

216.58.201.110:443

Request

GET /s/player/2f238d39/www-player.css HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
x-client-data: CMHZygE=
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.youtube.com/embed/IFzUTKsrbN8
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: YSC=YC6nw_RWYug
cookie: VISITOR_INFO1_LIVE=lttMBgmwfW4
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgRw%3D%3D
GET

https://www.youtube.com/s/player/2f238d39/player_ias.vflset/en_US/embed.js

chrome.exe

Remote address:

216.58.201.110:443

Request

GET /s/player/2f238d39/player_ias.vflset/en_US/embed.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/embed/IFzUTKsrbN8
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: YSC=vZleX7JSvfo
cookie: VISITOR_INFO1_LIVE=dmMMmJhPBAk
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgMQ%3D%3D
GET

https://www.youtube.com/s/player/2f238d39/www-embed-player.vflset/www-embed-player.js

chrome.exe

Remote address:

216.58.201.110:443

Request

GET /s/player/2f238d39/www-embed-player.vflset/www-embed-player.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/embed/IFzUTKsrbN8
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: YSC=vZleX7JSvfo
cookie: VISITOR_INFO1_LIVE=dmMMmJhPBAk
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgMQ%3D%3D
GET

https://www.youtube.com/s/player/2f238d39/player_ias.vflset/en_US/base.js

chrome.exe

Remote address:

216.58.201.110:443

Request

GET /s/player/2f238d39/player_ias.vflset/en_US/base.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/embed/IFzUTKsrbN8
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: YSC=vZleX7JSvfo
cookie: VISITOR_INFO1_LIVE=dmMMmJhPBAk
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgMQ%3D%3D
GET

https://i0.wp.com/i3.imageban.ru/out/2021/12/31/7b4fae0cb0a8fa800bc02c17c9b6af9b.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i3.imageban.ru/out/2021/12/31/7b4fae0cb0a8fa800bc02c17c9b6af9b.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 11760
last-modified: Sat, 06 Apr 2024 12:52:34 GMT
expires: Tue, 07 Apr 2026 00:52:34 GMT
cache-control: public, max-age=63115200
link: <https://i3.imageban.ru/out/2021/12/31/7b4fae0cb0a8fa800bc02c17c9b6af9b.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "50fae23216f45805"
vary: Accept
x-nc: HIT lhr 1
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i2.imageban.ru/out/2024/06/03/2b13314daa31cca45608fc36d2555e2f.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i2.imageban.ru/out/2024/06/03/2b13314daa31cca45608fc36d2555e2f.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 9532
last-modified: Tue, 13 Aug 2024 21:03:00 GMT
expires: Fri, 14 Aug 2026 09:03:00 GMT
cache-control: public, max-age=63115200
link: <https://i8.imageban.ru/out/2024/08/11/d63aaab946e2f5cd9a65f8451e34d0e4.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "b939ec5ea4afc2fe"
vary: Accept
x-nc: HIT lhr 6
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i5.imageban.ru/out/2024/05/17/56aa0795604d3a6b18c024348242b6ea.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i5.imageban.ru/out/2024/05/17/56aa0795604d3a6b18c024348242b6ea.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 6718
last-modified: Fri, 17 May 2024 09:44:36 GMT
expires: Sun, 17 May 2026 21:44:36 GMT
cache-control: public, max-age=63115200
link: <https://i5.imageban.ru/out/2024/05/17/56aa0795604d3a6b18c024348242b6ea.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "dd49aedc7774f137"
vary: Accept
x-nc: HIT lhr 5
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i8.imageban.ru/out/2024/08/11/d63aaab946e2f5cd9a65f8451e34d0e4.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i8.imageban.ru/out/2024/08/11/d63aaab946e2f5cd9a65f8451e34d0e4.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 8238
last-modified: Fri, 20 Sep 2024 11:41:15 GMT
expires: Sun, 20 Sep 2026 23:41:15 GMT
cache-control: public, max-age=63115200
link: <https://i8.imageban.ru/out/2024/09/20/043b8d101c3d6fb833cd8494b35e7908.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "a461b8f8e1018160"
vary: Accept
x-nc: HIT lhr 2
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i1.imageban.ru/out/2024/09/06/f504dcecdac8895290010f95753649c1.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i1.imageban.ru/out/2024/09/06/f504dcecdac8895290010f95753649c1.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 12290
last-modified: Fri, 06 Sep 2024 23:10:50 GMT
expires: Mon, 07 Sep 2026 11:10:50 GMT
cache-control: public, max-age=63115200
link: <https://i1.imageban.ru/out/2024/09/06/f504dcecdac8895290010f95753649c1.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "58a18ca205193de0"
vary: Accept
x-nc: HIT lhr 5
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i8.imageban.ru/out/2024/09/20/043b8d101c3d6fb833cd8494b35e7908.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i8.imageban.ru/out/2024/09/20/043b8d101c3d6fb833cd8494b35e7908.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 6376
last-modified: Sun, 15 Sep 2024 11:37:52 GMT
expires: Tue, 15 Sep 2026 23:37:52 GMT
cache-control: public, max-age=63115200
link: <https://i2.imageban.ru/out/2024/09/14/55b1d23f63d017f497c49202fa28e91c.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "f7627fe1aabfafc2"
vary: Accept
x-nc: HIT lhr 2
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i2.imageban.ru/out/2024/09/14/55b1d23f63d017f497c49202fa28e91c.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i2.imageban.ru/out/2024/09/14/55b1d23f63d017f497c49202fa28e91c.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 5232
last-modified: Mon, 03 Jun 2024 09:46:43 GMT
expires: Wed, 03 Jun 2026 21:46:43 GMT
cache-control: public, max-age=63115200
link: <https://i2.imageban.ru/out/2024/06/03/2b13314daa31cca45608fc36d2555e2f.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "75ac8fe39280e39a"
vary: Accept
x-nc: HIT lhr 7
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i1.imageban.ru/out/2024/05/02/5b8d83058def6c33d3c5b3e7ae36fd4b.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i1.imageban.ru/out/2024/05/02/5b8d83058def6c33d3c5b3e7ae36fd4b.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 13608
last-modified: Tue, 08 Oct 2024 16:36:17 GMT
expires: Fri, 09 Oct 2026 04:36:17 GMT
cache-control: public, max-age=63115200
link: <https://i2.imageban.ru/out/2024/10/08/f5477f15f897fb915060d05d88739ca4.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "41b0d6e63597a779"
vary: Accept
x-nc: HIT lhr 5
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i2.imageban.ru/out/2024/10/08/f5477f15f897fb915060d05d88739ca4.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i2.imageban.ru/out/2024/10/08/f5477f15f897fb915060d05d88739ca4.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 5960
last-modified: Mon, 02 Sep 2024 21:04:46 GMT
expires: Thu, 03 Sep 2026 09:04:46 GMT
cache-control: public, max-age=63115200
link: <https://i8.imageban.ru/out/2024/08/31/c5e7f3da5e9669c3e3efba74c49a6d75.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "7f96056a4f90c2a3"
vary: Accept
x-nc: HIT lhr 5
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i8.imageban.ru/out/2024/08/31/c5e7f3da5e9669c3e3efba74c49a6d75.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i8.imageban.ru/out/2024/08/31/c5e7f3da5e9669c3e3efba74c49a6d75.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 9012
last-modified: Thu, 02 May 2024 08:16:29 GMT
expires: Sat, 02 May 2026 20:16:29 GMT
cache-control: public, max-age=63115200
link: <https://i1.imageban.ru/out/2024/05/02/5b8d83058def6c33d3c5b3e7ae36fd4b.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "3652391b233a3b82"
vary: Accept
x-nc: HIT lhr 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i8.imageban.ru/out/2024/08/18/bb923f6395e42ef1f81f1cfeb2e7bcc7.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i8.imageban.ru/out/2024/08/18/bb923f6395e42ef1f81f1cfeb2e7bcc7.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 7036
last-modified: Mon, 19 Aug 2024 21:00:34 GMT
expires: Thu, 20 Aug 2026 09:00:34 GMT
cache-control: public, max-age=63115200
link: <https://i8.imageban.ru/out/2024/08/18/bb923f6395e42ef1f81f1cfeb2e7bcc7.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "9f7a153d6d690a11"
vary: Accept
x-nc: HIT lhr 1
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i8.imageban.ru/out/2024/10/06/a1ab5724ef423200b7ca145546f744c4.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i8.imageban.ru/out/2024/10/06/a1ab5724ef423200b7ca145546f744c4.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 3768
last-modified: Mon, 07 Oct 2024 04:31:42 GMT
expires: Wed, 07 Oct 2026 16:31:42 GMT
cache-control: public, max-age=63115200
link: <https://i8.imageban.ru/out/2024/10/06/a1ab5724ef423200b7ca145546f744c4.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "8eeeb61dbde95a0c"
vary: Accept
x-nc: HIT lhr 4
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i4.imageban.ru/out/2023/03/29/85b51d35b80313e95e7973d26df91f7f.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i4.imageban.ru/out/2023/03/29/85b51d35b80313e95e7973d26df91f7f.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 5806
last-modified: Sat, 06 Apr 2024 12:52:34 GMT
expires: Tue, 07 Apr 2026 00:52:34 GMT
cache-control: public, max-age=63115200
link: <https://i4.imageban.ru/out/2023/03/29/85b51d35b80313e95e7973d26df91f7f.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "7f7a18a282e6e90d"
vary: Accept
x-nc: HIT lhr 4
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i5.imageban.ru/out/2024/09/17/a9dde93480894b636f4bfb9e66c04e9f.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i5.imageban.ru/out/2024/09/17/a9dde93480894b636f4bfb9e66c04e9f.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 9080
last-modified: Sat, 27 Jul 2024 13:11:23 GMT
expires: Tue, 28 Jul 2026 01:11:23 GMT
cache-control: public, max-age=63115200
link: <https://i3.imageban.ru/out/2024/07/27/63176e78b32c902a50d7f15158693c4e.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "2ba406cb5ff6d268"
vary: Accept
x-nc: HIT lhr 1
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i3.imageban.ru/out/2024/07/27/63176e78b32c902a50d7f15158693c4e.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i3.imageban.ru/out/2024/07/27/63176e78b32c902a50d7f15158693c4e.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 6916
last-modified: Wed, 18 Sep 2024 21:00:55 GMT
expires: Sat, 19 Sep 2026 09:00:55 GMT
cache-control: public, max-age=63115200
link: <https://i5.imageban.ru/out/2024/09/17/a9dde93480894b636f4bfb9e66c04e9f.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "bfdb46eafec2437d"
vary: Accept
x-nc: HIT lhr 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i6.imageban.ru/out/2022/01/15/71bb09a01cff9396536b4c8d93d91875.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i6.imageban.ru/out/2022/01/15/71bb09a01cff9396536b4c8d93d91875.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 5718
last-modified: Sat, 06 Apr 2024 12:52:34 GMT
expires: Tue, 07 Apr 2026 00:52:34 GMT
cache-control: public, max-age=63115200
link: <https://i6.imageban.ru/out/2022/01/15/71bb09a01cff9396536b4c8d93d91875.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "0f4ba959df2ca853"
vary: Accept
x-nc: HIT lhr 7
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i6.imageban.ru/out/2022/08/13/d8a6e759722f3c703990dcf3765d400b.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i6.imageban.ru/out/2022/08/13/d8a6e759722f3c703990dcf3765d400b.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 5978
last-modified: Sat, 06 Apr 2024 12:52:34 GMT
expires: Tue, 07 Apr 2026 00:52:34 GMT
cache-control: public, max-age=63115200
link: <https://i6.imageban.ru/out/2022/08/13/d8a6e759722f3c703990dcf3765d400b.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "d22060daeff1e371"
vary: Accept
x-nc: HIT lhr 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i5.imageban.ru/out/2021/11/13/4e9836b6111a572bef2f43048c7ef4c6.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i5.imageban.ru/out/2021/11/13/4e9836b6111a572bef2f43048c7ef4c6.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 8300
last-modified: Sat, 06 Apr 2024 12:52:34 GMT
expires: Tue, 07 Apr 2026 00:52:34 GMT
cache-control: public, max-age=63115200
link: <https://i5.imageban.ru/out/2021/11/13/4e9836b6111a572bef2f43048c7ef4c6.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "38fdb169d0ecdc88"
vary: Accept
x-nc: HIT lhr 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i1.imageban.ru/out/2023/12/07/4045364e148cf4383f193e18b5bf405c.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i1.imageban.ru/out/2023/12/07/4045364e148cf4383f193e18b5bf405c.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 7862
last-modified: Sat, 06 Apr 2024 12:52:34 GMT
expires: Tue, 07 Apr 2026 00:52:34 GMT
cache-control: public, max-age=63115200
link: <https://i1.imageban.ru/out/2023/12/07/4045364e148cf4383f193e18b5bf405c.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "89feb03ae9c71aa1"
vary: Accept
x-nc: HIT lhr 1
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i2.imageban.ru/out/2024/09/17/646bbc6158e4742486697d39675939a6.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i2.imageban.ru/out/2024/09/17/646bbc6158e4742486697d39675939a6.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 4436
last-modified: Wed, 18 Sep 2024 21:00:55 GMT
expires: Sat, 19 Sep 2026 09:00:55 GMT
cache-control: public, max-age=63115200
link: <https://i2.imageban.ru/out/2024/09/17/646bbc6158e4742486697d39675939a6.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "8e58e486b82cf94a"
vary: Accept
x-nc: HIT lhr 8
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i103.fastpic.ru/big/2018/0208/eb/a9e816fbc22b6c0c320c504123284eeb.jpg?resize=150%2C200

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i103.fastpic.ru/big/2018/0208/eb/a9e816fbc22b6c0c320c504123284eeb.jpg?resize=150%2C200 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 8702
last-modified: Sat, 15 Jun 2024 21:02:59 GMT
expires: Tue, 16 Jun 2026 09:02:59 GMT
cache-control: public, max-age=63115200
link: <https://i6.imageban.ru/out/2024/06/15/035bb0413020b49880df47fc907d42ed.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "ff3b0ffe110f4009"
vary: Accept
x-nc: HIT lhr 5
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i6.imageban.ru/out/2024/06/15/035bb0413020b49880df47fc907d42ed.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i6.imageban.ru/out/2024/06/15/035bb0413020b49880df47fc907d42ed.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 6164
last-modified: Sat, 06 Apr 2024 12:52:33 GMT
expires: Tue, 07 Apr 2026 00:52:33 GMT
cache-control: public, max-age=63115200
link: <http://i103.fastpic.ru/big/2018/0208/eb/a9e816fbc22b6c0c320c504123284eeb.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "242672a74e241462"
vary: Accept
x-nc: HIT lhr 1
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i3.imageban.ru/out/2024/06/21/532a2f7805dda1edb2200207e937e43e.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i3.imageban.ru/out/2024/06/21/532a2f7805dda1edb2200207e937e43e.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 8500
last-modified: Fri, 21 Jun 2024 19:32:54 GMT
expires: Mon, 22 Jun 2026 07:32:54 GMT
cache-control: public, max-age=63115200
link: <https://i3.imageban.ru/out/2024/06/21/532a2f7805dda1edb2200207e937e43e.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "717dd6abae9237f0"
vary: Accept
x-nc: HIT lhr 2
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i2.imageban.ru/out/2024/08/23/3ac74578c33953d2cd9d942d2d1cc0b1.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i2.imageban.ru/out/2024/08/23/3ac74578c33953d2cd9d942d2d1cc0b1.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 8856
last-modified: Sat, 24 Aug 2024 04:11:45 GMT
expires: Mon, 24 Aug 2026 16:11:45 GMT
cache-control: public, max-age=63115200
link: <https://i2.imageban.ru/out/2024/08/23/3ac74578c33953d2cd9d942d2d1cc0b1.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "817acc9c887269ef"
vary: Accept
x-nc: HIT lhr 1
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i2.imageban.ru/out/2024/05/19/e2809fa2c1c9f8c0e66879b9a601ec7b.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i2.imageban.ru/out/2024/05/19/e2809fa2c1c9f8c0e66879b9a601ec7b.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 7102
last-modified: Sat, 06 Apr 2024 12:52:34 GMT
expires: Tue, 07 Apr 2026 00:52:34 GMT
cache-control: public, max-age=63115200
link: <https://i3.imageban.ru/out/2023/08/29/2e754a09cb851dd304ce48c11b29b37e.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "bac625adb4d20b50"
vary: Accept
x-nc: HIT lhr 5
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i3.imageban.ru/out/2023/08/29/2e754a09cb851dd304ce48c11b29b37e.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i3.imageban.ru/out/2023/08/29/2e754a09cb851dd304ce48c11b29b37e.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 3962
last-modified: Mon, 20 May 2024 07:11:41 GMT
expires: Wed, 20 May 2026 19:11:41 GMT
cache-control: public, max-age=63115200
link: <https://i2.imageban.ru/out/2024/05/19/e2809fa2c1c9f8c0e66879b9a601ec7b.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "da0684ddde4b63fb"
vary: Accept
x-nc: HIT lhr 1
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i4.imageban.ru/out/2023/09/16/15e1aa86d3bc7e2371493d83acb6b79f.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i4.imageban.ru/out/2023/09/16/15e1aa86d3bc7e2371493d83acb6b79f.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 8972
last-modified: Sat, 08 Jun 2024 21:01:26 GMT
expires: Tue, 09 Jun 2026 09:01:26 GMT
cache-control: public, max-age=63115200
link: <https://i4.imageban.ru/out/2023/09/16/15e1aa86d3bc7e2371493d83acb6b79f.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "8cc11c94c049c2cb"
vary: Accept
x-nc: HIT lhr 6
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i1.imageban.ru/out/2024/08/31/5a982b0c46804e6883a749bdc52a511c.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i1.imageban.ru/out/2024/08/31/5a982b0c46804e6883a749bdc52a511c.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 5804
last-modified: Mon, 02 Sep 2024 21:02:06 GMT
expires: Thu, 03 Sep 2026 09:02:06 GMT
cache-control: public, max-age=63115200
link: <https://i1.imageban.ru/out/2024/08/31/5a982b0c46804e6883a749bdc52a511c.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "645fc4cc2b1a27c1"
vary: Accept
x-nc: HIT lhr 6
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i5.imageban.ru/out/2024/10/05/1c8d50dba4ccc56758e9e923f71c63ab.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i5.imageban.ru/out/2024/10/05/1c8d50dba4ccc56758e9e923f71c63ab.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 2930
last-modified: Sat, 05 Oct 2024 21:08:57 GMT
expires: Tue, 06 Oct 2026 09:08:57 GMT
cache-control: public, max-age=63115200
link: <https://i5.imageban.ru/out/2024/10/05/1c8d50dba4ccc56758e9e923f71c63ab.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "bfbabed75582c537"
vary: Accept
x-nc: HIT lhr 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i2.imageban.ru/out/2024/04/01/b999979347fdc64b8bfae2645d4001bc.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i2.imageban.ru/out/2024/04/01/b999979347fdc64b8bfae2645d4001bc.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 10248
last-modified: Sat, 06 Apr 2024 13:12:19 GMT
expires: Tue, 07 Apr 2026 01:12:19 GMT
cache-control: public, max-age=63115200
link: <https://i2.imageban.ru/out/2024/04/01/b999979347fdc64b8bfae2645d4001bc.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "b39da9d76dd28274"
vary: Accept
x-nc: HIT lhr 2
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i7.imageban.ru/out/2024/10/05/66674de690b25b54a7f655c6d8c461a4.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i7.imageban.ru/out/2024/10/05/66674de690b25b54a7f655c6d8c461a4.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 3780
last-modified: Sun, 06 Oct 2024 21:03:43 GMT
expires: Wed, 07 Oct 2026 09:03:43 GMT
cache-control: public, max-age=63115200
link: <https://i7.imageban.ru/out/2024/10/05/66674de690b25b54a7f655c6d8c461a4.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "0e430f054727fcf5"
vary: Accept
x-nc: HIT lhr 8
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i8.imageban.ru/out/2024/09/02/4dc4a4dee749797b293b18f2696265d6.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i8.imageban.ru/out/2024/09/02/4dc4a4dee749797b293b18f2696265d6.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 7606
last-modified: Tue, 03 Sep 2024 21:05:32 GMT
expires: Fri, 04 Sep 2026 09:05:32 GMT
cache-control: public, max-age=63115200
link: <https://i8.imageban.ru/out/2024/09/02/4dc4a4dee749797b293b18f2696265d6.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "4f03abc18cb57504"
vary: Accept
x-nc: HIT lhr 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i2.imageban.ru/out/2022/11/19/5137d60a42b27845a34bdc11ea4cc57d.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i2.imageban.ru/out/2022/11/19/5137d60a42b27845a34bdc11ea4cc57d.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 4580
last-modified: Sat, 06 Apr 2024 12:52:34 GMT
expires: Tue, 07 Apr 2026 00:52:34 GMT
cache-control: public, max-age=63115200
link: <https://i2.imageban.ru/out/2022/11/19/5137d60a42b27845a34bdc11ea4cc57d.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "210a70651934a5f7"
vary: Accept
x-nc: HIT lhr 5
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i8.imageban.ru/out/2024/09/25/b035e4a1c20c8b24180d8842fecfe025.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i8.imageban.ru/out/2024/09/25/b035e4a1c20c8b24180d8842fecfe025.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 7004
last-modified: Thu, 26 Sep 2024 21:03:48 GMT
expires: Sun, 27 Sep 2026 09:03:48 GMT
cache-control: public, max-age=63115200
link: <https://i8.imageban.ru/out/2024/09/25/b035e4a1c20c8b24180d8842fecfe025.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "19412fc8af879e1c"
vary: Accept
x-nc: HIT lhr 2
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i7.imageban.ru/out/2022/07/19/8a3e1174ec1553cedc0048c3c6f46f40.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i7.imageban.ru/out/2022/07/19/8a3e1174ec1553cedc0048c3c6f46f40.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 7550
last-modified: Mon, 08 Apr 2024 01:01:46 GMT
expires: Wed, 08 Apr 2026 13:01:46 GMT
cache-control: public, max-age=63115200
link: <https://i7.imageban.ru/out/2022/07/19/8a3e1174ec1553cedc0048c3c6f46f40.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "65f019881e77637d"
vary: Accept
x-nc: HIT lhr 7
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i4.imageban.ru/out/2024/10/01/c2996eb175b34064090303fcd1455c33.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i4.imageban.ru/out/2024/10/01/c2996eb175b34064090303fcd1455c33.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 4090
last-modified: Tue, 01 Oct 2024 20:11:41 GMT
expires: Fri, 02 Oct 2026 08:11:41 GMT
cache-control: public, max-age=63115200
link: <https://i4.imageban.ru/out/2024/10/01/c2996eb175b34064090303fcd1455c33.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "e6133cf1d9acc45c"
vary: Accept
x-nc: HIT lhr 6
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i111.fastpic.ru/big/2020/0508/0b/39046d129a1fba44c2ad892ffc58fc0b.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i111.fastpic.ru/big/2020/0508/0b/39046d129a1fba44c2ad892ffc58fc0b.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 7842
last-modified: Sat, 06 Apr 2024 12:52:34 GMT
expires: Tue, 07 Apr 2026 00:52:34 GMT
cache-control: public, max-age=63115200
link: <https://i111.fastpic.ru/big/2020/0508/0b/39046d129a1fba44c2ad892ffc58fc0b.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "e49095945aa11f0d"
vary: Accept
x-nc: HIT lhr 6
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i65.fastpic.ru/big/2014/1231/64/a628e97829ee7132c7d809afc5ca7f64.jpg?resize=150%2C200

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i65.fastpic.ru/big/2014/1231/64/a628e97829ee7132c7d809afc5ca7f64.jpg?resize=150%2C200 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 9986
last-modified: Sat, 06 Apr 2024 12:52:33 GMT
expires: Tue, 07 Apr 2026 00:52:33 GMT
cache-control: public, max-age=63115200
link: <http://i65.fastpic.ru/big/2014/1231/64/a628e97829ee7132c7d809afc5ca7f64.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "51a8b58c544879da"
vary: Accept
x-nc: HIT lhr 8
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i4.imageban.ru/out/2022/10/20/901d5b6538563a6754a7231afa16e2c5.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i4.imageban.ru/out/2022/10/20/901d5b6538563a6754a7231afa16e2c5.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 8728
last-modified: Sat, 06 Apr 2024 13:12:19 GMT
expires: Tue, 07 Apr 2026 01:12:19 GMT
cache-control: public, max-age=63115200
link: <https://i4.imageban.ru/out/2022/10/20/901d5b6538563a6754a7231afa16e2c5.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "f2de3f1df7fe02fb"
vary: Accept
x-nc: HIT lhr 6
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i0.wp.com/i6.imageban.ru/out/2021/07/24/5f381c0c99c71ee16502b98810cd5849.jpg?resize=150%2C200&ssl=1

chrome.exe

Remote address:

192.0.77.2:443

Request

GET /i6.imageban.ru/out/2021/07/24/5f381c0c99c71ee16502b98810cd5849.jpg?resize=150%2C200&ssl=1 HTTP/2.0
host: i0.wp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:44 GMT
content-type: image/webp
content-length: 8972
last-modified: Sat, 06 Apr 2024 12:52:34 GMT
expires: Tue, 07 Apr 2026 00:52:34 GMT
cache-control: public, max-age=63115200
link: <https://i6.imageban.ru/out/2021/07/24/5f381c0c99c71ee16502b98810cd5849.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "8226abe5b5354e72"
vary: Accept
x-nc: HIT lhr 2
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
GET

https://i.ytimg.com/vi/72QAAOaYW2M/default.jpg?sqp=-oaymwEkCHgQWvKriqkDGvABAfgB_gmAAtAFigIMCAAQARh_IBUoGzAP&rs=AOn4CLDXDo-jUBq-FzNmiCxwEhMDbNsX6A

chrome.exe

Remote address:

142.250.200.54:443

Request

GET /vi/72QAAOaYW2M/default.jpg?sqp=-oaymwEkCHgQWvKriqkDGvABAfgB_gmAAtAFigIMCAAQARh_IBUoGzAP&rs=AOn4CLDXDo-jUBq-FzNmiCxwEhMDbNsX6A HTTP/2.0
host: i.ytimg.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://i.ytimg.com/vi/IFzUTKsrbN8/default.jpg?sqp=-oaymwEkCHgQWvKriqkDGvABAfgB_gGAApABigIMCAAQARhhIGEoYTAP&rs=AOn4CLAgzNbaDuCFsM9n3f8B1dRnj7GEzQ

chrome.exe

Remote address:

142.250.200.54:443

Request

GET /vi/IFzUTKsrbN8/default.jpg?sqp=-oaymwEkCHgQWvKriqkDGvABAfgB_gGAApABigIMCAAQARhhIGEoYTAP&rs=AOn4CLAgzNbaDuCFsM9n3f8B1dRnj7GEzQ HTTP/2.0
host: i.ytimg.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://googleads.g.doubleclick.net/pagead/id

chrome.exe

Remote address:

216.58.213.2:443

Request

GET /pagead/id HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.youtube.com
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://googleads.g.doubleclick.net/pagead/id

chrome.exe

Remote address:

216.58.213.2:443

Request

GET /pagead/id HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.youtube.com
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://static.doubleclick.net/instream/ad_status.js

chrome.exe

Remote address:

142.250.179.230:443

Request

GET /instream/ad_status.js HTTP/2.0
host: static.doubleclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/js/th/Kwl4UTqRlZdwo60dxzGVsyg_CEkasAzkebPPx38d0Do.js

chrome.exe

Remote address:

142.250.200.36:443

Request

GET /js/th/Kwl4UTqRlZdwo60dxzGVsyg_CEkasAzkebPPx38d0Do.js HTTP/2.0
host: www.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=CyJPFhVA1xR2B6RRHS0ICogNIsrEgUd1g4fCG8fxPnc09ieR9NHgImBpZ9v0_xcjEMe6Ty0hwzVF-RGex8DoOmcdu9jLmsCq7GburbXHoYKtsw2NWXUs3yBUDqaYOiLjsrYCBxLDhLCLQeCcG_Rr6lbNEdUZ7dYkVvwfLcvD3dN80DRERcNBCrhQ3XTM8GenNIp5x5ZwwmKOYqYQIYHYyg17sxj8WA
OPTIONS

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

chrome.exe

Remote address:

172.217.169.74:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: jnn-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

chrome.exe

Remote address:

172.217.169.74:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: jnn-pa.googleapis.com
content-length: 24
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
x-user-agent: grpc-web-javascript/0.1
x-goog-api-key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
content-type: application/json+protobuf
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.youtube.com
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

chrome.exe

Remote address:

172.217.169.74:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: jnn-pa.googleapis.com
content-length: 24
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
x-user-agent: grpc-web-javascript/0.1
x-goog-api-key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
content-type: application/json+protobuf
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.youtube.com
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://yt3.ggpht.com/ytc/AIdro_mYWVrTrMSWqq5fO57xoq5-Du6mnZ07xDF7IUiPC97zthw=s68-c-k-c0x00ffffff-no-rj

chrome.exe

Remote address:

142.250.178.1:443

Request

GET /ytc/AIdro_mYWVrTrMSWqq5fO57xoq5-Du6mnZ07xDF7IUiPC97zthw=s68-c-k-c0x00ffffff-no-rj HTTP/2.0
host: yt3.ggpht.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://yt3.ggpht.com/ytc/AIdro_l4TIE1e3yWr6msQyZDCzFSBw1sdAkOIucOSp41f7s=s68-c-k-c0x00ffffff-no-rj

chrome.exe

Remote address:

142.250.178.1:443

Request

GET /ytc/AIdro_l4TIE1e3yWr6msQyZDCzFSBw1sdAkOIucOSp41f7s=s68-c-k-c0x00ffffff-no-rj HTTP/2.0
host: yt3.ggpht.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

chrome.exe

Remote address:

216.58.201.110:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

chrome.exe

Remote address:

216.58.201.110:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

chrome.exe

Remote address:

216.58.201.110:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

chrome.exe

Remote address:

216.58.201.110:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://torrent-stats.info/bdc0/3ef5b9780.png

chrome.exe

Remote address:

87.98.254.167:443

Request

GET /bdc0/3ef5b9780.png HTTP/1.1
Host: torrent-stats.info
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://fitgirl-repacks.site/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Date: Sun, 13 Oct 2024 10:01:46 GMT
Server: Apache
X-Powered-By: PHP/8.0.30
Expires: Sun, 13 Oct 2024 12:20:41 GMT
Pragma: cache
Cache-Control: max-age=8335
Last-Modified: Sun, 13 Oct 2024 09:35:43 GMT
Keep-Alive: timeout=5, max=10
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: image/png
GET

https://i3.imageban.ru/out/2021/12/31/7b4fae0cb0a8fa800bc02c17c9b6af9b.jpg

chrome.exe

Remote address:

82.146.61.17:443

Request

GET /out/2021/12/31/7b4fae0cb0a8fa800bc02c17c9b6af9b.jpg HTTP/2.0
host: i3.imageban.ru
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.14.2
date: Sun, 13 Oct 2024 10:01:46 GMT
content-type: image/jpeg
content-length: 81927
last-modified: Fri, 31 Dec 2021 15:08:28 GMT
etag: "61cf1cec-14007"
accept-ranges: bytes
GET

https://s01.riotpixels.net/data/b4/6d/b46de311-57d6-4b86-ab20-25011f0c180e.jpg.240p.jpg

chrome.exe

Remote address:

172.67.150.141:443

Request

GET /data/b4/6d/b46de311-57d6-4b86-ab20-25011f0c180e.jpg.240p.jpg HTTP/2.0
host: s01.riotpixels.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:01:46 GMT
content-type: image/jpeg
content-length: 17424
last-modified: Sat, 17 Oct 2015 06:21:02 GMT
etag: "5621e8ce-4410"
expires: Thu, 21 Aug 2025 21:45:36 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4536970
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IdOkABTGP7Q3WvTitFqV5Xjq0nGgbjpWzHxXRjRcgwFs%2FJNp4MZdq4AODMgtKKz0t4wxhBvdNFZ5h6msX1h3oo%2Fm6Fo%2FP9LHsULwy0ESN%2Ff%2Foi6LeyySPz6OnVnXATwNpbwcDl4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d1e7d8089bc6543-LHR
alt-svc: h3=":443"; ma=86400
GET

https://s01.riotpixels.net/data/55/8f/558fe4dc-88a9-446c-8121-98a76177c0ea.jpg.240p.jpg

chrome.exe

Remote address:

172.67.150.141:443

Request

GET /data/55/8f/558fe4dc-88a9-446c-8121-98a76177c0ea.jpg.240p.jpg HTTP/2.0
host: s01.riotpixels.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:01:46 GMT
content-type: image/jpeg
content-length: 19206
last-modified: Fri, 23 Oct 2015 11:40:44 GMT
etag: "562a1cbc-4b06"
expires: Thu, 21 Aug 2025 21:45:36 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4536970
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u9nuIinb9azgC%2FIdD72IrEnpFSxc5Rxo212UrOJXX1o2Dku9W19Z9LxMKLHSxrTVKCj74H2%2BgPcPQMFb%2Bg3uxDvIKmPjlfGoF6U%2BZ9%2F434YiJNioevQsLt9%2FTsF8pnaQZOgoElM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d1e7d8089b86543-LHR
alt-svc: h3=":443"; ma=86400
GET

https://s01.riotpixels.net/data/44/ae/44aeeb76-a884-48ca-a1a0-c201831d0870.jpg.240p.jpg

chrome.exe

Remote address:

172.67.150.141:443

Request

GET /data/44/ae/44aeeb76-a884-48ca-a1a0-c201831d0870.jpg.240p.jpg HTTP/2.0
host: s01.riotpixels.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:01:46 GMT
content-type: image/jpeg
content-length: 16064
last-modified: Tue, 24 Jul 2018 17:30:10 GMT
etag: "5b576222-3ec0"
expires: Fri, 22 Aug 2025 17:22:08 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4466378
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eqR8rH6SSWkX90pIx6hBPDTj%2B9wdqMqv%2Fg4uYAVXMvjFPBWbEqgp%2B6T%2FlPZIw3qR%2BeK1RClHeKW889WsajTF8ooEblL4iLAIL0h3lkog21%2FTjVT5tJistQtjbzqtNTE4YCdT%2BHw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d1e7d8089ba6543-LHR
alt-svc: h3=":443"; ma=86400
GET

https://s01.riotpixels.net/data/23/af/23af02af-172e-46cb-8119-031aed2061fd.jpg.240p.jpg

chrome.exe

Remote address:

172.67.150.141:443

Request

GET /data/23/af/23af02af-172e-46cb-8119-031aed2061fd.jpg.240p.jpg HTTP/2.0
host: s01.riotpixels.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:01:46 GMT
content-type: image/jpeg
content-length: 12639
last-modified: Thu, 14 May 2015 08:23:18 GMT
etag: "55545b76-315f"
expires: Fri, 22 Aug 2025 17:22:17 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4466369
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bMz2jXVSffWvNufrM%2FYmRr0QwkhfXN5uPhLre3jiiTrnk0BnfsEWKUYfv4hySjQPciLwBfDbD70FWCDtbfGFo%2FchgYpL4gCqXgH1n%2BGFJu9gS4D0h57dgrMd%2FMVqSdOQQfrLBjI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d1e7d80fa436543-LHR
alt-svc: h3=":443"; ma=86400
GET

https://s01.riotpixels.net/data/11/44/1144b738-44fe-4787-914b-eeaf5fdf6a63.jpg.240p.jpg

chrome.exe

Remote address:

172.67.150.141:443

Request

GET /data/11/44/1144b738-44fe-4787-914b-eeaf5fdf6a63.jpg.240p.jpg HTTP/2.0
host: s01.riotpixels.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:01:46 GMT
content-type: image/jpeg
content-length: 19184
last-modified: Thu, 17 Sep 2015 03:30:16 GMT
etag: "55fa33c8-4af0"
expires: Thu, 21 Aug 2025 21:45:36 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4536970
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3GL5mUfx%2FXaBfowOfFSEzcn0Lk8LNB3IOwVQpnnw72HvWfFG2mOdt0LywNqKhp3gidzM2buVk2h3uKzf%2BJtQTiA2PBb4ABMY0rRVC6HK21pSZuSqHBBjoETkhYSaodldAaOiX%2Bw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d1e7d80fa496543-LHR
alt-svc: h3=":443"; ma=86400
GET

https://s01.riotpixels.net/data/1f/b1/1fb11ab8-ac47-44ad-af43-483484a05eb1.jpg.240p.jpg

chrome.exe

Remote address:

172.67.150.141:443

Request

GET /data/1f/b1/1fb11ab8-ac47-44ad-af43-483484a05eb1.jpg.240p.jpg HTTP/2.0
host: s01.riotpixels.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:01:46 GMT
content-type: image/jpeg
content-length: 26667
last-modified: Thu, 04 Jun 2015 19:40:08 GMT
etag: "5570a998-682b"
expires: Thu, 21 Aug 2025 21:45:36 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4536970
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FM%2F5CwF1k1BGCa2L7cdPGGiVCzMpCDcu1glNYOcye0xBQqN7SiApwlQdBCwNUjnuYi%2B8GJ%2BWEJy0W6klqRmUIsHeUNjpivFOWYLcjzVo4TOoY19AMdYonRPTwITZ3M%2FNCMXfDWM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d1e7d80fa456543-LHR
alt-svc: h3=":443"; ma=86400
GET

https://s.w.org/images/core/emoji/14.0.0/svg/1f642.svg

chrome.exe

Remote address:

192.0.77.48:443

Request

GET /images/core/emoji/14.0.0/svg/1f642.svg HTTP/2.0
host: s.w.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:01:46 GMT
content-type: image/svg+xml
last-modified: Tue, 12 Apr 2022 03:50:38 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-encoding: br
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
x-nc: HIT lhr 2
x-content-type-options: nosniff
GET

https://fitgirl-repacks-site.disqus.com/embed.js

chrome.exe

Remote address:

199.232.196.134:443

Request

GET /embed.js HTTP/1.1
Host: fitgirl-repacks-site.disqus.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://fitgirl-repacks.site/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 26332
server: openresty
content-type: application/javascript; charset=utf-8
x-service: router
content-encoding: gzip
Date: Sun, 13 Oct 2024 10:01:46 GMT
Age: 10
Vary: Accept-Encoding
Cache-Control: private, max-age=60
Strict-Transport-Security: max-age=300; includeSubdomains
Cross-Origin-Resource-Policy: cross-origin
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
GET

https://fitgirl-repacks-site.disqus.com/count-data.js?1=2137%20http%3A%2F%2Ffitgirl-repacks.site%2F%3Fp%3D2137

chrome.exe

Remote address:

199.232.196.134:443

Request

GET /count-data.js?1=2137%20http%3A%2F%2Ffitgirl-repacks.site%2F%3Fp%3D2137 HTTP/1.1
Host: fitgirl-repacks-site.disqus.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://fitgirl-repacks.site/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 280
Server: nginx
Content-Type: application/javascript; charset=UTF-8
X-Frame-Options: SAMEORIGIN
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=600
Age: 251
Date: Sun, 13 Oct 2024 10:01:46 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains
Cross-Origin-Resource-Policy: cross-origin
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
GET

https://fitgirl-repacks-site.disqus.com/count.js

chrome.exe

Remote address:

199.232.196.134:443

Request

GET /count.js HTTP/1.1
Host: fitgirl-repacks-site.disqus.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://fitgirl-repacks.site/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 871
Content-Type: application/javascript; charset=utf-8
Server: nginx
Last-Modified: Wed, 09 Oct 2024 22:53:54 GMT
ETag: "67070982-367"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Amz-Cf-Pop: DFW3-C1
X-Amz-Cf-Id: wYFNznM-z8-2BYsmEHVwAQaErvXk0MSWbEb4ShuOEbST1QdxSjDp3A==
Cache-Control: public, max-age=300
Date: Sun, 13 Oct 2024 10:01:46 GMT
Age: 119
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains
Cross-Origin-Resource-Policy: cross-origin
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
GET

https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css

chrome.exe

Remote address:

18.239.208.63:443

Request

GET /next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css HTTP/2.0
host: c.disquscdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/css; charset=utf-8
content-length: 244
date: Thu, 19 Sep 2024 02:06:52 GMT
server: nginx
last-modified: Tue, 17 Sep 2024 22:14:41 GMT
etag: "66e9ff51-f4"
content-encoding: gzip
x-served-by: static-web-1
x-cache-hits: 0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
expires: Fri, 19 Sep 2025 02:06:52 GMT
cache-control: max-age=31536000
cache-control: public
cache-control: immutable
cache-control: no-transform
access-control-allow-origin: *
timing-allow-origin: *
surrogate-key: next
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
via: 1.1 1bff19813518c379b9a7e50d87c9b2f6.cloudfront.net (CloudFront)
x-amz-cf-pop: BRU50-P1
x-amz-cf-id: ziADACw20fZrsiTV3-adZpqLpQgt6NycLPgVOC_UWHxb-E2JsoNhrQ==
age: 2102095
GET

https://disqus.com/embed/comments/?base=default&f=fitgirl-repacks-site&t_i=2137%20http%3A%2F%2Ffitgirl-repacks.site%2F%3Fp%3D2137&t_u=https%3A%2F%2Ffitgirl-repacks.site%2Fgrand-theft-auto-v%2F&t_e=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20%E2%80%93%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs&t_d=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20-%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs%20-%20FitGirl%20Repacks&t_t=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20%E2%80%93%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs&s_o=default

chrome.exe

Remote address:

151.101.64.134:443

Request

GET /embed/comments/?base=default&f=fitgirl-repacks-site&t_i=2137%20http%3A%2F%2Ffitgirl-repacks.site%2F%3Fp%3D2137&t_u=https%3A%2F%2Ffitgirl-repacks.site%2Fgrand-theft-auto-v%2F&t_e=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20%E2%80%93%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs&t_d=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20-%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs%20-%20FitGirl%20Repacks&t_t=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20%E2%80%93%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs&s_o=default HTTP/1.1
Host: disqus.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://fitgirl-repacks.site/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 13428
Server: nginx
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 13 Oct 2024 10:00:23 GMT
ETag: W/"lounge:view:5962527791.5b350e080fc4938496175f62ba864fdd.2"
Referrer-Policy: no-referrer-when-downgrade
Content-Encoding: gzip
Age: 0
Date: Sun, 13 Oct 2024 10:01:46 GMT
Vary: Accept-Encoding
Cross-Origin-Resource-Policy: cross-origin
Strict-Transport-Security: max-age=300; includeSubdomains
GET

https://disqus.com/next/config.js

chrome.exe

Remote address:

151.101.64.134:443

Request

GET /next/config.js HTTP/1.1
Host: disqus.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Referer: https://disqus.com/embed/comments/?base=default&f=fitgirl-repacks-site&t_i=2137%20http%3A%2F%2Ffitgirl-repacks.site%2F%3Fp%3D2137&t_u=https%3A%2F%2Ffitgirl-repacks.site%2Fgrand-theft-auto-v%2F&t_e=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20%E2%80%93%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs&t_d=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20-%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs%20-%20FitGirl%20Repacks&t_t=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20%E2%80%93%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs&s_o=default
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 20765
Server: nginx
Content-Type: application/javascript; charset=UTF-8
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Date: Sun, 13 Oct 2024 10:01:47 GMT
Age: 55
Cross-Origin-Resource-Policy: cross-origin
Strict-Transport-Security: max-age=300; includeSubdomains
GET

https://disqus.com/api/3.0/forums/details?forum=fitgirl-repacks-site&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

chrome.exe

Remote address:

151.101.64.134:443

Request

GET /api/3.0/forums/details?forum=fitgirl-repacks-site&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F HTTP/1.1
Host: disqus.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: */*
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://disqus.com/embed/comments/?base=default&f=fitgirl-repacks-site&t_i=2137%20http%3A%2F%2Ffitgirl-repacks.site%2F%3Fp%3D2137&t_u=https%3A%2F%2Ffitgirl-repacks.site%2Fgrand-theft-auto-v%2F&t_e=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20%E2%80%93%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs&t_d=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20-%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs%20-%20FitGirl%20Repacks&t_t=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20%E2%80%93%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs&s_o=default
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 3350
Server: nginx
Content-Type: application/json
X-Frame-Options: SAMEORIGIN
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Date: Sun, 13 Oct 2024 10:01:47 GMT
Age: 45
Vary: Origin, Cookie
Cross-Origin-Resource-Policy: cross-origin
Strict-Transport-Security: max-age=300; includeSubdomains
GET

https://c.disquscdn.com/embedv2/latest/embedv2.js

chrome.exe

Remote address:

18.239.208.63:443

Request

GET /embedv2/latest/embedv2.js HTTP/2.0
host: c.disquscdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://disqus.com/embed/comments/?base=default&f=fitgirl-repacks-site&t_i=2137%20http%3A%2F%2Ffitgirl-repacks.site%2F%3Fp%3D2137&t_u=https%3A%2F%2Ffitgirl-repacks.site%2Fgrand-theft-auto-v%2F&t_e=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20%E2%80%93%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs&t_d=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20-%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs%20-%20FitGirl%20Repacks&t_t=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20%E2%80%93%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs&s_o=default
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript; charset=utf-8
content-length: 250820
server: nginx
last-modified: Mon, 29 Jul 2024 05:44:53 GMT
content-encoding: gzip
x-served-by: static-web-2
x-cache-hits: 0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 13 Oct 2024 10:01:44 GMT
expires: Sun, 13 Oct 2024 10:06:44 GMT
cache-control: max-age=300
cache-control: public
etag: "66a72c55-3d3c4"
x-cache: Hit from cloudfront
via: 1.1 923b257861428e30a3cf7fb7a3374926.cloudfront.net (CloudFront)
x-amz-cf-pop: BRU50-P1
x-amz-cf-id: RSeV9H7T3bOJZQWweMAcGEmstdd-vICbNfPUSb-vNQsLPB5fdSm9eg==
age: 2
GET

https://c.disquscdn.com/next/embed/common.bundle.14814e267412506a81edfbae9e14cec1.js

chrome.exe

Remote address:

18.239.208.63:443

Request

GET /next/embed/common.bundle.14814e267412506a81edfbae9e14cec1.js HTTP/2.0
host: c.disquscdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://disqus.com/embed/comments/?base=default&f=fitgirl-repacks-site&t_i=2137%20http%3A%2F%2Ffitgirl-repacks.site%2F%3Fp%3D2137&t_u=https%3A%2F%2Ffitgirl-repacks.site%2Fgrand-theft-auto-v%2F&t_e=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20%E2%80%93%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs&t_d=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20-%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs%20-%20FitGirl%20Repacks&t_t=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20%E2%80%93%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs&s_o=default
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript; charset=utf-8
content-length: 94174
date: Fri, 27 Sep 2024 14:23:52 GMT
server: nginx
last-modified: Fri, 27 Sep 2024 14:11:57 GMT
etag: "66f6bd2d-16fde"
content-encoding: gzip
x-served-by: static-web-2
x-cache-hits: 0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
expires: Sat, 27 Sep 2025 14:23:52 GMT
cache-control: max-age=31536000
cache-control: public
cache-control: immutable
cache-control: no-transform
access-control-allow-origin: *
timing-allow-origin: *
surrogate-key: next
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
via: 1.1 923b257861428e30a3cf7fb7a3374926.cloudfront.net (CloudFront)
x-amz-cf-pop: BRU50-P1
x-amz-cf-id: eAr2RbaXaD0k5ZP2z6PR8o8hHUaTrjT68VswKcPIsWreuZ43aRtmXQ==
age: 1366675
GET

https://c.disquscdn.com/next/embed/styles/lounge.4ea17c4c63c2f479303433492a2a08e8.css

chrome.exe

Remote address:

18.239.208.63:443

Request

GET /next/embed/styles/lounge.4ea17c4c63c2f479303433492a2a08e8.css HTTP/2.0
host: c.disquscdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://disqus.com/embed/comments/?base=default&f=fitgirl-repacks-site&t_i=2137%20http%3A%2F%2Ffitgirl-repacks.site%2F%3Fp%3D2137&t_u=https%3A%2F%2Ffitgirl-repacks.site%2Fgrand-theft-auto-v%2F&t_e=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20%E2%80%93%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs&t_d=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20-%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs%20-%20FitGirl%20Repacks&t_t=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20%E2%80%93%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs&s_o=default
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/css; charset=utf-8
content-length: 33628
date: Wed, 04 Sep 2024 21:25:41 GMT
server: nginx
last-modified: Wed, 04 Sep 2024 21:20:09 GMT
etag: "66d8cf09-835c"
content-encoding: gzip
x-served-by: static-web-2
x-cache-hits: 0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
expires: Thu, 04 Sep 2025 21:25:41 GMT
cache-control: max-age=31536000
cache-control: public
cache-control: immutable
cache-control: no-transform
access-control-allow-origin: *
timing-allow-origin: *
surrogate-key: next
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
via: 1.1 923b257861428e30a3cf7fb7a3374926.cloudfront.net (CloudFront)
x-amz-cf-pop: BRU50-P1
x-amz-cf-id: AakHNe-C9DO6OxsM-nXu1twklgWRHhO54TtUd3-DaW8nyjm0C-QlQw==
age: 3328566
GET

https://c.disquscdn.com/next/embed/lounge.bundle.af134f6a9c289b5cf867d1c96d050b4c.js

chrome.exe

Remote address:

18.239.208.63:443

Request

GET /next/embed/lounge.bundle.af134f6a9c289b5cf867d1c96d050b4c.js HTTP/2.0
host: c.disquscdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://disqus.com/embed/comments/?base=default&f=fitgirl-repacks-site&t_i=2137%20http%3A%2F%2Ffitgirl-repacks.site%2F%3Fp%3D2137&t_u=https%3A%2F%2Ffitgirl-repacks.site%2Fgrand-theft-auto-v%2F&t_e=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20%E2%80%93%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs&t_d=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20-%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs%20-%20FitGirl%20Repacks&t_t=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20%E2%80%93%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs&s_o=default
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript; charset=utf-8
content-length: 133828
date: Mon, 29 Jul 2024 13:34:55 GMT
server: nginx
last-modified: Mon, 29 Jul 2024 13:30:08 GMT
etag: "66a79960-20ac4"
content-encoding: gzip
x-served-by: static-web-2
x-cache-hits: 0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
expires: Tue, 29 Jul 2025 13:34:55 GMT
cache-control: max-age=31536000
cache-control: public
cache-control: immutable
cache-control: no-transform
access-control-allow-origin: *
timing-allow-origin: *
surrogate-key: next
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
via: 1.1 923b257861428e30a3cf7fb7a3374926.cloudfront.net (CloudFront)
x-amz-cf-pop: BRU50-P1
x-amz-cf-id: 2wZRHV9LUXRsBHa8t5Oo5t1nNzfWHpd7uUWTgZos68ANxgEyaI2e6g==
age: 6553612
GET

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4d4793ead94570e89fe80e89a75c69e2.svg

chrome.exe

Remote address:

18.239.208.63:443

Request

GET /next/embed/assets/img/svg-sprite.4d4793ead94570e89fe80e89a75c69e2.svg HTTP/2.0
host: c.disquscdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://c.disquscdn.com/next/embed/styles/lounge.4ea17c4c63c2f479303433492a2a08e8.css
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/svg+xml; charset=utf-8
content-length: 14929
date: Fri, 13 Sep 2024 14:36:06 GMT
server: nginx
last-modified: Wed, 11 Sep 2024 21:09:26 GMT
etag: "66e20706-3a51"
x-served-by: static-web-2
x-cache-hits: 0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
expires: Sat, 13 Sep 2025 14:36:06 GMT
cache-control: max-age=31536000
cache-control: public
cache-control: immutable
cache-control: no-transform
access-control-allow-origin: *
timing-allow-origin: *
surrogate-key: next
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 923b257861428e30a3cf7fb7a3374926.cloudfront.net (CloudFront)
x-amz-cf-pop: BRU50-P1
x-amz-cf-id: M-0KM-RTTtSgd2IdVwZBDzqV2YDDNmcduhdGDmMAlbnnKwQySSLn9A==
age: 2575541
GET

https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif

chrome.exe

Remote address:

18.239.208.63:443

Request

GET /next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif HTTP/2.0
host: c.disquscdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://c.disquscdn.com/next/embed/styles/lounge.4ea17c4c63c2f479303433492a2a08e8.css
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/gif
content-length: 2971
date: Mon, 19 Aug 2024 12:05:10 GMT
server: nginx
last-modified: Thu, 15 Aug 2024 13:28:46 GMT
etag: "66be028e-b9b"
x-served-by: static-web-2
x-cache-hits: 0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
expires: Tue, 19 Aug 2025 12:05:10 GMT
cache-control: max-age=31536000
cache-control: public
cache-control: immutable
cache-control: no-transform
access-control-allow-origin: *
timing-allow-origin: *
surrogate-key: next
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 923b257861428e30a3cf7fb7a3374926.cloudfront.net (CloudFront)
x-amz-cf-pop: BRU50-P1
x-amz-cf-id: hb8uNj6NZwNQ3dxEYstC2uYzzHpdLCw7I1jCBkyWzVg51q0HicpF8w==
age: 4744597
GET

https://c.disquscdn.com/next/embed/assets/img/email.727e30eb9b6c1e85cb010b9c8eb04c7e.svg

chrome.exe

Remote address:

18.239.208.63:443

Request

GET /next/embed/assets/img/email.727e30eb9b6c1e85cb010b9c8eb04c7e.svg HTTP/2.0
host: c.disquscdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://c.disquscdn.com/next/embed/styles/lounge.4ea17c4c63c2f479303433492a2a08e8.css
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/svg+xml; charset=utf-8
content-length: 840
date: Fri, 13 Sep 2024 14:36:06 GMT
server: nginx
last-modified: Wed, 11 Sep 2024 21:09:26 GMT
etag: "66e20706-348"
x-served-by: static-web-2
x-cache-hits: 0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
expires: Sat, 13 Sep 2025 14:36:06 GMT
cache-control: max-age=31536000
cache-control: public
cache-control: immutable
cache-control: no-transform
access-control-allow-origin: *
timing-allow-origin: *
surrogate-key: next
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 923b257861428e30a3cf7fb7a3374926.cloudfront.net (CloudFront)
x-amz-cf-pop: BRU50-P1
x-amz-cf-id: vfsJ2MWS2kavloz8Q7UVHy2c9y1JBrkwSrYOWgQQg_I_ZUNCHmyU2g==
age: 2575541
GET

https://c.disquscdn.com/next/embed/assets/img/privacy.8c96be6b50de1c3fab838c5f050e0be5.svg

chrome.exe

Remote address:

18.239.208.63:443

Request

GET /next/embed/assets/img/privacy.8c96be6b50de1c3fab838c5f050e0be5.svg HTTP/2.0
host: c.disquscdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://c.disquscdn.com/next/embed/styles/lounge.4ea17c4c63c2f479303433492a2a08e8.css
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/svg+xml; charset=utf-8
content-length: 891
date: Tue, 06 Feb 2024 20:22:14 GMT
server: nginx
last-modified: Tue, 30 Jan 2024 16:48:51 GMT
etag: "65b92873-37b"
x-served-by: static-web-2
x-cache-hits: 0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
expires: Wed, 05 Feb 2025 20:22:14 GMT
cache-control: max-age=31536000
cache-control: public
cache-control: immutable
cache-control: no-transform
access-control-allow-origin: *
timing-allow-origin: *
surrogate-key: next
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 923b257861428e30a3cf7fb7a3374926.cloudfront.net (CloudFront)
x-amz-cf-pop: BRU50-P1
x-amz-cf-id: EOGKY8s7dtYdN21s7mEhaTb2MXQ2QulrC2OrQmUY9StcJMqVpRSj2A==
age: 21562773
GET

https://c.disquscdn.com/next/embed/assets/img/warning.3bc0b4bff6c268a4ceaf404014b9be42.svg

chrome.exe

Remote address:

18.239.208.63:443

Request

GET /next/embed/assets/img/warning.3bc0b4bff6c268a4ceaf404014b9be42.svg HTTP/2.0
host: c.disquscdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://c.disquscdn.com/next/embed/styles/lounge.4ea17c4c63c2f479303433492a2a08e8.css
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/svg+xml; charset=utf-8
content-length: 605
date: Thu, 11 Jan 2024 04:39:35 GMT
server: nginx
last-modified: Mon, 08 Jan 2024 22:12:55 GMT
etag: "659c7367-25d"
x-served-by: static-web-2
x-cache-hits: 0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
expires: Fri, 10 Jan 2025 04:39:35 GMT
cache-control: max-age=31536000
cache-control: public
cache-control: immutable
cache-control: no-transform
access-control-allow-origin: *
timing-allow-origin: *
surrogate-key: next
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 923b257861428e30a3cf7fb7a3374926.cloudfront.net (CloudFront)
x-amz-cf-pop: BRU50-P1
x-amz-cf-id: TQZX7Q8CusxLBU_NflV0mbxc4SlawJxwmZxpazBHW4-JBnUHTpGc0g==
age: 23865732
GET

https://c.disquscdn.com/next/embed/assets/img/sprite.ad630a07080a45451f139a7487853ff8.png

chrome.exe

Remote address:

18.239.208.63:443

Request

GET /next/embed/assets/img/sprite.ad630a07080a45451f139a7487853ff8.png HTTP/2.0
host: c.disquscdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://c.disquscdn.com/next/embed/styles/lounge.4ea17c4c63c2f479303433492a2a08e8.css
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/png
content-length: 1763
date: Tue, 23 Jul 2024 12:53:27 GMT
server: nginx
last-modified: Mon, 22 Jul 2024 15:51:47 GMT
etag: "669e8013-6e3"
x-served-by: static-web-2
x-cache-hits: 0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
expires: Wed, 23 Jul 2025 12:53:27 GMT
cache-control: max-age=31536000
cache-control: public
cache-control: immutable
cache-control: no-transform
access-control-allow-origin: *
timing-allow-origin: *
surrogate-key: next
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 923b257861428e30a3cf7fb7a3374926.cloudfront.net (CloudFront)
x-amz-cf-pop: BRU50-P1
x-amz-cf-id: FGh8qaCKpH4HEz0zLnUh-gZY4s8iA-v8L7gzJEqH313gG-A7iLSQuQ==
age: 7074500
GET

https://c.disquscdn.com/next/embed/lounge.load.b040cc4fb9749f836fa39cae48953897.js

chrome.exe

Remote address:

18.239.208.63:443

Request

GET /next/embed/lounge.load.b040cc4fb9749f836fa39cae48953897.js HTTP/2.0
host: c.disquscdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://disqus.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://disqus.com/embed/comments/?base=default&f=fitgirl-repacks-site&t_i=2137%20http%3A%2F%2Ffitgirl-repacks.site%2F%3Fp%3D2137&t_u=https%3A%2F%2Ffitgirl-repacks.site%2Fgrand-theft-auto-v%2F&t_e=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20%E2%80%93%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs&t_d=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20-%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs%20-%20FitGirl%20Repacks&t_t=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20%E2%80%93%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs&s_o=default
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript; charset=utf-8
content-length: 494
date: Fri, 27 Sep 2024 14:23:52 GMT
server: nginx
last-modified: Fri, 27 Sep 2024 14:11:57 GMT
etag: "66f6bd2d-1ee"
content-encoding: gzip
x-served-by: static-web-2
x-cache-hits: 0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
expires: Sat, 27 Sep 2025 14:23:52 GMT
cache-control: max-age=31536000
cache-control: public
cache-control: immutable
cache-control: no-transform
access-control-allow-origin: *
timing-allow-origin: *
surrogate-key: next
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
via: 1.1 4711a6160d191e5827e72db73c0acff8.cloudfront.net (CloudFront)
x-amz-cf-pop: BRU50-P1
x-amz-cf-id: Tp54G1itlD4Nw7Bgfq0Zt8SCmgIdyNu3VxSP4nt-dC_nh7nI_Q1eYw==
age: 1366674
GET

https://c.disquscdn.com/next/embed/assets/font/icons.79e576f9489bae308388e5b8e250aa86.woff2

chrome.exe

Remote address:

18.239.208.63:443

Request

GET /next/embed/assets/font/icons.79e576f9489bae308388e5b8e250aa86.woff2 HTTP/2.0
host: c.disquscdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://disqus.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://c.disquscdn.com/next/embed/styles/lounge.4ea17c4c63c2f479303433492a2a08e8.css
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/octet-stream
content-length: 8216
date: Wed, 06 Dec 2023 19:49:42 GMT
server: nginx
last-modified: Wed, 06 Dec 2023 19:40:12 GMT
etag: "6570ce1c-2018"
x-served-by: static-web-1
x-cache-hits: 0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
expires: Thu, 05 Dec 2024 19:49:42 GMT
cache-control: max-age=31536000
cache-control: public
cache-control: immutable
cache-control: no-transform
access-control-allow-origin: *
timing-allow-origin: *
surrogate-key: next
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 4711a6160d191e5827e72db73c0acff8.cloudfront.net (CloudFront)
x-amz-cf-pop: BRU50-P1
x-amz-cf-id: iWteY0woad9ObspJTL3BaFchMUVbaVg-sgRc2PvFHCLEV3UOEfvBqw==
age: 26921525
GET

https://c.disquscdn.com/next/embed/assets/img/follow-v2.411b1215980cdde315e43cc006cfbea6.svg

chrome.exe

Remote address:

18.239.208.63:443

Request

GET /next/embed/assets/img/follow-v2.411b1215980cdde315e43cc006cfbea6.svg HTTP/2.0
host: c.disquscdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://disqus.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: image
referer: https://c.disquscdn.com/next/embed/styles/lounge.4ea17c4c63c2f479303433492a2a08e8.css
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/svg+xml; charset=utf-8
content-length: 1557
date: Fri, 05 Jan 2024 01:53:50 GMT
server: nginx
last-modified: Thu, 04 Jan 2024 17:51:51 GMT
etag: "6596f037-615"
x-served-by: static-web-1
x-cache-hits: 0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
expires: Sat, 04 Jan 2025 01:53:50 GMT
cache-control: max-age=31536000
cache-control: public
cache-control: immutable
cache-control: no-transform
access-control-allow-origin: *
timing-allow-origin: *
surrogate-key: next
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 4711a6160d191e5827e72db73c0acff8.cloudfront.net (CloudFront)
x-amz-cf-pop: BRU50-P1
x-amz-cf-id: OIQEp_BsuN1TQP3YiOHgfnLXFx1P-WVom5fjUWSZPHNU9WP4QuheqQ==
age: 24394077
GET

https://c.disquscdn.com/next/embed/assets/img/like.855606fb4e3a7a6448e6c782f3f54e5a.svg

chrome.exe

Remote address:

18.239.208.63:443

Request

GET /next/embed/assets/img/like.855606fb4e3a7a6448e6c782f3f54e5a.svg HTTP/2.0
host: c.disquscdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://disqus.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: image
referer: https://c.disquscdn.com/next/embed/styles/lounge.4ea17c4c63c2f479303433492a2a08e8.css
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/svg+xml; charset=utf-8
content-length: 1655
date: Wed, 24 Jul 2024 16:20:59 GMT
server: nginx
last-modified: Mon, 22 Jul 2024 15:51:47 GMT
etag: "669e8013-677"
x-served-by: static-web-2
x-cache-hits: 0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
expires: Thu, 24 Jul 2025 16:20:59 GMT
cache-control: max-age=31536000
cache-control: public
cache-control: immutable
cache-control: no-transform
access-control-allow-origin: *
timing-allow-origin: *
surrogate-key: next
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 4711a6160d191e5827e72db73c0acff8.cloudfront.net (CloudFront)
x-amz-cf-pop: BRU50-P1
x-amz-cf-id: Gdgwj1fWkdMbvtsFMFuYCHRXSYwwc_0IjGz6IFHMg-CUyGd7eJmbvQ==
age: 6975648
GET

https://c.disquscdn.com/next/embed/assets/img/dislike.612d8ba98928c381e4c789c1b309cda1.svg

chrome.exe

Remote address:

18.239.208.63:443

Request

GET /next/embed/assets/img/dislike.612d8ba98928c381e4c789c1b309cda1.svg HTTP/2.0
host: c.disquscdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://disqus.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: image
referer: https://c.disquscdn.com/next/embed/styles/lounge.4ea17c4c63c2f479303433492a2a08e8.css
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/svg+xml; charset=utf-8
content-length: 1796
date: Sat, 29 Jun 2024 21:39:34 GMT
server: nginx
last-modified: Thu, 27 Jun 2024 18:30:14 GMT
etag: "667dafb6-704"
x-served-by: static-web-1
x-cache-hits: 0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
expires: Sun, 29 Jun 2025 21:39:34 GMT
cache-control: max-age=31536000
cache-control: public
cache-control: immutable
cache-control: no-transform
access-control-allow-origin: *
timing-allow-origin: *
surrogate-key: next
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 4711a6160d191e5827e72db73c0acff8.cloudfront.net (CloudFront)
x-amz-cf-pop: BRU50-P1
x-amz-cf-id: KKxiqY7x3JM-td7b196KfbpzNV7kGPgLf7L0kZ0EsxRTszN9sqWKtg==
age: 9116533
DNS

134.64.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.64.101.151.in-addr.arpa

IN PTR

Response
DNS

fonts.googleapis.com

Remote address:

8.8.8.8:53

Request

fonts.googleapis.com

IN A

Response

fonts.googleapis.com

IN A

142.250.200.10
DNS

paste.fitgirl-repacks.site

Remote address:

8.8.8.8:53

Request

paste.fitgirl-repacks.site

IN A

Response

paste.fitgirl-repacks.site

IN CNAME

fitgirl-repacks.site

fitgirl-repacks.site

IN A

190.115.31.179
DNS

senditfast.cloud

Remote address:

8.8.8.8:53

Request

senditfast.cloud

IN A

Response

senditfast.cloud

IN A

104.21.15.162

senditfast.cloud

IN A

172.67.163.30
DNS

code.jquery.com

Remote address:

8.8.8.8:53

Request

code.jquery.com

IN A

Response

code.jquery.com

IN A

151.101.2.137

code.jquery.com

IN A

151.101.66.137

code.jquery.com

IN A

151.101.194.137

code.jquery.com

IN A

151.101.130.137
DNS

www.googletagmanager.com

Remote address:

8.8.8.8:53

Request

www.googletagmanager.com

IN A

Response

www.googletagmanager.com

IN A

172.217.16.232
DNS

region1.analytics.google.com

Remote address:

8.8.8.8:53

Request

region1.analytics.google.com

IN A

Response

region1.analytics.google.com

IN A

216.239.34.36

region1.analytics.google.com

IN A

216.239.32.36
DNS

10.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.169.217.172.in-addr.arpa

IN PTR

Response

10.169.217.172.in-addr.arpa

IN PTR

lhr25s26-in-f101e100net
DNS

play.google.com

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

172.217.16.238
DNS

www.google.co.uk

Remote address:

8.8.8.8:53

Request

www.google.co.uk

IN A

Response

www.google.co.uk

IN A

142.250.180.3
DNS

173.128.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

173.128.123.92.in-addr.arpa

IN PTR

Response

173.128.123.92.in-addr.arpa

IN PTR

a92-123-128-173deploystaticakamaitechnologiescom
DNS

play.google.com

Remote address:

8.8.8.8:53

Request

play.google.com

IN A

Response

play.google.com

IN A

172.217.169.46
DNS

c.pki.goog

Remote address:

8.8.8.8:53

Request

c.pki.goog

IN A

Response

c.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

media.tenor.com

Remote address:

8.8.8.8:53

Request

media.tenor.com

IN A

Response

media.tenor.com

IN CNAME

tenor.googleapis.com

tenor.googleapis.com

IN A

142.250.179.234

tenor.googleapis.com

IN A

216.58.212.202

tenor.googleapis.com

IN A

142.250.180.10

tenor.googleapis.com

IN A

216.58.204.74

tenor.googleapis.com

IN A

142.250.200.42

tenor.googleapis.com

IN A

216.58.201.106

tenor.googleapis.com

IN A

142.250.178.10

tenor.googleapis.com

IN A

172.217.169.10

tenor.googleapis.com

IN A

172.217.169.74

tenor.googleapis.com

IN A

142.250.187.234

tenor.googleapis.com

IN A

172.217.16.234

tenor.googleapis.com

IN A

142.250.200.10

tenor.googleapis.com

IN A

142.250.187.202

tenor.googleapis.com

IN A

172.217.169.42
DNS

media.tenor.com

Remote address:

8.8.8.8:53

Request

media.tenor.com

IN A

Response

media.tenor.com

IN CNAME

tenor.googleapis.com

tenor.googleapis.com

IN A

142.250.180.10

tenor.googleapis.com

IN A

172.217.169.42

tenor.googleapis.com

IN A

172.217.169.10

tenor.googleapis.com

IN A

142.250.179.234

tenor.googleapis.com

IN A

142.250.200.42

tenor.googleapis.com

IN A

216.58.212.202

tenor.googleapis.com

IN A

172.217.169.74

tenor.googleapis.com

IN A

172.217.16.234

tenor.googleapis.com

IN A

142.250.178.10

tenor.googleapis.com

IN A

142.250.200.10

tenor.googleapis.com

IN A

142.250.187.202

tenor.googleapis.com

IN A

142.250.187.234

tenor.googleapis.com

IN A

216.58.201.106

tenor.googleapis.com

IN A

216.58.204.74
GET

https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&integration=wordpress%203.0.23&load_time=164&event=init_embed&thread=5962527791&forum=fitgirl-repacks-site&forum_id=4952977&imp=860spcp2p5sfbo&thread_slug=grand_theft_auto_v_gta_5_v108771v136_ultra_repack_21x&user_type=anon&referrer=https%3A%2F%2Ffitgirl-repacks.site%2F&theme=next&dnt=0&tracking_enabled=0&experiment=network_default_hidden&variant=fallthrough&service=dynamic&promoted_enabled=false&max_enabled=true

chrome.exe

Remote address:

199.232.196.134:443

Request

GET /juggler/event.gif?abe=0&embed_hidden=0&integration=wordpress%203.0.23&load_time=164&event=init_embed&thread=5962527791&forum=fitgirl-repacks-site&forum_id=4952977&imp=860spcp2p5sfbo&thread_slug=grand_theft_auto_v_gta_5_v108771v136_ultra_repack_21x&user_type=anon&referrer=https%3A%2F%2Ffitgirl-repacks.site%2F&theme=next&dnt=0&tracking_enabled=0&experiment=network_default_hidden&variant=fallthrough&service=dynamic&promoted_enabled=false&max_enabled=true HTTP/1.1
Host: referrer.disqus.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://disqus.com/embed/comments/?base=default&f=fitgirl-repacks-site&t_i=2137%20http%3A%2F%2Ffitgirl-repacks.site%2F%3Fp%3D2137&t_u=https%3A%2F%2Ffitgirl-repacks.site%2Fgrand-theft-auto-v%2F&t_e=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20%E2%80%93%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs&t_d=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20-%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs%20-%20FitGirl%20Repacks&t_t=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20%E2%80%93%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs&s_o=default
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

Connection: keep-alive
Content-Length: 43
server: nginx
content-type: image/gif
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
Date: Sun, 13 Oct 2024 10:01:47 GMT
Cross-Origin-Resource-Policy: cross-origin
GET

https://a.disquscdn.com/1728479400/images/noavatar92.png

chrome.exe

Remote address:

199.232.194.49:443

Request

GET /1728479400/images/noavatar92.png HTTP/2.0
host: a.disquscdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://disqus.com/embed/comments/?base=default&f=fitgirl-repacks-site&t_i=2137%20http%3A%2F%2Ffitgirl-repacks.site%2F%3Fp%3D2137&t_u=https%3A%2F%2Ffitgirl-repacks.site%2Fgrand-theft-auto-v%2F&t_e=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20%E2%80%93%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs&t_d=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20-%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs%20-%20FitGirl%20Repacks&t_t=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20%E2%80%93%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs&s_o=default
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/png
server: nginx
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
etag: "60395f01-66c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
expires: Fri, 08 Nov 2024 17:03:33 GMT
cache-control: max-age=2592000
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: LHR50-P7
x-amz-cf-id: ZCO1dawYhIEPUpYRDxlQjTl8kNxB7rJjc8Jxn6GDPTWh-shRyaZ5Lg==
date: Sun, 13 Oct 2024 10:01:47 GMT
age: 320294
strict-transport-security: max-age=300; includeSubdomains
content-length: 1644
GET

https://realtime.services.disqus.com/ws/2/thread/5962527791?

chrome.exe

Remote address:

52.5.112.135:443

Request

GET /ws/2/thread/5962527791? HTTP/1.1
Host: realtime.services.disqus.com
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Upgrade: websocket
Origin: https://disqus.com
Sec-WebSocket-Version: 13
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9
Sec-WebSocket-Key: VriS5X6gHi/i4rVuSnX6aQ==
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Response

HTTP/1.1 101 Switching Protocols

Server: nginx
Date: Sun, 13 Oct 2024 10:01:47 GMT
Content-Length: 0
Connection: upgrade
Sec-WebSocket-Extensions: permessage-deflate
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://disqus.com
Sec-WebSocket-Accept: ddWI6zxvd2H2mpNMskg+jkrZ7vM=
Upgrade: websocket
X-Served-By: realtime-5
X-Cache: MISS
X-Cache-Hits: 0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
GET

https://paste.fitgirl-repacks.site/?8376284b3712a84c

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /?8376284b3712a84c HTTP/2.0
host: paste.fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://fitgirl-repacks.site/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg10_=1728813706
cookie: __ddg8_=CkYSeMItqdySjFi5

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=Zhbnr2iFwAJ2HSuV; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:55 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:55 GMT
set-cookie: __ddg10_=1728813715; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:55 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 13 Oct 2024 10:01:55 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-store, no-cache, no-transform, must-revalidate
pragma: no-cache
expires: Sun, 13 Oct 2024 10:01:55 GMT
last-modified: Sun, 13 Oct 2024 10:01:55 GMT
vary: Accept
content-security-policy: default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads
cross-origin-resource-policy: same-origin
cross-origin-embedder-policy: require-corp
permissions-policy: browsing-topics=()
referrer-policy: no-referrer
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
content-encoding: gzip
GET

https://paste.fitgirl-repacks.site/css/bootstrap/bootstrap-3.4.1.css

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /css/bootstrap/bootstrap-3.4.1.css HTTP/2.0
host: paste.fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg8_=Zhbnr2iFwAJ2HSuV
cookie: __ddg10_=1728813715

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=Om2yiGpev6CEkYuF; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg10_=1728813716; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Fri, 06 Sep 2024 20:58:54 GMT
content-type: text/css
last-modified: Fri, 15 Dec 2023 06:20:20 GMT
vary: Accept-Encoding
etag: W/"657bf024-e6c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
age: 3157382
content-length: 1578
ddg-cache-status: HIT
GET

https://paste.fitgirl-repacks.site/css/bootstrap/bootstrap-theme-3.4.1.css

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /css/bootstrap/bootstrap-theme-3.4.1.css HTTP/2.0
host: paste.fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg8_=Zhbnr2iFwAJ2HSuV
cookie: __ddg10_=1728813715

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=F4uw8WNaA3x67FlC; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg10_=1728813716; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sat, 12 Oct 2024 22:25:05 GMT
content-type: text/css
last-modified: Fri, 15 Dec 2023 06:20:20 GMT
vary: Accept-Encoding
etag: W/"657bf024-1da32"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
age: 41811
content-length: 19689
ddg-cache-status: HIT
GET

https://paste.fitgirl-repacks.site/css/bootstrap/privatebin.css?1.6.2

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /css/bootstrap/privatebin.css?1.6.2 HTTP/2.0
host: paste.fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg8_=Zhbnr2iFwAJ2HSuV
cookie: __ddg10_=1728813715

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=aH0MKlbIpuwJqDOk; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg10_=1728813716; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Fri, 06 Sep 2024 20:58:54 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 15 Dec 2023 06:20:20 GMT
vary: Accept-Encoding
etag: W/"657bf024-1444"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
age: 3157382
content-length: 1104
ddg-cache-status: HIT
GET

https://paste.fitgirl-repacks.site/css/prettify/prettify.css?1.6.2

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /css/prettify/prettify.css?1.6.2 HTTP/2.0
host: paste.fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg8_=Zhbnr2iFwAJ2HSuV
cookie: __ddg10_=1728813715

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=ISZwVnXYFtgtZj2x; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg10_=1728813716; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Thu, 03 Oct 2024 02:51:47 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 15 Dec 2023 06:20:20 GMT
vary: Accept-Encoding
etag: W/"657bf024-1038"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
age: 889809
content-length: 1411
ddg-cache-status: HIT
GET

https://paste.fitgirl-repacks.site/js/jquery-3.7.0.js

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /js/jquery-3.7.0.js HTTP/2.0
host: paste.fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://paste.fitgirl-repacks.site
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg8_=Zhbnr2iFwAJ2HSuV
cookie: __ddg10_=1728813715

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=l9Iq0PkotThvXHJI; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg10_=1728813716; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Fri, 06 Sep 2024 20:58:54 GMT
content-type: text/css
content-length: 655
last-modified: Fri, 15 Dec 2023 06:20:20 GMT
etag: "657bf024-28f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
age: 3157382
ddg-cache-status: HIT
GET

https://paste.fitgirl-repacks.site/js/zlib-1.2.13-1.js

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /js/zlib-1.2.13-1.js HTTP/2.0
host: paste.fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://paste.fitgirl-repacks.site
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg8_=Zhbnr2iFwAJ2HSuV
cookie: __ddg10_=1728813715

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=rop7sJ8H9dyTc9jg; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg10_=1728813716; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Fri, 06 Sep 2024 20:58:54 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 15 Dec 2023 06:20:20 GMT
vary: Accept-Encoding
etag: W/"657bf024-155a6"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
age: 3157382
content-length: 30386
ddg-cache-status: HIT
GET

https://paste.fitgirl-repacks.site/js/base-x-4.0.0.js

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /js/base-x-4.0.0.js HTTP/2.0
host: paste.fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://paste.fitgirl-repacks.site
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg8_=Zhbnr2iFwAJ2HSuV
cookie: __ddg10_=1728813715

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=8Auvgp6ExY73QonN; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg10_=1728813716; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 08 Sep 2024 13:09:54 GMT
content-type: text/css
last-modified: Fri, 15 Dec 2023 06:20:20 GMT
vary: Accept-Encoding
etag: W/"657bf024-5b40"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
age: 3012722
content-length: 2736
ddg-cache-status: HIT
GET

https://paste.fitgirl-repacks.site/js/rawinflate-0.3.js

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /js/rawinflate-0.3.js HTTP/2.0
host: paste.fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://paste.fitgirl-repacks.site
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg8_=Zhbnr2iFwAJ2HSuV
cookie: __ddg10_=1728813715

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=dkeej6H8bZEtw1EZ; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg10_=1728813716; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Fri, 06 Sep 2024 20:58:55 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 15 Dec 2023 06:20:20 GMT
vary: Accept-Encoding
etag: W/"657bf024-4d46"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
age: 3157381
content-length: 6315
ddg-cache-status: HIT
GET

https://paste.fitgirl-repacks.site/js/bootstrap-3.4.1.js

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /js/bootstrap-3.4.1.js HTTP/2.0
host: paste.fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://paste.fitgirl-repacks.site
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg8_=Zhbnr2iFwAJ2HSuV
cookie: __ddg10_=1728813715

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=2FGLNQGAgeyhP83M; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg10_=1728813716; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Fri, 06 Sep 2024 20:58:55 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 15 Dec 2023 06:20:20 GMT
vary: Accept-Encoding
etag: W/"657bf024-9b00"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
age: 3157381
content-length: 10940
ddg-cache-status: HIT
GET

https://paste.fitgirl-repacks.site/js/prettify.js?1.6.2

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /js/prettify.js?1.6.2 HTTP/2.0
host: paste.fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://paste.fitgirl-repacks.site
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg8_=Zhbnr2iFwAJ2HSuV
cookie: __ddg10_=1728813715

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=9VgiVPNHWeKmUjfH; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg10_=1728813716; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Fri, 06 Sep 2024 20:58:55 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 15 Dec 2023 06:20:20 GMT
vary: Accept-Encoding
etag: W/"657bf024-519c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
age: 3157381
content-length: 8105
ddg-cache-status: HIT
GET

https://paste.fitgirl-repacks.site/js/showdown-2.1.0.js

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /js/showdown-2.1.0.js HTTP/2.0
host: paste.fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://paste.fitgirl-repacks.site
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg8_=Zhbnr2iFwAJ2HSuV
cookie: __ddg10_=1728813715

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=wHQFP1Z4w0PN6APV; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg10_=1728813716; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Wed, 11 Sep 2024 19:24:32 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 15 Dec 2023 06:20:20 GMT
vary: Accept-Encoding
etag: W/"657bf024-1259f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
age: 2731044
content-length: 24276
ddg-cache-status: HIT
GET

https://paste.fitgirl-repacks.site/js/purify-3.0.6.js

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /js/purify-3.0.6.js HTTP/2.0
host: paste.fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://paste.fitgirl-repacks.site
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg8_=Zhbnr2iFwAJ2HSuV
cookie: __ddg10_=1728813715

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=DA0W2K95YMdxy1tb; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg10_=1728813716; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Fri, 06 Sep 2024 20:58:55 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 15 Dec 2023 06:20:20 GMT
vary: Accept-Encoding
etag: W/"657bf024-3ae9"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
age: 3157381
content-length: 6736
ddg-cache-status: HIT
GET

https://paste.fitgirl-repacks.site/js/legacy.js?1.6.2

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /js/legacy.js?1.6.2 HTTP/2.0
host: paste.fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://paste.fitgirl-repacks.site
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg8_=Zhbnr2iFwAJ2HSuV
cookie: __ddg10_=1728813715

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=mKzDHgESRZbVSddW; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg10_=1728813716; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Fri, 06 Sep 2024 20:58:55 GMT
content-type: image/svg+xml
content-length: 943
last-modified: Fri, 15 Dec 2023 06:20:20 GMT
etag: "657bf024-3af"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
age: 3157381
ddg-cache-status: HIT
GET

https://paste.fitgirl-repacks.site/js/privatebin.js?1.6.22

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /js/privatebin.js?1.6.22 HTTP/2.0
host: paste.fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://paste.fitgirl-repacks.site
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg8_=Zhbnr2iFwAJ2HSuV
cookie: __ddg10_=1728813715

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=ma7Pm11hrJVmm8xW; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg10_=1728813716; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Fri, 06 Sep 2024 20:58:55 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 27 May 2024 08:46:47 GMT
vary: Accept-Encoding
etag: W/"66544877-2b927"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
age: 3157381
content-length: 36243
ddg-cache-status: HIT
GET

https://paste.fitgirl-repacks.site/fakes.jpg

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /fakes.jpg HTTP/2.0
host: paste.fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg8_=Zhbnr2iFwAJ2HSuV
cookie: __ddg10_=1728813715

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=QlP9s0w6EIxRU70l; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg10_=1728813716; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Tue, 10 Sep 2024 20:41:09 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 15 Dec 2023 06:20:20 GMT
vary: Accept-Encoding
etag: W/"657bf024-21a0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
age: 2812847
content-length: 2462
ddg-cache-status: HIT
GET

https://paste.fitgirl-repacks.site/img/icon.svg

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /img/icon.svg HTTP/2.0
host: paste.fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg8_=Zhbnr2iFwAJ2HSuV
cookie: __ddg10_=1728813715

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=G3CIGxXrLR7yFuVw; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg10_=1728813716; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Fri, 06 Sep 2024 20:58:55 GMT
content-type: image/jpeg
content-length: 69514
last-modified: Fri, 12 Jan 2024 02:43:50 GMT
etag: "65a0a766-10f8a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
age: 3157381
ddg-cache-status: HIT
GET

https://paste.fitgirl-repacks.site/js/zlib-1.2.13.wasm

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /js/zlib-1.2.13.wasm HTTP/2.0
host: paste.fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg10_=1728813716
cookie: __ddg8_=2FGLNQGAgeyhP83M

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=mWeoRBJK3uY8tReo; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg10_=1728813716; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 13 Oct 2024 10:01:56 GMT
content-type: application/wasm
last-modified: Fri, 15 Dec 2023 06:20:20 GMT
vary: Accept-Encoding
etag: W/"657bf024-e5cc"
content-encoding: gzip
GET

https://paste.fitgirl-repacks.site/js/kjua-0.9.0.js

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /js/kjua-0.9.0.js HTTP/2.0
host: paste.fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://paste.fitgirl-repacks.site
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg10_=1728813716
cookie: __ddg8_=G3CIGxXrLR7yFuVw

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=G4dOPmyPZOC8aqPA; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg10_=1728813716; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Fri, 06 Sep 2024 20:58:54 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 15 Dec 2023 06:20:20 GMT
vary: Accept-Encoding
etag: W/"657bf024-6f0d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
age: 3157382
content-length: 10663
ddg-cache-status: HIT
GET

https://paste.fitgirl-repacks.site/css/bootstrap/fonts/glyphicons-halflings-regular.woff2

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /css/bootstrap/fonts/glyphicons-halflings-regular.woff2 HTTP/2.0
host: paste.fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://paste.fitgirl-repacks.site
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://paste.fitgirl-repacks.site/css/bootstrap/bootstrap-3.4.1.css
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg10_=1728813716
cookie: __ddg8_=G3CIGxXrLR7yFuVw

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=PYupy8euSuOfA0bG; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg10_=1728813716; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Mon, 07 Oct 2024 16:45:10 GMT
content-type: font/woff2
content-length: 18028
last-modified: Fri, 15 Dec 2023 06:20:20 GMT
etag: "657bf024-466c"
accept-ranges: bytes
age: 494206
ddg-cache-status: HIT
GET

https://paste.fitgirl-repacks.site/?pasteid=8376284b3712a84c

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /?pasteid=8376284b3712a84c HTTP/2.0
host: paste.fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept: application/json, text/javascript, */*; q=0.01
x-requested-with: JSONHttpRequest
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg10_=1728813716
cookie: __ddg8_=G4dOPmyPZOC8aqPA

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=O3SZC1dvRqEsy4xI; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg10_=1728813716; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Fri, 06 Sep 2024 20:59:00 GMT
content-type: image/x-icon
last-modified: Fri, 15 Dec 2023 06:20:20 GMT
vary: Accept-Encoding
etag: W/"657bf024-3aee"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
age: 3157376
content-length: 3262
ddg-cache-status: HIT
GET

https://paste.fitgirl-repacks.site/img/favicon.ico

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /img/favicon.ico HTTP/2.0
host: paste.fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __ddg1_=QgvRI6VIn4UI8PslUxIS
cookie: __ddg9_=138.199.29.44
cookie: __ddg10_=1728813716
cookie: __ddg8_=PYupy8euSuOfA0bG

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=xcod2jP2z9jdsMIC; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg10_=1728813716; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
content-security-policy: upgrade-insecure-requests;
date: Sun, 13 Oct 2024 10:01:56 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE
access-control-allow-headers: X-Requested-With, Content-Type
content-encoding: gzip
GET

https://paste.fitgirl-repacks.site/manifest.json?1.6.2

chrome.exe

Remote address:

190.115.31.179:443

Request

GET /manifest.json?1.6.2 HTTP/2.0
host: paste.fitgirl-repacks.site
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: manifest
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: ddos-guard
set-cookie: __ddg8_=3ZpuUjicxzpsVr0l; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg9_=138.199.29.44; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
set-cookie: __ddg10_=1728813716; Domain=.fitgirl-repacks.site; Path=/; Expires=Sun, 13-Oct-2024 10:21:56 GMT
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1_=i8h8DMP4nn4s2jigrP3L; Domain=.fitgirl-repacks.site; HttpOnly; Path=/; Expires=Mon, 13-Oct-2025 10:01:56 GMT
date: Sun, 13 Oct 2024 10:01:56 GMT
content-type: application/json
content-length: 294
last-modified: Fri, 15 Dec 2023 06:20:20 GMT
etag: "657bf024-126"
accept-ranges: bytes
GET

https://fuckingfast.co/7jyte5ukfgwb

chrome.exe

Remote address:

172.67.72.214:443

Request

GET /7jyte5ukfgwb HTTP/2.0
host: fuckingfast.co
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:02:01 GMT
content-type: text/html; charset=utf-8
vary: Origin,Accept-Encoding
cf-cache-status: DYNAMIC
server-timing: cfCacheStatus;desc="DYNAMIC"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m9rv%2Fx%2BkjC6BUVrx26Xie7FDtZJDw66ZLOET2YtQBD8mRlS0f%2BhxYpM6HuH9%2FEXWnUlTQHpDqupzsUeAkRkIs%2Bq1%2FRySdYuIWmkczT3FRyla%2BiT8CvG70Zhcd%2ByStpmz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d1e7ddf68b576f9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://fuckingfast.co/static/bundle.js?v=174b03882b2de16e6c9cdab7dc84e43c499ae480-dirty

chrome.exe

Remote address:

172.67.72.214:443

Request

GET /static/bundle.js?v=174b03882b2de16e6c9cdab7dc84e43c499ae480-dirty HTTP/2.0
host: fuckingfast.co
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fuckingfast.co/7jyte5ukfgwb
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:02:01 GMT
content-type: text/css
vary: Origin,Accept-Encoding
cache-control: public, max-age=86400000
cf-cache-status: HIT
age: 5878906
last-modified: Tue, 06 Aug 2024 09:00:15 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q7QHxpbb2reo5oQXxp%2BwjlvO9zTvS6JJcZFyCMbW6xypCe9nL%2F3IA%2FicRajc9thRg5GKMSQE3ycUtS2MayxA%2BI3FjvlwPDv7AhRtSuo5PpQuelxWEwihXFMq7fYgs7nr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d1e7de039bf76f9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://fuckingfast.co/static/whysostylish.css?v=174b03882b2de16e6c9cdab7dc84e43c499ae480-dirty

chrome.exe

Remote address:

172.67.72.214:443

Request

GET /static/whysostylish.css?v=174b03882b2de16e6c9cdab7dc84e43c499ae480-dirty HTTP/2.0
host: fuckingfast.co
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://fuckingfast.co/7jyte5ukfgwb
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:02:01 GMT
content-type: text/javascript
vary: Origin,Accept-Encoding
cache-control: public, max-age=86400000
cf-cache-status: HIT
age: 5878906
last-modified: Tue, 06 Aug 2024 09:00:15 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q1vOKeiHYUZPeOOsivluaeQ%2B4ky80JovZjLIubb%2Bg9rHZyA30L2z1akpKSbX0a5Qg9GTMFWD9gpDq0fwyw0SpTjOC3liKqTYTlHxlwRPQb3afBprWWlD%2B8cNVYdv6btB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d1e7de039ba76f9-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

chrome.exe

Remote address:

104.16.79.73:443

Request

GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/2.0
host: static.cloudflareinsights.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://fuckingfast.co
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:02:01 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.6.1"
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d1e7de0ba93776b-LHR
content-encoding: gzip
GET

https://challenges.cloudflare.com/turnstile/v0/api.js

chrome.exe

Remote address:

104.18.94.41:443

Request

GET /turnstile/v0/api.js HTTP/2.0
host: challenges.cloudflare.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fuckingfast.co/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Sun, 13 Oct 2024 10:02:01 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/b/62ec4f065604/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d1e7de0beaacd92-LHR
alt-svc: h3=":443"; ma=86400
GET

https://challenges.cloudflare.com/turnstile/v0/b/62ec4f065604/api.js

chrome.exe

Remote address:

104.18.94.41:443

Request

GET /turnstile/v0/b/62ec4f065604/api.js HTTP/2.0
host: challenges.cloudflare.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://fuckingfast.co/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:02:01 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 01 Oct 2024 14:19:56 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d1e7de0ef04cd92-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://senditfast.cloud/file?l5xcr=BdeCo6RjhOfsFQhv8WSo&papu=cHViaWQlM0QzOSUyNmNhbXBhaWduX2lkJTNENjcwNTVjNjI0OGU2ZQ%3D%3D&sWYyIPdxBd6wdaopxVFq

chrome.exe

Remote address:

104.21.15.162:443

Request

GET /file?l5xcr=BdeCo6RjhOfsFQhv8WSo&papu=cHViaWQlM0QzOSUyNmNhbXBhaWduX2lkJTNENjcwNTVjNjI0OGU2ZQ%3D%3D&sWYyIPdxBd6wdaopxVFq HTTP/2.0
host: senditfast.cloud
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:02:06 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.1.30
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; frame-ancestors 'none'; form-action 'self'
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
permissions-policy: geolocation=(), microphone=(), camera=(), fullscreen=(self), payment=()
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8npCmussNh40hF3UswejLbyK%2B0IJ1IddqMbX4EqdUZmy47MwIzFyGs3c1uLja5Gyr%2Br%2F6idbg%2BoSMdpnKnix%2FquGeanL1PAO6STBOsmhjwWadOPuOnsPCFB6RW7tJXXi%2FYt7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 8d1e7df3097663ef-LHR
content-encoding: zstd
alt-svc: h3=":443"; ma=86400
GET

https://senditfast.cloud/cdn-cgi/speculation

chrome.exe

Remote address:

104.21.15.162:443

Request

GET /cdn-cgi/speculation HTTP/2.0
host: senditfast.cloud
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://senditfast.cloud
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: speculationrules
referer: https://senditfast.cloud/file?l5xcr=BdeCo6RjhOfsFQhv8WSo&papu=cHViaWQlM0QzOSUyNmNhbXBhaWduX2lkJTNENjcwNTVjNjI0OGU2ZQ%3D%3D&sWYyIPdxBd6wdaopxVFq
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:02:06 GMT
content-type: application/speculationrules+json
content-length: 128
access-control-allow-origin: https://senditfast.cloud
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LmLEM%2BPU3zF%2FA%2BBiUr4LNEHd8ma2BdH%2B2BfGOI3YPBlzRBJS9fRInlAinjMbI4B0juhwUWidQVe%2FPFsKILnrBVCjGQlFg6XdjbMiFq1OLjFTFXKFC%2BPKC7Pjn6AmCWoS0Ahn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d1e7dfbec7d63ef-LHR
alt-svc: h3=":443"; ma=86400
GET

https://directtransfer.cfd/getdownload?GKDEH=3pxhppN8YVSODr15l6YK&scsewfbnfdSghg=UmVxdWVzdGVkX0ZpbGU%3D

chrome.exe

Remote address:

104.21.95.242:443

Request

GET /getdownload?GKDEH=3pxhppN8YVSODr15l6YK&scsewfbnfdSghg=UmVxdWVzdGVkX0ZpbGU%3D HTTP/2.0
host: directtransfer.cfd
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://senditfast.cloud/file?l5xcr=BdeCo6RjhOfsFQhv8WSo&papu=cHViaWQlM0QzOSUyNmNhbXBhaWduX2lkJTNENjcwNTVjNjI0OGU2ZQ%3D%3D&sWYyIPdxBd6wdaopxVFq
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:02:06 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.0.30
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lF0KedJK3yYIF6iEyKAKEKsyIk2Rz9PzswCvAHCpquF0rygaqd9tOveCezgwPp89vc9ICObnPt4rK2WfjE2NbDaY19i8Bi9rS%2BLPkWPOS%2BnLbj7OmSBtEcjOcYnnf19RZKP8DSo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 8d1e7dfc6b29887a-LHR
content-encoding: zstd
alt-svc: h3=":443"; ma=86400
GET

https://directtransfer.cfd/cdn-cgi/speculation

chrome.exe

Remote address:

104.21.95.242:443

Request

GET /cdn-cgi/speculation HTTP/2.0
host: directtransfer.cfd
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://directtransfer.cfd
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: speculationrules
referer: https://directtransfer.cfd/getdownload?GKDEH=3pxhppN8YVSODr15l6YK&scsewfbnfdSghg=UmVxdWVzdGVkX0ZpbGU%3D
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:02:06 GMT
content-type: application/speculationrules+json
content-length: 128
access-control-allow-origin: https://directtransfer.cfd
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jZdf%2B9RigioEaBaW9Js01wG2ASnod219bCFpJ64sOncekB%2B6efFtVRwVrPAUSzLKznCBPx0uC1ZdJchKcZ%2FXuJ2uD274BSMe1eodZ2dwF%2FjXJfqm3I3067ALzQFZw6sOMnnyXQQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d1e7dff5f12887a-LHR
alt-svc: h3=":443"; ma=86400
GET

https://directtransfer.cfd/requesting?pgp1X=N0SNSBmtmK4qqDVPR7Qb&title=UmVxdWVzdGVkX0ZpbGU%3D&redirect=3&Ynlpa=4zxrixwoRf5n9X6G35Wt

chrome.exe

Remote address:

104.21.95.242:443

Request

GET /requesting?pgp1X=N0SNSBmtmK4qqDVPR7Qb&title=UmVxdWVzdGVkX0ZpbGU%3D&redirect=3&Ynlpa=4zxrixwoRf5n9X6G35Wt HTTP/2.0
host: directtransfer.cfd
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://directtransfer.cfd/getdownload?GKDEH=3pxhppN8YVSODr15l6YK&scsewfbnfdSghg=UmVxdWVzdGVkX0ZpbGU%3D
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:02:06 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.0.30
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zoNUPREmcXIyzq%2F7CYlsW6bq7f8UN4VuZPZ1DnQqHl382ox%2BNYMM41i8MVH0fJzvMdCK5e4%2FabyeB8gOcQOjJ5nNton1xQGwqwFTLD2GtzrUCxWtk%2BdeJdsPRBVRVJD6rtEq044%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 8d1e7dff6f2b887a-LHR
content-encoding: zstd
alt-svc: h3=":443"; ma=86400
GET

https://transferbox.cfd/download?ZUSE4=thFIwXfiTloKbe9mzc5U&filehost=95ad05e960e93a6d&hXDjt=thFIwXfiTloKbe9mzc5U

chrome.exe

Remote address:

172.67.154.60:443

Request

GET /download?ZUSE4=thFIwXfiTloKbe9mzc5U&filehost=95ad05e960e93a6d&hXDjt=thFIwXfiTloKbe9mzc5U HTTP/2.0
host: transferbox.cfd
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://directtransfer.cfd/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:02:08 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.0.30
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HsF4PqigyX8NZWcOsaptfYf%2FcnIkcGpivY8155tAcWWMbPBmG4GTyYsciWx3RTgqp7GWYCFS%2B%2FACiMrdpVCBQwE7KMpu8tCVYv0bpLLVNLmz8C8RqXpmm6nbqXd1a6ccXbM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 8d1e7e063eb494d5-LHR
content-encoding: zstd
alt-svc: h3=":443"; ma=86400
GET

https://transferbox.cfd/cdn-cgi/speculation

chrome.exe

Remote address:

172.67.154.60:443

Request

GET /cdn-cgi/speculation HTTP/2.0
host: transferbox.cfd
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://transferbox.cfd
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: speculationrules
referer: https://transferbox.cfd/download?ZUSE4=thFIwXfiTloKbe9mzc5U&filehost=95ad05e960e93a6d&hXDjt=thFIwXfiTloKbe9mzc5U
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:02:08 GMT
content-type: application/speculationrules+json
content-length: 128
access-control-allow-origin: https://transferbox.cfd
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9PKALAgc4z3gAEvCBwK8t3Sjx6aR2dx%2FzC925A3ncgA5SgQvRVE7%2FrH5xq9FzcAHGY2pCpsOsrUBuccXf9B9%2B44x%2BNcrwUhS2%2Fmj1%2F%2BTdyq3mHSvl3F4KfQjhoSi3vj3ezs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d1e7e09db0094d5-LHR
alt-svc: h3=":443"; ma=86400
GET

https://code.jquery.com/jquery-3.6.0.min.js

chrome.exe

Remote address:

151.101.2.137:443

Request

GET /jquery-3.6.0.min.js HTTP/2.0
host: code.jquery.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://transferbox.cfd/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sun, 13 Oct 2024 10:02:08 GMT
age: 5005834
x-served-by: cache-lga21931-LGA, cache-lcy-eglc8600056-LCY
x-cache: HIT, HIT
x-cache-hits: 13, 747855
x-timer: S1728813728.368446,VS0,VE0
vary: Accept-Encoding
content-length: 30875
GET

https://www.mediafire.com/file/wairnw5h05fox4b/

chrome.exe

Remote address:

104.17.150.117:443

Request

GET /file/wairnw5h05fox4b/ HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:02:35 GMT
content-type: text/html; charset=UTF-8
cf-ray: 8d1e7eb24d0c957d-LHR
cf-cache-status: DYNAMIC
access-control-allow-origin: https://www.mediafire.com
cache-control: no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
expires: 0
set-cookie: ukey=d3ck80ebme70wkbd0738cbbdfquvvmu7; expires=Thu, 13-Oct-2044 10:02:35 GMT; Max-Age=631152000; path=/; domain=.mediafire.com; HttpOnly
strict-transport-security: max-age=0
pragma: no-cache
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
x-frame-options: SAMEORIGIN
x-mf-env: liveApi
x-mf-fe: mf2
x-robots-tag: noindex, nofollow
set-cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-1%22%2C%22mf_content%22%3A%22Business%22%2C%22mf_medium%22%3A%22windows%5C%2FChrome%22%2C%22mf_campaign%22%3A%22wairnw5h05fox4b%22%2C%22mf_term%22%3A%2283ac79c1f22c374c6b82e4b77c9ab502%22%7D; expires=Tue, 12-Nov-2024 10:02:35 GMT; Max-Age=2592000; path=/; domain=.mediafire.com
set-cookie: __cf_bm=Y8eHdifoa8gf3heoWtRGNBlJ2Os8wgm7u076Ez42600-1728813755-1.0.1.1-P__sAOJnE6ktI80DO2ijZVTUxRHm0jEddNdy5jJUNYp0qIiqsor72cjPDRAYT5d8h4a9Lo1hl9JvqfZz7ex4qA; path=/; expires=Sun, 13-Oct-24 10:32:35 GMT; domain=.mediafire.com; HttpOnly; Secure; SameSite=None
server-timing: cfCacheStatus;desc="DYNAMIC"
vary: Accept-Encoding
server: cloudflare
content-encoding: gzip
GET

https://www.mediafire.com/images/icons/svg_dark/icons_sprite.svg

chrome.exe

Remote address:

104.17.150.117:443

Request

GET /images/icons/svg_dark/icons_sprite.svg HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/file/wairnw5h05fox4b/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: ukey=d3ck80ebme70wkbd0738cbbdfquvvmu7
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-1%22%2C%22mf_content%22%3A%22Business%22%2C%22mf_medium%22%3A%22windows%5C%2FChrome%22%2C%22mf_campaign%22%3A%22wairnw5h05fox4b%22%2C%22mf_term%22%3A%2283ac79c1f22c374c6b82e4b77c9ab502%22%7D
cookie: __cf_bm=Y8eHdifoa8gf3heoWtRGNBlJ2Os8wgm7u076Ez42600-1728813755-1.0.1.1-P__sAOJnE6ktI80DO2ijZVTUxRHm0jEddNdy5jJUNYp0qIiqsor72cjPDRAYT5d8h4a9Lo1hl9JvqfZz7ex4qA

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:02:35 GMT
content-type: image/svg+xml
cf-ray: 8d1e7eb42fb8957d-LHR
cf-cache-status: HIT
access-control-allow-origin: *
age: 5845
etag: W/"62deda56-90ab"
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
vary: Accept-Encoding
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
x-mf-env: liveApi
x-mf-fe: mf1
server: cloudflare
content-encoding: gzip
GET

https://www.mediafire.com/images/flags_svg/usa.svg

chrome.exe

Remote address:

104.17.150.117:443

Request

GET /images/flags_svg/usa.svg HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/file/wairnw5h05fox4b/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: ukey=d3ck80ebme70wkbd0738cbbdfquvvmu7
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-1%22%2C%22mf_content%22%3A%22Business%22%2C%22mf_medium%22%3A%22windows%5C%2FChrome%22%2C%22mf_campaign%22%3A%22wairnw5h05fox4b%22%2C%22mf_term%22%3A%2283ac79c1f22c374c6b82e4b77c9ab502%22%7D
cookie: __cf_bm=Y8eHdifoa8gf3heoWtRGNBlJ2Os8wgm7u076Ez42600-1728813755-1.0.1.1-P__sAOJnE6ktI80DO2ijZVTUxRHm0jEddNdy5jJUNYp0qIiqsor72cjPDRAYT5d8h4a9Lo1hl9JvqfZz7ex4qA

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:02:35 GMT
content-type: image/svg+xml
cf-ray: 8d1e7eb42fba957d-LHR
cf-cache-status: HIT
access-control-allow-origin: *
age: 570
etag: W/"62deda56-5c7"
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
vary: Accept-Encoding
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
x-mf-env: liveApi
x-mf-fe: mf1
server: cloudflare
content-encoding: gzip
GET

https://www.mediafire.com/images/icons/svg_light/icons_sprite.svg

chrome.exe

Remote address:

104.17.150.117:443

Request

GET /images/icons/svg_light/icons_sprite.svg HTTP/2.0
host: www.mediafire.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/file/wairnw5h05fox4b/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: ukey=d3ck80ebme70wkbd0738cbbdfquvvmu7
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-1%22%2C%22mf_content%22%3A%22Business%22%2C%22mf_medium%22%3A%22windows%5C%2FChrome%22%2C%22mf_campaign%22%3A%22wairnw5h05fox4b%22%2C%22mf_term%22%3A%2283ac79c1f22c374c6b82e4b77c9ab502%22%7D
cookie: __cf_bm=Y8eHdifoa8gf3heoWtRGNBlJ2Os8wgm7u076Ez42600-1728813755-1.0.1.1-P__sAOJnE6ktI80DO2ijZVTUxRHm0jEddNdy5jJUNYp0qIiqsor72cjPDRAYT5d8h4a9Lo1hl9JvqfZz7ex4qA

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:02:35 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: W/"62deda56-3b5"
x-mf-env: liveApi
x-mf-fe: mf1
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 11616
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d1e7eb45fe5957d-LHR
content-encoding: gzip
GET

https://static.mediafire.com/images/filetype/file-zip-v3.png

chrome.exe

Remote address:

104.17.150.117:443

Request

GET /images/filetype/file-zip-v3.png HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: ukey=d3ck80ebme70wkbd0738cbbdfquvvmu7
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-1%22%2C%22mf_content%22%3A%22Business%22%2C%22mf_medium%22%3A%22windows%5C%2FChrome%22%2C%22mf_campaign%22%3A%22wairnw5h05fox4b%22%2C%22mf_term%22%3A%2283ac79c1f22c374c6b82e4b77c9ab502%22%7D
cookie: __cf_bm=Y8eHdifoa8gf3heoWtRGNBlJ2Os8wgm7u076Ez42600-1728813755-1.0.1.1-P__sAOJnE6ktI80DO2ijZVTUxRHm0jEddNdy5jJUNYp0qIiqsor72cjPDRAYT5d8h4a9Lo1hl9JvqfZz7ex4qA

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:02:35 GMT
content-type: image/svg+xml
cf-ray: 8d1e7eb42fbc957d-LHR
cf-cache-status: HIT
access-control-allow-origin: *
age: 1145
etag: W/"62deda56-90ab"
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
vary: Accept-Encoding
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
x-mf-env: liveApi
x-mf-fe: mf2
server: cloudflare
content-encoding: gzip
GET

https://static.mediafire.com/images/icons/svg_light/twitter.svg

chrome.exe

Remote address:

104.17.150.117:443

Request

GET /images/icons/svg_light/twitter.svg HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: ukey=d3ck80ebme70wkbd0738cbbdfquvvmu7
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-1%22%2C%22mf_content%22%3A%22Business%22%2C%22mf_medium%22%3A%22windows%5C%2FChrome%22%2C%22mf_campaign%22%3A%22wairnw5h05fox4b%22%2C%22mf_term%22%3A%2283ac79c1f22c374c6b82e4b77c9ab502%22%7D
cookie: __cf_bm=Y8eHdifoa8gf3heoWtRGNBlJ2Os8wgm7u076Ez42600-1728813755-1.0.1.1-P__sAOJnE6ktI80DO2ijZVTUxRHm0jEddNdy5jJUNYp0qIiqsor72cjPDRAYT5d8h4a9Lo1hl9JvqfZz7ex4qA

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:02:35 GMT
content-type: image/png
content-length: 1872
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: "62deda56-750"
expires: Tue, 12 Nov 2024 08:08:43 GMT
cache-control: max-age=2592000
x-mf-env: liveApi
x-mf-fe: mf2
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 2935
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d1e7eb45fe4957d-LHR
GET

https://static.mediafire.com/images/icons/svg_light/facebook.svg

chrome.exe

Remote address:

104.17.150.117:443

Request

GET /images/icons/svg_light/facebook.svg HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: ukey=d3ck80ebme70wkbd0738cbbdfquvvmu7
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-1%22%2C%22mf_content%22%3A%22Business%22%2C%22mf_medium%22%3A%22windows%5C%2FChrome%22%2C%22mf_campaign%22%3A%22wairnw5h05fox4b%22%2C%22mf_term%22%3A%2283ac79c1f22c374c6b82e4b77c9ab502%22%7D
cookie: __cf_bm=Y8eHdifoa8gf3heoWtRGNBlJ2Os8wgm7u076Ez42600-1728813755-1.0.1.1-P__sAOJnE6ktI80DO2ijZVTUxRHm0jEddNdy5jJUNYp0qIiqsor72cjPDRAYT5d8h4a9Lo1hl9JvqfZz7ex4qA

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:02:35 GMT
content-type: image/svg+xml
last-modified: Fri, 28 Oct 2016 22:22:42 GMT
etag: W/"5813cfb2-d1d"
x-mf-env: liveApi
x-mf-fe: mf2
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 13256
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d1e7eb45fe8957d-LHR
content-encoding: gzip
GET

https://static.mediafire.com/images/backgrounds/header/mf_logo_full_color.svg

chrome.exe

Remote address:

104.17.150.117:443

Request

GET /images/backgrounds/header/mf_logo_full_color.svg HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: ukey=d3ck80ebme70wkbd0738cbbdfquvvmu7
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-1%22%2C%22mf_content%22%3A%22Business%22%2C%22mf_medium%22%3A%22windows%5C%2FChrome%22%2C%22mf_campaign%22%3A%22wairnw5h05fox4b%22%2C%22mf_term%22%3A%2283ac79c1f22c374c6b82e4b77c9ab502%22%7D
cookie: __cf_bm=Y8eHdifoa8gf3heoWtRGNBlJ2Os8wgm7u076Ez42600-1728813755-1.0.1.1-P__sAOJnE6ktI80DO2ijZVTUxRHm0jEddNdy5jJUNYp0qIiqsor72cjPDRAYT5d8h4a9Lo1hl9JvqfZz7ex4qA

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:02:35 GMT
content-type: image/svg+xml
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: W/"62deda56-191"
x-mf-env: liveApi
x-mf-fe: mf1
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 13954
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d1e7eb45fe7957d-LHR
content-encoding: gzip
GET

https://static.mediafire.com/images/backgrounds/footer/social/footerIcons.png

chrome.exe

Remote address:

104.17.150.117:443

Request

GET /images/backgrounds/footer/social/footerIcons.png HTTP/2.0
host: static.mediafire.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: ukey=d3ck80ebme70wkbd0738cbbdfquvvmu7
cookie: conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-1%22%2C%22mf_content%22%3A%22Business%22%2C%22mf_medium%22%3A%22windows%5C%2FChrome%22%2C%22mf_campaign%22%3A%22wairnw5h05fox4b%22%2C%22mf_term%22%3A%2283ac79c1f22c374c6b82e4b77c9ab502%22%7D
cookie: __cf_bm=Y8eHdifoa8gf3heoWtRGNBlJ2Os8wgm7u076Ez42600-1728813755-1.0.1.1-P__sAOJnE6ktI80DO2ijZVTUxRHm0jEddNdy5jJUNYp0qIiqsor72cjPDRAYT5d8h4a9Lo1hl9JvqfZz7ex4qA

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:02:35 GMT
content-type: image/png
content-length: 583
last-modified: Mon, 25 Jul 2022 18:00:54 GMT
etag: "62deda56-247"
expires: Tue, 12 Nov 2024 08:08:50 GMT
cache-control: max-age=2592000
x-mf-env: liveApi
x-mf-fe: mf2
access-control-allow-origin: *
access-control-allow-methods: OPTIONS, POST, GET
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 6232
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d1e7eb47803957d-LHR
GET

https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

chrome.exe

Remote address:

104.16.79.73:443

Request

GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/2.0
host: static.cloudflareinsights.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://www.mediafire.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:02:35 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.6.1"
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d1e7eb46bfe5322-LHR
content-encoding: gzip
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

172.217.169.3:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 302
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

172.217.169.3:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 335
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://translate.google.com/translate_a/element.js?cb=googHeadTranslate

chrome.exe

Remote address:

172.217.169.78:443

Request

GET /translate_a/element.js?cb=googHeadTranslate HTTP/2.0
host: translate.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=CyJPFhVA1xR2B6RRHS0ICogNIsrEgUd1g4fCG8fxPnc09ieR9NHgImBpZ9v0_xcjEMe6Ty0hwzVF-RGex8DoOmcdu9jLmsCq7GburbXHoYKtsw2NWXUs3yBUDqaYOiLjsrYCBxLDhLCLQeCcG_Rr6lbNEdUZ7dYkVvwfLcvD3dN80DRERcNBCrhQ3XTM8GenNIp5x5ZwwmKOYqYQIYHYyg17sxj8WA
GET

https://cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js

chrome.exe

Remote address:

65.9.95.77:443

Request

GET /libs/amplitude-8.5.0-min.gz.js HTTP/2.0
host: cdn.amplitude.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://www.mediafire.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
content-length: 22154
date: Sat, 12 Oct 2024 12:52:14 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
last-modified: Fri, 13 Aug 2021 22:37:42 GMT
etag: "660c3b546f2a131de50b69b91f26c636"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000
content-encoding: gzip
x-amz-version-id: NY8_7uBz3xoXYJBVsMSBAGHOz8ixMBS3
accept-ranges: bytes
server: AmazonS3
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 79ba346413d83ce62db11c8d0b05c22c.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
x-amz-cf-id: 4GKD9_PR57DFwrLAOEVHQigU80cjffUl04kSJFP8qE0Y27dhh9o3GA==
age: 76222
GET

https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_GB.9iSoQ-9fZ6M.O/am=ACA/d=1/exm=el_conf/ed=1/rs=AN8SPfosAP8IfQi1K4zUYFCrrCi76lf3zA/m=el_main

chrome.exe

Remote address:

172.217.169.10:443

Request

GET /_/translate_http/_/js/k=translate_http.tr.en_GB.9iSoQ-9fZ6M.O/am=ACA/d=1/exm=el_conf/ed=1/rs=AN8SPfosAP8IfQi1K4zUYFCrrCi76lf3zA/m=el_main HTTP/2.0
host: translate.googleapis.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://translate.googleapis.com/element/log?hasfast=true&authuser=0&format=json

chrome.exe

Remote address:

172.217.169.10:443

Request

POST /element/log?hasfast=true&authuser=0&format=json HTTP/2.0
host: translate.googleapis.com
content-length: 1289
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.mediafire.com
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://api.amplitude.com/

chrome.exe

Remote address:

54.203.112.84:443

Request

POST / HTTP/2.0
host: api.amplitude.com
content-length: 1065
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: application/x-www-form-urlencoded; charset=UTF-8
accept: */*
origin: https://www.mediafire.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:02:36 GMT
content-type: text/html;charset=utf-8
content-length: 7
access-control-allow-origin: *
strict-transport-security: max-age=15768000
GET

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K68XP6D85D&cid=904156927.1728813755&gtm=45je4a90v887485693z86304663za200zb6304663&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101529666~101533422~101671035~101686685&tag_exp=101529666~101533422~101671035~101686685&z=415357052

chrome.exe

Remote address:

142.250.187.195:443

Request

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K68XP6D85D&cid=904156927.1728813755&gtm=45je4a90v887485693z86304663za200zb6304663&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101529666~101533422~101671035~101686685&tag_exp=101529666~101533422~101671035~101686685&z=415357052 HTTP/2.0
host: www.google.co.uk
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K68XP6D85D&cid=904156927.1728813755&gtm=45je4a90v887485693za200zb6304663&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101529666~101533422~101671035~101686685&z=98405098

chrome.exe

Remote address:

142.250.187.195:443

Request

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K68XP6D85D&cid=904156927.1728813755&gtm=45je4a90v887485693za200zb6304663&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101529666~101533422~101671035~101686685&z=98405098 HTTP/2.0
host: www.google.co.uk
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
cache-control: max-age=0
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://region1.analytics.google.com/g/collect?v=2&tid=G-K68XP6D85D&gtm=45je4a90v887485693z86304663za200zb6304663&_p=1728813754775&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101529666~101533422~101671035~101686685&cid=904156927.1728813755&ul=en-us&sr=1280x720&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1728813755&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fwairnw5h05fox4b%2F&dt=%23%E2%B1%BEe-tUp_4225-%E2%B1%A3%40%E1%B9%A9%EA%9E%A9W0r%E1%B8%8F%E1%8E%A6%E1%8E%A6%23!!&en=page_view&_fv=1&_ss=1&up.page_url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fwairnw5h05fox4b%2F&tfd=858

chrome.exe

Remote address:

216.239.34.36:443

Request

POST /g/collect?v=2&tid=G-K68XP6D85D&gtm=45je4a90v887485693z86304663za200zb6304663&_p=1728813754775&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101529666~101533422~101671035~101686685&cid=904156927.1728813755&ul=en-us&sr=1280x720&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1728813755&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fwairnw5h05fox4b%2F&dt=%23%E2%B1%BEe-tUp_4225-%E2%B1%A3%40%E1%B9%A9%EA%9E%A9W0r%E1%B8%8F%E1%8E%A6%E1%8E%A6%23!!&en=page_view&_fv=1&_ss=1&up.page_url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fwairnw5h05fox4b%2F&tfd=858 HTTP/2.0
host: region1.analytics.google.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.mediafire.com
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=CyJPFhVA1xR2B6RRHS0ICogNIsrEgUd1g4fCG8fxPnc09ieR9NHgImBpZ9v0_xcjEMe6Ty0hwzVF-RGex8DoOmcdu9jLmsCq7GburbXHoYKtsw2NWXUs3yBUDqaYOiLjsrYCBxLDhLCLQeCcG_Rr6lbNEdUZ7dYkVvwfLcvD3dN80DRERcNBCrhQ3XTM8GenNIp5x5ZwwmKOYqYQIYHYyg17sxj8WA
POST

https://region1.analytics.google.com/g/collect?v=2&tid=G-K68XP6D85D&gtm=45je4a90v887485693za200zb6304663&_p=1728813754775&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101529666~101533422~101671035~101686685&cid=904156927.1728813755&ul=en-us&sr=1280x720&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1728813755&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fwairnw5h05fox4b%2F&dt=%23%E2%B1%BEe-tUp_4225-%E2%B1%A3%40%E1%B9%A9%EA%9E%A9W0r%E1%B8%8F%E1%8E%A6%E1%8E%A6%23!!&en=file_download&ep.link_id=downloadButton&ep.link_url=https%3A%2F%2Fdownload2388.mediafire.com%2Fwgvbf04a7wzgDtJ6tGtZUZqlSOlqAh_COBlaURmAoOrAm1cQQKHgg4WT8nXrOTgI6QcNtrkvh29Z-Y8DduDmmWMhDddfBqdnSBpI-r9J1wE5JFOE_FjQp7PbA87tKJwJpMD1gOaG1kKPH5bxU8Rh5nADW6RYu6QRDo5tSIN-GJ1750o%2Fwairnw5h05fox4b%2F%2523%25E2%25B1%25BEe-tUp_4225-%25E2%25B1%25A3%2540%25E1%25B9%25A9%25EA%259E%25A9W0r%25E1%25B8%258F%25E1%258E%25A6%25E1%258E%25A6%2523%2521%2521.zip&ep.link_text=Download%20(18.48MB)&ep.file_name=%2Fwgvbf04a7wzgDtJ6tGtZUZqlSOlqAh_COBlaURmAoOrAm1cQQKHgg4WT8nXrOTgI6QcNtrkvh29Z-Y8DduDmmWMhDddfBqdnSBpI-r9J1wE5JFOE_FjQp7PbA87tKJwJpMD1gOaG1kKPH5bxU8Rh5nADW6RYu6QRDo5tSIN-GJ1750o%2Fwairnw5h05fox4b%2F%2523%25E2%25B1%25BEe-tUp_4225-%25E2%25B1%25A3%2540%25E1%25B9%25A9%25EA%259E%25A9W0r%25E1%25B8%258F%25E1%258E%25A6%25E1%258E%25A6%2523%2521%2521.zip&ep.file_extension=zip&_et=1269&tfd=7130

chrome.exe

Remote address:

216.239.34.36:443

Request

POST /g/collect?v=2&tid=G-K68XP6D85D&gtm=45je4a90v887485693za200zb6304663&_p=1728813754775&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101529666~101533422~101671035~101686685&cid=904156927.1728813755&ul=en-us&sr=1280x720&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1728813755&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fwairnw5h05fox4b%2F&dt=%23%E2%B1%BEe-tUp_4225-%E2%B1%A3%40%E1%B9%A9%EA%9E%A9W0r%E1%B8%8F%E1%8E%A6%E1%8E%A6%23!!&en=file_download&ep.link_id=downloadButton&ep.link_url=https%3A%2F%2Fdownload2388.mediafire.com%2Fwgvbf04a7wzgDtJ6tGtZUZqlSOlqAh_COBlaURmAoOrAm1cQQKHgg4WT8nXrOTgI6QcNtrkvh29Z-Y8DduDmmWMhDddfBqdnSBpI-r9J1wE5JFOE_FjQp7PbA87tKJwJpMD1gOaG1kKPH5bxU8Rh5nADW6RYu6QRDo5tSIN-GJ1750o%2Fwairnw5h05fox4b%2F%2523%25E2%25B1%25BEe-tUp_4225-%25E2%25B1%25A3%2540%25E1%25B9%25A9%25EA%259E%25A9W0r%25E1%25B8%258F%25E1%258E%25A6%25E1%258E%25A6%2523%2521%2521.zip&ep.link_text=Download%20(18.48MB)&ep.file_name=%2Fwgvbf04a7wzgDtJ6tGtZUZqlSOlqAh_COBlaURmAoOrAm1cQQKHgg4WT8nXrOTgI6QcNtrkvh29Z-Y8DduDmmWMhDddfBqdnSBpI-r9J1wE5JFOE_FjQp7PbA87tKJwJpMD1gOaG1kKPH5bxU8Rh5nADW6RYu6QRDo5tSIN-GJ1750o%2Fwairnw5h05fox4b%2F%2523%25E2%25B1%25BEe-tUp_4225-%25E2%25B1%25A3%2540%25E1%25B9%25A9%25EA%259E%25A9W0r%25E1%25B8%258F%25E1%258E%25A6%25E1%258E%25A6%2523%2521%2521.zip&ep.file_extension=zip&_et=1269&tfd=7130 HTTP/2.0
host: region1.analytics.google.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.mediafire.com
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=CyJPFhVA1xR2B6RRHS0ICogNIsrEgUd1g4fCG8fxPnc09ieR9NHgImBpZ9v0_xcjEMe6Ty0hwzVF-RGex8DoOmcdu9jLmsCq7GburbXHoYKtsw2NWXUs3yBUDqaYOiLjsrYCBxLDhLCLQeCcG_Rr6lbNEdUZ7dYkVvwfLcvD3dN80DRERcNBCrhQ3XTM8GenNIp5x5ZwwmKOYqYQIYHYyg17sxj8WA
POST

https://stats.g.doubleclick.net/g/collect?v=2&tid=G-K68XP6D85D&cid=904156927.1728813755&gtm=45je4a90v887485693z86304663za200zb6304663&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101529666~101533422~101671035~101686685

chrome.exe

Remote address:

74.125.206.154:443

Request

POST /g/collect?v=2&tid=G-K68XP6D85D&cid=904156927.1728813755&gtm=45je4a90v887485693z86304663za200zb6304663&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101529666~101533422~101671035~101686685 HTTP/2.0
host: stats.g.doubleclick.net
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.mediafire.com
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.mediafire.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=en-GB&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback

chrome.exe

Remote address:

142.250.179.234:443

Request

GET /v1/supportedLanguages?client=te&display_language=en-GB&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback HTTP/2.0
host: translate-pa.googleapis.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

84.112.203.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.112.203.54.in-addr.arpa

IN PTR

Response

84.112.203.54.in-addr.arpa

IN PTR

ec2-54-203-112-84 us-west-2compute amazonawscom
DNS

163.68.195.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

163.68.195.51.in-addr.arpa

IN PTR

Response

163.68.195.51.in-addr.arpa

IN PTR

wwwwin-rarcom
DNS

17.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.173.189.20.in-addr.arpa

IN PTR

Response
DNS

99.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.201.58.216.in-addr.arpa

IN PTR

Response

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f31e100net

99.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f3�G

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f99�G
DNS

g.tenor.com

Remote address:

8.8.8.8:53

Request

g.tenor.com

IN A

Response

g.tenor.com

IN CNAME

tenor.googleapis.com

tenor.googleapis.com

IN A

216.58.213.10

tenor.googleapis.com

IN A

142.250.180.10

tenor.googleapis.com

IN A

216.58.201.106

tenor.googleapis.com

IN A

142.250.200.10

tenor.googleapis.com

IN A

142.250.187.234

tenor.googleapis.com

IN A

216.58.212.234

tenor.googleapis.com

IN A

142.250.200.42

tenor.googleapis.com

IN A

172.217.169.74

tenor.googleapis.com

IN A

216.58.212.202

tenor.googleapis.com

IN A

172.217.16.234

tenor.googleapis.com

IN A

172.217.169.10

tenor.googleapis.com

IN A

142.250.178.10

tenor.googleapis.com

IN A

216.58.204.74

tenor.googleapis.com

IN A

142.250.187.202

tenor.googleapis.com

IN A

142.250.179.234
DNS

g.tenor.com

Remote address:

8.8.8.8:53

Request

g.tenor.com

IN A

Response

g.tenor.com

IN CNAME

tenor.googleapis.com

tenor.googleapis.com

IN A

216.58.204.74

tenor.googleapis.com

IN A

142.250.187.202

tenor.googleapis.com

IN A

216.58.212.202

tenor.googleapis.com

IN A

216.58.213.10

tenor.googleapis.com

IN A

216.58.201.106

tenor.googleapis.com

IN A

142.250.178.10

tenor.googleapis.com

IN A

142.250.187.234

tenor.googleapis.com

IN A

142.250.179.234

tenor.googleapis.com

IN A

216.58.212.234

tenor.googleapis.com

IN A

142.250.200.10

tenor.googleapis.com

IN A

172.217.169.74

tenor.googleapis.com

IN A

142.250.180.10

tenor.googleapis.com

IN A

172.217.16.234

tenor.googleapis.com

IN A

172.217.169.10

tenor.googleapis.com

IN A

142.250.200.42
DNS

234.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.179.250.142.in-addr.arpa

IN PTR

Response

234.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f101e100net
DNS

www.win-rar.com

Remote address:

8.8.8.8:53

Request

www.win-rar.com

IN A

Response

www.win-rar.com

IN A

51.195.68.163
DNS

self.events.data.microsoft.com

Remote address:

8.8.8.8:53

Request

self.events.data.microsoft.com

IN A

Response

self.events.data.microsoft.com

IN CNAME

self-events-data.trafficmanager.net

self-events-data.trafficmanager.net

IN CNAME

onedscolprdwus22.westus.cloudapp.azure.com

onedscolprdwus22.westus.cloudapp.azure.com

IN A

20.189.173.17
DNS

www.google.com

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.200.4
DNS

46.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.169.217.172.in-addr.arpa

IN PTR

Response

46.169.217.172.in-addr.arpa

IN PTR

lhr48s08-in-f141e100net
DNS

o.pki.goog

Remote address:

8.8.8.8:53

Request

o.pki.goog

IN A

Response

o.pki.goog

IN CNAME

pki-goog.l.google.com

pki-goog.l.google.com

IN A

142.250.178.3
DNS

inputsuggestions.msdxcdn.microsoft.com

Remote address:

8.8.8.8:53

Request

inputsuggestions.msdxcdn.microsoft.com

IN A

Response

inputsuggestions.msdxcdn.microsoft.com

IN CNAME

msdx-cdn-y86ykn8r9v.azureedge.net

msdx-cdn-y86ykn8r9v.azureedge.net

IN CNAME

msdx-cdn-y86ykn8r9v.afd.azureedge.net

msdx-cdn-y86ykn8r9v.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

64.246.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.246.107.13.in-addr.arpa

IN PTR

Response
DNS

www.googleadservices.com

Remote address:

8.8.8.8:53

Request

www.googleadservices.com

IN A

Response

www.googleadservices.com

IN A

216.58.212.194
DNS

id.google.com

Remote address:

8.8.8.8:53

Request

id.google.com

IN A

Response

id.google.com

IN A

142.250.200.35
DNS

id.google.com

Remote address:

8.8.8.8:53

Request

id.google.com

IN A

Response

id.google.com

IN A

142.250.200.35
DNS

36.34.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

36.34.239.216.in-addr.arpa

IN PTR

Response
DNS

154.206.125.74.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.206.125.74.in-addr.arpa

IN PTR

Response

154.206.125.74.in-addr.arpa

IN PTR

wk-in-f1541e100net
DNS

googleads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

172.217.16.226
DNS

googleads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

172.217.16.226
GET

https://download2388.mediafire.com/wgvbf04a7wzgDtJ6tGtZUZqlSOlqAh_COBlaURmAoOrAm1cQQKHgg4WT8nXrOTgI6QcNtrkvh29Z-Y8DduDmmWMhDddfBqdnSBpI-r9J1wE5JFOE_FjQp7PbA87tKJwJpMD1gOaG1kKPH5bxU8Rh5nADW6RYu6QRDo5tSIN-GJ1750o/wairnw5h05fox4b/%23%E2%B1%BEe-tUp_4225-%E2%B1%A3%40%E1%B9%A9%EA%9E%A9W0r%E1%B8%8F%E1%8E%A6%E1%8E%A6%23%21%21.zip

chrome.exe

Remote address:

199.91.155.129:443

Request

GET /wgvbf04a7wzgDtJ6tGtZUZqlSOlqAh_COBlaURmAoOrAm1cQQKHgg4WT8nXrOTgI6QcNtrkvh29Z-Y8DduDmmWMhDddfBqdnSBpI-r9J1wE5JFOE_FjQp7PbA87tKJwJpMD1gOaG1kKPH5bxU8Rh5nADW6RYu6QRDo5tSIN-GJ1750o/wairnw5h05fox4b/%23%E2%B1%BEe-tUp_4225-%E2%B1%A3%40%E1%B9%A9%EA%9E%A9W0r%E1%B8%8F%E1%8E%A6%E1%8E%A6%23%21%21.zip HTTP/1.1
Host: download2388.mediafire.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://www.mediafire.com/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9
Cookie: ukey=d3ck80ebme70wkbd0738cbbdfquvvmu7; conv_tracking_data-2=%7B%22mf_source%22%3A%22regular_download-1%22%2C%22mf_content%22%3A%22Business%22%2C%22mf_medium%22%3A%22windows%5C%2FChrome%22%2C%22mf_campaign%22%3A%22wairnw5h05fox4b%22%2C%22mf_term%22%3A%2283ac79c1f22c374c6b82e4b77c9ab502%22%7D; __cf_bm=Y8eHdifoa8gf3heoWtRGNBlJ2Os8wgm7u076Ez42600-1728813755-1.0.1.1-P__sAOJnE6ktI80DO2ijZVTUxRHm0jEddNdy5jJUNYp0qIiqsor72cjPDRAYT5d8h4a9Lo1hl9JvqfZz7ex4qA; amp_28916b=Fuka32esWCnmplGiRSmLJ5...1ia2l8qjj.1ia2l8qjk.0.1.1; _gid=GA1.2.1762570736.1728813755; _gat_gtag_UA_829541_1=1; cf_clearance=YUWalFcz8gcPc38FI78xQN87CUqJG14sCB6V4JoNddM-1728813755-1.2.1.1-BC6zP2Jt3W4mDhBDoMQp.p.7A40s83Gyrz0UWZo4KQhnko8u3U_aUnqgubzc1Ze1WIue7VfPYV24Ew16PxFVDMx8qkVim3BHE_vWi9QqMuBlnnNd4jtogOL.rrVPBp3wR9Sz6D5TU_PjSsYKrNijKgbtdDrzGYB6CLkicTOw9kvnmuOpYGrV4WoAaF1WGnEH049m4H.kolCl9AfSpY3Qii5bs70sJfwLOjM2aOjNMKepJvO1zRLy4noJ19RV8.1Qce9iOPaNIzBFrbMIUUk.WUC2ewzdQl95kGRtcRjAYacP98KOExs_EuBoSadwMgVAR3B1xL7c.PHYxPsIyYsj0pzRMLGfmZNcN_gb7J7_s3go1G0SSwi9tCllk3D.TxuF; _ga=GA1.1.904156927.1728813755; _ga_K68XP6D85D=GS1.1.1728813755.1.0.1728813756.59.0.0

Response

HTTP/1.1 200 OK

server: bd-0.1.27
content-type: application/zip
accept-ranges: bytes
connection: close
cache-control: no-store
x-robots-tag: noindex, nofollow
content-disposition: attachment; filename="#Ȿe-tUp_4225-Ᵽ@ṩꞩW0rḏᎦᎦ#!!.zip"
content-length: 19380219
date: Sun, 13 Oct 2024 10:02:37 GMT
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

172.217.169.3:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 1001
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

172.217.169.3:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 335
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://google.com/domainreliability/upload

chrome.exe

Remote address:

172.217.169.14:443

Request

POST /domainreliability/upload HTTP/2.0
host: google.com
content-length: 1001
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://google.com/domainreliability/upload

chrome.exe

Remote address:

172.217.169.14:443

Request

POST /domainreliability/upload HTTP/2.0
host: google.com
content-length: 325
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://id.google.com/verify/AD1BBBQqFgBk_jsZhwPGMm4ExXRLw8zs9rXkRgXKwE847WHY9yeX4P01Q_GsA5Z-cucVh6sI2AQWktoROOLdoMz6ADo8mo2eQkEnBA381od-Y5qg

chrome.exe

Remote address:

142.250.187.195:443

Request

GET /verify/AD1BBBQqFgBk_jsZhwPGMm4ExXRLw8zs9rXkRgXKwE847WHY9yeX4P01Q_GsA5Z-cucVh6sI2AQWktoROOLdoMz6ADo8mo2eQkEnBA381od-Y5qg HTTP/2.0
host: id.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: AEC=AVYB7crrAmhGTQO9SmxCFl3GLyLY7IwkNGN0Pda_YuILR5L0riPu-7GdM9g
cookie: SOCS=CAISHAgCEhJnd3NfMjAyNDEwMDktMF9SQzEaAmVuIAEaBgiAm6y4Bg
cookie: __Secure-BUCKET=CM4D
cookie: NID=518=uMqmbFsfylLLs3B2gg3THskXYCXhxhhxZ4xvOcmMFXK6EMITiDsatKyIIpTw0mIoiKdRdC8mfp71RvZcS1894rDJYBNz-ekQ-GSiCWhJB6MsnEng0wQNYnkaYbuU_C7Wg4mqd-s7VtFwOt88XK6N3E3bdt4s47B5h1NKvq_LS7AOaIk4XT1aJo74n2l0mcACUPk96c__wpMH388rfXgLlqJRY4WGvT0UoQ
CONNECT

chrome.exe

Remote address:

216.239.34.157:443

Request

CONNECT HTTP/2.0
host: www.win-rar.com:443
chrome-tunnel: key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response

HTTP/2.0 200

content-type: text/plain; charset=utf-8
date: Sun, 13 Oct 2024 10:03:33 GMT
CONNECT

chrome.exe

Remote address:

216.239.34.157:443

Request

CONNECT HTTP/2.0
host: www.rarlab.com:443
chrome-tunnel: key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response

HTTP/2.0 200

content-type: text/plain; charset=utf-8
date: Sun, 13 Oct 2024 10:03:33 GMT
GET

https://www.win-rar.com/

chrome.exe

Remote address:

51.195.68.163:443

Request

GET / HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://www.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Sun, 13 Oct 2024 10:03:38 GMT
server: Apache
location: /start.html?&L=0
content-type: text/html;charset=utf-8
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/start.html?&L=0

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /start.html?&L=0 HTTP/2.0
host: www.win-rar.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
referer: https://www.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:38 GMT
server: Apache
vary: Accept-Encoding
content-encoding: gzip
content-length: 7611
content-type: text/html;charset=utf-8
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/templates/style.css?1704275748

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/templates/style.css?1704275748 HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.win-rar.com/start.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:38 GMT
server: Apache
last-modified: Wed, 03 Jan 2024 09:55:48 GMT
etag: "1416-60e079e9a0889-gzip"
accept-ranges: bytes
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:39 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1611
content-type: text/css
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/typo3temp/stylesheet_5d370599a3.css?1630582047

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /typo3temp/stylesheet_5d370599a3.css?1630582047 HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.win-rar.com/start.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:38 GMT
server: Apache
last-modified: Thu, 02 Sep 2021 11:27:27 GMT
etag: "1711-5cb0177b83a1f-gzip"
accept-ranges: bytes
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:39 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1179
content-type: text/css
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/templates/images.css?1627980766

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/templates/images.css?1627980766 HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.win-rar.com/start.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:38 GMT
server: Apache
last-modified: Tue, 03 Aug 2021 08:52:46 GMT
etag: "73e-5c8a3cf5032e6-gzip"
accept-ranges: bytes
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:39 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 401
content-type: text/css
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/templates/footer.css?1675426476

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/templates/footer.css?1675426476 HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.win-rar.com/start.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:38 GMT
server: Apache
last-modified: Fri, 03 Feb 2023 12:14:36 GMT
etag: "a51-5f3ca9ffe72da-gzip"
accept-ranges: bytes
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:39 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 688
content-type: text/css
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/templates/formhandler/jquery-3.7.1.slim.min.js

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/templates/formhandler/jquery-3.7.1.slim.min.js HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.win-rar.com/start.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:38 GMT
server: Apache
last-modified: Mon, 20 Dec 2021 11:56:51 GMT
etag: "1b0b-5d392958c6c4a"
accept-ranges: bytes
content-length: 6923
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:39 GMT
content-type: image/png
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/templates/logo-winrar.png

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/templates/logo-winrar.png HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/start.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:38 GMT
server: Apache
last-modified: Wed, 28 Feb 2024 08:39:38 GMT
etag: "21da-6126d15566163"
accept-ranges: bytes
content-length: 8666
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:39 GMT
content-type: image/png
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/uploads/pics/rar-archive-8_d8215f_10.png

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /uploads/pics/rar-archive-8_d8215f_10.png HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/start.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:38 GMT
server: Apache
last-modified: Tue, 17 Sep 2024 11:12:30 GMT
etag: "11278-6224ec3f1e72e-gzip"
accept-ranges: bytes
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:39 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 24084
content-type: application/javascript
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/awards/award-moosoft-winrar.png

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/awards/award-moosoft-winrar.png HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/start.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:38 GMT
server: Apache
last-modified: Wed, 10 Apr 2024 07:24:04 GMT
etag: "1839-615b8ec5e750d"
accept-ranges: bytes
content-length: 6201
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:39 GMT
content-type: image/png
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/icons/fb.svg

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/icons/fb.svg HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/start.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:38 GMT
server: Apache
last-modified: Tue, 05 Oct 2021 09:06:04 GMT
etag: "31d-5cd9756de4101"
accept-ranges: bytes
content-length: 797
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:39 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/icons/tw.svg

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/icons/tw.svg HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/start.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:38 GMT
server: Apache
last-modified: Wed, 13 Mar 2024 13:17:27 GMT
etag: "186-6138a989b8250"
accept-ranges: bytes
content-length: 390
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:39 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/icons/yt.svg

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/icons/yt.svg HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/start.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:38 GMT
server: Apache
last-modified: Tue, 05 Oct 2021 09:06:04 GMT
etag: "254-5cd9756de8f21"
accept-ranges: bytes
content-length: 596
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:39 GMT
vary: Accept-Encoding
content-type: image/svg+xml
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/templates/formhandler/ckrule.js

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/templates/formhandler/ckrule.js HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.win-rar.com/start.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:38 GMT
server: Apache
last-modified: Mon, 06 Sep 2021 08:31:34 GMT
etag: "3d5f-5cb4f7a1525c0-gzip"
accept-ranges: bytes
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:39 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 4056
content-type: application/javascript
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/templates/style-mx.css?1704277066

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/templates/style-mx.css?1704277066 HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.win-rar.com/start.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:38 GMT
server: Apache
last-modified: Wed, 03 Jan 2024 10:17:46 GMT
etag: "404-60e07ed288df7-gzip"
accept-ranges: bytes
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:39 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 436
content-type: text/css
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/templates/footer-mx.css?1661158051

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/templates/footer-mx.css?1661158051 HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.win-rar.com/start.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:38 GMT
server: Apache
last-modified: Mon, 22 Aug 2022 08:47:31 GMT
etag: "46f-5e6d07f9a3140-gzip"
accept-ranges: bytes
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:39 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 356
content-type: text/css
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/buttons/button_buy_blank.png

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/buttons/button_buy_blank.png HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/fileadmin/templates/images.css?1627980766
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:38 GMT
server: Apache
last-modified: Thu, 04 Nov 2010 16:33:01 GMT
etag: "867-4943cb61ac940"
accept-ranges: bytes
content-length: 2151
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:39 GMT
content-type: image/png
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/buttons/button_download_blank.png

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/buttons/button_download_blank.png HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/fileadmin/templates/images.css?1627980766
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:38 GMT
server: Apache
last-modified: Thu, 04 Nov 2010 16:33:28 GMT
etag: "6d4-4943cb7b6c600"
accept-ranges: bytes
content-length: 1748
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:39 GMT
content-type: image/png
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/common/favicon.ico

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/common/favicon.ico HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/start.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:38 GMT
server: Apache
last-modified: Wed, 21 Mar 2018 10:53:34 GMT
etag: "9f6-567ea00a03eba"
accept-ranges: bytes
content-length: 2550
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:39 GMT
content-type: image/vnd.microsoft.icon
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/awards/graphicsfamily-award.png

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/awards/graphicsfamily-award.png HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/start.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:43 GMT
server: Apache
last-modified: Fri, 12 Jan 2024 12:14:24 GMT
etag: "1159-60ebe9ad6f86b"
accept-ranges: bytes
content-length: 4441
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:44 GMT
content-type: image/png
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/predownload.html?&L=0

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /predownload.html?&L=0 HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://www.win-rar.com/start.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:44 GMT
server: Apache
vary: Accept-Encoding
content-encoding: gzip
content-length: 4814
content-type: text/html;charset=utf-8
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/templates/defaultStyle.css?1627021175

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/templates/defaultStyle.css?1627021175 HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.win-rar.com/predownload.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:44 GMT
server: Apache
last-modified: Fri, 23 Jul 2021 06:19:35 GMT
etag: "1801-5c7c4632efbb1-gzip"
accept-ranges: bytes
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:45 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1828
content-type: text/css
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/typo3temp/stylesheet_3af1ea9423.css?1620143933

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /typo3temp/stylesheet_3af1ea9423.css?1620143933 HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.win-rar.com/predownload.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:44 GMT
server: Apache
last-modified: Tue, 04 May 2021 15:58:53 GMT
etag: "2b-5c18327a2ef4a"
accept-ranges: bytes
content-length: 43
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:45 GMT
vary: Accept-Encoding
content-type: text/css
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/winrar-archive.png

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/winrar-archive.png HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/predownload.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:44 GMT
server: Apache
last-modified: Mon, 27 Apr 2020 09:13:50 GMT
etag: "5846-5a442221b2999"
accept-ranges: bytes
content-length: 22598
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:45 GMT
content-type: image/png
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/buttons/button_buy_en.jpg

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/buttons/button_buy_en.jpg HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/predownload.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:44 GMT
server: Apache
last-modified: Wed, 31 Aug 2011 08:57:14 GMT
etag: "e0f-4abc9507d2e80"
accept-ranges: bytes
content-length: 3599
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:45 GMT
content-type: image/jpeg
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/templates/defaultstyle-mx.css?1661155123

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/templates/defaultstyle-mx.css?1661155123 HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.win-rar.com/predownload.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:44 GMT
server: Apache
last-modified: Mon, 22 Aug 2022 07:58:43 GMT
etag: "2fb-5e6cfd10dcb57-gzip"
accept-ranges: bytes
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:45 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 401
content-type: text/css
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/boxshots/checkgreen.jpg

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/boxshots/checkgreen.jpg HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/fileadmin/templates/defaultStyle.css?1627021175
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:44 GMT
server: Apache
last-modified: Wed, 06 Jun 2012 16:33:48 GMT
etag: "21f-4c1d054dd7300"
accept-ranges: bytes
content-length: 543
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:45 GMT
content-type: image/jpeg
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/postdownload.html?&L=0

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /postdownload.html?&L=0 HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://www.win-rar.com/predownload.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:58 GMT
server: Apache
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: PHPSESSID=8om6lnk3u8jg0lcoi2dvpu6sp7; path=/; samesite=Strict; domain=.win-rar.com; secure; HttpOnly
vary: Accept-Encoding
content-encoding: gzip
content-length: 8646
content-type: text/html;charset=utf-8
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/scripts/captcha/captcha.php?RELOAD=

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/scripts/captcha/captcha.php?RELOAD= HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/postdownload.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0
cookie: PHPSESSID=8om6lnk3u8jg0lcoi2dvpu6sp7

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:58 GMT
server: Apache
last-modified: Tue, 23 Aug 2022 07:37:00 GMT
etag: "3212-5e6e3a134d14b-gzip"
accept-ranges: bytes
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:59 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 2980
content-type: application/javascript
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/templates/formhandler/apphelp-min.js

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/templates/formhandler/apphelp-min.js HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.win-rar.com/postdownload.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0
cookie: PHPSESSID=8om6lnk3u8jg0lcoi2dvpu6sp7

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:58 GMT
server: Apache
last-modified: Thu, 18 Aug 2022 09:21:12 GMT
etag: "14f6-5e68080a80730-gzip"
accept-ranges: bytes
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:03:59 GMT
vary: Accept-Encoding
content-encoding: gzip
content-length: 1655
content-type: text/css
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/templates/style_max640.css?1660814472

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/templates/style_max640.css?1660814472 HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.win-rar.com/postdownload.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0
cookie: PHPSESSID=8om6lnk3u8jg0lcoi2dvpu6sp7

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:58 GMT
server: Apache
expires: Mon, 26 Jul 1990 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Sun, 13 Oct 2024 10:03:58 GMT
content-type: image/png
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/winrar-versions/winrar/winrar-x64-701.exe

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/winrar-versions/winrar/winrar-x64-701.exe HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://www.win-rar.com/postdownload.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0
cookie: PHPSESSID=8om6lnk3u8jg0lcoi2dvpu6sp7

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:03:59 GMT
server: Apache
last-modified: Wed, 15 May 2024 07:43:28 GMT
etag: "3c3e58-61879463c588a"
accept-ranges: bytes
content-length: 3948120
cache-control: max-age=5184000
expires: Thu, 12 Dec 2024 10:03:59 GMT
content-type: application/octet-stream
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/helper/winrar-download-chrome.png

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/helper/winrar-download-chrome.png HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/postdownload.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0
cookie: PHPSESSID=8om6lnk3u8jg0lcoi2dvpu6sp7

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:04:02 GMT
server: Apache
last-modified: Wed, 22 Jul 2020 12:17:11 GMT
etag: "828-5ab06b82aedfc"
accept-ranges: bytes
content-length: 2088
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:04:03 GMT
content-type: image/png
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/helper/user_account_control.png

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/helper/user_account_control.png HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/postdownload.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0
cookie: PHPSESSID=8om6lnk3u8jg0lcoi2dvpu6sp7

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:04:02 GMT
server: Apache
last-modified: Mon, 09 Aug 2021 07:32:13 GMT
etag: "2906-5c91b624a792d"
accept-ranges: bytes
content-length: 10502
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:04:03 GMT
content-type: image/png
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/help/winrar-installation-step-1.png

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/help/winrar-installation-step-1.png HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/postdownload.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0
cookie: PHPSESSID=8om6lnk3u8jg0lcoi2dvpu6sp7

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:04:02 GMT
server: Apache
last-modified: Mon, 09 Aug 2021 07:32:59 GMT
etag: "ed35-5c91b6500eaab"
accept-ranges: bytes
content-length: 60725
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:04:03 GMT
content-type: image/png
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/help/winrar-installation-step-2.png

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/help/winrar-installation-step-2.png HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/postdownload.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0
cookie: PHPSESSID=8om6lnk3u8jg0lcoi2dvpu6sp7

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:04:02 GMT
server: Apache
last-modified: Mon, 09 Aug 2021 07:32:59 GMT
etag: "e766-5c91b650115a3"
accept-ranges: bytes
content-length: 59238
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:04:03 GMT
content-type: image/png
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

https://www.win-rar.com/fileadmin/images/help/winrar-installation-step-3.png

chrome.exe

Remote address:

51.195.68.163:443

Request

GET /fileadmin/images/help/winrar-installation-step-3.png HTTP/2.0
host: www.win-rar.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.win-rar.com/postdownload.html?&L=0
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cookieDisclaimer=0
cookie: PHPSESSID=8om6lnk3u8jg0lcoi2dvpu6sp7

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:04:02 GMT
server: Apache
last-modified: Mon, 09 Aug 2021 07:32:59 GMT
etag: "acec-5c91b65014c53"
accept-ranges: bytes
content-length: 44268
cache-control: max-age=172801
expires: Tue, 15 Oct 2024 10:04:03 GMT
content-type: image/png
x-frame-options: DENY
x-xss-protection: 1;mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: frame-ancestors 'none';
GET

http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D

TextInputHost.exe

Remote address:

142.250.178.3:80

Request

GET /gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 1446
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sun, 13 Oct 2024 09:16:54 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 3131
GET

http://c.pki.goog/r/r1.crl

TextInputHost.exe

Remote address:

142.250.178.3:80

Request

GET /r/r1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: c.pki.goog

Response

HTTP/1.1 200 OK

Accept-Ranges: bytes
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
Content-Length: 854
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Sun, 13 Oct 2024 09:31:47 GMT
Expires: Sun, 13 Oct 2024 10:21:47 GMT
Cache-Control: public, max-age=3000
Age: 2238
Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
Content-Type: application/pkix-crl
Vary: Accept-Encoding
GET

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEA59h%2BNbcrblCWf7YDaxen8%3D

TextInputHost.exe

Remote address:

142.250.178.3:80

Request

GET /wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEA59h%2BNbcrblCWf7YDaxen8%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: o.pki.goog

Response

HTTP/1.1 200 OK

Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Date: Sun, 13 Oct 2024 09:20:12 GMT
Cache-Control: public, max-age=14400
Content-Type: application/ocsp-response
Age: 2933
DNS

dns-tunnel-check.googlezip.net

chrome.exe

Remote address:

8.8.8.8:53

Request

dns-tunnel-check.googlezip.net

IN A

Response

dns-tunnel-check.googlezip.net

IN A

216.239.34.159
DNS

www.gstatic.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.gstatic.com

IN A

Response

www.gstatic.com

IN A

142.250.178.3
DNS

www.youtube.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.youtube.com

IN A

Response

www.youtube.com

IN CNAME

youtube-ui.l.google.com

youtube-ui.l.google.com

IN A

142.250.187.238

youtube-ui.l.google.com

IN A

172.217.169.78

youtube-ui.l.google.com

IN A

216.58.201.110

youtube-ui.l.google.com

IN A

142.250.187.206

youtube-ui.l.google.com

IN A

216.58.213.14

youtube-ui.l.google.com

IN A

142.250.178.14

youtube-ui.l.google.com

IN A

172.217.16.238

youtube-ui.l.google.com

IN A

142.250.200.14

youtube-ui.l.google.com

IN A

142.250.179.238

youtube-ui.l.google.com

IN A

142.250.200.46

youtube-ui.l.google.com

IN A

216.58.204.78

youtube-ui.l.google.com

IN A

142.250.180.14

youtube-ui.l.google.com

IN A

172.217.169.46

youtube-ui.l.google.com

IN A

216.58.212.238

youtube-ui.l.google.com

IN A

216.58.212.206

youtube-ui.l.google.com

IN A

172.217.169.14
DNS

jnn-pa.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

jnn-pa.googleapis.com

IN A

Response

jnn-pa.googleapis.com

IN A

142.250.180.10

jnn-pa.googleapis.com

IN A

142.250.187.202

jnn-pa.googleapis.com

IN A

142.250.200.10

jnn-pa.googleapis.com

IN A

216.58.204.74

jnn-pa.googleapis.com

IN A

142.250.187.234

jnn-pa.googleapis.com

IN A

172.217.169.74

jnn-pa.googleapis.com

IN A

172.217.16.234

jnn-pa.googleapis.com

IN A

142.250.179.234

jnn-pa.googleapis.com

IN A

216.58.213.10

jnn-pa.googleapis.com

IN A

142.250.178.10

jnn-pa.googleapis.com

IN A

216.58.201.106

jnn-pa.googleapis.com

IN A

172.217.169.10

jnn-pa.googleapis.com

IN A

142.250.200.42

jnn-pa.googleapis.com

IN A

172.217.169.42
DNS

34.200.250.142.in-addr.arpa

chrome.exe

Remote address:

8.8.8.8:53

Request

34.200.250.142.in-addr.arpa

IN PTR

Response

34.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f21e100net
DNS

cmp.setupcmp.com

chrome.exe

Remote address:

8.8.8.8:53

Request

cmp.setupcmp.com

IN A

Response

cmp.setupcmp.com

IN A

172.67.70.36

cmp.setupcmp.com

IN A

104.26.5.6

cmp.setupcmp.com

IN A

104.26.4.6
DNS

cmp.setupcmp.com

chrome.exe

Remote address:

8.8.8.8:53

Request

cmp.setupcmp.com

IN A

Response

cmp.setupcmp.com

IN A

104.26.4.6

cmp.setupcmp.com

IN A

172.67.70.36

cmp.setupcmp.com

IN A

104.26.5.6
CONNECT

chrome.exe

Remote address:

216.239.34.157:443

Request

CONNECT HTTP/2.0
host: www.ldplayer.net:443
chrome-tunnel: key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response

HTTP/2.0 200

content-type: text/plain; charset=utf-8
date: Sun, 13 Oct 2024 10:09:35 GMT
DNS

i.ytimg.com

chrome.exe

Remote address:

8.8.8.8:53

Request

i.ytimg.com

IN A

Response

i.ytimg.com

IN A

216.58.201.118

i.ytimg.com

IN A

142.250.200.54

i.ytimg.com

IN A

142.250.180.22

i.ytimg.com

IN A

142.250.178.22

i.ytimg.com

IN A

142.250.200.22

i.ytimg.com

IN A

142.250.187.214

i.ytimg.com

IN A

172.217.169.86

i.ytimg.com

IN A

216.58.204.86

i.ytimg.com

IN A

172.217.169.54

i.ytimg.com

IN A

172.217.16.246

i.ytimg.com

IN A

142.250.179.246

i.ytimg.com

IN A

142.250.187.246

i.ytimg.com

IN A

216.58.212.214

i.ytimg.com

IN A

216.58.212.246
DNS

118.201.58.216.in-addr.arpa

chrome.exe

Remote address:

8.8.8.8:53

Request

118.201.58.216.in-addr.arpa

IN PTR

Response

118.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f221e100net

118.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f118�I

118.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f22�I
DNS

static.doubleclick.net

chrome.exe

Remote address:

8.8.8.8:53

Request

static.doubleclick.net

IN A

Response

static.doubleclick.net

IN A

142.250.200.38
DNS

238.187.250.142.in-addr.arpa

chrome.exe

Remote address:

8.8.8.8:53

Request

238.187.250.142.in-addr.arpa

IN PTR

Response

238.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f141e100net
DNS

www.ldplayer.net

chrome.exe

Remote address:

8.8.8.8:53

Request

www.ldplayer.net

IN A

Response

www.ldplayer.net

IN CNAME

www.ldplayer.net.w.kunlungr.com

www.ldplayer.net.w.kunlungr.com

IN A

163.181.154.242

www.ldplayer.net.w.kunlungr.com

IN A

163.181.154.240

www.ldplayer.net.w.kunlungr.com

IN A

163.181.154.243

www.ldplayer.net.w.kunlungr.com

IN A

163.181.154.238

www.ldplayer.net.w.kunlungr.com

IN A

163.181.154.244

www.ldplayer.net.w.kunlungr.com

IN A

163.181.154.239

www.ldplayer.net.w.kunlungr.com

IN A

163.181.154.237

www.ldplayer.net.w.kunlungr.com

IN A

163.181.154.241
DNS

www.ldplayer.net

chrome.exe

Remote address:

8.8.8.8:53

Request

www.ldplayer.net

IN A

Response

www.ldplayer.net

IN CNAME

www.ldplayer.net.w.kunlungr.com

www.ldplayer.net.w.kunlungr.com

IN A

163.181.154.239

www.ldplayer.net.w.kunlungr.com

IN A

163.181.154.240

www.ldplayer.net.w.kunlungr.com

IN A

163.181.154.243

www.ldplayer.net.w.kunlungr.com

IN A

163.181.154.237

www.ldplayer.net.w.kunlungr.com

IN A

163.181.154.242

www.ldplayer.net.w.kunlungr.com

IN A

163.181.154.241

www.ldplayer.net.w.kunlungr.com

IN A

163.181.154.238

www.ldplayer.net.w.kunlungr.com

IN A

163.181.154.244
GET

https://i.ytimg.com/vi/K3CppL3v7OI/mqdefault.jpg?sqp=-oaymwEFCJQBEFM&rs=AMzJL3ni_8LdQzZ1F1gAbonZNT7JRqs1Bw

chrome.exe

Remote address:

216.58.201.118:443

Request

GET /vi/K3CppL3v7OI/mqdefault.jpg?sqp=-oaymwEFCJQBEFM&rs=AMzJL3ni_8LdQzZ1F1gAbonZNT7JRqs1Bw HTTP/2.0
host: i.ytimg.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://i.ytimg.com/vi/El2mqrJXHuQ/mqdefault.jpg?sqp=-oaymwEFCJQBEFM&rs=AMzJL3muGUKNiHAq2fFYB-gJBGUznHjS0g

chrome.exe

Remote address:

216.58.201.118:443

Request

GET /vi/El2mqrJXHuQ/mqdefault.jpg?sqp=-oaymwEFCJQBEFM&rs=AMzJL3muGUKNiHAq2fFYB-gJBGUznHjS0g HTTP/2.0
host: i.ytimg.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
CONNECT

chrome.exe

Remote address:

216.239.34.157:443

Request

CONNECT HTTP/2.0
host: www.reddit.com:443
chrome-tunnel: key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response

HTTP/2.0 200

content-type: text/plain; charset=utf-8
date: Sun, 13 Oct 2024 10:09:35 GMT
GET

https://www.youtube.com/iframe_api?version=3

chrome.exe

Remote address:

142.250.187.238:443

Request

GET /iframe_api?version=3 HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.youtube.com/s/player/2f238d39/www-widgetapi.vflset/www-widgetapi.js

chrome.exe

Remote address:

142.250.187.238:443

Request

GET /s/player/2f238d39/www-widgetapi.vflset/www-widgetapi.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.google.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: YSC=Lli-1mngLsY
cookie: VISITOR_INFO1_LIVE=ZEjrj16tJI4
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgbg%3D%3D
GET

https://www.youtube.com/embed/?enablejsapi=1&rel=0&autoplay=0&playsinline=1&expflag=embeds_enable_muted_autoplay%3Atrue&fs=1

chrome.exe

Remote address:

142.250.187.238:443

Request

GET /embed/?enablejsapi=1&rel=0&autoplay=0&playsinline=1&expflag=embeds_enable_muted_autoplay%3Atrue&fs=1 HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.google.com/search?q=LD+Player&oq=LD+Player&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBCTk0OTAyajBqN6gCALACAA&sourceid=chrome&ie=UTF-8
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: YSC=Lli-1mngLsY
cookie: VISITOR_INFO1_LIVE=ZEjrj16tJI4
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgbg%3D%3D
GET

https://www.youtube.com/s/player/2f238d39/www-player.css

chrome.exe

Remote address:

142.250.187.238:443

Request

GET /s/player/2f238d39/www-player.css HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
x-client-data: CMHZygE=
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://www.youtube.com/embed/?enablejsapi=1&rel=0&autoplay=0&playsinline=1&expflag=embeds_enable_muted_autoplay%3Atrue&fs=1
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: YSC=Lli-1mngLsY
cookie: VISITOR_INFO1_LIVE=ZEjrj16tJI4
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgbg%3D%3D
GET

https://www.youtube.com/s/player/2f238d39/player_ias.vflset/en_US/embed.js

chrome.exe

Remote address:

142.250.187.238:443

Request

GET /s/player/2f238d39/player_ias.vflset/en_US/embed.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/embed/?enablejsapi=1&rel=0&autoplay=0&playsinline=1&expflag=embeds_enable_muted_autoplay%3Atrue&fs=1
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: YSC=Lli-1mngLsY
cookie: VISITOR_INFO1_LIVE=ZEjrj16tJI4
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgbg%3D%3D
GET

https://www.youtube.com/s/player/2f238d39/www-embed-player.vflset/www-embed-player.js

chrome.exe

Remote address:

142.250.187.238:443

Request

GET /s/player/2f238d39/www-embed-player.vflset/www-embed-player.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/embed/?enablejsapi=1&rel=0&autoplay=0&playsinline=1&expflag=embeds_enable_muted_autoplay%3Atrue&fs=1
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: YSC=Lli-1mngLsY
cookie: VISITOR_INFO1_LIVE=ZEjrj16tJI4
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgbg%3D%3D
GET

https://www.youtube.com/s/player/2f238d39/player_ias.vflset/en_US/base.js

chrome.exe

Remote address:

142.250.187.238:443

Request

GET /s/player/2f238d39/player_ias.vflset/en_US/base.js HTTP/2.0
host: www.youtube.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/embed/?enablejsapi=1&rel=0&autoplay=0&playsinline=1&expflag=embeds_enable_muted_autoplay%3Atrue&fs=1
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: YSC=Lli-1mngLsY
cookie: VISITOR_INFO1_LIVE=ZEjrj16tJI4
cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgbg%3D%3D
GET

https://googleads.g.doubleclick.net/pagead/id

chrome.exe

Remote address:

142.250.200.34:443

Request

GET /pagead/id HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.youtube.com
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

chrome.exe

Remote address:

142.250.200.34:443

Request

GET /pagead/id?slf_rd=1 HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.youtube.com
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://static.doubleclick.net/instream/ad_status.js

chrome.exe

Remote address:

142.250.200.38:443

Request

GET /instream/ad_status.js HTTP/2.0
host: static.doubleclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
OPTIONS

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

chrome.exe

Remote address:

142.250.180.10:443

Request

OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: jnn-pa.googleapis.com
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type,x-goog-api-key,x-user-agent
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

chrome.exe

Remote address:

142.250.180.10:443

Request

POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/2.0
host: jnn-pa.googleapis.com
content-length: 24
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
x-user-agent: grpc-web-javascript/0.1
x-goog-api-key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
content-type: application/json+protobuf
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.youtube.com
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

38.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

38.200.250.142.in-addr.arpa

IN PTR

Response

38.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f61e100net
DNS

fonts.googleapis.com

Remote address:

8.8.8.8:53

Request

fonts.googleapis.com

IN A

Response

fonts.googleapis.com

IN A

172.217.169.42
DNS

fonts.googleapis.com

Remote address:

8.8.8.8:53

Request

fonts.googleapis.com

IN A

Response

fonts.googleapis.com

IN A

172.217.169.42
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

chrome.exe

Remote address:

172.217.169.46:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
OPTIONS

https://play.google.com/log?format=json&hasfast=true&authuser=0

chrome.exe

Remote address:

172.217.169.46:443

Request

OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/2.0
host: play.google.com
accept: */*
access-control-request-method: POST
access-control-request-headers: x-goog-authuser
origin: https://www.youtube.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.youtube.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

cdn.ldplayer.net

chrome.exe

Remote address:

8.8.8.8:53

Request

cdn.ldplayer.net

IN A

Response

cdn.ldplayer.net

IN CNAME

cdn.ldplayer.net.w.cdngslb.com

cdn.ldplayer.net.w.cdngslb.com

IN A

79.133.176.186
DNS

cdn.ldplayer.net

chrome.exe

Remote address:

8.8.8.8:53

Request

cdn.ldplayer.net

IN A

Response

cdn.ldplayer.net

IN CNAME

cdn.ldplayer.net.w.cdngslb.com

cdn.ldplayer.net.w.cdngslb.com

IN A

79.133.176.186
DNS

res.ldrescdn.com

chrome.exe

Remote address:

8.8.8.8:53

Request

res.ldrescdn.com

IN A

Response

res.ldrescdn.com

IN CNAME

res.ldrescdn.com.queniuaa.com

res.ldrescdn.com.queniuaa.com

IN A

163.181.154.242

res.ldrescdn.com.queniuaa.com

IN A

163.181.154.243

res.ldrescdn.com.queniuaa.com

IN A

163.181.154.239

res.ldrescdn.com.queniuaa.com

IN A

163.181.154.240

res.ldrescdn.com.queniuaa.com

IN A

163.181.154.238

res.ldrescdn.com.queniuaa.com

IN A

163.181.154.244

res.ldrescdn.com.queniuaa.com

IN A

163.181.154.241

res.ldrescdn.com.queniuaa.com

IN A

163.181.154.237
DNS

36.70.67.172.in-addr.arpa

chrome.exe

Remote address:

8.8.8.8:53

Request

36.70.67.172.in-addr.arpa

IN PTR

Response
DNS

36.70.67.172.in-addr.arpa

chrome.exe

Remote address:

8.8.8.8:53

Request

36.70.67.172.in-addr.arpa

IN PTR

Response
GET

https://cmp.setupcmp.com/cmp/cmp/cmp-stub.js

chrome.exe

Remote address:

172.67.70.36:443

Request

GET /cmp/cmp/cmp-stub.js HTTP/2.0
host: cmp.setupcmp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:37 GMT
content-type: text/javascript
content-md5: 3jfo58Cotbsu8TxBvJOgIw==
last-modified: Tue, 28 Nov 2023 10:43:06 GMT
x-ms-request-id: eebaaebb-b01e-00ce-38d6-fd97bd000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: country
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 6084
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ooVcgVyPKCXiGSRm5s2jKADIVu58bxtdxzRJo8LSuCNBtPxaAWs6PwepXekPa9b3L2yocZirgsxIO%2FimbgasY7%2BsmMY0NzKF1CyDueR48zUnRCWEH%2BUFQ6%2FahbEZZNzWO6A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d1e89032c21ccc1-LHR
content-encoding: br
GET

https://cmp.setupcmp.com/cmp/cmp/cmp-v1.js

chrome.exe

Remote address:

172.67.70.36:443

Request

GET /cmp/cmp/cmp-v1.js HTTP/2.0
host: cmp.setupcmp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:37 GMT
content-type: text/javascript
content-md5: HWuE1AgkWQcjGOtyrRdw+g==
last-modified: Mon, 09 Sep 2024 10:37:54 GMT
x-ms-request-id: 0274722a-c01e-0089-72b5-0afce6000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: country
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 3440
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0UMqc1RFY3HEtxX8btUvBtu%2BevK9%2FZjvSB%2FEegARN3I3EKd%2B7N0GQw88kCESU1aY2b5WRurLToy0w71yxzOblKOe%2F9ji%2Fc9a4jkEa93Rj%2FJ5Vr8saXJWGMrVSv1V%2BkSSq5Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d1e89032c23ccc1-LHR
content-encoding: br
GET

https://cmp.setupcmp.com/cmp/images/setupad.svg

chrome.exe

Remote address:

172.67.70.36:443

Request

GET /cmp/images/setupad.svg HTTP/2.0
host: cmp.setupcmp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:38 GMT
content-type: image/svg+xml
content-md5: 5Kz7x6fRmNvQF3ETA9Y1ZQ==
last-modified: Thu, 13 Oct 2022 10:05:40 GMT
x-ms-request-id: 5721fe77-d01e-00ba-7bd6-fda34d000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: country
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 3311
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o0SRseMfA5ywR7bxUB7%2BZX9DKtE%2FCMa0T6ccmSKfA8tCP46y4N%2FbUGgzxGSrEt5PnWiZM2397%2FW99Q4mcV0okMbUDYahOyjocEcugopc5YUM%2BkqhpN7IXeXQLbaPm458C7U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d1e8907ea12ccc1-LHR
content-encoding: br
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/img/logo.deeb2ee.webp

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/img/logo.deeb2ee.webp HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: image/webp
content-length: 1888
date: Sat, 12 Oct 2024 08:05:45 GMT
x-oss-request-id: 670A2DD9637FD23238F1C11E
vary: Origin
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "385D3EBA67503EE680B40308F4753083"
last-modified: Sat, 12 Oct 2024 07:04:06 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 10644451974219734452
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: OF0+umdQPuaAtAMI9HUwgw==
x-oss-server-time: 38
access-control-allow-origin: *
via: ens-cache15.l2de3[0,0,200-0,H], ens-cache9.l2de3[1,0], ens-cache18.gb4[0,0,200-0,H], ens-cache28.gb4[2,0]
age: 93832
ali-swift-global-savetime: 1728720345
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sat, 12 Oct 2024 23:30:11 GMT
x-swift-cachetime: 2536534
access-control-allow-methods: GET,POST,PUT
timing-allow-origin: *
eagleid: a3b59ab017288141777834825e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/img/ld-9-btn.fcef8a7.webp

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/img/ld-9-btn.fcef8a7.webp HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: image/webp
content-length: 4916
date: Sat, 14 Sep 2024 04:10:35 GMT
x-oss-request-id: 66E50CBB15F0493435F61A25
vary: Origin
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "FAE62C475DE66B9F51517742AA3C63BE"
last-modified: Sat, 14 Sep 2024 03:02:45 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 9140703714504217469
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: +uYsR13ma59RUXdCqjxjvg==
x-oss-server-time: 6
via: ens-cache12.l2de3[0,0,206-0,H], ens-cache12.l2de3[1,0], ens-cache10.gb4[0,0,200-0,H], ens-cache28.gb4[3,0]
age: 2527142
ali-swift-global-savetime: 1726287035
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 15 Sep 2024 16:31:19 GMT
x-swift-cachetime: 2461156
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141777834826e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/img/zzz-btn-en.5a376bc.webp

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/img/zzz-btn-en.5a376bc.webp HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: image/webp
content-length: 23041
date: Sat, 14 Sep 2024 04:10:35 GMT
x-oss-request-id: 66E50CBB637FD23530F61E22
vary: Origin
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "CC556457924C2E6B402430BD6D93FA08"
last-modified: Sat, 14 Sep 2024 03:02:48 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 7461265278717888748
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: zFVkV5JMLmtAJDC9bZP6CA==
x-oss-server-time: 63
via: ens-cache6.l2de3[0,7,206-0,H], ens-cache12.l2de3[9,0], ens-cache2.gb4[0,0,200-0,H], ens-cache28.gb4[1,0]
age: 2527142
ali-swift-global-savetime: 1726287035
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Mon, 16 Sep 2024 13:58:42 GMT
x-swift-cachetime: 2383913
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778144886e
GET

https://res.ldrescdn.com/rms/ldplayer/process/img/563faa39e54a4b6684056adb5050550b1726655143.png

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /rms/ldplayer/process/img/563faa39e54a4b6684056adb5050550b1726655143.png HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/octet-stream
content-length: 43487
date: Wed, 18 Sep 2024 10:30:42 GMT
x-oss-request-id: 66EAABD29D920A3732202040
vary: Origin
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "92647998C724C7EAD8CD759E3A2A2C2A-1"
last-modified: Wed, 18 Sep 2024 10:25:43 GMT
x-oss-object-type: Multipart
x-oss-hash-crc64ecma: 3037267485555900109
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
x-oss-server-time: 8
via: ens-cache7.l2de3[0,0,206-0,H], ens-cache17.l2de3[1,0], ens-cache19.gb4[0,0,200-0,H], ens-cache28.gb4[1,0]
age: 2158735
ali-swift-global-savetime: 1726655442
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Wed, 18 Sep 2024 10:51:38 GMT
x-swift-cachetime: 2590744
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778164889e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/cdbcd27.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/cdbcd27.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 3769
date: Sat, 12 Oct 2024 07:03:56 GMT
vary: Accept-Encoding
x-oss-request-id: 670A1F5C40058435376D2C52
vary: Origin
x-oss-cdn-auth: success
last-modified: Sat, 12 Oct 2024 07:03:14 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 7353778593447037843
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: Zo94K5ab3HO9S+kRnkqOyw==
x-oss-server-time: 10
content-encoding: gzip
via: ens-cache14.l2de3[0,0,200-0,H], ens-cache7.l2de3[1,0], ens-cache25.gb4[0,0,200-0,H], ens-cache28.gb4[1,0]
age: 97541
ali-swift-global-savetime: 1728716636
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sat, 12 Oct 2024 07:04:04 GMT
x-swift-cachetime: 2591992
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778624952e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/0d4bc0f.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/0d4bc0f.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 12625
date: Sat, 12 Oct 2024 02:32:08 GMT
vary: Accept-Encoding
x-oss-request-id: 6709DFA8C05EDB303815199E
vary: Origin
x-oss-cdn-auth: success
last-modified: Sat, 12 Oct 2024 02:31:09 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 14344692357148605933
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: 5YMlQ9uNmsqF7b1BytFkpA==
x-oss-server-time: 6
content-encoding: gzip
via: ens-cache9.l2de3[669,668,200-0,M], ens-cache6.l2de3[670,0], ens-cache2.gb4[0,0,200-0,H], ens-cache28.gb4[2,0]
age: 113849
ali-swift-global-savetime: 1728700328
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sat, 12 Oct 2024 02:32:08 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778754972e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/822857e.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/822857e.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 4985
date: Sun, 29 Sep 2024 09:34:46 GMT
vary: Accept-Encoding
x-oss-request-id: 66F91F368E4DB93839D7D359
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:34:05 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 13043150438318578604
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: 7oFRCUoVLmlp5CZRvCvu1w==
x-oss-server-time: 9
content-encoding: gzip
via: cache22.l2fr1[0,0,200-0,H], cache27.l2fr1[1,0], ens-cache6.gb4[0,0,200-0,H], ens-cache28.gb4[1,0]
age: 1211691
ali-swift-global-savetime: 1727602486
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 09:49:55 GMT
x-swift-cachetime: 2591091
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778764973e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/00e857b.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/00e857b.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 1535
date: Sun, 29 Sep 2024 09:49:55 GMT
vary: Accept-Encoding
x-oss-request-id: 66F922C39BED1435350D9E34
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:39:38 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 200680760873230296
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: wD1wbtaKlVwSObXqVl+4pw==
x-oss-server-time: 7
content-encoding: gzip
via: cache9.l2fr1[249,248,200-0,M], cache38.l2fr1[249,0], ens-cache14.gb4[0,0,200-0,H], ens-cache28.gb4[2,0]
age: 1210782
ali-swift-global-savetime: 1727603395
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 09:49:55 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778764975e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/2da8629.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/2da8629.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 1325
date: Thu, 26 Sep 2024 03:22:18 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D36A9A63363232A58EC7
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:32 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 2631293360292978808
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: 8O68f3BYJxgnjQ7anChDNg==
x-oss-server-time: 19
content-encoding: gzip
via: ens-cache17.l2de3[380,380,200-0,M], ens-cache14.l2de3[381,0], ens-cache6.gb4[0,0,200-0,H], ens-cache28.gb4[2,0]
age: 1493239
ali-swift-global-savetime: 1727320938
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778804980e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/79a45c7.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/79a45c7.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 24967
date: Thu, 26 Sep 2024 03:22:18 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D36A5841FF383889B191
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:31 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 7695670319039191043
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: /cKAQAvQoj7BSJxpVUYm9Q==
x-oss-server-time: 63
content-encoding: gzip
via: ens-cache8.l2de3[406,406,200-0,M], ens-cache9.l2de3[408,0], ens-cache10.gb4[0,0,200-0,H], ens-cache28.gb4[5,0]
age: 1493239
ali-swift-global-savetime: 1727320938
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778814981e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/de6cf08.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/de6cf08.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 35988
date: Thu, 26 Sep 2024 03:09:53 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D0815841FF32307EF477
vary: Origin
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "06D82BFE795E2DFBD3B78276C26DB4E8"
last-modified: Thu, 26 Sep 2024 02:55:36 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 8344077747616852377
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: Btgr/nleLfvTt4J2wm206A==
x-oss-server-time: 7
via: ens-cache8.l2de3[175,175,206-0,M], ens-cache18.l2de3[177,0], ens-cache9.gb4[0,0,200-0,H], ens-cache28.gb4[5,0]
age: 1493984
ali-swift-global-savetime: 1727320193
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:09:53 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778814984e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/17827bb.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/17827bb.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 3876
date: Thu, 26 Sep 2024 03:22:18 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D36AFEEE6A3133419C9E
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:31 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 7315361417257899113
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: tqEfKTQk1yqrFSXTSK4HQQ==
x-oss-server-time: 21
content-encoding: gzip
via: ens-cache5.l2de3[196,196,200-0,M], ens-cache12.l2de3[199,0], ens-cache17.gb4[0,0,200-0,H], ens-cache28.gb4[4,0]
age: 1493239
ali-swift-global-savetime: 1727320938
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778824985e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/ea3d90c.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/ea3d90c.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 3733
date: Thu, 26 Sep 2024 03:22:18 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D36A0189C73530DEADC6
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:36 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 288622484056727895
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: 0zKpCCEDEnP4v9obUDUtYw==
x-oss-server-time: 15
content-encoding: gzip
via: ens-cache17.l2de3[358,358,200-0,M], ens-cache1.l2de3[359,0], ens-cache2.gb4[0,0,200-0,H], ens-cache28.gb4[4,0]
age: 1493239
ali-swift-global-savetime: 1727320938
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778824987e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/ae6e404.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/ae6e404.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 3993
date: Thu, 26 Sep 2024 03:22:18 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D36A15F0493532967DCA
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:34 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 12809726497563519829
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: iamnwb//hPEh28GrpIy4UA==
x-oss-server-time: 12
content-encoding: gzip
via: ens-cache16.l2de3[192,191,200-0,M], ens-cache2.l2de3[194,0], ens-cache4.gb4[0,0,200-0,H], ens-cache28.gb4[4,0]
age: 1493239
ali-swift-global-savetime: 1727320938
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778824988e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/176af8a.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/176af8a.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 23544
date: Thu, 26 Sep 2024 03:22:18 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D36A49824C3936BEF756
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:33 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 15051897667461983608
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: 2y5ggN4gMQi81v8k0Uwu0A==
x-oss-server-time: 23
content-encoding: gzip
via: ens-cache11.l2de3[384,384,200-0,M], ens-cache4.l2de3[394,0], ens-cache3.gb4[0,0,200-0,H], ens-cache28.gb4[4,0]
age: 1493239
ali-swift-global-savetime: 1727320938
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778824992e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/3db6060.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/3db6060.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 15683
date: Thu, 26 Sep 2024 03:22:18 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D36AF1D29D3334B3B8B7
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:31 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 9679690146297071199
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: zPOGUzWjYYozWEs8inpmfg==
x-oss-server-time: 32
content-encoding: gzip
via: ens-cache12.l2de3[212,212,200-0,M], ens-cache18.l2de3[214,0], ens-cache3.gb4[0,0,200-0,H], ens-cache28.gb4[13,0]
age: 1493239
ali-swift-global-savetime: 1727320938
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778824993e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/8a6fc82.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/8a6fc82.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 1398
date: Thu, 26 Sep 2024 03:22:18 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D36A94539435364C378B
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:32 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 10884249347822262056
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: 2Dj75u1NC8rsl/+Fwc0rFQ==
x-oss-server-time: 24
content-encoding: gzip
via: ens-cache18.l2de3[204,205,200-0,M], ens-cache2.l2de3[206,0], ens-cache26.gb4[0,0,200-0,H], ens-cache28.gb4[9,0]
age: 1493239
ali-swift-global-savetime: 1727320938
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778864999e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/c3e6bfb.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/c3e6bfb.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 9727
date: Thu, 26 Sep 2024 03:22:18 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D36A1E3C923836B1A3B0
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:29 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 12224059745542813231
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: Dtuc4VD+EHc2OKtD+Qf6AA==
x-oss-server-time: 31
content-encoding: gzip
via: ens-cache14.l2de3[198,197,200-0,M], ens-cache10.l2de3[199,0], ens-cache28.gb4[0,0,200-0,H], ens-cache28.gb4[9,0]
age: 1493239
ali-swift-global-savetime: 1727320938
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778865002e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/b1e6416.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/b1e6416.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 16155
date: Thu, 26 Sep 2024 03:22:18 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D36A7594F93133F6A08B
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:34 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 15371654304187560079
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: JKGyv0jhFGkk0Mpe5o1Rcg==
x-oss-server-time: 29
content-encoding: gzip
via: ens-cache1.l2de3[201,201,200-0,M], ens-cache16.l2de3[203,0], ens-cache18.gb4[0,0,200-0,H], ens-cache28.gb4[9,0]
age: 1493239
ali-swift-global-savetime: 1727320938
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778865004e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/30f4ca2.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/30f4ca2.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 13216
date: Thu, 26 Sep 2024 03:22:18 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D36A108AF5363373E66A
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:30 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 15115145409810158000
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: olWKZjcHDDzJOvO2SAe5gg==
x-oss-server-time: 27
content-encoding: gzip
via: ens-cache16.l2de3[369,369,200-0,M], ens-cache8.l2de3[370,0], ens-cache19.gb4[0,0,200-0,H], ens-cache28.gb4[9,0]
age: 1493239
ali-swift-global-savetime: 1727320938
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778865007e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/5597061.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/5597061.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 2233
date: Thu, 26 Sep 2024 03:22:18 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D36AE9CC4C3531D7FB90
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:31 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 3870250986345115739
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: spTfc/1ZrVs24KPcKIqoEQ==
x-oss-server-time: 16
content-encoding: gzip
via: ens-cache8.l2de3[347,346,200-0,M], ens-cache2.l2de3[348,0], ens-cache11.gb4[0,0,200-0,H], ens-cache28.gb4[9,0]
age: 1493239
ali-swift-global-savetime: 1727320938
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778865008e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/b61908b.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/b61908b.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 28662
date: Thu, 26 Sep 2024 03:22:18 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D36AA87B9A303254E331
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:35 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 10878903770809897827
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: mjD3Sy36jZZVXjjQG6xS2g==
x-oss-server-time: 29
content-encoding: gzip
via: ens-cache5.l2de3[220,219,200-0,M], ens-cache8.l2de3[221,0], ens-cache18.gb4[0,0,200-0,H], ens-cache28.gb4[9,0]
age: 1493239
ali-swift-global-savetime: 1727320938
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778865009e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/752cf03.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/752cf03.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 3485
date: Thu, 26 Sep 2024 03:22:18 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D36A72154E3432F6BE8C
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:32 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 609119958257432257
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: Lx9TsTYoT2P5ImqRZTN4mw==
x-oss-server-time: 19
content-encoding: gzip
via: ens-cache4.l2de3[215,215,200-0,M], ens-cache10.l2de3[229,0], ens-cache25.gb4[0,0,200-0,H], ens-cache28.gb4[9,0]
age: 1493239
ali-swift-global-savetime: 1727320938
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778865012e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/82b449b.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/82b449b.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 7006
date: Thu, 26 Sep 2024 03:22:18 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D36A0900E63834A30CAA
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:32 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 7815393903643185563
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: FPZbFXrJm0HR1fcwqPUAHA==
x-oss-server-time: 29
content-encoding: gzip
via: ens-cache3.l2de3[201,200,200-0,M], ens-cache5.l2de3[204,0], ens-cache21.gb4[0,0,200-0,H], ens-cache28.gb4[9,0]
age: 1493239
ali-swift-global-savetime: 1727320938
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778865014e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/cdb5356.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/cdb5356.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 32466
date: Thu, 26 Sep 2024 03:22:18 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D36A58A49D3031E40D4E
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:33 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 6447869857567774402
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: mbg/q3YIG24TFMO2keeNeg==
x-oss-server-time: 85
content-encoding: gzip
via: ens-cache5.l2de3[273,273,200-0,M], ens-cache18.l2de3[274,0], ens-cache21.gb4[0,0,200-0,H], ens-cache28.gb4[9,0]
age: 1493239
ali-swift-global-savetime: 1727320938
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778865019e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/9811b80.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/9811b80.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 16469
date: Thu, 26 Sep 2024 03:22:18 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D36AE702E2393079B234
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:31 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 14985787465103932720
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: LfRnFRr8Se1R+e+LQRICeg==
x-oss-server-time: 19
content-encoding: gzip
via: ens-cache3.l2de3[379,378,200-0,M], ens-cache16.l2de3[381,0], ens-cache4.gb4[0,0,200-0,H], ens-cache28.gb4[13,0]
age: 1493239
ali-swift-global-savetime: 1727320938
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778824991e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/936f4cf.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/936f4cf.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 27303
date: Thu, 26 Sep 2024 03:22:18 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D36AE702E2393672B234
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:35 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 16530561533063737369
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: df/PIL+RcqBpPGoN237i3A==
x-oss-server-time: 21
content-encoding: gzip
via: ens-cache14.l2de3[386,386,200-0,M], ens-cache10.l2de3[387,0], ens-cache23.gb4[0,0,200-0,H], ens-cache28.gb4[10,0]
age: 1493239
ali-swift-global-savetime: 1727320938
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778955024e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/fcc86b6.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/fcc86b6.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 22509
date: Thu, 26 Sep 2024 03:22:18 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D36A058B0F373553ED39
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 17963165072484132755
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: hhnPsiAcNFzI4K9J0Nbipw==
x-oss-server-time: 22
content-encoding: gzip
via: ens-cache15.l2de3[382,381,200-0,M], ens-cache10.l2de3[383,0], ens-cache1.gb4[0,0,200-0,H], ens-cache28.gb4[19,0]
age: 1493239
ali-swift-global-savetime: 1727320938
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778865016e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/4ae49c3.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/4ae49c3.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 28737
date: Thu, 26 Sep 2024 03:22:18 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D36A7732EB31395FBE8C
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:35 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 5911656990306831737
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: WOKwUWYqmtoxFpTkzWBIVg==
x-oss-server-time: 37
content-encoding: gzip
via: ens-cache9.l2de3[397,397,200-0,M], ens-cache6.l2de3[398,0], ens-cache16.gb4[0,0,200-0,H], ens-cache28.gb4[10,0]
age: 1493239
ali-swift-global-savetime: 1727320938
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778955026e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/c520b82.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/c520b82.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 5295
date: Thu, 26 Sep 2024 03:22:18 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D36AA87B9A38344CE331
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:32 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 13846591447724925865
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: IH6E5C0lS6xSghgBNBcMmQ==
x-oss-server-time: 31
content-encoding: gzip
via: ens-cache7.l2de3[203,202,200-0,M], ens-cache15.l2de3[204,0], ens-cache2.gb4[0,0,200-0,H], ens-cache28.gb4[10,0]
age: 1493239
ali-swift-global-savetime: 1727320938
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778955027e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/c14bdd6.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/c14bdd6.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 5496
date: Thu, 26 Sep 2024 03:22:18 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D36A637FD23035DECF81
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:27 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 6118162375614112089
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: VIApU3dMj/E1oa+TnnnFfw==
x-oss-server-time: 116
content-encoding: gzip
via: ens-cache15.l2de3[474,474,200-0,M], ens-cache12.l2de3[475,0], ens-cache3.gb4[0,0,200-0,H], ens-cache28.gb4[10,0]
age: 1493239
ali-swift-global-savetime: 1727320938
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778955028e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/329aac5.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/329aac5.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 17963
date: Sun, 29 Sep 2024 09:43:06 GMT
vary: Accept-Encoding
x-oss-request-id: 66F9212A0A930632386F8F7F
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:39:50 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 10990788376442447310
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: i4B9xMyN4PFSmz9QFaj1Vw==
x-oss-server-time: 10
content-encoding: gzip
via: cache12.l2fr1[469,469,200-0,M], cache8.l2fr1[470,0], ens-cache28.gb4[0,0,200-0,H], ens-cache28.gb4[10,0]
age: 1211191
ali-swift-global-savetime: 1727602986
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 09:43:06 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778955029e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/2af5e0e.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/2af5e0e.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 3152
date: Fri, 27 Sep 2024 06:23:39 GMT
vary: Accept-Encoding
x-oss-request-id: 66F64F6B41CA9431316565DB
vary: Origin
x-oss-cdn-auth: success
last-modified: Fri, 27 Sep 2024 06:22:47 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 5541720585750953447
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: k5D75T0WaTyz1wqtG+RjNA==
x-oss-server-time: 5
content-encoding: gzip
via: ens-cache1.l2de3[0,0,200-0,H], ens-cache1.l2de3[1,0], ens-cache15.gb4[0,0,200-0,H], ens-cache28.gb4[10,0]
age: 1395958
ali-swift-global-savetime: 1727418219
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Fri, 27 Sep 2024 06:40:30 GMT
x-swift-cachetime: 2590989
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778955031e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/f8f31e1.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/f8f31e1.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 18440
date: Sun, 29 Sep 2024 09:34:44 GMT
vary: Accept-Encoding
x-oss-request-id: 66F91F34FEEE6A36381DDBC3
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:34:07 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 15786695231848073918
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: I161tmxJSaeD6//+PLV91A==
x-oss-server-time: 7
content-encoding: gzip
via: cache37.l2fr1[0,0,200-0,H], cache36.l2fr1[1,0], ens-cache9.gb4[0,0,200-0,H], ens-cache28.gb4[10,0]
age: 1211693
ali-swift-global-savetime: 1727602484
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 09:43:06 GMT
x-swift-cachetime: 2591498
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778955033e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/743fc12.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/743fc12.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 4645
date: Thu, 26 Sep 2024 03:09:57 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D085AA0DCC373440BE69
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 18321806180069190137
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: JFXBYracWBqsAqHytpC0Eg==
x-oss-server-time: 22
content-encoding: gzip
via: ens-cache7.l2de3[0,0,200-0,H], ens-cache5.l2de3[1,0], ens-cache22.gb4[0,0,200-0,H], ens-cache28.gb4[10,0]
age: 1493980
ali-swift-global-savetime: 1727320197
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2591259
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778955035e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/c18d858.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/c18d858.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 4653
date: Thu, 26 Sep 2024 03:22:18 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D36A5354653136AB1125
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:30 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 4563003722384324588
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: 9auTZ9nmmiA2gF5yU0BZLQ==
x-oss-server-time: 79
content-encoding: gzip
via: ens-cache18.l2de3[266,265,200-0,M], ens-cache9.l2de3[266,0], ens-cache6.gb4[0,0,200-0,H], ens-cache28.gb4[10,0]
age: 1493239
ali-swift-global-savetime: 1727320938
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778955037e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/f05c90e.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/f05c90e.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 4640
date: Thu, 26 Sep 2024 03:22:18 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D36A9D920A3536B9824D
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:36 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 14271376163935975493
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: dq/6mbc3s03M4ctoHP6vKw==
x-oss-server-time: 18
content-encoding: gzip
via: ens-cache18.l2de3[189,189,200-0,M], ens-cache16.l2de3[197,0], ens-cache23.gb4[0,0,200-0,H], ens-cache28.gb4[10,0]
age: 1493239
ali-swift-global-savetime: 1727320938
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778955038e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/6f2e593.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/6f2e593.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/octet-stream
content-length: 1772365
date: Thu, 10 Oct 2024 03:04:32 GMT
x-oss-request-id: 67074440423FC33331E6D5FD
vary: Origin
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "AB5CE728DDD975334723D917314D85E8-2"
last-modified: Thu, 10 Oct 2024 03:04:07 GMT
x-oss-object-type: Multipart
x-oss-hash-crc64ecma: 10088980753330591555
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
x-oss-server-time: 25
via: ens-cache10.l2de3[0,0,200-0,H], ens-cache6.l2de3[1,0], ens-cache14.gb4[0,0,200-0,H], ens-cache28.gb4[10,0]
age: 284705
ali-swift-global-savetime: 1728529472
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 10 Oct 2024 03:31:05 GMT
x-swift-cachetime: 2590407
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778955040e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/e13cbcf.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/e13cbcf.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: image/webp
content-length: 3562
date: Wed, 02 Oct 2024 10:02:13 GMT
x-oss-request-id: 66FD1A25A87B9A3532DF3F4D
vary: Origin
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "EEEDF673C711A431F626A1CC87EF21DC"
last-modified: Wed, 02 Oct 2024 09:06:34 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 17385104986214234177
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: 7u32c8cRpDH2JqHMh+8h3A==
x-oss-server-time: 42
via: ens-cache17.l2de3[0,0,200-0,H], ens-cache9.l2de3[35,0], ens-cache1.gb4[0,0,200-0,H], ens-cache28.gb4[10,0]
age: 950844
ali-swift-global-savetime: 1727863333
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Fri, 11 Oct 2024 23:11:06 GMT
x-swift-cachetime: 1767067
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778955041e
GET

https://res.ldrescdn.com/rms/ldplayer/process/img/f68f571cf65c4ce491021cb94f7a5d791728529446.jpg

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /rms/ldplayer/process/img/f68f571cf65c4ce491021cb94f7a5d791728529446.jpg HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 1823
date: Thu, 26 Sep 2024 03:22:18 GMT
vary: Accept-Encoding
x-oss-request-id: 66F4D36A72154E3031C0BE8C
vary: Origin
x-oss-cdn-auth: success
last-modified: Thu, 26 Sep 2024 02:55:35 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 3272669360559420547
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: ynk5Qcl/RJg4tOnnkHkNrg==
x-oss-server-time: 257
content-encoding: gzip
via: ens-cache7.l2de3[428,427,200-0,M], ens-cache12.l2de3[429,0], ens-cache2.gb4[0,0,200-0,H], ens-cache28.gb4[19,0]
age: 1493239
ali-swift-global-savetime: 1727320938
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 26 Sep 2024 03:22:18 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778864996e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/img/css-sprites.9525f2a.webp

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/img/css-sprites.9525f2a.webp HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 3000
date: Wed, 02 Oct 2024 10:44:36 GMT
vary: Accept-Encoding
x-oss-request-id: 66FD2414048FEF3039A8B211
vary: Origin
x-oss-cdn-auth: success
last-modified: Wed, 02 Oct 2024 09:06:26 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 8871971960802153568
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: cdmeWTieeGudeRKFOeyCeg==
x-oss-server-time: 81
content-encoding: gzip
via: ens-cache10.l2de3[0,0,200-0,H], ens-cache6.l2de3[1,0], ens-cache2.gb4[0,0,200-0,H], ens-cache28.gb4[19,0]
age: 948300
ali-swift-global-savetime: 1727865877
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Thu, 10 Oct 2024 14:37:24 GMT
x-swift-cachetime: 1886833
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141778864998e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/abb52b4.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/abb52b4.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 2008
date: Sun, 29 Sep 2024 09:49:55 GMT
vary: Accept-Encoding
x-oss-request-id: 66F922C32FE6AF3133C6F249
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:39:46 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 13009315670843723609
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: jr/6ljq6wGvHo8e5Xj+1+g==
x-oss-server-time: 50
content-encoding: gzip
via: cache7.l2fr1[531,531,200-0,M], cache35.l2fr1[533,0], ens-cache11.gb4[0,0,200-0,H], ens-cache28.gb4[1,0]
age: 1210782
ali-swift-global-savetime: 1727603396
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 09:49:56 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141782875613e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/f94f763.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/f94f763.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 1425
date: Sun, 29 Sep 2024 09:49:55 GMT
vary: Accept-Encoding
x-oss-request-id: 66F922C3A87B9A3733442874
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:39:50 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 5840338338554891418
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: GYSLPtmn3S7VZ7Jy3NxF6g==
x-oss-server-time: 7
content-encoding: gzip
via: cache17.l2fr1[478,477,200-0,M], cache27.l2fr1[478,0], ens-cache17.gb4[0,0,200-0,H], ens-cache28.gb4[2,0]
age: 1210782
ali-swift-global-savetime: 1727603396
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 09:49:56 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141782875615e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/4fc27cd.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/4fc27cd.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 336
date: Sat, 12 Oct 2024 07:21:23 GMT
x-oss-request-id: 670A23732EF51D36316B5808
vary: Origin
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "1104BF7F26C4D436C98B2323ED755DEA"
last-modified: Sat, 12 Oct 2024 07:03:52 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 110651708161054915
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: EQS/fybE1DbJiyMj7XVd6g==
x-oss-server-time: 7
via: ens-cache14.l2de3[0,1,200-0,H], ens-cache10.l2de3[7,0], ens-cache10.gb4[0,-1,200-0,H], ens-cache28.gb4[5,0]
age: 96495
ali-swift-global-savetime: 1728717683
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 13 Oct 2024 02:56:30 GMT
x-swift-cachetime: 2521493
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141784925971e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/0a02c4c.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/0a02c4c.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 2038
date: Sat, 12 Oct 2024 02:32:09 GMT
vary: Accept-Encoding
x-oss-request-id: 6709DFA989FDF53035317D1E
vary: Origin
x-oss-cdn-auth: success
last-modified: Sat, 12 Oct 2024 02:31:09 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 16226876703476395465
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: tmCUl1ZzcqQay5HaZqgr3w==
x-oss-server-time: 6
content-encoding: gzip
via: ens-cache18.l2de3[173,173,200-0,M], ens-cache2.l2de3[176,0], ens-cache23.gb4[0,0,200-0,H], ens-cache28.gb4[5,0]
age: 113848
ali-swift-global-savetime: 1728700330
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sat, 12 Oct 2024 02:32:10 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141784925973e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/26072dd.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/26072dd.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 1140
date: Sun, 29 Sep 2024 09:46:55 GMT
vary: Accept-Encoding
x-oss-request-id: 66F9220F2319383337C4AC04
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:39:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 10731977990230056943
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: dviFfcH8C1eFO+eqbVq+KA==
x-oss-server-time: 7
content-encoding: gzip
via: cache36.l2fr1[0,0,200-0,H], cache36.l2fr1[1,0], ens-cache25.gb4[0,0,200-0,H], ens-cache28.gb4[5,0]
age: 1210963
ali-swift-global-savetime: 1727603215
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 09:49:55 GMT
x-swift-cachetime: 2591820
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141784925975e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/9bebfae.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/9bebfae.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 1907
date: Sun, 29 Sep 2024 09:34:44 GMT
vary: Accept-Encoding
x-oss-request-id: 66F91F340F2DD0313873313A
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:34:07 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 15854902302625400252
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: 2dScm9UzwdhCvkalZybEMA==
x-oss-server-time: 8
content-encoding: gzip
via: cache30.l2fr1[0,0,200-0,H], cache8.l2fr1[0,0], ens-cache19.gb4[0,0,200-0,H], ens-cache28.gb4[5,0]
age: 1211694
ali-swift-global-savetime: 1727602484
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 09:49:55 GMT
x-swift-cachetime: 2591089
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141784925976e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/65a68d6.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/65a68d6.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 10051
date: Sat, 12 Oct 2024 02:31:44 GMT
vary: Accept-Encoding
x-oss-request-id: 6709DF9083F8EA3437157FE8
vary: Origin
x-oss-cdn-auth: success
last-modified: Sat, 12 Oct 2024 02:31:13 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 15598635391394578057
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: +QdDvkKl3jt5U9zVWQaBWw==
x-oss-server-time: 8
content-encoding: gzip
via: ens-cache4.l2de3[0,0,200-0,H], ens-cache1.l2de3[1,0], ens-cache22.gb4[0,0,200-0,H], ens-cache28.gb4[5,0]
age: 113874
ali-swift-global-savetime: 1728700304
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sat, 12 Oct 2024 02:32:09 GMT
x-swift-cachetime: 2591975
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141784925979e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/c2e32be.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/c2e32be.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 22590
date: Sat, 12 Oct 2024 02:32:09 GMT
vary: Accept-Encoding
x-oss-request-id: 6709DFA9DA25D336353A38AF
vary: Origin
x-oss-cdn-auth: success
last-modified: Sat, 12 Oct 2024 02:31:18 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 6416936169423838292
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: aBlG+J0zfhufD0Ev4xhTuw==
x-oss-server-time: 7
content-encoding: gzip
via: ens-cache4.l2de3[200,199,200-0,M], ens-cache14.l2de3[201,0], ens-cache17.gb4[0,0,200-0,H], ens-cache28.gb4[9,0]
age: 113848
ali-swift-global-savetime: 1728700330
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sat, 12 Oct 2024 02:32:10 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141784925981e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/1ea3346.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/1ea3346.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 10456
date: Sat, 12 Oct 2024 07:03:57 GMT
vary: Accept-Encoding
x-oss-request-id: 670A1F5D1E3C923036AD8693
vary: Origin
x-oss-cdn-auth: success
last-modified: Sat, 12 Oct 2024 07:03:08 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 16905724341651716002
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: EWAL3PbdjQ1+F2WVT8tUiw==
x-oss-server-time: 10
content-encoding: gzip
via: ens-cache15.l2de3[0,0,200-0,H], ens-cache10.l2de3[1,0], ens-cache21.gb4[0,0,200-0,H], ens-cache28.gb4[4,0]
age: 97541
ali-swift-global-savetime: 1728716637
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sat, 12 Oct 2024 07:07:41 GMT
x-swift-cachetime: 2591776
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141784975983e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/47f226c.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/47f226c.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 1949
date: Sun, 29 Sep 2024 09:44:34 GMT
vary: Accept-Encoding
x-oss-request-id: 66F92182C05EDB323097B062
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:39:41 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 10819565741678327015
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: fHljDeXv4PUXEDydeLcyZg==
x-oss-server-time: 9
content-encoding: gzip
via: cache17.l2fr1[0,0,200-0,H], cache35.l2fr1[1,0], ens-cache10.gb4[0,0,200-0,H], ens-cache28.gb4[4,0]
age: 1211104
ali-swift-global-savetime: 1727603074
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 10:05:32 GMT
x-swift-cachetime: 2590742
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141784975984e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/4ba6880.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/4ba6880.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 3298
date: Sat, 12 Oct 2024 02:32:09 GMT
vary: Accept-Encoding
x-oss-request-id: 6709DFA93E97B139391B6E2B
vary: Origin
x-oss-cdn-auth: success
last-modified: Sat, 12 Oct 2024 02:31:12 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 4749342786224997971
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: Rs11h21yCt1rdMN4WgPVtg==
x-oss-server-time: 7
content-encoding: gzip
via: ens-cache9.l2de3[195,194,200-0,M], ens-cache4.l2de3[195,0], ens-cache22.gb4[0,0,200-0,H], ens-cache28.gb4[4,0]
age: 113848
ali-swift-global-savetime: 1728700330
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sat, 12 Oct 2024 02:32:10 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141784975986e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/a250eb2.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/a250eb2.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 580
date: Sat, 12 Oct 2024 02:32:09 GMT
x-oss-request-id: 6709DFA90F2DD03130973504
vary: Origin
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "8F842AD71D9DCAA9494EAA2BA4ADCFFA"
last-modified: Sat, 12 Oct 2024 02:31:17 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 174870818787626094
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: j4Qq1x2dyqlJTqorpK3P+g==
x-oss-server-time: 4
via: ens-cache14.l2de3[0,0,200-0,H], ens-cache2.l2de3[0,0], ens-cache25.gb4[0,0,200-0,H], ens-cache28.gb4[4,0]
age: 113848
ali-swift-global-savetime: 1728700330
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sat, 12 Oct 2024 03:40:59 GMT
x-swift-cachetime: 2587871
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141784975987e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/6dd8040.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/6dd8040.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 2413
date: Sun, 29 Sep 2024 10:02:08 GMT
vary: Accept-Encoding
x-oss-request-id: 66F925A01F08B03337754806
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:39:43 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 11757603356292055930
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: Cnf0gqJxyNfdVIbMbYE7LQ==
x-oss-server-time: 20
content-encoding: gzip
via: cache30.l2fr1[491,490,200-0,M], cache31.l2fr1[492,0], ens-cache15.gb4[0,0,200-0,H], ens-cache28.gb4[1,0]
age: 1210054
ali-swift-global-savetime: 1727604128
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 10:02:08 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141829715461e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/9caf658.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/9caf658.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 1732
date: Sun, 29 Sep 2024 09:40:52 GMT
vary: Accept-Encoding
x-oss-request-id: 66F920A40A9306303935DB7A
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:39:45 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 1459693845176511026
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: Qt+rz4+lRjzOcATrJQuzkA==
x-oss-server-time: 10
content-encoding: gzip
via: cache27.l2fr1[0,0,200-0,H], cache40.l2fr1[0,0], ens-cache4.gb4[0,0,200-0,H], ens-cache28.gb4[0,0]
age: 1211330
ali-swift-global-savetime: 1727602852
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 09:49:53 GMT
x-swift-cachetime: 2591459
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141829805466e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/acb0886.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/acb0886.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 1574
date: Sun, 29 Sep 2024 09:34:47 GMT
vary: Accept-Encoding
x-oss-request-id: 66F91F37E2619A33349CBE65
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:34:07 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 16653413681747270422
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: 6LlM0OwGWwuRnZC9Xi/e8Q==
x-oss-server-time: 10
content-encoding: gzip
via: cache2.l2fr1[0,0,200-0,H], cache22.l2fr1[1,0], ens-cache21.gb4[0,0,200-0,H], ens-cache28.gb4[2,0]
age: 1211695
ali-swift-global-savetime: 1727602487
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 09:42:02 GMT
x-swift-cachetime: 2591565
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141829865477e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/b92311f.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/b92311f.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 4638
date: Sun, 29 Sep 2024 09:34:47 GMT
vary: Accept-Encoding
x-oss-request-id: 66F91F37058B0F3932C72A42
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:34:07 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 502171698609756891
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: mh/AvAA7Ip787ah5iui2IQ==
x-oss-server-time: 7
content-encoding: gzip
via: cache38.l2fr1[0,0,200-0,H], cache39.l2fr1[1,0], ens-cache3.gb4[0,0,200-0,H], ens-cache28.gb4[1,0]
age: 1211695
ali-swift-global-savetime: 1727602487
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 10:02:07 GMT
x-swift-cachetime: 2590360
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141829875478e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/3cfd74a.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/3cfd74a.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 484
date: Sun, 29 Sep 2024 09:52:55 GMT
vary: Accept-Encoding
x-oss-request-id: 66F9237765E667393995A521
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:39:40 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 12331635910989638016
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: 45I13fL16+BHKO7z2p3v6g==
x-oss-server-time: 12
content-encoding: gzip
via: cache40.l2fr1[0,0,200-0,H], cache32.l2fr1[1,0], ens-cache14.gb4[0,0,200-0,H], ens-cache28.gb4[2,0]
age: 1210607
ali-swift-global-savetime: 1727603575
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 10:02:07 GMT
x-swift-cachetime: 2591448
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141829875481e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/2e67196.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/2e67196.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 3220
date: Sun, 29 Sep 2024 09:49:54 GMT
vary: Accept-Encoding
x-oss-request-id: 66F922C213F9D43733A873D8
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:39:40 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 16598018681922684356
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: bW21AKF9ipj7RgIxCFNhVA==
x-oss-server-time: 11
content-encoding: gzip
via: cache29.l2fr1[255,254,200-0,M], cache24.l2fr1[256,0], ens-cache9.gb4[0,0,200-0,H], ens-cache28.gb4[1,0]
age: 1210788
ali-swift-global-savetime: 1727603394
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 09:49:54 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141829885482e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/6ec0a1f.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/6ec0a1f.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 5343
date: Sun, 29 Sep 2024 09:34:47 GMT
vary: Accept-Encoding
x-oss-request-id: 66F91F371EAB8E31392F560F
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:34:04 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 18356698555702227758
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: zGNtOmPX6sFT43OGRiAXDA==
x-oss-server-time: 12
content-encoding: gzip
via: cache20.l2fr1[0,0,200-0,H], cache37.l2fr1[1,0], ens-cache2.gb4[0,0,200-0,H], ens-cache28.gb4[2,0]
age: 1211695
ali-swift-global-savetime: 1727602487
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 10:02:07 GMT
x-swift-cachetime: 2590360
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141829905488e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/56f98c1.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/56f98c1.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 890
date: Sun, 29 Sep 2024 09:49:53 GMT
x-oss-request-id: 66F922C1E2619A3939628085
vary: Origin
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "D1D832540B8AF9E928BD32A9C0CD6B2D"
last-modified: Sun, 29 Sep 2024 09:39:46 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 3658035592502004763
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: 0dgyVAuK+ekovTKpwM1rLQ==
x-oss-server-time: 21
via: cache31.l2fr1[513,513,200-0,M], cache18.l2fr1[514,0], ens-cache6.gb4[0,0,200-0,H], ens-cache28.gb4[6,0]
age: 1210789
ali-swift-global-savetime: 1727603393
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 09:49:53 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141829915492e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/af8fa83.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/af8fa83.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 2554
date: Sun, 29 Sep 2024 09:49:55 GMT
vary: Accept-Encoding
x-oss-request-id: 66F922C39A633639323F91EF
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:39:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 16414260388302960576
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: r67822olCgAYJkmWvRthLA==
x-oss-server-time: 11
content-encoding: gzip
via: cache35.l2fr1[243,243,200-0,M], cache19.l2fr1[244,0], ens-cache11.gb4[0,0,200-0,H], ens-cache28.gb4[6,0]
age: 1210787
ali-swift-global-savetime: 1727603395
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 09:49:55 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141829915494e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/1c6294c.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/1c6294c.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 1857
date: Sun, 29 Sep 2024 09:49:55 GMT
vary: Accept-Encoding
x-oss-request-id: 66F922C32EF51D34353BE298
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:39:44 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 13959393555914656498
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: I/5wRvFntZUZxRcd/OrqTA==
x-oss-server-time: 7
content-encoding: gzip
via: cache27.l2fr1[500,499,200-0,M], cache17.l2fr1[501,0], ens-cache19.gb4[0,0,200-0,H], ens-cache28.gb4[5,0]
age: 1210786
ali-swift-global-savetime: 1727603396
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 09:49:56 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141829925495e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/81b6a53.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/81b6a53.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 694
date: Sun, 29 Sep 2024 10:02:08 GMT
vary: Accept-Encoding
x-oss-request-id: 66F925A072F0663336221B1E
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:39:42 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 10456950508988427077
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: qO2mc/7+yEsg9oUe08ndWA==
x-oss-server-time: 35
content-encoding: gzip
via: cache32.l2fr1[538,538,200-0,M], cache25.l2fr1[539,0], ens-cache14.gb4[0,0,200-0,H], ens-cache28.gb4[6,0]
age: 1210054
ali-swift-global-savetime: 1727604128
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 10:02:08 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141829915491e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/ef99b84.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/ef99b84.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 1595
date: Sun, 29 Sep 2024 09:40:52 GMT
vary: Accept-Encoding
x-oss-request-id: 66F920A43D643B3333B79BFA
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:39:49 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 16720774080972909574
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: LT3YErrKF31yJFtxIKAHqQ==
x-oss-server-time: 20
content-encoding: gzip
via: cache9.l2fr1[0,0,200-0,H], cache5.l2fr1[0,0], ens-cache17.gb4[0,0,200-0,H], ens-cache28.gb4[5,0]
age: 1211330
ali-swift-global-savetime: 1727602852
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 10:02:07 GMT
x-swift-cachetime: 2590725
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141829925498e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/da6e261.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/da6e261.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 3563
date: Sun, 29 Sep 2024 09:34:47 GMT
vary: Accept-Encoding
x-oss-request-id: 66F91F373D643B353708F8ED
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:34:08 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 13121388112808519760
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: HWi/RRY2gjlleD+v3Yo57g==
x-oss-server-time: 9
content-encoding: gzip
via: cache30.l2fr1[0,0,200-0,H], cache32.l2fr1[1,0], ens-cache2.gb4[0,0,200-0,H], ens-cache28.gb4[5,0]
age: 1211695
ali-swift-global-savetime: 1727602487
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 10:02:07 GMT
x-swift-cachetime: 2590360
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141829925499e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/aa5c9ce.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/aa5c9ce.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 951
date: Sun, 29 Sep 2024 10:02:08 GMT
vary: Accept-Encoding
x-oss-request-id: 66F925A02FE6AF3139634364
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:39:46 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 16539735426187054393
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: 1KcgPldS9svkjPs4fe2mTA==
x-oss-server-time: 9
content-encoding: gzip
via: cache11.l2fr1[471,470,200-0,M], cache25.l2fr1[472,0], ens-cache16.gb4[0,0,200-0,H], ens-cache28.gb4[5,0]
age: 1210054
ali-swift-global-savetime: 1727604128
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 10:02:08 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141829925501e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/99ae060.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/99ae060.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 6070
date: Sun, 29 Sep 2024 09:34:47 GMT
vary: Accept-Encoding
x-oss-request-id: 66F91F37E2619A363628C165
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:34:02 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 9969384727819677060
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: mOvppZ09Fd290ORdJ0htog==
x-oss-server-time: 10
content-encoding: gzip
via: cache3.l2fr1[0,0,200-0,H], cache12.l2fr1[0,0], ens-cache24.gb4[0,0,200-0,H], ens-cache28.gb4[5,0]
age: 1211695
ali-swift-global-savetime: 1727602487
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 10:02:07 GMT
x-swift-cachetime: 2590360
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141829925504e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/40a7dbc.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/40a7dbc.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 195
date: Sun, 29 Sep 2024 09:40:52 GMT
x-oss-request-id: 66F920A45354653135BA1A3F
vary: Origin
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "8099A21654C4EF7D46EAFC44A0FBC6E7"
last-modified: Sun, 29 Sep 2024 09:39:43 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 787623776182916673
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: gJmiFlTE731G6vxEoPvG5w==
x-oss-server-time: 3
via: cache26.l2fr1[0,0,200-0,H], cache9.l2fr1[1,0], ens-cache17.gb4[0,0,200-0,H], ens-cache28.gb4[5,0]
age: 1211330
ali-swift-global-savetime: 1727602852
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 10:02:07 GMT
x-swift-cachetime: 2590725
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141829925505e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/734f5df.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/734f5df.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 935
date: Sun, 29 Sep 2024 10:02:08 GMT
vary: Accept-Encoding
x-oss-request-id: 66F925A015F04930314C010F
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:39:45 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 2392824503479247311
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: KEzamDt3XAlHd4U5JPnurA==
x-oss-server-time: 15
content-encoding: gzip
via: cache31.l2fr1[505,505,200-0,M], cache12.l2fr1[506,0], ens-cache26.gb4[0,0,200-0,H], ens-cache28.gb4[8,0]
age: 1210054
ali-swift-global-savetime: 1727604128
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 10:02:08 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141829925502e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/d7ecd91.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/d7ecd91.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 708
date: Sun, 29 Sep 2024 10:02:06 GMT
vary: Accept-Encoding
x-oss-request-id: 66F9259E72F0663834090E1E
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:39:44 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 12667931358396587977
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: 19ax5oIeAppYR6cAuzFVSQ==
x-oss-server-time: 9
content-encoding: gzip
via: cache35.l2fr1[237,236,200-0,M], cache25.l2fr1[238,0], ens-cache26.gb4[0,0,200-0,H], ens-cache28.gb4[1,0]
age: 1210057
ali-swift-global-savetime: 1727604126
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 10:02:06 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141830855635e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/8ad62ea.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/8ad62ea.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 748
date: Sun, 29 Sep 2024 09:40:54 GMT
vary: Accept-Encoding
x-oss-request-id: 66F920A68E4DB935367F6B66
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:39:41 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 12243858367623240069
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: j5OQAtu5MO9ImSr7/zvz0Q==
x-oss-server-time: 11
content-encoding: gzip
via: cache25.l2fr1[0,0,200-0,H], cache40.l2fr1[1,0], ens-cache6.gb4[0,0,200-0,H], ens-cache28.gb4[2,0]
age: 1211329
ali-swift-global-savetime: 1727602854
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 10:25:45 GMT
x-swift-cachetime: 2589309
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141830855638e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/42f77dc.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/42f77dc.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 635
date: Sun, 29 Sep 2024 09:41:58 GMT
vary: Accept-Encoding
x-oss-request-id: 66F920E61E3C9239329366E1
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:39:41 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 2056846727009308459
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: 77r5g6tqWtEjdM97PP7nkA==
x-oss-server-time: 7
content-encoding: gzip
via: cache7.l2fr1[463,463,200-0,M], cache1.l2fr1[464,0], ens-cache24.gb4[0,0,200-0,H], ens-cache28.gb4[2,0]
age: 1211265
ali-swift-global-savetime: 1727602918
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 09:41:58 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141830865641e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/495baf3.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/495baf3.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 846
date: Sun, 29 Sep 2024 09:41:58 GMT
x-oss-request-id: 66F920E65354653438FB7041
vary: Origin
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "AE0831CD467D6E1D6E80D21AABE23B09"
last-modified: Sun, 29 Sep 2024 09:39:40 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 156839999828208793
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: rggxzUZ9bh1ugNIaq+I7CQ==
x-oss-server-time: 12
via: cache8.l2fr1[475,475,200-0,M], cache15.l2fr1[477,0], ens-cache14.gb4[0,0,200-0,H], ens-cache28.gb4[1,0]
age: 1211265
ali-swift-global-savetime: 1727602918
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 09:41:58 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141830875642e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/2a7f7cd.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/2a7f7cd.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 644
date: Sun, 29 Sep 2024 09:41:59 GMT
vary: Accept-Encoding
x-oss-request-id: 66F920E74005843937C56AA5
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:39:41 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 14040088629888859379
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: Wt4yY7ZS+P6JR+hh1ncD5g==
x-oss-server-time: 46
content-encoding: gzip
via: cache22.l2fr1[532,532,200-0,M], cache25.l2fr1[533,0], ens-cache3.gb4[0,0,200-0,H], ens-cache28.gb4[3,0]
age: 1211264
ali-swift-global-savetime: 1727602919
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 09:41:59 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141830885646e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/5c2837e.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/5c2837e.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 1010
date: Sun, 29 Sep 2024 09:42:00 GMT
x-oss-request-id: 66F920E8058B0F33325E2651
vary: Origin
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "42500E1255D857D2C86F9303B31C45A5"
last-modified: Sun, 29 Sep 2024 09:39:40 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 9258198793481477674
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: QlAOElXYV9LIb5MDsxxFpQ==
x-oss-server-time: 36
via: cache22.l2fr1[517,517,200-0,M], cache17.l2fr1[519,0], ens-cache13.gb4[0,0,200-0,H], ens-cache28.gb4[3,0]
age: 1211263
ali-swift-global-savetime: 1727602920
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 09:42:00 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141830885649e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/4d01370.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/4d01370.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 720
date: Sun, 29 Sep 2024 10:10:24 GMT
vary: Accept-Encoding
x-oss-request-id: 66F92790EE88453138F02616
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:39:48 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 4444433124397115340
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: BNO8tfeBsooDNu4ZNElcUw==
x-oss-server-time: 40
content-encoding: gzip
via: cache4.l2fr1[0,0,200-0,H], cache23.l2fr1[0,0], ens-cache2.gb4[0,0,200-0,H], ens-cache28.gb4[7,0]
age: 1209559
ali-swift-global-savetime: 1727604624
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 10:25:45 GMT
x-swift-cachetime: 2591079
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141830845634e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/37bbf73.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/37bbf73.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 749
date: Sun, 29 Sep 2024 09:42:02 GMT
vary: Accept-Encoding
x-oss-request-id: 66F920EA4005843538B786A5
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:39:45 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 13798262569227431462
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: UyyuLP2tvfXHq4MHGwK8Wg==
x-oss-server-time: 6
content-encoding: gzip
via: cache39.l2fr1[496,495,200-0,M], cache14.l2fr1[497,0], ens-cache10.gb4[0,0,200-0,H], ens-cache28.gb4[3,0]
age: 1211261
ali-swift-global-savetime: 1727602922
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 09:42:02 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141830885650e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/94af347.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/94af347.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 802
date: Sun, 29 Sep 2024 09:41:59 GMT
x-oss-request-id: 66F920E75354653035CC7741
vary: Origin
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "605DC744A32783890774053695703863"
last-modified: Sun, 29 Sep 2024 09:39:42 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 18366582603284121163
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: YF3HRKMng4kHdAU2lXA4Yw==
x-oss-server-time: 18
via: cache38.l2fr1[491,491,200-0,M], cache20.l2fr1[492,0], ens-cache2.gb4[0,0,200-0,H], ens-cache28.gb4[8,0]
age: 1211264
ali-swift-global-savetime: 1727602919
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 09:41:59 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141830875644e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/09506d7.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/09506d7.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 1396
date: Sun, 29 Sep 2024 09:34:50 GMT
vary: Accept-Encoding
x-oss-request-id: 66F91F3AE2619A37377BDA65
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:34:00 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 13567244968846310773
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: ETrcJmDg/5ebZuADTo8eow==
x-oss-server-time: 6
content-encoding: gzip
via: cache1.l2fr1[0,0,200-0,H], cache20.l2fr1[1,0], ens-cache14.gb4[0,0,200-0,H], ens-cache28.gb4[3,0]
age: 1211693
ali-swift-global-savetime: 1727602490
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 10:02:07 GMT
x-swift-cachetime: 2590363
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141834106210e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/14dc4e8.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/14dc4e8.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 1253
date: Sun, 29 Sep 2024 09:41:32 GMT
vary: Accept-Encoding
x-oss-request-id: 66F920CC15F04937393A31E3
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:39:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 16870034650635257644
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: QYp2S0ykPrk9nCpth9o0bA==
x-oss-server-time: 41
content-encoding: gzip
via: cache38.l2fr1[0,0,200-0,H], cache10.l2fr1[0,0], ens-cache25.gb4[0,0,200-0,H], ens-cache28.gb4[2,0]
age: 1211291
ali-swift-global-savetime: 1727602892
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 10:02:07 GMT
x-swift-cachetime: 2590765
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141834116211e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/c4cad38.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/c4cad38.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 4521
date: Sun, 29 Sep 2024 09:34:49 GMT
vary: Accept-Encoding
x-oss-request-id: 66F91F395841FF343404EEA0
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:34:08 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 2025212139266619441
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: xkhA/0KUCASpVEgeWpzV0w==
x-oss-server-time: 9
content-encoding: gzip
via: cache37.l2fr1[0,0,200-0,H], cache18.l2fr1[1,0], ens-cache2.gb4[0,0,200-0,H], ens-cache28.gb4[2,0]
age: 1211693
ali-swift-global-savetime: 1727602490
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 10:02:07 GMT
x-swift-cachetime: 2590363
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141834116214e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/8664ff7.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/8664ff7.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 965
date: Sun, 29 Sep 2024 09:41:51 GMT
vary: Accept-Encoding
x-oss-request-id: 66F920DF6B4B13333225E317
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:39:44 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 3883456172025594176
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: gEfDpZRSc6lyBZmI+Ac5xA==
x-oss-server-time: 9
content-encoding: gzip
via: cache5.l2fr1[0,0,200-0,H], cache36.l2fr1[0,0], ens-cache21.gb4[0,0,200-0,H], ens-cache28.gb4[2,0]
age: 1211272
ali-swift-global-savetime: 1727602911
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 09:41:57 GMT
x-swift-cachetime: 2591994
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141834116216e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/e5f1c9d.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/e5f1c9d.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 2915
date: Sun, 29 Sep 2024 09:34:50 GMT
vary: Accept-Encoding
x-oss-request-id: 66F91F3ADA25D339350723D9
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:34:08 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 17200656433862659922
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: gjzD6MEnqMqHoT7aJ9i2ig==
x-oss-server-time: 7
content-encoding: gzip
via: cache24.l2fr1[0,0,200-0,H], cache18.l2fr1[1,0], ens-cache1.gb4[0,0,200-0,H], ens-cache28.gb4[4,0]
age: 1211693
ali-swift-global-savetime: 1727602490
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 09:41:56 GMT
x-swift-cachetime: 2591574
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141834116219e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/57c36e2.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/57c36e2.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 14456
date: Sat, 12 Oct 2024 02:32:17 GMT
vary: Accept-Encoding
x-oss-request-id: 6709DFB17594F932347B0FE6
vary: Origin
x-oss-cdn-auth: success
last-modified: Sat, 12 Oct 2024 02:31:13 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 4590044007205541751
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: CM7Fuk7yVGV0NvoCsyCo/Q==
x-oss-server-time: 7
content-encoding: gzip
via: ens-cache2.l2de3[0,0,200-0,H], ens-cache18.l2de3[0,0], ens-cache24.gb4[0,-1,200-0,H], ens-cache28.gb4[2,0]
age: 113846
ali-swift-global-savetime: 1728700337
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sat, 12 Oct 2024 02:42:16 GMT
x-swift-cachetime: 2591401
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141834136222e
GET

https://res.ldrescdn.com/download/LDPlayer9.exe?n=LDPlayer9_ens_1001_ld.exe

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /download/LDPlayer9.exe?n=LDPlayer9_ens_1001_ld.exe HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
purpose: prefetch
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/octet-stream
content-length: 2640480
date: Sun, 13 Oct 2024 09:48:19 GMT
x-oss-request-id: 670B97639D920A3639D55787
x-oss-cdn-auth: success
accept-ranges: bytes
x-oss-object-type: Normal
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: mFXkSK+FYfySDWmntFowmw==
x-oss-server-time: 8
via: ens-cache4.l2de3[0,0,304-0,H], ens-cache7.l2de3[0,0], ens-cache2.gb4[0,1,200-0,H], ens-cache28.gb4[4,0]
vary: Origin
etag: "9855E448AF8561FC920D69A7B45A309B"
last-modified: Wed, 09 Oct 2024 09:26:41 GMT
x-oss-hash-crc64ecma: 12704407292579747135
age: 1289
ali-swift-global-savetime: 1728812899
x-cache: HIT TCP_HIT dirn:10:391665404
x-swift-savetime: Sun, 13 Oct 2024 09:52:16 GMT
x-swift-cachetime: 3363
content-disposition: attachment;filename=LDPlayer9_ens_1001_ld.exe
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141886266521e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/3ef6c2d.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/3ef6c2d.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 962
date: Sun, 29 Sep 2024 09:40:59 GMT
x-oss-request-id: 66F920AB40058435303E44A3
vary: Origin
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "A812BCBFD388965B1C6EC52F75DF697F"
last-modified: Sun, 29 Sep 2024 09:39:48 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 3944037900446227017
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: qBK8v9OIllscbsUvdd9pfw==
x-oss-server-time: 6
via: cache3.l2fr1[0,0,200-0,H], cache40.l2fr1[1,0], ens-cache1.gb4[0,0,200-0,H], ens-cache28.gb4[2,0]
age: 1211330
ali-swift-global-savetime: 1727602859
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 10:45:06 GMT
x-swift-cachetime: 2588153
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141891507405e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/d983454.js

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/d983454.js HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 3707
date: Sun, 29 Sep 2024 09:44:21 GMT
vary: Accept-Encoding
x-oss-request-id: 66F9217594539430396DB3A8
vary: Origin
x-oss-cdn-auth: success
last-modified: Sun, 29 Sep 2024 09:39:40 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 2584141221303474375
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: 4bdF/ixtiLNY2mVjgTl/JA==
x-oss-server-time: 8
content-encoding: gzip
via: cache19.l2fr1[0,0,200-0,H], cache38.l2fr1[1,0], ens-cache6.gb4[0,0,200-0,H], ens-cache28.gb4[4,0]
age: 1211128
ali-swift-global-savetime: 1727603061
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 29 Sep 2024 10:45:06 GMT
x-swift-cachetime: 2588355
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141891507403e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/img/install-logo.12179f5.png

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/img/install-logo.12179f5.png HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: image/png
content-length: 7303
date: Sun, 15 Sep 2024 16:31:23 GMT
x-oss-request-id: 66E70BDB41CA943538BFC272
vary: Origin
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "7F1BA9FD50292A1FC2DAE26DEF87078D"
last-modified: Sat, 14 Sep 2024 03:02:44 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 2711150030282624237
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: fxup/VApKh/C2uJt74cHjQ==
x-oss-server-time: 47
via: ens-cache1.l2de3[237,236,206-0,M], ens-cache1.l2de3[239,0], ens-cache9.gb4[0,0,200-0,H], ens-cache28.gb4[4,0]
age: 2396306
ali-swift-global-savetime: 1726417883
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 15 Sep 2024 16:31:23 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141892317525e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/img/install-step-1.5df6e42.png

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/img/install-step-1.5df6e42.png HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: image/png
content-length: 32636
date: Sat, 14 Sep 2024 05:49:40 GMT
x-oss-request-id: 66E523F40F2DD037347A8C35
vary: Origin
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "0E1ADF8A9E6F139CB3416D59221DAF34"
last-modified: Sat, 14 Sep 2024 03:02:44 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 2384218876941031788
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: Dhrfip5vE5yzQW1ZIh2vNA==
x-oss-server-time: 26
via: ens-cache6.l2de3[0,9,206-0,H], ens-cache4.l2de3[11,0], ens-cache10.gb4[0,0,200-0,H], ens-cache28.gb4[3,0]
age: 2521209
ali-swift-global-savetime: 1726292980
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 15 Sep 2024 16:31:23 GMT
x-swift-cachetime: 2467097
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141892327529e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/img/install-step-2.82dc51f.png

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/img/install-step-2.82dc51f.png HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: image/png
content-length: 24956
date: Sat, 14 Sep 2024 08:45:17 GMT
x-oss-request-id: 66E54D1D72154E3931828B5C
vary: Origin
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "A709F58649C8B2EF9C517185ED6895D9"
last-modified: Sat, 14 Sep 2024 03:02:44 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 15579130147188351928
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: pwn1hknIsu+cUXGF7WiV2Q==
x-oss-server-time: 53
via: ens-cache8.l2de3[0,11,206-0,H], ens-cache14.l2de3[13,0], ens-cache25.gb4[0,0,200-0,H], ens-cache28.gb4[3,0]
age: 2510672
ali-swift-global-savetime: 1726303517
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 15 Sep 2024 16:31:23 GMT
x-swift-cachetime: 2477634
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141892327530e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/img/install-step-3.5b2181c.png

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/img/install-step-3.5b2181c.png HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: image/png
content-length: 1115
date: Sun, 15 Sep 2024 16:31:23 GMT
x-oss-request-id: 66E70BDB8F02F932324403C7
vary: Origin
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "8AA6621F86547D91FB46A2087F567F1B"
last-modified: Sat, 14 Sep 2024 03:02:44 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 11774226179465941072
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: iqZiH4ZUfZH7RqIIf1Z/Gw==
x-oss-server-time: 249
via: ens-cache1.l2de3[438,438,206-0,M], ens-cache1.l2de3[439,0], ens-cache2.gb4[0,0,200-0,H], ens-cache28.gb4[3,0]
age: 2396306
ali-swift-global-savetime: 1726417883
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 15 Sep 2024 16:31:23 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141892327532e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/img/install-icon-1.704b2b6.png

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/img/install-icon-1.704b2b6.png HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: image/png
content-length: 1006
date: Sun, 15 Sep 2024 16:31:23 GMT
x-oss-request-id: 66E70BDB2EF51D383484AD73
vary: Origin
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "3E42D34294A898D790732BDB6461A888"
last-modified: Sat, 14 Sep 2024 03:02:44 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 4084823308627261888
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: PkLTQpSomNeQcyvbZGGoiA==
x-oss-server-time: 51
via: ens-cache1.l2de3[210,211,206-0,M], ens-cache9.l2de3[215,0], ens-cache24.gb4[0,0,200-0,H], ens-cache28.gb4[6,0]
age: 2396306
ali-swift-global-savetime: 1726417883
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 15 Sep 2024 16:31:23 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141892327534e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/img/install-icon-2.5480422.png

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/img/install-icon-2.5480422.png HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: image/png
content-length: 36392
date: Sun, 15 Sep 2024 16:31:23 GMT
x-oss-request-id: 66E70BDB7732EB3931017159
vary: Origin
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "BA2216B950AFFFF599B762383CE91967"
last-modified: Sat, 14 Sep 2024 03:02:44 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 4025996558160388892
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: uiIWuVCv//WZt2I4POkZZw==
x-oss-server-time: 29
via: ens-cache7.l2de3[217,217,206-0,M], ens-cache14.l2de3[219,0], ens-cache22.gb4[0,0,200-0,H], ens-cache28.gb4[3,0]
age: 2396306
ali-swift-global-savetime: 1726417883
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 15 Sep 2024 16:31:23 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141892357537e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/img/install-vt-1.d68b021.png

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/img/install-vt-1.d68b021.png HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: image/png
content-length: 35468
date: Sat, 14 Sep 2024 04:28:37 GMT
x-oss-request-id: 66E510F5A05E363334FD9644
vary: Origin
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "847D7DCB973117ED4F229E24DE6D2F8C"
last-modified: Sat, 14 Sep 2024 03:02:44 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 13773695322247445675
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: hH19y5cxF+1PIp4k3m0vjA==
x-oss-server-time: 21
via: ens-cache10.l2de3[0,7,206-0,H], ens-cache10.l2de3[8,0], ens-cache4.gb4[0,2,200-0,H], ens-cache28.gb4[3,0]
age: 2526072
ali-swift-global-savetime: 1726288117
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 15 Sep 2024 16:31:23 GMT
x-swift-cachetime: 2462234
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141892357538e
GET

https://res.ldrescdn.com/gw/static/ld_gw/client/img/install-vt-2.c76cab9.png

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /gw/static/ld_gw/client/img/install-vt-2.c76cab9.png HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: image/png
content-length: 52467
date: Sat, 14 Sep 2024 08:21:10 GMT
x-oss-request-id: 66E5477653546537334DE425
vary: Origin
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "C4D4A7ECDDF123A41B963D9058D3B8F7"
last-modified: Sat, 14 Sep 2024 03:02:44 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 5590536890023132126
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: xNSn7N3xI6Qblj2QWNO49w==
x-oss-server-time: 42
via: ens-cache5.l2de3[0,8,206-0,H], ens-cache7.l2de3[9,0], ens-cache3.gb4[0,10,200-0,H], ens-cache28.gb4[13,0]
age: 2512119
ali-swift-global-savetime: 1726302070
x-cache: HIT TCP_HIT dirn:9:173495289
x-swift-savetime: Sun, 15 Sep 2024 16:31:23 GMT
x-swift-cachetime: 2476187
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59ab017288141892327531e
GET

https://cdn.ldplayer.net/gw/static/ld_gw/js/adMsg.js

chrome.exe

Remote address:

79.133.176.186:443

Request

GET /gw/static/ld_gw/js/adMsg.js HTTP/2.0
host: cdn.ldplayer.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/javascript
content-length: 8546
date: Sat, 12 Oct 2024 08:16:01 GMT
x-oss-request-id: 670A30416B4B133834845C3E
x-oss-cdn-auth: success
accept-ranges: bytes
x-oss-object-type: Normal
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
access-control-allow-origin: *
content-md5: eDdOsmeI7i39xFB2GdDbRA==
x-oss-server-time: 65
via: ens-cache2.l2de3[264,264,304-0,H], ens-cache11.l2de3[266,0], ens-cache8.gb6[0,0,200-0,H], ens-cache5.gb6[2,0]
vary: Accept-Encoding
vary: Origin
last-modified: Fri, 29 Dec 2023 03:42:29 GMT
x-oss-hash-crc64ecma: 7993493680154650449
content-encoding: gzip
age: 93216
ali-swift-global-savetime: 1728720961
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sat, 12 Oct 2024 08:16:01 GMT
x-swift-cachetime: 2592000
access-control-allow-methods: GET,POST,PUT
timing-allow-origin: *
eagleid: 4f85b09917288141778443152e
DNS

42.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

42.169.217.172.in-addr.arpa

IN PTR

Response

42.169.217.172.in-addr.arpa

IN PTR

lhr48s08-in-f101e100net
DNS

fundingchoicesmessages.google.com

Remote address:

8.8.8.8:53

Request

fundingchoicesmessages.google.com

IN A

Response

fundingchoicesmessages.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

172.217.169.78
DNS

apis.google.com

Remote address:

8.8.8.8:53

Request

apis.google.com

IN A

Response

apis.google.com

IN CNAME

plus.l.google.com

plus.l.google.com

IN A

172.217.16.238
DNS

www.googletagmanager.com

Remote address:

8.8.8.8:53

Request

www.googletagmanager.com

IN A

Response

www.googletagmanager.com

IN A

172.217.16.232
DNS

apien.ldplayer.net

Remote address:

8.8.8.8:53

Request

apien.ldplayer.net

IN A

Response

apien.ldplayer.net

IN CNAME

apien.ldplayer.net.w.cdngslb.com

apien.ldplayer.net.w.cdngslb.com

IN A

79.133.176.174
DNS

apien.ldplayer.net

Remote address:

8.8.8.8:53

Request

apien.ldplayer.net

IN A

Response

apien.ldplayer.net

IN CNAME

apien.ldplayer.net.w.cdngslb.com

apien.ldplayer.net.w.cdngslb.com

IN A

79.133.176.174
GET

https://cmp.setupcmp.com/cmp/config/6750.json

chrome.exe

Remote address:

172.67.70.36:443

Request

GET /cmp/config/6750.json HTTP/2.0
host: cmp.setupcmp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:37 GMT
content-type: application/octet-stream
content-length: 229
content-md5: NO/A6kkXT+6BU/QOyzjbFQ==
last-modified: Wed, 04 Sep 2024 06:29:43 GMT
etag: 0x8DCCCAAF6BF950A
x-ms-request-id: b7252e7a-c01e-0052-0158-1d3adb000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: country
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HRMy1BbwiMX0X6nr99QG1LPR%2BSpYwdqc9B9tBaS01ajM6Qql8ngAQfejzuaICVQsSbQLQEmI%2Bt9ed1I5R5pf1E0cJVNROjpruioVDQwb3AAvWy77S1IMWk0Gt38pGA0%2BxsY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
country: GB
server: cloudflare
cf-ray: 8d1e8903df089418-LHR
GET

https://cmp.setupcmp.com/cmp/gvl/default-vendors.json

chrome.exe

Remote address:

172.67.70.36:443

Request

GET /cmp/gvl/default-vendors.json HTTP/2.0
host: cmp.setupcmp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:38 GMT
content-type: application/json
content-md5: dluvnRy3X1Bb89anQsUvEQ==
last-modified: Thu, 03 Oct 2024 16:30:36 GMT
x-ms-request-id: f9cc97f8-901e-00c9-1158-19fbde000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: country
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 439645
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FALgfRzykPjVvvIO28b4Cn3y2BN65scZsFyIpvz9PYIYzV0sJ4lZkAnzKr8utle24tNBac0n5lFLFJaWZOiPwnlEw7lIgVNd8MJk4mm1mdKXCamQ1IRiez3VHhtVbYxbvuE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d1e890518bf9418-LHR
content-encoding: br
GET

https://cmp.setupcmp.com/cmp/gvl-v3/vendor-list.json

chrome.exe

Remote address:

172.67.70.36:443

Request

GET /cmp/gvl-v3/vendor-list.json HTTP/2.0
host: cmp.setupcmp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:38 GMT
content-type: application/json
content-md5: jNlJ1Ji8E9j/5sddvVhA3A==
last-modified: Thu, 03 Oct 2024 16:30:36 GMT
x-ms-request-id: 4bcc6232-c01e-001f-6d58-19f537000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: country
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 439560
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W%2F9Da286y0bBr73JaBwR22TgR69wc%2BVezdYS11iIiDAegFES1t1l5DF%2BOtbAHDgtUzG6J10xBsc%2BAtLvkn46dNRmsCK7S%2Fr33YTz%2BWwqOzR4GtYpcdjpBYiK9gCR159Hl44%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d1e8905b99c9418-LHR
content-encoding: br
GET

https://cmp.setupcmp.com/cmp/gvl/google-atp-list.json

chrome.exe

Remote address:

172.67.70.36:443

Request

GET /cmp/gvl/google-atp-list.json HTTP/2.0
host: cmp.setupcmp.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:38 GMT
content-type: application/json
content-md5: Ll5Mi8szH0kavc8vm6GZUg==
last-modified: Thu, 13 Oct 2022 10:05:39 GMT
x-ms-request-id: 395410f3-201e-00cc-1dd6-fd2905000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: country
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 3463968
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EpDuiT0YdfyfNWtFZ9UCsPL%2B5GQVaMWLwBfX9oEJwJx3qloN31dgcMMlz7ashnA0PLV9CwvqJZQXOM7a%2Bdi4ADpfVe9VEZSw0rOOeh1G89zWYO5GkI%2F9xCecI1x64AmSxVk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d1e89077c379418-LHR
content-encoding: br
GET

https://fundingchoicesmessages.google.com/i/pub-3593861583707338?ers=1

chrome.exe

Remote address:

172.217.169.78:443

Request

GET /i/pub-3593861583707338?ers=1 HTTP/2.0
host: fundingchoicesmessages.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=tx64ELXi4609Y0lZoohPMQEGjjlXSDAoVZfuvB3iTDNvmlg4ruIixIjZPimLSS1QmA_MMxGvwDSYIiJqxsC9sfbTppAsiSSj-__Gs3Oga0nIEUH7IGmjZLGrLfLvaBS9okuFyFrj9RmikqsQA3sI324f_pb2lag3KVrCFBEiXEkmX7zImWrBPtvlKipjtG-9a2KH9HcbJ8TrjxqEyGui6c4fMZFJVTqmC5j7ocmYmHTU
GET

https://fundingchoicesmessages.google.com/b/pub-3593861583707338

chrome.exe

Remote address:

172.217.169.78:443

Request

GET /b/pub-3593861583707338 HTTP/2.0
host: fundingchoicesmessages.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=tx64ELXi4609Y0lZoohPMQEGjjlXSDAoVZfuvB3iTDNvmlg4ruIixIjZPimLSS1QmA_MMxGvwDSYIiJqxsC9sfbTppAsiSSj-__Gs3Oga0nIEUH7IGmjZLGrLfLvaBS9okuFyFrj9RmikqsQA3sI324f_pb2lag3KVrCFBEiXEkmX7zImWrBPtvlKipjtG-9a2KH9HcbJ8TrjxqEyGui6c4fMZFJVTqmC5j7ocmYmHTU
GET

https://fundingchoicesmessages.google.com/f/AGSKWxW6gpysWqCamvY38ZHm9q3snjRmp5QvLUGzv2UF3zeNfXslBe6zHKWa83KhHht_8HB4L8Gm7uvfVX9Fdbm83jD25cQYvG_vqjOVznakSw7eahlRcsgSJY5CYxYENiG_3nh5T6oseQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzI4ODE0MTc3LDkxOTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cubGRwbGF5ZXIubmV0LyIsbnVsbCxbWzgsInRhQmdHdlJRQzIwIl0sWzksImVuLVVTIl0sWzE2LCJbMCwwLDBdIl0sWzE5LCIyIl1dXQ

chrome.exe

Remote address:

172.217.169.78:443

Request

GET /f/AGSKWxW6gpysWqCamvY38ZHm9q3snjRmp5QvLUGzv2UF3zeNfXslBe6zHKWa83KhHht_8HB4L8Gm7uvfVX9Fdbm83jD25cQYvG_vqjOVznakSw7eahlRcsgSJY5CYxYENiG_3nh5T6oseQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzI4ODE0MTc3LDkxOTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cubGRwbGF5ZXIubmV0LyIsbnVsbCxbWzgsInRhQmdHdlJRQzIwIl0sWzksImVuLVVTIl0sWzE2LCJbMCwwLDBdIl0sWzE5LCIyIl1dXQ HTTP/2.0
host: fundingchoicesmessages.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=tx64ELXi4609Y0lZoohPMQEGjjlXSDAoVZfuvB3iTDNvmlg4ruIixIjZPimLSS1QmA_MMxGvwDSYIiJqxsC9sfbTppAsiSSj-__Gs3Oga0nIEUH7IGmjZLGrLfLvaBS9okuFyFrj9RmikqsQA3sI324f_pb2lag3KVrCFBEiXEkmX7zImWrBPtvlKipjtG-9a2KH9HcbJ8TrjxqEyGui6c4fMZFJVTqmC5j7ocmYmHTU
DNS

content-autofill.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

142.250.187.234

content-autofill.googleapis.com

IN A

216.58.204.74

content-autofill.googleapis.com

IN A

216.58.213.10

content-autofill.googleapis.com

IN A

216.58.201.106

content-autofill.googleapis.com

IN A

142.250.178.10

content-autofill.googleapis.com

IN A

142.250.180.10

content-autofill.googleapis.com

IN A

142.250.200.42

content-autofill.googleapis.com

IN A

142.250.179.234

content-autofill.googleapis.com

IN A

172.217.16.234

content-autofill.googleapis.com

IN A

216.58.212.202

content-autofill.googleapis.com

IN A

142.250.187.202

content-autofill.googleapis.com

IN A

142.250.200.10
DNS

usersdk.ldmnq.com

chrome.exe

Remote address:

8.8.8.8:53

Request

usersdk.ldmnq.com

IN A

Response

usersdk.ldmnq.com

IN CNAME

alb-nlrme3iinq4n8lu6ii.ap-southeast-1.alb.aliyuncs.com

alb-nlrme3iinq4n8lu6ii.ap-southeast-1.alb.aliyuncs.com

IN A

47.236.4.49

alb-nlrme3iinq4n8lu6ii.ap-southeast-1.alb.aliyuncs.com

IN A

8.222.254.73
DNS

usersdk.ldmnq.com

chrome.exe

Remote address:

8.8.8.8:53

Request

usersdk.ldmnq.com

IN A

Response

usersdk.ldmnq.com

IN CNAME

alb-nlrme3iinq4n8lu6ii.ap-southeast-1.alb.aliyuncs.com

alb-nlrme3iinq4n8lu6ii.ap-southeast-1.alb.aliyuncs.com

IN A

8.222.254.73

alb-nlrme3iinq4n8lu6ii.ap-southeast-1.alb.aliyuncs.com

IN A

47.236.4.49
GET

https://apis.google.com/js/api:client.js

chrome.exe

Remote address:

172.217.16.238:443

Request

GET /js/api:client.js HTTP/2.0
host: apis.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=tx64ELXi4609Y0lZoohPMQEGjjlXSDAoVZfuvB3iTDNvmlg4ruIixIjZPimLSS1QmA_MMxGvwDSYIiJqxsC9sfbTppAsiSSj-__Gs3Oga0nIEUH7IGmjZLGrLfLvaBS9okuFyFrj9RmikqsQA3sI324f_pb2lag3KVrCFBEiXEkmX7zImWrBPtvlKipjtG-9a2KH9HcbJ8TrjxqEyGui6c4fMZFJVTqmC5j7ocmYmHTU
GET

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.3visMJpiQIc.O/m=client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo99Jaq3x9bYTscBipFXsayIS-abwA/cb=gapi.loaded_0?le=scs

chrome.exe

Remote address:

172.217.16.238:443

Request

GET /_/scs/abc-static/_/js/k=gapi.lb.en.3visMJpiQIc.O/m=client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo99Jaq3x9bYTscBipFXsayIS-abwA/cb=gapi.loaded_0?le=scs HTTP/2.0
host: apis.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=tx64ELXi4609Y0lZoohPMQEGjjlXSDAoVZfuvB3iTDNvmlg4ruIixIjZPimLSS1QmA_MMxGvwDSYIiJqxsC9sfbTppAsiSSj-__Gs3Oga0nIEUH7IGmjZLGrLfLvaBS9okuFyFrj9RmikqsQA3sI324f_pb2lag3KVrCFBEiXEkmX7zImWrBPtvlKipjtG-9a2KH9HcbJ8TrjxqEyGui6c4fMZFJVTqmC5j7ocmYmHTU
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQkK_e8r8436ORIFDZFhlU4hrYaVcWbn6-A=?alt=proto

chrome.exe

Remote address:

142.250.187.234:443

Request

GET /v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQkK_e8r8436ORIFDZFhlU4hrYaVcWbn6-A=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CMHZygE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
OPTIONS

https://usersdk.ldmnq.com/sdk/initSdk

chrome.exe

Remote address:

47.236.4.49:443

Request

OPTIONS /sdk/initSdk HTTP/2.0
host: usersdk.ldmnq.com
accept: */*
access-control-request-method: POST
access-control-request-headers: app_id,channel_id,content-type,device_id,ext_app_id,language_code,protocol_version,request_id,sdk_platform,sdk_version,sign,sub_channel_id,timestamp
origin: https://www.ldplayer.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:39 GMT
content-length: 0
vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://www.ldplayer.net
access-control-allow-methods: POST
access-control-allow-headers: app_id, channel_id, content-type, device_id, ext_app_id, language_code, protocol_version, request_id, sdk_platform, sdk_version, sign, sub_channel_id, timestamp
access-control-allow-credentials: true
POST

https://usersdk.ldmnq.com/sdk/initSdk

chrome.exe

Remote address:

47.236.4.49:443

Request

POST /sdk/initSdk HTTP/2.0
host: usersdk.ldmnq.com
content-length: 2
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
request_id: 40e50c80-894b-11ef-a765-776054ecefe9
sdk_version: 0.0.17
sign: 0224EB283126285ACEAC3CDBBDB4137E
sec-ch-ua-platform: "Windows"
protocol_version: 1
language_code: zh-Hans
app_id: 6666
device_id: web,web,web,web,web
channel_id: 10100
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: application/json
timestamp: 20241013100937
sdk_platform: WEB
ext_app_id: 100031
sub_channel_id: 10101
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:39 GMT
content-type: application/json
content-length: 123
vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://www.ldplayer.net
access-control-allow-credentials: true
POST

https://apien.ldplayer.net/ows/en/front/versions

chrome.exe

Remote address:

79.133.176.174:443

Request

POST /ows/en/front/versions HTTP/2.0
host: apien.ldplayer.net
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept: application/json, text/plain, */*
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
origin: https://www.ldplayer.net
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/json
date: Sun, 13 Oct 2024 10:09:38 GMT
vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://www.ldplayer.net
access-control-allow-credentials: true
x-ratelimit-remaining: 479
x-ratelimit-requested-tokens: 1
x-ratelimit-burst-capacity: 500
x-ratelimit-replenish-rate: 500
vary: accept-encoding
content-encoding: gzip
via: ens-cache15.l2de3[11,0], ens-cache6.gb6[26,0]
timing-allow-origin: *
eagleid: 4f85b09a17288141786752052e
POST

https://apien.ldplayer.net/ows/en/front/versions

chrome.exe

Remote address:

79.133.176.174:443

Request

POST /ows/en/front/versions HTTP/2.0
host: apien.ldplayer.net
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept: application/json, text/plain, */*
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
origin: https://www.ldplayer.net
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/json
date: Sun, 13 Oct 2024 10:09:38 GMT
vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://www.ldplayer.net
access-control-allow-credentials: true
x-ratelimit-remaining: 481
x-ratelimit-requested-tokens: 1
x-ratelimit-burst-capacity: 500
x-ratelimit-replenish-rate: 500
vary: accept-encoding
content-encoding: gzip
via: ens-cache17.l2de3[15,0], ens-cache6.gb6[32,0]
timing-allow-origin: *
eagleid: 4f85b09a17288141786752053e
GET

https://apien.ldplayer.net/ows/en/ip/englishCheckIpArea

chrome.exe

Remote address:

79.133.176.174:443

Request

GET /ows/en/ip/englishCheckIpArea HTTP/2.0
host: apien.ldplayer.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept: application/json, text/plain, */*
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
origin: https://www.ldplayer.net
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/json
date: Sun, 13 Oct 2024 10:09:38 GMT
vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://www.ldplayer.net
access-control-allow-credentials: true
x-ratelimit-remaining: 484
x-ratelimit-requested-tokens: 1
x-ratelimit-burst-capacity: 500
x-ratelimit-replenish-rate: 500
vary: accept-encoding
content-encoding: gzip
via: ens-cache2.l2de3[22,0], ens-cache6.gb6[38,0]
timing-allow-origin: *
eagleid: 4f85b09a17288141786752054e
OPTIONS

https://apien.ldplayer.net/ows/en/games/playFullPack

chrome.exe

Remote address:

79.133.176.174:443

Request

OPTIONS /ows/en/games/playFullPack HTTP/2.0
host: apien.ldplayer.net
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type
origin: https://www.ldplayer.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-length: 0
date: Sun, 13 Oct 2024 10:09:42 GMT
vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://www.ldplayer.net
access-control-allow-methods: POST
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-max-age: 18000
via: ens-cache15.l2de3[11,0], ens-cache6.gb6[27,0]
timing-allow-origin: *
eagleid: 4f85b09a17288141820466236e
POST

https://apien.ldplayer.net/ows/en/games/playFullPack

chrome.exe

Remote address:

79.133.176.174:443

Request

POST /ows/en/games/playFullPack HTTP/2.0
host: apien.ldplayer.net
content-length: 51
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept: application/json, text/plain, */*
content-type: application/json;charset=UTF-8
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
origin: https://www.ldplayer.net
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/json
date: Sun, 13 Oct 2024 10:09:42 GMT
vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://www.ldplayer.net
access-control-allow-credentials: true
x-ratelimit-remaining: 493
x-ratelimit-requested-tokens: 1
x-ratelimit-burst-capacity: 500
x-ratelimit-replenish-rate: 500
vary: accept-encoding
content-encoding: gzip
via: ens-cache15.l2de3[30,0], ens-cache6.gb6[47,0]
timing-allow-origin: *
eagleid: 4f85b09a17288141820956307e
GET

https://apien.ldplayer.net/ows/en/ip/checkIpArea

chrome.exe

Remote address:

79.133.176.174:443

Request

GET /ows/en/ip/checkIpArea HTTP/2.0
host: apien.ldplayer.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept: application/json, text/plain, */*
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
origin: https://www.ldplayer.net
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/json
date: Sun, 13 Oct 2024 10:09:43 GMT
vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://www.ldplayer.net
access-control-allow-credentials: true
x-ratelimit-remaining: 494
x-ratelimit-requested-tokens: 1
x-ratelimit-burst-capacity: 500
x-ratelimit-replenish-rate: 500
vary: accept-encoding
content-encoding: gzip
via: ens-cache2.l2de3[14,0], ens-cache6.gb6[30,0]
timing-allow-origin: *
eagleid: 4f85b09a17288141832107533e
GET

https://apien.ldplayer.net/ows/en/front/homePack

chrome.exe

Remote address:

79.133.176.174:443

Request

GET /ows/en/front/homePack HTTP/2.0
host: apien.ldplayer.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept: application/json, text/plain, */*
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
origin: https://www.ldplayer.net
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/json
date: Sun, 13 Oct 2024 10:09:46 GMT
vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://www.ldplayer.net
access-control-allow-credentials: true
x-ratelimit-remaining: 486
x-ratelimit-requested-tokens: 1
x-ratelimit-burst-capacity: 500
x-ratelimit-replenish-rate: 500
vary: accept-encoding
content-encoding: gzip
via: ens-cache15.l2de3[11,0], ens-cache6.gb6[27,0]
timing-allow-origin: *
eagleid: 4f85b09a17288141865583253e
POST

https://apien.ldplayer.net/ows/en/front/versions

chrome.exe

Remote address:

79.133.176.174:443

Request

POST /ows/en/front/versions HTTP/2.0
host: apien.ldplayer.net
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept: application/json, text/plain, */*
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
origin: https://www.ldplayer.net
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/json
date: Sun, 13 Oct 2024 10:09:46 GMT
vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://www.ldplayer.net
access-control-allow-credentials: true
x-ratelimit-remaining: 480
x-ratelimit-requested-tokens: 1
x-ratelimit-burst-capacity: 500
x-ratelimit-replenish-rate: 500
vary: accept-encoding
content-encoding: gzip
via: ens-cache2.l2de3[12,0], ens-cache6.gb6[28,0]
timing-allow-origin: *
eagleid: 4f85b09a17288141867203417e
GET

https://apien.ldplayer.net/ows/en/ip/englishCheckIpArea

chrome.exe

Remote address:

79.133.176.174:443

Request

GET /ows/en/ip/englishCheckIpArea HTTP/2.0
host: apien.ldplayer.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept: application/json, text/plain, */*
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
origin: https://www.ldplayer.net
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/json
date: Sun, 13 Oct 2024 10:09:46 GMT
vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://www.ldplayer.net
access-control-allow-credentials: true
x-ratelimit-remaining: 480
x-ratelimit-requested-tokens: 1
x-ratelimit-burst-capacity: 500
x-ratelimit-replenish-rate: 500
vary: accept-encoding
content-encoding: gzip
via: ens-cache17.l2de3[9,0], ens-cache6.gb6[28,0]
timing-allow-origin: *
eagleid: 4f85b09a17288141867243435e
DNS

bat.bing.com

chrome.exe

Remote address:

8.8.8.8:53

Request

bat.bing.com

IN A

Response

bat.bing.com

IN CNAME

bat-bing-com.ax-0001.ax-msedge.net

bat-bing-com.ax-0001.ax-msedge.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
DNS

242.154.181.163.in-addr.arpa

chrome.exe

Remote address:

8.8.8.8:53

Request

242.154.181.163.in-addr.arpa

IN PTR

Response
DNS

accounts.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

accounts.google.com

IN A

Response

accounts.google.com

IN A

173.194.69.84
DNS

invite.ldplayer.net

chrome.exe

Remote address:

8.8.8.8:53

Request

invite.ldplayer.net

IN A

Response

invite.ldplayer.net

IN CNAME

alb-shkm79to4v4xg6fs5g.ap-southeast-1.alb.aliyuncs.com

alb-shkm79to4v4xg6fs5g.ap-southeast-1.alb.aliyuncs.com

IN A

47.245.114.192

alb-shkm79to4v4xg6fs5g.ap-southeast-1.alb.aliyuncs.com

IN A

8.219.96.60

alb-shkm79to4v4xg6fs5g.ap-southeast-1.alb.aliyuncs.com

IN A

8.219.66.74
DNS

invite.ldplayer.net

chrome.exe

Remote address:

8.8.8.8:53

Request

invite.ldplayer.net

IN A

Response

invite.ldplayer.net

IN CNAME

alb-shkm79to4v4xg6fs5g.ap-southeast-1.alb.aliyuncs.com

alb-shkm79to4v4xg6fs5g.ap-southeast-1.alb.aliyuncs.com

IN A

47.245.114.192

alb-shkm79to4v4xg6fs5g.ap-southeast-1.alb.aliyuncs.com

IN A

8.219.96.60

alb-shkm79to4v4xg6fs5g.ap-southeast-1.alb.aliyuncs.com

IN A

8.219.66.74
DNS

www.clarity.ms

chrome.exe

Remote address:

8.8.8.8:53

Request

www.clarity.ms

IN A

Response

www.clarity.ms

IN CNAME

clarity.azurefd.net

clarity.azurefd.net

IN CNAME

azurefd-t-prod.trafficmanager.net

azurefd-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

186.176.133.79.in-addr.arpa

chrome.exe

Remote address:

8.8.8.8:53

Request

186.176.133.79.in-addr.arpa

IN PTR

Response
DNS

84.69.194.173.in-addr.arpa

chrome.exe

Remote address:

8.8.8.8:53

Request

84.69.194.173.in-addr.arpa

IN PTR

Response

84.69.194.173.in-addr.arpa

IN PTR

ef-in-f841e100net
DNS

stpd.cloud

chrome.exe

Remote address:

8.8.8.8:53

Request

stpd.cloud

IN A

Response

stpd.cloud

IN A

104.18.31.49

stpd.cloud

IN A

104.18.30.49
DNS

www.googletagservices.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.googletagservices.com

IN A

Response

www.googletagservices.com

IN A

142.250.200.2
DNS

www.googletagservices.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.googletagservices.com

IN A

Response

www.googletagservices.com

IN A

142.250.200.2
DNS

hm.baidu.com

chrome.exe

Remote address:

8.8.8.8:53

Request

hm.baidu.com

IN A

Response

hm.baidu.com

IN CNAME

hm.e.shifen.com

hm.e.shifen.com

IN A

183.240.98.228

hm.e.shifen.com

IN A

111.45.11.83

hm.e.shifen.com

IN A

14.215.183.79

hm.e.shifen.com

IN A

111.45.3.198

hm.e.shifen.com

IN A

14.215.182.140
DNS

hm.baidu.com

chrome.exe

Remote address:

8.8.8.8:53

Request

hm.baidu.com

IN A

Response

hm.baidu.com

IN CNAME

hm.e.shifen.com

hm.e.shifen.com

IN A

14.215.182.140

hm.e.shifen.com

IN A

111.45.3.198

hm.e.shifen.com

IN A

14.215.183.79

hm.e.shifen.com

IN A

111.45.11.83

hm.e.shifen.com

IN A

183.240.98.228
GET

https://bat.bing.com/bat.js

chrome.exe

Remote address:

150.171.28.10:443

Request

GET /bat.js HTTP/2.0
host: bat.bing.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: private,max-age=1800
content-length: 14402
content-type: application/javascript
content-encoding: gzip
last-modified: Thu, 19 Sep 2024 15:43:41 GMT
accept-ranges: bytes
etag: "803483b3aaadb1:0"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 951F89EDFCD849528B2AADE66366936D Ref B: LON601060103042 Ref C: 2024-10-13T10:09:38Z
date: Sun, 13 Oct 2024 10:09:38 GMT
GET

https://bat.bing.com/p/action/187121839.js

chrome.exe

Remote address:

150.171.28.10:443

Request

GET /p/action/187121839.js HTTP/2.0
host: bat.bing.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

cache-control: private,max-age=60
content-type: application/javascript; charset=utf-8
content-encoding: br
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DFB46A4A90D44082901CA4C4542FB7F0 Ref B: LON601060103042 Ref C: 2024-10-13T10:09:38Z
date: Sun, 13 Oct 2024 10:09:38 GMT
GET

https://bat.bing.com/action/0?ti=187121839&tm=gtm002&Ver=2&mid=0aa593eb-5c3f-48f6-ab70-0b14b1c69bda&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=1&msclkid=N&uach=pv%3D14.0.0&pi=918639831&lg=en-US&sw=1280&sh=720&sc=24&tl=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&p=https%3A%2F%2Fwww.ldplayer.net%2F&r=https%3A%2F%2Fwww.google.com%2F&lt=635&evt=pageLoad&sv=1&cdb=AQAU&rn=419384

chrome.exe

Remote address:

150.171.28.10:443

Request

GET /action/0?ti=187121839&tm=gtm002&Ver=2&mid=0aa593eb-5c3f-48f6-ab70-0b14b1c69bda&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=1&msclkid=N&uach=pv%3D14.0.0&pi=918639831&lg=en-US&sw=1280&sh=720&sc=24&tl=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&p=https%3A%2F%2Fwww.ldplayer.net%2F&r=https%3A%2F%2Fwww.google.com%2F&lt=635&evt=pageLoad&sv=1&cdb=AQAU&rn=419384 HTTP/2.0
host: bat.bing.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=30E3411680EA610F28D3540181756056; domain=.bing.com; expires=Fri, 07-Nov-2025 10:09:38 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 30963C6B2D174328B3F5142CFF4643B0 Ref B: LON601060103042 Ref C: 2024-10-13T10:09:38Z
date: Sun, 13 Oct 2024 10:09:38 GMT
POST

https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=0aa593eb-5c3f-48f6-ab70-0b14b1c69bda&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=1&msclkid=N&evt=gtmConsent&gasc=G

chrome.exe

Remote address:

150.171.28.10:443

Request

POST /actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=0aa593eb-5c3f-48f6-ab70-0b14b1c69bda&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=1&msclkid=N&evt=gtmConsent&gasc=G HTTP/2.0
host: bat.bing.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=30E3411680EA610F28D3540181756056

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=jvWjWG-gzMburmG1Zdugrt-deOqE-mT_3PIhc5uroSg; domain=.bing.com; expires=Fri, 07-Nov-2025 10:09:40 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1A94565FE1E64F3CAA82D8C5A919C7DC Ref B: LON601060103042 Ref C: 2024-10-13T10:09:40Z
date: Sun, 13 Oct 2024 10:09:40 GMT
POST

https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=0aa593eb-5c3f-48f6-ab70-0b14b1c69bda&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=1&msclkid=N&evt=pageHide

chrome.exe

Remote address:

150.171.28.10:443

Request

POST /actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=0aa593eb-5c3f-48f6-ab70-0b14b1c69bda&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=1&msclkid=N&evt=pageHide HTTP/2.0
host: bat.bing.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=30E3411680EA610F28D3540181756056
cookie: MSPTC=jvWjWG-gzMburmG1Zdugrt-deOqE-mT_3PIhc5uroSg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E1973CA5501B4F75860A6E62D551C659 Ref B: LON601060103042 Ref C: 2024-10-13T10:09:43Z
date: Sun, 13 Oct 2024 10:09:42 GMT
GET

https://bat.bing.com/action/0?ti=187121839&tm=gtm002&Ver=2&mid=bc8cf8f7-7e83-42f8-a933-36d32c738546&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&page_path=%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&spa=Y&p=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&uach=pv%3D14.0.0&pi=918639831&lg=en-US&sw=1280&sh=720&sc=24&tl=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&r=https%3A%2F%2Fwww.ldplayer.net%2F&evt=pageLoad&sv=1&cdb=AQAU&rn=254420

chrome.exe

Remote address:

150.171.28.10:443

Request

GET /action/0?ti=187121839&tm=gtm002&Ver=2&mid=bc8cf8f7-7e83-42f8-a933-36d32c738546&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&page_path=%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&spa=Y&p=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&uach=pv%3D14.0.0&pi=918639831&lg=en-US&sw=1280&sh=720&sc=24&tl=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&r=https%3A%2F%2Fwww.ldplayer.net%2F&evt=pageLoad&sv=1&cdb=AQAU&rn=254420 HTTP/2.0
host: bat.bing.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=30E3411680EA610F28D3540181756056
cookie: MSPTC=jvWjWG-gzMburmG1Zdugrt-deOqE-mT_3PIhc5uroSg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DB9B9C4FA17B470580C90A199D20280B Ref B: LON601060103042 Ref C: 2024-10-13T10:09:43Z
date: Sun, 13 Oct 2024 10:09:42 GMT
POST

https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=bc8cf8f7-7e83-42f8-a933-36d32c738546&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=pageHide

chrome.exe

Remote address:

150.171.28.10:443

Request

POST /actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=bc8cf8f7-7e83-42f8-a933-36d32c738546&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=pageHide HTTP/2.0
host: bat.bing.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=30E3411680EA610F28D3540181756056
cookie: MSPTC=jvWjWG-gzMburmG1Zdugrt-deOqE-mT_3PIhc5uroSg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2872E68DFC494FC38FF5CF5117B05B10 Ref B: LON601060103042 Ref C: 2024-10-13T10:09:46Z
date: Sun, 13 Oct 2024 10:09:46 GMT
GET

https://bat.bing.com/action/0?ti=187121839&tm=gtm002&Ver=2&mid=6c69f35f-a9b1-4f71-b6bc-0781f37c313b&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&page_path=%2F&spa=Y&p=https%3A%2F%2Fwww.ldplayer.net%2F&uach=pv%3D14.0.0&pi=918639831&lg=en-US&sw=1280&sh=720&sc=24&tl=Download%20Tree%20of%20Savior%3A%20Neverland%20on%20PC%20(Emulator)%20-%20LDPlayer&r=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&evt=pageLoad&sv=1&cdb=AQAU&rn=670298

chrome.exe

Remote address:

150.171.28.10:443

Request

GET /action/0?ti=187121839&tm=gtm002&Ver=2&mid=6c69f35f-a9b1-4f71-b6bc-0781f37c313b&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&page_path=%2F&spa=Y&p=https%3A%2F%2Fwww.ldplayer.net%2F&uach=pv%3D14.0.0&pi=918639831&lg=en-US&sw=1280&sh=720&sc=24&tl=Download%20Tree%20of%20Savior%3A%20Neverland%20on%20PC%20(Emulator)%20-%20LDPlayer&r=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&evt=pageLoad&sv=1&cdb=AQAU&rn=670298 HTTP/2.0
host: bat.bing.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=30E3411680EA610F28D3540181756056
cookie: MSPTC=jvWjWG-gzMburmG1Zdugrt-deOqE-mT_3PIhc5uroSg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: BEC54D3DDB9443AD927D8E291E8D550C Ref B: LON601060103042 Ref C: 2024-10-13T10:09:46Z
date: Sun, 13 Oct 2024 10:09:46 GMT
POST

https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=6c69f35f-a9b1-4f71-b6bc-0781f37c313b&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=pageHide

chrome.exe

Remote address:

150.171.28.10:443

Request

POST /actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=6c69f35f-a9b1-4f71-b6bc-0781f37c313b&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=pageHide HTTP/2.0
host: bat.bing.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=30E3411680EA610F28D3540181756056
cookie: MSPTC=jvWjWG-gzMburmG1Zdugrt-deOqE-mT_3PIhc5uroSg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 240AC264CFEE418CA212058FE23C5CE2 Ref B: LON601060103042 Ref C: 2024-10-13T10:09:48Z
date: Sun, 13 Oct 2024 10:09:48 GMT
GET

https://bat.bing.com/action/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&page_path=%2F%23google_vignette&spa=Y&p=https%3A%2F%2Fwww.ldplayer.net%2F%23google_vignette&uach=pv%3D14.0.0&pi=918639831&lg=en-US&sw=1280&sh=720&sc=24&tl=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&r=https%3A%2F%2Fwww.ldplayer.net%2F&evt=pageLoad&sv=1&cdb=AQAU&rn=110387

chrome.exe

Remote address:

150.171.28.10:443

Request

GET /action/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&page_path=%2F%23google_vignette&spa=Y&p=https%3A%2F%2Fwww.ldplayer.net%2F%23google_vignette&uach=pv%3D14.0.0&pi=918639831&lg=en-US&sw=1280&sh=720&sc=24&tl=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&r=https%3A%2F%2Fwww.ldplayer.net%2F&evt=pageLoad&sv=1&cdb=AQAU&rn=110387 HTTP/2.0
host: bat.bing.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=30E3411680EA610F28D3540181756056
cookie: MSPTC=jvWjWG-gzMburmG1Zdugrt-deOqE-mT_3PIhc5uroSg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AE177EAB3C0B4CBDB8C2625C688C622C Ref B: LON601060103042 Ref C: 2024-10-13T10:09:48Z
date: Sun, 13 Oct 2024 10:09:48 GMT
GET

https://bat.bing.com/action/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&gc=USD&tpp=1&ea=signup&en=Y&p=https%3A%2F%2Fwww.ldplayer.net%2F%23google_vignette&sw=1280&sh=720&sc=24&evt=custom&cdb=AQAU&rn=471670

chrome.exe

Remote address:

150.171.28.10:443

Request

GET /action/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&gc=USD&tpp=1&ea=signup&en=Y&p=https%3A%2F%2Fwww.ldplayer.net%2F%23google_vignette&sw=1280&sh=720&sc=24&evt=custom&cdb=AQAU&rn=471670 HTTP/2.0
host: bat.bing.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=30E3411680EA610F28D3540181756056
cookie: MSPTC=jvWjWG-gzMburmG1Zdugrt-deOqE-mT_3PIhc5uroSg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C03D9E80BCAC455590C43C12BEA87EEF Ref B: LON601060103042 Ref C: 2024-10-13T10:09:48Z
date: Sun, 13 Oct 2024 10:09:48 GMT
GET

https://bat.bing.com/action/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&gtm_tag_source=ua&ec=ldplayer&el=https%3A%2F%2Fwww.ldplayer.net%2F&gc=USD&tpp=1&en=Y&p=https%3A%2F%2Fwww.ldplayer.net%2F%23google_vignette&sw=1280&sh=720&sc=24&evt=custom&cdb=AQAU&rn=667872

chrome.exe

Remote address:

150.171.28.10:443

Request

GET /action/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&gtm_tag_source=ua&ec=ldplayer&el=https%3A%2F%2Fwww.ldplayer.net%2F&gc=USD&tpp=1&en=Y&p=https%3A%2F%2Fwww.ldplayer.net%2F%23google_vignette&sw=1280&sh=720&sc=24&evt=custom&cdb=AQAU&rn=667872 HTTP/2.0
host: bat.bing.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=30E3411680EA610F28D3540181756056
cookie: MSPTC=jvWjWG-gzMburmG1Zdugrt-deOqE-mT_3PIhc5uroSg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 073595808F20424EBF6F5799C25CB857 Ref B: LON601060103042 Ref C: 2024-10-13T10:09:48Z
date: Sun, 13 Oct 2024 10:09:48 GMT
GET

https://bat.bing.com/action/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&ev=0&gc=USD&tpp=1&en=Y&p=https%3A%2F%2Fwww.ldplayer.net%2F%23google_vignette&sw=1280&sh=720&sc=24&evt=custom&cdb=AQAU&rn=965479

chrome.exe

Remote address:

150.171.28.10:443

Request

GET /action/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&ev=0&gc=USD&tpp=1&en=Y&p=https%3A%2F%2Fwww.ldplayer.net%2F%23google_vignette&sw=1280&sh=720&sc=24&evt=custom&cdb=AQAU&rn=965479 HTTP/2.0
host: bat.bing.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=30E3411680EA610F28D3540181756056
cookie: MSPTC=jvWjWG-gzMburmG1Zdugrt-deOqE-mT_3PIhc5uroSg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 915D60332A4746D9A6BA743FBD9D7D0A Ref B: LON601060103042 Ref C: 2024-10-13T10:09:48Z
date: Sun, 13 Oct 2024 10:09:48 GMT
GET

https://bat.bing.com/action/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&ev=0&gc=USD&tpp=1&ea=signup&en=Y&p=https%3A%2F%2Fwww.ldplayer.net%2F%23google_vignette&sw=1280&sh=720&sc=24&evt=custom&cdb=AQAU&rn=361121

chrome.exe

Remote address:

150.171.28.10:443

Request

GET /action/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&ev=0&gc=USD&tpp=1&ea=signup&en=Y&p=https%3A%2F%2Fwww.ldplayer.net%2F%23google_vignette&sw=1280&sh=720&sc=24&evt=custom&cdb=AQAU&rn=361121 HTTP/2.0
host: bat.bing.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=30E3411680EA610F28D3540181756056
cookie: MSPTC=jvWjWG-gzMburmG1Zdugrt-deOqE-mT_3PIhc5uroSg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E4959ACD39014C05978285BBB6C3A043 Ref B: LON601060103042 Ref C: 2024-10-13T10:09:48Z
date: Sun, 13 Oct 2024 10:09:48 GMT
GET

https://bat.bing.com/action/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&gc=USD&tpp=1&ea=signup&en=Y&p=https%3A%2F%2Fwww.ldplayer.net%2F%23google_vignette&sw=1280&sh=720&sc=24&evt=custom&cdb=AQAU&rn=713028

chrome.exe

Remote address:

150.171.28.10:443

Request

GET /action/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&gc=USD&tpp=1&ea=signup&en=Y&p=https%3A%2F%2Fwww.ldplayer.net%2F%23google_vignette&sw=1280&sh=720&sc=24&evt=custom&cdb=AQAU&rn=713028 HTTP/2.0
host: bat.bing.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=30E3411680EA610F28D3540181756056
cookie: MSPTC=jvWjWG-gzMburmG1Zdugrt-deOqE-mT_3PIhc5uroSg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6A5B082E2859444A9B92F54379D559EE Ref B: LON601060103042 Ref C: 2024-10-13T10:09:48Z
date: Sun, 13 Oct 2024 10:09:48 GMT
POST

https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=gtmConsent&gasc=D

chrome.exe

Remote address:

150.171.28.10:443

Request

POST /actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=gtmConsent&gasc=D HTTP/2.0
host: bat.bing.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=30E3411680EA610F28D3540181756056
cookie: MSPTC=jvWjWG-gzMburmG1Zdugrt-deOqE-mT_3PIhc5uroSg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AB745694DC1645E6A48DB16AE8DD1CD6 Ref B: LON601060103042 Ref C: 2024-10-13T10:09:49Z
date: Sun, 13 Oct 2024 10:09:48 GMT
POST

https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=gtmConsent&gasc=G

chrome.exe

Remote address:

150.171.28.10:443

Request

POST /actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=gtmConsent&gasc=G HTTP/2.0
host: bat.bing.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=30E3411680EA610F28D3540181756056
cookie: MSPTC=jvWjWG-gzMburmG1Zdugrt-deOqE-mT_3PIhc5uroSg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D7C9492E89E341FF89823D26E42C3398 Ref B: LON601060103042 Ref C: 2024-10-13T10:09:49Z
date: Sun, 13 Oct 2024 10:09:48 GMT
POST

https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=gtmConsent&gasc=D

chrome.exe

Remote address:

150.171.28.10:443

Request

POST /actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=gtmConsent&gasc=D HTTP/2.0
host: bat.bing.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=30E3411680EA610F28D3540181756056
cookie: MSPTC=jvWjWG-gzMburmG1Zdugrt-deOqE-mT_3PIhc5uroSg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 799562863FA74951A729E9A39BCCA523 Ref B: LON601060103042 Ref C: 2024-10-13T10:09:49Z
date: Sun, 13 Oct 2024 10:09:48 GMT
POST

https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=gtmConsent&gasc=G

chrome.exe

Remote address:

150.171.28.10:443

Request

POST /actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=gtmConsent&gasc=G HTTP/2.0
host: bat.bing.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=30E3411680EA610F28D3540181756056
cookie: MSPTC=jvWjWG-gzMburmG1Zdugrt-deOqE-mT_3PIhc5uroSg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D5D7A5FDD85D4F47B5B75D551CB2D8DC Ref B: LON601060103042 Ref C: 2024-10-13T10:09:49Z
date: Sun, 13 Oct 2024 10:09:48 GMT
POST

https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=gtmConsent&gasc=D

chrome.exe

Remote address:

150.171.28.10:443

Request

POST /actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=gtmConsent&gasc=D HTTP/2.0
host: bat.bing.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=30E3411680EA610F28D3540181756056
cookie: MSPTC=jvWjWG-gzMburmG1Zdugrt-deOqE-mT_3PIhc5uroSg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 081349F3E4F94A1B9EEFDAE2FB49C722 Ref B: LON601060103042 Ref C: 2024-10-13T10:09:49Z
date: Sun, 13 Oct 2024 10:09:48 GMT
POST

https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=gtmConsent&gasc=G

chrome.exe

Remote address:

150.171.28.10:443

Request

POST /actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=gtmConsent&gasc=G HTTP/2.0
host: bat.bing.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=30E3411680EA610F28D3540181756056
cookie: MSPTC=jvWjWG-gzMburmG1Zdugrt-deOqE-mT_3PIhc5uroSg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 51B4755996E4434EBB8A5C918B400B55 Ref B: LON601060103042 Ref C: 2024-10-13T10:09:49Z
date: Sun, 13 Oct 2024 10:09:48 GMT
POST

https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=gtmConsent&gasc=D

chrome.exe

Remote address:

150.171.28.10:443

Request

POST /actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=gtmConsent&gasc=D HTTP/2.0
host: bat.bing.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=30E3411680EA610F28D3540181756056
cookie: MSPTC=jvWjWG-gzMburmG1Zdugrt-deOqE-mT_3PIhc5uroSg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0AE9DD3BC015446CBCD90426B4ACA27F Ref B: LON601060103042 Ref C: 2024-10-13T10:09:49Z
date: Sun, 13 Oct 2024 10:09:48 GMT
POST

https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=gtmConsent&gasc=G

chrome.exe

Remote address:

150.171.28.10:443

Request

POST /actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=gtmConsent&gasc=G HTTP/2.0
host: bat.bing.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=30E3411680EA610F28D3540181756056
cookie: MSPTC=jvWjWG-gzMburmG1Zdugrt-deOqE-mT_3PIhc5uroSg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 077F01F92C7548129FE96F5CA070A1BD Ref B: LON601060103042 Ref C: 2024-10-13T10:09:49Z
date: Sun, 13 Oct 2024 10:09:48 GMT
POST

https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=pageHide

chrome.exe

Remote address:

150.171.28.10:443

Request

POST /actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=pageHide HTTP/2.0
host: bat.bing.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=30E3411680EA610F28D3540181756056
cookie: MSPTC=jvWjWG-gzMburmG1Zdugrt-deOqE-mT_3PIhc5uroSg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 09581A33109D49FA91249B522CA6BABD Ref B: LON601060103042 Ref C: 2024-10-13T10:09:49Z
date: Sun, 13 Oct 2024 10:09:48 GMT
GET

https://bat.bing.com/action/0?ti=187121839&tm=gtm002&Ver=2&mid=be0e2fcc-a68a-4df5-ba19-2600bd8de255&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&page_path=%2Fdownload%2Finstall&spa=Y&p=https%3A%2F%2Fwww.ldplayer.net%2Fdownload%2Finstall&uach=pv%3D14.0.0&pi=918639831&lg=en-US&sw=1280&sh=720&sc=24&tl=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&r=https%3A%2F%2Fwww.ldplayer.net%2F%23google_vignette&evt=pageLoad&sv=1&cdb=AQAU&rn=79879

chrome.exe

Remote address:

150.171.28.10:443

Request

GET /action/0?ti=187121839&tm=gtm002&Ver=2&mid=be0e2fcc-a68a-4df5-ba19-2600bd8de255&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&page_path=%2Fdownload%2Finstall&spa=Y&p=https%3A%2F%2Fwww.ldplayer.net%2Fdownload%2Finstall&uach=pv%3D14.0.0&pi=918639831&lg=en-US&sw=1280&sh=720&sc=24&tl=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&r=https%3A%2F%2Fwww.ldplayer.net%2F%23google_vignette&evt=pageLoad&sv=1&cdb=AQAU&rn=79879 HTTP/2.0
host: bat.bing.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=30E3411680EA610F28D3540181756056
cookie: MSPTC=jvWjWG-gzMburmG1Zdugrt-deOqE-mT_3PIhc5uroSg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7621320674FE496F80F6EFB6091DEB12 Ref B: LON601060103042 Ref C: 2024-10-13T10:09:49Z
date: Sun, 13 Oct 2024 10:09:49 GMT
POST

https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=be0e2fcc-a68a-4df5-ba19-2600bd8de255&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=pageHide

chrome.exe

Remote address:

150.171.28.10:443

Request

POST /actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=be0e2fcc-a68a-4df5-ba19-2600bd8de255&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=pageHide HTTP/2.0
host: bat.bing.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: MUID=30E3411680EA610F28D3540181756056
cookie: MSPTC=jvWjWG-gzMburmG1Zdugrt-deOqE-mT_3PIhc5uroSg

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4ED45D17DAC645C0887627D0A756799B Ref B: LON601060103042 Ref C: 2024-10-13T10:10:34Z
date: Sun, 13 Oct 2024 10:10:34 GMT
GET

https://www.clarity.ms/tag/584iom30dr

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /tag/584iom30dr HTTP/2.0
host: www.clarity.ms
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:38 GMT
content-type: application/x-javascript
content-length: 689
cache-control: no-cache, no-store
expires: -1
set-cookie: CLID=baccc7a2c047472f87a7d29f7ff1112c.20241013.20251013; expires=Mon, 13 Oct 2025 10:09:38 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81
x-azure-ref: 20241013T100938Z-15f4bcb964fj9q6w8rg2779ten00000003fg00000001utbe
x-cache: CONFIG_NOCACHE
accept-ranges: bytes
GET

https://www.clarity.ms/s/0.7.48/clarity.js

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /s/0.7.48/clarity.js HTTP/2.0
host: www.clarity.ms
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: CLID=baccc7a2c047472f87a7d29f7ff1112c.20241013.20251013

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:38 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
last-modified: Thu, 10 Oct 2024 19:25:21 GMT
etag: W/"0x8DCE961488285A1"
x-ms-request-id: 7da9e8f9-501e-0064-5bf2-1bdf43000000
x-ms-version: 2018-03-28
access-control-allow-origin: *
x-azure-ref: 20241013T100938Z-15f4bcb964fj9q6w8rg2779ten00000003fg00000001utbv
cache-control: public, max-age=86400
x-fd-int-roxy-purgeid: 51562430
x-cache: TCP_HIT
content-encoding: br
GET

https://www.clarity.ms/tag/uet/187121839?insights=1

chrome.exe

Remote address:

13.107.246.64:443

Request

GET /tag/uet/187121839?insights=1 HTTP/2.0
host: www.clarity.ms
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: CLID=baccc7a2c047472f87a7d29f7ff1112c.20241013.20251013

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:39 GMT
content-type: application/x-javascript
content-length: 880
cache-control: no-cache, no-store
expires: -1
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
x-azure-ref: 20241013T100938Z-15f4bcb964fj9q6w8rg2779ten00000003fg00000001utbx
x-cache: CONFIG_NOCACHE
accept-ranges: bytes
DNS

234.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.187.250.142.in-addr.arpa

IN PTR

Response

234.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f101e100net
DNS

b.clarity.ms

Remote address:

8.8.8.8:53

Request

b.clarity.ms

IN A

Response

b.clarity.ms

IN CNAME

vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com

vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com

IN A

4.153.129.168
DNS

b.clarity.ms

Remote address:

8.8.8.8:53

Request

b.clarity.ms

IN A

Response

b.clarity.ms

IN CNAME

vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com

vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com

IN A

4.153.129.168
DNS

174.176.133.79.in-addr.arpa

Remote address:

8.8.8.8:53

Request

174.176.133.79.in-addr.arpa

IN PTR

Response
DNS

168.129.153.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

168.129.153.4.in-addr.arpa

IN PTR

Response
DNS

play-lh.googleusercontent.com

Remote address:

8.8.8.8:53

Request

play-lh.googleusercontent.com

IN A

Response

play-lh.googleusercontent.com

IN A

142.250.179.246
DNS

66f7aa179543774b3f297a30a3931951.safeframe.googlesyndication.com

Remote address:

8.8.8.8:53

Request

66f7aa179543774b3f297a30a3931951.safeframe.googlesyndication.com

IN A

Response

66f7aa179543774b3f297a30a3931951.safeframe.googlesyndication.com

IN CNAME

pagead-googlehosted.l.google.com

pagead-googlehosted.l.google.com

IN A

142.250.180.1
DNS

tagan.adlightning.com

Remote address:

8.8.8.8:53

Request

tagan.adlightning.com

IN A

Response

tagan.adlightning.com

IN A

65.9.95.35

tagan.adlightning.com

IN A

65.9.95.16

tagan.adlightning.com

IN A

65.9.95.22

tagan.adlightning.com

IN A

65.9.95.20
DNS

adx.adform.net

Remote address:

8.8.8.8:53

Request

adx.adform.net

IN A

Response

adx.adform.net

IN CNAME

track-eu.adformnet.akadns.net

track-eu.adformnet.akadns.net

IN A

37.157.5.132

track-eu.adformnet.akadns.net

IN A

37.157.5.133

track-eu.adformnet.akadns.net

IN A

37.157.5.84

track-eu.adformnet.akadns.net

IN A

37.157.4.28

track-eu.adformnet.akadns.net

IN A

37.157.5.87

track-eu.adformnet.akadns.net

IN A

37.157.4.29
DNS

cdn.hadronid.net

Remote address:

8.8.8.8:53

Request

cdn.hadronid.net

IN A

Response

cdn.hadronid.net

IN A

104.22.53.173

cdn.hadronid.net

IN A

172.67.36.110

cdn.hadronid.net

IN A

104.22.52.173
DNS

aax-eu.amazon-adsystem.com

Remote address:

8.8.8.8:53

Request

aax-eu.amazon-adsystem.com

IN A

Response

aax-eu.amazon-adsystem.com

IN A

52.95.122.74
DNS

static.criteo.net

Remote address:

8.8.8.8:53

Request

static.criteo.net

IN A

Response

static.criteo.net

IN CNAME

static.nl3.vip.prod.criteo.net

static.nl3.vip.prod.criteo.net

IN A

178.250.1.3
DNS

static.criteo.net

Remote address:

8.8.8.8:53

Request

static.criteo.net

IN A

Response

static.criteo.net

IN CNAME

static.nl3.vip.prod.criteo.net

static.nl3.vip.prod.criteo.net

IN A

178.250.1.3
DNS

66.169.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

66.169.217.172.in-addr.arpa

IN PTR

Response

66.169.217.172.in-addr.arpa

IN PTR

lhr48s09-in-f21e100net
DNS

adservice.google.com

Remote address:

8.8.8.8:53

Request

adservice.google.com

IN A

Response

adservice.google.com

IN A

142.250.187.226
DNS

api.ldshop.gg

Remote address:

8.8.8.8:53

Request

api.ldshop.gg

IN A

Response

api.ldshop.gg

IN CNAME

alb-jb6sn35is8rk9th51h.ap-southeast-1.alb.aliyuncs.com

alb-jb6sn35is8rk9th51h.ap-southeast-1.alb.aliyuncs.com

IN A

8.222.160.10

alb-jb6sn35is8rk9th51h.ap-southeast-1.alb.aliyuncs.com

IN A

8.222.229.130

alb-jb6sn35is8rk9th51h.ap-southeast-1.alb.aliyuncs.com

IN A

8.222.176.52
DNS

api.ldshop.gg

Remote address:

8.8.8.8:53

Request

api.ldshop.gg

IN A

Response

api.ldshop.gg

IN CNAME

alb-jb6sn35is8rk9th51h.ap-southeast-1.alb.aliyuncs.com

alb-jb6sn35is8rk9th51h.ap-southeast-1.alb.aliyuncs.com

IN A

8.222.229.130

alb-jb6sn35is8rk9th51h.ap-southeast-1.alb.aliyuncs.com

IN A

8.222.160.10

alb-jb6sn35is8rk9th51h.ap-southeast-1.alb.aliyuncs.com

IN A

8.222.176.52
DNS

49.4.236.47.in-addr.arpa

Remote address:

8.8.8.8:53

Request

49.4.236.47.in-addr.arpa

IN PTR

Response
DNS

49.4.236.47.in-addr.arpa

Remote address:

8.8.8.8:53

Request

49.4.236.47.in-addr.arpa

IN PTR

Response
DNS

10.28.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.28.171.150.in-addr.arpa

IN PTR

Response
DNS

226.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.187.250.142.in-addr.arpa

IN PTR

Response

226.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f21e100net
DNS

securepubads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

securepubads.g.doubleclick.net

IN A

Response

securepubads.g.doubleclick.net

IN A

216.58.204.66
DNS

securepubads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

securepubads.g.doubleclick.net

IN A

Response

securepubads.g.doubleclick.net

IN A

216.58.204.66
POST

https://region1.google-analytics.com/g/collect?v=2&tid=G-59PCK5ER57&gtm=45je4a90v890351567z8811059450za200zb811059450&_p=1728814177601&gcs=G100&gcd=13m3m3m3m5l1&npa=1&dma_cps=-&dma=1&tcfd=15X4a&tag_exp=101533421~101671035~101686685&gdid=dNzg2MD&cid=791018054.1728814178&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=denied&_s=1&sid=1728814178&sct=1&seg=0&dl=https%3A%2F%2Fwww.ldplayer.net%2F&dr=https%3A%2F%2Fwww.google.com%2F&dt=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&en=page_view&_fv=1&_ss=1&tfd=1130

chrome.exe

Remote address:

216.239.34.36:443

Request

POST /g/collect?v=2&tid=G-59PCK5ER57&gtm=45je4a90v890351567z8811059450za200zb811059450&_p=1728814177601&gcs=G100&gcd=13m3m3m3m5l1&npa=1&dma_cps=-&dma=1&tcfd=15X4a&tag_exp=101533421~101671035~101686685&gdid=dNzg2MD&cid=791018054.1728814178&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=denied&_s=1&sid=1728814178&sct=1&seg=0&dl=https%3A%2F%2Fwww.ldplayer.net%2F&dr=https%3A%2F%2Fwww.google.com%2F&dt=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&en=page_view&_fv=1&_ss=1&tfd=1130 HTTP/2.0
host: region1.google-analytics.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://region1.google-analytics.com/g/collect?v=2&tid=G-NETEW036PS&gtm=45je4a90v897214331z8811059450za200zb811059450&_p=1728814177601&gcs=G100&gcd=13m3m3m3m5l1&npa=1&dma_cps=-&dma=1&tcfd=15X4a&tag_exp=101671035~101686685~101836706&gdid=dNzg2MD&cid=791018054.1728814178&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=denied&_s=1&sid=1728814178&sct=1&seg=0&dl=https%3A%2F%2Fwww.ldplayer.net%2F&dr=https%3A%2F%2Fwww.google.com%2F&dt=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&en=page_view&_fv=1&_nsi=1&_ss=1&ep.content_group=%E9%A6%96%E9%A1%B5&tfd=1097

chrome.exe

Remote address:

216.239.34.36:443

Request

POST /g/collect?v=2&tid=G-NETEW036PS&gtm=45je4a90v897214331z8811059450za200zb811059450&_p=1728814177601&gcs=G100&gcd=13m3m3m3m5l1&npa=1&dma_cps=-&dma=1&tcfd=15X4a&tag_exp=101671035~101686685~101836706&gdid=dNzg2MD&cid=791018054.1728814178&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=denied&_s=1&sid=1728814178&sct=1&seg=0&dl=https%3A%2F%2Fwww.ldplayer.net%2F&dr=https%3A%2F%2Fwww.google.com%2F&dt=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&en=page_view&_fv=1&_nsi=1&_ss=1&ep.content_group=%E9%A6%96%E9%A1%B5&tfd=1097 HTTP/2.0
host: region1.google-analytics.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://region1.google-analytics.com/g/collect?v=2&tid=G-NETEW036PS&gtm=45je4a90v897214331za200zb811059450&_p=1728814177601&gcs=G111&gcu=1&gcd=13n3n3n3n5l1&npa=0&dma_cps=syphamo&dma=1&tcfd=15X4a&tag_exp=101671035~101686685~101836706&gdid=dNzg2MD&gcut=3&cid=791018054.1728814178&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_s=2&sid=1728814178&sct=1&seg=0&dl=https%3A%2F%2Fwww.ldplayer.net%2F&dr=https%3A%2F%2Fwww.google.com%2F&dt=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&en=user_engagement&ep.content_group=%E9%A6%96%E9%A1%B5&ep.ga_temp_client_id=791018054.1728814178&_et=1667&tfd=6400

chrome.exe

Remote address:

216.239.34.36:443

Request

POST /g/collect?v=2&tid=G-NETEW036PS&gtm=45je4a90v897214331za200zb811059450&_p=1728814177601&gcs=G111&gcu=1&gcd=13n3n3n3n5l1&npa=0&dma_cps=syphamo&dma=1&tcfd=15X4a&tag_exp=101671035~101686685~101836706&gdid=dNzg2MD&gcut=3&cid=791018054.1728814178&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_s=2&sid=1728814178&sct=1&seg=0&dl=https%3A%2F%2Fwww.ldplayer.net%2F&dr=https%3A%2F%2Fwww.google.com%2F&dt=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&en=user_engagement&ep.content_group=%E9%A6%96%E9%A1%B5&ep.ga_temp_client_id=791018054.1728814178&_et=1667&tfd=6400 HTTP/2.0
host: region1.google-analytics.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://region1.google-analytics.com/g/collect?v=2&tid=G-59PCK5ER57&gtm=45je4a90v890351567za200zb811059450&_p=1728814177601&gcs=G111&gcu=1&gcd=13n3n3n3n5l1&npa=0&dma_cps=syphamo&dma=1&tcfd=15X4a&tag_exp=101533421~101671035~101686685&gdid=dNzg2MD&gcut=3&cid=791018054.1728814178&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_s=2&sid=1728814178&sct=1&seg=0&dl=https%3A%2F%2Fwww.ldplayer.net%2F&dr=https%3A%2F%2Fwww.google.com%2F&dt=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&en=user_engagement&ep.ga_temp_client_id=791018054.1728814178&_et=1639&tfd=6408

chrome.exe

Remote address:

216.239.34.36:443

Request

POST /g/collect?v=2&tid=G-59PCK5ER57&gtm=45je4a90v890351567za200zb811059450&_p=1728814177601&gcs=G111&gcu=1&gcd=13n3n3n3n5l1&npa=0&dma_cps=syphamo&dma=1&tcfd=15X4a&tag_exp=101533421~101671035~101686685&gdid=dNzg2MD&gcut=3&cid=791018054.1728814178&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_s=2&sid=1728814178&sct=1&seg=0&dl=https%3A%2F%2Fwww.ldplayer.net%2F&dr=https%3A%2F%2Fwww.google.com%2F&dt=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&en=user_engagement&ep.ga_temp_client_id=791018054.1728814178&_et=1639&tfd=6408 HTTP/2.0
host: region1.google-analytics.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://region1.analytics.google.com/g/collect?v=2&tid=G-NETEW036PS&gtm=45je4a90v897214331za200zb811059450&_p=1728814177601&_gaz=1&gcs=G111&gcd=13n3n3n3n5l1&npa=0&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685~101836706&gdid=dNzg2MD&cid=791018054.1728814178&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_eu=AEA&_s=3&dl=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&dr=https%3A%2F%2Fwww.ldplayer.net%2F&sid=1728814178&sct=1&seg=1&dt=Download%20Tree%20of%20Savior%3A%20Neverland%20on%20PC%20(Emulator)%20-%20LDPlayer&en=page_view&ep.content_group=%E9%A6%96%E9%A1%B5&_et=3627&tfd=6400

chrome.exe

Remote address:

216.239.34.36:443

Request

POST /g/collect?v=2&tid=G-NETEW036PS&gtm=45je4a90v897214331za200zb811059450&_p=1728814177601&_gaz=1&gcs=G111&gcd=13n3n3n3n5l1&npa=0&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685~101836706&gdid=dNzg2MD&cid=791018054.1728814178&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_eu=AEA&_s=3&dl=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&dr=https%3A%2F%2Fwww.ldplayer.net%2F&sid=1728814178&sct=1&seg=1&dt=Download%20Tree%20of%20Savior%3A%20Neverland%20on%20PC%20(Emulator)%20-%20LDPlayer&en=page_view&ep.content_group=%E9%A6%96%E9%A1%B5&_et=3627&tfd=6400 HTTP/2.0
host: region1.analytics.google.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=tx64ELXi4609Y0lZoohPMQEGjjlXSDAoVZfuvB3iTDNvmlg4ruIixIjZPimLSS1QmA_MMxGvwDSYIiJqxsC9sfbTppAsiSSj-__Gs3Oga0nIEUH7IGmjZLGrLfLvaBS9okuFyFrj9RmikqsQA3sI324f_pb2lag3KVrCFBEiXEkmX7zImWrBPtvlKipjtG-9a2KH9HcbJ8TrjxqEyGui6c4fMZFJVTqmC5j7ocmYmHTU
POST

https://region1.analytics.google.com/g/collect?v=2&tid=G-59PCK5ER57&gtm=45je4a90v890351567za200zb811059450&_p=1728814177601&_gaz=1&gcs=G111&gcd=13n3n3n3n5l1&npa=0&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101533421~101671035~101686685&gdid=dNzg2MD&cid=791018054.1728814178&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_eu=AEA&_s=3&dl=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&dr=https%3A%2F%2Fwww.ldplayer.net%2F&sid=1728814178&sct=1&seg=1&dt=Download%20Tree%20of%20Savior%3A%20Neverland%20on%20PC%20(Emulator)%20-%20LDPlayer&en=page_view&_et=3632&tfd=6408

chrome.exe

Remote address:

216.239.34.36:443

Request

POST /g/collect?v=2&tid=G-59PCK5ER57&gtm=45je4a90v890351567za200zb811059450&_p=1728814177601&_gaz=1&gcs=G111&gcd=13n3n3n3n5l1&npa=0&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101533421~101671035~101686685&gdid=dNzg2MD&cid=791018054.1728814178&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_eu=AEA&_s=3&dl=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&dr=https%3A%2F%2Fwww.ldplayer.net%2F&sid=1728814178&sct=1&seg=1&dt=Download%20Tree%20of%20Savior%3A%20Neverland%20on%20PC%20(Emulator)%20-%20LDPlayer&en=page_view&_et=3632&tfd=6408 HTTP/2.0
host: region1.analytics.google.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=tx64ELXi4609Y0lZoohPMQEGjjlXSDAoVZfuvB3iTDNvmlg4ruIixIjZPimLSS1QmA_MMxGvwDSYIiJqxsC9sfbTppAsiSSj-__Gs3Oga0nIEUH7IGmjZLGrLfLvaBS9okuFyFrj9RmikqsQA3sI324f_pb2lag3KVrCFBEiXEkmX7zImWrBPtvlKipjtG-9a2KH9HcbJ8TrjxqEyGui6c4fMZFJVTqmC5j7ocmYmHTU
POST

https://region1.analytics.google.com/g/collect?v=2&tid=G-NETEW036PS&gtm=45je4a90v897214331za200zb811059450&_p=1728814177601&gcs=G111&gcd=13n3n3n3n5l1&npa=0&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685~101836706&gdid=dNzg2MD&cid=791018054.1728814178&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_s=11&sid=1728814178&sct=1&seg=1&dl=https%3A%2F%2Fwww.ldplayer.net%2Fdownload%2Finstall&dr=https%3A%2F%2Fwww.ldplayer.net%2F&dt=Download%20and%20Use%20LDPlayer%20on%20PC&en=user_engagement&ep.content_group=%E9%A6%96%E9%A1%B5&_et=4698&tfd=56678

chrome.exe

Remote address:

216.239.34.36:443

Request

POST /g/collect?v=2&tid=G-NETEW036PS&gtm=45je4a90v897214331za200zb811059450&_p=1728814177601&gcs=G111&gcd=13n3n3n3n5l1&npa=0&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685~101836706&gdid=dNzg2MD&cid=791018054.1728814178&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_s=11&sid=1728814178&sct=1&seg=1&dl=https%3A%2F%2Fwww.ldplayer.net%2Fdownload%2Finstall&dr=https%3A%2F%2Fwww.ldplayer.net%2F&dt=Download%20and%20Use%20LDPlayer%20on%20PC&en=user_engagement&ep.content_group=%E9%A6%96%E9%A1%B5&_et=4698&tfd=56678 HTTP/2.0
host: region1.analytics.google.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=tx64ELXi4609Y0lZoohPMQEGjjlXSDAoVZfuvB3iTDNvmlg4ruIixIjZPimLSS1QmA_MMxGvwDSYIiJqxsC9sfbTppAsiSSj-__Gs3Oga0nIEUH7IGmjZLGrLfLvaBS9okuFyFrj9RmikqsQA3sI324f_pb2lag3KVrCFBEiXEkmX7zImWrBPtvlKipjtG-9a2KH9HcbJ8TrjxqEyGui6c4fMZFJVTqmC5j7ocmYmHTU
POST

https://region1.analytics.google.com/g/collect?v=2&tid=G-59PCK5ER57&gtm=45je4a90v890351567za200zb811059450&_p=1728814177601&gcs=G111&gcd=13n3n3n3n5l1&npa=0&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101533421~101671035~101686685&gdid=dNzg2MD&cid=791018054.1728814178&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_s=13&sid=1728814178&sct=1&seg=1&dl=https%3A%2F%2Fwww.ldplayer.net%2Fdownload%2Finstall&dr=https%3A%2F%2Fwww.ldplayer.net%2F&dt=Download%20and%20Use%20LDPlayer%20on%20PC&en=user_engagement&_et=4682&tfd=56678

chrome.exe

Remote address:

216.239.34.36:443

Request

POST /g/collect?v=2&tid=G-59PCK5ER57&gtm=45je4a90v890351567za200zb811059450&_p=1728814177601&gcs=G111&gcd=13n3n3n3n5l1&npa=0&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101533421~101671035~101686685&gdid=dNzg2MD&cid=791018054.1728814178&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_s=13&sid=1728814178&sct=1&seg=1&dl=https%3A%2F%2Fwww.ldplayer.net%2Fdownload%2Finstall&dr=https%3A%2F%2Fwww.ldplayer.net%2F&dt=Download%20and%20Use%20LDPlayer%20on%20PC&en=user_engagement&_et=4682&tfd=56678 HTTP/2.0
host: region1.analytics.google.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=tx64ELXi4609Y0lZoohPMQEGjjlXSDAoVZfuvB3iTDNvmlg4ruIixIjZPimLSS1QmA_MMxGvwDSYIiJqxsC9sfbTppAsiSSj-__Gs3Oga0nIEUH7IGmjZLGrLfLvaBS9okuFyFrj9RmikqsQA3sI324f_pb2lag3KVrCFBEiXEkmX7zImWrBPtvlKipjtG-9a2KH9HcbJ8TrjxqEyGui6c4fMZFJVTqmC5j7ocmYmHTU
POST

https://b.clarity.ms/collect

chrome.exe

Remote address:

4.153.129.168:443

Request

POST /collect HTTP/1.1
Host: b.clarity.ms
Connection: keep-alive
Content-Length: 65013
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/x-clarity-gzip
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: https://www.ldplayer.net
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Sun, 13 Oct 2024 10:09:39 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.ldplayer.net
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
POST

https://b.clarity.ms/collect

chrome.exe

Remote address:

4.153.129.168:443

Request

POST /collect HTTP/1.1
Host: b.clarity.ms
Connection: keep-alive
Content-Length: 583
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/x-clarity-gzip
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: https://www.ldplayer.net
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Sun, 13 Oct 2024 10:09:40 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.ldplayer.net
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
POST

https://b.clarity.ms/collect

chrome.exe

Remote address:

4.153.129.168:443

Request

POST /collect HTTP/1.1
Host: b.clarity.ms
Connection: keep-alive
Content-Length: 865
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/x-clarity-gzip
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: https://www.ldplayer.net
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Sun, 13 Oct 2024 10:09:42 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.ldplayer.net
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
POST

https://b.clarity.ms/collect

chrome.exe

Remote address:

4.153.129.168:443

Request

POST /collect HTTP/1.1
Host: b.clarity.ms
Connection: keep-alive
Content-Length: 16759
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://www.ldplayer.net
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: empty
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Sun, 13 Oct 2024 10:09:43 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.ldplayer.net
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
POST

https://b.clarity.ms/collect

chrome.exe

Remote address:

4.153.129.168:443

Request

POST /collect HTTP/1.1
Host: b.clarity.ms
Connection: keep-alive
Content-Length: 1125
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/x-clarity-gzip
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: https://www.ldplayer.net
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Sun, 13 Oct 2024 10:09:43 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.ldplayer.net
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
POST

https://b.clarity.ms/collect

chrome.exe

Remote address:

4.153.129.168:443

Request

POST /collect HTTP/1.1
Host: b.clarity.ms
Connection: keep-alive
Content-Length: 89864
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/x-clarity-gzip
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: https://www.ldplayer.net
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Sun, 13 Oct 2024 10:09:43 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.ldplayer.net
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
POST

https://b.clarity.ms/collect

chrome.exe

Remote address:

4.153.129.168:443

Request

POST /collect HTTP/1.1
Host: b.clarity.ms
Connection: keep-alive
Content-Length: 8311
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/x-clarity-gzip
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: https://www.ldplayer.net
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Sun, 13 Oct 2024 10:09:45 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.ldplayer.net
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
POST

https://b.clarity.ms/collect

chrome.exe

Remote address:

4.153.129.168:443

Request

POST /collect HTTP/1.1
Host: b.clarity.ms
Connection: keep-alive
Content-Length: 1203
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://www.ldplayer.net
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: empty
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Sun, 13 Oct 2024 10:09:46 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.ldplayer.net
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
POST

https://b.clarity.ms/collect

chrome.exe

Remote address:

4.153.129.168:443

Request

POST /collect HTTP/1.1
Host: b.clarity.ms
Connection: keep-alive
Content-Length: 79208
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/x-clarity-gzip
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: https://www.ldplayer.net
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Sun, 13 Oct 2024 10:09:47 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.ldplayer.net
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
POST

https://b.clarity.ms/collect

chrome.exe

Remote address:

4.153.129.168:443

Request

POST /collect HTTP/1.1
Host: b.clarity.ms
Connection: keep-alive
Content-Length: 420
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/x-clarity-gzip
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: https://www.ldplayer.net
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Sun, 13 Oct 2024 10:09:48 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.ldplayer.net
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
POST

https://b.clarity.ms/collect

chrome.exe

Remote address:

4.153.129.168:443

Request

POST /collect HTTP/1.1
Host: b.clarity.ms
Connection: keep-alive
Content-Length: 13183
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://www.ldplayer.net
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: empty
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Sun, 13 Oct 2024 10:09:49 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.ldplayer.net
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
POST

https://b.clarity.ms/collect

chrome.exe

Remote address:

4.153.129.168:443

Request

POST /collect HTTP/1.1
Host: b.clarity.ms
Connection: keep-alive
Content-Length: 77399
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/x-clarity-gzip
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: https://www.ldplayer.net
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Sun, 13 Oct 2024 10:09:49 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.ldplayer.net
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
POST

https://b.clarity.ms/collect

chrome.exe

Remote address:

4.153.129.168:443

Request

POST /collect HTTP/1.1
Host: b.clarity.ms
Connection: keep-alive
Content-Length: 5096
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/x-clarity-gzip
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: https://www.ldplayer.net
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Sun, 13 Oct 2024 10:09:50 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.ldplayer.net
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
POST

https://b.clarity.ms/collect

chrome.exe

Remote address:

4.153.129.168:443

Request

POST /collect HTTP/1.1
Host: b.clarity.ms
Connection: keep-alive
Content-Length: 2046
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/x-clarity-gzip
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: https://www.ldplayer.net
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Sun, 13 Oct 2024 10:09:53 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.ldplayer.net
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
POST

https://b.clarity.ms/collect

chrome.exe

Remote address:

4.153.129.168:443

Request

POST /collect HTTP/1.1
Host: b.clarity.ms
Connection: keep-alive
Content-Length: 1176
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/x-clarity-gzip
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: https://www.ldplayer.net
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Sun, 13 Oct 2024 10:09:56 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.ldplayer.net
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
GET

https://accounts.google.com/o/oauth2/iframe

chrome.exe

Remote address:

173.194.69.84:443

Request

GET /o/oauth2/iframe HTTP/2.0
host: accounts.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=tx64ELXi4609Y0lZoohPMQEGjjlXSDAoVZfuvB3iTDNvmlg4ruIixIjZPimLSS1QmA_MMxGvwDSYIiJqxsC9sfbTppAsiSSj-__Gs3Oga0nIEUH7IGmjZLGrLfLvaBS9okuFyFrj9RmikqsQA3sI324f_pb2lag3KVrCFBEiXEkmX7zImWrBPtvlKipjtG-9a2KH9HcbJ8TrjxqEyGui6c4fMZFJVTqmC5j7ocmYmHTU
GET

https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Fwww.ldplayer.net&client_id=890364888673-tfc1o8k7f93iq644s55ecn5fm56snrjq.apps.googleusercontent.com

chrome.exe

Remote address:

173.194.69.84:443

Request

GET /o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Fwww.ldplayer.net&client_id=890364888673-tfc1o8k7f93iq644s55ecn5fm56snrjq.apps.googleusercontent.com HTTP/2.0
host: accounts.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
x-requested-with: XmlHttpRequest
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://accounts.google.com/o/oauth2/iframe
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=tx64ELXi4609Y0lZoohPMQEGjjlXSDAoVZfuvB3iTDNvmlg4ruIixIjZPimLSS1QmA_MMxGvwDSYIiJqxsC9sfbTppAsiSSj-__Gs3Oga0nIEUH7IGmjZLGrLfLvaBS9okuFyFrj9RmikqsQA3sI324f_pb2lag3KVrCFBEiXEkmX7zImWrBPtvlKipjtG-9a2KH9HcbJ8TrjxqEyGui6c4fMZFJVTqmC5j7ocmYmHTU
POST

https://www.google.com/pagead/landing?gcs=G111&gcu=1&gcd=13n3n3n3n5l1&tag_exp=101671035~101686685&rnd=1058634305.1728814178&url=https%3A%2F%2Fwww.ldplayer.net%2F&dma_cps=syphamo&dma=1&npa=0&tcfd=15X4a&gdpr_consent=tcempty&gdpr=1&gtm=45He4a90n81T3PC7L8v811059450za200&auid=9255158.1728814180&apve=0

chrome.exe

Remote address:

142.250.200.4:443

Request

POST /pagead/landing?gcs=G111&gcu=1&gcd=13n3n3n3n5l1&tag_exp=101671035~101686685&rnd=1058634305.1728814178&url=https%3A%2F%2Fwww.ldplayer.net%2F&dma_cps=syphamo&dma=1&npa=0&tcfd=15X4a&gdpr_consent=tcempty&gdpr=1&gtm=45He4a90n81T3PC7L8v811059450za200&auid=9255158.1728814180&apve=0 HTTP/2.0
host: www.google.com
content-length: 0
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=tx64ELXi4609Y0lZoohPMQEGjjlXSDAoVZfuvB3iTDNvmlg4ruIixIjZPimLSS1QmA_MMxGvwDSYIiJqxsC9sfbTppAsiSSj-__Gs3Oga0nIEUH7IGmjZLGrLfLvaBS9okuFyFrj9RmikqsQA3sI324f_pb2lag3KVrCFBEiXEkmX7zImWrBPtvlKipjtG-9a2KH9HcbJ8TrjxqEyGui6c4fMZFJVTqmC5j7ocmYmHTU
GET

https://www.google.com/pagead/1p-conversion/691667572/?random=225797198&cv=11&fst=1728814188267&bg=ffffff&guid=ON&async=1&gtm=45be4a90v877717752z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=aQ7aCOrdo7UBEPSE6MkC&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCMPJsQIoAQ&pscrd=IhMIrpT83I6LiQMV5kYdCR0q9goUMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYnB4ckNueVVwdHN2NHZObFo0WDVrbHNIRldqa3lscE5CWDJfQW9GZDJhdFVOZnkxVDZYOHpU&is_vtc=1&cid=CAQSKQDpaXnfvpYm_MMgcuDIQfKXaNgtU5BwF5MF-V8g4EbO8uLs_6c07k0R&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEBA3ilSyNAN9q67JZj6oT7_5-c6ztJxleE&random=3832946140

chrome.exe

Remote address:

142.250.200.4:443

Request

GET /pagead/1p-conversion/691667572/?random=225797198&cv=11&fst=1728814188267&bg=ffffff&guid=ON&async=1&gtm=45be4a90v877717752z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=aQ7aCOrdo7UBEPSE6MkC&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCMPJsQIoAQ&pscrd=IhMIrpT83I6LiQMV5kYdCR0q9goUMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYnB4ckNueVVwdHN2NHZObFo0WDVrbHNIRldqa3lscE5CWDJfQW9GZDJhdFVOZnkxVDZYOHpU&is_vtc=1&cid=CAQSKQDpaXnfvpYm_MMgcuDIQfKXaNgtU5BwF5MF-V8g4EbO8uLs_6c07k0R&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEBA3ilSyNAN9q67JZj6oT7_5-c6ztJxleE&random=3832946140 HTTP/2.0
host: www.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=tx64ELXi4609Y0lZoohPMQEGjjlXSDAoVZfuvB3iTDNvmlg4ruIixIjZPimLSS1QmA_MMxGvwDSYIiJqxsC9sfbTppAsiSSj-__Gs3Oga0nIEUH7IGmjZLGrLfLvaBS9okuFyFrj9RmikqsQA3sI324f_pb2lag3KVrCFBEiXEkmX7zImWrBPtvlKipjtG-9a2KH9HcbJ8TrjxqEyGui6c4fMZFJVTqmC5j7ocmYmHTU
GET

https://www.google.com/pagead/1p-conversion/11081818434/?random=1236900797&cv=11&fst=1728814188299&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9101879777z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=828MCJfU_4kYEMLCnKQp&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCMPJsQIoAQ&pscrd=IhMIw5f-3I6LiQMV9UgdCR1G-SYTMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYXlxdlJhUG9MZWRCY3dyNFhjSkh0bWpLLUthNkJwVFZRcmpEU05EbFZRektBS3V0eEZrS093&is_vtc=1&cid=CAQSKQDpaXnfdj9fkHYS5qTWsF5Q323vaJaYAUuxyQuKL6JPWVJUazW7XXsW&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEBvBoJYg1N1Sgb0Ua0-eGz4vZM_ymi-c5A&random=1164820918

chrome.exe

Remote address:

142.250.200.4:443

Request

GET /pagead/1p-conversion/11081818434/?random=1236900797&cv=11&fst=1728814188299&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9101879777z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=828MCJfU_4kYEMLCnKQp&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCMPJsQIoAQ&pscrd=IhMIw5f-3I6LiQMV9UgdCR1G-SYTMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYXlxdlJhUG9MZWRCY3dyNFhjSkh0bWpLLUthNkJwVFZRcmpEU05EbFZRektBS3V0eEZrS093&is_vtc=1&cid=CAQSKQDpaXnfdj9fkHYS5qTWsF5Q323vaJaYAUuxyQuKL6JPWVJUazW7XXsW&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEBvBoJYg1N1Sgb0Ua0-eGz4vZM_ymi-c5A&random=1164820918 HTTP/2.0
host: www.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=tx64ELXi4609Y0lZoohPMQEGjjlXSDAoVZfuvB3iTDNvmlg4ruIixIjZPimLSS1QmA_MMxGvwDSYIiJqxsC9sfbTppAsiSSj-__Gs3Oga0nIEUH7IGmjZLGrLfLvaBS9okuFyFrj9RmikqsQA3sI324f_pb2lag3KVrCFBEiXEkmX7zImWrBPtvlKipjtG-9a2KH9HcbJ8TrjxqEyGui6c4fMZFJVTqmC5j7ocmYmHTU
GET

https://www.google.com/pagead/1p-conversion/11055607299/?random=83265790&cv=11&fst=1728814188338&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9101366724z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=iH1YCPXq_IkYEIPc3Jcp&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&pscrd=IhMI_6qA3Y6LiQMVCV4dCR3ZyTyAMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYUtaNElYXzZIdzdzREZfXzMtcndQZjFkenZmNUJHUzNYMmRwSE9PdnNwaEZWMjh1Y1phcXhD&is_vtc=1&cid=CAQSKQDpaXnfpzUcsY38xaqbM_HHcU1WOT9mxbSt2tUahDPWuZomScqqmZL4&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEDoQ-TFwY0HpJ3YPRAZMo3rtR5B6lsj0-g&random=1784264614

chrome.exe

Remote address:

142.250.200.4:443

Request

GET /pagead/1p-conversion/11055607299/?random=83265790&cv=11&fst=1728814188338&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9101366724z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=iH1YCPXq_IkYEIPc3Jcp&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&pscrd=IhMI_6qA3Y6LiQMVCV4dCR3ZyTyAMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYUtaNElYXzZIdzdzREZfXzMtcndQZjFkenZmNUJHUzNYMmRwSE9PdnNwaEZWMjh1Y1phcXhD&is_vtc=1&cid=CAQSKQDpaXnfpzUcsY38xaqbM_HHcU1WOT9mxbSt2tUahDPWuZomScqqmZL4&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEDoQ-TFwY0HpJ3YPRAZMo3rtR5B6lsj0-g&random=1784264614 HTTP/2.0
host: www.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=tx64ELXi4609Y0lZoohPMQEGjjlXSDAoVZfuvB3iTDNvmlg4ruIixIjZPimLSS1QmA_MMxGvwDSYIiJqxsC9sfbTppAsiSSj-__Gs3Oga0nIEUH7IGmjZLGrLfLvaBS9okuFyFrj9RmikqsQA3sI324f_pb2lag3KVrCFBEiXEkmX7zImWrBPtvlKipjtG-9a2KH9HcbJ8TrjxqEyGui6c4fMZFJVTqmC5j7ocmYmHTU
GET

https://www.google.com/pagead/1p-conversion/11033320454/?random=1990341734&cv=11&fst=1728814188370&bg=ffffff&guid=ON&async=1&gtm=45be4a90v897883683z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=R1qjCJGAzoMYEIa4jI0p&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&pscrd=IhMIntKB3Y6LiQMVmkcdCR1WIz1cMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zWTQ5MVpoVjdCVWtackc0Y0x3a0E2VURCNkhtM05qVG44X291cHRfelJTZnUxRGJRLUpCdWhP&is_vtc=1&cid=CAQSKQDpaXnfCSHrhN1AMV9YDJKmxUoHqCKuuLamLa1WwUqd6-PLP22KO2IF&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEAeu4CoqAB776HI5nHCRF2SdmxdSN6QUPo&random=2606352208

chrome.exe

Remote address:

142.250.200.4:443

Request

GET /pagead/1p-conversion/11033320454/?random=1990341734&cv=11&fst=1728814188370&bg=ffffff&guid=ON&async=1&gtm=45be4a90v897883683z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=R1qjCJGAzoMYEIa4jI0p&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&pscrd=IhMIntKB3Y6LiQMVmkcdCR1WIz1cMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zWTQ5MVpoVjdCVWtackc0Y0x3a0E2VURCNkhtM05qVG44X291cHRfelJTZnUxRGJRLUpCdWhP&is_vtc=1&cid=CAQSKQDpaXnfCSHrhN1AMV9YDJKmxUoHqCKuuLamLa1WwUqd6-PLP22KO2IF&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEAeu4CoqAB776HI5nHCRF2SdmxdSN6QUPo&random=2606352208 HTTP/2.0
host: www.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=tx64ELXi4609Y0lZoohPMQEGjjlXSDAoVZfuvB3iTDNvmlg4ruIixIjZPimLSS1QmA_MMxGvwDSYIiJqxsC9sfbTppAsiSSj-__Gs3Oga0nIEUH7IGmjZLGrLfLvaBS9okuFyFrj9RmikqsQA3sI324f_pb2lag3KVrCFBEiXEkmX7zImWrBPtvlKipjtG-9a2KH9HcbJ8TrjxqEyGui6c4fMZFJVTqmC5j7ocmYmHTU
GET

https://www.google.com/pagead/1p-conversion/11033320454/?random=378433955&cv=11&fst=1728814188370&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v897883683z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=R1qjCJGAzoMYEIa4jI0p&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&pscrd=IhMI1-SB3Y6LiQMVrF4dCR3AxwhkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYk1jbDV1Y1V3QXZJajhTWUd3b3FIeVY3b2hHTUl2UlZqZFFxTGxxdG1mazRBR1paM3VubW1E&is_vtc=1&cid=CAQSKQDpaXnfWCs79jTg3YfA2JmjtUcv8WHo6hZrda0vo-R_5yC7uYicJs8C&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfECq7NKZ65uHFTDRsYx-2aztzrj3NIvXiR8&random=4107108362

chrome.exe

Remote address:

142.250.200.4:443

Request

GET /pagead/1p-conversion/11033320454/?random=378433955&cv=11&fst=1728814188370&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v897883683z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=R1qjCJGAzoMYEIa4jI0p&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&pscrd=IhMI1-SB3Y6LiQMVrF4dCR3AxwhkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYk1jbDV1Y1V3QXZJajhTWUd3b3FIeVY3b2hHTUl2UlZqZFFxTGxxdG1mazRBR1paM3VubW1E&is_vtc=1&cid=CAQSKQDpaXnfWCs79jTg3YfA2JmjtUcv8WHo6hZrda0vo-R_5yC7uYicJs8C&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfECq7NKZ65uHFTDRsYx-2aztzrj3NIvXiR8&random=4107108362 HTTP/2.0
host: www.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=tx64ELXi4609Y0lZoohPMQEGjjlXSDAoVZfuvB3iTDNvmlg4ruIixIjZPimLSS1QmA_MMxGvwDSYIiJqxsC9sfbTppAsiSSj-__Gs3Oga0nIEUH7IGmjZLGrLfLvaBS9okuFyFrj9RmikqsQA3sI324f_pb2lag3KVrCFBEiXEkmX7zImWrBPtvlKipjtG-9a2KH9HcbJ8TrjxqEyGui6c4fMZFJVTqmC5j7ocmYmHTU
GET

https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcu=1&gcd=13n3n3n3n5l1&tag_exp=101671035~101686685&rnd=1058634305.1728814178&url=https%3A%2F%2Fwww.ldplayer.net%2F&dma_cps=syphamo&dma=1&npa=0&tcfd=15X4a&gdpr_consent=tcempty&gdpr=1&gtm=45He4a90n81T3PC7L8v811059450za200&auid=9255158.1728814180&apve=0

chrome.exe

Remote address:

142.250.200.34:443

Request

GET /pagead/landing?gcs=G111&gcu=1&gcd=13n3n3n3n5l1&tag_exp=101671035~101686685&rnd=1058634305.1728814178&url=https%3A%2F%2Fwww.ldplayer.net%2F&dma_cps=syphamo&dma=1&npa=0&tcfd=15X4a&gdpr_consent=tcempty&gdpr=1&gtm=45He4a90n81T3PC7L8v811059450za200&auid=9255158.1728814180&apve=0 HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/691667572/?random=225797198&cv=11&fst=1728814188267&bg=ffffff&guid=ON&async=1&gtm=45be4a90v877717752z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=aQ7aCOrdo7UBEPSE6MkC&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCMPJsQIoAQ&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEAjDAaD9UsOmILOtlgEusksrynjCCNeT-A&pscrd=IhMIrpT83I6LiQMV5kYdCR0q9goUMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYnB4ckNueVVwdHN2NHZObFo0WDVrbHNIRldqa3lscE5CWDJfQW9GZDJhdFVOZnkxVDZYOHpU

chrome.exe

Remote address:

142.250.200.34:443

Request

GET /pagead/viewthroughconversion/691667572/?random=225797198&cv=11&fst=1728814188267&bg=ffffff&guid=ON&async=1&gtm=45be4a90v877717752z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=aQ7aCOrdo7UBEPSE6MkC&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCMPJsQIoAQ&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEAjDAaD9UsOmILOtlgEusksrynjCCNeT-A&pscrd=IhMIrpT83I6LiQMV5kYdCR0q9goUMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYnB4ckNueVVwdHN2NHZObFo0WDVrbHNIRldqa3lscE5CWDJfQW9GZDJhdFVOZnkxVDZYOHpU HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: IDE=AHWqTUnDjAT7T3cMal_nK9UVvLpT7zftxCyEh0A5qOEplyEsVaG2ni3krcQNs-kP-3E
cookie: DSID=NO_DATA
GET

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11081818434/?random=1236900797&cv=11&fst=1728814188299&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9101879777z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=828MCJfU_4kYEMLCnKQp&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCMPJsQIoAQ&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfECLgZJL_F0y0eqPLX46t1Ahowd5zM-yBo4&pscrd=IhMIw5f-3I6LiQMV9UgdCR1G-SYTMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYXlxdlJhUG9MZWRCY3dyNFhjSkh0bWpLLUthNkJwVFZRcmpEU05EbFZRektBS3V0eEZrS093

chrome.exe

Remote address:

142.250.200.34:443

Request

GET /pagead/viewthroughconversion/11081818434/?random=1236900797&cv=11&fst=1728814188299&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9101879777z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=828MCJfU_4kYEMLCnKQp&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCMPJsQIoAQ&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfECLgZJL_F0y0eqPLX46t1Ahowd5zM-yBo4&pscrd=IhMIw5f-3I6LiQMV9UgdCR1G-SYTMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYXlxdlJhUG9MZWRCY3dyNFhjSkh0bWpLLUthNkJwVFZRcmpEU05EbFZRektBS3V0eEZrS093 HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: IDE=AHWqTUnDjAT7T3cMal_nK9UVvLpT7zftxCyEh0A5qOEplyEsVaG2ni3krcQNs-kP-3E
cookie: DSID=NO_DATA
GET

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11055607299/?random=83265790&cv=11&fst=1728814188338&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9101366724z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=iH1YCPXq_IkYEIPc3Jcp&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEA5QfO32OCBCWkrOGlx_vH5S-CXFN1h2pM&pscrd=IhMI_6qA3Y6LiQMVCV4dCR3ZyTyAMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYUtaNElYXzZIdzdzREZfXzMtcndQZjFkenZmNUJHUzNYMmRwSE9PdnNwaEZWMjh1Y1phcXhD

chrome.exe

Remote address:

142.250.200.34:443

Request

GET /pagead/viewthroughconversion/11055607299/?random=83265790&cv=11&fst=1728814188338&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9101366724z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=iH1YCPXq_IkYEIPc3Jcp&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEA5QfO32OCBCWkrOGlx_vH5S-CXFN1h2pM&pscrd=IhMI_6qA3Y6LiQMVCV4dCR3ZyTyAMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYUtaNElYXzZIdzdzREZfXzMtcndQZjFkenZmNUJHUzNYMmRwSE9PdnNwaEZWMjh1Y1phcXhD HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: IDE=AHWqTUnDjAT7T3cMal_nK9UVvLpT7zftxCyEh0A5qOEplyEsVaG2ni3krcQNs-kP-3E
cookie: DSID=NO_DATA
GET

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11033320454/?random=1990341734&cv=11&fst=1728814188370&bg=ffffff&guid=ON&async=1&gtm=45be4a90v897883683z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=R1qjCJGAzoMYEIa4jI0p&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEBInVue1VgS50UtZnC5ItWshXNxluR6FfE&pscrd=IhMIntKB3Y6LiQMVmkcdCR1WIz1cMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zWTQ5MVpoVjdCVWtackc0Y0x3a0E2VURCNkhtM05qVG44X291cHRfelJTZnUxRGJRLUpCdWhP

chrome.exe

Remote address:

142.250.200.34:443

Request

GET /pagead/viewthroughconversion/11033320454/?random=1990341734&cv=11&fst=1728814188370&bg=ffffff&guid=ON&async=1&gtm=45be4a90v897883683z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=R1qjCJGAzoMYEIa4jI0p&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEBInVue1VgS50UtZnC5ItWshXNxluR6FfE&pscrd=IhMIntKB3Y6LiQMVmkcdCR1WIz1cMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zWTQ5MVpoVjdCVWtackc0Y0x3a0E2VURCNkhtM05qVG44X291cHRfelJTZnUxRGJRLUpCdWhP HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: IDE=AHWqTUnDjAT7T3cMal_nK9UVvLpT7zftxCyEh0A5qOEplyEsVaG2ni3krcQNs-kP-3E
cookie: DSID=NO_DATA
GET

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11033320454/?random=378433955&cv=11&fst=1728814188370&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v897883683z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=R1qjCJGAzoMYEIa4jI0p&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEBlf0KnNInu3PF0Y_E4xSzOaJo6Vd_zIqI&pscrd=IhMI1-SB3Y6LiQMVrF4dCR3AxwhkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYk1jbDV1Y1V3QXZJajhTWUd3b3FIeVY3b2hHTUl2UlZqZFFxTGxxdG1mazRBR1paM3VubW1E

chrome.exe

Remote address:

142.250.200.34:443

Request

GET /pagead/viewthroughconversion/11033320454/?random=378433955&cv=11&fst=1728814188370&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v897883683z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=R1qjCJGAzoMYEIa4jI0p&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEBlf0KnNInu3PF0Y_E4xSzOaJo6Vd_zIqI&pscrd=IhMI1-SB3Y6LiQMVrF4dCR3AxwhkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYk1jbDV1Y1V3QXZJajhTWUd3b3FIeVY3b2hHTUl2UlZqZFFxTGxxdG1mazRBR1paM3VubW1E HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: IDE=AHWqTUnDjAT7T3cMal_nK9UVvLpT7zftxCyEh0A5qOEplyEsVaG2ni3krcQNs-kP-3E
cookie: DSID=NO_DATA
GET

https://res.ldrescdn.com/update/ows_config/seo_table_en

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /update/ows_config/seo_table_en HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept: application/json, text/plain, */*
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: text/plain
content-length: 6096
date: Sun, 13 Oct 2024 10:09:42 GMT
x-oss-request-id: 670B9C66E702E232354F2E46
vary: Origin
access-control-allow-origin: *
access-control-allow-methods: GET,POST,PUT
access-control-expose-headers: Etag, x-oss-request-id
access-control-max-age: 0
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "7E585F0CBEA3EA11AB60218CA04BC6A6"
last-modified: Sun, 13 Oct 2024 10:03:00 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 15355173922337775707
x-oss-storage-class: Standard
content-encoding: utf-8
x-oss-server-side-encryption: AES256
content-disposition: filename/filesize=seo_table_en/6096Byte.
cache-control: no-cache
content-md5: flhfDL6j6hGrYCGMoEvGpg==
x-oss-server-time: 2
via: ens-cache3.l2de3[192,330,200-0,C], ens-cache12.l2de3[333,0], ens-cache10.gb4[350,349,200-0,M], ens-cache9.gb4[351,0]
ali-swift-global-savetime: 1728814182
x-cache: MISS TCP_MISS dirn:-2:-2
x-swift-savetime: Sun, 13 Oct 2024 10:09:42 GMT
x-swift-cachetime: 0
timing-allow-origin: *
eagleid: a3b59a9d17288141821895296e
GET

https://cdn.ldplayer.net/ldx/games/easyfun.json

chrome.exe

Remote address:

79.133.176.186:443

Request

GET /ldx/games/easyfun.json HTTP/2.0
host: cdn.ldplayer.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept: application/json, text/plain, */*
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
origin: https://www.ldplayer.net
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: text/plain
content-length: 85583
date: Sun, 13 Oct 2024 10:09:42 GMT
x-oss-request-id: 670B9C669BED14333901056B
vary: Origin
access-control-allow-origin: *
access-control-allow-methods: GET,POST,PUT
access-control-expose-headers: Etag, x-oss-request-id
access-control-max-age: 0
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "99456F8213C6836765561F34CA7F604C"
last-modified: Sun, 13 Oct 2024 10:00:04 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 8639758998919869056
x-oss-storage-class: Standard
content-encoding: utf-8
x-oss-server-side-encryption: AES256
content-disposition: filename/filesize=easyfun.json/85583Byte.
cache-control: no-cache
content-md5: mUVvghPGg2dlVh80yn9gTA==
x-oss-server-time: 3
via: ens-cache18.l2de3[197,328,200-0,C], ens-cache6.l2de3[336,0], ens-cache10.gb6[352,352,200-0,M], ens-cache8.gb6[354,0]
ali-swift-global-savetime: 1728814182
x-cache: MISS TCP_MISS dirn:-2:-2
x-swift-savetime: Sun, 13 Oct 2024 10:09:42 GMT
x-swift-cachetime: 0
timing-allow-origin: *
eagleid: 4f85b09c17288141826401609e
GET

https://stpd.cloud/assets/stpdwrapper.js

chrome.exe

Remote address:

104.18.31.49:443

Request

GET /assets/stpdwrapper.js HTTP/2.0
host: stpd.cloud
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://www.ldplayer.net
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:43 GMT
content-type: application/javascript
cache-control: public, max-age=1200
etag: W/"4138a5b1014ef329ccf608f46f48b303"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sjEHYvmYxlBknuMala7xXK4FUUfj3F0tuRiFHWdhmo%2FFKi1G9CHodrD%2Bb7uF5atH4RHq%2FKtj6dp9O0pXlkrweDrgG1NyfkOPlmNlLKMLy6iqUPeEOam9dwYtzg87"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: MISS
expires: Sun, 13 Oct 2024 10:29:43 GMT
access-control-allow-origin: *
server: cloudflare
cf-ray: 8d1e8924bf7871bd-LHR
GET

https://stpd.cloud/tag/6584

chrome.exe

Remote address:

104.18.31.49:443

Request

GET /tag/6584 HTTP/2.0
host: stpd.cloud
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:43 GMT
content-type: text/javascript
cache-control: s-maxage=300
x-stpd-module-cache: HIT
vary: Accept-Encoding
access-control-allow-origin: *
server: cloudflare
cf-ray: 8d1e8925c86671bd-LHR
content-encoding: br
GET

https://stpd.cloud/tag/6584

chrome.exe

Remote address:

104.18.31.49:443

Request

GET /tag/6584 HTTP/2.0
host: stpd.cloud
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:49 GMT
content-type: text/javascript
cf-ray: 8d1e894a9b0671bd-LHR
cf-cache-status: HIT
age: 6
cache-control: public, max-age=1200
expires: Sun, 13 Oct 2024 10:29:49 GMT
last-modified: Sun, 13 Oct 2024 10:09:43 GMT
vary: Accept-Encoding
access-control-allow-origin: *
server: cloudflare
content-encoding: br
OPTIONS

https://invite.ldplayer.net/alliance/track/mnqLinkTrack

chrome.exe

Remote address:

47.245.114.192:443

Request

OPTIONS /alliance/track/mnqLinkTrack HTTP/2.0
host: invite.ldplayer.net
accept: */*
access-control-request-method: POST
origin: https://www.ldplayer.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: same-site
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:43 GMT
content-length: 0
vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://www.ldplayer.net
access-control-allow-methods: POST
access-control-allow-credentials: true
access-control-max-age: 18000
POST

https://invite.ldplayer.net/alliance/track/mnqLinkTrack

chrome.exe

Remote address:

47.245.114.192:443

Request

POST /alliance/track/mnqLinkTrack HTTP/2.0
host: invite.ldplayer.net
content-length: 15
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept: application/json, text/plain, */*
content-type: application/x-www-form-urlencoded
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
origin: https://www.ldplayer.net
sec-fetch-site: same-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:43 GMT
content-type: application/json
vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://www.ldplayer.net
access-control-allow-credentials: true
x-ratelimit-remaining: 499
x-ratelimit-requested-tokens: 1
x-ratelimit-burst-capacity: 500
x-ratelimit-replenish-rate: 500
vary: accept-encoding
content-encoding: gzip
GET

https://play-lh.googleusercontent.com/brT5MQPuD8M0q_nFie_NPnwJG1_srZZy8D_U0YjgiTv8eCB8cqwn2a9rdYX4L1MQSCU=s132-rw

chrome.exe

Remote address:

142.250.179.246:443

Request

GET /brT5MQPuD8M0q_nFie_NPnwJG1_srZZy8D_U0YjgiTv8eCB8cqwn2a9rdYX4L1MQSCU=s132-rw HTTP/2.0
host: play-lh.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://play-lh.googleusercontent.com/JhLcEIwCyjwPVMlhF8oxZsx0RlJcuGHZ2SRYWkXVd1Ip1fAlpe2zb5fBEDVMlKtJ8AXQ=w540-h302-rw

chrome.exe

Remote address:

142.250.179.246:443

Request

GET /JhLcEIwCyjwPVMlhF8oxZsx0RlJcuGHZ2SRYWkXVd1Ip1fAlpe2zb5fBEDVMlKtJ8AXQ=w540-h302-rw HTTP/2.0
host: play-lh.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://play-lh.googleusercontent.com/VXyKfYXZNiGrii5PUjJJgc3iCUPF9yOS0BCx_fzOk6Apnnwypx43tgbKOM7JXFFL7p0_=s68-rw

chrome.exe

Remote address:

142.250.179.246:443

Request

GET /VXyKfYXZNiGrii5PUjJJgc3iCUPF9yOS0BCx_fzOk6Apnnwypx43tgbKOM7JXFFL7p0_=s68-rw HTTP/2.0
host: play-lh.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://play-lh.googleusercontent.com/trnkyCe9zW5LhfuhoT0KZpPBL2RpMQk-rhrRiNIdOOKdIak9_OL6hbzsrkrc-j1nWQ=w540-h302-rw

chrome.exe

Remote address:

142.250.179.246:443

Request

GET /trnkyCe9zW5LhfuhoT0KZpPBL2RpMQk-rhrRiNIdOOKdIak9_OL6hbzsrkrc-j1nWQ=w540-h302-rw HTTP/2.0
host: play-lh.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://play-lh.googleusercontent.com/oKLS2ChoZjoHklnvJPLFS89yNqY-wkDMuVCDSGuHhFxVfE8XMArV6Zcd1VIvt885HQ=w540-h302-rw

chrome.exe

Remote address:

142.250.179.246:443

Request

GET /oKLS2ChoZjoHklnvJPLFS89yNqY-wkDMuVCDSGuHhFxVfE8XMArV6Zcd1VIvt885HQ=w540-h302-rw HTTP/2.0
host: play-lh.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://play-lh.googleusercontent.com/ttutJKqPG91wV8KMysrnTVx7WAXWG6v2D7Ha0eYqaw8bGXnCw-FsRtMeIidVyv3CaY4=w540-h302-rw

chrome.exe

Remote address:

142.250.179.246:443

Request

GET /ttutJKqPG91wV8KMysrnTVx7WAXWG6v2D7Ha0eYqaw8bGXnCw-FsRtMeIidVyv3CaY4=w540-h302-rw HTTP/2.0
host: play-lh.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://play-lh.googleusercontent.com/je9TJ0GI8JxpTAdLjoz3NFLg0nmNpAfqnkFU2Rvpu6UBbugvdw3xZyuBkqPi9JItN_I=s68-rw

chrome.exe

Remote address:

142.250.179.246:443

Request

GET /je9TJ0GI8JxpTAdLjoz3NFLg0nmNpAfqnkFU2Rvpu6UBbugvdw3xZyuBkqPi9JItN_I=s68-rw HTTP/2.0
host: play-lh.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://play-lh.googleusercontent.com/cJzInqdl3P0kFi1AOKislC53I8xrAv0rjfxdaMv2Ag4HBCqhup-xKbw78HOu3uri0Dc=s68-rw

chrome.exe

Remote address:

142.250.179.246:443

Request

GET /cJzInqdl3P0kFi1AOKislC53I8xrAv0rjfxdaMv2Ag4HBCqhup-xKbw78HOu3uri0Dc=s68-rw HTTP/2.0
host: play-lh.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://play-lh.googleusercontent.com/npHAHmtZRgiMVEVg5pcncTIyqMW5MX--niR0L9PSzc5l8nuXS4GbU4w0yumQTururnc=s68-rw

chrome.exe

Remote address:

142.250.179.246:443

Request

GET /npHAHmtZRgiMVEVg5pcncTIyqMW5MX--niR0L9PSzc5l8nuXS4GbU4w0yumQTururnc=s68-rw HTTP/2.0
host: play-lh.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://play-lh.googleusercontent.com/pYYxnOxFF7rlECHYZ3uPtIgj2193SZjSr_NsNvml0SyK8yMcy_XNhhr9czHgcItFSA=s68-rw

chrome.exe

Remote address:

142.250.179.246:443

Request

GET /pYYxnOxFF7rlECHYZ3uPtIgj2193SZjSr_NsNvml0SyK8yMcy_XNhhr9czHgcItFSA=s68-rw HTTP/2.0
host: play-lh.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://play-lh.googleusercontent.com/gb6Pt-CGnRPqyLhoeU-m7TupH7QfxPEteYVKqYs2qa0LKQJ9GHlQE5Il2o1y7WdVqnw=s68-rw

chrome.exe

Remote address:

142.250.179.246:443

Request

GET /gb6Pt-CGnRPqyLhoeU-m7TupH7QfxPEteYVKqYs2qa0LKQJ9GHlQE5Il2o1y7WdVqnw=s68-rw HTTP/2.0
host: play-lh.googleusercontent.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://api.ldshop.gg/api/en/game/commodity?packageName=com.qookkagames.szgd.gp.tfy

chrome.exe

Remote address:

8.222.160.10:443

Request

GET /api/en/game/commodity?packageName=com.qookkagames.szgd.gp.tfy HTTP/2.0
host: api.ldshop.gg
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept: application/json, text/plain, */*
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:43 GMT
content-type: application/json
vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://www.ldplayer.net
access-control-allow-credentials: true
x-ratelimit-remaining: 159
x-ratelimit-requested-tokens: 1
x-ratelimit-burst-capacity: 160
x-ratelimit-replenish-rate: 10
vary: accept-encoding
content-encoding: gzip
GET

https://securepubads.g.doubleclick.net/tag/js/gpt.js

chrome.exe

Remote address:

216.58.204.66:443

Request

GET /tag/js/gpt.js HTTP/2.0
host: securepubads.g.doubleclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410080101/pubads_impl.js

chrome.exe

Remote address:

216.58.204.66:443

Request

GET /pagead/managed/js/gpt/m202410080101/pubads_impl.js HTTP/2.0
host: securepubads.g.doubleclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.googletagservices.com/tag/js/gpt.js

chrome.exe

Remote address:

142.250.200.2:443

Request

GET /tag/js/gpt.js HTTP/2.0
host: www.googletagservices.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://googleads.g.doubleclick.net/pagead/html/r20241009/r20190131/zrt_lookup_fy2021.html

chrome.exe

Remote address:

142.250.200.34:443

Request

GET /pagead/html/r20241009/r20190131/zrt_lookup_fy2021.html HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: iframe
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&addtl_consent=1~39.43.46.55.61.70.83.89.93.108.117.122.124.131.135.136.143.144.147.149.159.162.167.171.192.196.202.211.218.228.230.239.241.259.266.272.286.291.311.317.322.323.326.327.338.367.371.385.389.394.397.407.413.415.424.430.436.440.445.449.453.482.486.491.494.495.501.503.505.522.523.540.550.559.560.568.574.576.584.587.591.733.737.745.780.787.802.803.817.820.821.829.839.864.867.874.899.904.922.931.938.979.981.985.1003.1024.1027.1031.1033.1034.1040.1046.1051.1053.1067.1085.1092.1095.1097.1099.1107.1127.1135.1143.1149.1152.1162.1166.1186.1188.1201.1205.1211.1215.1226.1227.1230.1252.1268.1270.1276.1284.1286.1290.1301.1307.1312.1345.1356.1364.1365.1375.1403.1415.1416.1419.1440.1442.1449.1455.1456.1465.1495.1512.1516.1525.1540.1548.1555.1558.1564.1570.1577.1579.1583.1584.1591.1603.1616.1638.1651.1653.1665.1667.1677.1678.1682.1697.1699.1703.1712.1716.1721.1725.1732.1745.1750.1765.1769.1782.1786.1800.1808.1810.1825.1827.1832.1837.1838.1840.1842.1843.1845.1859.1866.1870.1878.1880.1889.1899.1917.1929.1942.1944.1962.1963.1964.1967.1968.1969.1978.2003.2007.2008.2027.2035.2039.2044.2046.2047.2052.2056.2064.2068.2070.2072.2074.2088.2090.2103.2107.2109.2115.2124.2130.2133.2137.2140.2145.2147.2150.2156.2166.2177.2183.2186.2202.2205.2216.2219.2220.2222.2225.2234.2253.2264.2279.2282.2292.2299.2305.2309.2312.2316.2322.2325.2328.2331.2334.2335.2336.2337.2343.2354.2357.2358.2359.2366.2370.2376.2377.2387.2392.2394.2400.2403.2405.2407.2411.2414.2416.2418.2425.2427.2440.2447.2459.2461.2462.2465.2468.2472.2477.2481.2484.2486.2488.2492.2493.2496.2497.2498.2499.2501.2510.2511.2517.2526.2527.2532.2534.2535.2542.2544.2552.2563.2564.2567.2568.2569.2571.2572.2575.2577.2583.2584.2595.2596.2601.2604.2605.2608.2609.2610.2612.2614.2621.2628.2629.2633.2634.2636.2642.2643.2645.2646.2647.2650.2651.2652.2656.2657.2658.2660.2661.2669.2670.2677.2681.2684.2686.2687.2690.2695.2698.2707.2713.2714.2729.2739.2767.2768.2770.2772.2784.2787.2791.2792.2798.2801.2805.2812.2813.2816.2817.2818.2821.2822.2827.2830.2831.2834.2836.2838.2839.2840.2844.2846.2847.2849.2850.2851.2852.2854.2856.2860.2862.2863.2865.2867.2869.2873.2874.2875.2876.2878.2880.2881.2882.2883.2884.2886.2887.2888.2889.2891.2893.2894.2895.2897.2898.2900.2901.2908.2909.2911.2912.2913.2914.2916.2917.2918.2919.2920.2922.2923.2924.2927.2929.2930.2931.2939.2940.2941.2942.2947.2949.2950.2956.2961.2962.2963.2964.2965.2966.2968.2970.2973.2974.2975.2979.2980.2981.2983.2985.2986.2987.2991.2993.2994.2995.2997.2999.3000.3002.3003.3005.3008.3009.3010.3012.3016.3017.3018.3019.3024.3025.3028.3034.3037.3038.3043.3045.3048.3052.3053.3055.3058.3059.3063.3065.3066.3068.3070.3072.3073.3074.3075.3076.3077.3078.3089.3090.3093.3094.3095.3097.3099.3100.3104.3106.3109.3112.3116.3117.3118.3119.3120.3124.3126.3127.3128.3130.3135.3136.3145.3149.3150.3151.3154.3155.3162.3163.3167.3172.3173.3180.3182.3183.3184.3185.3187.3188.3189.3190.3194.3196.3197.3209.3210.3211.3214.3215.3217.3219.3222.3223.3225.3226.3227.3228.3230.3231.3232.3234.3235.3236.3237.3238.3240.3241.3244.3245.3250.3251.3253.3257.3260.3268.3270.3272.3281.3288.3290.3292.3293.3295.3296.3300&gpp_sid=-1&client=ca-pub-3593861583707338&output=html&h=280&slotname=9194752524&adk=2433831367&adf=1788463760&pi=t.ma~as.9194752524&w=880&abgtt=3&fwrn=4&fwrnh=100&lmt=1728814182&rafmt=1&format=880x280&url=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTQuMC4wIiwieDg2IiwiIiwiMTIzLjAuNjMxMi4xMjMiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjEyMy4wLjYzMTIuMTIzIl0sWyJOb3Q6QS1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTIzLjAuNjMxMi4xMjMiXV0sMF0.&dt=1728814182631&bpp=5&bdt=5690&idt=226&shv=r20241009&mjsv=m202410080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=987701147709&frm=20&pv=2&u_tz=0&u_his=5&u_h=720&u_w=1280&u_ah=672&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=32&ady=408&biw=1263&bih=585&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31087941%2C31087986%2C44798934%2C95342016%2C95343454%2C95344190%2C95344778&oid=2&pvsid=151742996000315&tmod=156679102&uas=3&nvt=1&ref=https%3A%2F%2Fwww.google.com%2F&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C672%2C1280%2C585&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=260

chrome.exe

Remote address:

142.250.200.34:443

Request

GET /pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&addtl_consent=1~39.43.46.55.61.70.83.89.93.108.117.122.124.131.135.136.143.144.147.149.159.162.167.171.192.196.202.211.218.228.230.239.241.259.266.272.286.291.311.317.322.323.326.327.338.367.371.385.389.394.397.407.413.415.424.430.436.440.445.449.453.482.486.491.494.495.501.503.505.522.523.540.550.559.560.568.574.576.584.587.591.733.737.745.780.787.802.803.817.820.821.829.839.864.867.874.899.904.922.931.938.979.981.985.1003.1024.1027.1031.1033.1034.1040.1046.1051.1053.1067.1085.1092.1095.1097.1099.1107.1127.1135.1143.1149.1152.1162.1166.1186.1188.1201.1205.1211.1215.1226.1227.1230.1252.1268.1270.1276.1284.1286.1290.1301.1307.1312.1345.1356.1364.1365.1375.1403.1415.1416.1419.1440.1442.1449.1455.1456.1465.1495.1512.1516.1525.1540.1548.1555.1558.1564.1570.1577.1579.1583.1584.1591.1603.1616.1638.1651.1653.1665.1667.1677.1678.1682.1697.1699.1703.1712.1716.1721.1725.1732.1745.1750.1765.1769.1782.1786.1800.1808.1810.1825.1827.1832.1837.1838.1840.1842.1843.1845.1859.1866.1870.1878.1880.1889.1899.1917.1929.1942.1944.1962.1963.1964.1967.1968.1969.1978.2003.2007.2008.2027.2035.2039.2044.2046.2047.2052.2056.2064.2068.2070.2072.2074.2088.2090.2103.2107.2109.2115.2124.2130.2133.2137.2140.2145.2147.2150.2156.2166.2177.2183.2186.2202.2205.2216.2219.2220.2222.2225.2234.2253.2264.2279.2282.2292.2299.2305.2309.2312.2316.2322.2325.2328.2331.2334.2335.2336.2337.2343.2354.2357.2358.2359.2366.2370.2376.2377.2387.2392.2394.2400.2403.2405.2407.2411.2414.2416.2418.2425.2427.2440.2447.2459.2461.2462.2465.2468.2472.2477.2481.2484.2486.2488.2492.2493.2496.2497.2498.2499.2501.2510.2511.2517.2526.2527.2532.2534.2535.2542.2544.2552.2563.2564.2567.2568.2569.2571.2572.2575.2577.2583.2584.2595.2596.2601.2604.2605.2608.2609.2610.2612.2614.2621.2628.2629.2633.2634.2636.2642.2643.2645.2646.2647.2650.2651.2652.2656.2657.2658.2660.2661.2669.2670.2677.2681.2684.2686.2687.2690.2695.2698.2707.2713.2714.2729.2739.2767.2768.2770.2772.2784.2787.2791.2792.2798.2801.2805.2812.2813.2816.2817.2818.2821.2822.2827.2830.2831.2834.2836.2838.2839.2840.2844.2846.2847.2849.2850.2851.2852.2854.2856.2860.2862.2863.2865.2867.2869.2873.2874.2875.2876.2878.2880.2881.2882.2883.2884.2886.2887.2888.2889.2891.2893.2894.2895.2897.2898.2900.2901.2908.2909.2911.2912.2913.2914.2916.2917.2918.2919.2920.2922.2923.2924.2927.2929.2930.2931.2939.2940.2941.2942.2947.2949.2950.2956.2961.2962.2963.2964.2965.2966.2968.2970.2973.2974.2975.2979.2980.2981.2983.2985.2986.2987.2991.2993.2994.2995.2997.2999.3000.3002.3003.3005.3008.3009.3010.3012.3016.3017.3018.3019.3024.3025.3028.3034.3037.3038.3043.3045.3048.3052.3053.3055.3058.3059.3063.3065.3066.3068.3070.3072.3073.3074.3075.3076.3077.3078.3089.3090.3093.3094.3095.3097.3099.3100.3104.3106.3109.3112.3116.3117.3118.3119.3120.3124.3126.3127.3128.3130.3135.3136.3145.3149.3150.3151.3154.3155.3162.3163.3167.3172.3173.3180.3182.3183.3184.3185.3187.3188.3189.3190.3194.3196.3197.3209.3210.3211.3214.3215.3217.3219.3222.3223.3225.3226.3227.3228.3230.3231.3232.3234.3235.3236.3237.3238.3240.3241.3244.3245.3250.3251.3253.3257.3260.3268.3270.3272.3281.3288.3290.3292.3293.3295.3296.3300&gpp_sid=-1&client=ca-pub-3593861583707338&output=html&h=280&slotname=9194752524&adk=2433831367&adf=1788463760&pi=t.ma~as.9194752524&w=880&abgtt=3&fwrn=4&fwrnh=100&lmt=1728814182&rafmt=1&format=880x280&url=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTQuMC4wIiwieDg2IiwiIiwiMTIzLjAuNjMxMi4xMjMiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjEyMy4wLjYzMTIuMTIzIl0sWyJOb3Q6QS1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTIzLjAuNjMxMi4xMjMiXV0sMF0.&dt=1728814182631&bpp=5&bdt=5690&idt=226&shv=r20241009&mjsv=m202410080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=987701147709&frm=20&pv=2&u_tz=0&u_his=5&u_h=720&u_w=1280&u_ah=672&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=32&ady=408&biw=1263&bih=585&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31087941%2C31087986%2C44798934%2C95342016%2C95343454%2C95344190%2C95344778&oid=2&pvsid=151742996000315&tmod=156679102&uas=3&nvt=1&ref=https%3A%2F%2Fwww.google.com%2F&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C672%2C1280%2C585&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=260 HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: iframe
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&addtl_consent=1~39.43.46.55.61.70.83.89.93.108.117.122.124.131.135.136.143.144.147.149.159.162.167.171.192.196.202.211.218.228.230.239.241.259.266.272.286.291.311.317.322.323.326.327.338.367.371.385.389.394.397.407.413.415.424.430.436.440.445.449.453.482.486.491.494.495.501.503.505.522.523.540.550.559.560.568.574.576.584.587.591.733.737.745.780.787.802.803.817.820.821.829.839.864.867.874.899.904.922.931.938.979.981.985.1003.1024.1027.1031.1033.1034.1040.1046.1051.1053.1067.1085.1092.1095.1097.1099.1107.1127.1135.1143.1149.1152.1162.1166.1186.1188.1201.1205.1211.1215.1226.1227.1230.1252.1268.1270.1276.1284.1286.1290.1301.1307.1312.1345.1356.1364.1365.1375.1403.1415.1416.1419.1440.1442.1449.1455.1456.1465.1495.1512.1516.1525.1540.1548.1555.1558.1564.1570.1577.1579.1583.1584.1591.1603.1616.1638.1651.1653.1665.1667.1677.1678.1682.1697.1699.1703.1712.1716.1721.1725.1732.1745.1750.1765.1769.1782.1786.1800.1808.1810.1825.1827.1832.1837.1838.1840.1842.1843.1845.1859.1866.1870.1878.1880.1889.1899.1917.1929.1942.1944.1962.1963.1964.1967.1968.1969.1978.2003.2007.2008.2027.2035.2039.2044.2046.2047.2052.2056.2064.2068.2070.2072.2074.2088.2090.2103.2107.2109.2115.2124.2130.2133.2137.2140.2145.2147.2150.2156.2166.2177.2183.2186.2202.2205.2216.2219.2220.2222.2225.2234.2253.2264.2279.2282.2292.2299.2305.2309.2312.2316.2322.2325.2328.2331.2334.2335.2336.2337.2343.2354.2357.2358.2359.2366.2370.2376.2377.2387.2392.2394.2400.2403.2405.2407.2411.2414.2416.2418.2425.2427.2440.2447.2459.2461.2462.2465.2468.2472.2477.2481.2484.2486.2488.2492.2493.2496.2497.2498.2499.2501.2510.2511.2517.2526.2527.2532.2534.2535.2542.2544.2552.2563.2564.2567.2568.2569.2571.2572.2575.2577.2583.2584.2595.2596.2601.2604.2605.2608.2609.2610.2612.2614.2621.2628.2629.2633.2634.2636.2642.2643.2645.2646.2647.2650.2651.2652.2656.2657.2658.2660.2661.2669.2670.2677.2681.2684.2686.2687.2690.2695.2698.2707.2713.2714.2729.2739.2767.2768.2770.2772.2784.2787.2791.2792.2798.2801.2805.2812.2813.2816.2817.2818.2821.2822.2827.2830.2831.2834.2836.2838.2839.2840.2844.2846.2847.2849.2850.2851.2852.2854.2856.2860.2862.2863.2865.2867.2869.2873.2874.2875.2876.2878.2880.2881.2882.2883.2884.2886.2887.2888.2889.2891.2893.2894.2895.2897.2898.2900.2901.2908.2909.2911.2912.2913.2914.2916.2917.2918.2919.2920.2922.2923.2924.2927.2929.2930.2931.2939.2940.2941.2942.2947.2949.2950.2956.2961.2962.2963.2964.2965.2966.2968.2970.2973.2974.2975.2979.2980.2981.2983.2985.2986.2987.2991.2993.2994.2995.2997.2999.3000.3002.3003.3005.3008.3009.3010.3012.3016.3017.3018.3019.3024.3025.3028.3034.3037.3038.3043.3045.3048.3052.3053.3055.3058.3059.3063.3065.3066.3068.3070.3072.3073.3074.3075.3076.3077.3078.3089.3090.3093.3094.3095.3097.3099.3100.3104.3106.3109.3112.3116.3117.3118.3119.3120.3124.3126.3127.3128.3130.3135.3136.3145.3149.3150.3151.3154.3155.3162.3163.3167.3172.3173.3180.3182.3183.3184.3185.3187.3188.3189.3190.3194.3196.3197.3209.3210.3211.3214.3215.3217.3219.3222.3223.3225.3226.3227.3228.3230.3231.3232.3234.3235.3236.3237.3238.3240.3241.3244.3245.3250.3251.3253.3257.3260.3268.3270.3272.3281.3288.3290.3292.3293.3295.3296.3300&gpp_sid=-1&client=ca-pub-3593861583707338&output=html&h=280&slotname=3942425844&adk=2330668906&adf=1460159009&pi=t.ma~as.3942425844&w=880&abgtt=3&fwrn=4&fwrnh=100&lmt=1728814182&rafmt=1&format=880x280&url=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTQuMC4wIiwieDg2IiwiIiwiMTIzLjAuNjMxMi4xMjMiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjEyMy4wLjYzMTIuMTIzIl0sWyJOb3Q6QS1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTIzLjAuNjMxMi4xMjMiXV0sMF0.&dt=1728814182636&bpp=1&bdt=5695&idt=261&shv=r20241009&mjsv=m202410080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=880x280&correlator=987701147709&frm=20&pv=1&u_tz=0&u_his=5&u_h=720&u_w=1280&u_ah=672&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=32&ady=1444&biw=1263&bih=585&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31087941%2C31087986%2C44798934%2C95342016%2C95343454%2C95344190%2C95344778&oid=2&pvsid=151742996000315&tmod=156679102&uas=3&nvt=1&ref=https%3A%2F%2Fwww.google.com%2F&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C672%2C1280%2C585&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=261

chrome.exe

Remote address:

142.250.200.34:443

Request

GET /pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&addtl_consent=1~39.43.46.55.61.70.83.89.93.108.117.122.124.131.135.136.143.144.147.149.159.162.167.171.192.196.202.211.218.228.230.239.241.259.266.272.286.291.311.317.322.323.326.327.338.367.371.385.389.394.397.407.413.415.424.430.436.440.445.449.453.482.486.491.494.495.501.503.505.522.523.540.550.559.560.568.574.576.584.587.591.733.737.745.780.787.802.803.817.820.821.829.839.864.867.874.899.904.922.931.938.979.981.985.1003.1024.1027.1031.1033.1034.1040.1046.1051.1053.1067.1085.1092.1095.1097.1099.1107.1127.1135.1143.1149.1152.1162.1166.1186.1188.1201.1205.1211.1215.1226.1227.1230.1252.1268.1270.1276.1284.1286.1290.1301.1307.1312.1345.1356.1364.1365.1375.1403.1415.1416.1419.1440.1442.1449.1455.1456.1465.1495.1512.1516.1525.1540.1548.1555.1558.1564.1570.1577.1579.1583.1584.1591.1603.1616.1638.1651.1653.1665.1667.1677.1678.1682.1697.1699.1703.1712.1716.1721.1725.1732.1745.1750.1765.1769.1782.1786.1800.1808.1810.1825.1827.1832.1837.1838.1840.1842.1843.1845.1859.1866.1870.1878.1880.1889.1899.1917.1929.1942.1944.1962.1963.1964.1967.1968.1969.1978.2003.2007.2008.2027.2035.2039.2044.2046.2047.2052.2056.2064.2068.2070.2072.2074.2088.2090.2103.2107.2109.2115.2124.2130.2133.2137.2140.2145.2147.2150.2156.2166.2177.2183.2186.2202.2205.2216.2219.2220.2222.2225.2234.2253.2264.2279.2282.2292.2299.2305.2309.2312.2316.2322.2325.2328.2331.2334.2335.2336.2337.2343.2354.2357.2358.2359.2366.2370.2376.2377.2387.2392.2394.2400.2403.2405.2407.2411.2414.2416.2418.2425.2427.2440.2447.2459.2461.2462.2465.2468.2472.2477.2481.2484.2486.2488.2492.2493.2496.2497.2498.2499.2501.2510.2511.2517.2526.2527.2532.2534.2535.2542.2544.2552.2563.2564.2567.2568.2569.2571.2572.2575.2577.2583.2584.2595.2596.2601.2604.2605.2608.2609.2610.2612.2614.2621.2628.2629.2633.2634.2636.2642.2643.2645.2646.2647.2650.2651.2652.2656.2657.2658.2660.2661.2669.2670.2677.2681.2684.2686.2687.2690.2695.2698.2707.2713.2714.2729.2739.2767.2768.2770.2772.2784.2787.2791.2792.2798.2801.2805.2812.2813.2816.2817.2818.2821.2822.2827.2830.2831.2834.2836.2838.2839.2840.2844.2846.2847.2849.2850.2851.2852.2854.2856.2860.2862.2863.2865.2867.2869.2873.2874.2875.2876.2878.2880.2881.2882.2883.2884.2886.2887.2888.2889.2891.2893.2894.2895.2897.2898.2900.2901.2908.2909.2911.2912.2913.2914.2916.2917.2918.2919.2920.2922.2923.2924.2927.2929.2930.2931.2939.2940.2941.2942.2947.2949.2950.2956.2961.2962.2963.2964.2965.2966.2968.2970.2973.2974.2975.2979.2980.2981.2983.2985.2986.2987.2991.2993.2994.2995.2997.2999.3000.3002.3003.3005.3008.3009.3010.3012.3016.3017.3018.3019.3024.3025.3028.3034.3037.3038.3043.3045.3048.3052.3053.3055.3058.3059.3063.3065.3066.3068.3070.3072.3073.3074.3075.3076.3077.3078.3089.3090.3093.3094.3095.3097.3099.3100.3104.3106.3109.3112.3116.3117.3118.3119.3120.3124.3126.3127.3128.3130.3135.3136.3145.3149.3150.3151.3154.3155.3162.3163.3167.3172.3173.3180.3182.3183.3184.3185.3187.3188.3189.3190.3194.3196.3197.3209.3210.3211.3214.3215.3217.3219.3222.3223.3225.3226.3227.3228.3230.3231.3232.3234.3235.3236.3237.3238.3240.3241.3244.3245.3250.3251.3253.3257.3260.3268.3270.3272.3281.3288.3290.3292.3293.3295.3296.3300&gpp_sid=-1&client=ca-pub-3593861583707338&output=html&h=280&slotname=3942425844&adk=2330668906&adf=1460159009&pi=t.ma~as.3942425844&w=880&abgtt=3&fwrn=4&fwrnh=100&lmt=1728814182&rafmt=1&format=880x280&url=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTQuMC4wIiwieDg2IiwiIiwiMTIzLjAuNjMxMi4xMjMiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjEyMy4wLjYzMTIuMTIzIl0sWyJOb3Q6QS1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTIzLjAuNjMxMi4xMjMiXV0sMF0.&dt=1728814182636&bpp=1&bdt=5695&idt=261&shv=r20241009&mjsv=m202410080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=880x280&correlator=987701147709&frm=20&pv=1&u_tz=0&u_his=5&u_h=720&u_w=1280&u_ah=672&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=32&ady=1444&biw=1263&bih=585&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31087941%2C31087986%2C44798934%2C95342016%2C95343454%2C95344190%2C95344778&oid=2&pvsid=151742996000315&tmod=156679102&uas=3&nvt=1&ref=https%3A%2F%2Fwww.google.com%2F&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C672%2C1280%2C585&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=261 HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: iframe
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&addtl_consent=1~39.43.46.55.61.70.83.89.93.108.117.122.124.131.135.136.143.144.147.149.159.162.167.171.192.196.202.211.218.228.230.239.241.259.266.272.286.291.311.317.322.323.326.327.338.367.371.385.389.394.397.407.413.415.424.430.436.440.445.449.453.482.486.491.494.495.501.503.505.522.523.540.550.559.560.568.574.576.584.587.591.733.737.745.780.787.802.803.817.820.821.829.839.864.867.874.899.904.922.931.938.979.981.985.1003.1024.1027.1031.1033.1034.1040.1046.1051.1053.1067.1085.1092.1095.1097.1099.1107.1127.1135.1143.1149.1152.1162.1166.1186.1188.1201.1205.1211.1215.1226.1227.1230.1252.1268.1270.1276.1284.1286.1290.1301.1307.1312.1345.1356.1364.1365.1375.1403.1415.1416.1419.1440.1442.1449.1455.1456.1465.1495.1512.1516.1525.1540.1548.1555.1558.1564.1570.1577.1579.1583.1584.1591.1603.1616.1638.1651.1653.1665.1667.1677.1678.1682.1697.1699.1703.1712.1716.1721.1725.1732.1745.1750.1765.1769.1782.1786.1800.1808.1810.1825.1827.1832.1837.1838.1840.1842.1843.1845.1859.1866.1870.1878.1880.1889.1899.1917.1929.1942.1944.1962.1963.1964.1967.1968.1969.1978.2003.2007.2008.2027.2035.2039.2044.2046.2047.2052.2056.2064.2068.2070.2072.2074.2088.2090.2103.2107.2109.2115.2124.2130.2133.2137.2140.2145.2147.2150.2156.2166.2177.2183.2186.2202.2205.2216.2219.2220.2222.2225.2234.2253.2264.2279.2282.2292.2299.2305.2309.2312.2316.2322.2325.2328.2331.2334.2335.2336.2337.2343.2354.2357.2358.2359.2366.2370.2376.2377.2387.2392.2394.2400.2403.2405.2407.2411.2414.2416.2418.2425.2427.2440.2447.2459.2461.2462.2465.2468.2472.2477.2481.2484.2486.2488.2492.2493.2496.2497.2498.2499.2501.2510.2511.2517.2526.2527.2532.2534.2535.2542.2544.2552.2563.2564.2567.2568.2569.2571.2572.2575.2577.2583.2584.2595.2596.2601.2604.2605.2608.2609.2610.2612.2614.2621.2628.2629.2633.2634.2636.2642.2643.2645.2646.2647.2650.2651.2652.2656.2657.2658.2660.2661.2669.2670.2677.2681.2684.2686.2687.2690.2695.2698.2707.2713.2714.2729.2739.2767.2768.2770.2772.2784.2787.2791.2792.2798.2801.2805.2812.2813.2816.2817.2818.2821.2822.2827.2830.2831.2834.2836.2838.2839.2840.2844.2846.2847.2849.2850.2851.2852.2854.2856.2860.2862.2863.2865.2867.2869.2873.2874.2875.2876.2878.2880.2881.2882.2883.2884.2886.2887.2888.2889.2891.2893.2894.2895.2897.2898.2900.2901.2908.2909.2911.2912.2913.2914.2916.2917.2918.2919.2920.2922.2923.2924.2927.2929.2930.2931.2939.2940.2941.2942.2947.2949.2950.2956.2961.2962.2963.2964.2965.2966.2968.2970.2973.2974.2975.2979.2980.2981.2983.2985.2986.2987.2991.2993.2994.2995.2997.2999.3000.3002.3003.3005.3008.3009.3010.3012.3016.3017.3018.3019.3024.3025.3028.3034.3037.3038.3043.3045.3048.3052.3053.3055.3058.3059.3063.3065.3066.3068.3070.3072.3073.3074.3075.3076.3077.3078.3089.3090.3093.3094.3095.3097.3099.3100.3104.3106.3109.3112.3116.3117.3118.3119.3120.3124.3126.3127.3128.3130.3135.3136.3145.3149.3150.3151.3154.3155.3162.3163.3167.3172.3173.3180.3182.3183.3184.3185.3187.3188.3189.3190.3194.3196.3197.3209.3210.3211.3214.3215.3217.3219.3222.3223.3225.3226.3227.3228.3230.3231.3232.3234.3235.3236.3237.3238.3240.3241.3244.3245.3250.3251.3253.3257.3260.3268.3270.3272.3281.3288.3290.3292.3293.3295.3296.3300&gpp_sid=-1&client=ca-pub-3593861583707338&output=html&h=250&slotname=1618680683&adk=798199480&adf=329058057&pi=t.ma~as.1618680683&w=308&abgtt=3&fwrn=4&fwrnh=100&lmt=1728814182&rafmt=1&format=308x250&url=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTQuMC4wIiwieDg2IiwiIiwiMTIzLjAuNjMxMi4xMjMiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjEyMy4wLjYzMTIuMTIzIl0sWyJOb3Q6QS1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTIzLjAuNjMxMi4xMjMiXV0sMF0.&dt=1728814182636&bpp=1&bdt=5695&idt=338&shv=r20241009&mjsv=m202410080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=880x280%2C880x280&correlator=987701147709&frm=20&pv=1&u_tz=0&u_his=5&u_h=720&u_w=1280&u_ah=672&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=924&ady=1397&biw=1263&bih=585&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31087941%2C31087986%2C44798934%2C95342016%2C95343454%2C95344190%2C95344778&oid=2&pvsid=151742996000315&tmod=156679102&uas=3&nvt=1&ref=https%3A%2F%2Fwww.google.com%2F&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C672%2C1280%2C585&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=342

chrome.exe

Remote address:

142.250.200.34:443

Request

GET /pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&addtl_consent=1~39.43.46.55.61.70.83.89.93.108.117.122.124.131.135.136.143.144.147.149.159.162.167.171.192.196.202.211.218.228.230.239.241.259.266.272.286.291.311.317.322.323.326.327.338.367.371.385.389.394.397.407.413.415.424.430.436.440.445.449.453.482.486.491.494.495.501.503.505.522.523.540.550.559.560.568.574.576.584.587.591.733.737.745.780.787.802.803.817.820.821.829.839.864.867.874.899.904.922.931.938.979.981.985.1003.1024.1027.1031.1033.1034.1040.1046.1051.1053.1067.1085.1092.1095.1097.1099.1107.1127.1135.1143.1149.1152.1162.1166.1186.1188.1201.1205.1211.1215.1226.1227.1230.1252.1268.1270.1276.1284.1286.1290.1301.1307.1312.1345.1356.1364.1365.1375.1403.1415.1416.1419.1440.1442.1449.1455.1456.1465.1495.1512.1516.1525.1540.1548.1555.1558.1564.1570.1577.1579.1583.1584.1591.1603.1616.1638.1651.1653.1665.1667.1677.1678.1682.1697.1699.1703.1712.1716.1721.1725.1732.1745.1750.1765.1769.1782.1786.1800.1808.1810.1825.1827.1832.1837.1838.1840.1842.1843.1845.1859.1866.1870.1878.1880.1889.1899.1917.1929.1942.1944.1962.1963.1964.1967.1968.1969.1978.2003.2007.2008.2027.2035.2039.2044.2046.2047.2052.2056.2064.2068.2070.2072.2074.2088.2090.2103.2107.2109.2115.2124.2130.2133.2137.2140.2145.2147.2150.2156.2166.2177.2183.2186.2202.2205.2216.2219.2220.2222.2225.2234.2253.2264.2279.2282.2292.2299.2305.2309.2312.2316.2322.2325.2328.2331.2334.2335.2336.2337.2343.2354.2357.2358.2359.2366.2370.2376.2377.2387.2392.2394.2400.2403.2405.2407.2411.2414.2416.2418.2425.2427.2440.2447.2459.2461.2462.2465.2468.2472.2477.2481.2484.2486.2488.2492.2493.2496.2497.2498.2499.2501.2510.2511.2517.2526.2527.2532.2534.2535.2542.2544.2552.2563.2564.2567.2568.2569.2571.2572.2575.2577.2583.2584.2595.2596.2601.2604.2605.2608.2609.2610.2612.2614.2621.2628.2629.2633.2634.2636.2642.2643.2645.2646.2647.2650.2651.2652.2656.2657.2658.2660.2661.2669.2670.2677.2681.2684.2686.2687.2690.2695.2698.2707.2713.2714.2729.2739.2767.2768.2770.2772.2784.2787.2791.2792.2798.2801.2805.2812.2813.2816.2817.2818.2821.2822.2827.2830.2831.2834.2836.2838.2839.2840.2844.2846.2847.2849.2850.2851.2852.2854.2856.2860.2862.2863.2865.2867.2869.2873.2874.2875.2876.2878.2880.2881.2882.2883.2884.2886.2887.2888.2889.2891.2893.2894.2895.2897.2898.2900.2901.2908.2909.2911.2912.2913.2914.2916.2917.2918.2919.2920.2922.2923.2924.2927.2929.2930.2931.2939.2940.2941.2942.2947.2949.2950.2956.2961.2962.2963.2964.2965.2966.2968.2970.2973.2974.2975.2979.2980.2981.2983.2985.2986.2987.2991.2993.2994.2995.2997.2999.3000.3002.3003.3005.3008.3009.3010.3012.3016.3017.3018.3019.3024.3025.3028.3034.3037.3038.3043.3045.3048.3052.3053.3055.3058.3059.3063.3065.3066.3068.3070.3072.3073.3074.3075.3076.3077.3078.3089.3090.3093.3094.3095.3097.3099.3100.3104.3106.3109.3112.3116.3117.3118.3119.3120.3124.3126.3127.3128.3130.3135.3136.3145.3149.3150.3151.3154.3155.3162.3163.3167.3172.3173.3180.3182.3183.3184.3185.3187.3188.3189.3190.3194.3196.3197.3209.3210.3211.3214.3215.3217.3219.3222.3223.3225.3226.3227.3228.3230.3231.3232.3234.3235.3236.3237.3238.3240.3241.3244.3245.3250.3251.3253.3257.3260.3268.3270.3272.3281.3288.3290.3292.3293.3295.3296.3300&gpp_sid=-1&client=ca-pub-3593861583707338&output=html&h=250&slotname=1618680683&adk=798199480&adf=329058057&pi=t.ma~as.1618680683&w=308&abgtt=3&fwrn=4&fwrnh=100&lmt=1728814182&rafmt=1&format=308x250&url=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTQuMC4wIiwieDg2IiwiIiwiMTIzLjAuNjMxMi4xMjMiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjEyMy4wLjYzMTIuMTIzIl0sWyJOb3Q6QS1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTIzLjAuNjMxMi4xMjMiXV0sMF0.&dt=1728814182636&bpp=1&bdt=5695&idt=338&shv=r20241009&mjsv=m202410080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=880x280%2C880x280&correlator=987701147709&frm=20&pv=1&u_tz=0&u_his=5&u_h=720&u_w=1280&u_ah=672&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=924&ady=1397&biw=1263&bih=585&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31087941%2C31087986%2C44798934%2C95342016%2C95343454%2C95344190%2C95344778&oid=2&pvsid=151742996000315&tmod=156679102&uas=3&nvt=1&ref=https%3A%2F%2Fwww.google.com%2F&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C672%2C1280%2C585&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=342 HTTP/2.0
host: googleads.g.doubleclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: iframe
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://66f7aa179543774b3f297a30a3931951.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

chrome.exe

Remote address:

142.250.180.1:443

Request

GET /safeframe/1-0-40/html/container.html HTTP/2.0
host: 66f7aa179543774b3f297a30a3931951.safeframe.googlesyndication.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: iframe
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://2fbf12eaa8a49eada63f10cc12fc1285.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

chrome.exe

Remote address:

142.250.180.1:443

Request

GET /safeframe/1-0-40/html/container.html?n=1 HTTP/2.0
host: 2fbf12eaa8a49eada63f10cc12fc1285.safeframe.googlesyndication.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://06134f23dbc458b93bea8afca61e22c8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

chrome.exe

Remote address:

142.250.180.1:443

Request

GET /safeframe/1-0-40/html/container.html?n=1 HTTP/2.0
host: 06134f23dbc458b93bea8afca61e22c8.safeframe.googlesyndication.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

c.amazon-adsystem.com

chrome.exe

Remote address:

8.8.8.8:53

Request

c.amazon-adsystem.com

IN A

Response

c.amazon-adsystem.com

IN CNAME

d1ykf07e75w7ss.cloudfront.net

d1ykf07e75w7ss.cloudfront.net

IN A

65.9.98.75
DNS

prg.smartadserver.com

chrome.exe

Remote address:

8.8.8.8:53

Request

prg.smartadserver.com

IN A

Response

prg.smartadserver.com

IN CNAME

prga.smartadserver.com

prga.smartadserver.com

IN CNAME

hb-geo.delivery-prod-sas.akadns.net

hb-geo.delivery-prod-sas.akadns.net

IN CNAME

euw2.smartadserver.com

euw2.smartadserver.com

IN A

178.32.197.48

euw2.smartadserver.com

IN A

149.202.238.97

euw2.smartadserver.com

IN A

5.135.209.96

euw2.smartadserver.com

IN A

91.134.110.129

euw2.smartadserver.com

IN A

5.196.111.64

euw2.smartadserver.com

IN A

217.182.178.224

euw2.smartadserver.com

IN A

178.32.210.226

euw2.smartadserver.com

IN A

164.132.25.177

euw2.smartadserver.com

IN A

5.196.111.65

euw2.smartadserver.com

IN A

149.202.238.96

euw2.smartadserver.com

IN A

5.135.209.97

euw2.smartadserver.com

IN A

178.32.210.227

euw2.smartadserver.com

IN A

51.178.195.209

euw2.smartadserver.com

IN A

91.134.110.128

euw2.smartadserver.com

IN A

178.32.197.49

euw2.smartadserver.com

IN A

217.182.178.225

euw2.smartadserver.com

IN A

164.132.25.176

euw2.smartadserver.com

IN A

51.178.195.208
DNS

tpc.googlesyndication.com

chrome.exe

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

142.250.187.225
DNS

id.hadron.ad.gt

chrome.exe

Remote address:

8.8.8.8:53

Request

id.hadron.ad.gt

IN A

Response

id.hadron.ad.gt

IN CNAME

id.hadron.ad.gt.cdn.cloudflare.net

id.hadron.ad.gt.cdn.cloudflare.net

IN A

172.67.23.234

id.hadron.ad.gt.cdn.cloudflare.net

IN A

104.22.5.69

id.hadron.ad.gt.cdn.cloudflare.net

IN A

104.22.4.69
DNS

35.95.9.65.in-addr.arpa

chrome.exe

Remote address:

8.8.8.8:53

Request

35.95.9.65.in-addr.arpa

IN PTR

Response

35.95.9.65.in-addr.arpa

IN PTR

server-65-9-95-35prg50r cloudfrontnet
DNS

imageproxy.eu.criteo.net

chrome.exe

Remote address:

8.8.8.8:53

Request

imageproxy.eu.criteo.net

IN A

Response

imageproxy.eu.criteo.net

IN CNAME

imageproxy.nl3.vip.prod.criteo.net

imageproxy.nl3.vip.prod.criteo.net

IN A

178.250.1.15
DNS

14.25.17.104.in-addr.arpa

chrome.exe

Remote address:

8.8.8.8:53

Request

14.25.17.104.in-addr.arpa

IN PTR

Response
DNS

d.turn.com

chrome.exe

Remote address:

8.8.8.8:53

Request

d.turn.com

IN A

Response

d.turn.com

IN CNAME

d-ams1.turn.com

d-ams1.turn.com

IN A

46.228.164.13
DNS

dsp-cookie.adfarm1.adition.com

chrome.exe

Remote address:

8.8.8.8:53

Request

dsp-cookie.adfarm1.adition.com

IN A

Response

dsp-cookie.adfarm1.adition.com

IN A

80.82.210.217
DNS

cms.quantserve.com

chrome.exe

Remote address:

8.8.8.8:53

Request

cms.quantserve.com

IN A

Response

cms.quantserve.com

IN CNAME

2kpixel.quantserve.com

2kpixel.quantserve.com

IN CNAME

global.px.quantserve.com

global.px.quantserve.com

IN A

91.228.74.200

global.px.quantserve.com

IN A

91.228.74.244

global.px.quantserve.com

IN A

91.228.74.159

global.px.quantserve.com

IN A

91.228.74.166
DNS

cms.quantserve.com

chrome.exe

Remote address:

8.8.8.8:53

Request

cms.quantserve.com

IN A

Response

cms.quantserve.com

IN CNAME

2kpixel.quantserve.com

2kpixel.quantserve.com

IN CNAME

global.px.quantserve.com

global.px.quantserve.com

IN A

91.228.74.166

global.px.quantserve.com

IN A

91.228.74.244

global.px.quantserve.com

IN A

91.228.74.159

global.px.quantserve.com

IN A

91.228.74.200
DNS

cdn.jsdelivr.net

chrome.exe

Remote address:

8.8.8.8:53

Request

cdn.jsdelivr.net

IN A

Response

cdn.jsdelivr.net

IN CNAME

jsdelivr.map.fastly.net

jsdelivr.map.fastly.net

IN A

151.101.65.229

jsdelivr.map.fastly.net

IN A

151.101.193.229

jsdelivr.map.fastly.net

IN A

151.101.129.229

jsdelivr.map.fastly.net

IN A

151.101.1.229
DNS

prebid-stag.setupad.net

chrome.exe

Remote address:

8.8.8.8:53

Request

prebid-stag.setupad.net

IN A

Response

prebid-stag.setupad.net

IN A

172.67.68.162

prebid-stag.setupad.net

IN A

104.26.8.178

prebid-stag.setupad.net

IN A

104.26.9.178
DNS

secure.cdn.fastclick.net

chrome.exe

Remote address:

8.8.8.8:53

Request

secure.cdn.fastclick.net

IN A

Response

secure.cdn.fastclick.net

IN CNAME

secure2.cdn.fastclick.net.edgekey.net

secure2.cdn.fastclick.net.edgekey.net

IN CNAME

e4536.g.akamaiedge.net

e4536.g.akamaiedge.net

IN A

104.78.175.230
DNS

match.adsrvr.org

chrome.exe

Remote address:

8.8.8.8:53

Request

match.adsrvr.org

IN A

Response

match.adsrvr.org

IN A

52.223.40.198

match.adsrvr.org

IN A

15.197.193.217

match.adsrvr.org

IN A

3.33.220.150

match.adsrvr.org

IN A

35.71.131.137
DNS

proc.ad.cpe.dotomi.com

chrome.exe

Remote address:

8.8.8.8:53

Request

proc.ad.cpe.dotomi.com

IN A

Response

proc.ad.cpe.dotomi.com

IN CNAME

convex-rr.global.dual.dotomi.weighted.com.akadns.net

convex-rr.global.dual.dotomi.weighted.com.akadns.net

IN A

63.215.202.146

convex-rr.global.dual.dotomi.weighted.com.akadns.net

IN A

89.207.16.210

convex-rr.global.dual.dotomi.weighted.com.akadns.net

IN A

63.215.202.178

convex-rr.global.dual.dotomi.weighted.com.akadns.net

IN A

64.158.223.146

convex-rr.global.dual.dotomi.weighted.com.akadns.net

IN A

89.207.16.146
DNS

proc.ad.cpe.dotomi.com

chrome.exe

Remote address:

8.8.8.8:53

Request

proc.ad.cpe.dotomi.com

IN A

Response

proc.ad.cpe.dotomi.com

IN CNAME

convex-rr.global.dual.dotomi.weighted.com.akadns.net

convex-rr.global.dual.dotomi.weighted.com.akadns.net

IN A

63.215.202.178

convex-rr.global.dual.dotomi.weighted.com.akadns.net

IN A

89.207.16.146

convex-rr.global.dual.dotomi.weighted.com.akadns.net

IN A

64.158.223.146

convex-rr.global.dual.dotomi.weighted.com.akadns.net

IN A

63.215.202.146

convex-rr.global.dual.dotomi.weighted.com.akadns.net

IN A

89.207.16.210
DNS

49.31.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

49.31.18.104.in-addr.arpa

IN PTR

Response
DNS

rtb.openx.net

Remote address:

8.8.8.8:53

Request

rtb.openx.net

IN A

Response

rtb.openx.net

IN A

35.227.252.103

rtb.openx.net

IN A

35.186.253.211
DNS

cdn.id5-sync.com

Remote address:

8.8.8.8:53

Request

cdn.id5-sync.com

IN A

Response

cdn.id5-sync.com

IN A

104.22.53.86

cdn.id5-sync.com

IN A

172.67.38.106

cdn.id5-sync.com

IN A

104.22.52.86
DNS

c1.adform.net

Remote address:

8.8.8.8:53

Request

c1.adform.net

IN A

Response

c1.adform.net

IN CNAME

track.adformnet.akadns.net

track.adformnet.akadns.net

IN A

37.157.5.87

track.adformnet.akadns.net

IN A

37.157.4.29

track.adformnet.akadns.net

IN A

37.157.5.132

track.adformnet.akadns.net

IN A

37.157.4.28

track.adformnet.akadns.net

IN A

37.157.5.133

track.adformnet.akadns.net

IN A

37.157.5.84
DNS

cat.nl3.eu.criteo.com

Remote address:

8.8.8.8:53

Request

cat.nl3.eu.criteo.com

IN A

Response

cat.nl3.eu.criteo.com

IN CNAME

cat.nl3.vip.prod.criteo.com

cat.nl3.vip.prod.criteo.com

IN A

178.250.1.6
DNS

64.98.95.141.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.98.95.141.in-addr.arpa

IN PTR

Response

64.98.95.141.in-addr.arpa

IN PTR

ns3216658ip-141-95-98eu
DNS

us-u.openx.net

Remote address:

8.8.8.8:53

Request

us-u.openx.net

IN A

Response

us-u.openx.net

IN A

34.98.64.218

us-u.openx.net

IN A

35.244.159.8
DNS

us-u.openx.net

Remote address:

8.8.8.8:53

Request

us-u.openx.net

IN A

Response

us-u.openx.net

IN A

34.98.64.218

us-u.openx.net

IN A

35.244.159.8
DNS

246.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

246.179.250.142.in-addr.arpa

IN PTR

Response

246.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f221e100net
DNS

prebid-eu.creativecdn.com

Remote address:

8.8.8.8:53

Request

prebid-eu.creativecdn.com

IN A

Response

prebid-eu.creativecdn.com

IN A

185.184.8.90
DNS

tags.crwdcntrl.net

Remote address:

8.8.8.8:53

Request

tags.crwdcntrl.net

IN A

Response

tags.crwdcntrl.net

IN A

65.9.95.6

tags.crwdcntrl.net

IN A

65.9.95.74

tags.crwdcntrl.net

IN A

65.9.95.19

tags.crwdcntrl.net

IN A

65.9.95.100
DNS

ib.adnxs.com

Remote address:

8.8.8.8:53

Request

ib.adnxs.com

IN A

Response

ib.adnxs.com

IN CNAME

xandr-g-geo.trafficmanager.net

xandr-g-geo.trafficmanager.net

IN CNAME

ib.anycast.adnxs.com

ib.anycast.adnxs.com

IN A

37.252.171.21

ib.anycast.adnxs.com

IN A

37.252.171.52

ib.anycast.adnxs.com

IN A

37.252.171.85

ib.anycast.adnxs.com

IN A

37.252.171.53

ib.anycast.adnxs.com

IN A

37.252.173.215

ib.anycast.adnxs.com

IN A

37.252.172.123

ib.anycast.adnxs.com

IN A

37.252.171.149
DNS

229.65.101.151.in-addr.arpa

Remote address:

8.8.8.8:53

Request

229.65.101.151.in-addr.arpa

IN PTR

Response
DNS

staticassets-creator-design.criteo.net

Remote address:

8.8.8.8:53

Request

staticassets-creator-design.criteo.net

IN A

Response

staticassets-creator-design.criteo.net

IN CNAME

staticassets-creator-design.nl3.vip.prod.criteo.net

staticassets-creator-design.nl3.vip.prod.criteo.net

IN A

178.250.1.22
DNS

id5-sync.com

chrome.exe

Remote address:

8.8.8.8:53

Request

id5-sync.com

IN A

Response

id5-sync.com

IN A

141.95.98.64

id5-sync.com

IN A

141.95.33.120

id5-sync.com

IN A

162.19.138.120

id5-sync.com

IN A

162.19.138.118

id5-sync.com

IN A

162.19.138.83

id5-sync.com

IN A

162.19.138.116

id5-sync.com

IN A

141.95.98.65

id5-sync.com

IN A

162.19.138.82

id5-sync.com

IN A

162.19.138.117

id5-sync.com

IN A

162.19.138.119
DNS

config.aps.amazon-adsystem.com

chrome.exe

Remote address:

8.8.8.8:53

Request

config.aps.amazon-adsystem.com

IN A

Response

config.aps.amazon-adsystem.com

IN A

65.9.95.30

config.aps.amazon-adsystem.com

IN A

65.9.95.29

config.aps.amazon-adsystem.com

IN A

65.9.95.83

config.aps.amazon-adsystem.com

IN A

65.9.95.3
DNS

rtb.nl3.eu.criteo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

rtb.nl3.eu.criteo.com

IN A

Response

rtb.nl3.eu.criteo.com

IN CNAME

rtb.nl3.vip.prod.criteo.com

rtb.nl3.vip.prod.criteo.com

IN A

178.250.1.10
DNS

bcp.crwdcntrl.net

chrome.exe

Remote address:

8.8.8.8:53

Request

bcp.crwdcntrl.net

IN A

Response

bcp.crwdcntrl.net

IN A

99.80.212.73

bcp.crwdcntrl.net

IN A

54.229.139.118

bcp.crwdcntrl.net

IN A

54.72.167.29

bcp.crwdcntrl.net

IN A

34.255.22.73

bcp.crwdcntrl.net

IN A

52.214.114.199

bcp.crwdcntrl.net

IN A

54.77.205.105
DNS

11.1.250.178.in-addr.arpa

chrome.exe

Remote address:

8.8.8.8:53

Request

11.1.250.178.in-addr.arpa

IN PTR

Response
DNS

a.ad.gt

chrome.exe

Remote address:

8.8.8.8:53

Request

a.ad.gt

IN A

Response

a.ad.gt

IN CNAME

a.ad.gt.cdn.cloudflare.net

a.ad.gt.cdn.cloudflare.net

IN A

172.67.23.234

a.ad.gt.cdn.cloudflare.net

IN A

104.22.4.69

a.ad.gt.cdn.cloudflare.net

IN A

104.22.5.69
DNS

192.114.245.47.in-addr.arpa

Remote address:

8.8.8.8:53

Request

192.114.245.47.in-addr.arpa

IN PTR

Response
DNS

gum.criteo.com

chrome.exe

Remote address:

8.8.8.8:53

Request

gum.criteo.com

IN A

Response

gum.criteo.com

IN CNAME

gum.nl3.vip.prod.criteo.com

gum.nl3.vip.prod.criteo.com

IN A

178.250.1.11
DNS

lb.eu-1-id5-sync.com

chrome.exe

Remote address:

8.8.8.8:53

Request

lb.eu-1-id5-sync.com

IN A

Response

lb.eu-1-id5-sync.com

IN A

162.19.138.119

lb.eu-1-id5-sync.com

IN A

141.95.98.64

lb.eu-1-id5-sync.com

IN A

162.19.138.116

lb.eu-1-id5-sync.com

IN A

162.19.138.117

lb.eu-1-id5-sync.com

IN A

141.95.98.65

lb.eu-1-id5-sync.com

IN A

141.95.33.120

lb.eu-1-id5-sync.com

IN A

162.19.138.83

lb.eu-1-id5-sync.com

IN A

162.19.138.118

lb.eu-1-id5-sync.com

IN A

162.19.138.82

lb.eu-1-id5-sync.com

IN A

162.19.138.120
DNS

lb.eu-1-id5-sync.com

chrome.exe

Remote address:

8.8.8.8:53

Request

lb.eu-1-id5-sync.com

IN A

Response

lb.eu-1-id5-sync.com

IN A

141.95.98.64

lb.eu-1-id5-sync.com

IN A

162.19.138.117

lb.eu-1-id5-sync.com

IN A

141.95.98.65

lb.eu-1-id5-sync.com

IN A

162.19.138.83

lb.eu-1-id5-sync.com

IN A

162.19.138.116

lb.eu-1-id5-sync.com

IN A

162.19.138.119

lb.eu-1-id5-sync.com

IN A

141.95.33.120

lb.eu-1-id5-sync.com

IN A

162.19.138.120

lb.eu-1-id5-sync.com

IN A

162.19.138.118

lb.eu-1-id5-sync.com

IN A

162.19.138.82
DNS

66.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

66.204.58.216.in-addr.arpa

IN PTR

Response

66.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f21e100net

66.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f2�G

66.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f66�G
DNS

prebid.a-mo.net

Remote address:

8.8.8.8:53

Request

prebid.a-mo.net

IN A

Response

prebid.a-mo.net

IN CNAME

nld-prebid.a-mx.net

nld-prebid.a-mx.net

IN A

163.5.194.33

nld-prebid.a-mx.net

IN A

163.5.194.36

nld-prebid.a-mx.net

IN A

163.5.194.30

nld-prebid.a-mx.net

IN A

163.5.194.31

nld-prebid.a-mx.net

IN A

163.5.194.32

nld-prebid.a-mx.net

IN A

163.5.194.34

nld-prebid.a-mx.net

IN A

163.5.194.37

nld-prebid.a-mx.net

IN A

163.5.194.35
DNS

u.openx.net

Remote address:

8.8.8.8:53

Request

u.openx.net

IN A

Response

u.openx.net

IN A

35.244.159.8

u.openx.net

IN A

34.98.64.218
DNS

cm.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

cm.g.doubleclick.net

IN A

Response

cm.g.doubleclick.net

IN A

142.250.179.226
DNS

2fbf12eaa8a49eada63f10cc12fc1285.safeframe.googlesyndication.com

Remote address:

8.8.8.8:53

Request

2fbf12eaa8a49eada63f10cc12fc1285.safeframe.googlesyndication.com

IN A

Response

2fbf12eaa8a49eada63f10cc12fc1285.safeframe.googlesyndication.com

IN CNAME

pagead-googlehosted.l.google.com

pagead-googlehosted.l.google.com

IN A

142.250.180.1
DNS

75.98.9.65.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.98.9.65.in-addr.arpa

IN PTR

Response

75.98.9.65.in-addr.arpa

IN PTR

server-65-9-98-75prg50r cloudfrontnet
DNS

eu-u.openx.net

Remote address:

8.8.8.8:53

Request

eu-u.openx.net

IN A

Response

eu-u.openx.net

IN A

35.244.159.8

eu-u.openx.net

IN A

34.98.64.218
DNS

15.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.1.250.178.in-addr.arpa

IN PTR

Response
DNS

dis.eu.criteo.com

Remote address:

8.8.8.8:53

Request

dis.eu.criteo.com

IN A

Response

dis.eu.criteo.com

IN CNAME

widget.nl3.vip.prod.criteo.com

widget.nl3.vip.prod.criteo.com

IN A

178.250.1.9
DNS

equativ-match.dotomi.com

Remote address:

8.8.8.8:53

Request

equativ-match.dotomi.com

IN A

Response

equativ-match.dotomi.com

IN CNAME

bfp.global.dual.dotomi.weighted.com.akadns.net

bfp.global.dual.dotomi.weighted.com.akadns.net

IN A

63.215.202.172
DNS

equativ-match.dotomi.com

Remote address:

8.8.8.8:53

Request

equativ-match.dotomi.com

IN A

Response

equativ-match.dotomi.com

IN CNAME

bfp.global.dual.dotomi.weighted.com.akadns.net

bfp.global.dual.dotomi.weighted.com.akadns.net

IN A

89.207.16.137
DNS

10.160.222.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.160.222.8.in-addr.arpa

IN PTR

Response
DNS

10.160.222.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.160.222.8.in-addr.arpa

IN PTR

Response
DNS

2.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.200.250.142.in-addr.arpa

IN PTR

Response

2.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f21e100net
DNS

aax.amazon-adsystem.com

Remote address:

8.8.8.8:53

Request

aax.amazon-adsystem.com

IN A

Response

aax.amazon-adsystem.com

IN CNAME

aax-dtb-cf.amazon-adsystem.com

aax-dtb-cf.amazon-adsystem.com

IN CNAME

aax-dtb-cf.amazon-adsystem.amazon.com

aax-dtb-cf.amazon-adsystem.amazon.com

IN CNAME

d1jvc9b8z3vcjs.cloudfront.net

d1jvc9b8z3vcjs.cloudfront.net

IN A

65.9.9.197
DNS

ads.eu.criteo.com

Remote address:

8.8.8.8:53

Request

ads.eu.criteo.com

IN A

Response

ads.eu.criteo.com

IN CNAME

ads.nl3.vip.prod.criteo.com

ads.nl3.vip.prod.criteo.com

IN A

178.250.1.17
DNS

ads.eu.criteo.com

Remote address:

8.8.8.8:53

Request

ads.eu.criteo.com

IN A

Response

ads.eu.criteo.com

IN CNAME

ads.nl3.vip.prod.criteo.com

ads.nl3.vip.prod.criteo.com

IN A

178.250.1.17
DNS

1.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.180.250.142.in-addr.arpa

IN PTR

Response

1.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f11e100net
DNS

region1.analytics.google.com

Remote address:

8.8.8.8:53

Request

region1.analytics.google.com

IN A

Response

region1.analytics.google.com

IN A

216.239.34.36

region1.analytics.google.com

IN A

216.239.32.36
DNS

region1.analytics.google.com

Remote address:

8.8.8.8:53

Request

region1.analytics.google.com

IN A

Response

region1.analytics.google.com

IN A

216.239.34.36

region1.analytics.google.com

IN A

216.239.32.36
GET

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20241013

chrome.exe

Remote address:

151.101.65.229:443

Request

GET /gh/prebid/currency-file@1/latest.json?date=20241013 HTTP/2.0
host: cdn.jsdelivr.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json; charset=utf-8
x-jsd-version: 1.0.2207
x-jsd-version-type: version
etag: W/"641-UfetsinVt7IR3jnJOcXEYViSzwc"
content-encoding: br
accept-ranges: bytes
date: Sun, 13 Oct 2024 10:09:43 GMT
age: 22115
x-served-by: cache-fra-eddf8230103-FRA, cache-lcy-eglc8600060-LCY
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 854
GET

https://tagan.adlightning.com/setupad/op.js

chrome.exe

Remote address:

65.9.95.35:443

Request

GET /setupad/op.js HTTP/2.0
host: tagan.adlightning.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
content-length: 6618
last-modified: Fri, 11 Oct 2024 20:50:41 GMT
x-amz-server-side-encryption: AES256
x-amz-meta-git_commit: 904ac2d
content-encoding: gzip
x-amz-version-id: ruDWMT2UOBJInoOwlRZ3QwXWl0Zzylav
accept-ranges: bytes
server: AmazonS3
date: Sun, 13 Oct 2024 10:08:51 GMT
cache-control: max-age=3600
etag: "8523f74905c7e98465a439c676d39460"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6ec6c63eb2f7ec00507af95b1621674c.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
x-amz-cf-id: 81fRW9ic6m3iy-_nj0tUAd-k-cc_YBCaT0hSt4l5-m8wMsoMcYQC3w==
age: 53
GET

https://tagan.adlightning.com/setupad/b-904ac2d-53355591.js

chrome.exe

Remote address:

65.9.95.35:443

Request

GET /setupad/b-904ac2d-53355591.js HTTP/2.0
host: tagan.adlightning.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
content-length: 26319
date: Thu, 08 Aug 2024 01:40:11 GMT
last-modified: Mon, 05 Feb 2024 15:54:08 GMT
etag: "05e9679509b61424a07cc4d4efb7247f"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000
x-amz-meta-git_commit: 904ac2d
content-encoding: gzip
x-amz-version-id: kPJhXXWG1Hq0AVBcmSAqAweMN.PW_rtc
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6ec6c63eb2f7ec00507af95b1621674c.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
x-amz-cf-id: a1pM2NrLZozRHF238fG3mcgRcSqImjCA2zPNX5yfKbpAQndEPstEXw==
age: 5732974
GET

https://tagan.adlightning.com/setupad/bl-362e799-4238a742.js

chrome.exe

Remote address:

65.9.95.35:443

Request

GET /setupad/bl-362e799-4238a742.js HTTP/2.0
host: tagan.adlightning.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
content-length: 65760
date: Fri, 11 Oct 2024 21:07:30 GMT
last-modified: Fri, 11 Oct 2024 20:50:28 GMT
etag: "be4d6cfffa34e0888b351edf27fa6d5d"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000
x-amz-meta-git_commit: 362e799
content-encoding: gzip
x-amz-version-id: Fj7gY6QMSfMsog6oD22nnBrZJGZIbnH9
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 6ec6c63eb2f7ec00507af95b1621674c.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
x-amz-cf-id: FiSNrAbcNDIPHuHdP0FqgjxpFadGG1-AVqyacAISWhCW3xkBbW4kEQ==
age: 133334
GET

https://c.amazon-adsystem.com/aax2/apstag.js

chrome.exe

Remote address:

65.9.98.75:443

Request

GET /aax2/apstag.js HTTP/2.0
host: c.amazon-adsystem.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
date: Sun, 13 Oct 2024 09:32:53 GMT
last-modified: Wed, 28 Aug 2024 22:46:40 GMT
etag: W/"f2dd6786b4537f2bb6a3e22886b855f2"
x-amz-server-side-encryption: AES256
cache-control: max-age=3600
server: AmazonS3
content-encoding: gzip
via: 1.1 bf791e1829ff18782cd9837fbba03616.cloudfront.net (CloudFront), 1.1 5a9253ffd4a04a82b061e7ef23f713d4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-cf-pop: PRG50-C1
x-amz-cf-id: Zo2HPv1YvX4mntnkbpnVi0wE58B3_u0ENiUZR6bnBgw53aclPNuDBg==
age: 2211
GET

https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.ldplayer.net&pubid=d14c8d3d-c09a-40c7-8c08-b5d7cd1d7fac

chrome.exe

Remote address:

65.9.98.75:443

Request

GET /cdn/prod/config?src=600&u=https%3A%2F%2Fwww.ldplayer.net&pubid=d14c8d3d-c09a-40c7-8c08-b5d7cd1d7fac HTTP/2.0
host: c.amazon-adsystem.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json;charset=UTF-8
content-length: 3623
access-control-allow-origin: https://www.ldplayer.net
access-control-allow-credentials: true
cache-control: max-age=21550, s-maxage=21600
date: Sun, 13 Oct 2024 06:30:31 GMT
server: Server
x-cache: Hit from cloudfront
via: 1.1 5a9253ffd4a04a82b061e7ef23f713d4.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
x-amz-cf-id: 4KqEjpwfIhO83okkffvRmUS6x4bvqgbO2ZjEDBaKIyxvnp0PB3WNGA==
age: 13153
OPTIONS

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.ldplayer.net%2F&domain=www.ldplayer.net&cw=1&lsw=1&gdprString=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1

chrome.exe

Remote address:

178.250.1.11:443

Request

OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.ldplayer.net%2F&domain=www.ldplayer.net&cw=1&lsw=1&gdprString=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1 HTTP/2.0
host: gum.criteo.com
accept: */*
access-control-request-method: GET
access-control-request-headers: content-type
origin: https://www.ldplayer.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
date: Sun, 13 Oct 2024 10:09:42 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://www.ldplayer.net
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 283922
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
OPTIONS

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.ldplayer.net%2F&domain=www.ldplayer.net&bundle=ZPhKRV9KJTJCTGVFNG5FdXpsanoyVFMwZWlzQmV5ZVFVajNBcXhCYlQ5NzNjMnV3WW5LUVNOWW5uNmFwU252JTJCSSUyQlIxUU4zckNxcFVRS2hSRDE2Z1UwTENtZFB2UnI3R0daRVBpcVBoQlNRTFpZTXF2NkRkS24lMkZ2dFhMWWFuQjd2Z0x6cHglMkY&cw=1&lsw=1&gdprString=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1

chrome.exe

Remote address:

178.250.1.11:443

Request

OPTIONS /sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.ldplayer.net%2F&domain=www.ldplayer.net&bundle=ZPhKRV9KJTJCTGVFNG5FdXpsanoyVFMwZWlzQmV5ZVFVajNBcXhCYlQ5NzNjMnV3WW5LUVNOWW5uNmFwU252JTJCSSUyQlIxUU4zckNxcFVRS2hSRDE2Z1UwTENtZFB2UnI3R0daRVBpcVBoQlNRTFpZTXF2NkRkS24lMkZ2dFhMWWFuQjd2Z0x6cHglMkY&cw=1&lsw=1&gdprString=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1 HTTP/2.0
host: gum.criteo.com
accept: */*
access-control-request-method: GET
access-control-request-headers: content-type
origin: https://www.ldplayer.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
date: Sun, 13 Oct 2024 10:09:48 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://www.ldplayer.net
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 299819
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
POST

https://id5-sync.com/api/config/prebid

chrome.exe

Remote address:

141.95.98.64:443

Request

POST /api/config/prebid HTTP/2.0
host: id5-sync.com
content-length: 121
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://www.ldplayer.net
vary: Origin
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8
date: Sun, 13 Oct 2024 10:09:43 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
POST

https://prebid-stag.setupad.net/cookie_sync

chrome.exe

Remote address:

172.67.68.162:443

Request

POST /cookie_sync HTTP/2.0
host: prebid-stag.setupad.net
content-length: 740
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:44 GMT
content-type: application/json; charset=utf-8
access-control-allow-credentials: true
access-control-allow-origin: https://www.ldplayer.net
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tc1kfNI2HjavUMaYJ2cUpKJ%2FOW3nCtInDmtG8tUVRCGwGNWoD%2BKZDbBptKmvM1S96920qjALOinPya%2FenkT7Ti5zsER5RJhHp4XlfUVeSI4QKM%2BOaMzFGERPVMwhTqgXqtdULEkrf6Lj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cflb=02DiuE9xQXhbXSwnAUAwuPCgNJxDh1xgs1Z4e7hFpxtep; SameSite=Lax; path=/; expires=Mon, 14-Oct-24 09:09:44 GMT; HttpOnly
server: cloudflare
cf-ray: 8d1e892a1f51cd85-LHR
content-encoding: br
POST

https://prebid-stag.setupad.net/openrtb2/auction

chrome.exe

Remote address:

172.67.68.162:443

Request

POST /openrtb2/auction HTTP/2.0
host: prebid-stag.setupad.net
content-length: 5662
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:44 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://www.ldplayer.net
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
x-prebid: pbs-go/0.259.0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=484l%2BbUCKp3o4ELNA3qJvBU14Ia1tkVk5echZvclSBxnndIArEeJNXY7stp4XUYyw8STbBBC6FZxoStWEITMbgjIeg98AFNo%2BkQ%2F2gvK8DPWwQRcn2axQ%2Foiuyyx4%2F57Seie7qyWeaob"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cflb=02DiuE9xQXhbXSwnAUAwuPCgNJxDh1xgs1Z4e7hFpxtep; SameSite=Lax; path=/; expires=Mon, 14-Oct-24 09:09:44 GMT; HttpOnly
server: cloudflare
cf-ray: 8d1e892a1f53cd85-LHR
content-encoding: br
GET

https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gpp=&gpp_sid=&f=i&uid=5498570646921517865

chrome.exe

Remote address:

172.67.68.162:443

Request

GET /setuid?bidder=adform&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gpp=&gpp_sid=&f=i&uid=5498570646921517865 HTTP/2.0
host: prebid-stag.setupad.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: uids=eyJ0ZW1wVUlEcyI6eyJvcGVueCI6eyJ1aWQiOiIxMmM0NzJiOC1hMTE4LTBjNTItMjQwZC03NGU3YjlmYjUyYjIiLCJleHBpcmVzIjoiMjAyNC0xMC0yN1QxMDowOTo0NC44NzU0Nzc4MjlaIn19fQ==

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:45 GMT
content-type: image/png
content-length: 86
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
set-cookie: uids=eyJ0ZW1wVUlEcyI6eyJhZGZvcm0iOnsidWlkIjoiNTQ5ODU3MDY0NjkyMTUxNzg2NSIsImV4cGlyZXMiOiIyMDI0LTEwLTI3VDEwOjA5OjQ1LjM1MDYxNzAwM1oifSwib3BlbngiOnsidWlkIjoiMTJjNDcyYjgtYTExOC0wYzUyLTI0MGQtNzRlN2I5ZmI1MmIyIiwiZXhwaXJlcyI6IjIwMjQtMTAtMjdUMTA6MDk6NDQuODc1NDc3ODI5WiJ9fX0=; Path=/; Expires=Sat, 11 Jan 2025 10:09:45 GMT; Secure; SameSite=None
vary: Origin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N64XjxTGVYMwo36HwC6gZ3whB0gE%2FwlxDZpUgyFaqJ53S4xOdDlsn2ltTZeK1hsx2k2EdnCgU2hFAPKOkf4gX56PyXTUG2%2BPrJVlGj875%2FawoPJFsAp0CWIL2Bivu9ffjCLBJ2LyT29P"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cflb=02DiuE9xQXhbXSwnAUAwuPCgNJxDh1xgs2HtAKFuTEZ9E; SameSite=Lax; path=/; expires=Mon, 14-Oct-24 09:09:45 GMT; HttpOnly
server: cloudflare
cf-ray: 8d1e89324912cd85-LHR
GET

https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gpp=&gpp_sid=&f=i&uid=63258396398534972

chrome.exe

Remote address:

172.67.68.162:443

Request

GET /setuid?bidder=smartadserver&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gpp=&gpp_sid=&f=i&uid=63258396398534972 HTTP/2.0
host: prebid-stag.setupad.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: uids=eyJ0ZW1wVUlEcyI6eyJhZGZvcm0iOnsidWlkIjoiNTQ5ODU3MDY0NjkyMTUxNzg2NSIsImV4cGlyZXMiOiIyMDI0LTEwLTI3VDEwOjA5OjQ1LjM1MDYxNzAwM1oifSwib3BlbngiOnsidWlkIjoiMTJjNDcyYjgtYTExOC0wYzUyLTI0MGQtNzRlN2I5ZmI1MmIyIiwiZXhwaXJlcyI6IjIwMjQtMTAtMjdUMTA6MDk6NDQuODc1NDc3ODI5WiJ9fX0=

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:45 GMT
content-type: image/png
content-length: 86
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
set-cookie: uids=eyJ0ZW1wVUlEcyI6eyJhZGZvcm0iOnsidWlkIjoiNTQ5ODU3MDY0NjkyMTUxNzg2NSIsImV4cGlyZXMiOiIyMDI0LTEwLTI3VDEwOjA5OjQ1LjM1MDYxNzAwM1oifSwib3BlbngiOnsidWlkIjoiMTJjNDcyYjgtYTExOC0wYzUyLTI0MGQtNzRlN2I5ZmI1MmIyIiwiZXhwaXJlcyI6IjIwMjQtMTAtMjdUMTA6MDk6NDQuODc1NDc3ODI5WiJ9LCJzbWFydGFkc2VydmVyIjp7InVpZCI6IjYzMjU4Mzk2Mzk4NTM0OTcyIiwiZXhwaXJlcyI6IjIwMjQtMTAtMjdUMTA6MDk6NDUuNTkxNjgyODNaIn19fQ==; Path=/; Expires=Sat, 11 Jan 2025 10:09:45 GMT; Secure; SameSite=None
vary: Origin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0bX9%2Bqk9a2niYsKeam3mV4m%2Bece%2FRH57oCxXTvJ5jaClEI8mXlFUYf7zUDQMj5X0hhs0ptkm%2FtkEhH4oHTvMZ%2FIr3PGSoi22%2B%2FS4zOdkV9mRirF4rx0gDM%2BbexpG6%2FlUnulZV95%2FUJQN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cflb=02DiuE9xQXhbXSwnAUAwuPCgNJxDh1xgs2HtAKFuTEZ9E; SameSite=Lax; path=/; expires=Mon, 14-Oct-24 09:09:45 GMT; HttpOnly
server: cloudflare
cf-ray: 8d1e8933dad9cd85-LHR
POST

https://prebid-stag.setupad.net/cookie_sync

chrome.exe

Remote address:

172.67.68.162:443

Request

POST /cookie_sync HTTP/2.0
host: prebid-stag.setupad.net
content-length: 740
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: uids=eyJ0ZW1wVUlEcyI6eyJhZGZvcm0iOnsidWlkIjoiNTQ5ODU3MDY0NjkyMTUxNzg2NSIsImV4cGlyZXMiOiIyMDI0LTEwLTI3VDEwOjA5OjQ1LjM1MDYxNzAwM1oifSwib3BlbngiOnsidWlkIjoiMTJjNDcyYjgtYTExOC0wYzUyLTI0MGQtNzRlN2I5ZmI1MmIyIiwiZXhwaXJlcyI6IjIwMjQtMTAtMjdUMTA6MDk6NDQuODc1NDc3ODI5WiJ9LCJzbWFydGFkc2VydmVyIjp7InVpZCI6IjYzMjU4Mzk2Mzk4NTM0OTcyIiwiZXhwaXJlcyI6IjIwMjQtMTAtMjdUMTA6MDk6NDUuNTkxNjgyODNaIn19fQ==

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:49 GMT
content-type: application/json; charset=utf-8
content-length: 35
access-control-allow-credentials: true
access-control-allow-origin: https://www.ldplayer.net
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FkO5mVZAk7OzfyCs%2BOicDeaakRLH8AWocGdun34zrrh6jvtnthYWVt%2BP85YaogxOunYEwtpZUHYSxBYR6Atr1qA%2FlRtdid4XtmC90FSzv5C0uZjVuIEbdzX%2FIGZ3verR3fhANsyc0%2Fpt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cflb=02DiuE9xQXhbXSwnAUAwuPCgNJxDh1xgs5FAF7WVxKD6t; SameSite=Lax; path=/; expires=Mon, 14-Oct-24 09:09:49 GMT; HttpOnly
server: cloudflare
cf-ray: 8d1e894c0c13cd85-LHR
POST

https://prebid-stag.setupad.net/openrtb2/auction

chrome.exe

Remote address:

172.67.68.162:443

Request

POST /openrtb2/auction HTTP/2.0
host: prebid-stag.setupad.net
content-length: 6142
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: uids=eyJ0ZW1wVUlEcyI6eyJhZGZvcm0iOnsidWlkIjoiNTQ5ODU3MDY0NjkyMTUxNzg2NSIsImV4cGlyZXMiOiIyMDI0LTEwLTI3VDEwOjA5OjQ1LjM1MDYxNzAwM1oifSwib3BlbngiOnsidWlkIjoiMTJjNDcyYjgtYTExOC0wYzUyLTI0MGQtNzRlN2I5ZmI1MmIyIiwiZXhwaXJlcyI6IjIwMjQtMTAtMjdUMTA6MDk6NDQuODc1NDc3ODI5WiJ9LCJzbWFydGFkc2VydmVyIjp7InVpZCI6IjYzMjU4Mzk2Mzk4NTM0OTcyIiwiZXhwaXJlcyI6IjIwMjQtMTAtMjdUMTA6MDk6NDUuNTkxNjgyODNaIn19fQ==

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:49 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://www.ldplayer.net
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
x-prebid: pbs-go/0.259.0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zJ7sVOytw5n3%2Fdo1hojpfAAncr5zTRY%2BsF9xafJzjZFFjX8g9WKNUTvGsahm%2F9ldO1dxkrKO%2F4%2FDYAVR%2Bh4u10OTms5XtB4QYgJ61j%2FaKnxIQ8nDAtMq2OHseTSJiCr61XDEUAWe%2BO%2F5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cflb=02DiuE9xQXhbXSwnAUAwuPCgNJxDh1xgs5FAF7WVxKD6t; SameSite=Lax; path=/; expires=Mon, 14-Oct-24 09:09:49 GMT; HttpOnly
server: cloudflare
cf-ray: 8d1e894c1c32cd85-LHR
content-encoding: br
POST

https://prebid-eu.creativecdn.com/bidder/prebid/bids

chrome.exe

Remote address:

185.184.8.90:443

Request

POST /bidder/prebid/bids HTTP/2.0
host: prebid-eu.creativecdn.com
content-length: 1783
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Sun, 13 Oct 2024 10:09:44 GMT
vary: Origin
access-control-allow-origin: https://www.ldplayer.net
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
POST

https://prebid-eu.creativecdn.com/bidder/prebid/bids

chrome.exe

Remote address:

185.184.8.90:443

Request

POST /bidder/prebid/bids HTTP/2.0
host: prebid-eu.creativecdn.com
content-length: 2264
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Sun, 13 Oct 2024 10:09:49 GMT
vary: Origin
access-control-allow-origin: https://www.ldplayer.net
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-max-age: 3600
POST

https://adx.adform.net/adx/openrtb

chrome.exe

Remote address:

37.157.5.132:443

Request

POST /adx/openrtb HTTP/2.0
host: adx.adform.net
content-length: 1421
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

server: nginx
date: Sun, 13 Oct 2024 10:09:44 GMT
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://www.ldplayer.net
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1
pragma: no-cache
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=31536000; includeSubDomains
POST

https://adx.adform.net/adx/openrtb

chrome.exe

Remote address:

37.157.5.132:443

Request

POST /adx/openrtb HTTP/2.0
host: adx.adform.net
content-length: 1902
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: C=1
cookie: uid=5498570646921517865

Response

HTTP/2.0 204

server: nginx
date: Sun, 13 Oct 2024 10:09:49 GMT
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://www.ldplayer.net
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1
pragma: no-cache
set-cookie: uid=5498570646921517865; expires=Thu, 12 Dec 2024 10:09:49 GMT; domain=adform.net; path=/; secure; samesite=none
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=31536000; includeSubDomains
POST

https://rtb.openx.net/openrtbb/prebidjs

chrome.exe

Remote address:

35.227.252.103:443

Request

POST /openrtbb/prebidjs HTTP/2.0
host: rtb.openx.net
content-length: 4995
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
POST

https://rtb.openx.net/openrtbb/prebidjs

chrome.exe

Remote address:

35.227.252.103:443

Request

POST /openrtbb/prebidjs HTTP/2.0
host: rtb.openx.net
content-length: 5475
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: receive-cookie-deprecation=1
cookie: i=f8b6c22e-b100-004c-1557-7c1a5c87a3c2|1728814184
cookie: pd=v2|1728814184|gin0vNvQiygu
cookie: univ_id=537072971|525afc59-365a-4c22-b996-8aef5f081ed5|1728814185026048
POST

https://prebid.a-mo.net/a/c

chrome.exe

Remote address:

163.5.194.33:443

Request

POST /a/c HTTP/2.0
host: prebid.a-mo.net
content-length: 3136
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

access-control-allow-credentials: true
access-control-allow-origin: https://www.ldplayer.net
cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
content-length: 1054
content-type: application/json; charset=utf-8
date: Sun, 13 Oct 2024 10:09:43 GMT
server: envoy
vary: origin, accept-encoding
set-cookie: __amc=1_1728814184_1728814184; path=/; domain=prebid.a-mo.net; expires=Mon, 13 Oct 2025 10:09:44 GMT; max-age=31536000; secure; HttpOnly; SameSite=None
set-cookie: amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8; path=/; domain=a-mo.net; expires=Mon, 13 Oct 2025 10:09:44 GMT; max-age=31536000; secure; HttpOnly; SameSite=None
set-cookie: pamuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8; path=/; domain=a-mo.net; expires=Mon, 13 Oct 2025 10:09:44 GMT; max-age=31536000; secure; HttpOnly; SameSite=None
set-cookie: psd_amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8; path=/; domain=prebid.a-mo.net; expires=Mon, 13 Oct 2025 10:09:44 GMT; max-age=31536000; secure; HttpOnly; SameSite=None
set-cookie: sd_amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8; path=/; domain=prebid.a-mo.net; expires=Mon, 13 Oct 2025 10:09:44 GMT; max-age=31536000; secure; HttpOnly; SameSite=None
x-envoy-upstream-service-time: 122
POST

https://prebid.a-mo.net/a/c

chrome.exe

Remote address:

163.5.194.33:443

Request

POST /a/c HTTP/2.0
host: prebid.a-mo.net
content-length: 3441
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __amc=1_1728814184_1728814184
cookie: amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: pamuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: psd_amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: sd_amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8

Response

HTTP/2.0 200

access-control-allow-credentials: true
access-control-allow-origin: https://www.ldplayer.net
cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
content-length: 1020
content-type: application/json; charset=utf-8
date: Sun, 13 Oct 2024 10:09:48 GMT
server: envoy
vary: origin, accept-encoding
set-cookie: __amc=2_1728814184_1728814189; path=/; domain=prebid.a-mo.net; expires=Mon, 13 Oct 2025 10:09:49 GMT; max-age=31536000; secure; HttpOnly; SameSite=None
x-envoy-upstream-service-time: 125
POST

https://prg.smartadserver.com/prebid/v1

chrome.exe

Remote address:

178.32.197.48:443

Request

POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
Connection: keep-alive
Content-Length: 4273
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain
Accept: */*
Origin: https://www.ldplayer.net
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 200 OK

content-type: application/json; charset=UTF-8
date: Sun, 13 Oct 2024 10:09:44 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.ldplayer.net
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
set-cookie: pbw=%24b%3d16999%3b%24o%3d11100; expires=Mon, 13 Oct 2025 10:09:44 GMT; domain=.smartadserver.com; path=/; secure; samesite=none
set-cookie: vs=614491=6196929; expires=Mon, 01 Jan 0001 00:00:00 GMT; domain=.smartadserver.com; path=/; secure; samesite=none
set-cookie: TestIfCookie=ok; expires=Mon, 01 Jan 0001 00:00:00 GMT; domain=.smartadserver.com; path=/; secure; samesite=none
set-cookie: TestIfCookieP=ok; expires=Mon, 13 Oct 2025 10:09:44 GMT; domain=.smartadserver.com; path=/; secure; samesite=none
set-cookie: pid=63258396398534972; expires=Mon, 13 Oct 2025 10:09:44 GMT; domain=.smartadserver.com; path=/; secure; samesite=none
set-cookie: sasd2=q=%24qc%3D1500046319%3B%24ql%3DHigh%3B%24qt%3D78_2531_71284t%3B%24dma%3D0%3B%24qo%3D5&c=1&l&lo&lt=638644109840771358&o=1; expires=Mon, 14 Oct 2024 10:09:44 GMT; domain=.smartadserver.com; path=/; secure; samesite=none
set-cookie: sasd=%24qc%3D1500046319%3B%24ql%3DHigh%3B%24qt%3D78_2531_71284t%3B%24dma%3D0%3B%24qo%3D5; expires=Mon, 14 Oct 2024 10:09:44 GMT; domain=.smartadserver.com; path=/; secure; samesite=none
transfer-encoding: chunked
vary: Accept-Encoding
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
POST

https://prg.smartadserver.com/prebid/v1

chrome.exe

Remote address:

178.32.197.48:443

Request

POST /prebid/v1 HTTP/1.1
Host: prg.smartadserver.com
Connection: keep-alive
Content-Length: 4753
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain
Accept: */*
Origin: https://www.ldplayer.net
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9
Cookie: pbw=%24b%3d16999%3b%24o%3d11100; TestIfCookieP=ok; pid=63258396398534972; sasd2=q=%24qc%3D1500046319%3B%24ql%3DHigh%3B%24qt%3D78_2531_71284t%3B%24dma%3D0%3B%24qo%3D5&c=1&l&lo&lt=638644109840771358&o=1; sasd=%24qc%3D1500046319%3B%24ql%3DHigh%3B%24qt%3D78_2531_71284t%3B%24dma%3D0%3B%24qo%3D5

Response

HTTP/1.1 200 OK

content-type: application/json; charset=UTF-8
date: Sun, 13 Oct 2024 10:09:49 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.ldplayer.net
cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
set-cookie: vs=614491=6196929; expires=Mon, 01 Jan 0001 00:00:00 GMT; domain=.smartadserver.com; path=/; secure; samesite=none
set-cookie: pid=63258396398534972; expires=Mon, 13 Oct 2025 10:09:49 GMT; domain=.smartadserver.com; path=/; secure; samesite=none
transfer-encoding: chunked
vary: Accept-Encoding
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
GET

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.ldplayer.net%2F&domain=www.ldplayer.net&cw=1&lsw=1&gdprString=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1

chrome.exe

Remote address:

178.250.1.11:443

Request

GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.ldplayer.net%2F&domain=www.ldplayer.net&cw=1&lsw=1&gdprString=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1 HTTP/2.0
host: gum.criteo.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: application/json
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
date: Sun, 13 Oct 2024 10:09:43 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://www.ldplayer.net
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
set-cookie: cto_bundle=0dC8Cl9NRzVaUmEwMW8ybTJEWm5PaEVrbTlrVXBLYklDeEZwZURNbXBWakNCRjlRUUtLR3ZFRjlTQ1VQWUI4RzloOEI1TDV0M0V6SFl2dnVuQjdOOFV3JTJGUVByeGpRbnVzNHNPcUZLTjJpRlFOaDNrJTNE; expires=Fri, 07 Nov 2025 10:09:43 GMT; domain=criteo.com; path=/; secure; samesite=none; Partitioned
server-processing-duration-in-ticks: 694251
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
GET

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.ldplayer.net%2F&domain=www.ldplayer.net&bundle=ZPhKRV9KJTJCTGVFNG5FdXpsanoyVFMwZWlzQmV5ZVFVajNBcXhCYlQ5NzNjMnV3WW5LUVNOWW5uNmFwU252JTJCSSUyQlIxUU4zckNxcFVRS2hSRDE2Z1UwTENtZFB2UnI3R0daRVBpcVBoQlNRTFpZTXF2NkRkS24lMkZ2dFhMWWFuQjd2Z0x6cHglMkY&cw=1&lsw=1&gdprString=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1

chrome.exe

Remote address:

178.250.1.11:443

Request

GET /sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.ldplayer.net%2F&domain=www.ldplayer.net&bundle=ZPhKRV9KJTJCTGVFNG5FdXpsanoyVFMwZWlzQmV5ZVFVajNBcXhCYlQ5NzNjMnV3WW5LUVNOWW5uNmFwU252JTJCSSUyQlIxUU4zckNxcFVRS2hSRDE2Z1UwTENtZFB2UnI3R0daRVBpcVBoQlNRTFpZTXF2NkRkS24lMkZ2dFhMWWFuQjd2Z0x6cHglMkY&cw=1&lsw=1&gdprString=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1 HTTP/2.0
host: gum.criteo.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: application/json
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cto_bundle=0dC8Cl9NRzVaUmEwMW8ybTJEWm5PaEVrbTlrVXBLYklDeEZwZURNbXBWakNCRjlRUUtLR3ZFRjlTQ1VQWUI4RzloOEI1TDV0M0V6SFl2dnVuQjdOOFV3JTJGUVByeGpRbnVzNHNPcUZLTjJpRlFOaDNrJTNE
cookie: receive-cookie-deprecation=1
cookie: uid=96e49b9f-17f7-4075-adff-8f2566676145

Response

HTTP/2.0 200

content-type: application/json; charset=utf-8
date: Sun, 13 Oct 2024 10:09:49 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://www.ldplayer.net
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
set-cookie: cto_bundle=ofP2Tl9oVXduNyUyRk9odUtTS0pRdndHOHNSM0VQMU1IZHVsRDJIVVpUVUJxdFdDbURtcDRwWUYyQU8ya09tM2h4T1dnTjM3WGdSSWo0NjBKWU1VZ0l0MXRrM2ZDc1N6c1hHeXBST3BDSDluNFRZcHJzJTJCZVN4VjBxJTJGTUVzb0VQTDR6Y0NLQ2Y1dk1zWXc5enZSclQ1cUIwbFBnZXclM0QlM0Q; expires=Fri, 07 Nov 2025 10:09:48 GMT; domain=criteo.com; path=/; secure; samesite=none; Partitioned
server-processing-duration-in-ticks: 2071919
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
GET

https://lb.eu-1-id5-sync.com/lb/v1

chrome.exe

Remote address:

162.19.138.119:443

Request

GET /lb/v1 HTTP/2.0
host: lb.eu-1-id5-sync.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://www.ldplayer.net
vary: Origin
content-type: application/json;charset=UTF-8
date: Sun, 13 Oct 2024 10:09:44 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://lb.eu-1-id5-sync.com/lb/v1

chrome.exe

Remote address:

162.19.138.119:443

Request

GET /lb/v1 HTTP/2.0
host: lb.eu-1-id5-sync.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
access-control-allow-origin: https://www.ldplayer.net
vary: Origin
content-type: application/json;charset=UTF-8
date: Sun, 13 Oct 2024 10:09:45 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-NETEW036PS&cid=791018054.1728814178&gtm=45je4a90v897214331za200zb811059450&aip=1&dma=1&dma_cps=syphamo&gcs=G111&gcd=13n3n3n3n5l1&npa=0&frm=0&tag_exp=101671035~101686685~101836706&z=286350044

chrome.exe

Remote address:

142.250.180.3:443

Request

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-NETEW036PS&cid=791018054.1728814178&gtm=45je4a90v897214331za200zb811059450&aip=1&dma=1&dma_cps=syphamo&gcs=G111&gcd=13n3n3n3n5l1&npa=0&frm=0&tag_exp=101671035~101686685~101836706&z=286350044 HTTP/2.0
host: www.google.co.uk
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-59PCK5ER57&cid=791018054.1728814178&gtm=45je4a90v890351567za200zb811059450&aip=1&dma=1&dma_cps=syphamo&gcs=G111&gcd=13n3n3n3n5l1&npa=0&frm=0&tag_exp=101533421~101671035~101686685&z=1047751020

chrome.exe

Remote address:

142.250.180.3:443

Request

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-59PCK5ER57&cid=791018054.1728814178&gtm=45je4a90v890351567za200zb811059450&aip=1&dma=1&dma_cps=syphamo&gcs=G111&gcd=13n3n3n3n5l1&npa=0&frm=0&tag_exp=101533421~101671035~101686685&z=1047751020 HTTP/2.0
host: www.google.co.uk
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.co.uk/pagead/1p-conversion/11055607299/?random=83265790&cv=11&fst=1728814188338&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9101366724z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=iH1YCPXq_IkYEIPc3Jcp&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&pscrd=IhMI_6qA3Y6LiQMVCV4dCR3ZyTyAMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYUtaNElYXzZIdzdzREZfXzMtcndQZjFkenZmNUJHUzNYMmRwSE9PdnNwaEZWMjh1Y1phcXhD&is_vtc=1&cid=CAQSKQDpaXnfpzUcsY38xaqbM_HHcU1WOT9mxbSt2tUahDPWuZomScqqmZL4&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEDoQ-TFwY0HpJ3YPRAZMo3rtR5B6lsj0-g&random=1784264614&ipr=y&ezwbk=AZuM4hB2BGOPcH5eeW_-px2kitpN8gcu81Jbg875b79yoyzzfRyQL7RupqCGZlq3MiCFajSjx7AQ5t4ARy9OWQ3ryc3H

chrome.exe

Remote address:

142.250.180.3:443

Request

GET /pagead/1p-conversion/11055607299/?random=83265790&cv=11&fst=1728814188338&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9101366724z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=iH1YCPXq_IkYEIPc3Jcp&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&pscrd=IhMI_6qA3Y6LiQMVCV4dCR3ZyTyAMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYUtaNElYXzZIdzdzREZfXzMtcndQZjFkenZmNUJHUzNYMmRwSE9PdnNwaEZWMjh1Y1phcXhD&is_vtc=1&cid=CAQSKQDpaXnfpzUcsY38xaqbM_HHcU1WOT9mxbSt2tUahDPWuZomScqqmZL4&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEDoQ-TFwY0HpJ3YPRAZMo3rtR5B6lsj0-g&random=1784264614&ipr=y&ezwbk=AZuM4hB2BGOPcH5eeW_-px2kitpN8gcu81Jbg875b79yoyzzfRyQL7RupqCGZlq3MiCFajSjx7AQ5t4ARy9OWQ3ryc3H HTTP/2.0
host: www.google.co.uk
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.co.uk/pagead/1p-conversion/691667572/?random=225797198&cv=11&fst=1728814188267&bg=ffffff&guid=ON&async=1&gtm=45be4a90v877717752z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=aQ7aCOrdo7UBEPSE6MkC&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCMPJsQIoAQ&pscrd=IhMIrpT83I6LiQMV5kYdCR0q9goUMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYnB4ckNueVVwdHN2NHZObFo0WDVrbHNIRldqa3lscE5CWDJfQW9GZDJhdFVOZnkxVDZYOHpU&is_vtc=1&cid=CAQSKQDpaXnfvpYm_MMgcuDIQfKXaNgtU5BwF5MF-V8g4EbO8uLs_6c07k0R&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEBA3ilSyNAN9q67JZj6oT7_5-c6ztJxleE&random=3832946140&ipr=y&ezwbk=AZuM4hDPSjyljimeoiojROTPfW3h6BU3Gy-koj5YjjvWwcOdvThVEwNhcnwHXnuG8v5gacvvamteH5rGWZO1ufH0V1NI

chrome.exe

Remote address:

142.250.180.3:443

Request

GET /pagead/1p-conversion/691667572/?random=225797198&cv=11&fst=1728814188267&bg=ffffff&guid=ON&async=1&gtm=45be4a90v877717752z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=aQ7aCOrdo7UBEPSE6MkC&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCMPJsQIoAQ&pscrd=IhMIrpT83I6LiQMV5kYdCR0q9goUMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYnB4ckNueVVwdHN2NHZObFo0WDVrbHNIRldqa3lscE5CWDJfQW9GZDJhdFVOZnkxVDZYOHpU&is_vtc=1&cid=CAQSKQDpaXnfvpYm_MMgcuDIQfKXaNgtU5BwF5MF-V8g4EbO8uLs_6c07k0R&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEBA3ilSyNAN9q67JZj6oT7_5-c6ztJxleE&random=3832946140&ipr=y&ezwbk=AZuM4hDPSjyljimeoiojROTPfW3h6BU3Gy-koj5YjjvWwcOdvThVEwNhcnwHXnuG8v5gacvvamteH5rGWZO1ufH0V1NI HTTP/2.0
host: www.google.co.uk
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.co.uk/pagead/1p-conversion/11081818434/?random=1236900797&cv=11&fst=1728814188299&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9101879777z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=828MCJfU_4kYEMLCnKQp&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCMPJsQIoAQ&pscrd=IhMIw5f-3I6LiQMV9UgdCR1G-SYTMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYXlxdlJhUG9MZWRCY3dyNFhjSkh0bWpLLUthNkJwVFZRcmpEU05EbFZRektBS3V0eEZrS093&is_vtc=1&cid=CAQSKQDpaXnfdj9fkHYS5qTWsF5Q323vaJaYAUuxyQuKL6JPWVJUazW7XXsW&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEBvBoJYg1N1Sgb0Ua0-eGz4vZM_ymi-c5A&random=1164820918&ipr=y&ezwbk=AZuM4hBSEOWU0qLgG1Oimqf3BzSLZ94seg0HgCtMzT7YYHI460zdUI9rtfI2fBhpj0tpD9nrw5Rg1QQ1n8XBDlhN6lVY

chrome.exe

Remote address:

142.250.180.3:443

Request

GET /pagead/1p-conversion/11081818434/?random=1236900797&cv=11&fst=1728814188299&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9101879777z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=828MCJfU_4kYEMLCnKQp&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCMPJsQIoAQ&pscrd=IhMIw5f-3I6LiQMV9UgdCR1G-SYTMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYXlxdlJhUG9MZWRCY3dyNFhjSkh0bWpLLUthNkJwVFZRcmpEU05EbFZRektBS3V0eEZrS093&is_vtc=1&cid=CAQSKQDpaXnfdj9fkHYS5qTWsF5Q323vaJaYAUuxyQuKL6JPWVJUazW7XXsW&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEBvBoJYg1N1Sgb0Ua0-eGz4vZM_ymi-c5A&random=1164820918&ipr=y&ezwbk=AZuM4hBSEOWU0qLgG1Oimqf3BzSLZ94seg0HgCtMzT7YYHI460zdUI9rtfI2fBhpj0tpD9nrw5Rg1QQ1n8XBDlhN6lVY HTTP/2.0
host: www.google.co.uk
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.co.uk/pagead/1p-conversion/11033320454/?random=1990341734&cv=11&fst=1728814188370&bg=ffffff&guid=ON&async=1&gtm=45be4a90v897883683z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=R1qjCJGAzoMYEIa4jI0p&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&pscrd=IhMIntKB3Y6LiQMVmkcdCR1WIz1cMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zWTQ5MVpoVjdCVWtackc0Y0x3a0E2VURCNkhtM05qVG44X291cHRfelJTZnUxRGJRLUpCdWhP&is_vtc=1&cid=CAQSKQDpaXnfCSHrhN1AMV9YDJKmxUoHqCKuuLamLa1WwUqd6-PLP22KO2IF&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEAeu4CoqAB776HI5nHCRF2SdmxdSN6QUPo&random=2606352208&ipr=y&ezwbk=AZuM4hBsp-sieqecMQiI3OJogLguLGn-JvyRgZT-fbNkXqnnfnZPe8gqn-dgok8eGph0q5LGfGBnTOc_P-O5kqKJfI_R

chrome.exe

Remote address:

142.250.180.3:443

Request

GET /pagead/1p-conversion/11033320454/?random=1990341734&cv=11&fst=1728814188370&bg=ffffff&guid=ON&async=1&gtm=45be4a90v897883683z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=R1qjCJGAzoMYEIa4jI0p&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&pscrd=IhMIntKB3Y6LiQMVmkcdCR1WIz1cMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zWTQ5MVpoVjdCVWtackc0Y0x3a0E2VURCNkhtM05qVG44X291cHRfelJTZnUxRGJRLUpCdWhP&is_vtc=1&cid=CAQSKQDpaXnfCSHrhN1AMV9YDJKmxUoHqCKuuLamLa1WwUqd6-PLP22KO2IF&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEAeu4CoqAB776HI5nHCRF2SdmxdSN6QUPo&random=2606352208&ipr=y&ezwbk=AZuM4hBsp-sieqecMQiI3OJogLguLGn-JvyRgZT-fbNkXqnnfnZPe8gqn-dgok8eGph0q5LGfGBnTOc_P-O5kqKJfI_R HTTP/2.0
host: www.google.co.uk
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.co.uk/pagead/1p-conversion/11033320454/?random=378433955&cv=11&fst=1728814188370&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v897883683z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=R1qjCJGAzoMYEIa4jI0p&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&pscrd=IhMI1-SB3Y6LiQMVrF4dCR3AxwhkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYk1jbDV1Y1V3QXZJajhTWUd3b3FIeVY3b2hHTUl2UlZqZFFxTGxxdG1mazRBR1paM3VubW1E&is_vtc=1&cid=CAQSKQDpaXnfWCs79jTg3YfA2JmjtUcv8WHo6hZrda0vo-R_5yC7uYicJs8C&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfECq7NKZ65uHFTDRsYx-2aztzrj3NIvXiR8&random=4107108362&ipr=y&ezwbk=AZuM4hDmPxcB2dcn2nXb9axAHjpXco3sjG8LkwY3caRetpkq-QzEoZ5kuIP0wWTpRDzlZzoRwdKw3_7CmxpYO17ach8q

chrome.exe

Remote address:

142.250.180.3:443

Request

GET /pagead/1p-conversion/11033320454/?random=378433955&cv=11&fst=1728814188370&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v897883683z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=R1qjCJGAzoMYEIa4jI0p&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&pscrd=IhMI1-SB3Y6LiQMVrF4dCR3AxwhkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYk1jbDV1Y1V3QXZJajhTWUd3b3FIeVY3b2hHTUl2UlZqZFFxTGxxdG1mazRBR1paM3VubW1E&is_vtc=1&cid=CAQSKQDpaXnfWCs79jTg3YfA2JmjtUcv8WHo6hZrda0vo-R_5yC7uYicJs8C&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfECq7NKZ65uHFTDRsYx-2aztzrj3NIvXiR8&random=4107108362&ipr=y&ezwbk=AZuM4hDmPxcB2dcn2nXb9axAHjpXco3sjG8LkwY3caRetpkq-QzEoZ5kuIP0wWTpRDzlZzoRwdKw3_7CmxpYO17ach8q HTTP/2.0
host: www.google.co.uk
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js

chrome.exe

Remote address:

65.9.98.75:443

Request

GET /bao-csm/aps-comm/aps_csm.js HTTP/2.0
host: c.amazon-adsystem.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Thu, 29 Feb 2024 02:13:08 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: r5.lR.LJ66XEXzxUUVo7iMemjL_F_GoE
server: AmazonS3
content-encoding: gzip
date: Sun, 13 Oct 2024 03:25:48 GMT
cache-control: public, max-age=86400
etag: W/"a4d296427fc806b21335359e398c025c"
vary: Accept-Encoding,Origin
x-cache: Hit from cloudfront
via: 1.1 f3303a5632dc925c26253530523fa328.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
x-amz-cf-id: MFpIqwlT8aWwp4RYPMIfFusyiDg15EDoBW075xWFtGdKDHRRoFIQeA==
age: 24571
GET

https://config.aps.amazon-adsystem.com/configs/d14c8d3d-c09a-40c7-8c08-b5d7cd1d7fac

chrome.exe

Remote address:

65.9.95.30:443

Request

GET /configs/d14c8d3d-c09a-40c7-8c08-b5d7cd1d7fac HTTP/2.0
host: config.aps.amazon-adsystem.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: application/javascript
content-length: 563
server: CloudFront
date: Sun, 13 Oct 2024 10:08:09 GMT
cache-control: max-age=3600
x-cache: Hit from cloudfront
via: 1.1 2a5c925255bb252ff0ed65977311f74e.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
x-amz-cf-id: keXzm8LNgSj-FfTF8BY6ZZE9bKFQ7sUEoV9dvD46za9sjD6nKMEVBA==
age: 95
GET

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&pr=https%3A%2F%2Fwww.google.com%2F&pid=NaXGCICgkS20s&cb=0&ws=300x150&v=24.827.1552&t=2500&slots=%5B%7B%22sd%22%3A%22ldplayer_net_1000x100_desktop_anchor%22%2C%22s%22%3A%5B%221000x100%22%2C%22970x90%22%2C%22728x90%22%2C%22990x90%22%2C%22970x50%22%2C%22960x90%22%2C%22950x90%22%2C%22980x90%22%5D%2C%22sn%22%3A%22%2F22857857566%2Fldplayer.net_1000x100_desktop_anchor%22%7D%5D&schain=1.0%2C1%21setupad.com%2C2346%2C1%2C%2C%2C&pubid=d14c8d3d-c09a-40c7-8c08-b5d7cd1d7fac&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

chrome.exe

Remote address:

65.9.9.197:443

Request

GET /e/dtb/bid?src=600&u=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&pr=https%3A%2F%2Fwww.google.com%2F&pid=NaXGCICgkS20s&cb=0&ws=300x150&v=24.827.1552&t=2500&slots=%5B%7B%22sd%22%3A%22ldplayer_net_1000x100_desktop_anchor%22%2C%22s%22%3A%5B%221000x100%22%2C%22970x90%22%2C%22728x90%22%2C%22990x90%22%2C%22970x50%22%2C%22960x90%22%2C%22950x90%22%2C%22980x90%22%5D%2C%22sn%22%3A%22%2F22857857566%2Fldplayer.net_1000x100_desktop_anchor%22%7D%5D&schain=1.0%2C1%21setupad.com%2C2346%2C1%2C%2C%2C&pubid=d14c8d3d-c09a-40c7-8c08-b5d7cd1d7fac&gdprl=%7B%22status%22%3A%22no-cmp%22%7D HTTP/2.0
host: aax.amazon-adsystem.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/javascript;charset=UTF-8
content-length: 43
content-encoding: gzip
access-control-allow-origin: https://www.ldplayer.net
access-control-allow-credentials: true
date: Sun, 13 Oct 2024 10:09:44 GMT
server: Server
x-cache: Miss from cloudfront
via: 1.1 5a9253ffd4a04a82b061e7ef23f713d4.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
x-amz-cf-id: IlVGwCEmaaIJaV33lorO9EiKgd1Hn-Px6oaRj-osXFhSNuFgEyvOhQ==
GET

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.ldplayer.net%2Fdownload%2Finstall&pr=https%3A%2F%2Fwww.google.com%2F&pid=SDXiQMdAhoh5e&cb=0&ws=300x150&v=24.827.1552&t=2500&slots=%5B%7B%22sd%22%3A%22ldplayer_net_1000x100_desktop_anchor%22%2C%22s%22%3A%5B%221000x100%22%2C%22970x90%22%2C%22728x90%22%2C%22990x90%22%2C%22970x50%22%2C%22960x90%22%2C%22950x90%22%2C%22980x90%22%5D%2C%22sn%22%3A%22%2F22857857566%2Fldplayer.net_1000x100_desktop_anchor%22%7D%5D&schain=1.0%2C1%21setupad.com%2C2346%2C1%2C%2C%2C&pubid=d14c8d3d-c09a-40c7-8c08-b5d7cd1d7fac&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

chrome.exe

Remote address:

65.9.9.197:443

Request

GET /e/dtb/bid?src=600&u=https%3A%2F%2Fwww.ldplayer.net%2Fdownload%2Finstall&pr=https%3A%2F%2Fwww.google.com%2F&pid=SDXiQMdAhoh5e&cb=0&ws=300x150&v=24.827.1552&t=2500&slots=%5B%7B%22sd%22%3A%22ldplayer_net_1000x100_desktop_anchor%22%2C%22s%22%3A%5B%221000x100%22%2C%22970x90%22%2C%22728x90%22%2C%22990x90%22%2C%22970x50%22%2C%22960x90%22%2C%22950x90%22%2C%22980x90%22%5D%2C%22sn%22%3A%22%2F22857857566%2Fldplayer.net_1000x100_desktop_anchor%22%7D%5D&schain=1.0%2C1%21setupad.com%2C2346%2C1%2C%2C%2C&pubid=d14c8d3d-c09a-40c7-8c08-b5d7cd1d7fac&gdprl=%7B%22status%22%3A%22no-cmp%22%7D HTTP/2.0
host: aax.amazon-adsystem.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: ad-id=AyO6RFI_jUq1k81NGnZxTC4
cookie: ad-privacy=0

Response

HTTP/2.0 200

content-type: text/javascript;charset=UTF-8
content-length: 43
content-encoding: gzip
access-control-allow-origin: https://www.ldplayer.net
access-control-allow-credentials: true
date: Sun, 13 Oct 2024 10:09:48 GMT
server: Server
x-cache: Miss from cloudfront
via: 1.1 5a9253ffd4a04a82b061e7ef23f713d4.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
x-amz-cf-id: _FqjM6UBK-ZxaNtcR0h41AN70pxDEqz-OtPZQWuWg6ZDH_o_4UbIww==
GET

https://cdn.id5-sync.com/api/1.0/id5-api.js

chrome.exe

Remote address:

104.22.53.86:443

Request

GET /api/1.0/id5-api.js HTTP/2.0
host: cdn.id5-sync.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:44 GMT
content-type: text/javascript;charset=utf-8
x-amz-id-2: suU0L20WZ93t73sn8WKcUSwQH87Tegn1oLKhUkKu4fpPwddBuIHxTKJ9A8lFLQa6x8DeGyG93ybm7hUhWp3O5gJy6TF26+WbFBG02XJ5vnA=
x-amz-request-id: MZG39KCSHVFR61HG
last-modified: Wed, 02 Oct 2024 12:26:13 GMT
etag: W/"f24286e1b73c01841e789906d50ce23f"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=3600
cf-cache-status: HIT
age: 20
expires: Sun, 13 Oct 2024 11:09:44 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
server: cloudflare
cf-ray: 8d1e892b8edbcd39-LHR
content-encoding: br
GET

https://tags.crwdcntrl.net/lt/c/16576/sync.min.js

chrome.exe

Remote address:

65.9.95.6:443

Request

GET /lt/c/16576/sync.min.js HTTP/2.0
host: tags.crwdcntrl.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: text/javascript
last-modified: Tue, 20 Aug 2024 18:47:26 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Sun, 13 Oct 2024 01:55:46 GMT
cache-control: public, max-age=86400
etag: W/"6016bf24a16f4d1d8384c5f7f11c49fb"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 df0aa1ee2f3a5b8f1aa2a31aa4b7db86.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
x-amz-cf-id: B92OwBOTUfIEXoF4OqyL23AahlWkAK8JlHfro4IaXBTvc768N276sQ==
age: 29639
GET

https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&ref=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&_it=amazon&partner_id=533

chrome.exe

Remote address:

104.22.53.173:443

Request

GET /hadron.js?url=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&ref=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&_it=amazon&partner_id=533 HTTP/2.0
host: cdn.hadronid.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:44 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"1e77f38a1df1490d4175e3c4878bd150"
last-modified: Tue, 04 Jun 2024 15:30:02 GMT
x-amz-id-2: FNS8Lc8R9Qji432eQyZbGDDgvyWHvIXmOzDykwh9qe1J2fX8u6aO0aANuFN3vxu6aVi9rB6lRRQ=
x-amz-request-id: 4GNMNHQXA94JVW78
cf-cache-status: HIT
age: 4748
expires: Fri, 18 Oct 2024 10:09:44 GMT
cache-control: public, max-age=432000
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d1e892b9b15547b-LHR
content-encoding: br
GET

https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fwww.ldplayer.net%2Fdownload%2Finstall&ref=https%3A%2F%2Fwww.ldplayer.net%2Fdownload%2Finstall&_it=amazon&partner_id=533

chrome.exe

Remote address:

104.22.53.173:443

Request

GET /hadron.js?url=https%3A%2F%2Fwww.ldplayer.net%2Fdownload%2Finstall&ref=https%3A%2F%2Fwww.ldplayer.net%2Fdownload%2Finstall&_it=amazon&partner_id=533 HTTP/2.0
host: cdn.hadronid.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:49 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"1e77f38a1df1490d4175e3c4878bd150"
last-modified: Tue, 04 Jun 2024 15:30:02 GMT
x-amz-id-2: FNS8Lc8R9Qji432eQyZbGDDgvyWHvIXmOzDykwh9qe1J2fX8u6aO0aANuFN3vxu6aVi9rB6lRRQ=
x-amz-request-id: 4GNMNHQXA94JVW78
cf-cache-status: HIT
age: 4753
expires: Fri, 18 Oct 2024 10:09:49 GMT
cache-control: public, max-age=432000
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d1e894c2e0a547b-LHR
content-encoding: br
GET

https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher-stub.min.js

chrome.exe

Remote address:

104.78.175.230:443

Request

GET /js/cnvr-launcher/latest/launcher-stub.min.js HTTP/2.0
host: secure.cdn.fastclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Apache
last-modified: Mon, 23 Jan 2023 19:40:17 GMT
etag: "d734-5f2f3919e751f-gzip"
accept-ranges: bytes
content-encoding: gzip
content-length: 17407
content-type: application/javascript
cache-control: max-age=900
expires: Sun, 13 Oct 2024 10:24:44 GMT
date: Sun, 13 Oct 2024 10:09:44 GMT
vary: Accept-Encoding
GET

https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js

chrome.exe

Remote address:

104.78.175.230:443

Request

GET /js/pubcid/latest/pubcid.min.js HTTP/2.0
host: secure.cdn.fastclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Apache
last-modified: Tue, 20 Sep 2022 18:52:26 GMT
etag: "38c0-5e92054540ea5-gzip"
accept-ranges: bytes
content-encoding: gzip
content-length: 5252
content-type: application/javascript
cache-control: max-age=900
expires: Sun, 13 Oct 2024 10:24:44 GMT
date: Sun, 13 Oct 2024 10:09:44 GMT
vary: Accept-Encoding
GET

https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher.min.js

chrome.exe

Remote address:

104.78.175.230:443

Request

GET /js/cnvr-launcher/latest/launcher.min.js HTTP/2.0
host: secure.cdn.fastclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Apache
last-modified: Tue, 20 Sep 2022 18:52:26 GMT
etag: "c4b6-5e920545406d3-gzip"
accept-ranges: bytes
content-encoding: gzip
content-length: 17042
content-type: application/javascript
cache-control: max-age=900
expires: Sun, 13 Oct 2024 10:24:44 GMT
date: Sun, 13 Oct 2024 10:09:44 GMT
vary: Accept-Encoding
GET

https://secure.cdn.fastclick.net/js/cnvr-coreid/latest/coreid.min.js

chrome.exe

Remote address:

104.78.175.230:443

Request

GET /js/cnvr-coreid/latest/coreid.min.js HTTP/2.0
host: secure.cdn.fastclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Apache
last-modified: Mon, 23 Oct 2023 16:23:46 GMT
etag: "394d0-60864a57eaadc-gzip"
accept-ranges: bytes
content-encoding: gzip
content-type: application/javascript
content-length: 67550
cache-control: max-age=900
expires: Sun, 13 Oct 2024 10:24:44 GMT
date: Sun, 13 Oct 2024 10:09:44 GMT
vary: Accept-Encoding
GET

https://u.openx.net/w/1.0/cm?id=891039ac-a916-42bb-a651-4be9e3b201da&ph=a3aece0c-9e80-4316-8deb-faf804779bd1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&r=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%7BOPENX_ID%7D

chrome.exe

Remote address:

35.244.159.8:443

Request

GET /w/1.0/cm?id=891039ac-a916-42bb-a651-4be9e3b201da&ph=a3aece0c-9e80-4316-8deb-faf804779bd1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&r=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%7BOPENX_ID%7D HTTP/2.0
host: u.openx.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: receive-cookie-deprecation=1
GET

https://u.openx.net/w/1.0/cm?cc=1&id=891039ac-a916-42bb-a651-4be9e3b201da&ph=a3aece0c-9e80-4316-8deb-faf804779bd1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&r=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%7BOPENX_ID%7D

chrome.exe

Remote address:

35.244.159.8:443

Request

GET /w/1.0/cm?cc=1&id=891039ac-a916-42bb-a651-4be9e3b201da&ph=a3aece0c-9e80-4316-8deb-faf804779bd1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&r=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%7BOPENX_ID%7D HTTP/2.0
host: u.openx.net
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: receive-cookie-deprecation=1
cookie: i=f8b6c22e-b100-004c-1557-7c1a5c87a3c2|1728814184
GET

https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEP_gLW7lLe9PLmIsLeOCSNg&google_cver=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

35.244.159.8:443

Request

GET /w/1.0/sd?id=537072991&val=CAESEP_gLW7lLe9PLmIsLeOCSNg&google_cver=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: us-u.openx.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://u.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: receive-cookie-deprecation=1
cookie: i=f8b6c22e-b100-004c-1557-7c1a5c87a3c2|1728814184
cookie: pd=v2|1728814184|gin0vNvQiygu
GET

https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5498570646921517865&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

35.244.159.8:443

Request

GET /w/1.0/sd?id=537113484&val=5498570646921517865&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: eu-u.openx.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://u.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: receive-cookie-deprecation=1
cookie: i=f8b6c22e-b100-004c-1557-7c1a5c87a3c2|1728814184
cookie: pd=v2|1728814184|gin0vNvQiygu
GET

https://eu-u.openx.net/w/1.0/sd?id=537072399&val=1804086296972189491&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

35.244.159.8:443

Request

GET /w/1.0/sd?id=537072399&val=1804086296972189491&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: eu-u.openx.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://u.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: receive-cookie-deprecation=1
cookie: i=f8b6c22e-b100-004c-1557-7c1a5c87a3c2|1728814184
cookie: pd=v2|1728814184|gin0vNvQiygu
GET

https://setupad-d.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

35.244.159.8:443

Request

GET /w/1.0/pd?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: setupad-d.openx.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: receive-cookie-deprecation=1
cookie: i=f8b6c22e-b100-004c-1557-7c1a5c87a3c2|1728814184
cookie: pd=v2|1728814184|gin0vNvQiygu
cookie: univ_id=537072971|525afc59-365a-4c22-b996-8aef5f081ed5|1728814185026048
POST

https://id5-sync.com/g/v2/481.json

chrome.exe

Remote address:

141.95.98.64:443

Request

POST /g/v2/481.json HTTP/2.0
host: id5-sync.com
content-length: 1036
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:44 GMT
p3p: CP="CAO PSA OUR"
set-cookie: 3pi=; Path=/; Domain=id5-sync.com; Expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; SameSite=None; Secure
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: id5=dccfc415-e8fd-7c80-adb5-5fe4f0236e15#1728814184318#1; Path=/; Domain=id5-sync.com; Expires=Sat, 11 Jan 2025 10:09:44 GMT; Max-Age=7776000; SameSite=None; Secure
access-control-allow-origin: https://www.ldplayer.net
vary: Origin
access-control-allow-credentials: true
content-type: application/json
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://id5-sync.com/bounce

chrome.exe

Remote address:

141.95.98.64:443

Request

GET /bounce HTTP/2.0
host: id5-sync.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: id5=dccfc415-e8fd-7c80-adb5-5fe4f0236e15#1728814184318#1

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:45 GMT
access-control-allow-origin: https://www.ldplayer.net
vary: Origin
access-control-allow-credentials: true
content-type: text/plain;charset=utf-8
strict-transport-security: max-age=63072000; includeSubDomains; preload
POST

https://id5-sync.com/gm/v3

chrome.exe

Remote address:

141.95.98.64:443

Request

POST /gm/v3 HTTP/2.0
host: id5-sync.com
content-length: 1730
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: id5=dccfc415-e8fd-7c80-adb5-5fe4f0236e15#1728814184318#1

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:45 GMT
p3p: CP="CAO PSA OUR"
set-cookie: id5=dccfc415-e8fd-7c80-adb5-5fe4f0236e15#1728814184318#2; Path=/; Domain=id5-sync.com; Expires=Sat, 11 Jan 2025 10:09:45 GMT; Max-Age=7776000; SameSite=None; Secure
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin: https://www.ldplayer.net
vary: Origin
access-control-allow-credentials: true
content-type: application/json
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://id5-sync.com/i/481/8.gif?o=api&id5id=ID5*aUgrxEcEvRi3J6ojL385C1V7EiY0SaTEXc5LYBGCI3DPxdFkkq_NwnB5PkaVex6Nzjv1fUYklDJ4k5Acgr0WoM5A9tedDmx9JnUlUzj07FnORiieSuZupiGC9pHMUPX2zmEUaYD9cvmE51sCyxxGas5rsiK7lAEsAzEIWUbX7ZvOdjRRF0-1tuFkynRXQuCW&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=true

chrome.exe

Remote address:

141.95.98.64:443

Request

GET /i/481/8.gif?o=api&id5id=ID5*aUgrxEcEvRi3J6ojL385C1V7EiY0SaTEXc5LYBGCI3DPxdFkkq_NwnB5PkaVex6Nzjv1fUYklDJ4k5Acgr0WoM5A9tedDmx9JnUlUzj07FnORiieSuZupiGC9pHMUPX2zmEUaYD9cvmE51sCyxxGas5rsiK7lAEsAzEIWUbX7ZvOdjRRF0-1tuFkynRXQuCW&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=true HTTP/2.0
host: id5-sync.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: id5=dccfc415-e8fd-7c80-adb5-5fe4f0236e15#1728814184318#2

Response

HTTP/2.0 302

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: id5=dccfc415-e8fd-7c80-adb5-5fe4f0236e15#1728814184318#3; Max-Age=7776000; Expires=Sat, 11-Jan-2025 10:09:45 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: 3pi=; Max-Age=7776000; Expires=Sat, 11-Jan-2025 10:09:45 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cf=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cip=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cnac=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: car=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gdpr=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gpp=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: callback=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
location: https://uipglob.semasio.net/id5/1/get?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F481%2F112%2F7%2F2.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
date: Sun, 13 Oct 2024 10:09:44 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://id5-sync.com/c/481/112/7/2.gif?puid=67313F132FAA6369&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

141.95.98.64:443

Request

GET /c/481/112/7/2.gif?puid=67313F132FAA6369&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: id5-sync.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: id5=dccfc415-e8fd-7c80-adb5-5fe4f0236e15#1728814184318#3
cookie: 3pi=

Response

HTTP/2.0 302

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: 3pi=112#1728814185510#1196483304#67313F132FAA6369; Max-Age=7776000; Expires=Sat, 11-Jan-2025 10:09:45 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cf=gif; Max-Age=300; Expires=Sun, 13-Oct-2024 10:14:45 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cip=481; Max-Age=300; Expires=Sun, 13-Oct-2024 10:14:45 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cnac=6; Max-Age=300; Expires=Sun, 13-Oct-2024 10:14:45 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: car=3; Max-Age=300; Expires=Sun, 13-Oct-2024 10:14:45 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gdpr=1|CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA; Max-Age=300; Expires=Sun, 13-Oct-2024 10:14:45 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gpp=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: callback=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
date: Sun, 13 Oct 2024 10:09:44 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://id5-sync.com/k/264.gif?puid=525afc59-365a-4c22-b996-8aef5f081ed5&ttl=%%TTL%%

chrome.exe

Remote address:

141.95.98.64:443

Request

GET /k/264.gif?puid=525afc59-365a-4c22-b996-8aef5f081ed5&ttl=%%TTL%% HTTP/2.0
host: id5-sync.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: id5=dccfc415-e8fd-7c80-adb5-5fe4f0236e15#1728814184318#3
cookie: 3pi=112#1728814185510#1196483304#67313F132FAA6369
cookie: cf=gif
cookie: cip=481
cookie: cnac=6
cookie: car=3
cookie: gdpr=1|CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

Response

HTTP/2.0 302

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: 3pi=112#1728814185510#1196483304#67313F132FAA6369|264#1728814185727#-2050494082#525afc59-365a-4c22-b996-8aef5f081ed5; Max-Age=7776000; Expires=Sat, 11-Jan-2025 10:09:45 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cf=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cip=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cnac=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: car=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gdpr=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gpp=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: callback=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
location: https://ice.360yield.com/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-5d55Gyij6esLtNJzUyf6CVcM12hlujUB4lWRTa49gQ&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F481%2F124%2F5%2F4.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
date: Sun, 13 Oct 2024 10:09:45 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://id5-sync.com/cq/481/124/5/4.gif?puid=c411efce-3c94-4294-8d63-f04e7774b69c&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

141.95.98.64:443

Request

GET /cq/481/124/5/4.gif?puid=c411efce-3c94-4294-8d63-f04e7774b69c&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: id5-sync.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: id5=dccfc415-e8fd-7c80-adb5-5fe4f0236e15#1728814184318#3
cookie: 3pi=112#1728814185510#1196483304#67313F132FAA6369|264#1728814185727#-2050494082#525afc59-365a-4c22-b996-8aef5f081ed5

Response

HTTP/2.0 302

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: 3pi=112#1728814185510#1196483304#67313F132FAA6369|264#1728814185727#-2050494082#525afc59-365a-4c22-b996-8aef5f081ed5|124#1728814185979#-571602065; Max-Age=7776000; Expires=Sat, 11-Jan-2025 10:09:45 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cf=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cip=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cnac=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: car=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gdpr=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gpp=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: callback=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
location: https://rtb.gumgum.com/getuid/id5?r=https%3A%2F%2Fid5-sync.com%2Fc%2F481%2F441%2F4%2F5.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
date: Sun, 13 Oct 2024 10:09:45 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://id5-sync.com/c/481/441/4/5.gif?puid=e_79613006-4514-4e21-bd19-c30878d7864a&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

141.95.98.64:443

Request

GET /c/481/441/4/5.gif?puid=e_79613006-4514-4e21-bd19-c30878d7864a&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: id5-sync.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: id5=dccfc415-e8fd-7c80-adb5-5fe4f0236e15#1728814184318#3
cookie: 3pi=112#1728814185510#1196483304#67313F132FAA6369|264#1728814185727#-2050494082#525afc59-365a-4c22-b996-8aef5f081ed5|124#1728814185979#-571602065

Response

HTTP/2.0 302

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: 3pi=112#1728814185510#1196483304#67313F132FAA6369|264#1728814185727#-2050494082#525afc59-365a-4c22-b996-8aef5f081ed5|441#1728814186221#-1577293037#e_79613006-4514-4e21-bd19-c30878d7864a|124#1728814185979#-571602065; Max-Age=7776000; Expires=Sat, 11-Jan-2025 10:09:46 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cf=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cip=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cnac=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: car=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gdpr=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gpp=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: callback=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
location: https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODM4ODY2Ni90LzI/dpuid/ID5-5d55Gyij6esLtNJzUyf6CVcM12hlujUB4lWRTa49gQ/url/https%3A%2F%2Fid5-sync.com%2Fc%2F481%2F224%2F3%2F6.gif%3Fpuid%3D%24%21%7BTURN_UUID%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
date: Sun, 13 Oct 2024 10:09:45 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://id5-sync.com/c/481/224/3/6.gif?puid=8253851969742705294&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

141.95.98.64:443

Request

GET /c/481/224/3/6.gif?puid=8253851969742705294&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: id5-sync.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: id5=dccfc415-e8fd-7c80-adb5-5fe4f0236e15#1728814184318#3
cookie: 3pi=112#1728814185510#1196483304#67313F132FAA6369|264#1728814185727#-2050494082#525afc59-365a-4c22-b996-8aef5f081ed5|441#1728814186221#-1577293037#e_79613006-4514-4e21-bd19-c30878d7864a|124#1728814185979#-571602065

Response

HTTP/2.0 302

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: 3pi=112#1728814185510#1196483304#67313F132FAA6369|224#1728814186413#1143078278#8253851969742705294|264#1728814185727#-2050494082#525afc59-365a-4c22-b996-8aef5f081ed5|441#1728814186221#-1577293037#e_79613006-4514-4e21-bd19-c30878d7864a|124#1728814185979#-571602065; Max-Age=7776000; Expires=Sat, 11-Jan-2025 10:09:46 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cf=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cip=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cnac=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: car=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gdpr=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gpp=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: callback=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
location: https://dis.eu.criteo.com/dis/usersync.aspx?r=30&p=59&cp=id5&cu=1&url=https%3A%2F%2Fid5-sync.com%2Fc%2F481%2F203%2F2%2F7.gif%3Fpuid%3D%40%40CRITEO_USERID%40%40%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
date: Sun, 13 Oct 2024 10:09:45 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://id5-sync.com/c/481/203/2/7.gif?puid=96e49b9f-17f7-4075-adff-8f2566676145&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

141.95.98.64:443

Request

GET /c/481/203/2/7.gif?puid=96e49b9f-17f7-4075-adff-8f2566676145&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: id5-sync.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: id5=dccfc415-e8fd-7c80-adb5-5fe4f0236e15#1728814184318#3
cookie: 3pi=112#1728814185510#1196483304#67313F132FAA6369|224#1728814186413#1143078278#8253851969742705294|264#1728814185727#-2050494082#525afc59-365a-4c22-b996-8aef5f081ed5|441#1728814186221#-1577293037#e_79613006-4514-4e21-bd19-c30878d7864a|124#1728814185979#-571602065

Response

HTTP/2.0 302

vary: Origin
vary: Access-Control-Request-Method
vary: Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"
set-cookie: 3pi=112#1728814185510#1196483304#67313F132FAA6369|224#1728814186413#1143078278#8253851969742705294|264#1728814185727#-2050494082#525afc59-365a-4c22-b996-8aef5f081ed5|441#1728814186221#-1577293037#e_79613006-4514-4e21-bd19-c30878d7864a|203#1728814186578#-1777373744#96e49b9f-17f7-4075-adff-8f2566676145|124#1728814185979#-571602065; Max-Age=7776000; Expires=Sat, 11-Jan-2025 10:09:46 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cf=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cip=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: cnac=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: car=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gdpr=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: gpp=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
set-cookie: callback=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Domain=id5-sync.com; Path=/; SameSite=None; Secure
location: https://ib.adnxs.com/getuid?https://id5-sync.com/c/481/2/1/8.gif?puid=$UID&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
date: Sun, 13 Oct 2024 10:09:46 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
GET

https://tpc.googlesyndication.com/simgad/11371347373267810223?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qmVBGA7nxhVrjk8u1NNWAfkNwvP3Q

chrome.exe

Remote address:

142.250.187.225:443

Request

GET /simgad/11371347373267810223?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qmVBGA7nxhVrjk8u1NNWAfkNwvP3Q HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://tpc.googlesyndication.com/pagead/js/r20241009/r20110914/client/qs_click_protection_fy2021.js

chrome.exe

Remote address:

142.250.187.225:443

Request

GET /pagead/js/r20241009/r20110914/client/qs_click_protection_fy2021.js HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://tpc.googlesyndication.com/pagead/js/r20241009/r20110914/client/one_click_handler_one_afma_fy2021.js

chrome.exe

Remote address:

142.250.187.225:443

Request

GET /pagead/js/r20241009/r20110914/client/one_click_handler_one_afma_fy2021.js HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://tpc.googlesyndication.com/pagead/js/r20241009/r20110914/abg_lite_fy2021.js

chrome.exe

Remote address:

142.250.187.225:443

Request

GET /pagead/js/r20241009/r20110914/abg_lite_fy2021.js HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://tpc.googlesyndication.com/pagead/js/r20241009/r20110914/client/window_focus_fy2021.js

chrome.exe

Remote address:

142.250.187.225:443

Request

GET /pagead/js/r20241009/r20110914/client/window_focus_fy2021.js HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://tpc.googlesyndication.com/sodar/sodar2/232/runner.html

chrome.exe

Remote address:

142.250.187.225:443

Request

GET /sodar/sodar2/232/runner.html HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://prebid-stag.setupad.net/setuid?bidder=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gpp=&gpp_sid=&f=b&uid=12c472b8-a118-0c52-240d-74e7b9fb52b2

chrome.exe

Remote address:

172.67.68.162:443

Request

GET /setuid?bidder=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gpp=&gpp_sid=&f=b&uid=12c472b8-a118-0c52-240d-74e7b9fb52b2 HTTP/2.0
host: prebid-stag.setupad.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://u.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:44 GMT
content-type: text/html
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
set-cookie: uids=eyJ0ZW1wVUlEcyI6eyJvcGVueCI6eyJ1aWQiOiIxMmM0NzJiOC1hMTE4LTBjNTItMjQwZC03NGU3YjlmYjUyYjIiLCJleHBpcmVzIjoiMjAyNC0xMC0yN1QxMDowOTo0NC44NzU0Nzc4MjlaIn19fQ==; Path=/; Expires=Sat, 11 Jan 2025 10:09:44 GMT; Secure; SameSite=None
vary: Origin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cfzkHC3vIC5uN8D7cYRQVu1VPbVn6g6O23z87Dpm0ETJvM6CRlEs%2BJ8S%2BwbmBU3udR73ljzMgir3WpW6KTI3f9An9BbroU%2FiUfLchJSM0lYH5P0HkBBzuhSTZv9GzXmGVPZqVYq4JUUT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cflb=02DiuE9xQXhbXSwnAUAwuPCgNJxDh1xgs1Z4e7hFpxtep; SameSite=Lax; path=/; expires=Mon, 14-Oct-24 09:09:44 GMT; HttpOnly
server: cloudflare
cf-ray: 8d1e892ddf25414c-LHR
content-encoding: br
GET

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=m9ikE4k1rAL6AYf6VxgCAAAAatrBfiLwPJBIMRHM6TbYZxBnnAtnYmliLhGH25NtigAAEgAACgpBUVVCQVFFQkFR_me-ApZ1Y_1QEV55rP05pg&wp=ZwucZwAMniwIaBMnAAiaqJFtO5eRjsXcFWb49A

chrome.exe

Remote address:

178.250.1.10:443

Request

GET /google/auction/notify?profile=14&payload=m9ikE4k1rAL6AYf6VxgCAAAAatrBfiLwPJBIMRHM6TbYZxBnnAtnYmliLhGH25NtigAAEgAACgpBUVVCQVFFQkFR_me-ApZ1Y_1QEV55rP05pg&wp=ZwucZwAMniwIaBMnAAiaqJFtO5eRjsXcFWb49A HTTP/2.0
host: rtb.nl3.eu.criteo.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cto_bundle=0dC8Cl9NRzVaUmEwMW8ybTJEWm5PaEVrbTlrVXBLYklDeEZwZURNbXBWakNCRjlRUUtLR3ZFRjlTQ1VQWUI4RzloOEI1TDV0M0V6SFl2dnVuQjdOOFV3JTJGUVByeGpRbnVzNHNPcUZLTjJpRlFOaDNrJTNE

Response

HTTP/2.0 200

content-length: 0
date: Sun, 13 Oct 2024 10:09:44 GMT
server: Kestrel
server-processing-duration-in-ticks: 131766
strict-transport-security: max-age=31536000; preload;
GET

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=m9ikE7j5RPAGmAKH-lcYAgAAAKjIJG_IpGesSDERzOk22GcQaJwLZ-EaCysQrO3bMWoAABIAAAoKQVFVREFRRUJBUf5nvgKWdWP9UBFeeaz9OaY&wp=ZwucaAALb7cIaCZIAB4_Xr-j6f2zFXu6lssbgQ

chrome.exe

Remote address:

178.250.1.10:443

Request

GET /google/auction/notify?profile=14&payload=m9ikE7j5RPAGmAKH-lcYAgAAAKjIJG_IpGesSDERzOk22GcQaJwLZ-EaCysQrO3bMWoAABIAAAoKQVFVREFRRUJBUf5nvgKWdWP9UBFeeaz9OaY&wp=ZwucaAALb7cIaCZIAB4_Xr-j6f2zFXu6lssbgQ HTTP/2.0
host: rtb.nl3.eu.criteo.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cto_bundle=0dC8Cl9NRzVaUmEwMW8ybTJEWm5PaEVrbTlrVXBLYklDeEZwZURNbXBWakNCRjlRUUtLR3ZFRjlTQ1VQWUI4RzloOEI1TDV0M0V6SFl2dnVuQjdOOFV3JTJGUVByeGpRbnVzNHNPcUZLTjJpRlFOaDNrJTNE
cookie: receive-cookie-deprecation=1

Response

HTTP/2.0 200

content-length: 0
date: Sun, 13 Oct 2024 10:09:45 GMT
server: Kestrel
server-processing-duration-in-ticks: 98655
strict-transport-security: max-age=31536000; preload;
GET

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZwucZwAMniwIaBMnAAiaqJFtO5eRjsXcFWb49A&u=%7CPbl2aZ%2BfKiniswZyoJZQ9QvWp1b%2BTtpNkeVde5kD1GU%3D%7C&c1=Dcz_gsP0hEuJH1VnunqGy22nFndhAq5zqxOFeYpI4zX0dmXFAPLSZ6NRX06d3_MpRpwL2lyW2lS8aHW4g-CwDTiZXgxLreErLSHF3O7e6Tpuv_QjhAEFIg8zEblteKEs5Rg3xKnRyT7R5_e0qkDWNCmu9A3KkH398sZTZQ6IDMKw78TCzdRpqyaw5t7ECiXVzRj8P3wQZJ7G1ArjTbPhmI2zoVZzJDQASxLwGsHUc6OWkbvhlf78pENJx-j5xPiwDZY5Jh60FUdASM5en48RxXhUIOzDs4-tPkd1pynRUkCjuwMkSdd1sT9ICxKsgHbdOSzlZCGuWXho0--t_ZHkE3WZNQQ0XJTWbA9Sl0vDlwTdrLezCqVvx69PVS2dnmSrmIVss7Q5Unpo47IKXys9wottc0FKI5w-Dw2tQMjSJWnZqmKIaHEqoDobjS1EH0C9119LAmw4y4xLbzN2rDxVHFxTPzjPPeMrIih8uhsP2_6ziOFDElbP8MZh7SZ-Jcnm8mxIrORAuV56JOeJczWOzzRojrf0zK7gYs4KEbGu13mDRU4ET8bFkBxyfA68F7mubWmVCWTNQn5hfUmQoOyBomI2iVRskGAOJWeqdXCe1aAzn66SkxyaVay451edZMzzu6JT5UO-0klfq-jaFmfcqfDOJsxgh1OFIirsVYov30mP0YlmQwI_9xJ7nJxMB4Ml-PCYkzw6UQzgwmHR-hKM0v7vP50Iah787s08W50Te85kzFcH5Dg0_ZM6bpul8GMZO-85FiWdrtAJSSvenUju4XsOdMPqAWzMLJzqVDz52i_Ba-NH4dkoKSh_nmBO-eDpmUj8fprBQQHWNsVDrlBwxYMiOapD-nyjq6o0FIbla53AbL9acQkTMn1-1qtENnosFp2ikPwMGiIFMaSsquczBAN1ysshi1nutBZuHpKbV57ETtOPCKiznUZdCL4SkSe_K7ERxg5eVlceZjmt9MYqMxJIJu4IEPVTNPJWVWCORIfhvZKLo7a5emZeJp5Rxa1IHkHo1hQpWqj_QEhU1BVvzqo-L2pj6GE6SEsIECMvfRqca9B8ZCT2_R5fIzow1W46v6aCGuzhtUy27SD4MQgugJPIwx0AIAWUwMkKYOuFbIT29J2pvB6uYJ_ClFGR6fN2Ii-knK1OYk5I1276yJUtsCEn8P_1mvK7puPufo6MdH8RAmtxkxT-hUNz5Ats_yT2X5JtCFrsBhoPiQIW7b5zk4QKVQPc0LAl3dTSpfplauKL9qIF9CJARajIOOr_-K6v4lHW9god1Oe5J1pqQcAKjL6790cZULRYXZzgjepSXOKSk82RKXfaVp-pKE07g092iTHoNRxfVVAt6nvXuX3OmsRH2WBowiWv_Smf0fg9ipxTBFeW1kOpJ3C93Th-vSUwu-fF0rWS6UHVQYW3o7h1CCcgVXHgNDIscq7CQKJPhKhMaPBEFqCCEqf8lXdD6LhuOiXqibVeH_VTe30urp_43Hhg4XEYqU8hMsheyF4qq9miU8LkqNW6WG6QOVjiHPZGgcLuQJrN7TbsBfUh8b5ZYVy74UimWC0hUGJz8R8b9_YkHrQ-lJdJj-bMvzaDwCrghmz8eqGSQbSC2ZQKv8FcEkhrXBQ0-oGWunwSN2S38UEe4_-5uq94JdW4319rZipyom3nbMn--L8goENEt8QjsL4y2pBUQAlt1fXUNhK3Y_N5q2LDqGxyOjrc7FHwxCTOMyvOhCyjY6ZWlA4sm1Cjjn3bvf79Y4csDAbe092n6FhOICA9KCm3gaXhOP7JdcPjRds2c-Z8Ln3UY6WPUMG2opGZtK2gb4AcavtW1n3v54amr6eTXNmKGTmnSjrW9mmW_3IG9eHsjtMEj0fS21pCoGXbdzpAWN-LVOj9MaUrtrRVlZQfJc0f0L8GJNSbjNLV2E539vmsEhXLdXHyh4pwaHrcjDz83F4YDKPuAjcAW2ScveyFEEL5kARioMnLJEPJvZQqANKuKBfmyLY_KICa5hcuwS5wv-DdvOPm3W8d150J4cTOq-OOj03VIvan-ozQC5qY81ES_N4GIPdP7WD0CrQcaKhDj6mKUYY2sOn8fPmGmhfUtzZZt3kkRlHlHyvbltNzyywXCQSa8qrhgwQJycVlzxpMYfXDkTXLjPa2Sgq6tK81P_OyWvd_5pY4DRN1Oxbz2gjzBnvqGBTWA4n9I87GROcdr6EcGZbJuFyVJ33TT6zAoVLfY33nTMKyYM4ptb02HhuQCf61WZgm_9QoCrdN8SKzrH6vTsrLOl1EjxUETt8vIb8dyt8rhI7ScCYiKMI5OW4tAljICGVaYsCKHETehCRW5UoINIkQjgzzzwwp0L15BbCHGASguHK2b8pslOiMPp1BnjFZ6GPKUdCEdkJc2izfPTG6lguLuiYwom0HwrPP-6r8puH7D7ECM9nEXN8vPdSRafu_6IM-OQQd8Lue_dY-tWiR0XFOFzBnVgoukM2clotNI219HmwsM7PvTps59_ylOdcXNxHMvfjWAXFg63xFElP6vkg-qPwYAgWlLGAn-9TfYDW-LnwM81iKwUG2GwLfp0RDyKghPwO-MAN09jBy_I0PlwoJcjbVQNhPb8Y7H382N0hPmAR1Zz6Q-vx8cncgAhiMHErcrs7CBElhSxA0grANl7TefBYS2GGRGhWPoGb_WG8EdDz0Q--yjkNdp_xaFZg2irRQy8_caDu8X1VUWxzNWN4kWRion8qWO-WBp9KrSVRTYoYP45rIJ2RTlvyGojj1XzwnCXMSJj3foW6_XePRb9gcXG8RGYMhNfm-qb1A2ee87udVs-hXVDVsDho3EkXc1bZa3PghpIUKAhkwMuXD6EqDW6AErT9SrxB_KS_CP5Ft1X5M5qVdt4zWBRIOSN-i4FEa5R3Q18OG35Gdl7lPtyQ8Ped_vQ6iscZ_j4n7gqn6ndFyplXK7RefnSFGGyPbc9rELltQ-Cl3l3AI81oqUQUlqNhtODIN9xi0XystFIg_zBGfJ8nVISSrjVIsfJk5IGP_tOA4MZNLSpBEYVWCk35hxvu_x1B-DFgYVzhKBPcbeT3CBAMDWVu-vF619b33X7tefsaPvB5S-dEVhGE26wl1VjTgpH5j14cAXg1PuSBZcWcTAJWXMspY7kvU1MojAgqbkvBL3gkcTy-CbL1dh4U7pMSydclhrt-SA4GlYGxje6cu7FK8ib2v33fiM2qPmMfXjErOl8iGjcZ3OENnV69wSc52FxaNOioGc6EOLjWi3FsrnbZd_VD7yWtOmxR62RjLZXEN_iDHG6tStIVGbvzAEMeKBm0teSXGSvywiBi-fRWrsiaoex12wb5Dw0K_ZBjNIgTfInCruWvpIeF4dTLUyvghaxCUhczB1Ra2ZVlRCxg06NeGgC6ExorOuEMejDXXLVuoc_O-OBhYGADiKf844iC-Mg1xvRt7uehGUw-ljZ7o1HykXJ_Ip_E_7J2ExiyWizYJnMCzZb8cMJzZXEahnFVUGa0RxX8McDG-nfJIXwbAGQQridBndkJRNr_z2-uXQM3_hlqPLN9RrtJgERZEnlyUELkMjcFlg_RrBrRYBTgD6lFuv2YrQ_x9W1OUJUej234gbKXcJUhalNd2Mst0fSxEbt5lttDfFseznTGwTiOPC-U5lEAPD7cewlnYyA7JHKxrXw308UUzMZlfFOLGKm8J16OEiVWv2MjCNgpD84pZzoN-Pfs42Oq3pH7k687za0ejAac56yLdBpPr2wHiK3uGCQlefIhKkj_JyplzNHZBThA6Xsa1dOuWIEmqlNjt0Sg4GsnYlM6l6YdrSR5yTYP4RhkO0kL33G2zkbN1csWfzRV13Cc0V7c4duMOS-0hZfBMma1m0CVAwL9eFhoe7gitcy7C7r6Si-vPrnrLaCFRHtYYqgYU5ER-DqlZvp03QDLy9oL0fQDlAfj1V1TdBUtrWnR8JMb4rYojASlHLF8miV4_O4Pu1nhxNj0MMNaUse23P6YxdkP-VKIjdc6aKQgOUPQaA6oKNZ-sm9Ot0fN_NhljZWbeH3n5L3_3LnM9Ggy2OKW3aal1fBjJNCPxvYVKzDw2XOvlAQQLSgznKrkOzUGxYDZYwHq2mtD5rhBgri8C7bzxjjFZ-505HjuEiGzN8HrW-B8tEIqPWWzqXyC4PUoqisG8pqCKq885i_z4F9NiSOd398yGIAfMaAJre6-dfSv1Lt6anMRPknqcoVkktQUSBa0S6RlAY1pLq06mhN4AKBVUNSGsChjRHwzTwA6IknG3YtG3-07G8JrgNkC0OFjDEgAuxvfhB71Wc-0_2-in6oCfhwWyMUdL0v_ycTKHoR4RW0tyEeHvngFKbgoso3VkcxRjSFWEHiLJf7ugSS4F8N2VFJqQnTQY4bLe5lfbu57Q27Dt9Y9aY0nyKQ1th7ok6lZRbyu00VpSVmJh4ejMrFBn3RmE2yTA-MFChyhZRWkgtWLIiS0BdAoJ6nA6HyLrHA5Z430lsYH6ty4MJay-nagrrV-p8BBh4c6a-H-3SLRPvQjfpAqT5DLzntpX_vjsFYLtQmxYHQ41K07S3s6mZEK4Ras3jURznoTCRiCFlRdljywkCliDO8VT9IW9uqbDpN0bfk1iVkWJ2Jg1h6P_eusBgR4txHvHQ_xTaJ8oVC_UTEqCdC3gFarM5B7kPzskNOC7_GS4FQ6z6zdYipKyE34i0kVAYPRKueOC2cI35weO-mReVzpEtHBwjmntULuRlus0va6kfMtM0Nr5ld1_GNXi_Q8LfvlzQrM5GQCIBQWutJAbGQ-xGQfiqriM1ybD3i_dhSJxyl8kmkjs1ff0k_qM5lviHu6f3cf8Ij_MzdvpBlUUUJ3mz2dPAKp5QIQp5xD2pt2cqE5tDCUxGObGEiWJZ7OowEpwKWQ2GvkHONTUhvmvXptG9xOwXD1fZHCfrYg1C2LdUkvGQLR9VSy-UdI8Rsvks-Pdkd9o7c4jZyIiwLkm-hTZCsn3LTRIuslY9HkSD-436-kPcTi8hd7Jfg_yu-i0FI4d-pa9__5HZhdTS_vVNjcHHLJm9L06rTjbi8gwI1O_m6gAIt8yQdEL0gKJ3mt--ZeRvfK2TfTqcVY796QOCL-Rct7_EHKIiHX6Ey-9O3KZQNWJmoCq-tarCQwXBv1cFIVYce0KpJ19okd6s4ta2Wa4Rfp02-GmR8P5A9_x_b-sBREVWIjzs4PBvcVntYqTmyudBLg2PLo-n0vL3Z3Xa3xHhBxPMqHF-6xP0k_krojWKyrHhKX1gmA9UaeSGl2cZfp7qq3nT5itMWuX-4zWmCyE29HW2rwCqfhi_eg30prnqrwyo4JXIFXQ0PBLJqQjNsW5eL95k9rYBSeQ3_rYWV99YNKp-vYK4PMUGZsdoyX0HPQFOoV5MMPR8DIbJQTPJ_iPhJDmpx5Or1CMwHEnCs6HpuiWGFpnNN48emB2GWfuO15Sd1ETwqaWLvfe8w3suORxvU4fME_U46mBSBneGGYeTsR5qEY5jB7MxM8C0JKO4EO5lsCmCc5w9dMHy39KS7XjL0aY8-bvT7kWtZ15Kd_jq2r64njcZPZFyLeZnFfCyF1tBYc5A75uA2hiMHqkkSg_RyOhkmqROFY3e78-WhoKnfwiTZu7raRQiB9Z2va-T9oNPCrCKoz62VIX72Iy4JL-A4uuWvJeJeo9toZxq1GFxA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCwQ_-Z5wLZ6y8MqemoPMPqLWimAPkj9KxXKeS4YiIAcCNtwEQASAAYLu-roPQCoIBF2NhLXB1Yi0zNTkzODYxNTgzNzA3MzM4yAEJqQJkqfGvIuy1PqgDAcgDAqoEgwJP0CRspnujmbizoaIA_5-suPoCUVyiqieNsh_6qySzDgt4RAWw8uQglwkMxsWoPXkqxxIkZwD-I3kxUSYLOqruQhUV0sgknHUl9hhe9MNF7dpWSHh9UfGO2BEpSDTvrfGkKCSj90evwNEZ2KGlDOWsv1Na8INW34Mr_A9WHqRSMoMs40gCgUquozYuh00fL9d_IOyYCqSwvy81mRJdpDqa8Vps0j_cFrkP71XPd9Qq8exMqKM1_c51eO5dzTwX3WlqdemRwcz3nrkTHjqPNBQjLpONYrttNW9ljwzczqqrgorW-74jhYT_-NP3XXmtXKH6HtRQVpiQZTNd33VWcrGmUl5tgAa7hqj6s_jMlEegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggsCIDhgBAQATIHqoKA4J-AAToMgMADgICEgICUruADSL39wTpYvuu52o6LiQP6CwIIAYAMAdAVAYAXAbIXAhgM%26num%3D1%26sig%3DAOD64_3FRYBwLxpd9-YPv-vvWsIrrdlt_w%26client%3Dca-pub-3593861583707338%26adurl%3D

chrome.exe

Remote address:

178.250.1.17:443

Request

GET /delivery/r/afr.php?z=ZwucZwAMniwIaBMnAAiaqJFtO5eRjsXcFWb49A&u=%7CPbl2aZ%2BfKiniswZyoJZQ9QvWp1b%2BTtpNkeVde5kD1GU%3D%7C&c1=Dcz_gsP0hEuJH1VnunqGy22nFndhAq5zqxOFeYpI4zX0dmXFAPLSZ6NRX06d3_MpRpwL2lyW2lS8aHW4g-CwDTiZXgxLreErLSHF3O7e6Tpuv_QjhAEFIg8zEblteKEs5Rg3xKnRyT7R5_e0qkDWNCmu9A3KkH398sZTZQ6IDMKw78TCzdRpqyaw5t7ECiXVzRj8P3wQZJ7G1ArjTbPhmI2zoVZzJDQASxLwGsHUc6OWkbvhlf78pENJx-j5xPiwDZY5Jh60FUdASM5en48RxXhUIOzDs4-tPkd1pynRUkCjuwMkSdd1sT9ICxKsgHbdOSzlZCGuWXho0--t_ZHkE3WZNQQ0XJTWbA9Sl0vDlwTdrLezCqVvx69PVS2dnmSrmIVss7Q5Unpo47IKXys9wottc0FKI5w-Dw2tQMjSJWnZqmKIaHEqoDobjS1EH0C9119LAmw4y4xLbzN2rDxVHFxTPzjPPeMrIih8uhsP2_6ziOFDElbP8MZh7SZ-Jcnm8mxIrORAuV56JOeJczWOzzRojrf0zK7gYs4KEbGu13mDRU4ET8bFkBxyfA68F7mubWmVCWTNQn5hfUmQoOyBomI2iVRskGAOJWeqdXCe1aAzn66SkxyaVay451edZMzzu6JT5UO-0klfq-jaFmfcqfDOJsxgh1OFIirsVYov30mP0YlmQwI_9xJ7nJxMB4Ml-PCYkzw6UQzgwmHR-hKM0v7vP50Iah787s08W50Te85kzFcH5Dg0_ZM6bpul8GMZO-85FiWdrtAJSSvenUju4XsOdMPqAWzMLJzqVDz52i_Ba-NH4dkoKSh_nmBO-eDpmUj8fprBQQHWNsVDrlBwxYMiOapD-nyjq6o0FIbla53AbL9acQkTMn1-1qtENnosFp2ikPwMGiIFMaSsquczBAN1ysshi1nutBZuHpKbV57ETtOPCKiznUZdCL4SkSe_K7ERxg5eVlceZjmt9MYqMxJIJu4IEPVTNPJWVWCORIfhvZKLo7a5emZeJp5Rxa1IHkHo1hQpWqj_QEhU1BVvzqo-L2pj6GE6SEsIECMvfRqca9B8ZCT2_R5fIzow1W46v6aCGuzhtUy27SD4MQgugJPIwx0AIAWUwMkKYOuFbIT29J2pvB6uYJ_ClFGR6fN2Ii-knK1OYk5I1276yJUtsCEn8P_1mvK7puPufo6MdH8RAmtxkxT-hUNz5Ats_yT2X5JtCFrsBhoPiQIW7b5zk4QKVQPc0LAl3dTSpfplauKL9qIF9CJARajIOOr_-K6v4lHW9god1Oe5J1pqQcAKjL6790cZULRYXZzgjepSXOKSk82RKXfaVp-pKE07g092iTHoNRxfVVAt6nvXuX3OmsRH2WBowiWv_Smf0fg9ipxTBFeW1kOpJ3C93Th-vSUwu-fF0rWS6UHVQYW3o7h1CCcgVXHgNDIscq7CQKJPhKhMaPBEFqCCEqf8lXdD6LhuOiXqibVeH_VTe30urp_43Hhg4XEYqU8hMsheyF4qq9miU8LkqNW6WG6QOVjiHPZGgcLuQJrN7TbsBfUh8b5ZYVy74UimWC0hUGJz8R8b9_YkHrQ-lJdJj-bMvzaDwCrghmz8eqGSQbSC2ZQKv8FcEkhrXBQ0-oGWunwSN2S38UEe4_-5uq94JdW4319rZipyom3nbMn--L8goENEt8QjsL4y2pBUQAlt1fXUNhK3Y_N5q2LDqGxyOjrc7FHwxCTOMyvOhCyjY6ZWlA4sm1Cjjn3bvf79Y4csDAbe092n6FhOICA9KCm3gaXhOP7JdcPjRds2c-Z8Ln3UY6WPUMG2opGZtK2gb4AcavtW1n3v54amr6eTXNmKGTmnSjrW9mmW_3IG9eHsjtMEj0fS21pCoGXbdzpAWN-LVOj9MaUrtrRVlZQfJc0f0L8GJNSbjNLV2E539vmsEhXLdXHyh4pwaHrcjDz83F4YDKPuAjcAW2ScveyFEEL5kARioMnLJEPJvZQqANKuKBfmyLY_KICa5hcuwS5wv-DdvOPm3W8d150J4cTOq-OOj03VIvan-ozQC5qY81ES_N4GIPdP7WD0CrQcaKhDj6mKUYY2sOn8fPmGmhfUtzZZt3kkRlHlHyvbltNzyywXCQSa8qrhgwQJycVlzxpMYfXDkTXLjPa2Sgq6tK81P_OyWvd_5pY4DRN1Oxbz2gjzBnvqGBTWA4n9I87GROcdr6EcGZbJuFyVJ33TT6zAoVLfY33nTMKyYM4ptb02HhuQCf61WZgm_9QoCrdN8SKzrH6vTsrLOl1EjxUETt8vIb8dyt8rhI7ScCYiKMI5OW4tAljICGVaYsCKHETehCRW5UoINIkQjgzzzwwp0L15BbCHGASguHK2b8pslOiMPp1BnjFZ6GPKUdCEdkJc2izfPTG6lguLuiYwom0HwrPP-6r8puH7D7ECM9nEXN8vPdSRafu_6IM-OQQd8Lue_dY-tWiR0XFOFzBnVgoukM2clotNI219HmwsM7PvTps59_ylOdcXNxHMvfjWAXFg63xFElP6vkg-qPwYAgWlLGAn-9TfYDW-LnwM81iKwUG2GwLfp0RDyKghPwO-MAN09jBy_I0PlwoJcjbVQNhPb8Y7H382N0hPmAR1Zz6Q-vx8cncgAhiMHErcrs7CBElhSxA0grANl7TefBYS2GGRGhWPoGb_WG8EdDz0Q--yjkNdp_xaFZg2irRQy8_caDu8X1VUWxzNWN4kWRion8qWO-WBp9KrSVRTYoYP45rIJ2RTlvyGojj1XzwnCXMSJj3foW6_XePRb9gcXG8RGYMhNfm-qb1A2ee87udVs-hXVDVsDho3EkXc1bZa3PghpIUKAhkwMuXD6EqDW6AErT9SrxB_KS_CP5Ft1X5M5qVdt4zWBRIOSN-i4FEa5R3Q18OG35Gdl7lPtyQ8Ped_vQ6iscZ_j4n7gqn6ndFyplXK7RefnSFGGyPbc9rELltQ-Cl3l3AI81oqUQUlqNhtODIN9xi0XystFIg_zBGfJ8nVISSrjVIsfJk5IGP_tOA4MZNLSpBEYVWCk35hxvu_x1B-DFgYVzhKBPcbeT3CBAMDWVu-vF619b33X7tefsaPvB5S-dEVhGE26wl1VjTgpH5j14cAXg1PuSBZcWcTAJWXMspY7kvU1MojAgqbkvBL3gkcTy-CbL1dh4U7pMSydclhrt-SA4GlYGxje6cu7FK8ib2v33fiM2qPmMfXjErOl8iGjcZ3OENnV69wSc52FxaNOioGc6EOLjWi3FsrnbZd_VD7yWtOmxR62RjLZXEN_iDHG6tStIVGbvzAEMeKBm0teSXGSvywiBi-fRWrsiaoex12wb5Dw0K_ZBjNIgTfInCruWvpIeF4dTLUyvghaxCUhczB1Ra2ZVlRCxg06NeGgC6ExorOuEMejDXXLVuoc_O-OBhYGADiKf844iC-Mg1xvRt7uehGUw-ljZ7o1HykXJ_Ip_E_7J2ExiyWizYJnMCzZb8cMJzZXEahnFVUGa0RxX8McDG-nfJIXwbAGQQridBndkJRNr_z2-uXQM3_hlqPLN9RrtJgERZEnlyUELkMjcFlg_RrBrRYBTgD6lFuv2YrQ_x9W1OUJUej234gbKXcJUhalNd2Mst0fSxEbt5lttDfFseznTGwTiOPC-U5lEAPD7cewlnYyA7JHKxrXw308UUzMZlfFOLGKm8J16OEiVWv2MjCNgpD84pZzoN-Pfs42Oq3pH7k687za0ejAac56yLdBpPr2wHiK3uGCQlefIhKkj_JyplzNHZBThA6Xsa1dOuWIEmqlNjt0Sg4GsnYlM6l6YdrSR5yTYP4RhkO0kL33G2zkbN1csWfzRV13Cc0V7c4duMOS-0hZfBMma1m0CVAwL9eFhoe7gitcy7C7r6Si-vPrnrLaCFRHtYYqgYU5ER-DqlZvp03QDLy9oL0fQDlAfj1V1TdBUtrWnR8JMb4rYojASlHLF8miV4_O4Pu1nhxNj0MMNaUse23P6YxdkP-VKIjdc6aKQgOUPQaA6oKNZ-sm9Ot0fN_NhljZWbeH3n5L3_3LnM9Ggy2OKW3aal1fBjJNCPxvYVKzDw2XOvlAQQLSgznKrkOzUGxYDZYwHq2mtD5rhBgri8C7bzxjjFZ-505HjuEiGzN8HrW-B8tEIqPWWzqXyC4PUoqisG8pqCKq885i_z4F9NiSOd398yGIAfMaAJre6-dfSv1Lt6anMRPknqcoVkktQUSBa0S6RlAY1pLq06mhN4AKBVUNSGsChjRHwzTwA6IknG3YtG3-07G8JrgNkC0OFjDEgAuxvfhB71Wc-0_2-in6oCfhwWyMUdL0v_ycTKHoR4RW0tyEeHvngFKbgoso3VkcxRjSFWEHiLJf7ugSS4F8N2VFJqQnTQY4bLe5lfbu57Q27Dt9Y9aY0nyKQ1th7ok6lZRbyu00VpSVmJh4ejMrFBn3RmE2yTA-MFChyhZRWkgtWLIiS0BdAoJ6nA6HyLrHA5Z430lsYH6ty4MJay-nagrrV-p8BBh4c6a-H-3SLRPvQjfpAqT5DLzntpX_vjsFYLtQmxYHQ41K07S3s6mZEK4Ras3jURznoTCRiCFlRdljywkCliDO8VT9IW9uqbDpN0bfk1iVkWJ2Jg1h6P_eusBgR4txHvHQ_xTaJ8oVC_UTEqCdC3gFarM5B7kPzskNOC7_GS4FQ6z6zdYipKyE34i0kVAYPRKueOC2cI35weO-mReVzpEtHBwjmntULuRlus0va6kfMtM0Nr5ld1_GNXi_Q8LfvlzQrM5GQCIBQWutJAbGQ-xGQfiqriM1ybD3i_dhSJxyl8kmkjs1ff0k_qM5lviHu6f3cf8Ij_MzdvpBlUUUJ3mz2dPAKp5QIQp5xD2pt2cqE5tDCUxGObGEiWJZ7OowEpwKWQ2GvkHONTUhvmvXptG9xOwXD1fZHCfrYg1C2LdUkvGQLR9VSy-UdI8Rsvks-Pdkd9o7c4jZyIiwLkm-hTZCsn3LTRIuslY9HkSD-436-kPcTi8hd7Jfg_yu-i0FI4d-pa9__5HZhdTS_vVNjcHHLJm9L06rTjbi8gwI1O_m6gAIt8yQdEL0gKJ3mt--ZeRvfK2TfTqcVY796QOCL-Rct7_EHKIiHX6Ey-9O3KZQNWJmoCq-tarCQwXBv1cFIVYce0KpJ19okd6s4ta2Wa4Rfp02-GmR8P5A9_x_b-sBREVWIjzs4PBvcVntYqTmyudBLg2PLo-n0vL3Z3Xa3xHhBxPMqHF-6xP0k_krojWKyrHhKX1gmA9UaeSGl2cZfp7qq3nT5itMWuX-4zWmCyE29HW2rwCqfhi_eg30prnqrwyo4JXIFXQ0PBLJqQjNsW5eL95k9rYBSeQ3_rYWV99YNKp-vYK4PMUGZsdoyX0HPQFOoV5MMPR8DIbJQTPJ_iPhJDmpx5Or1CMwHEnCs6HpuiWGFpnNN48emB2GWfuO15Sd1ETwqaWLvfe8w3suORxvU4fME_U46mBSBneGGYeTsR5qEY5jB7MxM8C0JKO4EO5lsCmCc5w9dMHy39KS7XjL0aY8-bvT7kWtZ15Kd_jq2r64njcZPZFyLeZnFfCyF1tBYc5A75uA2hiMHqkkSg_RyOhkmqROFY3e78-WhoKnfwiTZu7raRQiB9Z2va-T9oNPCrCKoz62VIX72Iy4JL-A4uuWvJeJeo9toZxq1GFxA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCwQ_-Z5wLZ6y8MqemoPMPqLWimAPkj9KxXKeS4YiIAcCNtwEQASAAYLu-roPQCoIBF2NhLXB1Yi0zNTkzODYxNTgzNzA3MzM4yAEJqQJkqfGvIuy1PqgDAcgDAqoEgwJP0CRspnujmbizoaIA_5-suPoCUVyiqieNsh_6qySzDgt4RAWw8uQglwkMxsWoPXkqxxIkZwD-I3kxUSYLOqruQhUV0sgknHUl9hhe9MNF7dpWSHh9UfGO2BEpSDTvrfGkKCSj90evwNEZ2KGlDOWsv1Na8INW34Mr_A9WHqRSMoMs40gCgUquozYuh00fL9d_IOyYCqSwvy81mRJdpDqa8Vps0j_cFrkP71XPd9Qq8exMqKM1_c51eO5dzTwX3WlqdemRwcz3nrkTHjqPNBQjLpONYrttNW9ljwzczqqrgorW-74jhYT_-NP3XXmtXKH6HtRQVpiQZTNd33VWcrGmUl5tgAa7hqj6s_jMlEegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggsCIDhgBAQATIHqoKA4J-AAToMgMADgICEgICUruADSL39wTpYvuu52o6LiQP6CwIIAYAMAdAVAYAXAbIXAhgM%26num%3D1%26sig%3DAOD64_3FRYBwLxpd9-YPv-vvWsIrrdlt_w%26client%3Dca-pub-3593861583707338%26adurl%3D HTTP/2.0
host: ads.eu.criteo.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cto_bundle=0dC8Cl9NRzVaUmEwMW8ybTJEWm5PaEVrbTlrVXBLYklDeEZwZURNbXBWakNCRjlRUUtLR3ZFRjlTQ1VQWUI4RzloOEI1TDV0M0V6SFl2dnVuQjdOOFV3JTJGUVByeGpRbnVzNHNPcUZLTjJpRlFOaDNrJTNE

Response

HTTP/2.0 200

content-type: text/html
date: Sun, 13 Oct 2024 10:09:43 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
pragma: no-cache
set-cookie: receive-cookie-deprecation=1; expires=Fri, 07 Nov 2025 10:09:44 GMT; domain=criteo.com; path=/; secure; samesite=none; httponly; Partitioned
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=0omK5SUDT_zswEzpGLoWN4MnpE49UjYZy1MQGuOyvk0y9YkV8qIhyGXrgeziQoOxraVVLw_4OhAeQxWcbV7bveYKhZomSJRT_2WpvbgB-0ktxnjdZtDIowVpitc897OryxqoG7RprXrNX0V6cNiZVqSD60ScWTXg5c9ksyFQ_pw4TzwXekQiC8J8jk1oA7yJflR11i5Rz-yUH-BM0uJZ8Xj7vmqoWmCpvpC06xqN_mNRmeSUehzq7yIg6CFMPexGIsjYAA"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 28233234
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
GET

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZwucaAALb7cIaCZIAB4_Xr-j6f2zFXu6lssbgQ&u=%7C0WvgLuiqHm36C0on7qUZuMX7Qlz09KIP4NECdQ3ffsE%3D%7C&c1=Dcz_gsP0hEuJH1VnunqGy22nFndhAq5zqxOFeYpI4zX0dmXFAPLSZ0srdx7UTnzHgX5kFuYWeT7tKy5DOP-PyPPx27EBNSsAZbYddhTm6q7hPGlNnu6GPf0arufmmQ1fWNVlu-I_lRfv1Yq6Ki_yGyqIvUIpcht656JNRdwUD5YPMO-EJPk5XVAjJipTbkwzWJCSVHWyFsnZCX3ancynjbIZdmAN5qjTDhPfAtdiXygWUiXZoRaIT4wtxy_QalK9SnfDBBVITZe49ph6ERYVMrcp3I3i-Y625YCYooV_EjiyO7BbcOp1rKRW3XOyvfOD6BotVOfkzOoC3ElynwAPN1VC3fF_3iyFS4Q_xcdsQ-XBYrcf_5mxs1CjI-CrHfwNS_sEMbbAYkOlx9LENYpbsvNoAkv2sZ6qARP7bNPawyrvygeJmAtXFlQaAtA5YLQWe2cTLQb1zmy3E5DLcBK1cjHKuJhx84FoBLjs77GXkwlKuHA_9PyS7xJHM8BRS5lKhXoDXK_T__cctZAwTv67MM7cZ0VwxdO4YFY4sS1Xik2G0n0C60S1usBvXWlykBY5R5FFjSxZpvGs7bCr-oeVR2EzUS8VWaWf8oWwY0Ph9nWmRIRig3MEijt8YQ7y6QstDyDjP-Fe1gbyEUM740evB_OZfmQh5UplTNCtCGf-F3LZk4xBKcjwveL9lt4lGY8CmkAYCYIr0ydyEF4BF92u7IJeSf094PpM-zGHuMArhRt54EUhCKDuk9PXGwi2HE9yFGTYhuJQeKkLbLYdVzD12ocRiFr0DbHKp9s7jSsF2z4g6pnSJVSvoNBZOhErxdQBFpqxg2PwEumbrre9BFIRBs6aPQfdMm9oAzZpAKbk1c1H5bsRBUT8m_8OzzvFtddbea6XhIXBHJwxrsbUYw-wIR9WVOZcm5IIQHOnIXMMhsSKxMIqlvdgraT3LAk2Wj3uL2jNajx2Sa3-JDnPFqukhHJDRToamcKZnvdjXsLV1XRIaXTiZcljukLxYA0wOp2cr_2KyE96UAapq-uZpNxUaI_E5ri_6biGubc-zb2jHXBPrMW6q1d08Tlyg_9DyRRftMv3k31g9md6h7_EuiAKoAoKragdHZxDuvJb8ywBkfCmhx8UAYz3fiIEaMzEFUqW2uvMXDl6K0rsWD6Z0UO4pq6zPHejReLzDp97pxZ4SUmR9YNEFiuvoKGfv8SS4KTh1eQC1IjDbob_cB7que40S6-__MAZOqV-2JqIs8A6-zkg5771BAfcAY0pInXgp9pBBm2b3OTgPw8wGV10CSQpW40WGlltFTs0XWjcOibq5paxsmgL-sRe63QUA9QPgD4yQ2mEDnK7IlEYKQ0vDxXZ4Pc6MgAm-iWPvre3eBlwZ1hvH_yhxez0UHspoCTBXyB2DW9A-BRTlkvowY0M6k-ZHTqE8Nf1UMBMZzhJQqhAR4e5FnNLqvlNJLboLktfbuu_OwxQWLQkPgOQoLJUdgWM22SH2sUkPBuF6dMddtdAvqjYl39bkTAA1X2XuIfcQV8gMQBBKQ411YyQKU_ruX1fFbMstZEloMfoOlgHRvQrNtE7nKcK9KR1VKunY3pzmxtXLmYI7-gIYxBM123mypzgl1smzRiveZjcWM3pc65oUcWW37XDlU7Kumm-aovH_dxFvm1XTzuxwgEMSEKIYCp8YewaYCibuzFZmH_bmLJJsWcOT-yyCxLAaRyrp_-PKAmv9_0BZfyrBot_CuebwCAGB8B7WMCTudmyg9RAey_DGPy42Pm1bOFFRrJUlY4NV--58lGGWDNsYmiCr2xgTxBzxfWmz5JvCP9g5skNO_BvfqbfmKTxiJk1mwj4OCziIuMOzgdZ-rimcollcfy3uklbROwx0hLxNljwtJRnG8IGQ__t1idAXKYuSU8pyssGVpiqXLI-LLNF-xVCbnEmkcHuYLefNz08MDM7n2fgAB0EPv9-Gw7OAa8nSms3ahZ6oyezzn7jUyTStOqtiAYPGqNgbyP2-6CPaOGS2DCAO4kKvxUNA4FEI4wLlUA1dyxlA0pApO3J8nzzQ3uxWq0N7p4idTki6CjJ5EvjMUluj1-HpGY8boWuhj_JUAkU6lKfXwRuUX78U1vMLORO7JkMd5wWkseNefpiEIb7AWkoF8PiTOF98Xv_EcmDf3abNWhTrJuhmbqKaEpl9i0uRv9d6dRXWMv24b8xuNQorCNRi2Io8qiGBFOAVo1ApeEpuOPLQqzTHRZaKi55Yxph-NryEUGjLQjovFTM-MUKwLd6Q4S2m3Jsd-t6OC_ppqje--YebUspEOLq88C7CH3EIfRU1ckIuQOZ7b98j5Tx6lOXAlr1rEz3tvG6nCnldvAtx3qDJNiffRMqG-BJZhMd44SPntNG8JqDkg_w0DrWABm1zn2L3DMNYfazjwse7-GAow4nG0nzraJvd12Qx-74VMbWOuS48iVXpwKo38gHm2uphUW3zrDaob1596qVdoHlxej3j3lv1U6oJFDtcAT-Q-NsEEVW1PeZqHAcSvll-r4b5JophIdH5qEuQ2pCUPQlTzCGwE6D79owvzSQOlScjnAqzPxViIz3yKqrwo-tjGgPY3JMxLpKkt9js8zpuWrMb2-nmc1lj8NiZt8WbrSTX1R_dDgwHbwZMG2ZSKvX5zWiFIHOmC0vxhlmQF1PlJBlsxUN2YzXpPwNv7ccHZyg8dIBI_JeMkpRzYGJPD9fT99zegRvCfxl1OPNOCsp1-rZvN_2qPzUjbicZeZ7NKuFotDxlcZeuJA8W1GpQWklu2cvoNkSIByc-7lW7z7-8g0HXrRuQV0SDqvPF-GQJfZXM1kS4bYL2PtIn8r-dDSXW6Wv8Yuye0727Qz1PiKWi_ZmopoSPPPBAO1Nesu-l0hqHy-ooZM0UELKRVVGY21ySeNoydDVrWFJbBC7v2_OfdHa1BWIMMgwnPVYKoX3ffnXdKtzW4vCYvg90yAEG_0Moq9boAva82Z5CVkstmQn_HDt5NI54OE9CV6JFqB9TdxF1P3avMq8oM5vQf1FxnRJm4IDoCDVUlYiGuRkCXvXuNGhWMXScJow-189GUaQlLGwcZtGxCKh58SCTnwTEIXzzPUrfX1Nu16cbvTLw0fvyYUpO1KPdlu8Xt6Q8aYWa3I924Lo7VswOpiYaw4TBcjyqKpusyzAk59p6THo9ApfeZCr34fOaKcrZD8GGDPIVNzEpXR6FaOeu0fMkv8KZbpdlHqAq4qYZ0kPgBJQNqvQimwUV9xKf0nIgIw_M7sc3PwzT_HWXHpmv8b9u5ccN5w2EBeop4ZZsToyfUD9oepg0-mgSi1WjAiyeHYY8QH8Uv0QPLNZV_3EOqHEsVGwqa7b58nLmNwxrl2cdPgF3MMqQ7yh8b7eEKJPJaTaI9AGX_kZ9vimmLeSSkTmPPG3eAXwylf-ncIiTQB0Fk_jZqWUTifuXjtV3RFQy4-6fzcUPefyduTxzcpqwSJDZxMrT5KtHMrDtvAEMQOfjXafbT2hasuRl49UNl_4_SWNMGz8-EpTcmE86nvscNcbbglK6YJqTASMKsQh0YBqrZyCz_2WuEg6Y7fPo0DBnDZyxcbLwB6uXXtMEIHUxji9K2FEzLaQpcOnqdiP3qUgQ530ZuN78LNhTCU-tNbWS5b5s11bA_kIcIOeMYRnhPWExWP71ZVNYjf92BCjPdOTYZHmfs0ghbIhmaWrFZ8iJtlmmfWX3zWapT6dLv5TRl0aFDiFgL9MvNKkzCh8iYqGVFGfkpdcfbHMKPA4CVvheWyHGAVutWczioL2Ft7tbtixB239lzj_6JiRR1r-_e-0m-nTJh0BlgL6I7DPHJNPfEviIrkIAVgmtVLvy-PFR4tPn-xez3jWYWFgX-lP7Rlr2j6at3bTF9T5Qb-5Nj37KkEmQq-0V7Z-4yrDdigSLfnr6HMQ85ThVDizAoAqUCULjW9XvyrutBEVFJTWMsskaTLT4ULuWY5X4lrdM6XP_YoIfJTHKwhH46hXkBZYI4Zvs5PZDkieGibFh4wNH3mVdkaGM4_6KxLKudMtxfKclFdmOUTdAY3bm9g55f1nOmlwXv2IFa37nFK6mm5OkzSTLOsUjuxubPq74_ijd8tRbkA7_HtwCMksUMy6I-VFs-8xpwHPXsuzc42ouYywEf_8fGu9cdBQe0Xb4ggV8XpbdICAyWk_Rtpa89jENuMxCu_gY1akrQT_jYAQj77JU7N1iXAyeWvPLr8XUkYjhXaPEbXGx7LVbwuipAHin2Ef0jN7rGUHchnEQVcs6M8-fR_7FFYHfdvIV9gnnm2tGkakA0nOKQsHXejHoEjWjrsdr8hZVnh5XeGcCn5piOihyWdF1OgsQN-i5V1khPdJ2y1ZYeFuivzGh-YZkJlE7HG3RaiBTN285sf-Q89lWOWwzfQroSPVSSNll7MqYmsgact7LWLFB6_TeVVppENC_ifNVjwlXkWAx3-DlBm8L9jxlE1MqP6a97_LMmhWf3wYBf20Iu-vcIfo7VoZJnDcvpuR10QKoUSRNBMCmnnoZq7J5Js00A-C5qPq6qby6m_aLCud-LHadL-2NGHWElemdY50vi-zI1kWB-9JLr8dKW3YmNh5XP0KeruS_ltroXMkZmEK_S2tUul-74uyqSFW0LMmnmfug4_UI5st4vJLPc64l1GzUamihVekrZiG8CcJgonW0hYUIeNoSz-Vrd2GQL6XJjuFMVbfUkBvCRu5gshgyXbmsBIQD7YCV5UP-h3kytErT1x01MzfvQpzZTF00bhJDaoIRkI_2Xc_sw_YNbn7UQjWTtgwbGWqEuK5d10BctCmj8uwUVgFUZ44EzKnEBhR1QUuuVSYQdBZPDLGrsvR-kvpOfxqJDJo_LsG0UwE3kjhW4IgFcYkNTtUjmv8iyV2-jIfu5hFW6pGmQ0nDTNy3PplyzztE7lzgSP62cXE2wYZJ17PWZ6zjc0TH136ug5gocun83dHfxTM1U4tBIWM8t5pZOtGxDzuL4AgjFwXIjN78EPIcTQ2EgOhft_NESkj-1yU3ljEZ-my4aps6qzThZloJi9gmq5bfyGzvwjDESl1Xce3WSwwHd2Gu7hQXH6kpzzXSpxkXA6NCReqeg_acFprzpmVXttYrgUTNYGI019iSs0AaPhTyiSeSRIrs3vLR1MM_Td_e0vBZ3JX1Nt561wxLhuA-z9OeJJV1PZj99o5Vxb_k3lYbaCJKBrdx4FT_Xqi4UdnO_0naYMId5h-a675VyxiOIVFe1pPFVrW99hyuMLAfCGYJg_Hfas8C35cTvK_eecaX9vLpNmmi9Rdbvh7-NxUpw1sI0piZkMTegtGmKfw9Oc8ICl3LAcbtMPt_y06U9atXZFAPt50mh_T-JZDxvUpv85ZerF7_0RcckW21U0O93vHtdjEpUoifKVDL94qPp-RrgcQ65lW_ndsMUJMhfoNAc8kzAX2LNDD1NXCSg8O8AhfBfRiT4NsejLhB5TMQ7ug1d8zIAyVh13h8EHtvy6lnJoLhDAqfD_NyqN358VfSE4572wJgU_7CmFOSxqRaFIJ9vynpjqN5G3gcjcKbxxLiwN6YDDHkBxiH9ysAnr1W5bFNeNj2GReNU-0l7znwSkcdSANStfWUAiD09xgbEUlFkqAvOuujzablEOWGqclfiCTADmX7RrDyFYGNKPVfoxI5-xw8g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEGAoaJwLZ7ffLcjMoPMP3v742A_kj9KxXL_b_YiIAcCNtwEQASAAYLu-roPQCoIBF2NhLXB1Yi0zNTkzODYxNTgzNzA3MzM4yAEJqQJkqfGvIuy1PqgDAcgDAqoEgwJP0OASyJ8t231R-NV0kE82zan-0EI26GYSQ6QHQVf3x7v7YE2cUzL3IcnRMsOMByLTZLHzEvOqeNV0VE-o4Qo0eXWH8t1D_Amy3h41A9um6HsthdJ-TwaVGjd-mPMmtE98K692JKQPwAZHT52mvoMuMRk53-UwGF3dbppQteac1yzA4-rOeOWv3XVI7_6Wynw7LDQjTUc5gnoF4ta5L1enBY5x9BKlFiEf31uzFJB4NyyNGeMMTn21YVuvujud0nLaIiIhbDq9C4UgpRrrZ5oyggwduBD1RtHB4ia8nDO5TNq2NttAzqfWCHkcEdszKOAq4K8zF9p8z-8u6lum4ujDAH0dgAa7hqj6s_jMlEegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggsCIDhgBAQATIHqoKA4J-AAToMgMADgICEgICUruADSL39wTpY7ozy2o6LiQP6CwIIAYAMAdAVAYAXAbIXLhIqEigIy6eQm92Ew5JBEhZTSU1VTEFURURfRE9NQUlOX1BVQjFQGAEgA0glGAw%26num%3D1%26sig%3DAOD64_0TAibB-y0jeIKGCTDh7lf9x5O3xA%26client%3Dca-pub-3593861583707338%26adurl%3D

chrome.exe

Remote address:

178.250.1.17:443

Request

GET /delivery/r/afr.php?z=ZwucaAALb7cIaCZIAB4_Xr-j6f2zFXu6lssbgQ&u=%7C0WvgLuiqHm36C0on7qUZuMX7Qlz09KIP4NECdQ3ffsE%3D%7C&c1=Dcz_gsP0hEuJH1VnunqGy22nFndhAq5zqxOFeYpI4zX0dmXFAPLSZ0srdx7UTnzHgX5kFuYWeT7tKy5DOP-PyPPx27EBNSsAZbYddhTm6q7hPGlNnu6GPf0arufmmQ1fWNVlu-I_lRfv1Yq6Ki_yGyqIvUIpcht656JNRdwUD5YPMO-EJPk5XVAjJipTbkwzWJCSVHWyFsnZCX3ancynjbIZdmAN5qjTDhPfAtdiXygWUiXZoRaIT4wtxy_QalK9SnfDBBVITZe49ph6ERYVMrcp3I3i-Y625YCYooV_EjiyO7BbcOp1rKRW3XOyvfOD6BotVOfkzOoC3ElynwAPN1VC3fF_3iyFS4Q_xcdsQ-XBYrcf_5mxs1CjI-CrHfwNS_sEMbbAYkOlx9LENYpbsvNoAkv2sZ6qARP7bNPawyrvygeJmAtXFlQaAtA5YLQWe2cTLQb1zmy3E5DLcBK1cjHKuJhx84FoBLjs77GXkwlKuHA_9PyS7xJHM8BRS5lKhXoDXK_T__cctZAwTv67MM7cZ0VwxdO4YFY4sS1Xik2G0n0C60S1usBvXWlykBY5R5FFjSxZpvGs7bCr-oeVR2EzUS8VWaWf8oWwY0Ph9nWmRIRig3MEijt8YQ7y6QstDyDjP-Fe1gbyEUM740evB_OZfmQh5UplTNCtCGf-F3LZk4xBKcjwveL9lt4lGY8CmkAYCYIr0ydyEF4BF92u7IJeSf094PpM-zGHuMArhRt54EUhCKDuk9PXGwi2HE9yFGTYhuJQeKkLbLYdVzD12ocRiFr0DbHKp9s7jSsF2z4g6pnSJVSvoNBZOhErxdQBFpqxg2PwEumbrre9BFIRBs6aPQfdMm9oAzZpAKbk1c1H5bsRBUT8m_8OzzvFtddbea6XhIXBHJwxrsbUYw-wIR9WVOZcm5IIQHOnIXMMhsSKxMIqlvdgraT3LAk2Wj3uL2jNajx2Sa3-JDnPFqukhHJDRToamcKZnvdjXsLV1XRIaXTiZcljukLxYA0wOp2cr_2KyE96UAapq-uZpNxUaI_E5ri_6biGubc-zb2jHXBPrMW6q1d08Tlyg_9DyRRftMv3k31g9md6h7_EuiAKoAoKragdHZxDuvJb8ywBkfCmhx8UAYz3fiIEaMzEFUqW2uvMXDl6K0rsWD6Z0UO4pq6zPHejReLzDp97pxZ4SUmR9YNEFiuvoKGfv8SS4KTh1eQC1IjDbob_cB7que40S6-__MAZOqV-2JqIs8A6-zkg5771BAfcAY0pInXgp9pBBm2b3OTgPw8wGV10CSQpW40WGlltFTs0XWjcOibq5paxsmgL-sRe63QUA9QPgD4yQ2mEDnK7IlEYKQ0vDxXZ4Pc6MgAm-iWPvre3eBlwZ1hvH_yhxez0UHspoCTBXyB2DW9A-BRTlkvowY0M6k-ZHTqE8Nf1UMBMZzhJQqhAR4e5FnNLqvlNJLboLktfbuu_OwxQWLQkPgOQoLJUdgWM22SH2sUkPBuF6dMddtdAvqjYl39bkTAA1X2XuIfcQV8gMQBBKQ411YyQKU_ruX1fFbMstZEloMfoOlgHRvQrNtE7nKcK9KR1VKunY3pzmxtXLmYI7-gIYxBM123mypzgl1smzRiveZjcWM3pc65oUcWW37XDlU7Kumm-aovH_dxFvm1XTzuxwgEMSEKIYCp8YewaYCibuzFZmH_bmLJJsWcOT-yyCxLAaRyrp_-PKAmv9_0BZfyrBot_CuebwCAGB8B7WMCTudmyg9RAey_DGPy42Pm1bOFFRrJUlY4NV--58lGGWDNsYmiCr2xgTxBzxfWmz5JvCP9g5skNO_BvfqbfmKTxiJk1mwj4OCziIuMOzgdZ-rimcollcfy3uklbROwx0hLxNljwtJRnG8IGQ__t1idAXKYuSU8pyssGVpiqXLI-LLNF-xVCbnEmkcHuYLefNz08MDM7n2fgAB0EPv9-Gw7OAa8nSms3ahZ6oyezzn7jUyTStOqtiAYPGqNgbyP2-6CPaOGS2DCAO4kKvxUNA4FEI4wLlUA1dyxlA0pApO3J8nzzQ3uxWq0N7p4idTki6CjJ5EvjMUluj1-HpGY8boWuhj_JUAkU6lKfXwRuUX78U1vMLORO7JkMd5wWkseNefpiEIb7AWkoF8PiTOF98Xv_EcmDf3abNWhTrJuhmbqKaEpl9i0uRv9d6dRXWMv24b8xuNQorCNRi2Io8qiGBFOAVo1ApeEpuOPLQqzTHRZaKi55Yxph-NryEUGjLQjovFTM-MUKwLd6Q4S2m3Jsd-t6OC_ppqje--YebUspEOLq88C7CH3EIfRU1ckIuQOZ7b98j5Tx6lOXAlr1rEz3tvG6nCnldvAtx3qDJNiffRMqG-BJZhMd44SPntNG8JqDkg_w0DrWABm1zn2L3DMNYfazjwse7-GAow4nG0nzraJvd12Qx-74VMbWOuS48iVXpwKo38gHm2uphUW3zrDaob1596qVdoHlxej3j3lv1U6oJFDtcAT-Q-NsEEVW1PeZqHAcSvll-r4b5JophIdH5qEuQ2pCUPQlTzCGwE6D79owvzSQOlScjnAqzPxViIz3yKqrwo-tjGgPY3JMxLpKkt9js8zpuWrMb2-nmc1lj8NiZt8WbrSTX1R_dDgwHbwZMG2ZSKvX5zWiFIHOmC0vxhlmQF1PlJBlsxUN2YzXpPwNv7ccHZyg8dIBI_JeMkpRzYGJPD9fT99zegRvCfxl1OPNOCsp1-rZvN_2qPzUjbicZeZ7NKuFotDxlcZeuJA8W1GpQWklu2cvoNkSIByc-7lW7z7-8g0HXrRuQV0SDqvPF-GQJfZXM1kS4bYL2PtIn8r-dDSXW6Wv8Yuye0727Qz1PiKWi_ZmopoSPPPBAO1Nesu-l0hqHy-ooZM0UELKRVVGY21ySeNoydDVrWFJbBC7v2_OfdHa1BWIMMgwnPVYKoX3ffnXdKtzW4vCYvg90yAEG_0Moq9boAva82Z5CVkstmQn_HDt5NI54OE9CV6JFqB9TdxF1P3avMq8oM5vQf1FxnRJm4IDoCDVUlYiGuRkCXvXuNGhWMXScJow-189GUaQlLGwcZtGxCKh58SCTnwTEIXzzPUrfX1Nu16cbvTLw0fvyYUpO1KPdlu8Xt6Q8aYWa3I924Lo7VswOpiYaw4TBcjyqKpusyzAk59p6THo9ApfeZCr34fOaKcrZD8GGDPIVNzEpXR6FaOeu0fMkv8KZbpdlHqAq4qYZ0kPgBJQNqvQimwUV9xKf0nIgIw_M7sc3PwzT_HWXHpmv8b9u5ccN5w2EBeop4ZZsToyfUD9oepg0-mgSi1WjAiyeHYY8QH8Uv0QPLNZV_3EOqHEsVGwqa7b58nLmNwxrl2cdPgF3MMqQ7yh8b7eEKJPJaTaI9AGX_kZ9vimmLeSSkTmPPG3eAXwylf-ncIiTQB0Fk_jZqWUTifuXjtV3RFQy4-6fzcUPefyduTxzcpqwSJDZxMrT5KtHMrDtvAEMQOfjXafbT2hasuRl49UNl_4_SWNMGz8-EpTcmE86nvscNcbbglK6YJqTASMKsQh0YBqrZyCz_2WuEg6Y7fPo0DBnDZyxcbLwB6uXXtMEIHUxji9K2FEzLaQpcOnqdiP3qUgQ530ZuN78LNhTCU-tNbWS5b5s11bA_kIcIOeMYRnhPWExWP71ZVNYjf92BCjPdOTYZHmfs0ghbIhmaWrFZ8iJtlmmfWX3zWapT6dLv5TRl0aFDiFgL9MvNKkzCh8iYqGVFGfkpdcfbHMKPA4CVvheWyHGAVutWczioL2Ft7tbtixB239lzj_6JiRR1r-_e-0m-nTJh0BlgL6I7DPHJNPfEviIrkIAVgmtVLvy-PFR4tPn-xez3jWYWFgX-lP7Rlr2j6at3bTF9T5Qb-5Nj37KkEmQq-0V7Z-4yrDdigSLfnr6HMQ85ThVDizAoAqUCULjW9XvyrutBEVFJTWMsskaTLT4ULuWY5X4lrdM6XP_YoIfJTHKwhH46hXkBZYI4Zvs5PZDkieGibFh4wNH3mVdkaGM4_6KxLKudMtxfKclFdmOUTdAY3bm9g55f1nOmlwXv2IFa37nFK6mm5OkzSTLOsUjuxubPq74_ijd8tRbkA7_HtwCMksUMy6I-VFs-8xpwHPXsuzc42ouYywEf_8fGu9cdBQe0Xb4ggV8XpbdICAyWk_Rtpa89jENuMxCu_gY1akrQT_jYAQj77JU7N1iXAyeWvPLr8XUkYjhXaPEbXGx7LVbwuipAHin2Ef0jN7rGUHchnEQVcs6M8-fR_7FFYHfdvIV9gnnm2tGkakA0nOKQsHXejHoEjWjrsdr8hZVnh5XeGcCn5piOihyWdF1OgsQN-i5V1khPdJ2y1ZYeFuivzGh-YZkJlE7HG3RaiBTN285sf-Q89lWOWwzfQroSPVSSNll7MqYmsgact7LWLFB6_TeVVppENC_ifNVjwlXkWAx3-DlBm8L9jxlE1MqP6a97_LMmhWf3wYBf20Iu-vcIfo7VoZJnDcvpuR10QKoUSRNBMCmnnoZq7J5Js00A-C5qPq6qby6m_aLCud-LHadL-2NGHWElemdY50vi-zI1kWB-9JLr8dKW3YmNh5XP0KeruS_ltroXMkZmEK_S2tUul-74uyqSFW0LMmnmfug4_UI5st4vJLPc64l1GzUamihVekrZiG8CcJgonW0hYUIeNoSz-Vrd2GQL6XJjuFMVbfUkBvCRu5gshgyXbmsBIQD7YCV5UP-h3kytErT1x01MzfvQpzZTF00bhJDaoIRkI_2Xc_sw_YNbn7UQjWTtgwbGWqEuK5d10BctCmj8uwUVgFUZ44EzKnEBhR1QUuuVSYQdBZPDLGrsvR-kvpOfxqJDJo_LsG0UwE3kjhW4IgFcYkNTtUjmv8iyV2-jIfu5hFW6pGmQ0nDTNy3PplyzztE7lzgSP62cXE2wYZJ17PWZ6zjc0TH136ug5gocun83dHfxTM1U4tBIWM8t5pZOtGxDzuL4AgjFwXIjN78EPIcTQ2EgOhft_NESkj-1yU3ljEZ-my4aps6qzThZloJi9gmq5bfyGzvwjDESl1Xce3WSwwHd2Gu7hQXH6kpzzXSpxkXA6NCReqeg_acFprzpmVXttYrgUTNYGI019iSs0AaPhTyiSeSRIrs3vLR1MM_Td_e0vBZ3JX1Nt561wxLhuA-z9OeJJV1PZj99o5Vxb_k3lYbaCJKBrdx4FT_Xqi4UdnO_0naYMId5h-a675VyxiOIVFe1pPFVrW99hyuMLAfCGYJg_Hfas8C35cTvK_eecaX9vLpNmmi9Rdbvh7-NxUpw1sI0piZkMTegtGmKfw9Oc8ICl3LAcbtMPt_y06U9atXZFAPt50mh_T-JZDxvUpv85ZerF7_0RcckW21U0O93vHtdjEpUoifKVDL94qPp-RrgcQ65lW_ndsMUJMhfoNAc8kzAX2LNDD1NXCSg8O8AhfBfRiT4NsejLhB5TMQ7ug1d8zIAyVh13h8EHtvy6lnJoLhDAqfD_NyqN358VfSE4572wJgU_7CmFOSxqRaFIJ9vynpjqN5G3gcjcKbxxLiwN6YDDHkBxiH9ysAnr1W5bFNeNj2GReNU-0l7znwSkcdSANStfWUAiD09xgbEUlFkqAvOuujzablEOWGqclfiCTADmX7RrDyFYGNKPVfoxI5-xw8g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEGAoaJwLZ7ffLcjMoPMP3v742A_kj9KxXL_b_YiIAcCNtwEQASAAYLu-roPQCoIBF2NhLXB1Yi0zNTkzODYxNTgzNzA3MzM4yAEJqQJkqfGvIuy1PqgDAcgDAqoEgwJP0OASyJ8t231R-NV0kE82zan-0EI26GYSQ6QHQVf3x7v7YE2cUzL3IcnRMsOMByLTZLHzEvOqeNV0VE-o4Qo0eXWH8t1D_Amy3h41A9um6HsthdJ-TwaVGjd-mPMmtE98K692JKQPwAZHT52mvoMuMRk53-UwGF3dbppQteac1yzA4-rOeOWv3XVI7_6Wynw7LDQjTUc5gnoF4ta5L1enBY5x9BKlFiEf31uzFJB4NyyNGeMMTn21YVuvujud0nLaIiIhbDq9C4UgpRrrZ5oyggwduBD1RtHB4ia8nDO5TNq2NttAzqfWCHkcEdszKOAq4K8zF9p8z-8u6lum4ujDAH0dgAa7hqj6s_jMlEegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggsCIDhgBAQATIHqoKA4J-AAToMgMADgICEgICUruADSL39wTpY7ozy2o6LiQP6CwIIAYAMAdAVAYAXAbIXLhIqEigIy6eQm92Ew5JBEhZTSU1VTEFURURfRE9NQUlOX1BVQjFQGAEgA0glGAw%26num%3D1%26sig%3DAOD64_0TAibB-y0jeIKGCTDh7lf9x5O3xA%26client%3Dca-pub-3593861583707338%26adurl%3D HTTP/2.0
host: ads.eu.criteo.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cto_bundle=0dC8Cl9NRzVaUmEwMW8ybTJEWm5PaEVrbTlrVXBLYklDeEZwZURNbXBWakNCRjlRUUtLR3ZFRjlTQ1VQWUI4RzloOEI1TDV0M0V6SFl2dnVuQjdOOFV3JTJGUVByeGpRbnVzNHNPcUZLTjJpRlFOaDNrJTNE
cookie: receive-cookie-deprecation=1

Response

HTTP/2.0 200

content-type: text/html
date: Sun, 13 Oct 2024 10:09:44 GMT
server: Kestrel
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
pragma: no-cache
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=KOwNDCUDT_zswEzpTGxUPayOixgevdsmStrI0GZe0BFaxJIsP9hTtktbj7IXGoeF6vrTUzWRZBISrrfYp7NKyVYUKDmZbkTjp5OT-7BRDi_g-cRW9n5_-qlPqXsLz3vbrr_pQUv4hNKhPYq8e0VI16qfBT4nDXwG1DH_fd_0Pd6WYScFtXz26mqZGScRJUGphLaUZdCtXxjOrB8ieSDOsJQFc1gkXlI0ECCo4ic7joWJf2bHEkb1lSD4T-ok_awVJY5jBQ"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 28182261
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
content-encoding: gzip
GET

https://www.google.com/pagead/drt/ui

chrome.exe

Remote address:

142.250.200.4:443

Request

GET /pagead/drt/ui HTTP/2.0
host: www.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=tx64ELXi4609Y0lZoohPMQEGjjlXSDAoVZfuvB3iTDNvmlg4ruIixIjZPimLSS1QmA_MMxGvwDSYIiJqxsC9sfbTppAsiSSj-__Gs3Oga0nIEUH7IGmjZLGrLfLvaBS9okuFyFrj9RmikqsQA3sI324f_pb2lag3KVrCFBEiXEkmX7zImWrBPtvlKipjtG-9a2KH9HcbJ8TrjxqEyGui6c4fMZFJVTqmC5j7ocmYmHTU
GET

https://www.google.com/pagead/drt/ui

chrome.exe

Remote address:

142.250.200.4:443

Request

GET /pagead/drt/ui HTTP/2.0
host: www.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: NID=518=tx64ELXi4609Y0lZoohPMQEGjjlXSDAoVZfuvB3iTDNvmlg4ruIixIjZPimLSS1QmA_MMxGvwDSYIiJqxsC9sfbTppAsiSSj-__Gs3Oga0nIEUH7IGmjZLGrLfLvaBS9okuFyFrj9RmikqsQA3sI324f_pb2lag3KVrCFBEiXEkmX7zImWrBPtvlKipjtG-9a2KH9HcbJ8TrjxqEyGui6c4fMZFJVTqmC5j7ocmYmHTU
GET

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MDc3NTJlYmQtZDFmMC02MTFmLTVhNjEtZWU0YmYyNDI1ZTVm&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

142.250.179.226:443

Request

GET /pixel?google_nid=openx&google_hm=MDc3NTJlYmQtZDFmMC02MTFmLTVhNjEtZWU0YmYyNDI1ZTVm&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: cm.g.doubleclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://u.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: IDE=AHWqTUmlA0XKY15U9t3lux0JS1JSvDfLkrpZ7F8CBwlqbI_6mykCrj2azZldI_oDCts
GET

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

142.250.179.226:443

Request

GET /pixel?google_nid=openx&google_cm&google_sc&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: cm.g.doubleclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://u.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: IDE=AHWqTUmlA0XKY15U9t3lux0JS1JSvDfLkrpZ7F8CBwlqbI_6mykCrj2azZldI_oDCts
GET

https://cm.g.doubleclick.net/pixel?google_nid=open&google_hm=9Ex3S7EBhpWp9fhF67mqhQ==&ox_sc=1&ox_init=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

142.250.179.226:443

Request

GET /pixel?google_nid=open&google_hm=9Ex3S7EBhpWp9fhF67mqhQ==&ox_sc=1&ox_init=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: cm.g.doubleclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://u.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: IDE=AHWqTUnDjAT7T3cMal_nK9UVvLpT7zftxCyEh0A5qOEplyEsVaG2ni3krcQNs-kP-3E
cookie: DSID=NO_DATA
GET

https://match.adsrvr.org/track/cmf/openx?oxid=2b1afd77-1887-3fbb-4f81-b4f238a0903f&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

52.223.40.198:443

Request

GET /track/cmf/openx?oxid=2b1afd77-1887-3fbb-4f81-b4f238a0903f&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: match.adsrvr.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://u.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Sun, 13 Oct 2024 10:09:44 GMT
content-length: 1239
location: https://match.adsrvr.org/track/cmb/openx?oxid=2b1afd77-1887-3fbb-4f81-b4f238a0903f&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
server: Kestrel
set-cookie: TDID=525afc59-365a-4c22-b996-8aef5f081ed5; expires=Mon, 13 Oct 2025 10:09:44 GMT; domain=.adsrvr.org; path=/; secure; samesite=none
set-cookie: TDCPM=CAEYBSgCMgsIvu6Lx7zetT0QBTgB; expires=Mon, 13 Oct 2025 10:09:44 GMT; domain=.adsrvr.org; path=/; secure; samesite=none
GET

https://match.adsrvr.org/track/cmb/openx?oxid=2b1afd77-1887-3fbb-4f81-b4f238a0903f&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

52.223.40.198:443

Request

GET /track/cmb/openx?oxid=2b1afd77-1887-3fbb-4f81-b4f238a0903f&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: match.adsrvr.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://u.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: TDID=525afc59-365a-4c22-b996-8aef5f081ed5
cookie: TDCPM=CAEYBSgCMgsIvu6Lx7zetT0QBTgB

Response

HTTP/2.0 302

date: Sun, 13 Oct 2024 10:09:44 GMT
content-length: 1337
location: https://us-u.openx.net/w/1.0/sd?id=537072971&val=525afc59-365a-4c22-b996-8aef5f081ed5&ttd_puid=2b1afd77-1887-3fbb-4f81-b4f238a0903f&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
server: Kestrel
set-cookie: TDID=525afc59-365a-4c22-b996-8aef5f081ed5; expires=Mon, 13 Oct 2025 10:09:45 GMT; domain=.adsrvr.org; path=/; secure; samesite=none
set-cookie: TDCPM=CAEYBSABKAIyCwi-7ovHvN61PRAFOAE.; expires=Mon, 13 Oct 2025 10:09:45 GMT; domain=.adsrvr.org; path=/; secure; samesite=none
GET

https://aax-eu.amazon-adsystem.com/s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=73cc810a-042d-8441-8f8f-366550935bdf&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

52.95.122.74:443

Request

GET /s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=73cc810a-042d-8441-8f8f-366550935bdf&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/1.1
Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://u.openx.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

Server: Server
Date: Sun, 13 Oct 2024 10:09:44 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: 1SKVXF04SJ5X2TYSW6DK
Set-Cookie: ad-id=AyO6RFI_jUq1k81NGnZxTC4|t; Domain=.amazon-adsystem.com; Expires=Tue, 01-Jul-2025 10:09:44 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=73cc810a-042d-8441-8f8f-366550935bdf&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&dcc=t
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
GET

https://aax-eu.amazon-adsystem.com/s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=73cc810a-042d-8441-8f8f-366550935bdf&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&dcc=t

chrome.exe

Remote address:

52.95.122.74:443

Request

GET /s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=73cc810a-042d-8441-8f8f-366550935bdf&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&dcc=t HTTP/1.1
Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://u.openx.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9
Cookie: ad-id=AyO6RFI_jUq1k81NGnZxTC4|t

Response

HTTP/1.1 200 OK

Server: Server
Date: Sun, 13 Oct 2024 10:09:45 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: 4H5P0C7KHZ5YDH2RKMVX
Set-Cookie: ad-id=AyO6RFI_jUq1k81NGnZxTC4; Domain=.amazon-adsystem.com; Expires=Tue, 01-Jul-2025 10:09:44 GMT; Path=/; Secure; HttpOnly; SameSite=None
Set-Cookie: ad-privacy=0; Domain=.amazon-adsystem.com; Expires=Tue, 01-Jan-2030 10:09:45 GMT; Path=/; Secure; HttpOnly; SameSite=None
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
GET

https://c1.adform.net/serving/cookie/match?party=22&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

37.157.5.87:443

Request

GET /serving/cookie/match?party=22&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: c1.adform.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://u.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

server: nginx
date: Sun, 13 Oct 2024 10:09:44 GMT
content-length: 0
location: https://c1.adform.net/serving/cookie/match?CC=1&party=22&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1
pragma: no-cache
set-cookie: C=1; expires=Wed, 13 Nov 2024 10:09:44 GMT; domain=adform.net; path=/; secure; samesite=none
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=31536000; includeSubDomains
GET

https://c1.adform.net/serving/cookie/match?CC=1&party=22&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

37.157.5.87:443

Request

GET /serving/cookie/match?CC=1&party=22&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: c1.adform.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://u.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: C=1

Response

HTTP/2.0 302

server: nginx
date: Sun, 13 Oct 2024 10:09:44 GMT
content-length: 0
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5498570646921517865&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1
pragma: no-cache
set-cookie: uid=5498570646921517865; expires=Thu, 12 Dec 2024 10:09:44 GMT; domain=adform.net; path=/; secure; samesite=none
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
strict-transport-security: max-age=31536000; includeSubDomains
GET

https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

37.252.171.21:443

Request

GET /getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: ib.adnxs.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://u.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 307

server: nginx/1.23.4
date: Sun, 13 Oct 2024 10:09:44 GMT
content-type: text/html; charset=utf-8
content-length: 0
cache-control: no-store, no-cache, private
pragma: no-cache
expires: Sat, 15 Nov 2008 16:00:00 GMT
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
x-xss-protection: 0
access-control-allow-credentials: true
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
location: https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072399%26val%3D%24UID%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
an-x-request-uuid: cd409600-87ab-4966-adf5-535249b19525
set-cookie: XANDR_PANID=FVM10rF90SRrDaecVksYWwYzlMT6PSnKQ7GbGN_Mw53PKf4xDurj192U5WZyHHtQKhIxyRqGyVOYVrKFtN0elp2AnGMC6wUrO7XgdvIeedQ.; SameSite=None; Path=/; Max-Age=7776000; Expires=Sat, 11-Jan-2025 10:09:44 GMT; Domain=.adnxs.com; Secure; Partitioned
set-cookie: receive-cookie-deprecation=1; SameSite=None; Path=/; Max-Age=314496000; Expires=Sun, 01-Oct-2034 10:09:44 GMT; Domain=.adnxs.com; Secure; HttpOnly; Partitioned
set-cookie: uuid2=1804086296972189491; SameSite=None; Path=/; Max-Age=7776000; Expires=Sat, 11-Jan-2025 10:09:44 GMT; Domain=.adnxs.com; Secure; HttpOnly
x-proxy-origin: 138.199.29.44; 138.199.29.44; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
GET

https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072399%26val%3D%24UID%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

37.252.171.21:443

Request

GET /bounce?%2Fgetuid%3Fhttps%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072399%26val%3D%24UID%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: ib.adnxs.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://u.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: uuid2=1804086296972189491
cookie: XANDR_PANID=FVM10rF90SRrDaecVksYWwYzlMT6PSnKQ7GbGN_Mw53PKf4xDurj192U5WZyHHtQKhIxyRqGyVOYVrKFtN0elp2AnGMC6wUrO7XgdvIeedQ.
cookie: receive-cookie-deprecation=1

Response

HTTP/2.0 302

server: nginx/1.23.4
date: Sun, 13 Oct 2024 10:09:44 GMT
content-type: text/html; charset=utf-8
content-length: 0
cache-control: no-store, no-cache, private
pragma: no-cache
expires: Sat, 15 Nov 2008 16:00:00 GMT
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
x-xss-protection: 0
access-control-allow-credentials: true
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
location: https://eu-u.openx.net/w/1.0/sd?id=537072399&val=1804086296972189491&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
an-x-request-uuid: 2d25a83b-e89b-47a1-9558-8c26d13492c4
set-cookie: XANDR_PANID=FVM10rF90SRrDaecVksYWwYzlMT6PSnKQ7GbGN_Mw53PKf4xDurj192U5WZyHHtQKhIxyRqGyVOYVrKFtN0elp2AnGMC6wUrO7XgdvIeedQ.; SameSite=None; Path=/; Max-Age=7776000; Expires=Sat, 11-Jan-2025 10:09:44 GMT; Domain=.adnxs.com; Secure; Partitioned
set-cookie: receive-cookie-deprecation=1; SameSite=None; Path=/; Max-Age=314496000; Expires=Sun, 01-Oct-2034 10:09:44 GMT; Domain=.adnxs.com; Secure; HttpOnly; Partitioned
set-cookie: uuid2=1804086296972189491; SameSite=None; Path=/; Max-Age=7776000; Expires=Sat, 11-Jan-2025 10:09:44 GMT; Domain=.adnxs.com; Secure; HttpOnly
x-proxy-origin: 138.199.29.44; 138.199.29.44; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
GET

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dappnexus%26uid%3D%24UID

chrome.exe

Remote address:

37.252.171.21:443

Request

GET /getuid?https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dappnexus%26uid%3D%24UID HTTP/2.0
host: ib.adnxs.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: uuid2=1804086296972189491
cookie: XANDR_PANID=FVM10rF90SRrDaecVksYWwYzlMT6PSnKQ7GbGN_Mw53PKf4xDurj192U5WZyHHtQKhIxyRqGyVOYVrKFtN0elp2AnGMC6wUrO7XgdvIeedQ.
cookie: receive-cookie-deprecation=1

Response

HTTP/2.0 302

server: nginx/1.23.4
date: Sun, 13 Oct 2024 10:09:53 GMT
content-type: text/html; charset=utf-8
content-length: 0
cache-control: no-store, no-cache, private
pragma: no-cache
expires: Sat, 15 Nov 2008 16:00:00 GMT
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
x-xss-protection: 0
access-control-allow-credentials: true
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
location: https://sync.a-mo.net/setuid?A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=appnexus&uid=1804086296972189491
an-x-request-uuid: 3dc10fc3-0ad2-4188-a0f4-291671b963fb
set-cookie: XANDR_PANID=FVM10rF90SRrDaecVksYWwYzlMT6PSnKQ7GbGN_Mw53PKf4xDurj192U5WZyHHtQKhIxyRqGyVOYVrKFtN0elp2AnGMC6wUrO7XgdvIeedQ.; SameSite=None; Path=/; Max-Age=7776000; Expires=Sat, 11-Jan-2025 10:09:52 GMT; Domain=.adnxs.com; Secure; Partitioned
set-cookie: receive-cookie-deprecation=1; SameSite=None; Path=/; Max-Age=314496000; Expires=Sun, 01-Oct-2034 10:09:52 GMT; Domain=.adnxs.com; Secure; HttpOnly; Partitioned
set-cookie: uuid2=1804086296972189491; SameSite=None; Path=/; Max-Age=7776000; Expires=Sat, 11-Jan-2025 10:09:52 GMT; Domain=.adnxs.com; Secure; HttpOnly
x-proxy-origin: 138.199.29.44; 138.199.29.44; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
OPTIONS

https://id.hadron.ad.gt/v1/hadron.json?_it=amazon&partner_id=533&sync=0&domain=www.ldplayer.net&url=https://www.ldplayer.net/games/tree-of-savior-neverland-on-pc.html?n=22233333

chrome.exe

Remote address:

172.67.23.234:443

Request

OPTIONS /v1/hadron.json?_it=amazon&partner_id=533&sync=0&domain=www.ldplayer.net&url=https://www.ldplayer.net/games/tree-of-savior-neverland-on-pc.html?n=22233333 HTTP/2.0
host: id.hadron.ad.gt
accept: */*
access-control-request-method: GET
access-control-request-headers: content-type
origin: https://www.ldplayer.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:44 GMT
content-type: application/json
content-length: 0
expires: Mon, 13 Oct 2025 10:09:44 GMT
cache-control: max-age=31536000
cache-control: public, no-transform
debug: OPTIONS block
allow: POST, OPTIONS, GET
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8d1e892e6e459496-LHR
GET

https://id.hadron.ad.gt/v1/hadron.json?_it=amazon&partner_id=533&sync=0&domain=www.ldplayer.net&url=https://www.ldplayer.net/games/tree-of-savior-neverland-on-pc.html?n=22233333

chrome.exe

Remote address:

172.67.23.234:443

Request

GET /v1/hadron.json?_it=amazon&partner_id=533&sync=0&domain=www.ldplayer.net&url=https://www.ldplayer.net/games/tree-of-savior-neverland-on-pc.html?n=22233333 HTTP/2.0
host: id.hadron.ad.gt
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: application/json
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:44 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
access-control-allow-origin: *
debug: NON-OPTIONS
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8d1e892f2f529496-LHR
content-encoding: br
POST

https://bcp.crwdcntrl.net/6/map

chrome.exe

Remote address:

99.80.212.73:443

Request

POST /6/map HTTP/2.0
host: bcp.crwdcntrl.net
content-length: 990
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:44 GMT
content-type: application/json;charset=utf-8
content-length: 156
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control: no-cache
pragma: no-cache
expires: 0
x-server: 10.45.18.226
set-cookie: _cc_dc=1;Path=/;Domain=crwdcntrl.net;Expires=Thu, 10-Jul-2025 10:07:00 GMT;SameSite=None;Secure
set-cookie: _cc_id=a346b3c33a1ebdef5ba474e80d095112;Path=/;Domain=crwdcntrl.net;Expires=Thu, 10-Jul-2025 10:07:00 GMT;SameSite=None;Secure
access-control-allow-credentials: true
access-control-allow-origin: https://www.ldplayer.net
server: Jetty(9.4.38.v20210224)
GET

https://proc.ad.cpe.dotomi.com/cvx/client/direct/launcher?version=1.1.1&lid=681

chrome.exe

Remote address:

63.215.202.146:443

Request

GET /cvx/client/direct/launcher?version=1.1.1&lid=681 HTTP/2.0
host: proc.ad.cpe.dotomi.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:09:44 GMT
content-type: application/json
content-length: 190
cache-control: max-age=1800
access-control-allow-origin: https://www.ldplayer.net
access-control-allow-credentials: true
vary: Origin
expires: Sun, 13 Oct 2024 10:39:44 GMT
accept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Bitness
GET

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=wRgpjCycPVPw3dmzQTHnJu90zQSYcOxYM2PdnLMIu3Gxam-PoiVsDhij4paAHHTw6IDcT3gVjLdgVR83Tmuebi37d3GXcq4f56a5wXHQGMBDdl7Ty6QTi3p3DXuUjGUPY51SBqp_PlEkzzPB1VHAoQPbnfzChll9kQN8nd22jrmnMeK1tf0pV6ef6xSf1q5hIC-pJs1oF9FxcqXfKc881kJvhIYK6omt8mumpVFP8ZuPsqCUW7mDwrLJOjcmXMtjK5HexZIEKZsiq-itIEUZc4cu_wtL0wgxWIaw94GlGXRmX1T-9qPU8I8ZfcOpc2tCBYbhHWNejCoVtIcEoec5HPQKzbJafXIypcN36fUzkS0alB9npvgYjxyv9FmaGG9XWCyep1BxGMf5Fn3NsKcthZDPm47wjRIkmSnJ8uI45PhQw4qp7J1P2sOJr7p5G1_XqGBAuUE5A25tW4u1W_usKi0lbHYcgyGQCOhz1GDOWqKvchM1TUrkIRtnOG7OM7IhhS26ES81g0Vnnx7pAmJwHBdwRoOr84RUkjzveBbD_VYOKNZOFQ632poTupXL_tNk4xsLWg

chrome.exe

Remote address:

178.250.1.6:443

Request

GET /delivery/lg.php?cppv=3&cpp=wRgpjCycPVPw3dmzQTHnJu90zQSYcOxYM2PdnLMIu3Gxam-PoiVsDhij4paAHHTw6IDcT3gVjLdgVR83Tmuebi37d3GXcq4f56a5wXHQGMBDdl7Ty6QTi3p3DXuUjGUPY51SBqp_PlEkzzPB1VHAoQPbnfzChll9kQN8nd22jrmnMeK1tf0pV6ef6xSf1q5hIC-pJs1oF9FxcqXfKc881kJvhIYK6omt8mumpVFP8ZuPsqCUW7mDwrLJOjcmXMtjK5HexZIEKZsiq-itIEUZc4cu_wtL0wgxWIaw94GlGXRmX1T-9qPU8I8ZfcOpc2tCBYbhHWNejCoVtIcEoec5HPQKzbJafXIypcN36fUzkS0alB9npvgYjxyv9FmaGG9XWCyep1BxGMf5Fn3NsKcthZDPm47wjRIkmSnJ8uI45PhQw4qp7J1P2sOJr7p5G1_XqGBAuUE5A25tW4u1W_usKi0lbHYcgyGQCOhz1GDOWqKvchM1TUrkIRtnOG7OM7IhhS26ES81g0Vnnx7pAmJwHBdwRoOr84RUkjzveBbD_VYOKNZOFQ632poTupXL_tNk4xsLWg HTTP/2.0
host: cat.nl3.eu.criteo.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cto_bundle=0dC8Cl9NRzVaUmEwMW8ybTJEWm5PaEVrbTlrVXBLYklDeEZwZURNbXBWakNCRjlRUUtLR3ZFRjlTQ1VQWUI4RzloOEI1TDV0M0V6SFl2dnVuQjdOOFV3JTJGUVByeGpRbnVzNHNPcUZLTjJpRlFOaDNrJTNE
cookie: receive-cookie-deprecation=1

Response

HTTP/2.0 200

content-type: image/gif
date: Sun, 13 Oct 2024 10:09:44 GMT
server: Kestrel
cache-control: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
pragma: no-cache
cross-origin-resource-policy: cross-origin
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
server-processing-duration-in-ticks: 1820598
strict-transport-security: max-age=31536000; preload;
GET

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=FVUtrW0fk5ihiE3ybSadM_TYVAzSBg_4kO1ugW8v-xQeCliCZnE_7wH6aP9w93jneJveg7oc3S2l9IE56yE-Eogz9ycZwrtKzNgG-X2NopiRC5-G9gKp7cTqAW9uCxjIrkL9ZyEdDgCxXuQp0n2pUmIWyKtRdVPJ73do5XHi_WP7aPD7rWYA5mLk9-VufffLgIIFEyD41RdcOpVpxIjwXKbii4GxiFUNessBVHcAWz_xCbfO9A0ASp2ca1vTxNVO1ebvj8o3HLsVh-6iWDB73U2cM1_xW6Ev2lyseGyBlZN4wxVR6Wwld7-rCsL8_t_xKJHeNWkO5iHbEx9LEurnLyIPQA_4kNCyBwkbJQ4M_26sR6ke6IVz7UBRw81hw_OATORQNqLhHcar-mm60ChwudUexHsXHShtNxJ3X3NcQ4tSmpjJDhO1154BUgfuAwG8qf9_FppLzKdjuIsFsdPRzLJJOGO9hhvGQvla2nO-7k69iW7w2O_OqDkSQ3LAddz4gvOVgk83XrFbFgJq4Q1lkHCrhseHSTAd_P2qU9s9CmM31zKdWkcpqd8tq3JZ6XDnHUIG_bsMTzAfoJ2qrQyGaWAXcXc

chrome.exe

Remote address:

178.250.1.6:443

Request

GET /delivery/lg.php?cppv=3&cpp=FVUtrW0fk5ihiE3ybSadM_TYVAzSBg_4kO1ugW8v-xQeCliCZnE_7wH6aP9w93jneJveg7oc3S2l9IE56yE-Eogz9ycZwrtKzNgG-X2NopiRC5-G9gKp7cTqAW9uCxjIrkL9ZyEdDgCxXuQp0n2pUmIWyKtRdVPJ73do5XHi_WP7aPD7rWYA5mLk9-VufffLgIIFEyD41RdcOpVpxIjwXKbii4GxiFUNessBVHcAWz_xCbfO9A0ASp2ca1vTxNVO1ebvj8o3HLsVh-6iWDB73U2cM1_xW6Ev2lyseGyBlZN4wxVR6Wwld7-rCsL8_t_xKJHeNWkO5iHbEx9LEurnLyIPQA_4kNCyBwkbJQ4M_26sR6ke6IVz7UBRw81hw_OATORQNqLhHcar-mm60ChwudUexHsXHShtNxJ3X3NcQ4tSmpjJDhO1154BUgfuAwG8qf9_FppLzKdjuIsFsdPRzLJJOGO9hhvGQvla2nO-7k69iW7w2O_OqDkSQ3LAddz4gvOVgk83XrFbFgJq4Q1lkHCrhseHSTAd_P2qU9s9CmM31zKdWkcpqd8tq3JZ6XDnHUIG_bsMTzAfoJ2qrQyGaWAXcXc HTTP/2.0
host: cat.nl3.eu.criteo.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cto_bundle=0dC8Cl9NRzVaUmEwMW8ybTJEWm5PaEVrbTlrVXBLYklDeEZwZURNbXBWakNCRjlRUUtLR3ZFRjlTQ1VQWUI4RzloOEI1TDV0M0V6SFl2dnVuQjdOOFV3JTJGUVByeGpRbnVzNHNPcUZLTjJpRlFOaDNrJTNE
cookie: receive-cookie-deprecation=1

Response

HTTP/2.0 200

content-type: image/gif
date: Sun, 13 Oct 2024 10:09:45 GMT
server: Kestrel
cache-control: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
pragma: no-cache
cross-origin-resource-policy: cross-origin
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
server-processing-duration-in-ticks: 1530651
strict-transport-security: max-age=31536000; preload;
DNS

162.68.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

162.68.67.172.in-addr.arpa

IN PTR

Response
DNS

uipglob.semasio.net

Remote address:

8.8.8.8:53

Request

uipglob.semasio.net

IN A

Response

uipglob.semasio.net

IN CNAME

uipglob.trafficmanager.net

uipglob.trafficmanager.net

IN CNAME

uip.semasio.net

uip.semasio.net

IN A

77.243.51.121

uip.semasio.net

IN A

77.243.51.122
DNS

233.2.157.37.in-addr.arpa

Remote address:

8.8.8.8:53

Request

233.2.157.37.in-addr.arpa

IN PTR

Response
DNS

33.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.200.250.142.in-addr.arpa

IN PTR

Response

33.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f11e100net
DNS

csync.loopme.me

Remote address:

8.8.8.8:53

Request

csync.loopme.me

IN A

Response

csync.loopme.me

IN CNAME

envoy-hl.envoy-csync.core-002-ew4.ov1o.com

envoy-hl.envoy-csync.core-002-ew4.ov1o.com

IN A

34.1.230.204

envoy-hl.envoy-csync.core-002-ew4.ov1o.com

IN A

35.214.166.54

envoy-hl.envoy-csync.core-002-ew4.ov1o.com

IN A

34.1.239.132

envoy-hl.envoy-csync.core-002-ew4.ov1o.com

IN A

35.214.135.128

envoy-hl.envoy-csync.core-002-ew4.ov1o.com

IN A

35.214.174.183

envoy-hl.envoy-csync.core-002-ew4.ov1o.com

IN A

35.214.185.177

envoy-hl.envoy-csync.core-002-ew4.ov1o.com

IN A

35.214.219.142
DNS

creativecdn.com

Remote address:

8.8.8.8:53

Request

creativecdn.com

IN A

Response

creativecdn.com

IN A

185.184.8.90
DNS

52.171.252.37.in-addr.arpa

Remote address:

8.8.8.8:53

Request

52.171.252.37.in-addr.arpa

IN PTR

Response

52.171.252.37.in-addr.arpa

IN PTR

1005bm-nginx-loadbalancermgmtfra1adnexusnet
DNS

dsp.nrich.ai

Remote address:

8.8.8.8:53

Request

dsp.nrich.ai

IN A

Response

dsp.nrich.ai

IN A

51.255.68.171
DNS

prebid.adnxs.com

Remote address:

8.8.8.8:53

Request

prebid.adnxs.com

IN A

Response

prebid.adnxs.com

IN CNAME

xandr-prebid.trafficmanager.net

xandr-prebid.trafficmanager.net

IN A

185.89.208.11
DNS

prebid.adnxs.com

Remote address:

8.8.8.8:53

Request

prebid.adnxs.com

IN A

Response

prebid.adnxs.com

IN CNAME

xandr-prebid.trafficmanager.net

xandr-prebid.trafficmanager.net

IN A

185.89.208.11
DNS

103.252.227.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.252.227.35.in-addr.arpa

IN PTR

Response

103.252.227.35.in-addr.arpa

IN PTR

10325222735bcgoogleusercontentcom
DNS

csm.eu.criteo.net

Remote address:

8.8.8.8:53

Request

csm.eu.criteo.net

IN A

Response

csm.eu.criteo.net

IN CNAME

csm.nl3.vip.prod.criteo.net

csm.nl3.vip.prod.criteo.net

IN A

178.250.1.25
DNS

22.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.1.250.178.in-addr.arpa

IN PTR

Response
DNS

06134f23dbc458b93bea8afca61e22c8.safeframe.googlesyndication.com

Remote address:

8.8.8.8:53

Request

06134f23dbc458b93bea8afca61e22c8.safeframe.googlesyndication.com

IN A

Response

06134f23dbc458b93bea8afca61e22c8.safeframe.googlesyndication.com

IN CNAME

pagead-googlehosted.l.google.com

pagead-googlehosted.l.google.com

IN A

142.250.180.1
DNS

06134f23dbc458b93bea8afca61e22c8.safeframe.googlesyndication.com

Remote address:

8.8.8.8:53

Request

06134f23dbc458b93bea8afca61e22c8.safeframe.googlesyndication.com

IN A

Response

06134f23dbc458b93bea8afca61e22c8.safeframe.googlesyndication.com

IN CNAME

pagead-googlehosted.l.google.com

pagead-googlehosted.l.google.com

IN A

142.250.180.1
DNS

90.8.184.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

90.8.184.185.in-addr.arpa

IN PTR

Response

90.8.184.185.in-addr.arpa

IN PTR

ip-185-184-8-90rtbhousenet
DNS

cm.adform.net

Remote address:

8.8.8.8:53

Request

cm.adform.net

IN A

Response

cm.adform.net

IN CNAME

track-eu.adformnet.akadns.net

track-eu.adformnet.akadns.net

IN A

37.157.2.233

track-eu.adformnet.akadns.net

IN A

37.157.3.26

track-eu.adformnet.akadns.net

IN A

37.157.2.228

track-eu.adformnet.akadns.net

IN A

37.157.2.229

track-eu.adformnet.akadns.net

IN A

37.157.2.230
DNS

25.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

25.1.250.178.in-addr.arpa

IN PTR

Response
DNS

50.108.171.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.108.171.54.in-addr.arpa

IN PTR

Response

50.108.171.54.in-addr.arpa

IN PTR

ec2-54-171-108-50 eu-west-1compute amazonawscom
DNS

x.bidswitch.net

Remote address:

8.8.8.8:53

Request

x.bidswitch.net

IN A

Response

x.bidswitch.net

IN CNAME

user-data-eu.bidswitch.net

user-data-eu.bidswitch.net

IN A

35.214.136.108
DNS

204.230.1.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

204.230.1.34.in-addr.arpa

IN PTR

Response

204.230.1.34.in-addr.arpa

IN PTR

204230134bcgoogleusercontentcom
DNS

ads.creative-serving.com

Remote address:

8.8.8.8:53

Request

ads.creative-serving.com

IN A

Response

ads.creative-serving.com

IN CNAME

httplb-gce-nl-clickdistrict.clickdistrict.iponweb.net

httplb-gce-nl-clickdistrict.clickdistrict.iponweb.net

IN A

35.214.241.248
DNS

ads.creative-serving.com

Remote address:

8.8.8.8:53

Request

ads.creative-serving.com

IN A

Response

ads.creative-serving.com

IN CNAME

httplb-gce-nl-clickdistrict.clickdistrict.iponweb.net

httplb-gce-nl-clickdistrict.clickdistrict.iponweb.net

IN A

35.214.241.248
DNS

33.194.5.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

33.194.5.163.in-addr.arpa

IN PTR

Response
DNS

node.setupad.com

Remote address:

8.8.8.8:53

Request

node.setupad.com

IN A

Response

node.setupad.com

IN A

159.89.25.223
DNS

121.51.243.77.in-addr.arpa

Remote address:

8.8.8.8:53

Request

121.51.243.77.in-addr.arpa

IN PTR

Response
DNS

sync.a-mo.net

Remote address:

8.8.8.8:53

Request

sync.a-mo.net

IN A

Response

sync.a-mo.net

IN CNAME

nld-prebid.a-mx.net

nld-prebid.a-mx.net

IN A

163.5.194.36

nld-prebid.a-mx.net

IN A

163.5.194.35

nld-prebid.a-mx.net

IN A

163.5.194.33

nld-prebid.a-mx.net

IN A

163.5.194.34

nld-prebid.a-mx.net

IN A

163.5.194.30

nld-prebid.a-mx.net

IN A

163.5.194.31

nld-prebid.a-mx.net

IN A

163.5.194.32

nld-prebid.a-mx.net

IN A

163.5.194.37
DNS

sync.a-mo.net

Remote address:

8.8.8.8:53

Request

sync.a-mo.net

IN A

Response

sync.a-mo.net

IN CNAME

nld-prebid.a-mx.net

nld-prebid.a-mx.net

IN A

163.5.194.32

nld-prebid.a-mx.net

IN A

163.5.194.35

nld-prebid.a-mx.net

IN A

163.5.194.33

nld-prebid.a-mx.net

IN A

163.5.194.31

nld-prebid.a-mx.net

IN A

163.5.194.36

nld-prebid.a-mx.net

IN A

163.5.194.30

nld-prebid.a-mx.net

IN A

163.5.194.37

nld-prebid.a-mx.net

IN A

163.5.194.34
DNS

132.5.157.37.in-addr.arpa

Remote address:

8.8.8.8:53

Request

132.5.157.37.in-addr.arpa

IN PTR

Response
DNS

ssbsync-global.smartadserver.com

Remote address:

8.8.8.8:53

Request

ssbsync-global.smartadserver.com

IN A

Response

ssbsync-global.smartadserver.com

IN CNAME

usersync-geo-global.usersync-prod-sas.akadns.net

usersync-geo-global.usersync-prod-sas.akadns.net

IN CNAME

ssbsync-euw2.smartadserver.com

ssbsync-euw2.smartadserver.com

IN A

5.135.209.100

ssbsync-euw2.smartadserver.com

IN A

51.178.195.213

ssbsync-euw2.smartadserver.com

IN A

91.134.110.132

ssbsync-euw2.smartadserver.com

IN A

217.182.178.228

ssbsync-euw2.smartadserver.com

IN A

178.32.210.231

ssbsync-euw2.smartadserver.com

IN A

164.132.25.180

ssbsync-euw2.smartadserver.com

IN A

149.202.238.101

ssbsync-euw2.smartadserver.com

IN A

5.196.111.68

ssbsync-euw2.smartadserver.com

IN A

5.196.111.69

ssbsync-euw2.smartadserver.com

IN A

149.202.238.100

ssbsync-euw2.smartadserver.com

IN A

164.132.25.181

ssbsync-euw2.smartadserver.com

IN A

178.32.210.230

ssbsync-euw2.smartadserver.com

IN A

178.32.197.53

ssbsync-euw2.smartadserver.com

IN A

178.32.197.52

ssbsync-euw2.smartadserver.com

IN A

51.178.195.212

ssbsync-euw2.smartadserver.com

IN A

217.182.178.229

ssbsync-euw2.smartadserver.com

IN A

91.134.110.133

ssbsync-euw2.smartadserver.com

IN A

5.135.209.101
DNS

ssbsync-global.smartadserver.com

Remote address:

8.8.8.8:53

Request

ssbsync-global.smartadserver.com

IN A

Response

ssbsync-global.smartadserver.com

IN CNAME

usersync-geo-global.usersync-prod-sas.akadns.net

usersync-geo-global.usersync-prod-sas.akadns.net

IN CNAME

ssbsync-euw2.smartadserver.com

ssbsync-euw2.smartadserver.com

IN A

149.202.238.100

ssbsync-euw2.smartadserver.com

IN A

5.135.209.100

ssbsync-euw2.smartadserver.com

IN A

5.196.111.69

ssbsync-euw2.smartadserver.com

IN A

217.182.178.229

ssbsync-euw2.smartadserver.com

IN A

178.32.210.230

ssbsync-euw2.smartadserver.com

IN A

164.132.25.180

ssbsync-euw2.smartadserver.com

IN A

164.132.25.181

ssbsync-euw2.smartadserver.com

IN A

149.202.238.101

ssbsync-euw2.smartadserver.com

IN A

91.134.110.133

ssbsync-euw2.smartadserver.com

IN A

178.32.210.231

ssbsync-euw2.smartadserver.com

IN A

51.178.195.213

ssbsync-euw2.smartadserver.com

IN A

91.134.110.132

ssbsync-euw2.smartadserver.com

IN A

178.32.197.53

ssbsync-euw2.smartadserver.com

IN A

51.178.195.212

ssbsync-euw2.smartadserver.com

IN A

5.196.111.68

ssbsync-euw2.smartadserver.com

IN A

217.182.178.228

ssbsync-euw2.smartadserver.com

IN A

5.135.209.101

ssbsync-euw2.smartadserver.com

IN A

178.32.197.52
DNS

48.197.32.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.197.32.178.in-addr.arpa

IN PTR

Response

48.197.32.178.in-addr.arpa

IN PTR

ip48 ip-178-32-197eu
DNS

6.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

6.1.250.178.in-addr.arpa

IN PTR

Response
DNS

cdn.ampproject.org

Remote address:

8.8.8.8:53

Request

cdn.ampproject.org

IN A

Response

cdn.ampproject.org

IN CNAME

cdn-content.ampproject.org

cdn-content.ampproject.org

IN A

142.250.200.33
DNS

secure.adnxs.com

Remote address:

8.8.8.8:53

Request

secure.adnxs.com

IN A

Response

secure.adnxs.com

IN CNAME

xandr-g-geo.trafficmanager.net

xandr-g-geo.trafficmanager.net

IN CNAME

ib.anycast.adnxs.com

ib.anycast.adnxs.com

IN A

37.252.171.52

ib.anycast.adnxs.com

IN A

37.252.171.21

ib.anycast.adnxs.com

IN A

37.252.173.215

ib.anycast.adnxs.com

IN A

37.252.172.123

ib.anycast.adnxs.com

IN A

37.252.171.149

ib.anycast.adnxs.com

IN A

37.252.171.85

ib.anycast.adnxs.com

IN A

37.252.171.53
DNS

pr-bh.ybp.yahoo.com

Remote address:

8.8.8.8:53

Request

pr-bh.ybp.yahoo.com

IN A

Response

pr-bh.ybp.yahoo.com

IN CNAME

ds-pr-bh.ybp.gysm.yahoodns.net

ds-pr-bh.ybp.gysm.yahoodns.net

IN A

34.249.211.147

ds-pr-bh.ybp.gysm.yahoodns.net

IN A

34.255.52.126

ds-pr-bh.ybp.gysm.yahoodns.net

IN A

52.31.116.215

ds-pr-bh.ybp.gysm.yahoodns.net

IN A

34.249.222.253
DNS

89.193.149.89.in-addr.arpa

Remote address:

8.8.8.8:53

Request

89.193.149.89.in-addr.arpa

IN PTR

Response
DNS

image8.pubmatic.com

Remote address:

8.8.8.8:53

Request

image8.pubmatic.com

IN A

Response

image8.pubmatic.com

IN CNAME

image8-v2.pubmnet.com

image8-v2.pubmnet.com

IN CNAME

imgsync-amsfpairbc.pubmnet.com

imgsync-amsfpairbc.pubmnet.com

IN A

198.47.127.18
DNS

image8.pubmatic.com

Remote address:

8.8.8.8:53

Request

image8.pubmatic.com

IN A

Response

image8.pubmatic.com

IN CNAME

image8-v2.pubmnet.com

image8-v2.pubmnet.com

IN CNAME

imgsync-amsfpairbc.pubmnet.com

imgsync-amsfpairbc.pubmnet.com

IN A

198.47.127.18
DNS

119.138.19.162.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.138.19.162.in-addr.arpa

IN PTR

Response

119.138.19.162.in-addr.arpa

IN PTR

ns31533570 ip-162-19-138eu
DNS

ice.360yield.com

Remote address:

8.8.8.8:53

Request

ice.360yield.com

IN A

Response

ice.360yield.com

IN CNAME

euw-ice.360yield.com

euw-ice.360yield.com

IN A

54.75.14.246

euw-ice.360yield.com

IN A

54.229.250.166

euw-ice.360yield.com

IN A

54.72.215.169

euw-ice.360yield.com

IN A

34.249.121.67

euw-ice.360yield.com

IN A

108.128.214.95

euw-ice.360yield.com

IN A

54.76.230.133

euw-ice.360yield.com

IN A

34.245.251.238

euw-ice.360yield.com

IN A

52.213.241.4
DNS

223.25.89.159.in-addr.arpa

Remote address:

8.8.8.8:53

Request

223.25.89.159.in-addr.arpa

IN PTR

Response
DNS

13.164.228.46.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.164.228.46.in-addr.arpa

IN PTR

Response

13.164.228.46.in-addr.arpa

IN PTR

d-ams1turncom
DNS

tr.blismedia.com

Remote address:

8.8.8.8:53

Request

tr.blismedia.com

IN A

Response

tr.blismedia.com

IN A

34.96.105.8
DNS

217.210.82.80.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.210.82.80.in-addr.arpa

IN PTR

Response
DNS

ads.betweendigital.com

Remote address:

8.8.8.8:53

Request

ads.betweendigital.com

IN A

Response

ads.betweendigital.com

IN CNAME

ssp.ads.betweendigital.com

ssp.ads.betweendigital.com

IN A

188.42.189.197

ssp.ads.betweendigital.com

IN A

188.42.34.64

ssp.ads.betweendigital.com

IN A

188.42.196.115

ssp.ads.betweendigital.com

IN A

188.42.191.196

ssp.ads.betweendigital.com

IN A

188.42.189.231

ssp.ads.betweendigital.com

IN A

188.42.34.65
DNS

ow.pubmatic.com

Remote address:

8.8.8.8:53

Request

ow.pubmatic.com

IN A

Response

ow.pubmatic.com

IN CNAME

owv2.pubmnet.com

owv2.pubmnet.com

IN CNAME

ow-lhrc.pubmnet.com

ow-lhrc.pubmnet.com

IN A

185.64.190.84
DNS

18.127.47.198.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.127.47.198.in-addr.arpa

IN PTR

Response
DNS

47.216.127.79.in-addr.arpa

Remote address:

8.8.8.8:53

Request

47.216.127.79.in-addr.arpa

IN PTR

Response

47.216.127.79.in-addr.arpa

IN PTR

unn-79-127-216-47 datapacketcom
DNS

c0f488aa5dced54740a0f1891a1b6ede.nrb.footprintdns.com

Remote address:

8.8.8.8:53

Request

c0f488aa5dced54740a0f1891a1b6ede.nrb.footprintdns.com

IN A

Response

c0f488aa5dced54740a0f1891a1b6ede.nrb.footprintdns.com

IN CNAME

vie-mvp.trafficmanager.net

vie-mvp.trafficmanager.net

IN A

40.101.70.18

vie-mvp.trafficmanager.net

IN A

52.97.148.210

vie-mvp.trafficmanager.net

IN A

40.101.69.34

vie-mvp.trafficmanager.net

IN A

52.97.141.82

vie-mvp.trafficmanager.net

IN A

52.97.159.210

vie-mvp.trafficmanager.net

IN A

40.101.70.194

vie-mvp.trafficmanager.net

IN A

52.97.154.162

vie-mvp.trafficmanager.net

IN A

40.101.69.194
DNS

c0f488aa5dced54740a0f1891a1b6ede.nrb.footprintdns.com

Remote address:

8.8.8.8:53

Request

c0f488aa5dced54740a0f1891a1b6ede.nrb.footprintdns.com

IN A

Response

c0f488aa5dced54740a0f1891a1b6ede.nrb.footprintdns.com

IN CNAME

vie-mvp.trafficmanager.net

vie-mvp.trafficmanager.net

IN A

52.97.159.210

vie-mvp.trafficmanager.net

IN A

40.101.70.194

vie-mvp.trafficmanager.net

IN A

52.97.128.2

vie-mvp.trafficmanager.net

IN A

52.97.142.2

vie-mvp.trafficmanager.net

IN A

52.97.174.2

vie-mvp.trafficmanager.net

IN A

40.101.76.162

vie-mvp.trafficmanager.net

IN A

52.97.176.98

vie-mvp.trafficmanager.net

IN A

40.99.220.18
DNS

30.95.9.65.in-addr.arpa

Remote address:

8.8.8.8:53

Request

30.95.9.65.in-addr.arpa

IN PTR

Response

30.95.9.65.in-addr.arpa

IN PTR

server-65-9-95-30prg50r cloudfrontnet
DNS

197.9.9.65.in-addr.arpa

Remote address:

8.8.8.8:53

Request

197.9.9.65.in-addr.arpa

IN PTR

Response

197.9.9.65.in-addr.arpa

IN PTR

server-65-9-9-197prg50r cloudfrontnet
DNS

86.53.22.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.53.22.104.in-addr.arpa

IN PTR

Response
DNS

173.53.22.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

173.53.22.104.in-addr.arpa

IN PTR

Response
DNS

3.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.1.250.178.in-addr.arpa

IN PTR

Response
DNS

rtb.gumgum.com

Remote address:

8.8.8.8:53

Request

rtb.gumgum.com

IN A

Response

rtb.gumgum.com

IN A

54.171.108.50

rtb.gumgum.com

IN A

52.51.194.191

rtb.gumgum.com

IN A

63.34.183.238

rtb.gumgum.com

IN A

52.210.179.202

rtb.gumgum.com

IN A

52.19.105.179

rtb.gumgum.com

IN A

54.73.12.34

rtb.gumgum.com

IN A

52.214.64.207

rtb.gumgum.com

IN A

54.194.165.207
DNS

setupad-d.openx.net

Remote address:

8.8.8.8:53

Request

setupad-d.openx.net

IN A

Response

setupad-d.openx.net

IN A

35.244.159.8

setupad-d.openx.net

IN A

34.98.64.218
DNS

assets.a-mo.net

Remote address:

8.8.8.8:53

Request

assets.a-mo.net

IN A

Response

assets.a-mo.net

IN CNAME

assets.a-mo.net.cdn.cloudflare.net

assets.a-mo.net.cdn.cloudflare.net

IN A

104.19.158.19

assets.a-mo.net.cdn.cloudflare.net

IN A

104.19.159.19
DNS

36.194.5.163.in-addr.arpa

Remote address:

8.8.8.8:53

Request

36.194.5.163.in-addr.arpa

IN PTR

Response
DNS

pixel.rubiconproject.com

Remote address:

8.8.8.8:53

Request

pixel.rubiconproject.com

IN A

Response

pixel.rubiconproject.com

IN CNAME

pixel.rubiconproject.net.akadns.net

pixel.rubiconproject.net.akadns.net

IN A

69.173.156.148

pixel.rubiconproject.net.akadns.net

IN A

69.173.156.149
DNS

pixel.rubiconproject.com

Remote address:

8.8.8.8:53

Request

pixel.rubiconproject.com

IN A

Response

pixel.rubiconproject.com

IN CNAME

pixel.rubiconproject.net.akadns.net

pixel.rubiconproject.net.akadns.net

IN A

69.173.156.148

pixel.rubiconproject.net.akadns.net

IN A

69.173.156.149
DNS

230.175.78.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

230.175.78.104.in-addr.arpa

IN PTR

Response

230.175.78.104.in-addr.arpa

IN PTR

a104-78-175-230deploystaticakamaitechnologiescom
DNS

6.95.9.65.in-addr.arpa

Remote address:

8.8.8.8:53

Request

6.95.9.65.in-addr.arpa

IN PTR

Response

6.95.9.65.in-addr.arpa

IN PTR

server-65-9-95-6prg50r cloudfrontnet
DNS

8.159.244.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.159.244.35.in-addr.arpa

IN PTR

Response

8.159.244.35.in-addr.arpa

IN PTR

815924435bcgoogleusercontentcom
DNS

225.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

225.187.250.142.in-addr.arpa

IN PTR

Response

225.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f11e100net
DNS

10.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.1.250.178.in-addr.arpa

IN PTR

Response
DNS

17.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.1.250.178.in-addr.arpa

IN PTR

Response
DNS

226.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

226.179.250.142.in-addr.arpa

IN PTR

Response

226.179.250.142.in-addr.arpa

IN PTR

lhr25s31-in-f21e100net
DNS

198.40.223.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.40.223.52.in-addr.arpa

IN PTR

Response

198.40.223.52.in-addr.arpa

IN PTR

a6370ebea231e0c9aawsglobalacceleratorcom
DNS

87.5.157.37.in-addr.arpa

Remote address:

8.8.8.8:53

Request

87.5.157.37.in-addr.arpa

IN PTR

Response
DNS

21.171.252.37.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.171.252.37.in-addr.arpa

IN PTR

Response

21.171.252.37.in-addr.arpa

IN PTR

1004bm-nginx-loadbalancermgmtfra1adnexusnet
DNS

74.122.95.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.122.95.52.in-addr.arpa

IN PTR

Response
DNS

234.23.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.23.67.172.in-addr.arpa

IN PTR

Response
DNS

73.212.80.99.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.212.80.99.in-addr.arpa

IN PTR

Response

73.212.80.99.in-addr.arpa

IN PTR

ec2-99-80-212-73 eu-west-1compute amazonawscom
DNS

146.202.215.63.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.202.215.63.in-addr.arpa

IN PTR

Response

146.202.215.63.in-addr.arpa

IN PTR

ams01-convex-float1dotomicom
DNS

cdnjs.cloudflare.com

chrome.exe

Remote address:

8.8.8.8:53

Request

cdnjs.cloudflare.com

IN A

Response

cdnjs.cloudflare.com

IN A

104.17.25.14

cdnjs.cloudflare.com

IN A

104.17.24.14
GET

https://static.criteo.net/flash/icon/close_button.svg

chrome.exe

Remote address:

178.250.1.3:443

Request

GET /flash/icon/close_button.svg HTTP/2.0
host: static.criteo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:09:44 GMT
content-type: image/svg+xml
content-length: 293
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
etag: "626a59dc-125"
expires: Wed, 08 Oct 2025 10:09:44 GMT
cache-control: max-age=31104000
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
GET

https://static.criteo.net/flash/icon/privacy_small.svg

chrome.exe

Remote address:

178.250.1.3:443

Request

GET /flash/icon/privacy_small.svg HTTP/2.0
host: static.criteo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:09:44 GMT
content-type: image/svg+xml
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
etag: W/"5e42ba84-6aa"
expires: Wed, 08 Oct 2025 10:09:44 GMT
cache-control: max-age=31104000
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
GET

https://static.criteo.net/flash/icon/adchoices_en.svg

chrome.exe

Remote address:

178.250.1.3:443

Request

GET /flash/icon/adchoices_en.svg HTTP/2.0
host: static.criteo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:09:44 GMT
content-type: image/svg+xml
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
etag: W/"5e42b9ee-759"
expires: Wed, 08 Oct 2025 10:09:44 GMT
cache-control: max-age=31104000
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
GET

https://static.criteo.net/animejs/animejs.js

chrome.exe

Remote address:

178.250.1.3:443

Request

GET /animejs/animejs.js HTTP/2.0
host: static.criteo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:09:44 GMT
content-type: image/svg+xml
content-length: 308
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
etag: "5e46a5e4-134"
expires: Wed, 08 Oct 2025 10:09:44 GMT
cache-control: max-age=31104000
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
accept-ranges: bytes
strict-transport-security: max-age=31536000; preload;
GET

https://static.criteo.net/flash/icon/back_button2.svg

chrome.exe

Remote address:

178.250.1.3:443

Request

GET /flash/icon/back_button2.svg HTTP/2.0
host: static.criteo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:09:44 GMT
content-type: text/javascript
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
etag: W/"5c9a64eb-3181"
expires: Wed, 08 Oct 2025 10:09:44 GMT
cache-control: max-age=31104000
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
GET

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

chrome.exe

Remote address:

178.250.1.3:443

Request

GET /flash/icon/criteo_logo_2021.svg HTTP/2.0
host: static.criteo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:09:44 GMT
content-type: image/svg+xml
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
etag: W/"5e4d1491-646"
expires: Wed, 08 Oct 2025 10:09:44 GMT
cache-control: max-age=31104000
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
GET

https://static.criteo.net/flash/icon/privacy.svg

chrome.exe

Remote address:

178.250.1.3:443

Request

GET /flash/icon/privacy.svg HTTP/2.0
host: static.criteo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:09:44 GMT
content-type: image/svg+xml
last-modified: Thu, 27 May 2021 13:21:59 GMT
etag: W/"60af9cf7-891"
expires: Wed, 08 Oct 2025 10:09:44 GMT
cache-control: max-age=31104000
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
GET

https://static.criteo.net/design/googlefont/opensans/opensans-400.css

chrome.exe

Remote address:

178.250.1.3:443

Request

GET /design/googlefont/opensans/opensans-400.css HTTP/2.0
host: static.criteo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:09:45 GMT
content-type: text/css
last-modified: Thu, 08 Dec 2022 14:11:03 GMT
etag: W/"6391f077-9fe"
expires: Wed, 08 Oct 2025 10:09:45 GMT
cache-control: max-age=31104000
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
GET

https://static.criteo.net/design/googlefont/opensans/opensans-700.css

chrome.exe

Remote address:

178.250.1.3:443

Request

GET /design/googlefont/opensans/opensans-700.css HTTP/2.0
host: static.criteo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:09:45 GMT
content-type: text/css
last-modified: Thu, 08 Dec 2022 14:11:05 GMT
etag: W/"6391f079-9fe"
expires: Wed, 08 Oct 2025 10:09:45 GMT
cache-control: max-age=31104000
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
GET

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

chrome.exe

Remote address:

104.17.25.14:443

Request

GET /ajax/libs/webfont/1.6.28/webfontloader.js HTTP/2.0
host: cdnjs.cloudflare.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 4420
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb04030-30d9"
last-modified: Mon, 04 May 2020 16:17:52 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 105227
expires: Fri, 03 Oct 2025 10:09:45 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B1bActzcu3cPOo3j8dsLb1cdnO37tM5RvhkNLH7%2BGBqOB4aw1uxRciR%2Fc7U55c%2FaRS9Z%2F2NQP1HeEk8%2FTWhOljH69zmzK7brApfAAak7YKcg%2B%2BqR%2BE6%2Fey%2Fx4esdeTPO%2BwpIhFUm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8d1e89304cbd4170-LHR
alt-svc: h3=":443"; ma=86400
GET

https://imageproxy.eu.criteo.net/v1/001hdn2P9oK8GkuZWWt1IHeAgymFcnasreHwHQktXgtjnYzHBNcbzP2A7SaMczllqChmDlVFh8KiPyOZgsIgCJgbPDizJRyyOJjkCzrOgNtTkCGB0dWpr6jzRJKQKaAw4w8YkSIgXtXHdDNYuhVznXweRTC4IJuppbSGFZIqYz8LfY9zLW8?b=400

chrome.exe

Remote address:

178.250.1.15:443

Request

GET /v1/001hdn2P9oK8GkuZWWt1IHeAgymFcnasreHwHQktXgtjnYzHBNcbzP2A7SaMczllqChmDlVFh8KiPyOZgsIgCJgbPDizJRyyOJjkCzrOgNtTkCGB0dWpr6jzRJKQKaAw4w8YkSIgXtXHdDNYuhVznXweRTC4IJuppbSGFZIqYz8LfY9zLW8?b=400 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 47198
content-type: image/png
date: Wed, 18 Sep 2024 08:02:16 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Sat, 23 Aug 2025 05:15:56 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
vary: x-accept-image
age: 2167647
accept-ranges: bytes
x-cache: hit
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/v1/0006tOtUUQdN6AsdVKtjhOMweHZ6fri9my6kmLsZooPhZij6qvplxJxE5jtpt6ql6WR8DnB6IypimvSxi28Z7NkZsinlpcNglncPS3THo7IxV1aDOKrc6DK46maTJWJgWaqpHTDBP7lXxC6LGd4ObeRxFB9rAzgu5FCg9182M4bnZrRz8DePRL9w0femxOJva62PXOOFvBFEZFfCvpuM7de8n2ZFe0lO

chrome.exe

Remote address:

178.250.1.15:443

Request

GET /v1/0006tOtUUQdN6AsdVKtjhOMweHZ6fri9my6kmLsZooPhZij6qvplxJxE5jtpt6ql6WR8DnB6IypimvSxi28Z7NkZsinlpcNglncPS3THo7IxV1aDOKrc6DK46maTJWJgWaqpHTDBP7lXxC6LGd4ObeRxFB9rAzgu5FCg9182M4bnZrRz8DePRL9w0femxOJva62PXOOFvBFEZFfCvpuM7de8n2ZFe0lO HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 49894
content-type: image/webp
date: Sun, 13 Oct 2024 01:17:11 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Mon, 08 Sep 2025 01:39:11 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
x-trace-id: ea25e327fe9d8f39ed280f31e929bd46
timing-allow-origin: *
vary: x-accept-image
age: 31952
accept-ranges: bytes
x-cache: hit
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/v1/001V2eOG9OsSH50Seex9XCw4OllgcPAuRwBW7L5bukNS9F9PAaawJXyn8ahb4t6IWTQCdTzLUXXOeX1YlYNrsw14uolGeOnSNuYiKBeT6TsniHcjV67DI9mhdw61lmUm7rOt2mJOKj1hHwGwnlt19fBUKHgm630tSZGEUVlfxRl7gdM?b=400

chrome.exe

Remote address:

178.250.1.15:443

Request

GET /v1/001V2eOG9OsSH50Seex9XCw4OllgcPAuRwBW7L5bukNS9F9PAaawJXyn8ahb4t6IWTQCdTzLUXXOeX1YlYNrsw14uolGeOnSNuYiKBeT6TsniHcjV67DI9mhdw61lmUm7rOt2mJOKj1hHwGwnlt19fBUKHgm630tSZGEUVlfxRl7gdM?b=400 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 34248
content-type: image/webp
date: Sun, 13 Oct 2024 01:10:46 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Mon, 08 Sep 2025 04:37:19 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
x-trace-id: a720ab5d1eb325dc0e5265c8b78c4d09
timing-allow-origin: *
vary: x-accept-image
age: 32337
accept-ranges: bytes
x-cache: hit
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/v1/002tRV1vMvfSnR934ItthCBGQXVa3bffGi1Z3bsiP5yIQqDy4wgPQRAkjPYCqq4XCOTcCVUJbLZ0YTf8VZYC1ScpAsMeyd1dDSgM0ptzgEaHlCmcqqH1N0QFqDTU0m0MVeCMz6NmwrNIo8mnvupnd5bB

chrome.exe

Remote address:

178.250.1.15:443

Request

GET /v1/002tRV1vMvfSnR934ItthCBGQXVa3bffGi1Z3bsiP5yIQqDy4wgPQRAkjPYCqq4XCOTcCVUJbLZ0YTf8VZYC1ScpAsMeyd1dDSgM0ptzgEaHlCmcqqH1N0QFqDTU0m0MVeCMz6NmwrNIo8mnvupnd5bB HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 1537
content-type: image/png
date: Wed, 18 Sep 2024 07:59:35 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Sun, 07 Sep 2025 15:03:58 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
vary: x-accept-image
age: 2167809
accept-ranges: bytes
x-cache: hit
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/v1/002tRV1vMvfSnR92m8LrAPOGe0ln5W6CnbdWxhjqHROPSH83klGnfJglYfCuOvvMoqdIrDSfVJU5cyAigH0llYuEAU4pTeGLCBv99r3kp1niKeMZoVR54tYLCBhuwBEP8WN9wP8pOG22fuBFpwGthPJT

chrome.exe

Remote address:

178.250.1.15:443

Request

GET /v1/002tRV1vMvfSnR92m8LrAPOGe0ln5W6CnbdWxhjqHROPSH83klGnfJglYfCuOvvMoqdIrDSfVJU5cyAigH0llYuEAU4pTeGLCBv99r3kp1niKeMZoVR54tYLCBhuwBEP8WN9wP8pOG22fuBFpwGthPJT HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 1628
content-type: image/png
date: Wed, 18 Sep 2024 07:59:07 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Tue, 26 Aug 2025 07:42:22 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
vary: x-accept-image
age: 2167837
accept-ranges: bytes
x-cache: hit
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/v1/0006tOtUUQdN6AsdVKtjhOMweHZ6fri9my6kmLsZooPhZij6qvplxJxE5jtpt6ql6WR8DnB6IypimvSxi28Z7NkZsinlpcNglncPS3THo7IxV1aDOKrc6DK46maTJWJgWaqpHTDBP7lXxC6LGd4ObeRxFB9rAzgu5FCg918L24Lsk2qKKHuQhHD5gS073qGdaaMyG1BCcvmnxOXgzSbBy3akCvctKx63

chrome.exe

Remote address:

178.250.1.15:443

Request

GET /v1/0006tOtUUQdN6AsdVKtjhOMweHZ6fri9my6kmLsZooPhZij6qvplxJxE5jtpt6ql6WR8DnB6IypimvSxi28Z7NkZsinlpcNglncPS3THo7IxV1aDOKrc6DK46maTJWJgWaqpHTDBP7lXxC6LGd4ObeRxFB9rAzgu5FCg918L24Lsk2qKKHuQhHD5gS073qGdaaMyG1BCcvmnxOXgzSbBy3akCvctKx63 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 33774
content-type: image/png
date: Wed, 18 Sep 2024 08:29:44 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Sat, 23 Aug 2025 05:15:56 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
vary: x-accept-image
age: 2166000
accept-ranges: bytes
x-cache: hit
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/v1/001hdn2P9oK8GkuZWWt1IHeAgymFcnasrivpKexh1faR95cZtL4hjKLI6aVoyKeHkHaMKQ4UfvXSHly0ZhXEJypLiPgJJ7JZDrXSq4QdqKcSZKmgUMvj9z9OjP4MtBZaePeHUmnS03gjLmYw8W1xC3aWpn6vMHVCGm9w3iaJ1Scr8AHs70I?b=400

chrome.exe

Remote address:

178.250.1.15:443

Request

GET /v1/001hdn2P9oK8GkuZWWt1IHeAgymFcnasrivpKexh1faR95cZtL4hjKLI6aVoyKeHkHaMKQ4UfvXSHly0ZhXEJypLiPgJJ7JZDrXSq4QdqKcSZKmgUMvj9z9OjP4MtBZaePeHUmnS03gjLmYw8W1xC3aWpn6vMHVCGm9w3iaJ1Scr8AHs70I?b=400 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 40800
content-type: image/webp
date: Sun, 13 Oct 2024 01:10:16 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Mon, 08 Sep 2025 05:31:05 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
x-trace-id: cd933a9a4c9255e8d8400988b2d4749d
timing-allow-origin: *
vary: x-accept-image
age: 32368
accept-ranges: bytes
x-cache: hit
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/v1/001hdn2P9oK8GkuZWWt1IHeAgymFcnasreG39x6h6yqNmMsyXOhYVfUY4BBPQLpGm7wYilGsM99EnKvPUq1z4t1uy71txIZJP4AQVS2SH5PIr0DHxVPSSWAaeogLhqffJuTeKO8RLDjqVyfcgPSSzri9c24aFVaiAg7klvXcEzlQbKAjFmj?b=400

chrome.exe

Remote address:

178.250.1.15:443

Request

GET /v1/001hdn2P9oK8GkuZWWt1IHeAgymFcnasreG39x6h6yqNmMsyXOhYVfUY4BBPQLpGm7wYilGsM99EnKvPUq1z4t1uy71txIZJP4AQVS2SH5PIr0DHxVPSSWAaeogLhqffJuTeKO8RLDjqVyfcgPSSzri9c24aFVaiAg7klvXcEzlQbKAjFmj?b=400 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 60778
content-type: image/webp
date: Sun, 13 Oct 2024 01:10:07 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Mon, 08 Sep 2025 03:44:58 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
x-trace-id: bea69216369d6cf018f31ccb3f451b90
timing-allow-origin: *
vary: x-accept-image
age: 32377
accept-ranges: bytes
x-cache: hit
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/v1/001hdn2P9oK8GkuZWWt1IHeAgymFcnasrZZVrTF09e5s44SNXq1tbIMkN2ODhCeE86P3TdHGYO9F1hqoYYJRXGi5WyPqwkxLR6gS25fFimQE3oS0zioUfMGUGVknclKdcjrrg445Km0oTe6BqvNtGydwn6Vz7FOe1Un7tezzJzh592k4u4y?b=400

chrome.exe

Remote address:

178.250.1.15:443

Request

GET /v1/001hdn2P9oK8GkuZWWt1IHeAgymFcnasrZZVrTF09e5s44SNXq1tbIMkN2ODhCeE86P3TdHGYO9F1hqoYYJRXGi5WyPqwkxLR6gS25fFimQE3oS0zioUfMGUGVknclKdcjrrg445Km0oTe6BqvNtGydwn6Vz7FOe1Un7tezzJzh592k4u4y?b=400 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 1313
content-type: image/png
date: Wed, 18 Sep 2024 07:59:10 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Mon, 01 Sep 2025 03:48:52 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
timing-allow-origin: *
vary: x-accept-image
age: 2167834
accept-ranges: bytes
x-cache: hit
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/v1/001hdn2P9oK8GkuZWWt1IHeAgymFcnasrfndODOWRh4ISxcAnMv0N7Ud4yDW7Wh1xmzp9RcUrkSzOTDsmEIfN1ihWG4HZ4SCYYalVuJhFSqwtUiu9LEj8504hS9eHFBl7WPoiMzdwxe6VVnAfZVPZqkQR77TynfYetfVn27jYQ2UCqJD247?b=400

chrome.exe

Remote address:

178.250.1.15:443

Request

GET /v1/001hdn2P9oK8GkuZWWt1IHeAgymFcnasrfndODOWRh4ISxcAnMv0N7Ud4yDW7Wh1xmzp9RcUrkSzOTDsmEIfN1ihWG4HZ4SCYYalVuJhFSqwtUiu9LEj8504hS9eHFBl7WPoiMzdwxe6VVnAfZVPZqkQR77TynfYetfVn27jYQ2UCqJD247?b=400 HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 59708
content-type: image/webp
date: Sun, 13 Oct 2024 01:09:56 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Mon, 08 Sep 2025 06:50:00 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
x-trace-id: e264e48c4218e4e90fafbfd7948ff03a
timing-allow-origin: *
vary: x-accept-image
age: 32388
accept-ranges: bytes
x-cache: hit
strict-transport-security: max-age=31536000; preload;
GET

https://imageproxy.eu.criteo.net/v1/002tRV1vMvfSnR93MTRwDyyGD4FN1hF7joPb9W1aWkYBPPJsP861BYeju9tVIkDhZwJvXnVxhNdvTz9YKs5cHMLQBGeUTbmvEjRYrokEXRMrBV6H7IgEFKb2TMZsSfSceLDYeCpHhAcetLxNqXfQfXcf

chrome.exe

Remote address:

178.250.1.15:443

Request

GET /v1/002tRV1vMvfSnR93MTRwDyyGD4FN1hF7joPb9W1aWkYBPPJsP861BYeju9tVIkDhZwJvXnVxhNdvTz9YKs5cHMLQBGeUTbmvEjRYrokEXRMrBV6H7IgEFKb2TMZsSfSceLDYeCpHhAcetLxNqXfQfXcf HTTP/2.0
host: imageproxy.eu.criteo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-length: 63670
content-type: image/webp
date: Sun, 13 Oct 2024 01:10:58 GMT
server: Kestrel
cache-control: public, max-age=31104000
expires: Mon, 08 Sep 2025 05:12:33 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
x-trace-id: c9b52d90b2d4f368b6b6cbc8c62c4b74
timing-allow-origin: *
vary: x-accept-image
age: 32326
accept-ranges: bytes
x-cache: hit
strict-transport-security: max-age=31536000; preload;
GET

https://staticassets-creator-design.criteo.net/design/dt/11894/1727885168/cc36f1bc0d9a4de3a2549ddcf2bafc7c_cpn_300x250_1.jpeg

chrome.exe

Remote address:

178.250.1.22:443

Request

GET /design/dt/11894/1727885168/cc36f1bc0d9a4de3a2549ddcf2bafc7c_cpn_300x250_1.jpeg HTTP/2.0
host: staticassets-creator-design.criteo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Wed, 02 Oct 2024 18:00:02 GMT
content-type: image/jpeg
content-length: 54341
last-modified: Wed, 02 Oct 2024 16:06:08 GMT
etag: "8991e5477fd76177420f485269916eed"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
cache-control: public, max-age=2592000, stale-while-revalidate=604800, stale-if-error=604800
vary: x-accept-image
age: 922182
accept-ranges: bytes
x-cache: hit
strict-transport-security: max-age=31536000; preload;
GET

https://a.ad.gt/api/v1/u/matches/533?_it=amazon

chrome.exe

Remote address:

172.67.23.234:443

Request

GET /api/v1/u/matches/533?_it=amazon HTTP/2.0
host: a.ad.gt
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:45 GMT
content-type: application/javascript
cross-origin-resource-policy: cross-origin
content-encoding: gzip
last-modified: Sun, 13 Oct 2024 10:08:33 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 31
vary: Accept-Encoding
set-cookie: au_3p_check=1; Domain=.ad.gt; Path=/; SameSite=None; Secure;
server: cloudflare
cf-ray: 8d1e893078356517-LHR
POST

https://csm.eu.criteo.net/all?cppv=3&cpp=0omK5SUDT_zswEzpGLoWN4MnpE49UjYZy1MQGuOyvk0y9YkV8qIhyGXrgeziQoOxraVVLw_4OhAeQxWcbV7bveYKhZomSJRT_2WpvbgB-0ktxnjdZtDIowVpitc897OryxqoG7RprXrNX0V6cNiZVqSD60ScWTXg5c9ksyFQ_pw4TzwXekQiC8J8jk1oA7yJflR11i5Rz-yUH-BM0uJZ8Xj7vmqoWmCpvpC06xqN_mNRmeSUehzq7yIg6CFMPexGIsjYAA&sds=2&rev=95275&sendBeacon=true

chrome.exe

Remote address:

178.250.1.25:443

Request

POST /all?cppv=3&cpp=0omK5SUDT_zswEzpGLoWN4MnpE49UjYZy1MQGuOyvk0y9YkV8qIhyGXrgeziQoOxraVVLw_4OhAeQxWcbV7bveYKhZomSJRT_2WpvbgB-0ktxnjdZtDIowVpitc897OryxqoG7RprXrNX0V6cNiZVqSD60ScWTXg5c9ksyFQ_pw4TzwXekQiC8J8jk1oA7yJflR11i5Rz-yUH-BM0uJZ8Xj7vmqoWmCpvpC06xqN_mNRmeSUehzq7yIg6CFMPexGIsjYAA&sds=2&rev=95275&sendBeacon=true HTTP/2.0
host: csm.eu.criteo.net
content-length: 35
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://ads.eu.criteo.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:44 GMT
server: Finatra
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
POST

https://csm.eu.criteo.net/all?cppv=3&cpp=KOwNDCUDT_zswEzpTGxUPayOixgevdsmStrI0GZe0BFaxJIsP9hTtktbj7IXGoeF6vrTUzWRZBISrrfYp7NKyVYUKDmZbkTjp5OT-7BRDi_g-cRW9n5_-qlPqXsLz3vbrr_pQUv4hNKhPYq8e0VI16qfBT4nDXwG1DH_fd_0Pd6WYScFtXz26mqZGScRJUGphLaUZdCtXxjOrB8ieSDOsJQFc1gkXlI0ECCo4ic7joWJf2bHEkb1lSD4T-ok_awVJY5jBQ&sds=2&rev=95235&sendBeacon=true

chrome.exe

Remote address:

178.250.1.25:443

Request

POST /all?cppv=3&cpp=KOwNDCUDT_zswEzpTGxUPayOixgevdsmStrI0GZe0BFaxJIsP9hTtktbj7IXGoeF6vrTUzWRZBISrrfYp7NKyVYUKDmZbkTjp5OT-7BRDi_g-cRW9n5_-qlPqXsLz3vbrr_pQUv4hNKhPYq8e0VI16qfBT4nDXwG1DH_fd_0Pd6WYScFtXz26mqZGScRJUGphLaUZdCtXxjOrB8ieSDOsJQFc1gkXlI0ECCo4ic7joWJf2bHEkb1lSD4T-ok_awVJY5jBQ&sds=2&rev=95235&sendBeacon=true HTTP/2.0
host: csm.eu.criteo.net
content-length: 35
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://ads.eu.criteo.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://ads.eu.criteo.com/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:44 GMT
server: Finatra
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
GET

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID

chrome.exe

Remote address:

37.157.2.233:443

Request

GET /cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID HTTP/2.0
host: cm.adform.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: C=1
cookie: uid=5498570646921517865

Response

HTTP/2.0 302

server: nginx
date: Sun, 13 Oct 2024 10:09:45 GMT
content-length: 0
location: https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gpp=&gpp_sid=&f=i&uid=5498570646921517865
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
set-cookie: uid=5498570646921517865; expires=Thu, 12 Dec 2024 10:09:45 GMT; domain=adform.net; path=/; secure; samesite=none
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
GET

https://static.criteo.net/design/googlefont/opensans/opensans-400-latin.woff2

chrome.exe

Remote address:

178.250.1.3:443

Request

GET /design/googlefont/opensans/opensans-400-latin.woff2 HTTP/2.0
host: static.criteo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://ads.eu.criteo.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://static.criteo.net/design/googlefont/opensans/opensans-400.css
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:09:45 GMT
content-type: text/plain; charset=UTF-8
last-modified: Thu, 08 Dec 2022 14:11:05 GMT
etag: W/"6391f079-3ff4"
expires: Wed, 08 Oct 2025 10:09:45 GMT
cache-control: max-age=31104000
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
GET

https://static.criteo.net/design/googlefont/opensans/opensans-700-latin.woff2

chrome.exe

Remote address:

178.250.1.3:443

Request

GET /design/googlefont/opensans/opensans-700-latin.woff2 HTTP/2.0
host: static.criteo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
origin: https://ads.eu.criteo.com
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://static.criteo.net/design/googlefont/opensans/opensans-700.css
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx
date: Sun, 13 Oct 2024 10:09:45 GMT
content-type: text/plain; charset=UTF-8
last-modified: Thu, 08 Dec 2022 14:11:03 GMT
etag: W/"6391f077-4164"
expires: Wed, 08 Oct 2025 10:09:45 GMT
cache-control: max-age=31104000
cache-control: public
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
GET

https://uipglob.semasio.net/id5/1/get?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F481%2F112%2F7%2F2.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

77.243.51.121:443

Request

GET /id5/1/get?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F481%2F112%2F7%2F2.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/1.1
Host: uipglob.semasio.net
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

location: /id5/1/get2?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F481%2F112%2F7%2F2.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
uip-response-status: Ok
frontend-id: 11
set-cookie: SEUNCY=67313F132FAA6369; Expires=Mon, 13 Oct 2025 10:09:45 GMT; Path=/; Domain=.semasio.net; SameSite=None; HttpOnly; Secure
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Sat, 01 Jan 2011 12:00:00 GMT
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
pragma: no-cache
date: Sun, 13 Oct 2024 10:09:45 GMT
content-length: 0
routing-server-id: -1
access-control-allow-origin: *
GET

https://uipglob.semasio.net/id5/1/get2?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F481%2F112%2F7%2F2.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

77.243.51.121:443

Request

GET /id5/1/get2?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F481%2F112%2F7%2F2.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/1.1
Host: uipglob.semasio.net
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9
Cookie: SEUNCY=67313F132FAA6369

Response

HTTP/1.1 302 Found

location: https://id5-sync.com/c/481/112/7/2.gif?puid=67313F132FAA6369&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
uip-response-status: Ok
frontend-id: 6
set-cookie: SEUNCY=67313F132FAA6369; Expires=Mon, 13 Oct 2025 10:09:45 GMT; Path=/; Domain=.semasio.net; SameSite=None; HttpOnly; Secure
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Sat, 01 Jan 2011 12:00:00 GMT
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
pragma: no-cache
date: Sun, 13 Oct 2024 10:09:45 GMT
content-length: 0
routing-server-id: -1
access-control-allow-origin: *
POST

https://node.setupad.com/node/node.php

chrome.exe

Remote address:

159.89.25.223:443

Request

POST /node/node.php HTTP/2.0
host: node.setupad.com
content-length: 499
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: application/x-www-form-urlencoded
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.18.0 (Ubuntu)
date: Sun, 13 Oct 2024 10:09:45 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With
content-encoding: gzip
POST

https://node.setupad.com/node/node.php

chrome.exe

Remote address:

159.89.25.223:443

Request

POST /node/node.php HTTP/2.0
host: node.setupad.com
content-length: 857
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type: application/x-www-form-urlencoded
accept: */*
origin: https://www.ldplayer.net
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: nginx/1.18.0 (Ubuntu)
date: Sun, 13 Oct 2024 10:09:50 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With
content-encoding: gzip
GET

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=&redirectUri=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsmartadserver%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%5Bssb_sync_pid%5D

chrome.exe

Remote address:

5.135.209.100:443

Request

GET /api/sync?callerId=5&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=&redirectUri=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsmartadserver%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%5Bssb_sync_pid%5D HTTP/2.0
host: ssbsync-global.smartadserver.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: pbw=%24b%3d16999%3b%24o%3d11100
cookie: TestIfCookieP=ok
cookie: pid=63258396398534972
cookie: sasd2=q=%24qc%3D1500046319%3B%24ql%3DHigh%3B%24qt%3D78_2531_71284t%3B%24dma%3D0%3B%24qo%3D5&c=1&l&lo&lt=638644109840771358&o=1
cookie: sasd=%24qc%3D1500046319%3B%24ql%3DHigh%3B%24qt%3D78_2531_71284t%3B%24dma%3D0%3B%24qo%3D5

Response

HTTP/2.0 302

content-length: 0
date: Sun, 13 Oct 2024 10:09:45 GMT
location: https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gpp=&gpp_sid=&f=i&uid=63258396398534972
GET

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

52.223.40.198:443

Request

GET /track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: match.adsrvr.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: TDID=525afc59-365a-4c22-b996-8aef5f081ed5
cookie: TDCPM=CAEYBSABKAIyCwi-7ovHvN61PRAFOAE.

Response

HTTP/2.0 302

date: Sun, 13 Oct 2024 10:09:45 GMT
content-length: 199
location: https://id5-sync.com/k/264.gif?puid=525afc59-365a-4c22-b996-8aef5f081ed5&ttl=%%TTL%%
server: Kestrel
set-cookie: TDID=525afc59-365a-4c22-b996-8aef5f081ed5; expires=Mon, 13 Oct 2025 10:09:45 GMT; domain=.adsrvr.org; path=/; secure; samesite=none
set-cookie: TDCPM=CAEYASABKAIyCwjM7JrQvN61PRAFOAFaBzhoOXUxMWhgAg..; expires=Mon, 13 Oct 2025 10:09:45 GMT; domain=.adsrvr.org; path=/; secure; samesite=none
GET

https://ice.360yield.com/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-5d55Gyij6esLtNJzUyf6CVcM12hlujUB4lWRTa49gQ&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F481%2F124%2F5%2F4.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

54.75.14.246:443

Request

GET /match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-5d55Gyij6esLtNJzUyf6CVcM12hlujUB4lWRTa49gQ&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F481%2F124%2F5%2F4.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: ice.360yield.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Sun, 13 Oct 2024 10:09:45 GMT
content-type: text/plain
content-length: 0
location: https://ice.360yield.com/ul_cb/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-5d55Gyij6esLtNJzUyf6CVcM12hlujUB4lWRTa49gQ&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F481%2F124%2F5%2F4.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
access-control-allow-origin: *
set-cookie: tuuid=c411efce-3c94-4294-8d63-f04e7774b69c; Expires=Sat, 11 Jan 2025 10:09:45 GMT; Domain=.360yield.com; Path=/; SameSite=None; Secure; HttpOnly
set-cookie: tuuid_lu=1728814185; Expires=Sat, 11 Jan 2025 10:09:45 GMT; Domain=.360yield.com; Path=/; SameSite=None; Secure; HttpOnly
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
GET

https://ice.360yield.com/ul_cb/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-5d55Gyij6esLtNJzUyf6CVcM12hlujUB4lWRTa49gQ&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F481%2F124%2F5%2F4.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

54.75.14.246:443

Request

GET /ul_cb/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-5d55Gyij6esLtNJzUyf6CVcM12hlujUB4lWRTa49gQ&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F481%2F124%2F5%2F4.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: ice.360yield.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: tuuid=c411efce-3c94-4294-8d63-f04e7774b69c
cookie: tuuid_lu=1728814185

Response

HTTP/2.0 302

date: Sun, 13 Oct 2024 10:09:45 GMT
content-type: text/plain
content-length: 0
location: https://id5-sync.com/cq/481/124/5/4.gif?puid=c411efce-3c94-4294-8d63-f04e7774b69c&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
access-control-allow-origin: *
set-cookie: um=!313,QhWWh86rzA9xdMa7CC2c9vI4OSCEdXIk89Y-C2020tBirszP9D4r-2siDUbFiNwrxmxdagfKI4oRaVDd,1736590185; Expires=Sat, 11 Jan 2025 10:09:45 GMT; Domain=.360yield.com; Path=/; SameSite=None; Secure; HttpOnly
set-cookie: umeh=!313,0,1791022185,-1; Expires=Sat, 11 Jan 2025 10:09:45 GMT; Domain=.360yield.com; Path=/; SameSite=None; Secure; HttpOnly
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
DNS

100.209.135.5.in-addr.arpa

Remote address:

8.8.8.8:53

Request

100.209.135.5.in-addr.arpa

IN PTR

Response

100.209.135.5.in-addr.arpa

IN PTR

ip100ip-5-135-209eu
DNS

9.1.250.178.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.1.250.178.in-addr.arpa

IN PTR

Response
DNS

rtb-csync.smartadserver.com

Remote address:

8.8.8.8:53

Request

rtb-csync.smartadserver.com

IN A

Response

rtb-csync.smartadserver.com

IN CNAME

rtb-csync-geo.usersync-prod-sas.akadns.net

rtb-csync-geo.usersync-prod-sas.akadns.net

IN CNAME

rtb-csync-euw1.smartadserver.com

rtb-csync-euw1.smartadserver.com

IN A

89.149.193.89

rtb-csync-euw1.smartadserver.com

IN A

89.149.193.104

rtb-csync-euw1.smartadserver.com

IN A

81.17.55.116

rtb-csync-euw1.smartadserver.com

IN A

89.149.193.105

rtb-csync-euw1.smartadserver.com

IN A

81.17.55.173

rtb-csync-euw1.smartadserver.com

IN A

81.17.55.172

rtb-csync-euw1.smartadserver.com

IN A

89.149.193.88

rtb-csync-euw1.smartadserver.com

IN A

81.17.55.106

rtb-csync-euw1.smartadserver.com

IN A

89.149.193.120

rtb-csync-euw1.smartadserver.com

IN A

89.149.192.73

rtb-csync-euw1.smartadserver.com

IN A

89.149.193.121

rtb-csync-euw1.smartadserver.com

IN A

81.17.55.117

rtb-csync-euw1.smartadserver.com

IN A

89.149.192.201

rtb-csync-euw1.smartadserver.com

IN A

81.17.55.97

rtb-csync-euw1.smartadserver.com

IN A

89.149.192.74

rtb-csync-euw1.smartadserver.com

IN A

89.149.192.200
DNS

rtb-csync.smartadserver.com

Remote address:

8.8.8.8:53

Request

rtb-csync.smartadserver.com

IN A

Response

rtb-csync.smartadserver.com

IN CNAME

rtb-csync-geo.usersync-prod-sas.akadns.net

rtb-csync-geo.usersync-prod-sas.akadns.net

IN CNAME

rtb-csync-euw1.smartadserver.com

rtb-csync-euw1.smartadserver.com

IN A

89.149.193.88

rtb-csync-euw1.smartadserver.com

IN A

81.17.55.172

rtb-csync-euw1.smartadserver.com

IN A

81.17.55.97

rtb-csync-euw1.smartadserver.com

IN A

89.149.193.105

rtb-csync-euw1.smartadserver.com

IN A

89.149.192.74

rtb-csync-euw1.smartadserver.com

IN A

89.149.192.73

rtb-csync-euw1.smartadserver.com

IN A

89.149.193.89

rtb-csync-euw1.smartadserver.com

IN A

81.17.55.117

rtb-csync-euw1.smartadserver.com

IN A

81.17.55.106

rtb-csync-euw1.smartadserver.com

IN A

89.149.192.201

rtb-csync-euw1.smartadserver.com

IN A

89.149.193.120

rtb-csync-euw1.smartadserver.com

IN A

89.149.193.104

rtb-csync-euw1.smartadserver.com

IN A

81.17.55.116

rtb-csync-euw1.smartadserver.com

IN A

81.17.55.173

rtb-csync-euw1.smartadserver.com

IN A

89.149.193.121

rtb-csync-euw1.smartadserver.com

IN A

89.149.192.200
DNS

246.14.75.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

246.14.75.54.in-addr.arpa

IN PTR

Response

246.14.75.54.in-addr.arpa

IN PTR

ec2-54-75-14-246 eu-west-1compute amazonawscom
GET

https://rtb.gumgum.com/getuid/id5?r=https%3A%2F%2Fid5-sync.com%2Fc%2F481%2F441%2F4%2F5.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

54.171.108.50:443

Request

GET /getuid/id5?r=https%3A%2F%2Fid5-sync.com%2Fc%2F481%2F441%2F4%2F5.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: rtb.gumgum.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Sun, 13 Oct 2024 10:09:46 GMT
content-length: 0
location: https://id5-sync.com/c/481/441/4/5.gif?puid=e_79613006-4514-4e21-bd19-c30878d7864a&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
server: nginx
set-cookie: vst=e_79613006-4514-4e21-bd19-c30878d7864a; Domain=.gumgum.com; Expires=Mon, 13 Oct 2025 10:09:46 GMT; Path=/; Secure; SameSite=None
content-language: en-US
timing-allow-origin: *
GET

https://tpc.googlesyndication.com/simgad/2129369376341000121/14763004658117789537?w=100&h=100&tw=1&q=75

chrome.exe

Remote address:

142.250.187.225:443

Request

GET /simgad/2129369376341000121/14763004658117789537?w=100&h=100&tw=1&q=75 HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

chrome.exe

Remote address:

142.250.187.225:443

Request

GET /pagead/images/adchoices/icon.png HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

chrome.exe

Remote address:

142.250.187.225:443

Request

GET /pagead/images/adchoices/en.png HTTP/2.0
host: tpc.googlesyndication.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
x-client-data: CMHZygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://cdn.ampproject.org/rtv/012406241625000/amp4ads-v0.mjs

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /rtv/012406241625000/amp4ads-v0.mjs HTTP/2.0
host: cdn.ampproject.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://cdn.ampproject.org/rtv/012406241625000/v0/amp-ad-exit-0.1.mjs

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /rtv/012406241625000/v0/amp-ad-exit-0.1.mjs HTTP/2.0
host: cdn.ampproject.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://cdn.ampproject.org/rtv/012406241625000/v0/amp-analytics-0.1.mjs

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /rtv/012406241625000/v0/amp-analytics-0.1.mjs HTTP/2.0
host: cdn.ampproject.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://cdn.ampproject.org/rtv/012406241625000/v0/amp-fit-text-0.1.mjs

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /rtv/012406241625000/v0/amp-fit-text-0.1.mjs HTTP/2.0
host: cdn.ampproject.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://cdn.ampproject.org/rtv/012406241625000/v0/amp-form-0.1.mjs

chrome.exe

Remote address:

142.250.200.33:443

Request

GET /rtv/012406241625000/v0/amp-form-0.1.mjs HTTP/2.0
host: cdn.ampproject.org
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODM4ODY2Ni90LzI/dpuid/ID5-5d55Gyij6esLtNJzUyf6CVcM12hlujUB4lWRTa49gQ/url/https%3A%2F%2Fid5-sync.com%2Fc%2F481%2F224%2F3%2F6.gif%3Fpuid%3D%24%21%7BTURN_UUID%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

46.228.164.13:443

Request

GET /r/dd/id/L2NzaWQvMS9jaWQvMTc0ODM4ODY2Ni90LzI/dpuid/ID5-5d55Gyij6esLtNJzUyf6CVcM12hlujUB4lWRTa49gQ/url/https%3A%2F%2Fid5-sync.com%2Fc%2F481%2F224%2F3%2F6.gif%3Fpuid%3D%24%21%7BTURN_UUID%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: d.turn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
pragma: no-cache
set-cookie: uid=8253851969742705294; Domain=.turn.com; Expires=Fri, 11-Apr-2025 10:09:46 GMT; Path=/; Secure; SameSite=None
location: https://id5-sync.com/c/481/224/3/6.gif?puid=8253851969742705294&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
content-length: 0
date: Sun, 13 Oct 2024 10:09:45 GMT
GET

https://dis.eu.criteo.com/dis/usersync.aspx?r=30&p=59&cp=id5&cu=1&url=https%3A%2F%2Fid5-sync.com%2Fc%2F481%2F203%2F2%2F7.gif%3Fpuid%3D%40%40CRITEO_USERID%40%40%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

178.250.1.9:443

Request

GET /dis/usersync.aspx?r=30&p=59&cp=id5&cu=1&url=https%3A%2F%2Fid5-sync.com%2Fc%2F481%2F203%2F2%2F7.gif%3Fpuid%3D%40%40CRITEO_USERID%40%40%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: dis.eu.criteo.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: cto_bundle=0dC8Cl9NRzVaUmEwMW8ybTJEWm5PaEVrbTlrVXBLYklDeEZwZURNbXBWakNCRjlRUUtLR3ZFRjlTQ1VQWUI4RzloOEI1TDV0M0V6SFl2dnVuQjdOOFV3JTJGUVByeGpRbnVzNHNPcUZLTjJpRlFOaDNrJTNE
cookie: receive-cookie-deprecation=1

Response

HTTP/2.0 302

content-length: 0
date: Sun, 13 Oct 2024 10:09:46 GMT
server: Kestrel
cache-control: no-cache
expires: Sun, 13 Oct 2024 00:00:00 GMT
location: https://id5-sync.com/c/481/203/2/7.gif?puid=96e49b9f-17f7-4075-adff-8f2566676145&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
pragma: no-cache
set-cookie: uid=96e49b9f-17f7-4075-adff-8f2566676145; expires=Fri, 07 Nov 2025 10:09:45 GMT; domain=.criteo.com; path=/; secure; samesite=none
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1799609
strict-transport-security: max-age=31536000; preload;
GET

https://res.ldrescdn.com/download/LDPlayer9.exe?n=LDPlayer9_ens_1001_ld.exe

chrome.exe

Remote address:

163.181.154.242:443

Request

GET /download/LDPlayer9.exe?n=LDPlayer9_ens_1001_ld.exe HTTP/2.0
host: res.ldrescdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
purpose: prefetch
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

server: Tengine
content-type: application/octet-stream
content-length: 2640480
date: Sun, 13 Oct 2024 09:48:19 GMT
x-oss-request-id: 670B97639D920A3639D55787
x-oss-cdn-auth: success
accept-ranges: bytes
x-oss-object-type: Normal
x-oss-storage-class: Standard
x-oss-server-side-encryption: AES256
content-md5: mFXkSK+FYfySDWmntFowmw==
x-oss-server-time: 8
via: ens-cache4.l2de3[0,0,304-0,H], ens-cache7.l2de3[0,0], ens-cache2.gb4[0,0,200-0,H], ens-cache18.gb4[3,0]
vary: Origin
etag: "9855E448AF8561FC920D69A7B45A309B"
last-modified: Wed, 09 Oct 2024 09:26:41 GMT
x-oss-hash-crc64ecma: 12704407292579747135
age: 1289
ali-swift-global-savetime: 1728812899
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sun, 13 Oct 2024 09:52:16 GMT
x-swift-cachetime: 3363
content-disposition: attachment;filename=LDPlayer9_ens_1001_ld.exe
access-control-allow-methods: GET,POST,PUT
access-control-allow-origin: *
timing-allow-origin: *
eagleid: a3b59aa617288141886426607e
GET

https://secure.adnxs.com/getuid?https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D86%26partneruserid%3D$UID&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

37.252.171.52:443

Request

GET /getuid?https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D86%26partneruserid%3D$UID&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: secure.adnxs.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: uuid2=1804086296972189491
cookie: XANDR_PANID=FVM10rF90SRrDaecVksYWwYzlMT6PSnKQ7GbGN_Mw53PKf4xDurj192U5WZyHHtQKhIxyRqGyVOYVrKFtN0elp2AnGMC6wUrO7XgdvIeedQ.
cookie: receive-cookie-deprecation=1

Response

HTTP/2.0 302

server: nginx/1.23.4
date: Sun, 13 Oct 2024 10:09:52 GMT
content-type: text/html; charset=utf-8
content-length: 0
cache-control: no-store, no-cache, private
pragma: no-cache
expires: Sat, 15 Nov 2008 16:00:00 GMT
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
x-xss-protection: 0
access-control-allow-credentials: true
access-control-allow-origin: *
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=1804086296972189491&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
an-x-request-uuid: 1320bea2-6fc4-4818-a0c1-978ba4ae3686
set-cookie: XANDR_PANID=FVM10rF90SRrDaecVksYWwYzlMT6PSnKQ7GbGN_Mw53PKf4xDurj192U5WZyHHtQKhIxyRqGyVOYVrKFtN0elp2AnGMC6wUrO7XgdvIeedQ.; SameSite=None; Path=/; Max-Age=7776000; Expires=Sat, 11-Jan-2025 10:09:52 GMT; Domain=.adnxs.com; Secure; Partitioned
set-cookie: receive-cookie-deprecation=1; SameSite=None; Path=/; Max-Age=314496000; Expires=Sun, 01-Oct-2034 10:09:52 GMT; Domain=.adnxs.com; Secure; HttpOnly; Partitioned
set-cookie: uuid2=1804086296972189491; SameSite=None; Path=/; Max-Age=7776000; Expires=Sat, 11-Jan-2025 10:09:52 GMT; Domain=.adnxs.com; Secure; HttpOnly
x-proxy-origin: 138.199.29.44; 138.199.29.44; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
GET

https://csync.loopme.me/?redirect=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D124%26partneruserid%3D%7Bdevice_id%7D&pubid=5679&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

34.1.230.204:443

Request

GET /?redirect=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D124%26partneruserid%3D%7Bdevice_id%7D&pubid=5679&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: csync.loopme.me
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 307

set-cookie: viewer_token=6ce3dde3-6270-4f0f-8341-3f3bd8939f99; path=/; domain=csync.loopme.me; secure; HttpOnly; Expires=Mon, 13-Jan-2025 10:09:52 GMT; SameSite=None
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=124&partneruserid=6ce3dde3-6270-4f0f-8341-3f3bd8939f99&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1
content-length: 0
date: Sun, 13 Oct 2024 10:09:52 GMT
server: _
GET

https://dsp-cookie.adfarm1.adition.com/?ssp=5&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

80.82.210.217:443

Request

GET /?ssp=5&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: dsp-cookie.adfarm1.adition.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Sun, 13 Oct 2024 10:09:52 GMT
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
set-cookie: UserID1=7425200415547586921; Max-Age=7776000; domain=.adfarm1.adition.com; Path=/; SameSite=None; Secure
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=49&partneruserid=7425200415547586921&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
content-length: 0
x-envoy-upstream-service-time: 0
server: envoy
GET

https://sync.a-mo.net/isyn?__st=iframe&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&_e=CoACShB3d3cubGRwbGF5ZXIubmV0UgthYXMtOTQ2YzZmZFoIcGJhMS4zLjNqEHd3dy5sZHBsYXllci5uZXT6AQY4LjI3LjDoAgGIA-i4rrgGqAMK6gMkNTczNTFmODItMjUxMC00ZTQxLWJhMzUtOTMyNjY3MTNjOTBiogQpaHR0cHM6Ly93d3cubGRwbGF5ZXIubmV0L2Rvd25sb2FkL2luc3RhbGyqBANEQ0iyBQNVU0TqBQdkZXNrdG9w-gUDbmxkwAYByAYBqgcDd2ViygcMbGRwbGF5ZXIubmV04AcBgggMbGRwbGF5ZXIubmV0iggGY2hyb21lmQgAAwAAAAgAAA

chrome.exe

Remote address:

163.5.194.36:443

Request

GET /isyn?__st=iframe&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&_e=CoACShB3d3cubGRwbGF5ZXIubmV0UgthYXMtOTQ2YzZmZFoIcGJhMS4zLjNqEHd3dy5sZHBsYXllci5uZXT6AQY4LjI3LjDoAgGIA-i4rrgGqAMK6gMkNTczNTFmODItMjUxMC00ZTQxLWJhMzUtOTMyNjY3MTNjOTBiogQpaHR0cHM6Ly93d3cubGRwbGF5ZXIubmV0L2Rvd25sb2FkL2luc3RhbGyqBANEQ0iyBQNVU0TqBQdkZXNrdG9w-gUDbmxkwAYByAYBqgcDd2ViygcMbGRwbGF5ZXIubmV04AcBgggMbGRwbGF5ZXIubmV0iggGY2hyb21lmQgAAwAAAAgAAA HTTP/2.0
host: sync.a-mo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: pamuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8

Response

HTTP/2.0 200

cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
content-length: 1102
content-type: text/html; charset=utf-8
date: Sun, 13 Oct 2024 10:09:52 GMT
server: envoy
vary: accept-encoding
set-cookie: _Amc_b=501; path=/; expires=Sun, 13 Oct 2024 10:14:52 GMT; max-age=300; secure; HttpOnly; SameSite=None
set-cookie: _Amc_s=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA; path=/; expires=Sun, 13 Oct 2024 10:14:52 GMT; max-age=300; secure; HttpOnly; SameSite=None
set-cookie: _Amc_t=_T; path=/; expires=Sun, 13 Oct 2024 10:14:52 GMT; max-age=300; secure; HttpOnly; SameSite=None
set-cookie: p_Amc_b=501; path=/; expires=Sun, 13 Oct 2024 10:14:52 GMT; max-age=300; secure; HttpOnly; SameSite=None; Partitioned
set-cookie: p_Amc_s=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA; path=/; expires=Sun, 13 Oct 2024 10:14:52 GMT; max-age=300; secure; HttpOnly; SameSite=None; Partitioned
set-cookie: p_Amc_t=_T; path=/; expires=Sun, 13 Oct 2024 10:14:52 GMT; max-age=300; secure; HttpOnly; SameSite=None; Partitioned
x-envoy-upstream-service-time: 1
GET

https://sync.a-mo.net/setuid?A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=openx&uid=12c472b8-a118-0c52-240d-74e7b9fb52b2

chrome.exe

Remote address:

163.5.194.36:443

Request

GET /setuid?A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=openx&uid=12c472b8-a118-0c52-240d-74e7b9fb52b2 HTTP/2.0
host: sync.a-mo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: pamuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: _Amc_b=501
cookie: _Amc_s=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
cookie: _Amc_t=_T
cookie: p_Amc_b=501
cookie: p_Amc_s=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
cookie: p_Amc_t=_T

Response

HTTP/2.0 204

cache-control: max-age=0, private, must-revalidate
date: Sun, 13 Oct 2024 10:09:52 GMT
server: envoy
vary: accept-encoding, Accept-Encoding
set-cookie: _sv3_13=1; path=/; domain=a-mo.net; expires=Mon, 14 Oct 2024 10:09:53 GMT; max-age=86400; secure; HttpOnly; SameSite=None
x-envoy-upstream-service-time: 2
GET

https://sync.a-mo.net/setuid?A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=appnexus&uid=1804086296972189491

chrome.exe

Remote address:

163.5.194.36:443

Request

GET /setuid?A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=appnexus&uid=1804086296972189491 HTTP/2.0
host: sync.a-mo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: pamuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: _Amc_b=501
cookie: _Amc_s=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
cookie: _Amc_t=_T
cookie: p_Amc_b=501
cookie: p_Amc_s=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
cookie: p_Amc_t=_T

Response

HTTP/2.0 204

cache-control: max-age=0, private, must-revalidate
date: Sun, 13 Oct 2024 10:09:52 GMT
server: envoy
vary: accept-encoding, Accept-Encoding
set-cookie: _sv3_0=1; path=/; domain=a-mo.net; expires=Mon, 14 Oct 2024 10:09:53 GMT; max-age=86400; secure; HttpOnly; SameSite=None
x-envoy-upstream-service-time: 1
GET

https://prebid.a-mo.net/setuid/magnite?uid=M27FC0QD-28-LN8E&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---

chrome.exe

Remote address:

163.5.194.36:443

Request

GET /setuid/magnite?uid=M27FC0QD-28-LN8E&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1--- HTTP/2.0
host: prebid.a-mo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: pamuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: psd_amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: sd_amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: __amc=2_1728814184_1728814189
cookie: _sv3_13=1
cookie: _sv3_0=1

Response

HTTP/2.0 421

content-length: 40
content-type: text/plain
vary: Accept-Encoding
date: Sun, 13 Oct 2024 10:09:52 GMT
server: envoy
GET

https://prebid.a-mo.net/cjoin/1?cb=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Damx_com%26uid%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8&uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&?us_privacy=1---&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1

chrome.exe

Remote address:

163.5.194.36:443

Request

GET /cjoin/1?cb=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Damx_com%26uid%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8&uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&?us_privacy=1---&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1 HTTP/2.0
host: prebid.a-mo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: pamuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: psd_amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: sd_amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: __amc=2_1728814184_1728814189
cookie: _sv3_13=1
cookie: _sv3_0=1

Response

HTTP/2.0 421

content-length: 40
content-type: text/plain
vary: Accept-Encoding
date: Sun, 13 Oct 2024 10:09:52 GMT
server: envoy
GET

https://sync.a-mo.net/setuid?A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=smartadserver&uid=63258396398534972

chrome.exe

Remote address:

163.5.194.36:443

Request

GET /setuid?A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=smartadserver&uid=63258396398534972 HTTP/2.0
host: sync.a-mo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: pamuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: _Amc_b=501
cookie: _Amc_s=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
cookie: _Amc_t=_T
cookie: p_Amc_b=501
cookie: p_Amc_s=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
cookie: p_Amc_t=_T
cookie: _sv3_13=1
cookie: _sv3_0=1

Response

HTTP/2.0 204

cache-control: max-age=0, private, must-revalidate
date: Sun, 13 Oct 2024 10:09:52 GMT
server: envoy
vary: accept-encoding, Accept-Encoding
set-cookie: _sv3_6=1; path=/; domain=a-mo.net; expires=Mon, 14 Oct 2024 10:09:53 GMT; max-age=86400; secure; HttpOnly; SameSite=None
x-envoy-upstream-service-time: 1
GET

https://sync.a-mo.net/setuid?A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=adform&uid=5498570646921517865

chrome.exe

Remote address:

163.5.194.36:443

Request

GET /setuid?A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=adform&uid=5498570646921517865 HTTP/2.0
host: sync.a-mo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: pamuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: _Amc_b=501
cookie: _Amc_s=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
cookie: _Amc_t=_T
cookie: p_Amc_b=501
cookie: p_Amc_s=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
cookie: p_Amc_t=_T
cookie: _sv3_13=1
cookie: _sv3_0=1

Response

HTTP/2.0 204

cache-control: max-age=0, private, must-revalidate
date: Sun, 13 Oct 2024 10:09:52 GMT
server: envoy
vary: accept-encoding, Accept-Encoding
set-cookie: _sv3_8=1; path=/; domain=a-mo.net; expires=Mon, 14 Oct 2024 10:09:53 GMT; max-age=86400; secure; HttpOnly; SameSite=None
x-envoy-upstream-service-time: 1
GET

https://sync.a-mo.net/setuid?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=index_rtb&uid=ZwuccbmqPjYAABz5AFzYNwAA%264432

chrome.exe

Remote address:

163.5.194.36:443

Request

GET /setuid?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=index_rtb&uid=ZwuccbmqPjYAABz5AFzYNwAA%264432 HTTP/2.0
host: sync.a-mo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: pamuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: _Amc_b=501
cookie: _Amc_s=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
cookie: _Amc_t=_T
cookie: p_Amc_b=501
cookie: p_Amc_s=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
cookie: p_Amc_t=_T
cookie: _sv3_13=1
cookie: _sv3_0=1
cookie: _sv3_6=1
cookie: _sv3_8=1

Response

HTTP/2.0 204

cache-control: max-age=0, private, must-revalidate
date: Sun, 13 Oct 2024 10:09:52 GMT
server: envoy
vary: accept-encoding, Accept-Encoding
set-cookie: _sv3_2=1; path=/; domain=a-mo.net; expires=Mon, 14 Oct 2024 10:09:53 GMT; max-age=86400; secure; HttpOnly; SameSite=None
x-envoy-upstream-service-time: 1
GET

https://sync.a-mo.net/setuid?A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=amx_com&uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8

chrome.exe

Remote address:

163.5.194.36:443

Request

GET /setuid?A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=amx_com&uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8 HTTP/2.0
host: sync.a-mo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: pamuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: _Amc_b=501
cookie: _Amc_s=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
cookie: _Amc_t=_T
cookie: p_Amc_b=501
cookie: p_Amc_s=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
cookie: p_Amc_t=_T
cookie: _sv3_13=1
cookie: _sv3_0=1
cookie: _sv3_6=1
cookie: _sv3_8=1
cookie: _sv3_2=1
cookie: _sv3_7=1

Response

HTTP/2.0 204

cache-control: max-age=0, private, must-revalidate
date: Sun, 13 Oct 2024 10:09:52 GMT
server: envoy
vary: accept-encoding, Accept-Encoding
set-cookie: _sv3_14=1; path=/; domain=a-mo.net; expires=Mon, 14 Oct 2024 10:09:53 GMT; max-age=86400; secure; HttpOnly; SameSite=None
x-envoy-upstream-service-time: 1
GET

https://pb-am.a-mo.net/setuid?bidder=bid_switch&uid=119bd3cd-8272-4f61-9cc2-15763f29355e&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=

chrome.exe

Remote address:

163.5.194.36:443

Request

GET /setuid?bidder=bid_switch&uid=119bd3cd-8272-4f61-9cc2-15763f29355e&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy= HTTP/2.0
host: pb-am.a-mo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: pamuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: _sv3_13=1
cookie: _sv3_0=1
cookie: _sv3_6=1
cookie: _sv3_8=1
cookie: _sv3_2=1
cookie: _sv3_7=1

Response

HTTP/2.0 421

content-length: 39
content-type: text/plain
vary: Accept-Encoding
date: Sun, 13 Oct 2024 10:09:52 GMT
server: envoy
GET

https://sync.a-mo.net/setuid?A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=pubmatic&uid=C20D49AD-A6E1-4704-8E6C-C419F2D16BFD

chrome.exe

Remote address:

163.5.194.36:443

Request

GET /setuid?A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=pubmatic&uid=C20D49AD-A6E1-4704-8E6C-C419F2D16BFD HTTP/2.0
host: sync.a-mo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: pamuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: _Amc_b=501
cookie: p_Amc_b=501
cookie: _Amc_s=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
cookie: _Amc_t=_T
cookie: p_Amc_t=_T
cookie: p_Amc_s=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
cookie: _sv3_13=1
cookie: _sv3_0=1
cookie: _sv3_6=1
cookie: _sv3_8=1
cookie: _sv3_2=1
cookie: _sv3_7=1
cookie: _sv3_14=1
cookie: _sv3_12=1

Response

HTTP/2.0 204

cache-control: max-age=0, private, must-revalidate
date: Sun, 13 Oct 2024 10:09:52 GMT
server: envoy
vary: accept-encoding, Accept-Encoding
set-cookie: _sv3_4=1; path=/; domain=a-mo.net; expires=Mon, 14 Oct 2024 10:09:53 GMT; max-age=86400; secure; HttpOnly; SameSite=None
x-envoy-upstream-service-time: 1
GET

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=160&partneruserid=1&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmartrtb_dbm%26google_cm%26google_sc%26google_hm%3DSMART_USER_ID_B64&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

89.149.193.89:443

Request

GET /redir/?issi=1&partnerid=160&partneruserid=1&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmartrtb_dbm%26google_cm%26google_sc%26google_hm%3DSMART_USER_ID_B64&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/1.1
Host: rtb-csync.smartadserver.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9
Cookie: pbw=%24b%3d16999%3b%24o%3d11100; TestIfCookieP=ok; sasd2=q=%24qc%3D1500046319%3B%24ql%3DHigh%3B%24qt%3D78_2531_71284t%3B%24dma%3D0%3B%24qo%3D5&c=1&l&lo&lt=638644109840771358&o=1; sasd=%24qc%3D1500046319%3B%24ql%3DHigh%3B%24qt%3D78_2531_71284t%3B%24dma%3D0%3B%24qo%3D5; pid=63258396398534972

Response

HTTP/1.1 302 Found

content-length: 0
date: Sun, 13 Oct 2024 10:09:52 GMT
cache-control: no-cache,no-store
location: https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_sc&google_hm=NjMyNTgzOTYzOTg1MzQ5NzI=&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
pragma: no-cache
set-cookie: csync=160:1; expires=Mon, 13 Oct 2025 10:09:52 GMT; domain=smartadserver.com; path=/; secure; samesite=none
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
GET

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=124&partneruserid=6ce3dde3-6270-4f0f-8341-3f3bd8939f99&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1

chrome.exe

Remote address:

89.149.193.89:443

Request

GET /redir/?issi=1&partnerid=124&partneruserid=6ce3dde3-6270-4f0f-8341-3f3bd8939f99&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1 HTTP/1.1
Host: rtb-csync.smartadserver.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9
Cookie: pbw=%24b%3d16999%3b%24o%3d11100; TestIfCookieP=ok; sasd2=q=%24qc%3D1500046319%3B%24ql%3DHigh%3B%24qt%3D78_2531_71284t%3B%24dma%3D0%3B%24qo%3D5&c=1&l&lo&lt=638644109840771358&o=1; sasd=%24qc%3D1500046319%3B%24ql%3DHigh%3B%24qt%3D78_2531_71284t%3B%24dma%3D0%3B%24qo%3D5; pid=63258396398534972; csync=160:1

Response

HTTP/1.1 200 OK

content-type: image/gif
date: Sun, 13 Oct 2024 10:09:52 GMT
cache-control: no-cache,no-store
pragma: no-cache
set-cookie: csync=124:6ce3dde3-6270-4f0f-8341-3f3bd8939f99|160:1; expires=Mon, 13 Oct 2025 10:09:52 GMT; domain=smartadserver.com; path=/; secure; samesite=none
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
GET

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=49&partneruserid=7425200415547586921&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

89.149.193.89:443

Request

GET /redir/?issi=1&partnerid=49&partneruserid=7425200415547586921&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/1.1
Host: rtb-csync.smartadserver.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9
Cookie: pbw=%24b%3d16999%3b%24o%3d11100; TestIfCookieP=ok; sasd2=q=%24qc%3D1500046319%3B%24ql%3DHigh%3B%24qt%3D78_2531_71284t%3B%24dma%3D0%3B%24qo%3D5&c=1&l&lo&lt=638644109840771358&o=1; sasd=%24qc%3D1500046319%3B%24ql%3DHigh%3B%24qt%3D78_2531_71284t%3B%24dma%3D0%3B%24qo%3D5; pid=63258396398534972; csync=160:1

Response

HTTP/1.1 200 OK

content-type: image/gif
date: Sun, 13 Oct 2024 10:09:52 GMT
cache-control: no-cache,no-store
pragma: no-cache
set-cookie: csync=49:7425200415547586921|160:1; expires=Mon, 13 Oct 2025 10:09:52 GMT; domain=smartadserver.com; path=/; secure; samesite=none
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
GET

https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESECaBa8YCjaoF0zm_iuIqNs0&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&google_cver=1

chrome.exe

Remote address:

89.149.193.89:443

Request

GET /redir/?partnerid=76&partneruserid=CAESECaBa8YCjaoF0zm_iuIqNs0&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&google_cver=1 HTTP/1.1
Host: rtb-csync.smartadserver.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9
Cookie: pbw=%24b%3d16999%3b%24o%3d11100; TestIfCookieP=ok; sasd2=q=%24qc%3D1500046319%3B%24ql%3DHigh%3B%24qt%3D78_2531_71284t%3B%24dma%3D0%3B%24qo%3D5&c=1&l&lo&lt=638644109840771358&o=1; sasd=%24qc%3D1500046319%3B%24ql%3DHigh%3B%24qt%3D78_2531_71284t%3B%24dma%3D0%3B%24qo%3D5; pid=63258396398534972; csync=86:1804086296972189491|160:1

Response

HTTP/1.1 200 OK

content-type: image/gif
date: Sun, 13 Oct 2024 10:09:52 GMT
cache-control: no-cache,no-store
pragma: no-cache
set-cookie: csync=76:CAESECaBa8YCjaoF0zm_iuIqNs0|86:1804086296972189491|160:1; expires=Mon, 13 Oct 2025 10:09:52 GMT; domain=smartadserver.com; path=/; secure; samesite=none
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
GET

https://equativ-match.dotomi.com/match/bounce/current?networkId=9252325&version=1&nuid=SMART_USER_ID&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

63.215.202.172:443

Request

GET /match/bounce/current?networkId=9252325&version=1&nuid=SMART_USER_ID&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: equativ-match.dotomi.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

server: nginx
date: Sun, 13 Oct 2024 10:09:52 GMT
content-length: 0
set-cookie: DotomiTest=43a422cb140516d7; Expires=Sun, 13 Oct 2024 10:10:22 GMT; Path=/; Domain=.dotomi.com; Secure; SameSite=None;
cache-control: no-cache, private, max-age=0, no-store
expires: 0
pragma: no-cache
location: https://equativ-match.dotomi.com/match/bounce/current?DotomiTest=43a422cb140516d7&is_secure=true&networkId=9252325&version=1&nuid=SMART_USER_ID&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
GET

https://equativ-match.dotomi.com/match/bounce/current?DotomiTest=43a422cb140516d7&is_secure=true&networkId=9252325&version=1&nuid=SMART_USER_ID&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

63.215.202.172:443

Request

GET /match/bounce/current?DotomiTest=43a422cb140516d7&is_secure=true&networkId=9252325&version=1&nuid=SMART_USER_ID&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: equativ-match.dotomi.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: DotomiTest=43a422cb140516d7

Response

HTTP/2.0 302

server: nginx
date: Sun, 13 Oct 2024 10:09:52 GMT
content-length: 0
cache-control: no-cache, private, max-age=0, no-store
expires: 0
pragma: no-cache
location: https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=155&partneruserid=AQAJHE2j9UILfAIZMDxnAQEBAQEBAQCThFoYMgEBAJOEWhgy&expiration=1728900592&nuid=SMART_USER_ID&is_secure=true&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1
GET

https://rtb.openx.net/sync/dds?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

35.227.252.103:443

Request

GET /sync/dds?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: rtb.openx.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://u.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: receive-cookie-deprecation=1
cookie: i=f8b6c22e-b100-004c-1557-7c1a5c87a3c2|1728814184
cookie: univ_id=537072971|525afc59-365a-4c22-b996-8aef5f081ed5|1728814185026048
cookie: pd=v2|1728814184.8|iyvQvNgun0gi.gqwksLmOgesf
GET

https://rtb.openx.net/sync/dds?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

35.227.252.103:443

Request

GET /sync/dds?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: rtb.openx.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://setupad-d.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: receive-cookie-deprecation=1
cookie: i=f8b6c22e-b100-004c-1557-7c1a5c87a3c2|1728814184
cookie: univ_id=537072971|525afc59-365a-4c22-b996-8aef5f081ed5|1728814185026048
cookie: pd=v2|1728814184.8|iyvQvNgun0gi.gqwksLmOgesf
GET

https://x.bidswitch.net/sync?ssp=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

35.214.136.108:443

Request

GET /sync?ssp=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: x.bidswitch.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://u.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://x.bidswitch.net/sync?ssp=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

35.214.136.108:443

Request

GET /sync?ssp=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: x.bidswitch.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://setupad-d.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://x.bidswitch.net/ul_cb/sync?ssp=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

35.214.136.108:443

Request

GET /ul_cb/sync?ssp=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: x.bidswitch.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://u.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: tuuid=6705e482-1006-4c29-8180-4596b7287470
cookie: tuuid_lu=1728814192
cookie: c=1728814192
GET

https://x.bidswitch.net/ul_cb/sync?ssp=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

35.214.136.108:443

Request

GET /ul_cb/sync?ssp=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: x.bidswitch.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://setupad-d.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: tuuid_lu=1728814192
cookie: c=1728814192
cookie: tuuid=119bd3cd-8272-4f61-9cc2-15763f29355e
GET

https://x.bidswitch.net/sync?ssp=adaptmx&user_id=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---

chrome.exe

Remote address:

35.214.136.108:443

Request

GET /sync?ssp=adaptmx&user_id=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1--- HTTP/2.0
host: x.bidswitch.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: c=1728814192
cookie: tuuid_lu=1728814192
cookie: tuuid=6705e482-1006-4c29-8180-4596b7287470
GET

https://x.bidswitch.net/sync?dsp_id=283&user_id=eed3597a-536d-4940-a699-955bbf388f92&expires=1&user_group=2&ssp=openx&bsw_param=119bd3cd-8272-4f61-9cc2-15763f29355e&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr_pd=

chrome.exe

Remote address:

35.214.136.108:443

Request

GET /sync?dsp_id=283&user_id=eed3597a-536d-4940-a699-955bbf388f92&expires=1&user_group=2&ssp=openx&bsw_param=119bd3cd-8272-4f61-9cc2-15763f29355e&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr_pd= HTTP/2.0
host: x.bidswitch.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://setupad-d.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: c=1728814192
cookie: tuuid_lu=1728814192
cookie: tuuid=119bd3cd-8272-4f61-9cc2-15763f29355e
GET

https://x.bidswitch.net/sync?dsp_id=4&user_id=0eb988fc-5a9f-4f10-a22a-af7190f87c0c&ssp=openx&expires=30&user_group=5&bsw_param=6705e482-1006-4c29-8180-4596b7287470

chrome.exe

Remote address:

35.214.136.108:443

Request

GET /sync?dsp_id=4&user_id=0eb988fc-5a9f-4f10-a22a-af7190f87c0c&ssp=openx&expires=30&user_group=5&bsw_param=6705e482-1006-4c29-8180-4596b7287470 HTTP/2.0
host: x.bidswitch.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://u.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: c=1728814192
cookie: tuuid_lu=1728814192
cookie: tuuid=119bd3cd-8272-4f61-9cc2-15763f29355e
GET

https://x.bidswitch.net/sync?dsp_id=429&user_id=0d6c49c7-386c-521f-9a6f-d529fd644958&ssp=adaptmx&expires=30&user_group=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

35.214.136.108:443

Request

GET /sync?dsp_id=429&user_id=0d6c49c7-386c-521f-9a6f-d529fd644958&ssp=adaptmx&expires=30&user_group=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: x.bidswitch.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: c=1728814192
cookie: tuuid_lu=1728814192
cookie: tuuid=119bd3cd-8272-4f61-9cc2-15763f29355e
GET

https://tr.blismedia.com/v1/api/sync/openx?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

34.96.105.8:443

Request

GET /v1/api/sync/openx?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: tr.blismedia.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://u.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://tr.blismedia.com/v1/api/sync/openx?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

34.96.105.8:443

Request

GET /v1/api/sync/openx?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: tr.blismedia.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://setupad-d.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://pr-bh.ybp.yahoo.com/sync/openx/bfdd9b33-882b-adf2-7e56-a207c7f75d76?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

34.249.211.147:443

Request

GET /sync/openx/bfdd9b33-882b-adf2-7e56-a207c7f75d76?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: pr-bh.ybp.yahoo.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://u.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:52 GMT
content-type: image/gif
content-length: 43
age: 0
strict-transport-security: max-age=31536000
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
set-cookie: A3=d=AQABBHCcC2cCEN_V217N3Mr3gshwq7nAEegFEgEBAQHtDGcVZwAAAAAA_eMAAA&S=AQAAAmCnB61x3_x_jU67F6jIuEo; Expires=Mon, 13 Oct 2025 16:09:52 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
GET

https://pr-bh.ybp.yahoo.com/sync/openx/bfdd9b33-882b-adf2-7e56-a207c7f75d76?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

34.249.211.147:443

Request

GET /sync/openx/bfdd9b33-882b-adf2-7e56-a207c7f75d76?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: pr-bh.ybp.yahoo.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://setupad-d.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:53 GMT
content-type: image/gif
content-length: 43
age: 0
strict-transport-security: max-age=31536000
server: ATS
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
set-cookie: A3=d=AQABBHGcC2cCEPjv7vxgVPucHR434H1OYzgFEgEBAQHtDGcVZwAAAAAA_eMAAA&S=AQAAAjBtUax3OYwQPEdq0atdwtA; Expires=Mon, 13 Oct 2025 16:09:53 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly
GET

https://creativecdn.com/cm-notify?pi=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

185.184.8.90:443

Request

GET /cm-notify?pi=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: creativecdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://u.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Sun, 13 Oct 2024 10:09:52 GMT
vary: Accept-Encoding
set-cookie: g=N0dPEaIGLmo2EJlLpoRT_1728814192901;Path=/;Domain=.creativecdn.com;Expires=Mon, 13-Oct-2025 10:09:52 GMT;Max-Age=31536000;Secure;SameSite=None
set-cookie: ts=1728814192;Path=/;Domain=.creativecdn.com;Expires=Mon, 13-Oct-2025 10:09:52 GMT;Max-Age=31536000;Secure;SameSite=None;Partitioned
expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://creativecdn.com/cm-notify?pi=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&tc=1
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
pragma: no-cache
date: Sun, 13 Oct 2024 10:09:52 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-length: 0
GET

https://creativecdn.com/cm-notify?pi=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

185.184.8.90:443

Request

GET /cm-notify?pi=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: creativecdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://setupad-d.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Sun, 13 Oct 2024 10:09:52 GMT
vary: Accept-Encoding
set-cookie: g=UXemsW0pUam0bp2iauJw_1728814192930;Path=/;Domain=.creativecdn.com;Expires=Mon, 13-Oct-2025 10:09:52 GMT;Max-Age=31536000;Secure;SameSite=None
set-cookie: ts=1728814192;Path=/;Domain=.creativecdn.com;Expires=Mon, 13-Oct-2025 10:09:52 GMT;Max-Age=31536000;Secure;SameSite=None;Partitioned
expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://creativecdn.com/cm-notify?pi=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&tc=1
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
pragma: no-cache
date: Sun, 13 Oct 2024 10:09:52 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-length: 0
GET

https://creativecdn.com/cm-notify?pi=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&tc=1

chrome.exe

Remote address:

185.184.8.90:443

Request

GET /cm-notify?pi=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&tc=1 HTTP/2.0
host: creativecdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://u.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: g=N0dPEaIGLmo2EJlLpoRT_1728814192901
cookie: ts=1728814192

Response

HTTP/2.0 302

date: Sun, 13 Oct 2024 10:09:52 GMT
vary: Accept-Encoding
location: https://us-u.openx.net/w/1.0/sd?id=537073053&val=48DmFt3tzc2iQH4wrypu71T7-NsV8Ho7TZZ0rRlol0s&pi=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&tc=1
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
pragma: no-cache
date: Sun, 13 Oct 2024 10:09:52 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-length: 0
GET

https://creativecdn.com/cm-notify?pi=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&tc=1

chrome.exe

Remote address:

185.184.8.90:443

Request

GET /cm-notify?pi=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&tc=1 HTTP/2.0
host: creativecdn.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://setupad-d.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: ts=1728814192
cookie: g=UXemsW0pUam0bp2iauJw_1728814192930

Response

HTTP/2.0 302

date: Sun, 13 Oct 2024 10:09:52 GMT
vary: Accept-Encoding
location: https://us-u.openx.net/w/1.0/sd?id=537073053&val=5GPfhDqFshFDGomReaoGBqoagdL4f3IDOUM-VZLGE14&pi=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&tc=1
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
pragma: no-cache
date: Sun, 13 Oct 2024 10:09:52 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-length: 0
GET

https://cms.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

91.228.74.200:443

Request

GET /pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: cms.quantserve.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://u.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Sun, 13 Oct 2024 10:09:52 GMT
content-length: 0
cache-control: private, no-store, proxy-revalidate
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&val=THFIaEMlTzpXI0wySiVVaR4jSzlXJUg8SyRlukwS
set-cookie: mc=670b9c70-e480c-cde33-c061b; Path=/; Domain=quantserve.com; Max-Age=34214400; Secure; SameSite=None
set-cookie: sp=CggIknESAxDSDQ==; Path=/; Domain=quantserve.com; Max-Age=7776000; Secure; SameSite=None
strict-transport-security: max-age=86400
GET

https://cms.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

91.228.74.200:443

Request

GET /pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: cms.quantserve.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://setupad-d.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Sun, 13 Oct 2024 10:09:52 GMT
content-length: 0
cache-control: private, no-store, proxy-revalidate
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&val=x8WtK8iRqnncl_kol8qwcMiTqCrcxKRwksfzD9wp
set-cookie: mc=670b9c70-edaf8-99a5c-699c5; Path=/; Domain=quantserve.com; Max-Age=34214400; Secure; SameSite=None
set-cookie: sp=CggIknESAxDSDQ==; Path=/; Domain=quantserve.com; Max-Age=7776000; Secure; SameSite=None
strict-transport-security: max-age=86400
GET

https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_sc&google_hm=NjMyNTgzOTYzOTg1MzQ5NzI=&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

142.250.179.226:443

Request

GET /pixel?google_nid=smartrtb_dbm&google_cm&google_sc&google_hm=NjMyNTgzOTYzOTg1MzQ5NzI=&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: cm.g.doubleclick.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://www.ldplayer.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: IDE=AHWqTUnDjAT7T3cMal_nK9UVvLpT7zftxCyEh0A5qOEplyEsVaG2ni3krcQNs-kP-3E
cookie: DSID=NO_DATA
GET

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=1804086296972189491&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

89.149.193.89:443

Request

GET /redir/?issi=1&partnerid=86&partneruserid=1804086296972189491&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/1.1
Host: rtb-csync.smartadserver.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9
Cookie: pbw=%24b%3d16999%3b%24o%3d11100; TestIfCookieP=ok; sasd2=q=%24qc%3D1500046319%3B%24ql%3DHigh%3B%24qt%3D78_2531_71284t%3B%24dma%3D0%3B%24qo%3D5&c=1&l&lo&lt=638644109840771358&o=1; sasd=%24qc%3D1500046319%3B%24ql%3DHigh%3B%24qt%3D78_2531_71284t%3B%24dma%3D0%3B%24qo%3D5; pid=63258396398534972; csync=160:1

Response

HTTP/1.1 200 OK

content-type: image/gif
date: Sun, 13 Oct 2024 10:09:52 GMT
cache-control: no-cache,no-store
pragma: no-cache
set-cookie: csync=86:1804086296972189491|160:1; expires=Mon, 13 Oct 2025 10:09:52 GMT; domain=smartadserver.com; path=/; secure; samesite=none
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
GET

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=155&partneruserid=AQAJHE2j9UILfAIZMDxnAQEBAQEBAQCThFoYMgEBAJOEWhgy&expiration=1728900592&nuid=SMART_USER_ID&is_secure=true&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1

chrome.exe

Remote address:

89.149.193.89:443

Request

GET /redir/?issi=1&partnerid=155&partneruserid=AQAJHE2j9UILfAIZMDxnAQEBAQEBAQCThFoYMgEBAJOEWhgy&expiration=1728900592&nuid=SMART_USER_ID&is_secure=true&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1 HTTP/1.1
Host: rtb-csync.smartadserver.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9
Cookie: pbw=%24b%3d16999%3b%24o%3d11100; TestIfCookieP=ok; sasd2=q=%24qc%3D1500046319%3B%24ql%3DHigh%3B%24qt%3D78_2531_71284t%3B%24dma%3D0%3B%24qo%3D5&c=1&l&lo&lt=638644109840771358&o=1; sasd=%24qc%3D1500046319%3B%24ql%3DHigh%3B%24qt%3D78_2531_71284t%3B%24dma%3D0%3B%24qo%3D5; pid=63258396398534972; csync=86:1804086296972189491|160:1

Response

HTTP/1.1 200 OK

content-type: image/gif
date: Sun, 13 Oct 2024 10:09:52 GMT
cache-control: no-cache,no-store
pragma: no-cache
set-cookie: csync=86:1804086296972189491|155:AQAJHE2j9UILfAIZMDxnAQEBAQEBAQCThFoYMgEBAJOEWhgy|160:1; expires=Mon, 13 Oct 2025 10:09:52 GMT; domain=smartadserver.com; path=/; secure; samesite=none
transfer-encoding: chunked
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
DNS

chrome.exe

Remote address:

89.149.193.89:443

Response

HTTP/1.1 408 Request Time-out

Content-length: 110
Cache-Control: no-cache
Connection: close
Content-Type: text/html
GET

https://assets.a-mo.net/js/cframe.js

chrome.exe

Remote address:

104.19.158.19:443

Request

GET /js/cframe.js HTTP/2.0
host: assets.a-mo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: pamuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8

Response

HTTP/2.0 200

date: Sun, 13 Oct 2024 10:09:52 GMT
content-type: text/javascript
last-modified: Wed, 28 Aug 2024 17:55:24 GMT
etag: W/"336b804960f2d2e05b7372cfcf7ca6f7"
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
via: 1.1 50fe359d704e2db97a226367d34cf076.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-C1
x-amz-cf-id: U0w6eMVeiLgbTDWGWJzBt4mMSGnRpefxaCiJVGLw1W-yBI2de3nnrQ==
cf-cache-status: HIT
age: 56
expires: Sun, 13 Oct 2024 11:09:52 GMT
cache-control: public, max-age=3600
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d1e8961df6e407d-LHR
content-encoding: br
DNS

172.202.215.63.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.202.215.63.in-addr.arpa

IN PTR

Response

172.202.215.63.in-addr.arpa

IN PTR

ams05-nessy-float2dotomicom
DNS

image2.pubmatic.com

Remote address:

8.8.8.8:53

Request

image2.pubmatic.com

IN A

Response

image2.pubmatic.com

IN CNAME

image2v2.pubmnet.com

image2v2.pubmnet.com

IN CNAME

pug-lhr-bc.pubmnet.com

pug-lhr-bc.pubmnet.com

IN A

185.64.191.210
DNS

155.36.18.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

155.36.18.104.in-addr.arpa

IN PTR

Response
DNS

11.208.89.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.208.89.185.in-addr.arpa

IN PTR

Response

11.208.89.185.in-addr.arpa

IN PTR

prebidams3adnexusnet
DNS

254.4.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

254.4.107.13.in-addr.arpa

IN PTR

Response
DNS

68.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.159.190.20.in-addr.arpa

IN PTR

Response
DNS

92.129.74.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

92.129.74.13.in-addr.arpa

IN PTR

Response
DNS

132.194.113.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

132.194.113.52.in-addr.arpa

IN PTR

Response
DNS

arc.msn.com

Remote address:

8.8.8.8:53

Request

arc.msn.com

IN A

Response

arc.msn.com

IN CNAME

arc.trafficmanager.net

arc.trafficmanager.net

IN CNAME

iris-de-prod-azsc-v2-frc.francecentral.cloudapp.azure.com

iris-de-prod-azsc-v2-frc.francecentral.cloudapp.azure.com

IN A

20.199.58.43
DNS

arc.msn.com

Remote address:

8.8.8.8:53

Request

arc.msn.com

IN A

Response

arc.msn.com

IN CNAME

arc.trafficmanager.net

arc.trafficmanager.net

IN CNAME

iris-de-prod-azsc-v2-frc-b.francecentral.cloudapp.azure.com

iris-de-prod-azsc-v2-frc-b.francecentral.cloudapp.azure.com

IN A

20.74.47.205
DNS

205.47.74.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

205.47.74.20.in-addr.arpa

IN PTR

Response
DNS

205.47.74.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

205.47.74.20.in-addr.arpa

IN PTR
DNS

8.105.96.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.105.96.34.in-addr.arpa

IN PTR

Response

8.105.96.34.in-addr.arpa

IN PTR

81059634bcgoogleusercontentcom
DNS

8.105.96.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.105.96.34.in-addr.arpa

IN PTR

Response

8.105.96.34.in-addr.arpa

IN PTR

81059634bcgoogleusercontentcom
DNS

108.136.214.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

108.136.214.35.in-addr.arpa

IN PTR

Response

108.136.214.35.in-addr.arpa

IN PTR

10813621435bcgoogleusercontentcom
DNS

ap.lijit.com

Remote address:

8.8.8.8:53

Request

ap.lijit.com

IN A

Response

ap.lijit.com

IN CNAME

vap.lijit.com

vap.lijit.com

IN CNAME

emeas.vap.lijit.com

emeas.vap.lijit.com

IN CNAME

eu.vap.lijit.com

eu.vap.lijit.com

IN CNAME

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

52.48.236.83

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

34.250.210.82

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

63.34.78.4

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

52.214.82.84

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

54.76.198.232

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

52.17.212.168

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

34.252.62.212

blackbird-prd-ew1-alb-87915139.eu-west-1.elb.amazonaws.com

IN A

52.50.239.198
DNS

id.rtb.mx

Remote address:

8.8.8.8:53

Request

id.rtb.mx

IN A

Response

id.rtb.mx

IN CNAME

id.a-mx.com

id.a-mx.com

IN A

79.127.216.47

id.a-mx.com

IN A

79.127.227.46
DNS

id.rtb.mx

Remote address:

8.8.8.8:53

Request

id.rtb.mx

IN A

Response

id.rtb.mx

IN CNAME

id.a-mx.com

id.a-mx.com

IN A

79.127.216.47

id.a-mx.com

IN A

79.127.227.46
DNS

147.211.249.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

147.211.249.34.in-addr.arpa

IN PTR

Response

147.211.249.34.in-addr.arpa

IN PTR

ec2-34-249-211-147 eu-west-1compute amazonawscom
DNS

id.a-mx.com

Remote address:

8.8.8.8:53

Request

id.a-mx.com

IN A

Response

id.a-mx.com

IN A

79.127.227.46

id.a-mx.com

IN A

79.127.216.47
DNS

id.a-mx.com

Remote address:

8.8.8.8:53

Request

id.a-mx.com

IN A

Response

id.a-mx.com

IN A

79.127.227.46

id.a-mx.com

IN A

79.127.216.47
DNS

200.74.228.91.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.74.228.91.in-addr.arpa

IN PTR

Response
DNS

ssum.casalemedia.com

Remote address:

8.8.8.8:53

Request

ssum.casalemedia.com

IN A

Response

ssum.casalemedia.com

IN A

104.18.36.155

ssum.casalemedia.com

IN A

172.64.151.101
DNS

image4.pubmatic.com

Remote address:

8.8.8.8:53

Request

image4.pubmatic.com

IN A

Response

image4.pubmatic.com

IN CNAME

image4-v2.pubmnet.com

image4-v2.pubmnet.com

IN CNAME

spug-amsfpairbc.pubmnet.com

spug-amsfpairbc.pubmnet.com

IN A

198.47.127.20
DNS

image4.pubmatic.com

Remote address:

8.8.8.8:53

Request

image4.pubmatic.com

IN A

Response

image4.pubmatic.com

IN CNAME

image4-v2.pubmnet.com

image4-v2.pubmnet.com

IN CNAME

spug-amsfpairbc.pubmnet.com

spug-amsfpairbc.pubmnet.com

IN A

198.47.127.20
DNS

19.158.19.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.158.19.104.in-addr.arpa

IN PTR

Response
DNS

pb-am.a-mo.net

Remote address:

8.8.8.8:53

Request

pb-am.a-mo.net

IN A

Response

pb-am.a-mo.net

IN A

163.5.194.36

pb-am.a-mo.net

IN A

163.5.194.35

pb-am.a-mo.net

IN A

163.5.194.31

pb-am.a-mo.net

IN A

163.5.194.37

pb-am.a-mo.net

IN A

163.5.194.33

pb-am.a-mo.net

IN A

163.5.194.30

pb-am.a-mo.net

IN A

163.5.194.32

pb-am.a-mo.net

IN A

163.5.194.34
DNS

pb-am.a-mo.net

Remote address:

8.8.8.8:53

Request

pb-am.a-mo.net

IN A

Response

pb-am.a-mo.net

IN A

163.5.194.30

pb-am.a-mo.net

IN A

163.5.194.37

pb-am.a-mo.net

IN A

163.5.194.32

pb-am.a-mo.net

IN A

163.5.194.31

pb-am.a-mo.net

IN A

163.5.194.34

pb-am.a-mo.net

IN A

163.5.194.33

pb-am.a-mo.net

IN A

163.5.194.36

pb-am.a-mo.net

IN A

163.5.194.35
GET

https://cm.adform.net/cookie?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&redirect_url=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dadform%26uid%3D%24UID

chrome.exe

Remote address:

37.157.2.233:443

Request

GET /cookie?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&redirect_url=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dadform%26uid%3D%24UID HTTP/2.0
host: cm.adform.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: C=1
cookie: uid=5498570646921517865

Response

HTTP/2.0 302

server: nginx
date: Sun, 13 Oct 2024 10:09:53 GMT
content-length: 0
location: https://sync.a-mo.net/setuid?A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=adform&uid=5498570646921517865
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
set-cookie: uid=5498570646921517865; expires=Thu, 12 Dec 2024 10:09:53 GMT; domain=adform.net; path=/; secure; samesite=none
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
GET

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&redirectUri=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dsmartadserver%26uid%3D%5Bssb_sync_pid%5D

chrome.exe

Remote address:

5.135.209.100:443

Request

GET /api/sync?callerId=5&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&redirectUri=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dsmartadserver%26uid%3D%5Bssb_sync_pid%5D HTTP/2.0
host: ssbsync-global.smartadserver.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: pbw=%24b%3d16999%3b%24o%3d11100
cookie: TestIfCookieP=ok
cookie: sasd2=q=%24qc%3D1500046319%3B%24ql%3DHigh%3B%24qt%3D78_2531_71284t%3B%24dma%3D0%3B%24qo%3D5&c=1&l&lo&lt=638644109840771358&o=1
cookie: sasd=%24qc%3D1500046319%3B%24ql%3DHigh%3B%24qt%3D78_2531_71284t%3B%24dma%3D0%3B%24qo%3D5
cookie: pid=63258396398534972
cookie: csync=86:1804086296972189491|160:1

Response

HTTP/2.0 302

content-length: 0
date: Sun, 13 Oct 2024 10:09:53 GMT
location: https://sync.a-mo.net/setuid?A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=smartadserver&uid=63258396398534972
GET

https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-adaptmx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---

chrome.exe

Remote address:

69.173.156.148:443

Request

GET /exchange/sync.php?p=pbs-adaptmx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1--- HTTP/1.1
Host: pixel.rubiconproject.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://sync.a-mo.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
Expires: 0
X-RPHost: d0cea2fb47f5ddedaddf61763f0aedb4
Location: https://prebid.a-mo.net/setuid/magnite?uid=M27FC0QD-28-LN8E&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---
Content-Type: text/html
content-length: 0
set-cookie: audit_p=1|t+fsJEld4p3FImmiqmiKD8hhiG/5izH/V+gb6vzAGy1L4ZzJRzBoxG4+QMKZbKuQCMCMEbMyS+lYuqoIiPk057iLOlCEhdvdllG+kkmiE8vUFiXsDfa0Sku/wuthpqk+QNfVMtfKwhy4Zueiet6RS40WVf2tDDiQlALwP7cRvz11926LKwgVknjQhcEpB/MvyN7994gmuOOQLZgFdYjsG5NDzTq/cbhiPE24ANzwq2xCeiG1D+NKJkFcUwQGPJmNccDa8+l3HVkpXC7FRpEsk5Ld3m6+IVniiGlK3hHaAojBszWiRpde5lUJM6216aE5HoEqAEnab7sR+x12K8Dg4xIGwGhMXfmZMMeo804Zg/r1nV1BHEVcwYixhDGxVgBCFO8Vmd5vJdu7adBCpA5aLiJdkDXED7EPCcwE2OzkPUClJ7Fi7tWtk1ISLniHOZtGo/1zZWXRbdMsgGIGF1Wx9y1DDaETZfpMyt5eER22kcAP+K0Zi/DDxGqgRPAjc6Lq28Z0bMiZpw7UYrJ1/Kdhd/CdVuGqiv8Qgbck/bVoK6A/BaMfadThmvM9iCkqwHQHuongBfJHVxTEGF8GbtNoXY5n6tOEmZgGfmPwpq3bEGjAnAdSw9ZE+ATDTRg9hbgjOEoXFBW6GTiEaVmtnhUqvp0WT8FIaWpRNNzGA2Mz7OlHhpjkeQ/zczL3kJdc8uYPSYugQL6jDLsta2xHd2uSX0I6zcETxy5mZwtkR9xY9glqzAt6F2z8l6Hi+HNckG6PYDtEhWB+THdmFSnE8QMP+2n4UwxpKezzK3f7YEbpk918QWQ4kmkU0LovheMeAkdRMhjEalMIFwUDyqmhE66nqqevtWYUqrn9FaTEDsRIJGFM9+XfOsBdWdsesfJn1+uLcUfaXTqoCYQ2lZjJTPQ9zzL7ZSli746mA74hRcx5CY/08m1nGGvwsRTgctH50OFbgpJCSsD0lxyKdHdt+Vidl4lPhcqOTSehr1utVgGBMTQTaJCtGG1avzjnITI3UjM7ocHmiSwXbEC8lLnJyIk1FVXI/c+Tuxv93+wvur81X4Ceb/MCfmXbpjjnH0Q5mgWUoVtm1xImMMMDefUap6Njsp8Fokuj4Mgeqc8nbQ4AnDgBDT+RSGce4B3UAMUNGDp0I5GuVbajN+9cP2231KKEjd6hLz6A/5Ht1ZKSmpNDX5LuS2MTYETwPcZdg9yGeeAiYejKg/y/QtS232zHWzBC33LH/iPBuRme/+/hUw/Lc2/14HXe7/tZ+gld3ZPh9zI4Vs+NBykDaXvGEtNIY1GQ9lFoXwCI5sy0Q6t4Kqx5DMG8w77LeeeUpceemw+upqAveG2n49K37Y7GyFpcChah1P3bjv6d1wCGMdIAD2O6NF7LT9Y2IZ4/0J1wy1XIE3XOmym+IG56KjPQgGXNG2RUUmYfWk8X7iKIDCg7aWkA0e69dKHTRM8g9H80xN6T/PFOk+gE7tOQCkrUY0OtRrUrkZHaNL9usltGP4fHZyD9VCut8n0Js2dYTxKqs4oAycBJSiHVyGH0U0M=; Max-Age=31536000; Expires=Mon, 13 Oct 2025 10:09:53 GMT; Path=/; Domain=.rubiconproject.com; Secure; SameSite=None; Partitioned;
set-cookie: khaos=M27FC0QD-28-LN8E; Max-Age=31536000; Expires=Mon, 13 Oct 2025 10:09:53 GMT; Path=/; Domain=.rubiconproject.com; Secure; SameSite=None
set-cookie: khaos_p=M27FC0QD-28-LN8E; Max-Age=31536000; Expires=Mon, 13 Oct 2025 10:09:53 GMT; Path=/; Domain=.rubiconproject.com; Secure; SameSite=None; Partitioned;
set-cookie: audit=1|t+fsJEld4p3FImmiqmiKD8hhiG/5izH/V+gb6vzAGy1L4ZzJRzBoxG4+QMKZbKuQCMCMEbMyS+lYuqoIiPk057iLOlCEhdvdllG+kkmiE8vUFiXsDfa0Sku/wuthpqk+QNfVMtfKwhy4Zueiet6RS40WVf2tDDiQlALwP7cRvz11926LKwgVknjQhcEpB/MvyN7994gmuOOQLZgFdYjsG5NDzTq/cbhiPE24ANzwq2xCeiG1D+NKJkFcUwQGPJmNccDa8+l3HVkpXC7FRpEsk5Ld3m6+IVniiGlK3hHaAojBszWiRpde5lUJM6216aE5HoEqAEnab7sR+x12K8Dg4xIGwGhMXfmZMMeo804Zg/r1nV1BHEVcwYixhDGxVgBCFO8Vmd5vJdu7adBCpA5aLiJdkDXED7EPCcwE2OzkPUClJ7Fi7tWtk1ISLniHOZtGo/1zZWXRbdMsgGIGF1Wx9y1DDaETZfpMyt5eER22kcAP+K0Zi/DDxGqgRPAjc6Lq28Z0bMiZpw7UYrJ1/Kdhd/CdVuGqiv8Qgbck/bVoK6A/BaMfadThmvM9iCkqwHQHuongBfJHVxTEGF8GbtNoXY5n6tOEmZgGfmPwpq3bEGjAnAdSw9ZE+ATDTRg9hbgjOEoXFBW6GTiEaVmtnhUqvp0WT8FIaWpRNNzGA2Mz7OlHhpjkeQ/zczL3kJdc8uYPSYugQL6jDLsta2xHd2uSX0I6zcETxy5mZwtkR9xY9glqzAt6F2z8l6Hi+HNckG6PYDtEhWB+THdmFSnE8QMP+2n4UwxpKezzK3f7YEbpk918QWQ4kmkU0LovheMeAkdRMhjEalMIFwUDyqmhE66nqqevtWYUqrn9FaTEDsRIJGFM9+XfOsBdWdsesfJn1+uLcUfaXTqoCYQ2lZjJTPQ9zzL7ZSli746mA74hRcx5CY/08m1nGGvwsRTgctH50OFbgpJCSsD0lxyKdHdt+Vidl4lPhcqOTSehr1utVgGBMTQTaJCtGG1avzjnITI3UjM7ocHmiSwXbEC8lLnJyIk1FVXI/c+Tuxv93+wvur81X4Ceb/MCfmXbpjjnH0Q5mgWUoVtm1xImMMMDefUap6Njsp8Fokuj4Mgeqc8nbQ4AnDgBDT+RSGce4B3UAMUNGDp0I5GuVbajN+9cP2231KKEjd6hLz6A/5Ht1ZKSmpNDX5LuS2MTYETwPcZdg9yGeeAiYejKg/y/QtS232zHWzBC33LH/iPBuRme/+/hUw/Lc2/14HXe7/tZ+gld3ZPh9zI4Vs+NBykDaXvGEtNIY1GQ9lFoXwCI5sy0Q6t4Kqx5DMG8w77LeeeUpceemw+upqAveG2n49K37Y7GyFpcChah1P3bjv6d1wCGMdIAD2O6NF7LT9Y2IZ4/0J1wy1XIE3XOmym+IG56KjPQgGXNG2RUUmYfWk8X7iKIDCg7aWkA0e69dKHTRM8g9H80xN6T/PFOk+gE7tOQCkrUY0OtRrUrkZHaNL9usltGP4fHZyD9VCut8n0Js2dYTxKqs4oAycBJSiHVyGH0U0M=; Max-Age=31536000; Expires=Mon, 13 Oct 2025 10:09:53 GMT; Path=/; Domain=.rubiconproject.com; Secure; SameSite=None
set-cookie: receive-cookie-deprecation=1; Max-Age=7776000; Expires=Sat, 11 Jan 2025 10:09:53 GMT; Path=/; Domain=.rubiconproject.com; Secure; HTTPOnly; SameSite=None; Partitioned;
GET

https://image8.pubmatic.com/AdServer/ImgSync?p=158355&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D158355%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fsync.a-mo.net%252Fsetuid%253FA%253D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%2526bidder%253Dpubmatic%2526uid%253D%2523PMUID

chrome.exe

Remote address:

198.47.127.18:443

Request

GET /AdServer/ImgSync?p=158355&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D158355%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fsync.a-mo.net%252Fsetuid%253FA%253D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%2526bidder%253Dpubmatic%2526uid%253D%2523PMUID HTTP/2.0
host: image8.pubmatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

content-type: text/html; charset=utf-8
location: /AdServer/ImgSync?p=158355&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D158355%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fsync.a-mo.net%252Fsetuid%253FA%253D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%2526bidder%253Dpubmatic%2526uid%253D%2523PMUID&rdf=1
set-cookie: KTPCACOOKIE=YES; domain=pubmatic.com; path=/; max-age=86400; SameSite=None; secure;
date: Sun, 13 Oct 2024 10:09:52 GMT
content-length: 842
GET

https://image8.pubmatic.com/AdServer/ImgSync?p=158355&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D158355%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fsync.a-mo.net%252Fsetuid%253FA%253D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%2526bidder%253Dpubmatic%2526uid%253D%2523PMUID&rdf=1

chrome.exe

Remote address:

198.47.127.18:443

Request

GET /AdServer/ImgSync?p=158355&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D158355%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fsync.a-mo.net%252Fsetuid%253FA%253D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%2526bidder%253Dpubmatic%2526uid%253D%2523PMUID&rdf=1 HTTP/2.0
host: image8.pubmatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: KTPCACOOKIE=YES

Response

HTTP/2.0 302

content-type: text/html; charset=utf-8
location: https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QzIwRDQ5QUQtQTZFMS00NzA0LThFNkMtQzQxOUYyRDE2QkZE&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&google_cm
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
set-cookie: SyncRTB4=1729987200%3A220; domain=pubmatic.com; path=/; max-age=7776000; SameSite=None; secure;
set-cookie: ipc=158355^https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D158355%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fsync.a-mo.net%252Fsetuid%253FA%253D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%2526bidder%253Dpubmatic%2526uid%253D%2523PMUID^1^0; domain=pubmatic.com; path=/; max-age=3; SameSite=None; secure;
set-cookie: pi=158355:2; domain=pubmatic.com; path=/; max-age=86400; SameSite=None; secure;
set-cookie: KADUSERCOOKIE=C20D49AD-A6E1-4704-8E6C-C419F2D16BFD; domain=pubmatic.com; path=/; max-age=31536000; SameSite=None; secure;
set-cookie: chkChromeAb67Sec=1; domain=pubmatic.com; path=/; max-age=7776000; SameSite=None; secure;
date: Sun, 13 Oct 2024 10:09:52 GMT
content-length: 684
GET

https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=${US_PRIVACY}

chrome.exe

Remote address:

198.47.127.18:443

Request

GET /AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=${US_PRIVACY} HTTP/2.0
host: image8.pubmatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: KTPCACOOKIE=YES
cookie: SyncRTB4=1729987200%3A220
cookie: ipc=158355^https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D158355%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fsync.a-mo.net%252Fsetuid%253FA%253D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%2526bidder%253Dpubmatic%2526uid%253D%2523PMUID^1^0
cookie: pi=158355:2
cookie: KADUSERCOOKIE=C20D49AD-A6E1-4704-8E6C-C419F2D16BFD
cookie: chkChromeAb67Sec=1
cookie: KRTBCOOKIE_80=22987-CAESEKPKjEunpJrgEhZYwXiHSJw&KRTB&16514-CAESEKPKjEunpJrgEhZYwXiHSJw&KRTB&23025-CAESEKPKjEunpJrgEhZYwXiHSJw&KRTB&23386-CAESEKPKjEunpJrgEhZYwXiHSJw
cookie: PugT=1728814193

Response

HTTP/2.0 302

content-type: text/html; charset=utf-8
location: https://image4.pubmatic.com/AdServer/SPug?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&p=158355&pmc=1&pr=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dpubmatic%26uid%3DC20D49AD-A6E1-4704-8E6C-C419F2D16BFD&us_privacy=%24%7BUS_PRIVACY%7D
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
set-cookie: ipc=; domain=pubmatic.com; path=/; max-age=0; SameSite=None; secure;
set-cookie: pi=158355:3; domain=pubmatic.com; path=/; max-age=86400; SameSite=None; secure;
set-cookie: KADUSERCOOKIE=C20D49AD-A6E1-4704-8E6C-C419F2D16BFD; domain=pubmatic.com; path=/; max-age=31536000; SameSite=None; secure;
set-cookie: chkChromeAb67Sec=2; domain=pubmatic.com; path=/; max-age=7776000; SameSite=None; secure;
date: Sun, 13 Oct 2024 10:09:51 GMT
content-length: 800
GET

https://ssum.casalemedia.com/usermatchredir?s=191503&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&cb=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dindex_rtb%26uid%3D

chrome.exe

Remote address:

104.18.36.155:443

Request

GET /usermatchredir?s=191503&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&cb=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dindex_rtb%26uid%3D HTTP/2.0
host: ssum.casalemedia.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

date: Sun, 13 Oct 2024 10:09:53 GMT
content-length: 0
location: /usermatchredir?cb=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3Fgdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA%26A%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dindex_rtb%26uid%3D&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&s=191503&us_privacy=1---&C=1
cf-ray: 8d1e8962aa30732a-LHR
cf-cache-status: DYNAMIC
cache-control: no-cache
expires: 0
set-cookie: CMID=ZwuccbmqPjYAABz5AFzYNwAA; Path=/; Domain=casalemedia.com; Expires=Mon, 13 Oct 2025 10:09:53 GMT; Max-Age=31536000; Secure; SameSite=None
pragma: no-cache
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
set-cookie: CMPS=4432; Path=/; Domain=casalemedia.com; Expires=Sat, 11 Jan 2025 10:09:53 GMT; Max-Age=7776000; Secure; SameSite=None
set-cookie: CMPRO=4432; Path=/; Domain=casalemedia.com; Expires=Sat, 11 Jan 2025 10:09:53 GMT; Max-Age=7776000; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=65c%2FmgTMFY74ea9nxG0RaWtCTnkbfWK9OSXCNGQz6VC877jpEMAVKtcF6KONLd0wp0fNcBt0koLixh9fmE9j4lNYdwOgk%2Bcz%2B%2FFfJp9qlAt0ZDJoqX%2BTFtajXIerLE5fxxWq6WOh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400
GET

https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3Fgdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA%26A%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dindex_rtb%26uid%3D&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&s=191503&us_privacy=1---&C=1

chrome.exe

Remote address:

104.18.36.155:443

Request

GET /usermatchredir?cb=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3Fgdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA%26A%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dindex_rtb%26uid%3D&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&s=191503&us_privacy=1---&C=1 HTTP/2.0
host: ssum.casalemedia.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: CMID=ZwuccbmqPjYAABz5AFzYNwAA
cookie: CMPS=4432
cookie: CMPRO=4432

Response

HTTP/2.0 302

date: Sun, 13 Oct 2024 10:09:53 GMT
content-length: 0
location: https://sync.a-mo.net/setuid?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=index_rtb&uid=ZwuccbmqPjYAABz5AFzYNwAA%264432
cf-ray: 8d1e8962ea63732a-LHR
cf-cache-status: DYNAMIC
cache-control: no-cache
expires: 0
set-cookie: CMID=ZwuccbmqPjYAABz5AFzYNwAA; Path=/; Domain=casalemedia.com; Expires=Mon, 13 Oct 2025 10:09:53 GMT; Max-Age=31536000; Secure; SameSite=None
pragma: no-cache
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
set-cookie: CMPRO=4432; Path=/; Domain=casalemedia.com; Expires=Sat, 11 Jan 2025 10:09:53 GMT; Max-Age=7776000; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RWbNGBtcoy8VJkCHthVK08t44qdzDmFLHS1qsu6UMquAfqnBUUsyzfs21Eg1v5Z%2BzDkPJq3uz%2BJXPVR4dhd3%2Buif33TUz7S89AQX5e%2BJLK7%2BT0BjuVe4AnmSAvUydmBqbMaHfjyf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400
GET

https://ap.lijit.com/pixel?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&redir=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dsovrn%26uid%3D%24UID

chrome.exe

Remote address:

52.48.236.83:443

Request

GET /pixel?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&redir=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dsovrn%26uid%3D%24UID HTTP/2.0
host: ap.lijit.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 204

date: Sun, 13 Oct 2024 10:09:53 GMT
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-methods: GET, POST, DELETE, PUT
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Content-Type
GET

https://id.a-mx.com/u?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&cb=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Damx_com%26uid%3D

chrome.exe

Remote address:

79.127.227.46:443

Request

GET /u?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&cb=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Damx_com%26uid%3D HTTP/1.1
Host: id.a-mx.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://sync.a-mo.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

date: Sun, 13 Oct 2024 10:09:52 GMT
location: https://prebid.a-mo.net/cjoin/1?cb=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Damx_com%26uid%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8&uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&?us_privacy=1---&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1
content-length: 0
set-cookie: _amuts=1; Max-Age=86400; Expires=Mon, 14 Oct 2024 10:09:53 GMT; Secure; HTTPOnly; SameSite=None
set-cookie: amdt_t=p::1728814193088; Max-Age=31536000; Expires=Mon, 13 Oct 2025 10:09:53 GMT; Path=/; Domain=a-mx.com; Secure; HTTPOnly; SameSite=None
set-cookie: amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8; Max-Age=31536000; Expires=Mon, 13 Oct 2025 10:09:53 GMT; Path=/; Domain=a-mx.com; Secure; HTTPOnly; SameSite=None
GET

https://id.a-mx.com/sync?tao=1&&uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8

chrome.exe

Remote address:

79.127.227.46:443

Request

GET /sync?tao=1&&uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8 HTTP/1.1
Host: id.a-mx.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
Origin: https://sync.a-mo.net
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://sync.a-mo.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9
Cookie: _amuts=1; amdt_t=p::1728814193088; amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8

Response

HTTP/1.1 200 OK

date: Sun, 13 Oct 2024 10:09:53 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://sync.a-mo.net
Timing-Allow-Origin: https://sync.a-mo.net
content-type: application/json
content-length: 66
GET

https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=openx&bsw_custom_parameter=6705e482-1006-4c29-8180-4596b7287470&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

35.214.241.248:443

Request

GET /bsw_sync?bidswitch_ssp_id=openx&bsw_custom_parameter=6705e482-1006-4c29-8180-4596b7287470&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: ads.creative-serving.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://u.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=openx&bsw_custom_parameter=6705e482-1006-4c29-8180-4596b7287470&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

35.214.241.248:443

Request

GET /ul_cb/bsw_sync?bidswitch_ssp_id=openx&bsw_custom_parameter=6705e482-1006-4c29-8180-4596b7287470&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: ads.creative-serving.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://u.openx.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: tuuid=0eb988fc-5a9f-4f10-a22a-af7190f87c0c
cookie: c=1728814193
cookie: tuuid_lu=1728814193
GET

https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=openx&bsw_custom_parameter=119bd3cd-8272-4f61-9cc2-15763f29355e&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr_pd=&us_privacy=

chrome.exe

Remote address:

51.255.68.171:443

Request

GET /bidswitch/sync?bidswitch_ssp_id=openx&bsw_custom_parameter=119bd3cd-8272-4f61-9cc2-15763f29355e&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr_pd=&us_privacy= HTTP/1.1
Host: dsp.nrich.ai
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://setupad-d.openx.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 302 Found

Server: nginx
Date: Sun, 13 Oct 2024 10:09:53 GMT
Content-Type: -
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=5
Location: https://x.bidswitch.net/sync?dsp_id=283&user_id=eed3597a-536d-4940-a699-955bbf388f92&expires=1&user_group=2&ssp=openx&bsw_param=119bd3cd-8272-4f61-9cc2-15763f29355e&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr_pd=
Set-Cookie: _nauid=eed3597a-536d-4940-a699-955bbf388f92; Path=/; Domain=.nrich.ai; Expires=Mon, 06 Apr 2026 10:09:53 GMT; Max-Age=46656000; Secure; SameSite=None
Strict-Transport-Security: max-age=63072000; preload
GET

https://ads.betweendigital.com/match?bidder_id=43092&gdpr=1&consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dadaptmx%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

chrome.exe

Remote address:

188.42.189.197:443

Request

GET /match?bidder_id=43092&gdpr=1&consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dadaptmx%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA HTTP/2.0
host: ads.betweendigital.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 302

location: /match?bidder_id=43092&gdpr=1&consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dadaptmx%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&crf=1&rts=4183004200302975065
cache-control: no-cache, no-store, max-age=0, must-revalidate
set-cookie: dc=lux1; Max-Age=31536000; Expires=Mon, 13 Oct 2025 10:09:53 GMT; Path=/; Domain=.betweendigital.com; SameSite=None; Secure
set-cookie: tuuid=0d6c49c7-386c-521f-9a6f-d529fd644958; Max-Age=31536000; Expires=Mon, 13 Oct 2025 10:09:53 GMT; Path=/; Domain=.betweendigital.com; SameSite=None; Secure
set-cookie: ut=ZwuccQACC3D_AeCbnerPINQwy9pCK_rShJKBLg==; Max-Age=31536000; Expires=Mon, 13 Oct 2025 10:09:53 GMT; Path=/; Domain=.betweendigital.com; SameSite=None; Secure
set-cookie: ss=1; Max-Age=31536000; Expires=Mon, 13 Oct 2025 10:09:53 GMT; Path=/; Domain=.betweendigital.com; SameSite=None; Secure
content-length: 0
GET

https://ads.betweendigital.com/match?bidder_id=43092&gdpr=1&consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dadaptmx%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&crf=1&rts=4183004200302975065

chrome.exe

Remote address:

188.42.189.197:443

Request

GET /match?bidder_id=43092&gdpr=1&consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dadaptmx%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&crf=1&rts=4183004200302975065 HTTP/2.0
host: ads.betweendigital.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: dc=lux1
cookie: tuuid=0d6c49c7-386c-521f-9a6f-d529fd644958
cookie: ut=ZwuccQACC3D_AeCbnerPINQwy9pCK_rShJKBLg==
cookie: ss=1

Response

HTTP/2.0 302

location: https://x.bidswitch.net/sync?dsp_id=429&user_id=0d6c49c7-386c-521f-9a6f-d529fd644958&ssp=adaptmx&expires=30&user_group=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
cache-control: no-cache, no-store, max-age=0, must-revalidate
set-cookie: dc=lux1; Max-Age=31536000; Expires=Mon, 13 Oct 2025 10:09:53 GMT; Path=/; Domain=.betweendigital.com; SameSite=None; Secure
set-cookie: tuuid=0d6c49c7-386c-521f-9a6f-d529fd644958; Max-Age=31536000; Expires=Mon, 13 Oct 2025 10:09:53 GMT; Path=/; Domain=.betweendigital.com; SameSite=None; Secure
set-cookie: ut=ZwuccQACp7DO3gGeIP4RlJpDU4JxfzNnq77fQg==; Max-Age=31536000; Expires=Mon, 13 Oct 2025 10:09:53 GMT; Path=/; Domain=.betweendigital.com; SameSite=None; Secure
content-length: 0
GET

https://prebid.a-mo.net/setuid/magnite?uid=M27FC0QD-28-LN8E&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---

chrome.exe

Remote address:

163.5.194.33:443

Request

GET /setuid/magnite?uid=M27FC0QD-28-LN8E&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1--- HTTP/2.0
host: prebid.a-mo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: pamuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: psd_amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: sd_amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: __amc=2_1728814184_1728814189
cookie: _sv3_13=1
cookie: _sv3_0=1

Response

HTTP/2.0 302

cache-control: max-age=0, private, must-revalidate
content-length: 0
date: Sun, 13 Oct 2024 10:09:52 GMT
location: https://sync.a-mo.net/setuid?A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=amx_com&uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
server: envoy
vary: accept-encoding
x-ms: 0
set-cookie: _Amc_b=501; path=/; expires=Sun, 13 Oct 2024 10:14:53 GMT; max-age=300; secure; HttpOnly; SameSite=None
set-cookie: _Amc_s=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA; path=/; expires=Sun, 13 Oct 2024 10:14:53 GMT; max-age=300; secure; HttpOnly; SameSite=None
set-cookie: _Amc_t=_T; path=/; expires=Sun, 13 Oct 2024 10:14:53 GMT; max-age=300; secure; HttpOnly; SameSite=None
set-cookie: p_Amc_b=501; path=/; expires=Sun, 13 Oct 2024 10:14:53 GMT; max-age=300; secure; HttpOnly; SameSite=None; Partitioned
set-cookie: p_Amc_s=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA; path=/; expires=Sun, 13 Oct 2024 10:14:53 GMT; max-age=300; secure; HttpOnly; SameSite=None; Partitioned
set-cookie: p_Amc_t=_T; path=/; expires=Sun, 13 Oct 2024 10:14:53 GMT; max-age=300; secure; HttpOnly; SameSite=None; Partitioned
x-envoy-upstream-service-time: 1
GET

https://prebid.a-mo.net/cjoin/1?cb=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Damx_com%26uid%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8&uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&?us_privacy=1---&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1

chrome.exe

Remote address:

163.5.194.33:443

Request

GET /cjoin/1?cb=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Damx_com%26uid%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8&uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&?us_privacy=1---&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1 HTTP/2.0
host: prebid.a-mo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: pamuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: psd_amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: sd_amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: __amc=2_1728814184_1728814189
cookie: _sv3_13=1
cookie: _sv3_0=1

Response

HTTP/2.0 204

cache-control: max-age=0, private, must-revalidate
date: Sun, 13 Oct 2024 10:09:52 GMT
server: envoy
vary: accept-encoding, Accept-Encoding
set-cookie: _Amc_b=501; path=/; expires=Sun, 13 Oct 2024 10:14:53 GMT; max-age=300; secure; HttpOnly; SameSite=None
set-cookie: _Amc_s=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA; path=/; expires=Sun, 13 Oct 2024 10:14:53 GMT; max-age=300; secure; HttpOnly; SameSite=None
set-cookie: _Amc_t=_T; path=/; expires=Sun, 13 Oct 2024 10:14:53 GMT; max-age=300; secure; HttpOnly; SameSite=None
set-cookie: _sv3_7=1; path=/; domain=a-mo.net; expires=Mon, 14 Oct 2024 10:09:53 GMT; max-age=86400; secure; HttpOnly; SameSite=None
set-cookie: p_Amc_b=501; path=/; expires=Sun, 13 Oct 2024 10:14:53 GMT; max-age=300; secure; HttpOnly; SameSite=None; Partitioned
set-cookie: p_Amc_s=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA; path=/; expires=Sun, 13 Oct 2024 10:14:53 GMT; max-age=300; secure; HttpOnly; SameSite=None; Partitioned
set-cookie: p_Amc_t=_T; path=/; expires=Sun, 13 Oct 2024 10:14:53 GMT; max-age=300; secure; HttpOnly; SameSite=None; Partitioned
x-envoy-upstream-service-time: 1
GET

https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&piggybackCookie=CAESEKPKjEunpJrgEhZYwXiHSJw&google_cver=1

chrome.exe

Remote address:

185.64.191.210:443

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&piggybackCookie=CAESEKPKjEunpJrgEhZYwXiHSJw&google_cver=1 HTTP/2.0
host: image2.pubmatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: KTPCACOOKIE=YES
cookie: SyncRTB4=1729987200%3A220
cookie: ipc=158355^https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D158355%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fsync.a-mo.net%252Fsetuid%253FA%253D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%2526bidder%253Dpubmatic%2526uid%253D%2523PMUID^1^0
cookie: pi=158355:2
cookie: KADUSERCOOKIE=C20D49AD-A6E1-4704-8E6C-C419F2D16BFD
cookie: chkChromeAb67Sec=1

Response

HTTP/2.0 302

server: nginx
date: Sun, 13 Oct 2024 10:09:53 GMT
set-cookie: KRTBCOOKIE_80=22987-CAESEKPKjEunpJrgEhZYwXiHSJw&KRTB&16514-CAESEKPKjEunpJrgEhZYwXiHSJw&KRTB&23025-CAESEKPKjEunpJrgEhZYwXiHSJw&KRTB&23386-CAESEKPKjEunpJrgEhZYwXiHSJw; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 11-Jan-2025 10:09:53 GMT; path=/
set-cookie: PugT=1728814193; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 12-Nov-2024 10:09:53 GMT; path=/
location: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=${US_PRIVACY}
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
GET

https://pb-am.a-mo.net/setuid?bidder=bid_switch&uid=119bd3cd-8272-4f61-9cc2-15763f29355e&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=

chrome.exe

Remote address:

163.5.194.36:443

Request

GET /setuid?bidder=bid_switch&uid=119bd3cd-8272-4f61-9cc2-15763f29355e&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy= HTTP/2.0
host: pb-am.a-mo.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: amuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: pamuid2=75d2d10c-50d4-49d8-9fb0-70edaf3398b8
cookie: _sv3_13=1
cookie: _sv3_0=1
cookie: _sv3_6=1
cookie: _sv3_8=1
cookie: _sv3_2=1
cookie: _sv3_7=1

Response

HTTP/2.0 204

cache-control: max-age=0, private, must-revalidate
date: Sun, 13 Oct 2024 10:09:53 GMT
server: envoy
vary: accept-encoding, Accept-Encoding
set-cookie: _Amc_b=501; path=/; expires=Sun, 13 Oct 2024 10:14:53 GMT; max-age=300; secure; HttpOnly; SameSite=None
set-cookie: _Amc_s=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA; path=/; expires=Sun, 13 Oct 2024 10:14:53 GMT; max-age=300; secure; HttpOnly; SameSite=None
set-cookie: _Amc_t=_T; path=/; expires=Sun, 13 Oct 2024 10:14:53 GMT; max-age=300; secure; HttpOnly; SameSite=None
set-cookie: _sv3_12=1; path=/; domain=a-mo.net; expires=Mon, 14 Oct 2024 10:09:53 GMT; max-age=86400; secure; HttpOnly; SameSite=None
set-cookie: p_Amc_b=501; path=/; expires=Sun, 13 Oct 2024 10:14:53 GMT; max-age=300; secure; HttpOnly; SameSite=None; Partitioned
set-cookie: p_Amc_s=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA; path=/; expires=Sun, 13 Oct 2024 10:14:53 GMT; max-age=300; secure; HttpOnly; SameSite=None; Partitioned
set-cookie: p_Amc_t=_T; path=/; expires=Sun, 13 Oct 2024 10:14:53 GMT; max-age=300; secure; HttpOnly; SameSite=None; Partitioned
x-envoy-upstream-service-time: 1
GET

https://image4.pubmatic.com/AdServer/SPug?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&p=158355&pmc=1&pr=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dpubmatic%26uid%3DC20D49AD-A6E1-4704-8E6C-C419F2D16BFD&us_privacy=%24%7BUS_PRIVACY%7D

chrome.exe

Remote address:

198.47.127.20:443

Request

GET /AdServer/SPug?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&p=158355&pmc=1&pr=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dpubmatic%26uid%3DC20D49AD-A6E1-4704-8E6C-C419F2D16BFD&us_privacy=%24%7BUS_PRIVACY%7D HTTP/2.0
host: image4.pubmatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: KTPCACOOKIE=YES
cookie: SyncRTB4=1729987200%3A220
cookie: KADUSERCOOKIE=C20D49AD-A6E1-4704-8E6C-C419F2D16BFD
cookie: KRTBCOOKIE_80=22987-CAESEKPKjEunpJrgEhZYwXiHSJw&KRTB&16514-CAESEKPKjEunpJrgEhZYwXiHSJw&KRTB&23025-CAESEKPKjEunpJrgEhZYwXiHSJw&KRTB&23386-CAESEKPKjEunpJrgEhZYwXiHSJw
cookie: PugT=1728814193
cookie: pi=158355:3
cookie: chkChromeAb67Sec=2

Response

HTTP/2.0 302

server: nginx
date: Sun, 13 Oct 2024 10:09:52 GMT
set-cookie: SPugT=1728814192; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 12-Nov-2024 10:09:52 GMT; path=/
location: https://sync.a-mo.net/setuid?A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=pubmatic&uid=C20D49AD-A6E1-4704-8E6C-C419F2D16BFD
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
GET

https://prebid.adnxs.com/pbs/v1/setuid?bidder=amx&uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&gdpr=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---

chrome.exe

Remote address:

185.89.208.11:443

Request

GET /pbs/v1/setuid?bidder=amx&uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&gdpr=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1--- HTTP/1.1
Host: prebid.adnxs.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: image
Referer: https://sync.a-mo.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9
Cookie: uuid2=1804086296972189491; XANDR_PANID=FVM10rF90SRrDaecVksYWwYzlMT6PSnKQ7GbGN_Mw53PKf4xDurj192U5WZyHHtQKhIxyRqGyVOYVrKFtN0elp2AnGMC6wUrO7XgdvIeedQ.; receive-cookie-deprecation=1

Response

HTTP/1.1 200 OK

Server: nginx/1.25.1
Date: Sun, 13 Oct 2024 10:09:53 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Pragma: no-cache
Set-Cookie: uids=eyJ0ZW1wVUlEcyI6eyJhZG54cyI6eyJ1aWQiOiIxODA0MDg2Mjk2OTcyMTg5NDkxIiwiZXhwaXJlcyI6IjIwMjQtMTAtMjdUMTA6MDk6NTMuNTgyNDUxMzA5WiJ9LCJhbXgiOnsidWlkIjoiNzVkMmQxMGMtNTBkNC00OWQ4LTlmYjAtNzBlZGFmMzM5OGI4IiwiZXhwaXJlcyI6IjIwMjQtMTAtMjdUMTA6MDk6NTMuNTgyNTAwMVoifX19; Path=/; Domain=adnxs.com; Expires=Sat, 11 Jan 2025 10:09:53 GMT; Secure; SameSite=None
Vary: Origin
GET

https://ow.pubmatic.com/setuid?bidder=amx&uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&gdpr=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---

chrome.exe

Remote address:

185.64.190.84:443

Request

GET /setuid?bidder=amx&uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&gdpr=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1--- HTTP/2.0
host: ow.pubmatic.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://sync.a-mo.net/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: KTPCACOOKIE=YES
cookie: SyncRTB4=1729987200%3A220
cookie: KADUSERCOOKIE=C20D49AD-A6E1-4704-8E6C-C419F2D16BFD
cookie: KRTBCOOKIE_80=22987-CAESEKPKjEunpJrgEhZYwXiHSJw&KRTB&16514-CAESEKPKjEunpJrgEhZYwXiHSJw&KRTB&23025-CAESEKPKjEunpJrgEhZYwXiHSJw&KRTB&23386-CAESEKPKjEunpJrgEhZYwXiHSJw
cookie: PugT=1728814193
cookie: pi=158355:3
cookie: chkChromeAb67Sec=2
cookie: SPugT=1728814192

Response

HTTP/2.0 200

content-length: 0
content-type: text/html
set-cookie: uids=eyJ0ZW1wVUlEcyI6eyJhbXgiOnsidWlkIjoiNzVkMmQxMGMtNTBkNC00OWQ4LTlmYjAtNzBlZGFmMzM5OGI4IiwiZXhwaXJlcyI6IjIwMjQtMTAtMjdUMTA6MDk6NTMuNTYyODQ1Mzk0WiJ9fX0=; Path=/; Domain=ow.pubmatic.com; Expires=Sat, 11 Jan 2025 10:09:53 GMT; Secure; SameSite=None
date: Sun, 13 Oct 2024 10:09:53 GMT
POST

https://id.rtb.mx/rum?uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&d=1728814192719

chrome.exe

Remote address:

79.127.216.47:443

Request

POST /rum?uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&d=1728814192719 HTTP/1.1
Host: id.rtb.mx
Connection: keep-alive
Content-Length: 92
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://sync.a-mo.net
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: empty
Referer: https://sync.a-mo.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

date: Sun, 13 Oct 2024 12:09:53 +0200
access-control-allow-credentials: true
access-control-allow-origin: https://sync.a-mo.net
DNS

148.156.173.69.in-addr.arpa

Remote address:

8.8.8.8:53

Request

148.156.173.69.in-addr.arpa

IN PTR

Response
DNS

c-ring.msedge.net

Remote address:

8.8.8.8:53

Request

c-ring.msedge.net

IN A

Response

c-ring.msedge.net

IN CNAME

c-ring.c-9999.c-msedge.net

c-ring.c-9999.c-msedge.net

IN CNAME

c-9999.c-msedge.net

c-9999.c-msedge.net

IN A

13.107.4.254
DNS

254.73.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

254.73.171.150.in-addr.arpa

IN PTR

Response
DNS

122.10.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

122.10.44.20.in-addr.arpa

IN PTR

Response
DNS

122.10.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

122.10.44.20.in-addr.arpa

IN PTR

Response
DNS

46.227.127.79.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.227.127.79.in-addr.arpa

IN PTR

Response

46.227.127.79.in-addr.arpa

IN PTR

unn-79-127-227-46 datapacketcom
DNS

84.190.64.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

84.190.64.185.in-addr.arpa

IN PTR

Response
DNS

254.226.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

254.226.107.13.in-addr.arpa

IN PTR

Response
DNS

login.live.com

Remote address:

8.8.8.8:53

Request

login.live.com

IN A

Response

login.live.com

IN CNAME

login.msa.msidentity.com

login.msa.msidentity.com

IN CNAME

www.tm.lg.prod.aadmsa.trafficmanager.net

www.tm.lg.prod.aadmsa.trafficmanager.net

IN CNAME

prdv4a.aadg.msidentity.com

prdv4a.aadg.msidentity.com

IN CNAME

www.tm.v4.a.prd.aadg.trafficmanager.net

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.159.68

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.159.0

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.159.2

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.159.4

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.159.71

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.159.64

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.31.67

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.31.69
DNS

login.live.com

Remote address:

8.8.8.8:53

Request

login.live.com

IN A

Response

login.live.com

IN CNAME

login.msa.msidentity.com

login.msa.msidentity.com

IN CNAME

www.tm.lg.prod.aadmsa.trafficmanager.net

www.tm.lg.prod.aadmsa.trafficmanager.net

IN CNAME

prdv4a.aadg.msidentity.com

prdv4a.aadg.msidentity.com

IN CNAME

www.tm.v4.a.prd.aadg.trafficmanager.net

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.32.68

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.32.133

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.32.72

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.160.20

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.32.76

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.160.22

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.160.17

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.160.14
DNS

248.241.214.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

248.241.214.35.in-addr.arpa

IN PTR

Response

248.241.214.35.in-addr.arpa

IN PTR

24824121435bcgoogleusercontentcom
DNS

ev2-ring.msedge.net

Remote address:

8.8.8.8:53

Request

ev2-ring.msedge.net

IN A

Response

ev2-ring.msedge.net

IN CNAME

Ev2-ring.Ev2-9999.Ev2-msedge.net

Ev2-ring.Ev2-9999.Ev2-msedge.net

IN CNAME

Ev2-9999.Ev2-msedge.net

Ev2-9999.Ev2-msedge.net

IN A

150.171.64.254

Ev2-9999.Ev2-msedge.net

IN A

150.171.31.254
DNS

ev2-ring.msedge.net

Remote address:

8.8.8.8:53

Request

ev2-ring.msedge.net

IN A

Response

ev2-ring.msedge.net

IN CNAME

Ev2-ring.Ev2-9999.Ev2-msedge.net

Ev2-ring.Ev2-9999.Ev2-msedge.net

IN CNAME

Ev2-9999.Ev2-msedge.net

Ev2-9999.Ev2-msedge.net

IN A

150.171.31.254

Ev2-9999.Ev2-msedge.net

IN A

150.171.64.254
DNS

83.236.48.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

83.236.48.52.in-addr.arpa

IN PTR

Response

83.236.48.52.in-addr.arpa

IN PTR

ec2-52-48-236-83 eu-west-1compute amazonawscom
DNS

83.236.48.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

83.236.48.52.in-addr.arpa

IN PTR

Response

83.236.48.52.in-addr.arpa

IN PTR

ec2-52-48-236-83 eu-west-1compute amazonawscom
DNS

171.68.255.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.68.255.51.in-addr.arpa

IN PTR

Response

171.68.255.51.in-addr.arpa

IN PTR

ns3028611ip-51-255-68eu
DNS

arc-ring.msedge.net

Remote address:

8.8.8.8:53

Request

arc-ring.msedge.net

IN A

Response

arc-ring.msedge.net

IN CNAME

arc-ring.arc-9999.arc-msedge.net

arc-ring.arc-9999.arc-msedge.net

IN CNAME

arc-9999.arc-msedge.net

arc-9999.arc-msedge.net

IN A

172.202.65.254

arc-9999.arc-msedge.net

IN A

172.202.64.254
DNS

arc-ring.msedge.net

Remote address:

8.8.8.8:53

Request

arc-ring.msedge.net

IN A

Response

arc-ring.msedge.net

IN CNAME

arc-ring.arc-9999.arc-msedge.net

arc-ring.arc-9999.arc-msedge.net

IN CNAME

arc-9999.arc-msedge.net

arc-9999.arc-msedge.net

IN A

172.202.65.254

arc-9999.arc-msedge.net

IN A

172.202.64.254
DNS

197.189.42.188.in-addr.arpa

Remote address:

8.8.8.8:53

Request

197.189.42.188.in-addr.arpa

IN PTR

Response
DNS

t-ring-fallback-s2.msedge.net

Remote address:

8.8.8.8:53

Request

t-ring-fallback-s2.msedge.net

IN A

Response

t-ring-fallback-s2.msedge.net

IN CNAME

t-ring.s-part2-t-9999.fb-t-msedge.net

t-ring.s-part2-t-9999.fb-t-msedge.net

IN CNAME

s-part2-t-9999.fb-t-msedge.net

s-part2-t-9999.fb-t-msedge.net

IN A

13.107.226.254
DNS

254.64.171.150.in-addr.arpa

Remote address:

8.8.8.8:53

Request

254.64.171.150.in-addr.arpa

IN PTR

Response
DNS

g.live.com

Remote address:

8.8.8.8:53

Request

g.live.com

IN A

Response

g.live.com

IN CNAME

g.msn.com

g.msn.com

IN CNAME

g-msn-com-nsatc.trafficmanager.net

g-msn-com-nsatc.trafficmanager.net

IN A

13.74.129.92
DNS

21.197.219.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.197.219.23.in-addr.arpa

IN PTR

Response

21.197.219.23.in-addr.arpa

IN PTR

a23-219-197-21deploystaticakamaitechnologiescom
DNS

login.live.com

Remote address:

8.8.8.8:53

Request

login.live.com

IN A

Response

login.live.com

IN CNAME

login.msa.msidentity.com

login.msa.msidentity.com

IN CNAME

www.tm.lg.prod.aadmsa.akadns.net

www.tm.lg.prod.aadmsa.akadns.net

IN CNAME

prdv4a.aadg.msidentity.com

prdv4a.aadg.msidentity.com

IN CNAME

www.tm.v4.a.prd.aadg.trafficmanager.net

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.32.74

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.32.133

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.160.20

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.160.17

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

20.190.160.14

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.32.136

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.32.138

www.tm.v4.a.prd.aadg.trafficmanager.net

IN A

40.126.32.68
DNS

login.live.com

Remote address:

8.8.8.8:53

Request

login.live.com

IN A

Response

login.live.com

IN CNAME

login.msa.msidentity.com

login.msa.msidentity.com

IN CNAME

www.tm.lg.prod.aadmsa.akadns.net

www.tm.lg.prod.aadmsa.akadns.net

IN CNAME

prdv4a.aadg.msidentity.com

prdv4a.aadg.msidentity.com

IN CNAME

www.tm.v4.a.prd.aadg.akadns.net

www.tm.v4.a.prd.aadg.akadns.net

IN A

40.126.32.134

www.tm.v4.a.prd.aadg.akadns.net

IN A

40.126.32.72

www.tm.v4.a.prd.aadg.akadns.net

IN A

40.126.32.74

www.tm.v4.a.prd.aadg.akadns.net

IN A

20.190.160.22

www.tm.v4.a.prd.aadg.akadns.net

IN A

40.126.32.68

www.tm.v4.a.prd.aadg.akadns.net

IN A

40.126.32.140

www.tm.v4.a.prd.aadg.akadns.net

IN A

20.190.160.20

www.tm.v4.a.prd.aadg.akadns.net

IN A

40.126.32.76
DNS

210.191.64.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.191.64.185.in-addr.arpa

IN PTR

Response
DNS

bx-ring.msedge.net

Remote address:

8.8.8.8:53

Request

bx-ring.msedge.net

IN A

Response

bx-ring.msedge.net

IN CNAME

bx-ring.bx-9999.bx-msedge.net

bx-ring.bx-9999.bx-msedge.net

IN CNAME

bx-9999.bx-msedge.net

bx-9999.bx-msedge.net

IN A

150.171.73.254

bx-9999.bx-msedge.net

IN A

150.171.74.254
DNS

18.70.101.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.70.101.40.in-addr.arpa

IN PTR

Response
DNS

oneclient.sfx.ms

Remote address:

8.8.8.8:53

Request

oneclient.sfx.ms

IN A

Response

oneclient.sfx.ms

IN CNAME

oneclient.sfx.ms.edgekey.net

oneclient.sfx.ms.edgekey.net

IN CNAME

e9659.dspg.akamaiedge.net

e9659.dspg.akamaiedge.net

IN A

23.219.197.21
DNS

config.teams.microsoft.com

Remote address:

8.8.8.8:53

Request

config.teams.microsoft.com

IN A

Response

config.teams.microsoft.com

IN CNAME

config.teams.trafficmanager.net

config.teams.trafficmanager.net

IN CNAME

s-0005-teams.config.skype.com

s-0005-teams.config.skype.com

IN CNAME

config-teams.s-0005.s-msedge.net

config-teams.s-0005.s-msedge.net

IN CNAME

s-0005.s-msedge.net

s-0005.s-msedge.net

IN A

52.113.194.132
DNS

74.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.32.126.40.in-addr.arpa

IN PTR

Response
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.27.10

ax-0001.ax-msedge.net

IN A

150.171.28.10
DNS

20.127.47.198.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.127.47.198.in-addr.arpa

IN PTR

Response
DNS

254.65.202.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

254.65.202.172.in-addr.arpa

IN PTR

Response
DNS

browser.pipe.aria.microsoft.com

Remote address:

8.8.8.8:53

Request

browser.pipe.aria.microsoft.com

IN A

Response

browser.pipe.aria.microsoft.com

IN CNAME

browser.events.data.trafficmanager.net

browser.events.data.trafficmanager.net

IN CNAME

onedscolprdcus02.centralus.cloudapp.azure.com

onedscolprdcus02.centralus.cloudapp.azure.com

IN A

20.44.10.122
DNS

browser.pipe.aria.microsoft.com

Remote address:

8.8.8.8:53

Request

browser.pipe.aria.microsoft.com

IN A

Response

browser.pipe.aria.microsoft.com

IN CNAME

browser.events.data.trafficmanager.net

browser.events.data.trafficmanager.net

IN CNAME

onedscolprdcus02.centralus.cloudapp.azure.com

onedscolprdcus02.centralus.cloudapp.azure.com

IN A

20.44.10.122
POST

https://b.clarity.ms/collect

chrome.exe

Remote address:

4.153.129.168:443

Request

POST /collect HTTP/1.1
Host: b.clarity.ms
Connection: keep-alive
Content-Length: 951
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/x-clarity-gzip
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: https://www.ldplayer.net
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Sun, 13 Oct 2024 10:10:04 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.ldplayer.net
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
POST

https://b.clarity.ms/collect

chrome.exe

Remote address:

4.153.129.168:443

Request

POST /collect HTTP/1.1
Host: b.clarity.ms
Connection: keep-alive
Content-Length: 285
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/x-clarity-gzip
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: https://www.ldplayer.net
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Sun, 13 Oct 2024 10:10:11 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.ldplayer.net
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
POST

https://b.clarity.ms/collect

chrome.exe

Remote address:

4.153.129.168:443

Request

POST /collect HTTP/1.1
Host: b.clarity.ms
Connection: keep-alive
Content-Length: 143
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept: application/x-clarity-gzip
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: https://www.ldplayer.net
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Sun, 13 Oct 2024 10:10:28 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.ldplayer.net
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
POST

https://b.clarity.ms/collect

chrome.exe

Remote address:

4.153.129.168:443

Request

POST /collect HTTP/1.1
Host: b.clarity.ms
Connection: keep-alive
Content-Length: 989
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Accept: */*
Origin: https://www.ldplayer.net
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: empty
Referer: https://www.ldplayer.net/
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.9

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Sun, 13 Oct 2024 10:10:34 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.ldplayer.net
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
GET

https://c0f488aa5dced54740a0f1891a1b6ede.nrb.footprintdns.com/apc/trans.gif?6dd432eb2f1206713c53b0191d9bedc5

Remote address:

40.101.70.18:443

Request

GET /apc/trans.gif?6dd432eb2f1206713c53b0191d9bedc5 HTTP/2.0
host: c0f488aa5dced54740a0f1891a1b6ede.nrb.footprintdns.com
referer: https://www.bing.com/WS/Init
accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
accept-language: en-US
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.17.1.21325; 10.0.0.0.22000.493) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: image/gif
expires: -1
accept-ranges: bytes
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
access-control-allow-origin: *
access-control-expose-headers: X-UserHostAddress, X-EndPoint, X-FrontEnd, X-MachineName
x-frontend: cafe
x-machinename: VI1PR0502CA0013
x-endpoint: VIE
x-userhostaddress: 138.199.29.0
x-powered-by: ASP.NET
date: Sun, 13 Oct 2024 10:10:39 GMT
content-length: 43
GET

https://c0f488aa5dced54740a0f1891a1b6ede.nrb.footprintdns.com/apc/trans.gif?7dc5bc75523039593643ded5033d602b

Remote address:

40.101.70.18:443

Request

GET /apc/trans.gif?7dc5bc75523039593643ded5033d602b HTTP/2.0
host: c0f488aa5dced54740a0f1891a1b6ede.nrb.footprintdns.com
referer: https://www.bing.com/WS/Init
accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
accept-language: en-US
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.17.1.21325; 10.0.0.0.22000.493) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22000

Response

HTTP/2.0 200

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: image/gif
expires: -1
accept-ranges: bytes
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
access-control-allow-origin: *
access-control-expose-headers: X-UserHostAddress, X-EndPoint, X-FrontEnd, X-MachineName
x-frontend: cafe
x-machinename: VI1PR0502CA0013
x-endpoint: VIE
x-userhostaddress: 138.199.29.0
x-powered-by: ASP.NET
date: Sun, 13 Oct 2024 10:10:39 GMT
content-length: 43
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

arc.msn.com

Remote address:

8.8.8.8:53

Request

arc.msn.com

IN A

Response

arc.msn.com

IN CNAME

arc.trafficmanager.net

arc.trafficmanager.net

IN CNAME

iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com

iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com

IN A

20.103.156.88
DNS

54.120.234.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

54.120.234.20.in-addr.arpa

IN PTR

Response
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response

142.250.200.36:443

www.google.com

tls

chrome.exe

1.0kB
4.6kB
8
9
216.58.201.110:443

play.google.com

tls, http2

chrome.exe

1.0kB
7.6kB
10
10
172.217.169.78:443

clients2.google.com

tls, http2

chrome.exe

1.1kB
8.1kB
10
10
216.239.34.157:443

tunnel.googlezip.net

tls, http2

chrome.exe

3.6kB
30.9kB
27
36

HTTP Request

CONNECT

HTTP Response

200
142.250.180.10:443

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQlL1An4iaKj4hIFDUqFnlIhoEC7x3ryJrM=?alt=proto

tls, http2

chrome.exe

3.3kB
8.3kB
29
33

HTTP Request

OPTIONS https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

HTTP Request

POST https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQlL1An4iaKj4hIFDUqFnlIhoEC7x3ryJrM=?alt=proto

HTTP Response

200
216.239.34.157:443

tunnel.googlezip.net

tls, http2

chrome.exe

3.4kB
12.5kB
22
24

HTTP Request

CONNECT

HTTP Response

200
216.58.201.110:443

https://play.google.com/log?format=json&hasfast=true

tls, http2

chrome.exe

6.7kB
11.8kB
33
38

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true

HTTP Request

POST https://consent.google.com/save?continue=https://www.google.com/search?q%3DGta%2BJv%2Bfitgirl%2Brepack%26oq%3DGta%2BJv%2Bfitgirl%2Brepack%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCjI2MjM3ajBqMTWoAgCwAgA%26sourceid%3Dchrome%26ie%3DUTF-8&gl=UK&m=0&pc=srp&x=5&src=2&hl=en&bl=gws_20241009-0_RC1&uxe=none&cm=2&set_eom=false&set_aps=true&set_sc=true

HTTP Request

POST https://play.google.com/log?format=json&hasfast=true
190.115.31.179:443

https://fitgirl-repacks.site/wp-content/plugins/shortcodes-ultimate/vendor/fork-awesome/fonts/forkawesome-webfont.woff2?v=1.2.0

tls, http2

chrome.exe

20.4kB
447.7kB
310
363

HTTP Request

GET https://fitgirl-repacks.site/wp-content/plugins/jetpack/modules/theme-tools/compat/twentyfourteen.css?ver=13.3

HTTP Request

GET https://fitgirl-repacks.site/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17

HTTP Request

GET https://fitgirl-repacks.site/wp-content/plugins/wp-polls/polls-css.css?ver=2.77.2

HTTP Request

GET https://fitgirl-repacks.site/wp-includes/css/dist/block-library/style.min.css?ver=6.4.1

HTTP Request

GET https://fitgirl-repacks.site/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.4.1

HTTP Request

GET https://fitgirl-repacks.site/wp-content/themes/twentyfourteen/css/blocks.css?ver=20230630

HTTP Request

GET https://fitgirl-repacks.site/wp-content/themes/twentyfourteen/style.css?ver=20230808

HTTP Request

GET https://fitgirl-repacks.site/wp-content/plugins/jetpack/_inc/genericons/genericons/genericons.css?ver=3.1

HTTP Request

GET https://fitgirl-repacks.site/wp-content/themes/twentyfourteen/fonts/font-lato.css?ver=20230328

HTTP Request

GET https://fitgirl-repacks.site/wp-content/plugins/wp-latest-posts/css/wplp_front.css?ver=5.0.5

HTTP Request

GET https://fitgirl-repacks.site/wp-content/plugins/jetpack/css/jetpack.css?ver=13.3

HTTP Request

GET https://fitgirl-repacks.site/wp-includes/js/masonry.min.js?ver=4.2.2

HTTP Request

GET https://fitgirl-repacks.site/wp-includes/js/imagesloaded.min.js?ver=5.0.0

HTTP Request

GET https://fitgirl-repacks.site/wp-content/plugins/wp-polls/polls-js.js?ver=2.77.2

HTTP Request

GET https://fitgirl-repacks.site/wp-content/plugins/social-polls-by-opinionstage/public/js/shortcodes.js?ver=19.8.18

HTTP Request

GET https://fitgirl-repacks.site/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

HTTP Request

GET https://fitgirl-repacks.site/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

HTTP Request

GET https://fitgirl-repacks.site/wp-content/themes/twentyfourteen/js/functions.js?ver=20230526

HTTP Request

GET https://fitgirl-repacks.site/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://fitgirl-repacks.site/wp-content/themes/twentyfourteen/fonts/font-lato.css?ver=20230328

HTTP Request

GET https://fitgirl-repacks.site/wp-content/plugins/wp-latest-posts/css/wplp_front.css?ver=5.0.5

HTTP Request

GET https://fitgirl-repacks.site/wp-content/plugins/jetpack/css/jetpack.css?ver=13.3

HTTP Request

GET https://fitgirl-repacks.site/wp-content/plugins/social-polls-by-opinionstage/public/js/shortcodes.js?ver=19.8.18

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://fitgirl-repacks.site/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

HTTP Request

GET https://fitgirl-repacks.site/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

HTTP Request

GET https://fitgirl-repacks.site/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2b

HTTP Request

GET https://fitgirl-repacks.site/wp-includes/js/masonry.min.js?ver=4.2.2

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://fitgirl-repacks.site/wp-content/plugins/wp-polls/polls-js.js?ver=2.77.2

HTTP Request

GET https://fitgirl-repacks.site/wp-content/themes/twentyfourteen/js/functions.js?ver=20230526

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://fitgirl-repacks.site/wp-includes/js/imagesloaded.min.js?ver=5.0.0

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://fitgirl-repacks.site/wp-content/themes/twentyfourteen/fonts/lato/lato-latin-400-normal.woff2?ver=23

HTTP Request

GET https://fitgirl-repacks.site/wp-content/themes/twentyfourteen/fonts/lato/lato-latin-700-normal.woff2?ver=23

HTTP Request

GET https://fitgirl-repacks.site/wp-content/themes/twentyfourteen/fonts/lato/lato-latin-900-normal.woff2?ver=23

HTTP Request

GET https://fitgirl-repacks.site/wp-content/themes/twentyfourteen/fonts/lato/lato-latin-300-normal.woff2?ver=23

HTTP Request

GET https://fitgirl-repacks.site/wp-includes/js/wp-emoji-release.min.js?ver=6.4.1

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://fitgirl-repacks.site/wp-content/uploads/2016/08/cropped-icon-32x32.jpg

HTTP Response

200

HTTP Request

GET https://fitgirl-repacks.site/grand-theft-auto-v/

HTTP Response

200

HTTP Request

GET https://fitgirl-repacks.site/wp-content/plugins/shortcodes-ultimate/includes/css/icons.css?ver=1.1.5

HTTP Request

GET https://fitgirl-repacks.site/wp-content/plugins/shortcodes-ultimate/includes/css/shortcodes.css?ver=5.13.2

HTTP Request

GET https://fitgirl-repacks.site/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.23

HTTP Request

GET https://fitgirl-repacks.site/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.23

HTTP Request

GET https://fitgirl-repacks.site/wp-content/plugins/shortcodes-ultimate/includes/js/shortcodes/index.js?ver=5.13.2

HTTP Request

GET https://fitgirl-repacks.site/wp-content/uploads/2016/08/cropped-icon-192x192.jpg

HTTP Request

GET https://fitgirl-repacks.site/wp-includes/js/comment-reply.min.js?ver=6.4.1

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://fitgirl-repacks.site/wp-content/uploads/2022/08/paw.png

HTTP Response

200

HTTP Request

GET https://fitgirl-repacks.site/wp-content/uploads/2024/05/support2.jpg

HTTP Response

200

HTTP Request

GET https://fitgirl-repacks.site/wp-content/plugins/shortcodes-ultimate/vendor/fork-awesome/fonts/forkawesome-webfont.woff2?v=1.2.0

HTTP Response

200
190.115.31.179:443

fitgirl-repacks.site

tls

chrome.exe

880 B
3.4kB
6
5
190.115.31.179:443

fitgirl-repacks.site

tls

chrome.exe

972 B
3.4kB
8
6
190.115.31.179:443

fitgirl-repacks.site

tls

chrome.exe

908 B
3.4kB
8
6
190.115.31.179:443

fitgirl-repacks.site

tls

chrome.exe

862 B
3.4kB
7
5
190.115.31.179:443

fitgirl-repacks.site

tls

chrome.exe

1.0kB
4.2kB
9
10
192.0.76.3:443

https://pixel.wp.com/g.gif?v=ext&blog=114849652&post=39712&tz=3&srv=fitgirl-repacks.site&j=1%3A13.3&host=fitgirl-repacks.site&ref=https%3A%2F%2Fwww.google.com%2F&fcp=358&rand=0.9935011378308793

tls, http2

chrome.exe

2.1kB
8.5kB
17
19

HTTP Request

GET https://stats.wp.com/e-202441.js

HTTP Response

200

HTTP Request

GET https://pixel.wp.com/g.gif?v=ext&blog=114849652&post=39712&tz=3&srv=fitgirl-repacks.site&j=1%3A13.3&host=fitgirl-repacks.site&ref=https%3A%2F%2Fwww.google.com%2F&fcp=358&rand=0.9935011378308793

HTTP Response

200
216.58.201.110:443

www.youtube.com

tls, http2

chrome.exe

1.0kB
8.1kB
9
9
216.58.201.110:443

https://www.youtube.com/s/player/2f238d39/player_ias.vflset/en_US/base.js

tls, http2

chrome.exe

22.3kB
931.7kB
437
683

HTTP Request

GET https://www.youtube.com/embed/72QAAOaYW2M

HTTP Request

GET https://www.youtube.com/embed/IFzUTKsrbN8

HTTP Request

GET https://www.youtube.com/s/player/2f238d39/www-player.css

HTTP Request

GET https://www.youtube.com/s/player/2f238d39/player_ias.vflset/en_US/embed.js

HTTP Request

GET https://www.youtube.com/s/player/2f238d39/www-embed-player.vflset/www-embed-player.js

HTTP Request

GET https://www.youtube.com/s/player/2f238d39/player_ias.vflset/en_US/base.js
192.0.77.2:443

i0.wp.com

tls, http2

chrome.exe

1.0kB
4.7kB
10
9
192.0.77.2:443

i0.wp.com

tls, http2

chrome.exe

1.0kB
4.7kB
10
9
192.0.77.2:443

i0.wp.com

tls, http2

chrome.exe

1.1kB
4.7kB
10
9
192.0.77.2:443

i0.wp.com

tls, http2

chrome.exe

1.0kB
4.7kB
10
9
192.0.77.2:443

https://i0.wp.com/i6.imageban.ru/out/2021/07/24/5f381c0c99c71ee16502b98810cd5849.jpg?resize=150%2C200&ssl=1

tls, http2

chrome.exe

13.5kB
328.4kB
174
262

HTTP Request

GET https://i0.wp.com/i3.imageban.ru/out/2021/12/31/7b4fae0cb0a8fa800bc02c17c9b6af9b.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i2.imageban.ru/out/2024/06/03/2b13314daa31cca45608fc36d2555e2f.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i5.imageban.ru/out/2024/05/17/56aa0795604d3a6b18c024348242b6ea.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i8.imageban.ru/out/2024/08/11/d63aaab946e2f5cd9a65f8451e34d0e4.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i1.imageban.ru/out/2024/09/06/f504dcecdac8895290010f95753649c1.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i8.imageban.ru/out/2024/09/20/043b8d101c3d6fb833cd8494b35e7908.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i2.imageban.ru/out/2024/09/14/55b1d23f63d017f497c49202fa28e91c.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i1.imageban.ru/out/2024/05/02/5b8d83058def6c33d3c5b3e7ae36fd4b.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i2.imageban.ru/out/2024/10/08/f5477f15f897fb915060d05d88739ca4.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i8.imageban.ru/out/2024/08/31/c5e7f3da5e9669c3e3efba74c49a6d75.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i8.imageban.ru/out/2024/08/18/bb923f6395e42ef1f81f1cfeb2e7bcc7.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i8.imageban.ru/out/2024/10/06/a1ab5724ef423200b7ca145546f744c4.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i4.imageban.ru/out/2023/03/29/85b51d35b80313e95e7973d26df91f7f.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i5.imageban.ru/out/2024/09/17/a9dde93480894b636f4bfb9e66c04e9f.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i3.imageban.ru/out/2024/07/27/63176e78b32c902a50d7f15158693c4e.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i6.imageban.ru/out/2022/01/15/71bb09a01cff9396536b4c8d93d91875.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i6.imageban.ru/out/2022/08/13/d8a6e759722f3c703990dcf3765d400b.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i5.imageban.ru/out/2021/11/13/4e9836b6111a572bef2f43048c7ef4c6.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i1.imageban.ru/out/2023/12/07/4045364e148cf4383f193e18b5bf405c.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i2.imageban.ru/out/2024/09/17/646bbc6158e4742486697d39675939a6.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i103.fastpic.ru/big/2018/0208/eb/a9e816fbc22b6c0c320c504123284eeb.jpg?resize=150%2C200

HTTP Request

GET https://i0.wp.com/i6.imageban.ru/out/2024/06/15/035bb0413020b49880df47fc907d42ed.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i3.imageban.ru/out/2024/06/21/532a2f7805dda1edb2200207e937e43e.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i2.imageban.ru/out/2024/08/23/3ac74578c33953d2cd9d942d2d1cc0b1.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i2.imageban.ru/out/2024/05/19/e2809fa2c1c9f8c0e66879b9a601ec7b.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i3.imageban.ru/out/2023/08/29/2e754a09cb851dd304ce48c11b29b37e.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i4.imageban.ru/out/2023/09/16/15e1aa86d3bc7e2371493d83acb6b79f.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i1.imageban.ru/out/2024/08/31/5a982b0c46804e6883a749bdc52a511c.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i5.imageban.ru/out/2024/10/05/1c8d50dba4ccc56758e9e923f71c63ab.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i2.imageban.ru/out/2024/04/01/b999979347fdc64b8bfae2645d4001bc.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i7.imageban.ru/out/2024/10/05/66674de690b25b54a7f655c6d8c461a4.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i8.imageban.ru/out/2024/09/02/4dc4a4dee749797b293b18f2696265d6.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i2.imageban.ru/out/2022/11/19/5137d60a42b27845a34bdc11ea4cc57d.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i8.imageban.ru/out/2024/09/25/b035e4a1c20c8b24180d8842fecfe025.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i7.imageban.ru/out/2022/07/19/8a3e1174ec1553cedc0048c3c6f46f40.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i4.imageban.ru/out/2024/10/01/c2996eb175b34064090303fcd1455c33.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i111.fastpic.ru/big/2020/0508/0b/39046d129a1fba44c2ad892ffc58fc0b.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i65.fastpic.ru/big/2014/1231/64/a628e97829ee7132c7d809afc5ca7f64.jpg?resize=150%2C200

HTTP Request

GET https://i0.wp.com/i4.imageban.ru/out/2022/10/20/901d5b6538563a6754a7231afa16e2c5.jpg?resize=150%2C200&ssl=1

HTTP Request

GET https://i0.wp.com/i6.imageban.ru/out/2021/07/24/5f381c0c99c71ee16502b98810cd5849.jpg?resize=150%2C200&ssl=1

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
192.0.77.2:443

i0.wp.com

tls, http2

chrome.exe

1.0kB
4.7kB
10
9
142.250.200.54:443

https://i.ytimg.com/vi/IFzUTKsrbN8/default.jpg?sqp=-oaymwEkCHgQWvKriqkDGvABAfgB_gGAApABigIMCAAQARhhIGEoYTAP&rs=AOn4CLAgzNbaDuCFsM9n3f8B1dRnj7GEzQ

tls, http2

chrome.exe

2.5kB
12.3kB
23
25

HTTP Request

GET https://i.ytimg.com/vi/72QAAOaYW2M/default.jpg?sqp=-oaymwEkCHgQWvKriqkDGvABAfgB_gmAAtAFigIMCAAQARh_IBUoGzAP&rs=AOn4CLDXDo-jUBq-FzNmiCxwEhMDbNsX6A

HTTP Request

GET https://i.ytimg.com/vi/IFzUTKsrbN8/default.jpg?sqp=-oaymwEkCHgQWvKriqkDGvABAfgB_gGAApABigIMCAAQARhhIGEoYTAP&rs=AOn4CLAgzNbaDuCFsM9n3f8B1dRnj7GEzQ
216.58.213.2:443

https://googleads.g.doubleclick.net/pagead/id

tls, http2

chrome.exe

2.2kB
7.3kB
21
24

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id
142.250.179.230:443

https://static.doubleclick.net/instream/ad_status.js

tls, http2

chrome.exe

2.0kB
6.8kB
18
16

HTTP Request

GET https://static.doubleclick.net/instream/ad_status.js
142.250.200.36:443

https://www.google.com/js/th/Kwl4UTqRlZdwo60dxzGVsyg_CEkasAzkebPPx38d0Do.js

tls, http2

chrome.exe

2.8kB
28.4kB
32
31

HTTP Request

GET https://www.google.com/js/th/Kwl4UTqRlZdwo60dxzGVsyg_CEkasAzkebPPx38d0Do.js
172.217.169.74:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

tls, http2

chrome.exe

5.0kB
98.7kB
72
90

HTTP Request

OPTIONS https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.178.1:443

https://yt3.ggpht.com/ytc/AIdro_l4TIE1e3yWr6msQyZDCzFSBw1sdAkOIucOSp41f7s=s68-c-k-c0x00ffffff-no-rj

tls, http2

chrome.exe

2.4kB
14.7kB
23
24

HTTP Request

GET https://yt3.ggpht.com/ytc/AIdro_mYWVrTrMSWqq5fO57xoq5-Du6mnZ07xDF7IUiPC97zthw=s68-c-k-c0x00ffffff-no-rj

HTTP Request

GET https://yt3.ggpht.com/ytc/AIdro_l4TIE1e3yWr6msQyZDCzFSBw1sdAkOIucOSp41f7s=s68-c-k-c0x00ffffff-no-rj
216.58.201.110:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

chrome.exe

2.4kB
8.7kB
22
22

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
216.58.201.110:443

play.google.com

tls

chrome.exe

1.1kB
6.9kB
10
8
87.98.254.167:443

https://torrent-stats.info/bdc0/3ef5b9780.png

tls, http

chrome.exe

2.1kB
19.3kB
18
23

HTTP Request

GET https://torrent-stats.info/bdc0/3ef5b9780.png

HTTP Response

200
82.146.61.17:443

https://i3.imageban.ru/out/2021/12/31/7b4fae0cb0a8fa800bc02c17c9b6af9b.jpg

tls, http2

chrome.exe

3.8kB
90.6kB
57
80

HTTP Request

GET https://i3.imageban.ru/out/2021/12/31/7b4fae0cb0a8fa800bc02c17c9b6af9b.jpg

HTTP Response

200
172.67.150.141:443

s01.riotpixels.net

tls, http2

chrome.exe

943 B
3.1kB
8
6
172.67.150.141:443

https://s01.riotpixels.net/data/1f/b1/1fb11ab8-ac47-44ad-af43-483484a05eb1.jpg.240p.jpg

tls, http2

chrome.exe

6.0kB
123.0kB
96
130

HTTP Request

GET https://s01.riotpixels.net/data/b4/6d/b46de311-57d6-4b86-ab20-25011f0c180e.jpg.240p.jpg

HTTP Request

GET https://s01.riotpixels.net/data/55/8f/558fe4dc-88a9-446c-8121-98a76177c0ea.jpg.240p.jpg

HTTP Request

GET https://s01.riotpixels.net/data/44/ae/44aeeb76-a884-48ca-a1a0-c201831d0870.jpg.240p.jpg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://s01.riotpixels.net/data/23/af/23af02af-172e-46cb-8119-031aed2061fd.jpg.240p.jpg

HTTP Request

GET https://s01.riotpixels.net/data/11/44/1144b738-44fe-4787-914b-eeaf5fdf6a63.jpg.240p.jpg

HTTP Request

GET https://s01.riotpixels.net/data/1f/b1/1fb11ab8-ac47-44ad-af43-483484a05eb1.jpg.240p.jpg

HTTP Response

200

HTTP Response

200

HTTP Response

200
172.67.150.141:443

s01.riotpixels.net

tls, http2

chrome.exe

1.0kB
3.1kB
8
6
192.0.77.48:443

https://s.w.org/images/core/emoji/14.0.0/svg/1f642.svg

tls, http2

chrome.exe

1.8kB
5.8kB
13
15

HTTP Request

GET https://s.w.org/images/core/emoji/14.0.0/svg/1f642.svg

HTTP Response

200
199.232.196.134:443

https://fitgirl-repacks-site.disqus.com/count-data.js?1=2137%20http%3A%2F%2Ffitgirl-repacks.site%2F%3Fp%3D2137

tls, http

chrome.exe

3.0kB
35.6kB
26
38

HTTP Request

GET https://fitgirl-repacks-site.disqus.com/embed.js

HTTP Response

200

HTTP Request

GET https://fitgirl-repacks-site.disqus.com/count-data.js?1=2137%20http%3A%2F%2Ffitgirl-repacks.site%2F%3Fp%3D2137

HTTP Response

200
199.232.196.134:443

https://fitgirl-repacks-site.disqus.com/count.js

tls, http

chrome.exe

1.9kB
8.2kB
15
17

HTTP Request

GET https://fitgirl-repacks-site.disqus.com/count.js

HTTP Response

200
18.239.208.63:443

https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css

tls, http2

chrome.exe

1.9kB
7.9kB
17
18

HTTP Request

GET https://c.disquscdn.com/next/embed/styles/realtime.b23ff3c36dd0169627f8e54ca1621eca.css

HTTP Response

200
151.101.64.134:443

disqus.com

tls

chrome.exe

1.0kB
6.3kB
10
12
151.101.64.134:443

https://disqus.com/api/3.0/forums/details?forum=fitgirl-repacks-site&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

tls, http

chrome.exe

5.9kB
48.5kB
33
50

HTTP Request

GET https://disqus.com/embed/comments/?base=default&f=fitgirl-repacks-site&t_i=2137%20http%3A%2F%2Ffitgirl-repacks.site%2F%3Fp%3D2137&t_u=https%3A%2F%2Ffitgirl-repacks.site%2Fgrand-theft-auto-v%2F&t_e=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20%E2%80%93%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs&t_d=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20-%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs%20-%20FitGirl%20Repacks&t_t=Grand%20Theft%20Auto%20V%20%2F%20GTA%205%20%E2%80%93%20v1.0.3095%2F1.68%20%2B%20NVE%20Platinum%20Modpack%20%2B%20Bonus%20OSTs&s_o=default

HTTP Response

200

HTTP Request

GET https://disqus.com/next/config.js

HTTP Response

200

HTTP Request

GET https://disqus.com/api/3.0/forums/details?forum=fitgirl-repacks-site&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

HTTP Response

200
18.239.208.63:443

https://c.disquscdn.com/next/embed/assets/img/sprite.ad630a07080a45451f139a7487853ff8.png

tls, http2

chrome.exe

14.3kB
565.2kB
257
425

HTTP Request

GET https://c.disquscdn.com/embedv2/latest/embedv2.js

HTTP Response

200

HTTP Request

GET https://c.disquscdn.com/next/embed/common.bundle.14814e267412506a81edfbae9e14cec1.js

HTTP Response

200

HTTP Request

GET https://c.disquscdn.com/next/embed/styles/lounge.4ea17c4c63c2f479303433492a2a08e8.css

HTTP Request

GET https://c.disquscdn.com/next/embed/lounge.bundle.af134f6a9c289b5cf867d1c96d050b4c.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4d4793ead94570e89fe80e89a75c69e2.svg

HTTP Request

GET https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif

HTTP Request

GET https://c.disquscdn.com/next/embed/assets/img/email.727e30eb9b6c1e85cb010b9c8eb04c7e.svg

HTTP Request

GET https://c.disquscdn.com/next/embed/assets/img/privacy.8c96be6b50de1c3fab838c5f050e0be5.svg

HTTP Request

GET https://c.disquscdn.com/next/embed/assets/img/warning.3bc0b4bff6c268a4ceaf404014b9be42.svg

HTTP Request

GET https://c.disquscdn.com/next/embed/assets/img/sprite.ad630a07080a45451f139a7487853ff8.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
18.239.208.63:443

https://c.disquscdn.com/next/embed/assets/img/dislike.612d8ba98928c381e4c789c1b309cda1.svg

tls, http2

chrome.exe

3.4kB
24.5kB
28
34

HTTP Request

GET https://c.disquscdn.com/next/embed/lounge.load.b040cc4fb9749f836fa39cae48953897.js

HTTP Response

200

HTTP Request

GET https://c.disquscdn.com/next/embed/assets/font/icons.79e576f9489bae308388e5b8e250aa86.woff2

HTTP Response

200

HTTP Request

GET https://c.disquscdn.com/next/embed/assets/img/follow-v2.411b1215980cdde315e43cc006cfbea6.svg

HTTP Request

GET https://c.disquscdn.com/next/embed/assets/img/like.855606fb4e3a7a6448e6c782f3f54e5a.svg

HTTP Request

GET https://c.disquscdn.com/next/embed/assets/img/dislike.612d8ba98928c381e4c789c1b309cda1.svg

HTTP Response

200

HTTP Response

200

HTTP Response

200
199.232.196.134:443

https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&integration=wordpress%203.0.23&load_time=164&event=init_embed&thread=5962527791&forum=fitgirl-repacks-site&forum_id=4952977&imp=860spcp2p5sfbo&thread_slug=grand_theft_auto_v_gta_5_v108771v136_ultra_repack_21x&user_type=anon&referrer=https%3A%2F%2Ffitgirl-repacks.site%2F&theme=next&dnt=0&tracking_enabled=0&experiment=network_default_hidden&variant=fallthrough&service=dynamic&promoted_enabled=false&max_enabled=true

tls, http

chrome.exe

3.0kB
7.0kB
16
17

HTTP Request

GET https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&integration=wordpress%203.0.23&load_time=164&event=init_embed&thread=5962527791&forum=fitgirl-repacks-site&forum_id=4952977&imp=860spcp2p5sfbo&thread_slug=grand_theft_auto_v_gta_5_v108771v136_ultra_repack_21x&user_type=anon&referrer=https%3A%2F%2Ffitgirl-repacks.site%2F&theme=next&dnt=0&tracking_enabled=0&experiment=network_default_hidden&variant=fallthrough&service=dynamic&promoted_enabled=false&max_enabled=true

HTTP Response

200
199.232.194.49:443

https://a.disquscdn.com/1728479400/images/noavatar92.png

tls, http2

chrome.exe

2.5kB
8.0kB
19
21

HTTP Request

GET https://a.disquscdn.com/1728479400/images/noavatar92.png

HTTP Response

200
52.5.112.135:443

https://realtime.services.disqus.com/ws/2/thread/5962527791?

tls, http

chrome.exe

3.2kB
9.1kB
35
57

HTTP Request

GET https://realtime.services.disqus.com/ws/2/thread/5962527791?

HTTP Response

101
190.115.31.179:443

paste.fitgirl-repacks.site

tls, http2

chrome.exe

1.1kB
4.3kB
9
11
190.115.31.179:443

https://paste.fitgirl-repacks.site/img/favicon.ico

tls, http2

chrome.exe

13.8kB
313.4kB
232
261

HTTP Request

GET https://paste.fitgirl-repacks.site/?8376284b3712a84c

HTTP Response

200

HTTP Request

GET https://paste.fitgirl-repacks.site/css/bootstrap/bootstrap-3.4.1.css

HTTP Request

GET https://paste.fitgirl-repacks.site/css/bootstrap/bootstrap-theme-3.4.1.css

HTTP Request

GET https://paste.fitgirl-repacks.site/css/bootstrap/privatebin.css?1.6.2

HTTP Request

GET https://paste.fitgirl-repacks.site/css/prettify/prettify.css?1.6.2

HTTP Request

GET https://paste.fitgirl-repacks.site/js/jquery-3.7.0.js

HTTP Request

GET https://paste.fitgirl-repacks.site/js/zlib-1.2.13-1.js

HTTP Request

GET https://paste.fitgirl-repacks.site/js/base-x-4.0.0.js

HTTP Request

GET https://paste.fitgirl-repacks.site/js/rawinflate-0.3.js

HTTP Response

200

HTTP Request

GET https://paste.fitgirl-repacks.site/js/bootstrap-3.4.1.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://paste.fitgirl-repacks.site/js/prettify.js?1.6.2

HTTP Request

GET https://paste.fitgirl-repacks.site/js/showdown-2.1.0.js

HTTP Request

GET https://paste.fitgirl-repacks.site/js/purify-3.0.6.js

HTTP Request

GET https://paste.fitgirl-repacks.site/js/legacy.js?1.6.2

HTTP Request

GET https://paste.fitgirl-repacks.site/js/privatebin.js?1.6.22

HTTP Request

GET https://paste.fitgirl-repacks.site/fakes.jpg

HTTP Request

GET https://paste.fitgirl-repacks.site/img/icon.svg

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://paste.fitgirl-repacks.site/js/zlib-1.2.13.wasm

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://paste.fitgirl-repacks.site/js/kjua-0.9.0.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://paste.fitgirl-repacks.site/css/bootstrap/fonts/glyphicons-halflings-regular.woff2

HTTP Response

200

HTTP Request

GET https://paste.fitgirl-repacks.site/?pasteid=8376284b3712a84c

HTTP Request

GET https://paste.fitgirl-repacks.site/img/favicon.ico

HTTP Response

200

HTTP Response

200
190.115.31.179:443

https://paste.fitgirl-repacks.site/manifest.json?1.6.2

tls, http2

chrome.exe

1.7kB
5.3kB
14
15

HTTP Request

GET https://paste.fitgirl-repacks.site/manifest.json?1.6.2

HTTP Response

200
172.67.72.214:443

https://fuckingfast.co/static/whysostylish.css?v=174b03882b2de16e6c9cdab7dc84e43c499ae480-dirty

tls, http2

chrome.exe

3.4kB
49.1kB
40
59

HTTP Request

GET https://fuckingfast.co/7jyte5ukfgwb

HTTP Response

200

HTTP Request

GET https://fuckingfast.co/static/bundle.js?v=174b03882b2de16e6c9cdab7dc84e43c499ae480-dirty

HTTP Request

GET https://fuckingfast.co/static/whysostylish.css?v=174b03882b2de16e6c9cdab7dc84e43c499ae480-dirty

HTTP Response

200

HTTP Response

200
172.67.72.214:443

fuckingfast.co

tls, http2

chrome.exe

960 B
3.2kB
8
6
104.16.79.73:443

https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

tls, http2

chrome.exe

2.0kB
11.1kB
20
22

HTTP Request

GET https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

HTTP Response

200
104.18.94.41:443

https://challenges.cloudflare.com/turnstile/v0/b/62ec4f065604/api.js

tls, http2

chrome.exe

2.3kB
21.0kB
25
33

HTTP Request

GET https://challenges.cloudflare.com/turnstile/v0/api.js

HTTP Response

302

HTTP Request

GET https://challenges.cloudflare.com/turnstile/v0/b/62ec4f065604/api.js

HTTP Response

200
104.21.15.162:443

senditfast.cloud

tls, http2

chrome.exe

1.0kB
3.2kB
8
6
104.21.15.162:443

https://senditfast.cloud/cdn-cgi/speculation

tls, http2

chrome.exe

2.4kB
5.3kB
18
16

HTTP Request

GET https://senditfast.cloud/file?l5xcr=BdeCo6RjhOfsFQhv8WSo&papu=cHViaWQlM0QzOSUyNmNhbXBhaWduX2lkJTNENjcwNTVjNjI0OGU2ZQ%3D%3D&sWYyIPdxBd6wdaopxVFq

HTTP Response

200

HTTP Request

GET https://senditfast.cloud/cdn-cgi/speculation

HTTP Response

200
104.21.95.242:443

https://directtransfer.cfd/requesting?pgp1X=N0SNSBmtmK4qqDVPR7Qb&title=UmVxdWVzdGVkX0ZpbGU%3D&redirect=3&Ynlpa=4zxrixwoRf5n9X6G35Wt

tls, http2

chrome.exe

2.8kB
6.7kB
24
24

HTTP Request

GET https://directtransfer.cfd/getdownload?GKDEH=3pxhppN8YVSODr15l6YK&scsewfbnfdSghg=UmVxdWVzdGVkX0ZpbGU%3D

HTTP Response

200

HTTP Request

GET https://directtransfer.cfd/cdn-cgi/speculation

HTTP Request

GET https://directtransfer.cfd/requesting?pgp1X=N0SNSBmtmK4qqDVPR7Qb&title=UmVxdWVzdGVkX0ZpbGU%3D&redirect=3&Ynlpa=4zxrixwoRf5n9X6G35Wt

HTTP Response

200

HTTP Response

200
104.21.95.242:443

directtransfer.cfd

tls, http2

chrome.exe

964 B
3.2kB
8
6
172.67.154.60:443

https://transferbox.cfd/cdn-cgi/speculation

tls, http2

chrome.exe

2.3kB
6.4kB
19
18

HTTP Request

GET https://transferbox.cfd/download?ZUSE4=thFIwXfiTloKbe9mzc5U&filehost=95ad05e960e93a6d&hXDjt=thFIwXfiTloKbe9mzc5U

HTTP Response

200

HTTP Request

GET https://transferbox.cfd/cdn-cgi/speculation

HTTP Response

200
172.67.154.60:443

transferbox.cfd

tls, http2

chrome.exe

1.0kB
3.1kB
8
6
151.101.2.137:443

https://code.jquery.com/jquery-3.6.0.min.js

tls, http2

chrome.exe

3.0kB
37.6kB
40
42

HTTP Request

GET https://code.jquery.com/jquery-3.6.0.min.js

HTTP Response

200
104.17.150.117:443

www.mediafire.com

tls

chrome.exe

1.0kB
6.2kB
9
9
104.17.150.117:443

https://static.mediafire.com/images/backgrounds/footer/social/footerIcons.png

tls, http2

chrome.exe

5.8kB
57.2kB
68
87

HTTP Request

GET https://www.mediafire.com/file/wairnw5h05fox4b/

HTTP Response

200

HTTP Request

GET https://www.mediafire.com/images/icons/svg_dark/icons_sprite.svg

HTTP Request

GET https://www.mediafire.com/images/flags_svg/usa.svg

HTTP Request

GET https://www.mediafire.com/images/icons/svg_light/icons_sprite.svg

HTTP Request

GET https://static.mediafire.com/images/filetype/file-zip-v3.png

HTTP Request

GET https://static.mediafire.com/images/icons/svg_light/twitter.svg

HTTP Request

GET https://static.mediafire.com/images/icons/svg_light/facebook.svg

HTTP Request

GET https://static.mediafire.com/images/backgrounds/header/mf_logo_full_color.svg

HTTP Request

GET https://static.mediafire.com/images/backgrounds/footer/social/footerIcons.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
104.16.79.73:443

https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

tls, http2

chrome.exe

2.2kB
11.1kB
21
21

HTTP Request

GET https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

HTTP Response

200
172.217.169.3:443

https://beacons.gcp.gvt2.com/domainreliability/upload

tls, http2

chrome.exe

3.0kB
7.3kB
26
27

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload
172.217.169.78:443

https://translate.google.com/translate_a/element.js?cb=googHeadTranslate

tls, http2

chrome.exe

3.1kB
42.4kB
38
41

HTTP Request

GET https://translate.google.com/translate_a/element.js?cb=googHeadTranslate
65.9.95.77:443

https://cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js

tls, http2

chrome.exe

2.6kB
30.4kB
32
33

HTTP Request

GET https://cdn.amplitude.com/libs/amplitude-8.5.0-min.gz.js

HTTP Response

200
172.217.169.10:443

https://translate.googleapis.com/element/log?hasfast=true&authuser=0&format=json

tls, http2

chrome.exe

5.5kB
85.1kB
61
78

HTTP Request

GET https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_GB.9iSoQ-9fZ6M.O/am=ACA/d=1/exm=el_conf/ed=1/rs=AN8SPfosAP8IfQi1K4zUYFCrrCi76lf3zA/m=el_main

HTTP Request

POST https://translate.googleapis.com/element/log?hasfast=true&authuser=0&format=json
54.203.112.84:443

https://api.amplitude.com/

tls, http2

chrome.exe

3.0kB
6.5kB
17
20

HTTP Request

POST https://api.amplitude.com/

HTTP Response

200
142.250.187.195:443

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K68XP6D85D&cid=904156927.1728813755&gtm=45je4a90v887485693za200zb6304663&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101529666~101533422~101671035~101686685&z=98405098

tls, http2

chrome.exe

2.8kB
7.2kB
25
27

HTTP Request

GET https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K68XP6D85D&cid=904156927.1728813755&gtm=45je4a90v887485693z86304663za200zb6304663&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101529666~101533422~101671035~101686685&tag_exp=101529666~101533422~101671035~101686685&z=415357052

HTTP Request

GET https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-K68XP6D85D&cid=904156927.1728813755&gtm=45je4a90v887485693za200zb6304663&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101529666~101533422~101671035~101686685&z=98405098
216.239.34.36:443

https://region1.analytics.google.com/g/collect?v=2&tid=G-K68XP6D85D&gtm=45je4a90v887485693za200zb6304663&_p=1728813754775&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101529666~101533422~101671035~101686685&cid=904156927.1728813755&ul=en-us&sr=1280x720&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1728813755&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fwairnw5h05fox4b%2F&dt=%23%E2%B1%BEe-tUp_4225-%E2%B1%A3%40%E1%B9%A9%EA%9E%A9W0r%E1%B8%8F%E1%8E%A6%E1%8E%A6%23!!&en=file_download&ep.link_id=downloadButton&ep.link_url=https%3A%2F%2Fdownload2388.mediafire.com%2Fwgvbf04a7wzgDtJ6tGtZUZqlSOlqAh_COBlaURmAoOrAm1cQQKHgg4WT8nXrOTgI6QcNtrkvh29Z-Y8DduDmmWMhDddfBqdnSBpI-r9J1wE5JFOE_FjQp7PbA87tKJwJpMD1gOaG1kKPH5bxU8Rh5nADW6RYu6QRDo5tSIN-GJ1750o%2Fwairnw5h05fox4b%2F%2523%25E2%25B1%25BEe-tUp_4225-%25E2%25B1%25A3%2540%25E1%25B9%25A9%25EA%259E%25A9W0r%25E1%25B8%258F%25E1%258E%25A6%25E1%258E%25A6%2523%2521%2521.zip&ep.link_text=Download%20(18.48MB)&ep.file_name=%2Fwgvbf04a7wzgDtJ6tGtZUZqlSOlqAh_COBlaURmAoOrAm1cQQKHgg4WT8nXrOTgI6QcNtrkvh29Z-Y8DduDmmWMhDddfBqdnSBpI-r9J1wE5JFOE_FjQp7PbA87tKJwJpMD1gOaG1kKPH5bxU8Rh5nADW6RYu6QRDo5tSIN-GJ1750o%2Fwairnw5h05fox4b%2F%2523%25E2%25B1%25BEe-tUp_4225-%25E2%25B1%25A3%2540%25E1%25B9%25A9%25EA%259E%25A9W0r%25E1%25B8%258F%25E1%258E%25A6%25E1%258E%25A6%2523%2521%2521.zip&ep.file_extension=zip&_et=1269&tfd=7130

tls, http2

chrome.exe

3.9kB
7.3kB
18
16

HTTP Request

POST https://region1.analytics.google.com/g/collect?v=2&tid=G-K68XP6D85D&gtm=45je4a90v887485693z86304663za200zb6304663&_p=1728813754775&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101529666~101533422~101671035~101686685&cid=904156927.1728813755&ul=en-us&sr=1280x720&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1728813755&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fwairnw5h05fox4b%2F&dt=%23%E2%B1%BEe-tUp_4225-%E2%B1%A3%40%E1%B9%A9%EA%9E%A9W0r%E1%B8%8F%E1%8E%A6%E1%8E%A6%23!!&en=page_view&_fv=1&_ss=1&up.page_url=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fwairnw5h05fox4b%2F&tfd=858

HTTP Request

POST https://region1.analytics.google.com/g/collect?v=2&tid=G-K68XP6D85D&gtm=45je4a90v887485693za200zb6304663&_p=1728813754775&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101529666~101533422~101671035~101686685&cid=904156927.1728813755&ul=en-us&sr=1280x720&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1728813755&sct=1&seg=0&dl=https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fwairnw5h05fox4b%2F&dt=%23%E2%B1%BEe-tUp_4225-%E2%B1%A3%40%E1%B9%A9%EA%9E%A9W0r%E1%B8%8F%E1%8E%A6%E1%8E%A6%23!!&en=file_download&ep.link_id=downloadButton&ep.link_url=https%3A%2F%2Fdownload2388.mediafire.com%2Fwgvbf04a7wzgDtJ6tGtZUZqlSOlqAh_COBlaURmAoOrAm1cQQKHgg4WT8nXrOTgI6QcNtrkvh29Z-Y8DduDmmWMhDddfBqdnSBpI-r9J1wE5JFOE_FjQp7PbA87tKJwJpMD1gOaG1kKPH5bxU8Rh5nADW6RYu6QRDo5tSIN-GJ1750o%2Fwairnw5h05fox4b%2F%2523%25E2%25B1%25BEe-tUp_4225-%25E2%25B1%25A3%2540%25E1%25B9%25A9%25EA%259E%25A9W0r%25E1%25B8%258F%25E1%258E%25A6%25E1%258E%25A6%2523%2521%2521.zip&ep.link_text=Download%20(18.48MB)&ep.file_name=%2Fwgvbf04a7wzgDtJ6tGtZUZqlSOlqAh_COBlaURmAoOrAm1cQQKHgg4WT8nXrOTgI6QcNtrkvh29Z-Y8DduDmmWMhDddfBqdnSBpI-r9J1wE5JFOE_FjQp7PbA87tKJwJpMD1gOaG1kKPH5bxU8Rh5nADW6RYu6QRDo5tSIN-GJ1750o%2Fwairnw5h05fox4b%2F%2523%25E2%25B1%25BEe-tUp_4225-%25E2%25B1%25A3%2540%25E1%25B9%25A9%25EA%259E%25A9W0r%25E1%25B8%258F%25E1%258E%25A6%25E1%258E%25A6%2523%2521%2521.zip&ep.file_extension=zip&_et=1269&tfd=7130
74.125.206.154:443

https://stats.g.doubleclick.net/g/collect?v=2&tid=G-K68XP6D85D&cid=904156927.1728813755&gtm=45je4a90v887485693z86304663za200zb6304663&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101529666~101533422~101671035~101686685

tls, http2

chrome.exe

2.1kB
6.8kB
16
15

HTTP Request

POST https://stats.g.doubleclick.net/g/collect?v=2&tid=G-K68XP6D85D&cid=904156927.1728813755&gtm=45je4a90v887485693z86304663za200zb6304663&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101529666~101533422~101671035~101686685
142.250.179.234:443

https://translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=en-GB&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback

tls, http2

chrome.exe

2.1kB
9.9kB
18
19

HTTP Request

GET https://translate-pa.googleapis.com/v1/supportedLanguages?client=te&display_language=en-GB&key=AIzaSyBWDj0QJvVIx8XOhRegXX5_SrRWxhT5Hs4&callback=callback
199.91.155.129:443

download2388.mediafire.com

tls

chrome.exe

1.1kB
4.7kB
9
10
199.91.155.129:443

https://download2388.mediafire.com/wgvbf04a7wzgDtJ6tGtZUZqlSOlqAh_COBlaURmAoOrAm1cQQKHgg4WT8nXrOTgI6QcNtrkvh29Z-Y8DduDmmWMhDddfBqdnSBpI-r9J1wE5JFOE_FjQp7PbA87tKJwJpMD1gOaG1kKPH5bxU8Rh5nADW6RYu6QRDo5tSIN-GJ1750o/wairnw5h05fox4b/%23%E2%B1%BEe-tUp_4225-%E2%B1%A3%40%E1%B9%A9%EA%9E%A9W0r%E1%B8%8F%E1%8E%A6%E1%8E%A6%23%21%21.zip

tls, http

chrome.exe

382.0kB
20.0MB
7905
14313

HTTP Request

GET https://download2388.mediafire.com/wgvbf04a7wzgDtJ6tGtZUZqlSOlqAh_COBlaURmAoOrAm1cQQKHgg4WT8nXrOTgI6QcNtrkvh29Z-Y8DduDmmWMhDddfBqdnSBpI-r9J1wE5JFOE_FjQp7PbA87tKJwJpMD1gOaG1kKPH5bxU8Rh5nADW6RYu6QRDo5tSIN-GJ1750o/wairnw5h05fox4b/%23%E2%B1%BEe-tUp_4225-%E2%B1%A3%40%E1%B9%A9%EA%9E%A9W0r%E1%B8%8F%E1%8E%A6%E1%8E%A6%23%21%21.zip

HTTP Response

200
172.217.169.3:443

https://beacons.gcp.gvt2.com/domainreliability/upload

tls, http2

chrome.exe

3.7kB
7.2kB
26
26

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload
172.217.169.14:443

https://google.com/domainreliability/upload

tls, http2

chrome.exe

3.7kB
9.7kB
25
28

HTTP Request

POST https://google.com/domainreliability/upload

HTTP Request

POST https://google.com/domainreliability/upload
142.250.187.195:443

https://id.google.com/verify/AD1BBBQqFgBk_jsZhwPGMm4ExXRLw8zs9rXkRgXKwE847WHY9yeX4P01Q_GsA5Z-cucVh6sI2AQWktoROOLdoMz6ADo8mo2eQkEnBA381od-Y5qg

tls, http2

chrome.exe

2.3kB
9.6kB
16
18

HTTP Request

GET https://id.google.com/verify/AD1BBBQqFgBk_jsZhwPGMm4ExXRLw8zs9rXkRgXKwE847WHY9yeX4P01Q_GsA5Z-cucVh6sI2AQWktoROOLdoMz6ADo8mo2eQkEnBA381od-Y5qg
216.239.34.157:443

tunnel.googlezip.net

tls, http2

chrome.exe

4.4kB
41.0kB
44
50

HTTP Request

CONNECT

HTTP Response

200
216.239.34.157:443

tunnel.googlezip.net

tls, http2

chrome.exe

3.4kB
14.1kB
24
30

HTTP Request

CONNECT

HTTP Response

200
51.195.68.163:443

https://www.win-rar.com/fileadmin/images/common/favicon.ico

tls, http2

chrome.exe

7.8kB
116.8kB
102
141

HTTP Request

GET https://www.win-rar.com/

HTTP Response

302

HTTP Request

GET https://www.win-rar.com/start.html?&L=0

HTTP Response

200

HTTP Request

GET https://www.win-rar.com/fileadmin/templates/style.css?1704275748

HTTP Request

GET https://www.win-rar.com/typo3temp/stylesheet_5d370599a3.css?1630582047

HTTP Request

GET https://www.win-rar.com/fileadmin/templates/images.css?1627980766

HTTP Request

GET https://www.win-rar.com/fileadmin/templates/footer.css?1675426476

HTTP Request

GET https://www.win-rar.com/fileadmin/templates/formhandler/jquery-3.7.1.slim.min.js

HTTP Request

GET https://www.win-rar.com/fileadmin/templates/logo-winrar.png

HTTP Request

GET https://www.win-rar.com/uploads/pics/rar-archive-8_d8215f_10.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.win-rar.com/fileadmin/images/awards/award-moosoft-winrar.png

HTTP Request

GET https://www.win-rar.com/fileadmin/images/icons/fb.svg

HTTP Request

GET https://www.win-rar.com/fileadmin/images/icons/tw.svg

HTTP Request

GET https://www.win-rar.com/fileadmin/images/icons/yt.svg

HTTP Request

GET https://www.win-rar.com/fileadmin/templates/formhandler/ckrule.js

HTTP Request

GET https://www.win-rar.com/fileadmin/templates/style-mx.css?1704277066

HTTP Request

GET https://www.win-rar.com/fileadmin/templates/footer-mx.css?1661158051

HTTP Request

GET https://www.win-rar.com/fileadmin/images/buttons/button_buy_blank.png

HTTP Request

GET https://www.win-rar.com/fileadmin/images/buttons/button_download_blank.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.win-rar.com/fileadmin/images/common/favicon.ico

HTTP Response

200
51.195.68.163:443

www.win-rar.com

tls

chrome.exe

961 B
3.5kB
8
11
51.195.68.163:443

https://www.win-rar.com/fileadmin/images/boxshots/checkgreen.jpg

tls, http2

chrome.exe

4.1kB
44.5kB
43
56

HTTP Request

GET https://www.win-rar.com/fileadmin/images/awards/graphicsfamily-award.png

HTTP Response

200

HTTP Request

GET https://www.win-rar.com/predownload.html?&L=0

HTTP Response

200

HTTP Request

GET https://www.win-rar.com/fileadmin/templates/defaultStyle.css?1627021175

HTTP Request

GET https://www.win-rar.com/typo3temp/stylesheet_3af1ea9423.css?1620143933

HTTP Request

GET https://www.win-rar.com/fileadmin/images/winrar-archive.png

HTTP Request

GET https://www.win-rar.com/fileadmin/images/buttons/button_buy_en.jpg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.win-rar.com/fileadmin/templates/defaultstyle-mx.css?1661155123

HTTP Request

GET https://www.win-rar.com/fileadmin/images/boxshots/checkgreen.jpg

HTTP Response

200

HTTP Response

200

HTTP Response

200
51.195.68.163:443

https://www.win-rar.com/fileadmin/images/help/winrar-installation-step-3.png

tls, http2

chrome.exe

79.9kB
4.3MB
1670
3114

HTTP Request

GET https://www.win-rar.com/postdownload.html?&L=0

HTTP Response

200

HTTP Request

GET https://www.win-rar.com/fileadmin/scripts/captcha/captcha.php?RELOAD=

HTTP Request

GET https://www.win-rar.com/fileadmin/templates/formhandler/apphelp-min.js

HTTP Request

GET https://www.win-rar.com/fileadmin/templates/style_max640.css?1660814472

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://www.win-rar.com/fileadmin/winrar-versions/winrar/winrar-x64-701.exe

HTTP Response

200

HTTP Request

GET https://www.win-rar.com/fileadmin/images/helper/winrar-download-chrome.png

HTTP Request

GET https://www.win-rar.com/fileadmin/images/helper/user_account_control.png

HTTP Request

GET https://www.win-rar.com/fileadmin/images/help/winrar-installation-step-1.png

HTTP Request

GET https://www.win-rar.com/fileadmin/images/help/winrar-installation-step-2.png

HTTP Request

GET https://www.win-rar.com/fileadmin/images/help/winrar-installation-step-3.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
2.18.66.65:443

www.bing.com

tls

11.6kB
153.2kB
143
127
92.123.128.168:443

r.bing.com

tls

30.8kB
786.4kB
599
578
92.123.128.168:443

r.bing.com

tls

1.5kB
5.5kB
23
14
92.123.128.168:443

r.bing.com

tls

1.5kB
5.5kB
23
14
92.123.128.168:443

r.bing.com

tls

1.5kB
5.5kB
23
14
92.123.128.168:443

r.bing.com

tls

1.5kB
5.5kB
23
14
92.123.128.168:443

r.bing.com

tls

1.5kB
5.5kB
23
14
92.123.128.173:443

www.bing.com

tls

BackgroundTransferHost.exe

21.3kB
593.7kB
440
435
142.250.200.4:443

www.google.com

tls

chrome.exe

953 B
4.6kB
8
9
142.250.200.42:443

ogads-pa.googleapis.com

tls, http2

chrome.exe

1.1kB
6.1kB
11
10
172.217.169.46:443

play.google.com

tls, http2

chrome.exe

1.2kB
7.7kB
11
11
172.217.169.78:443

clients2.google.com

tls, http2

chrome.exe

1.1kB
8.2kB
11
11
216.58.213.10:443

g.tenor.com

tls

TextInputHost.exe

1.8kB
8.8kB
21
16
142.250.178.3:80

http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D

http

TextInputHost.exe

515 B
1.9kB
6
5

HTTP Request

GET http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D

HTTP Response

200
142.250.178.3:80

http://c.pki.goog/r/r1.crl

http

TextInputHost.exe

395 B
1.8kB
6
5

HTTP Request

GET http://c.pki.goog/r/r1.crl

HTTP Response

200
142.250.178.3:80

http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEA59h%2BNbcrblCWf7YDaxen8%3D

http

TextInputHost.exe

513 B
884 B
6
4

HTTP Request

GET http://o.pki.goog/wr2/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTQtSEi8EX%2BbYUTXd8%2ByMxD3s1zQQU3hse7XkV1D43JMMhu%2Bw0OW1CsjACEA59h%2BNbcrblCWf7YDaxen8%3D

HTTP Response

200
142.250.179.234:443

media.tenor.com

tls

TextInputHost.exe

1.1kB
5.2kB
14
10
142.250.179.234:443

media.tenor.com

tls

TextInputHost.exe

8.8kB
219.5kB
172
165
142.250.179.234:443

media.tenor.com

tls

TextInputHost.exe

1.1kB
5.2kB
14
10
127.0.0.1:86

TextInputHost.exe
13.107.246.64:443

inputsuggestions.msdxcdn.microsoft.com

tls

TextInputHost.exe

1.8kB
6.6kB
21
17
13.107.246.64:443

inputsuggestions.msdxcdn.microsoft.com

tls

TextInputHost.exe

2.5kB
8.4kB
29
22
13.107.246.64:443

inputsuggestions.msdxcdn.microsoft.com

tls

TextInputHost.exe

1.8kB
6.6kB
21
17
216.239.34.157:443

tunnel.googlezip.net

tls, http2

chrome.exe

5.0kB
107.2kB
56
94

HTTP Request

CONNECT

HTTP Response

200
142.250.200.42:443

ogads-pa.googleapis.com

tls, http2

chrome.exe

1.1kB
6.0kB
10
9
216.58.201.118:443

i.ytimg.com

tls

chrome.exe

839 B
5.0kB
6
6
216.58.201.118:443

https://i.ytimg.com/vi/El2mqrJXHuQ/mqdefault.jpg?sqp=-oaymwEFCJQBEFM&rs=AMzJL3muGUKNiHAq2fFYB-gJBGUznHjS0g

tls, http2

chrome.exe

2.3kB
14.9kB
21
21

HTTP Request

GET https://i.ytimg.com/vi/K3CppL3v7OI/mqdefault.jpg?sqp=-oaymwEFCJQBEFM&rs=AMzJL3ni_8LdQzZ1F1gAbonZNT7JRqs1Bw

HTTP Request

GET https://i.ytimg.com/vi/El2mqrJXHuQ/mqdefault.jpg?sqp=-oaymwEFCJQBEFM&rs=AMzJL3muGUKNiHAq2fFYB-gJBGUznHjS0g
216.239.34.157:443

tunnel.googlezip.net

tls, http2

chrome.exe

6.5kB
176.5kB
90
144

HTTP Request

CONNECT

HTTP Response

200
142.250.187.238:443

https://www.youtube.com/s/player/2f238d39/www-widgetapi.vflset/www-widgetapi.js

tls, http2

chrome.exe

2.4kB
22.1kB
23
29

HTTP Request

GET https://www.youtube.com/iframe_api?version=3

HTTP Request

GET https://www.youtube.com/s/player/2f238d39/www-widgetapi.vflset/www-widgetapi.js
142.250.187.238:443

https://www.youtube.com/s/player/2f238d39/player_ias.vflset/en_US/base.js

tls, http2

chrome.exe

25.1kB
860.7kB
449
630

HTTP Request

GET https://www.youtube.com/embed/?enablejsapi=1&rel=0&autoplay=0&playsinline=1&expflag=embeds_enable_muted_autoplay%3Atrue&fs=1

HTTP Request

GET https://www.youtube.com/s/player/2f238d39/www-player.css

HTTP Request

GET https://www.youtube.com/s/player/2f238d39/player_ias.vflset/en_US/embed.js

HTTP Request

GET https://www.youtube.com/s/player/2f238d39/www-embed-player.vflset/www-embed-player.js

HTTP Request

GET https://www.youtube.com/s/player/2f238d39/player_ias.vflset/en_US/base.js
216.58.201.118:443

i.ytimg.com

tls, http2

chrome.exe

1.0kB
6.1kB
10
9
142.250.200.34:443

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

tls, http2

chrome.exe

2.2kB
7.4kB
19
22

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
142.250.200.38:443

https://static.doubleclick.net/instream/ad_status.js

tls, http2

chrome.exe

1.9kB
6.6kB
15
12

HTTP Request

GET https://static.doubleclick.net/instream/ad_status.js
142.250.180.10:443

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

tls, http2

chrome.exe

3.2kB
52.9kB
36
53

HTTP Request

OPTIONS https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

HTTP Request

POST https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
172.217.169.46:443

https://play.google.com/log?format=json&hasfast=true&authuser=0

tls, http2

chrome.exe

2.0kB
8.5kB
18
18

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0

HTTP Request

OPTIONS https://play.google.com/log?format=json&hasfast=true&authuser=0
172.217.169.46:443

play.google.com

tls

chrome.exe

977 B
6.9kB
10
8
172.67.70.36:443

https://cmp.setupcmp.com/cmp/images/setupad.svg

tls, http2

chrome.exe

3.3kB
42.3kB
45
50

HTTP Request

GET https://cmp.setupcmp.com/cmp/cmp/cmp-stub.js

HTTP Request

GET https://cmp.setupcmp.com/cmp/cmp/cmp-v1.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://cmp.setupcmp.com/cmp/images/setupad.svg

HTTP Response

200
172.67.70.36:443

cmp.setupcmp.com

tls, http2

chrome.exe

962 B
3.1kB
8
6
163.181.154.242:443

https://res.ldrescdn.com/gw/static/ld_gw/client/img/install-vt-2.c76cab9.png

tls, http2

chrome.exe

194.8kB
5.4MB
3238
3994

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/img/logo.deeb2ee.webp

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/img/ld-9-btn.fcef8a7.webp

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/img/zzz-btn-en.5a376bc.webp

HTTP Request

GET https://res.ldrescdn.com/rms/ldplayer/process/img/563faa39e54a4b6684056adb5050550b1726655143.png

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/cdbcd27.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/0d4bc0f.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/822857e.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/00e857b.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/2da8629.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/79a45c7.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/de6cf08.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/17827bb.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/ea3d90c.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/ae6e404.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/176af8a.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/3db6060.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/8a6fc82.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/c3e6bfb.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/b1e6416.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/30f4ca2.js

HTTP Response

200

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/5597061.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/b61908b.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/752cf03.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/82b449b.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/cdb5356.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/9811b80.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/936f4cf.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/fcc86b6.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/4ae49c3.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/c520b82.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/c14bdd6.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/329aac5.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/2af5e0e.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/f8f31e1.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/743fc12.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/c18d858.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/f05c90e.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/6f2e593.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/e13cbcf.js

HTTP Request

GET https://res.ldrescdn.com/rms/ldplayer/process/img/f68f571cf65c4ce491021cb94f7a5d791728529446.jpg

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/img/css-sprites.9525f2a.webp

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/abb52b4.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/f94f763.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/4fc27cd.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/0a02c4c.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/26072dd.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/9bebfae.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/65a68d6.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/c2e32be.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/1ea3346.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/47f226c.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/4ba6880.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/a250eb2.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/6dd8040.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/9caf658.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/acb0886.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/b92311f.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/3cfd74a.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/2e67196.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/6ec0a1f.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/56f98c1.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/af8fa83.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/1c6294c.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/81b6a53.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/ef99b84.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/da6e261.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/aa5c9ce.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/99ae060.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/40a7dbc.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/734f5df.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/d7ecd91.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/8ad62ea.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/42f77dc.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/495baf3.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/2a7f7cd.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/5c2837e.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/4d01370.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/37bbf73.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/94af347.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/09506d7.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/14dc4e8.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/c4cad38.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/8664ff7.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/e5f1c9d.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/57c36e2.js

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://res.ldrescdn.com/download/LDPlayer9.exe?n=LDPlayer9_ens_1001_ld.exe

HTTP Response

200

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/3ef6c2d.js

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/d983454.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/img/install-logo.12179f5.png

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/img/install-step-1.5df6e42.png

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/img/install-step-2.82dc51f.png

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/img/install-step-3.5b2181c.png

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/img/install-icon-1.704b2b6.png

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/img/install-icon-2.5480422.png

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/img/install-vt-1.d68b021.png

HTTP Request

GET https://res.ldrescdn.com/gw/static/ld_gw/client/img/install-vt-2.c76cab9.png

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
163.181.154.242:443

res.ldrescdn.com

tls, http2

chrome.exe

1.1kB
6.0kB
11
11
79.133.176.186:443

https://cdn.ldplayer.net/gw/static/ld_gw/js/adMsg.js

tls, http2

chrome.exe

2.0kB
15.6kB
20
22

HTTP Request

GET https://cdn.ldplayer.net/gw/static/ld_gw/js/adMsg.js

HTTP Response

200
172.67.70.36:443

https://cmp.setupcmp.com/cmp/gvl/google-atp-list.json

tls, http2

chrome.exe

4.7kB
130.8kB
73
114

HTTP Request

GET https://cmp.setupcmp.com/cmp/config/6750.json

HTTP Response

200

HTTP Request

GET https://cmp.setupcmp.com/cmp/gvl/default-vendors.json

HTTP Response

200

HTTP Request

GET https://cmp.setupcmp.com/cmp/gvl-v3/vendor-list.json

HTTP Response

200

HTTP Request

GET https://cmp.setupcmp.com/cmp/gvl/google-atp-list.json

HTTP Response

200
172.217.169.78:443

https://fundingchoicesmessages.google.com/f/AGSKWxW6gpysWqCamvY38ZHm9q3snjRmp5QvLUGzv2UF3zeNfXslBe6zHKWa83KhHht_8HB4L8Gm7uvfVX9Fdbm83jD25cQYvG_vqjOVznakSw7eahlRcsgSJY5CYxYENiG_3nh5T6oseQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzI4ODE0MTc3LDkxOTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cubGRwbGF5ZXIubmV0LyIsbnVsbCxbWzgsInRhQmdHdlJRQzIwIl0sWzksImVuLVVTIl0sWzE2LCJbMCwwLDBdIl0sWzE5LCIyIl1dXQ

tls, http2

chrome.exe

5.4kB
90.9kB
74
78

HTTP Request

GET https://fundingchoicesmessages.google.com/i/pub-3593861583707338?ers=1

HTTP Request

GET https://fundingchoicesmessages.google.com/b/pub-3593861583707338

HTTP Request

GET https://fundingchoicesmessages.google.com/f/AGSKWxW6gpysWqCamvY38ZHm9q3snjRmp5QvLUGzv2UF3zeNfXslBe6zHKWa83KhHht_8HB4L8Gm7uvfVX9Fdbm83jD25cQYvG_vqjOVznakSw7eahlRcsgSJY5CYxYENiG_3nh5T6oseQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzI4ODE0MTc3LDkxOTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cubGRwbGF5ZXIubmV0LyIsbnVsbCxbWzgsInRhQmdHdlJRQzIwIl0sWzksImVuLVVTIl0sWzE2LCJbMCwwLDBdIl0sWzE5LCIyIl1dXQ
172.217.169.78:443

fundingchoicesmessages.google.com

tls

chrome.exe

981 B
7.1kB
10
8
172.217.16.238:443

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.3visMJpiQIc.O/m=client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo99Jaq3x9bYTscBipFXsayIS-abwA/cb=gapi.loaded_0?le=scs

tls, http2

chrome.exe

4.5kB
131.4kB
64
108

HTTP Request

GET https://apis.google.com/js/api:client.js

HTTP Request

GET https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.3visMJpiQIc.O/m=client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo99Jaq3x9bYTscBipFXsayIS-abwA/cb=gapi.loaded_0?le=scs
142.250.187.234:443

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQkK_e8r8436ORIFDZFhlU4hrYaVcWbn6-A=?alt=proto

tls, http2

chrome.exe

1.8kB
6.8kB
15
16

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQkK_e8r8436ORIFDZFhlU4hrYaVcWbn6-A=?alt=proto
47.236.4.49:443

https://usersdk.ldmnq.com/sdk/initSdk

tls, http2

chrome.exe

2.4kB
4.8kB
15
13

HTTP Request

OPTIONS https://usersdk.ldmnq.com/sdk/initSdk

HTTP Response

200

HTTP Request

POST https://usersdk.ldmnq.com/sdk/initSdk

HTTP Response

200
79.133.176.174:443

apien.ldplayer.net

tls, http2

chrome.exe

1.0kB
5.8kB
9
9
79.133.176.174:443

https://apien.ldplayer.net/ows/en/ip/englishCheckIpArea

tls, http2

chrome.exe

3.7kB
23.2kB
40
48

HTTP Request

POST https://apien.ldplayer.net/ows/en/front/versions

HTTP Request

POST https://apien.ldplayer.net/ows/en/front/versions

HTTP Request

GET https://apien.ldplayer.net/ows/en/ip/englishCheckIpArea

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

OPTIONS https://apien.ldplayer.net/ows/en/games/playFullPack

HTTP Response

200

HTTP Request

POST https://apien.ldplayer.net/ows/en/games/playFullPack

HTTP Response

200

HTTP Request

GET https://apien.ldplayer.net/ows/en/ip/checkIpArea

HTTP Response

200

HTTP Request

GET https://apien.ldplayer.net/ows/en/front/homePack

HTTP Response

200

HTTP Request

POST https://apien.ldplayer.net/ows/en/front/versions

HTTP Request

GET https://apien.ldplayer.net/ows/en/ip/englishCheckIpArea

HTTP Response

200

HTTP Response

200
79.133.176.174:443

apien.ldplayer.net

tls, http2

chrome.exe

1.1kB
5.8kB
9
9
150.171.28.10:443

https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=be0e2fcc-a68a-4df5-ba19-2600bd8de255&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=pageHide

tls, http2

chrome.exe

11.1kB
31.7kB
68
77

HTTP Request

GET https://bat.bing.com/bat.js

HTTP Response

200

HTTP Request

GET https://bat.bing.com/p/action/187121839.js

HTTP Response

200

HTTP Request

GET https://bat.bing.com/action/0?ti=187121839&tm=gtm002&Ver=2&mid=0aa593eb-5c3f-48f6-ab70-0b14b1c69bda&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=1&msclkid=N&uach=pv%3D14.0.0&pi=918639831&lg=en-US&sw=1280&sh=720&sc=24&tl=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&p=https%3A%2F%2Fwww.ldplayer.net%2F&r=https%3A%2F%2Fwww.google.com%2F&lt=635&evt=pageLoad&sv=1&cdb=AQAU&rn=419384

HTTP Response

204

HTTP Request

POST https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=0aa593eb-5c3f-48f6-ab70-0b14b1c69bda&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=1&msclkid=N&evt=gtmConsent&gasc=G

HTTP Response

204

HTTP Request

POST https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=0aa593eb-5c3f-48f6-ab70-0b14b1c69bda&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=1&msclkid=N&evt=pageHide

HTTP Response

204

HTTP Request

GET https://bat.bing.com/action/0?ti=187121839&tm=gtm002&Ver=2&mid=bc8cf8f7-7e83-42f8-a933-36d32c738546&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&page_path=%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&spa=Y&p=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&uach=pv%3D14.0.0&pi=918639831&lg=en-US&sw=1280&sh=720&sc=24&tl=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&r=https%3A%2F%2Fwww.ldplayer.net%2F&evt=pageLoad&sv=1&cdb=AQAU&rn=254420

HTTP Response

204

HTTP Request

POST https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=bc8cf8f7-7e83-42f8-a933-36d32c738546&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=pageHide

HTTP Request

GET https://bat.bing.com/action/0?ti=187121839&tm=gtm002&Ver=2&mid=6c69f35f-a9b1-4f71-b6bc-0781f37c313b&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&page_path=%2F&spa=Y&p=https%3A%2F%2Fwww.ldplayer.net%2F&uach=pv%3D14.0.0&pi=918639831&lg=en-US&sw=1280&sh=720&sc=24&tl=Download%20Tree%20of%20Savior%3A%20Neverland%20on%20PC%20(Emulator)%20-%20LDPlayer&r=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&evt=pageLoad&sv=1&cdb=AQAU&rn=670298

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=6c69f35f-a9b1-4f71-b6bc-0781f37c313b&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=pageHide

HTTP Request

GET https://bat.bing.com/action/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&page_path=%2F%23google_vignette&spa=Y&p=https%3A%2F%2Fwww.ldplayer.net%2F%23google_vignette&uach=pv%3D14.0.0&pi=918639831&lg=en-US&sw=1280&sh=720&sc=24&tl=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&r=https%3A%2F%2Fwww.ldplayer.net%2F&evt=pageLoad&sv=1&cdb=AQAU&rn=110387

HTTP Response

204

HTTP Request

GET https://bat.bing.com/action/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&gc=USD&tpp=1&ea=signup&en=Y&p=https%3A%2F%2Fwww.ldplayer.net%2F%23google_vignette&sw=1280&sh=720&sc=24&evt=custom&cdb=AQAU&rn=471670

HTTP Response

204

HTTP Request

GET https://bat.bing.com/action/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&gtm_tag_source=ua&ec=ldplayer&el=https%3A%2F%2Fwww.ldplayer.net%2F&gc=USD&tpp=1&en=Y&p=https%3A%2F%2Fwww.ldplayer.net%2F%23google_vignette&sw=1280&sh=720&sc=24&evt=custom&cdb=AQAU&rn=667872

HTTP Request

GET https://bat.bing.com/action/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&ev=0&gc=USD&tpp=1&en=Y&p=https%3A%2F%2Fwww.ldplayer.net%2F%23google_vignette&sw=1280&sh=720&sc=24&evt=custom&cdb=AQAU&rn=965479

HTTP Request

GET https://bat.bing.com/action/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&ev=0&gc=USD&tpp=1&ea=signup&en=Y&p=https%3A%2F%2Fwww.ldplayer.net%2F%23google_vignette&sw=1280&sh=720&sc=24&evt=custom&cdb=AQAU&rn=361121

HTTP Request

GET https://bat.bing.com/action/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&gc=USD&tpp=1&ea=signup&en=Y&p=https%3A%2F%2Fwww.ldplayer.net%2F%23google_vignette&sw=1280&sh=720&sc=24&evt=custom&cdb=AQAU&rn=713028

HTTP Response

204

HTTP Response

204

HTTP Response

204

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=gtmConsent&gasc=D

HTTP Request

POST https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=gtmConsent&gasc=G

HTTP Response

204

HTTP Request

POST https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=gtmConsent&gasc=D

HTTP Request

POST https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=gtmConsent&gasc=G

HTTP Response

204

HTTP Request

POST https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=gtmConsent&gasc=D

HTTP Response

204

HTTP Request

POST https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=gtmConsent&gasc=G

HTTP Request

POST https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=gtmConsent&gasc=D

HTTP Request

POST https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=gtmConsent&gasc=G

HTTP Response

204

HTTP Response

204

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=5c927d7b-c581-4600-8485-d247f87f95c5&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=pageHide

HTTP Request

GET https://bat.bing.com/action/0?ti=187121839&tm=gtm002&Ver=2&mid=be0e2fcc-a68a-4df5-ba19-2600bd8de255&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&page_path=%2Fdownload%2Finstall&spa=Y&p=https%3A%2F%2Fwww.ldplayer.net%2Fdownload%2Finstall&uach=pv%3D14.0.0&pi=918639831&lg=en-US&sw=1280&sh=720&sc=24&tl=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&r=https%3A%2F%2Fwww.ldplayer.net%2F%23google_vignette&evt=pageLoad&sv=1&cdb=AQAU&rn=79879

HTTP Response

204

HTTP Response

204

HTTP Response

204

HTTP Request

POST https://bat.bing.com/actionp/0?ti=187121839&tm=gtm002&Ver=2&mid=be0e2fcc-a68a-4df5-ba19-2600bd8de255&sid=412f5e40894b11ef9c06353e309b06a3&vid=412fc5e0894b11efb1346dbdf455bc31&vids=0&msclkid=N&evt=pageHide

HTTP Response

204
13.107.246.64:443

https://www.clarity.ms/tag/uet/187121839?insights=1

tls, http2

chrome.exe

3.5kB
37.3kB
34
39

HTTP Request

GET https://www.clarity.ms/tag/584iom30dr

HTTP Response

200

HTTP Request

GET https://www.clarity.ms/s/0.7.48/clarity.js

HTTP Request

GET https://www.clarity.ms/tag/uet/187121839?insights=1

HTTP Response

200

HTTP Response

200
216.239.34.36:443

region1.google-analytics.com

tls, http2

chrome.exe

1.1kB
6.2kB
9
8
216.239.34.36:443

https://region1.analytics.google.com/g/collect?v=2&tid=G-59PCK5ER57&gtm=45je4a90v890351567za200zb811059450&_p=1728814177601&gcs=G111&gcd=13n3n3n3n5l1&npa=0&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101533421~101671035~101686685&gdid=dNzg2MD&cid=791018054.1728814178&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_s=13&sid=1728814178&sct=1&seg=1&dl=https%3A%2F%2Fwww.ldplayer.net%2Fdownload%2Finstall&dr=https%3A%2F%2Fwww.ldplayer.net%2F&dt=Download%20and%20Use%20LDPlayer%20on%20PC&en=user_engagement&_et=4682&tfd=56678

tls, http2

chrome.exe

7.6kB
9.2kB
34
41

HTTP Request

POST https://region1.google-analytics.com/g/collect?v=2&tid=G-59PCK5ER57&gtm=45je4a90v890351567z8811059450za200zb811059450&_p=1728814177601&gcs=G100&gcd=13m3m3m3m5l1&npa=1&dma_cps=-&dma=1&tcfd=15X4a&tag_exp=101533421~101671035~101686685&gdid=dNzg2MD&cid=791018054.1728814178&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=denied&_s=1&sid=1728814178&sct=1&seg=0&dl=https%3A%2F%2Fwww.ldplayer.net%2F&dr=https%3A%2F%2Fwww.google.com%2F&dt=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&en=page_view&_fv=1&_ss=1&tfd=1130

HTTP Request

POST https://region1.google-analytics.com/g/collect?v=2&tid=G-NETEW036PS&gtm=45je4a90v897214331z8811059450za200zb811059450&_p=1728814177601&gcs=G100&gcd=13m3m3m3m5l1&npa=1&dma_cps=-&dma=1&tcfd=15X4a&tag_exp=101671035~101686685~101836706&gdid=dNzg2MD&cid=791018054.1728814178&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=denied&_s=1&sid=1728814178&sct=1&seg=0&dl=https%3A%2F%2Fwww.ldplayer.net%2F&dr=https%3A%2F%2Fwww.google.com%2F&dt=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&en=page_view&_fv=1&_nsi=1&_ss=1&ep.content_group=%E9%A6%96%E9%A1%B5&tfd=1097

HTTP Request

POST https://region1.google-analytics.com/g/collect?v=2&tid=G-NETEW036PS&gtm=45je4a90v897214331za200zb811059450&_p=1728814177601&gcs=G111&gcu=1&gcd=13n3n3n3n5l1&npa=0&dma_cps=syphamo&dma=1&tcfd=15X4a&tag_exp=101671035~101686685~101836706&gdid=dNzg2MD&gcut=3&cid=791018054.1728814178&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_s=2&sid=1728814178&sct=1&seg=0&dl=https%3A%2F%2Fwww.ldplayer.net%2F&dr=https%3A%2F%2Fwww.google.com%2F&dt=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&en=user_engagement&ep.content_group=%E9%A6%96%E9%A1%B5&ep.ga_temp_client_id=791018054.1728814178&_et=1667&tfd=6400

HTTP Request

POST https://region1.google-analytics.com/g/collect?v=2&tid=G-59PCK5ER57&gtm=45je4a90v890351567za200zb811059450&_p=1728814177601&gcs=G111&gcu=1&gcd=13n3n3n3n5l1&npa=0&dma_cps=syphamo&dma=1&tcfd=15X4a&tag_exp=101533421~101671035~101686685&gdid=dNzg2MD&gcut=3&cid=791018054.1728814178&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_s=2&sid=1728814178&sct=1&seg=0&dl=https%3A%2F%2Fwww.ldplayer.net%2F&dr=https%3A%2F%2Fwww.google.com%2F&dt=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&en=user_engagement&ep.ga_temp_client_id=791018054.1728814178&_et=1639&tfd=6408

HTTP Request

POST https://region1.analytics.google.com/g/collect?v=2&tid=G-NETEW036PS&gtm=45je4a90v897214331za200zb811059450&_p=1728814177601&_gaz=1&gcs=G111&gcd=13n3n3n3n5l1&npa=0&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685~101836706&gdid=dNzg2MD&cid=791018054.1728814178&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_eu=AEA&_s=3&dl=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&dr=https%3A%2F%2Fwww.ldplayer.net%2F&sid=1728814178&sct=1&seg=1&dt=Download%20Tree%20of%20Savior%3A%20Neverland%20on%20PC%20(Emulator)%20-%20LDPlayer&en=page_view&ep.content_group=%E9%A6%96%E9%A1%B5&_et=3627&tfd=6400

HTTP Request

POST https://region1.analytics.google.com/g/collect?v=2&tid=G-59PCK5ER57&gtm=45je4a90v890351567za200zb811059450&_p=1728814177601&_gaz=1&gcs=G111&gcd=13n3n3n3n5l1&npa=0&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101533421~101671035~101686685&gdid=dNzg2MD&cid=791018054.1728814178&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_eu=AEA&_s=3&dl=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&dr=https%3A%2F%2Fwww.ldplayer.net%2F&sid=1728814178&sct=1&seg=1&dt=Download%20Tree%20of%20Savior%3A%20Neverland%20on%20PC%20(Emulator)%20-%20LDPlayer&en=page_view&_et=3632&tfd=6408

HTTP Request

POST https://region1.analytics.google.com/g/collect?v=2&tid=G-NETEW036PS&gtm=45je4a90v897214331za200zb811059450&_p=1728814177601&gcs=G111&gcd=13n3n3n3n5l1&npa=0&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685~101836706&gdid=dNzg2MD&cid=791018054.1728814178&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_s=11&sid=1728814178&sct=1&seg=1&dl=https%3A%2F%2Fwww.ldplayer.net%2Fdownload%2Finstall&dr=https%3A%2F%2Fwww.ldplayer.net%2F&dt=Download%20and%20Use%20LDPlayer%20on%20PC&en=user_engagement&ep.content_group=%E9%A6%96%E9%A1%B5&_et=4698&tfd=56678

HTTP Request

POST https://region1.analytics.google.com/g/collect?v=2&tid=G-59PCK5ER57&gtm=45je4a90v890351567za200zb811059450&_p=1728814177601&gcs=G111&gcd=13n3n3n3n5l1&npa=0&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101533421~101671035~101686685&gdid=dNzg2MD&cid=791018054.1728814178&ul=en-us&sr=1280x720&lps=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&frm=0&pscdl=noapi&_s=13&sid=1728814178&sct=1&seg=1&dl=https%3A%2F%2Fwww.ldplayer.net%2Fdownload%2Finstall&dr=https%3A%2F%2Fwww.ldplayer.net%2F&dt=Download%20and%20Use%20LDPlayer%20on%20PC&en=user_engagement&_et=4682&tfd=56678
183.240.98.228:443

hm.baidu.com

chrome.exe

260 B
5
4.153.129.168:443

https://b.clarity.ms/collect

tls, http

chrome.exe

386.4kB
16.4kB
325
154

HTTP Request

POST https://b.clarity.ms/collect

HTTP Response

204

HTTP Request

POST https://b.clarity.ms/collect

HTTP Response

204

HTTP Request

POST https://b.clarity.ms/collect

HTTP Response

204

HTTP Request

POST https://b.clarity.ms/collect

HTTP Response

204

HTTP Request

POST https://b.clarity.ms/collect

HTTP Response

204

HTTP Request

POST https://b.clarity.ms/collect

HTTP Response

204

HTTP Request

POST https://b.clarity.ms/collect

HTTP Response

204

HTTP Request

POST https://b.clarity.ms/collect

HTTP Response

204

HTTP Request

POST https://b.clarity.ms/collect

HTTP Response

204

HTTP Request

POST https://b.clarity.ms/collect

HTTP Response

204

HTTP Request

POST https://b.clarity.ms/collect

HTTP Response

204

HTTP Request

POST https://b.clarity.ms/collect

HTTP Response

204

HTTP Request

POST https://b.clarity.ms/collect

HTTP Response

204

HTTP Request

POST https://b.clarity.ms/collect

HTTP Response

204

HTTP Request

POST https://b.clarity.ms/collect

HTTP Response

204
173.194.69.84:443

https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Fwww.ldplayer.net&client_id=890364888673-tfc1o8k7f93iq644s55ecn5fm56snrjq.apps.googleusercontent.com

tls, http2

chrome.exe

2.6kB
9.2kB
19
23

HTTP Request

GET https://accounts.google.com/o/oauth2/iframe

HTTP Request

GET https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Fwww.ldplayer.net&client_id=890364888673-tfc1o8k7f93iq644s55ecn5fm56snrjq.apps.googleusercontent.com
183.240.98.228:443

hm.baidu.com

chrome.exe

260 B
5
142.250.200.4:443

https://www.google.com/pagead/1p-conversion/11033320454/?random=378433955&cv=11&fst=1728814188370&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v897883683z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=R1qjCJGAzoMYEIa4jI0p&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&pscrd=IhMI1-SB3Y6LiQMVrF4dCR3AxwhkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYk1jbDV1Y1V3QXZJajhTWUd3b3FIeVY3b2hHTUl2UlZqZFFxTGxxdG1mazRBR1paM3VubW1E&is_vtc=1&cid=CAQSKQDpaXnfWCs79jTg3YfA2JmjtUcv8WHo6hZrda0vo-R_5yC7uYicJs8C&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfECq7NKZ65uHFTDRsYx-2aztzrj3NIvXiR8&random=4107108362

tls, http2

chrome.exe

10.7kB
16.4kB
40
47

HTTP Request

POST https://www.google.com/pagead/landing?gcs=G111&gcu=1&gcd=13n3n3n3n5l1&tag_exp=101671035~101686685&rnd=1058634305.1728814178&url=https%3A%2F%2Fwww.ldplayer.net%2F&dma_cps=syphamo&dma=1&npa=0&tcfd=15X4a&gdpr_consent=tcempty&gdpr=1&gtm=45He4a90n81T3PC7L8v811059450za200&auid=9255158.1728814180&apve=0

HTTP Request

GET https://www.google.com/pagead/1p-conversion/691667572/?random=225797198&cv=11&fst=1728814188267&bg=ffffff&guid=ON&async=1&gtm=45be4a90v877717752z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=aQ7aCOrdo7UBEPSE6MkC&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCMPJsQIoAQ&pscrd=IhMIrpT83I6LiQMV5kYdCR0q9goUMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYnB4ckNueVVwdHN2NHZObFo0WDVrbHNIRldqa3lscE5CWDJfQW9GZDJhdFVOZnkxVDZYOHpU&is_vtc=1&cid=CAQSKQDpaXnfvpYm_MMgcuDIQfKXaNgtU5BwF5MF-V8g4EbO8uLs_6c07k0R&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEBA3ilSyNAN9q67JZj6oT7_5-c6ztJxleE&random=3832946140

HTTP Request

GET https://www.google.com/pagead/1p-conversion/11081818434/?random=1236900797&cv=11&fst=1728814188299&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9101879777z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=828MCJfU_4kYEMLCnKQp&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCMPJsQIoAQ&pscrd=IhMIw5f-3I6LiQMV9UgdCR1G-SYTMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYXlxdlJhUG9MZWRCY3dyNFhjSkh0bWpLLUthNkJwVFZRcmpEU05EbFZRektBS3V0eEZrS093&is_vtc=1&cid=CAQSKQDpaXnfdj9fkHYS5qTWsF5Q323vaJaYAUuxyQuKL6JPWVJUazW7XXsW&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEBvBoJYg1N1Sgb0Ua0-eGz4vZM_ymi-c5A&random=1164820918

HTTP Request

GET https://www.google.com/pagead/1p-conversion/11055607299/?random=83265790&cv=11&fst=1728814188338&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9101366724z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=iH1YCPXq_IkYEIPc3Jcp&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&pscrd=IhMI_6qA3Y6LiQMVCV4dCR3ZyTyAMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYUtaNElYXzZIdzdzREZfXzMtcndQZjFkenZmNUJHUzNYMmRwSE9PdnNwaEZWMjh1Y1phcXhD&is_vtc=1&cid=CAQSKQDpaXnfpzUcsY38xaqbM_HHcU1WOT9mxbSt2tUahDPWuZomScqqmZL4&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEDoQ-TFwY0HpJ3YPRAZMo3rtR5B6lsj0-g&random=1784264614

HTTP Request

GET https://www.google.com/pagead/1p-conversion/11033320454/?random=1990341734&cv=11&fst=1728814188370&bg=ffffff&guid=ON&async=1&gtm=45be4a90v897883683z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=R1qjCJGAzoMYEIa4jI0p&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&pscrd=IhMIntKB3Y6LiQMVmkcdCR1WIz1cMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zWTQ5MVpoVjdCVWtackc0Y0x3a0E2VURCNkhtM05qVG44X291cHRfelJTZnUxRGJRLUpCdWhP&is_vtc=1&cid=CAQSKQDpaXnfCSHrhN1AMV9YDJKmxUoHqCKuuLamLa1WwUqd6-PLP22KO2IF&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEAeu4CoqAB776HI5nHCRF2SdmxdSN6QUPo&random=2606352208

HTTP Request

GET https://www.google.com/pagead/1p-conversion/11033320454/?random=378433955&cv=11&fst=1728814188370&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v897883683z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=R1qjCJGAzoMYEIa4jI0p&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&pscrd=IhMI1-SB3Y6LiQMVrF4dCR3AxwhkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYk1jbDV1Y1V3QXZJajhTWUd3b3FIeVY3b2hHTUl2UlZqZFFxTGxxdG1mazRBR1paM3VubW1E&is_vtc=1&cid=CAQSKQDpaXnfWCs79jTg3YfA2JmjtUcv8WHo6hZrda0vo-R_5yC7uYicJs8C&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfECq7NKZ65uHFTDRsYx-2aztzrj3NIvXiR8&random=4107108362
142.250.200.34:443

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11033320454/?random=378433955&cv=11&fst=1728814188370&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v897883683z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=R1qjCJGAzoMYEIa4jI0p&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEBlf0KnNInu3PF0Y_E4xSzOaJo6Vd_zIqI&pscrd=IhMI1-SB3Y6LiQMVrF4dCR3AxwhkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYk1jbDV1Y1V3QXZJajhTWUd3b3FIeVY3b2hHTUl2UlZqZFFxTGxxdG1mazRBR1paM3VubW1E

tls, http2

chrome.exe

10.2kB
16.1kB
41
48

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcu=1&gcd=13n3n3n3n5l1&tag_exp=101671035~101686685&rnd=1058634305.1728814178&url=https%3A%2F%2Fwww.ldplayer.net%2F&dma_cps=syphamo&dma=1&npa=0&tcfd=15X4a&gdpr_consent=tcempty&gdpr=1&gtm=45He4a90n81T3PC7L8v811059450za200&auid=9255158.1728814180&apve=0

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/viewthroughconversion/691667572/?random=225797198&cv=11&fst=1728814188267&bg=ffffff&guid=ON&async=1&gtm=45be4a90v877717752z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=aQ7aCOrdo7UBEPSE6MkC&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCMPJsQIoAQ&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEAjDAaD9UsOmILOtlgEusksrynjCCNeT-A&pscrd=IhMIrpT83I6LiQMV5kYdCR0q9goUMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYnB4ckNueVVwdHN2NHZObFo0WDVrbHNIRldqa3lscE5CWDJfQW9GZDJhdFVOZnkxVDZYOHpU

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11081818434/?random=1236900797&cv=11&fst=1728814188299&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9101879777z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=828MCJfU_4kYEMLCnKQp&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCMPJsQIoAQ&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfECLgZJL_F0y0eqPLX46t1Ahowd5zM-yBo4&pscrd=IhMIw5f-3I6LiQMV9UgdCR1G-SYTMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYXlxdlJhUG9MZWRCY3dyNFhjSkh0bWpLLUthNkJwVFZRcmpEU05EbFZRektBS3V0eEZrS093

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11055607299/?random=83265790&cv=11&fst=1728814188338&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9101366724z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=iH1YCPXq_IkYEIPc3Jcp&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEA5QfO32OCBCWkrOGlx_vH5S-CXFN1h2pM&pscrd=IhMI_6qA3Y6LiQMVCV4dCR3ZyTyAMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYUtaNElYXzZIdzdzREZfXzMtcndQZjFkenZmNUJHUzNYMmRwSE9PdnNwaEZWMjh1Y1phcXhD

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11033320454/?random=1990341734&cv=11&fst=1728814188370&bg=ffffff&guid=ON&async=1&gtm=45be4a90v897883683z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=R1qjCJGAzoMYEIa4jI0p&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEBInVue1VgS50UtZnC5ItWshXNxluR6FfE&pscrd=IhMIntKB3Y6LiQMVmkcdCR1WIz1cMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zWTQ5MVpoVjdCVWtackc0Y0x3a0E2VURCNkhtM05qVG44X291cHRfelJTZnUxRGJRLUpCdWhP

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11033320454/?random=378433955&cv=11&fst=1728814188370&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v897883683z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=R1qjCJGAzoMYEIa4jI0p&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEBlf0KnNInu3PF0Y_E4xSzOaJo6Vd_zIqI&pscrd=IhMI1-SB3Y6LiQMVrF4dCR3AxwhkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYk1jbDV1Y1V3QXZJajhTWUd3b3FIeVY3b2hHTUl2UlZqZFFxTGxxdG1mazRBR1paM3VubW1E
163.181.154.242:443

www.ldplayer.net

tls, http2

chrome.exe

1.2kB
5.5kB
12
13
163.181.154.242:443

https://res.ldrescdn.com/update/ows_config/seo_table_en

tls, http2

chrome.exe

2.0kB
13.4kB
18
21

HTTP Request

GET https://res.ldrescdn.com/update/ows_config/seo_table_en

HTTP Response

200
79.133.176.186:443

https://cdn.ldplayer.net/ldx/games/easyfun.json

tls, http2

chrome.exe

3.3kB
95.4kB
47
81

HTTP Request

GET https://cdn.ldplayer.net/ldx/games/easyfun.json

HTTP Response

200
104.18.31.49:443

https://stpd.cloud/tag/6584

tls, http2

chrome.exe

6.9kB
222.7kB
123
222

HTTP Request

GET https://stpd.cloud/assets/stpdwrapper.js

HTTP Response

200

HTTP Request

GET https://stpd.cloud/tag/6584

HTTP Response

200

HTTP Request

GET https://stpd.cloud/tag/6584

HTTP Response

200
47.245.114.192:443

https://invite.ldplayer.net/alliance/track/mnqLinkTrack

tls, http2

chrome.exe

2.1kB
5.5kB
15
13

HTTP Request

OPTIONS https://invite.ldplayer.net/alliance/track/mnqLinkTrack

HTTP Response

200

HTTP Request

POST https://invite.ldplayer.net/alliance/track/mnqLinkTrack

HTTP Response

200
142.250.179.246:443

play-lh.googleusercontent.com

tls, http2

chrome.exe

999 B
6.1kB
9
8
142.250.179.246:443

play-lh.googleusercontent.com

tls, http2

chrome.exe

1.1kB
6.1kB
9
8
142.250.179.246:443

play-lh.googleusercontent.com

tls, http2

chrome.exe

1.0kB
6.1kB
9
8
142.250.179.246:443

play-lh.googleusercontent.com

tls, http2

chrome.exe

1.1kB
6.1kB
9
8
142.250.179.246:443

https://play-lh.googleusercontent.com/gb6Pt-CGnRPqyLhoeU-m7TupH7QfxPEteYVKqYs2qa0LKQJ9GHlQE5Il2o1y7WdVqnw=s68-rw

tls, http2

chrome.exe

9.8kB
274.5kB
163
207

HTTP Request

GET https://play-lh.googleusercontent.com/brT5MQPuD8M0q_nFie_NPnwJG1_srZZy8D_U0YjgiTv8eCB8cqwn2a9rdYX4L1MQSCU=s132-rw

HTTP Request

GET https://play-lh.googleusercontent.com/JhLcEIwCyjwPVMlhF8oxZsx0RlJcuGHZ2SRYWkXVd1Ip1fAlpe2zb5fBEDVMlKtJ8AXQ=w540-h302-rw

HTTP Request

GET https://play-lh.googleusercontent.com/VXyKfYXZNiGrii5PUjJJgc3iCUPF9yOS0BCx_fzOk6Apnnwypx43tgbKOM7JXFFL7p0_=s68-rw

HTTP Request

GET https://play-lh.googleusercontent.com/trnkyCe9zW5LhfuhoT0KZpPBL2RpMQk-rhrRiNIdOOKdIak9_OL6hbzsrkrc-j1nWQ=w540-h302-rw

HTTP Request

GET https://play-lh.googleusercontent.com/oKLS2ChoZjoHklnvJPLFS89yNqY-wkDMuVCDSGuHhFxVfE8XMArV6Zcd1VIvt885HQ=w540-h302-rw

HTTP Request

GET https://play-lh.googleusercontent.com/ttutJKqPG91wV8KMysrnTVx7WAXWG6v2D7Ha0eYqaw8bGXnCw-FsRtMeIidVyv3CaY4=w540-h302-rw

HTTP Request

GET https://play-lh.googleusercontent.com/je9TJ0GI8JxpTAdLjoz3NFLg0nmNpAfqnkFU2Rvpu6UBbugvdw3xZyuBkqPi9JItN_I=s68-rw

HTTP Request

GET https://play-lh.googleusercontent.com/cJzInqdl3P0kFi1AOKislC53I8xrAv0rjfxdaMv2Ag4HBCqhup-xKbw78HOu3uri0Dc=s68-rw

HTTP Request

GET https://play-lh.googleusercontent.com/npHAHmtZRgiMVEVg5pcncTIyqMW5MX--niR0L9PSzc5l8nuXS4GbU4w0yumQTururnc=s68-rw

HTTP Request

GET https://play-lh.googleusercontent.com/pYYxnOxFF7rlECHYZ3uPtIgj2193SZjSr_NsNvml0SyK8yMcy_XNhhr9czHgcItFSA=s68-rw

HTTP Request

GET https://play-lh.googleusercontent.com/gb6Pt-CGnRPqyLhoeU-m7TupH7QfxPEteYVKqYs2qa0LKQJ9GHlQE5Il2o1y7WdVqnw=s68-rw
142.250.179.246:443

play-lh.googleusercontent.com

tls, http2

chrome.exe

1.1kB
6.1kB
9
8
8.222.160.10:443

https://api.ldshop.gg/api/en/game/commodity?packageName=com.qookkagames.szgd.gp.tfy

tls, http2

chrome.exe

1.8kB
4.5kB
13
12

HTTP Request

GET https://api.ldshop.gg/api/en/game/commodity?packageName=com.qookkagames.szgd.gp.tfy

HTTP Response

200
216.58.204.66:443

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410080101/pubads_impl.js

tls, http2

chrome.exe

5.7kB
201.9kB
96
157

HTTP Request

GET https://securepubads.g.doubleclick.net/tag/js/gpt.js

HTTP Request

GET https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410080101/pubads_impl.js
142.250.200.2:443

https://www.googletagservices.com/tag/js/gpt.js

tls, http2

chrome.exe

2.8kB
41.1kB
38
39

HTTP Request

GET https://www.googletagservices.com/tag/js/gpt.js
142.250.200.34:443

https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&addtl_consent=1~39.43.46.55.61.70.83.89.93.108.117.122.124.131.135.136.143.144.147.149.159.162.167.171.192.196.202.211.218.228.230.239.241.259.266.272.286.291.311.317.322.323.326.327.338.367.371.385.389.394.397.407.413.415.424.430.436.440.445.449.453.482.486.491.494.495.501.503.505.522.523.540.550.559.560.568.574.576.584.587.591.733.737.745.780.787.802.803.817.820.821.829.839.864.867.874.899.904.922.931.938.979.981.985.1003.1024.1027.1031.1033.1034.1040.1046.1051.1053.1067.1085.1092.1095.1097.1099.1107.1127.1135.1143.1149.1152.1162.1166.1186.1188.1201.1205.1211.1215.1226.1227.1230.1252.1268.1270.1276.1284.1286.1290.1301.1307.1312.1345.1356.1364.1365.1375.1403.1415.1416.1419.1440.1442.1449.1455.1456.1465.1495.1512.1516.1525.1540.1548.1555.1558.1564.1570.1577.1579.1583.1584.1591.1603.1616.1638.1651.1653.1665.1667.1677.1678.1682.1697.1699.1703.1712.1716.1721.1725.1732.1745.1750.1765.1769.1782.1786.1800.1808.1810.1825.1827.1832.1837.1838.1840.1842.1843.1845.1859.1866.1870.1878.1880.1889.1899.1917.1929.1942.1944.1962.1963.1964.1967.1968.1969.1978.2003.2007.2008.2027.2035.2039.2044.2046.2047.2052.2056.2064.2068.2070.2072.2074.2088.2090.2103.2107.2109.2115.2124.2130.2133.2137.2140.2145.2147.2150.2156.2166.2177.2183.2186.2202.2205.2216.2219.2220.2222.2225.2234.2253.2264.2279.2282.2292.2299.2305.2309.2312.2316.2322.2325.2328.2331.2334.2335.2336.2337.2343.2354.2357.2358.2359.2366.2370.2376.2377.2387.2392.2394.2400.2403.2405.2407.2411.2414.2416.2418.2425.2427.2440.2447.2459.2461.2462.2465.2468.2472.2477.2481.2484.2486.2488.2492.2493.2496.2497.2498.2499.2501.2510.2511.2517.2526.2527.2532.2534.2535.2542.2544.2552.2563.2564.2567.2568.2569.2571.2572.2575.2577.2583.2584.2595.2596.2601.2604.2605.2608.2609.2610.2612.2614.2621.2628.2629.2633.2634.2636.2642.2643.2645.2646.2647.2650.2651.2652.2656.2657.2658.2660.2661.2669.2670.2677.2681.2684.2686.2687.2690.2695.2698.2707.2713.2714.2729.2739.2767.2768.2770.2772.2784.2787.2791.2792.2798.2801.2805.2812.2813.2816.2817.2818.2821.2822.2827.2830.2831.2834.2836.2838.2839.2840.2844.2846.2847.2849.2850.2851.2852.2854.2856.2860.2862.2863.2865.2867.2869.2873.2874.2875.2876.2878.2880.2881.2882.2883.2884.2886.2887.2888.2889.2891.2893.2894.2895.2897.2898.2900.2901.2908.2909.2911.2912.2913.2914.2916.2917.2918.2919.2920.2922.2923.2924.2927.2929.2930.2931.2939.2940.2941.2942.2947.2949.2950.2956.2961.2962.2963.2964.2965.2966.2968.2970.2973.2974.2975.2979.2980.2981.2983.2985.2986.2987.2991.2993.2994.2995.2997.2999.3000.3002.3003.3005.3008.3009.3010.3012.3016.3017.3018.3019.3024.3025.3028.3034.3037.3038.3043.3045.3048.3052.3053.3055.3058.3059.3063.3065.3066.3068.3070.3072.3073.3074.3075.3076.3077.3078.3089.3090.3093.3094.3095.3097.3099.3100.3104.3106.3109.3112.3116.3117.3118.3119.3120.3124.3126.3127.3128.3130.3135.3136.3145.3149.3150.3151.3154.3155.3162.3163.3167.3172.3173.3180.3182.3183.3184.3185.3187.3188.3189.3190.3194.3196.3197.3209.3210.3211.3214.3215.3217.3219.3222.3223.3225.3226.3227.3228.3230.3231.3232.3234.3235.3236.3237.3238.3240.3241.3244.3245.3250.3251.3253.3257.3260.3268.3270.3272.3281.3288.3290.3292.3293.3295.3296.3300&gpp_sid=-1&client=ca-pub-3593861583707338&output=html&h=250&slotname=1618680683&adk=798199480&adf=329058057&pi=t.ma~as.1618680683&w=308&abgtt=3&fwrn=4&fwrnh=100&lmt=1728814182&rafmt=1&format=308x250&url=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTQuMC4wIiwieDg2IiwiIiwiMTIzLjAuNjMxMi4xMjMiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjEyMy4wLjYzMTIuMTIzIl0sWyJOb3Q6QS1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTIzLjAuNjMxMi4xMjMiXV0sMF0.&dt=1728814182636&bpp=1&bdt=5695&idt=338&shv=r20241009&mjsv=m202410080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=880x280%2C880x280&correlator=987701147709&frm=20&pv=1&u_tz=0&u_his=5&u_h=720&u_w=1280&u_ah=672&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=924&ady=1397&biw=1263&bih=585&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31087941%2C31087986%2C44798934%2C95342016%2C95343454%2C95344190%2C95344778&oid=2&pvsid=151742996000315&tmod=156679102&uas=3&nvt=1&ref=https%3A%2F%2Fwww.google.com%2F&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C672%2C1280%2C585&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=342

tls, http2

chrome.exe

16.0kB
120.1kB
85
103

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/html/r20241009/r20190131/zrt_lookup_fy2021.html

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&addtl_consent=1~39.43.46.55.61.70.83.89.93.108.117.122.124.131.135.136.143.144.147.149.159.162.167.171.192.196.202.211.218.228.230.239.241.259.266.272.286.291.311.317.322.323.326.327.338.367.371.385.389.394.397.407.413.415.424.430.436.440.445.449.453.482.486.491.494.495.501.503.505.522.523.540.550.559.560.568.574.576.584.587.591.733.737.745.780.787.802.803.817.820.821.829.839.864.867.874.899.904.922.931.938.979.981.985.1003.1024.1027.1031.1033.1034.1040.1046.1051.1053.1067.1085.1092.1095.1097.1099.1107.1127.1135.1143.1149.1152.1162.1166.1186.1188.1201.1205.1211.1215.1226.1227.1230.1252.1268.1270.1276.1284.1286.1290.1301.1307.1312.1345.1356.1364.1365.1375.1403.1415.1416.1419.1440.1442.1449.1455.1456.1465.1495.1512.1516.1525.1540.1548.1555.1558.1564.1570.1577.1579.1583.1584.1591.1603.1616.1638.1651.1653.1665.1667.1677.1678.1682.1697.1699.1703.1712.1716.1721.1725.1732.1745.1750.1765.1769.1782.1786.1800.1808.1810.1825.1827.1832.1837.1838.1840.1842.1843.1845.1859.1866.1870.1878.1880.1889.1899.1917.1929.1942.1944.1962.1963.1964.1967.1968.1969.1978.2003.2007.2008.2027.2035.2039.2044.2046.2047.2052.2056.2064.2068.2070.2072.2074.2088.2090.2103.2107.2109.2115.2124.2130.2133.2137.2140.2145.2147.2150.2156.2166.2177.2183.2186.2202.2205.2216.2219.2220.2222.2225.2234.2253.2264.2279.2282.2292.2299.2305.2309.2312.2316.2322.2325.2328.2331.2334.2335.2336.2337.2343.2354.2357.2358.2359.2366.2370.2376.2377.2387.2392.2394.2400.2403.2405.2407.2411.2414.2416.2418.2425.2427.2440.2447.2459.2461.2462.2465.2468.2472.2477.2481.2484.2486.2488.2492.2493.2496.2497.2498.2499.2501.2510.2511.2517.2526.2527.2532.2534.2535.2542.2544.2552.2563.2564.2567.2568.2569.2571.2572.2575.2577.2583.2584.2595.2596.2601.2604.2605.2608.2609.2610.2612.2614.2621.2628.2629.2633.2634.2636.2642.2643.2645.2646.2647.2650.2651.2652.2656.2657.2658.2660.2661.2669.2670.2677.2681.2684.2686.2687.2690.2695.2698.2707.2713.2714.2729.2739.2767.2768.2770.2772.2784.2787.2791.2792.2798.2801.2805.2812.2813.2816.2817.2818.2821.2822.2827.2830.2831.2834.2836.2838.2839.2840.2844.2846.2847.2849.2850.2851.2852.2854.2856.2860.2862.2863.2865.2867.2869.2873.2874.2875.2876.2878.2880.2881.2882.2883.2884.2886.2887.2888.2889.2891.2893.2894.2895.2897.2898.2900.2901.2908.2909.2911.2912.2913.2914.2916.2917.2918.2919.2920.2922.2923.2924.2927.2929.2930.2931.2939.2940.2941.2942.2947.2949.2950.2956.2961.2962.2963.2964.2965.2966.2968.2970.2973.2974.2975.2979.2980.2981.2983.2985.2986.2987.2991.2993.2994.2995.2997.2999.3000.3002.3003.3005.3008.3009.3010.3012.3016.3017.3018.3019.3024.3025.3028.3034.3037.3038.3043.3045.3048.3052.3053.3055.3058.3059.3063.3065.3066.3068.3070.3072.3073.3074.3075.3076.3077.3078.3089.3090.3093.3094.3095.3097.3099.3100.3104.3106.3109.3112.3116.3117.3118.3119.3120.3124.3126.3127.3128.3130.3135.3136.3145.3149.3150.3151.3154.3155.3162.3163.3167.3172.3173.3180.3182.3183.3184.3185.3187.3188.3189.3190.3194.3196.3197.3209.3210.3211.3214.3215.3217.3219.3222.3223.3225.3226.3227.3228.3230.3231.3232.3234.3235.3236.3237.3238.3240.3241.3244.3245.3250.3251.3253.3257.3260.3268.3270.3272.3281.3288.3290.3292.3293.3295.3296.3300&gpp_sid=-1&client=ca-pub-3593861583707338&output=html&h=280&slotname=9194752524&adk=2433831367&adf=1788463760&pi=t.ma~as.9194752524&w=880&abgtt=3&fwrn=4&fwrnh=100&lmt=1728814182&rafmt=1&format=880x280&url=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTQuMC4wIiwieDg2IiwiIiwiMTIzLjAuNjMxMi4xMjMiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjEyMy4wLjYzMTIuMTIzIl0sWyJOb3Q6QS1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTIzLjAuNjMxMi4xMjMiXV0sMF0.&dt=1728814182631&bpp=5&bdt=5690&idt=226&shv=r20241009&mjsv=m202410080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=987701147709&frm=20&pv=2&u_tz=0&u_his=5&u_h=720&u_w=1280&u_ah=672&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=32&ady=408&biw=1263&bih=585&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31087941%2C31087986%2C44798934%2C95342016%2C95343454%2C95344190%2C95344778&oid=2&pvsid=151742996000315&tmod=156679102&uas=3&nvt=1&ref=https%3A%2F%2Fwww.google.com%2F&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C672%2C1280%2C585&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=260

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&addtl_consent=1~39.43.46.55.61.70.83.89.93.108.117.122.124.131.135.136.143.144.147.149.159.162.167.171.192.196.202.211.218.228.230.239.241.259.266.272.286.291.311.317.322.323.326.327.338.367.371.385.389.394.397.407.413.415.424.430.436.440.445.449.453.482.486.491.494.495.501.503.505.522.523.540.550.559.560.568.574.576.584.587.591.733.737.745.780.787.802.803.817.820.821.829.839.864.867.874.899.904.922.931.938.979.981.985.1003.1024.1027.1031.1033.1034.1040.1046.1051.1053.1067.1085.1092.1095.1097.1099.1107.1127.1135.1143.1149.1152.1162.1166.1186.1188.1201.1205.1211.1215.1226.1227.1230.1252.1268.1270.1276.1284.1286.1290.1301.1307.1312.1345.1356.1364.1365.1375.1403.1415.1416.1419.1440.1442.1449.1455.1456.1465.1495.1512.1516.1525.1540.1548.1555.1558.1564.1570.1577.1579.1583.1584.1591.1603.1616.1638.1651.1653.1665.1667.1677.1678.1682.1697.1699.1703.1712.1716.1721.1725.1732.1745.1750.1765.1769.1782.1786.1800.1808.1810.1825.1827.1832.1837.1838.1840.1842.1843.1845.1859.1866.1870.1878.1880.1889.1899.1917.1929.1942.1944.1962.1963.1964.1967.1968.1969.1978.2003.2007.2008.2027.2035.2039.2044.2046.2047.2052.2056.2064.2068.2070.2072.2074.2088.2090.2103.2107.2109.2115.2124.2130.2133.2137.2140.2145.2147.2150.2156.2166.2177.2183.2186.2202.2205.2216.2219.2220.2222.2225.2234.2253.2264.2279.2282.2292.2299.2305.2309.2312.2316.2322.2325.2328.2331.2334.2335.2336.2337.2343.2354.2357.2358.2359.2366.2370.2376.2377.2387.2392.2394.2400.2403.2405.2407.2411.2414.2416.2418.2425.2427.2440.2447.2459.2461.2462.2465.2468.2472.2477.2481.2484.2486.2488.2492.2493.2496.2497.2498.2499.2501.2510.2511.2517.2526.2527.2532.2534.2535.2542.2544.2552.2563.2564.2567.2568.2569.2571.2572.2575.2577.2583.2584.2595.2596.2601.2604.2605.2608.2609.2610.2612.2614.2621.2628.2629.2633.2634.2636.2642.2643.2645.2646.2647.2650.2651.2652.2656.2657.2658.2660.2661.2669.2670.2677.2681.2684.2686.2687.2690.2695.2698.2707.2713.2714.2729.2739.2767.2768.2770.2772.2784.2787.2791.2792.2798.2801.2805.2812.2813.2816.2817.2818.2821.2822.2827.2830.2831.2834.2836.2838.2839.2840.2844.2846.2847.2849.2850.2851.2852.2854.2856.2860.2862.2863.2865.2867.2869.2873.2874.2875.2876.2878.2880.2881.2882.2883.2884.2886.2887.2888.2889.2891.2893.2894.2895.2897.2898.2900.2901.2908.2909.2911.2912.2913.2914.2916.2917.2918.2919.2920.2922.2923.2924.2927.2929.2930.2931.2939.2940.2941.2942.2947.2949.2950.2956.2961.2962.2963.2964.2965.2966.2968.2970.2973.2974.2975.2979.2980.2981.2983.2985.2986.2987.2991.2993.2994.2995.2997.2999.3000.3002.3003.3005.3008.3009.3010.3012.3016.3017.3018.3019.3024.3025.3028.3034.3037.3038.3043.3045.3048.3052.3053.3055.3058.3059.3063.3065.3066.3068.3070.3072.3073.3074.3075.3076.3077.3078.3089.3090.3093.3094.3095.3097.3099.3100.3104.3106.3109.3112.3116.3117.3118.3119.3120.3124.3126.3127.3128.3130.3135.3136.3145.3149.3150.3151.3154.3155.3162.3163.3167.3172.3173.3180.3182.3183.3184.3185.3187.3188.3189.3190.3194.3196.3197.3209.3210.3211.3214.3215.3217.3219.3222.3223.3225.3226.3227.3228.3230.3231.3232.3234.3235.3236.3237.3238.3240.3241.3244.3245.3250.3251.3253.3257.3260.3268.3270.3272.3281.3288.3290.3292.3293.3295.3296.3300&gpp_sid=-1&client=ca-pub-3593861583707338&output=html&h=280&slotname=3942425844&adk=2330668906&adf=1460159009&pi=t.ma~as.3942425844&w=880&abgtt=3&fwrn=4&fwrnh=100&lmt=1728814182&rafmt=1&format=880x280&url=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTQuMC4wIiwieDg2IiwiIiwiMTIzLjAuNjMxMi4xMjMiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjEyMy4wLjYzMTIuMTIzIl0sWyJOb3Q6QS1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTIzLjAuNjMxMi4xMjMiXV0sMF0.&dt=1728814182636&bpp=1&bdt=5695&idt=261&shv=r20241009&mjsv=m202410080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=880x280&correlator=987701147709&frm=20&pv=1&u_tz=0&u_his=5&u_h=720&u_w=1280&u_ah=672&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=32&ady=1444&biw=1263&bih=585&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31087941%2C31087986%2C44798934%2C95342016%2C95343454%2C95344190%2C95344778&oid=2&pvsid=151742996000315&tmod=156679102&uas=3&nvt=1&ref=https%3A%2F%2Fwww.google.com%2F&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C672%2C1280%2C585&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=261

HTTP Request

GET https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&us_privacy=1---&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&addtl_consent=1~39.43.46.55.61.70.83.89.93.108.117.122.124.131.135.136.143.144.147.149.159.162.167.171.192.196.202.211.218.228.230.239.241.259.266.272.286.291.311.317.322.323.326.327.338.367.371.385.389.394.397.407.413.415.424.430.436.440.445.449.453.482.486.491.494.495.501.503.505.522.523.540.550.559.560.568.574.576.584.587.591.733.737.745.780.787.802.803.817.820.821.829.839.864.867.874.899.904.922.931.938.979.981.985.1003.1024.1027.1031.1033.1034.1040.1046.1051.1053.1067.1085.1092.1095.1097.1099.1107.1127.1135.1143.1149.1152.1162.1166.1186.1188.1201.1205.1211.1215.1226.1227.1230.1252.1268.1270.1276.1284.1286.1290.1301.1307.1312.1345.1356.1364.1365.1375.1403.1415.1416.1419.1440.1442.1449.1455.1456.1465.1495.1512.1516.1525.1540.1548.1555.1558.1564.1570.1577.1579.1583.1584.1591.1603.1616.1638.1651.1653.1665.1667.1677.1678.1682.1697.1699.1703.1712.1716.1721.1725.1732.1745.1750.1765.1769.1782.1786.1800.1808.1810.1825.1827.1832.1837.1838.1840.1842.1843.1845.1859.1866.1870.1878.1880.1889.1899.1917.1929.1942.1944.1962.1963.1964.1967.1968.1969.1978.2003.2007.2008.2027.2035.2039.2044.2046.2047.2052.2056.2064.2068.2070.2072.2074.2088.2090.2103.2107.2109.2115.2124.2130.2133.2137.2140.2145.2147.2150.2156.2166.2177.2183.2186.2202.2205.2216.2219.2220.2222.2225.2234.2253.2264.2279.2282.2292.2299.2305.2309.2312.2316.2322.2325.2328.2331.2334.2335.2336.2337.2343.2354.2357.2358.2359.2366.2370.2376.2377.2387.2392.2394.2400.2403.2405.2407.2411.2414.2416.2418.2425.2427.2440.2447.2459.2461.2462.2465.2468.2472.2477.2481.2484.2486.2488.2492.2493.2496.2497.2498.2499.2501.2510.2511.2517.2526.2527.2532.2534.2535.2542.2544.2552.2563.2564.2567.2568.2569.2571.2572.2575.2577.2583.2584.2595.2596.2601.2604.2605.2608.2609.2610.2612.2614.2621.2628.2629.2633.2634.2636.2642.2643.2645.2646.2647.2650.2651.2652.2656.2657.2658.2660.2661.2669.2670.2677.2681.2684.2686.2687.2690.2695.2698.2707.2713.2714.2729.2739.2767.2768.2770.2772.2784.2787.2791.2792.2798.2801.2805.2812.2813.2816.2817.2818.2821.2822.2827.2830.2831.2834.2836.2838.2839.2840.2844.2846.2847.2849.2850.2851.2852.2854.2856.2860.2862.2863.2865.2867.2869.2873.2874.2875.2876.2878.2880.2881.2882.2883.2884.2886.2887.2888.2889.2891.2893.2894.2895.2897.2898.2900.2901.2908.2909.2911.2912.2913.2914.2916.2917.2918.2919.2920.2922.2923.2924.2927.2929.2930.2931.2939.2940.2941.2942.2947.2949.2950.2956.2961.2962.2963.2964.2965.2966.2968.2970.2973.2974.2975.2979.2980.2981.2983.2985.2986.2987.2991.2993.2994.2995.2997.2999.3000.3002.3003.3005.3008.3009.3010.3012.3016.3017.3018.3019.3024.3025.3028.3034.3037.3038.3043.3045.3048.3052.3053.3055.3058.3059.3063.3065.3066.3068.3070.3072.3073.3074.3075.3076.3077.3078.3089.3090.3093.3094.3095.3097.3099.3100.3104.3106.3109.3112.3116.3117.3118.3119.3120.3124.3126.3127.3128.3130.3135.3136.3145.3149.3150.3151.3154.3155.3162.3163.3167.3172.3173.3180.3182.3183.3184.3185.3187.3188.3189.3190.3194.3196.3197.3209.3210.3211.3214.3215.3217.3219.3222.3223.3225.3226.3227.3228.3230.3231.3232.3234.3235.3236.3237.3238.3240.3241.3244.3245.3250.3251.3253.3257.3260.3268.3270.3272.3281.3288.3290.3292.3293.3295.3296.3300&gpp_sid=-1&client=ca-pub-3593861583707338&output=html&h=250&slotname=1618680683&adk=798199480&adf=329058057&pi=t.ma~as.1618680683&w=308&abgtt=3&fwrn=4&fwrnh=100&lmt=1728814182&rafmt=1&format=308x250&url=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTQuMC4wIiwieDg2IiwiIiwiMTIzLjAuNjMxMi4xMjMiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjEyMy4wLjYzMTIuMTIzIl0sWyJOb3Q6QS1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTIzLjAuNjMxMi4xMjMiXV0sMF0.&dt=1728814182636&bpp=1&bdt=5695&idt=338&shv=r20241009&mjsv=m202410080101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=880x280%2C880x280&correlator=987701147709&frm=20&pv=1&u_tz=0&u_his=5&u_h=720&u_w=1280&u_ah=672&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=924&ady=1397&biw=1263&bih=585&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31087941%2C31087986%2C44798934%2C95342016%2C95343454%2C95344190%2C95344778&oid=2&pvsid=151742996000315&tmod=156679102&uas=3&nvt=1&ref=https%3A%2F%2Fwww.google.com%2F&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C672%2C1280%2C585&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=342
142.250.200.34:443

googleads.g.doubleclick.net

tls

chrome.exe

993 B
4.8kB
9
7
142.250.200.34:443

googleads.g.doubleclick.net

tls

chrome.exe

934 B
4.8kB
9
7
142.250.180.1:443

https://06134f23dbc458b93bea8afca61e22c8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

tls, http2

chrome.exe

2.9kB
15.8kB
25
29

HTTP Request

GET https://66f7aa179543774b3f297a30a3931951.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

HTTP Request

GET https://2fbf12eaa8a49eada63f10cc12fc1285.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

HTTP Request

GET https://06134f23dbc458b93bea8afca61e22c8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
151.101.65.229:443

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20241013

tls, http2

chrome.exe

1.8kB
7.2kB
14
17

HTTP Request

GET https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20241013

HTTP Response

200
65.9.95.35:443

https://tagan.adlightning.com/setupad/bl-362e799-4238a742.js

tls, http2

chrome.exe

4.2kB
110.2kB
64
89

HTTP Request

GET https://tagan.adlightning.com/setupad/op.js

HTTP Response

200

HTTP Request

GET https://tagan.adlightning.com/setupad/b-904ac2d-53355591.js

HTTP Request

GET https://tagan.adlightning.com/setupad/bl-362e799-4238a742.js

HTTP Response

200

HTTP Response

200
65.9.98.75:443

https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.ldplayer.net&pubid=d14c8d3d-c09a-40c7-8c08-b5d7cd1d7fac

tls, http2

chrome.exe

4.1kB
95.2kB
62
77

HTTP Request

GET https://c.amazon-adsystem.com/aax2/apstag.js

HTTP Response

200

HTTP Request

GET https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.ldplayer.net&pubid=d14c8d3d-c09a-40c7-8c08-b5d7cd1d7fac

HTTP Response

200
178.250.1.11:443

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.ldplayer.net%2F&domain=www.ldplayer.net&bundle=ZPhKRV9KJTJCTGVFNG5FdXpsanoyVFMwZWlzQmV5ZVFVajNBcXhCYlQ5NzNjMnV3WW5LUVNOWW5uNmFwU252JTJCSSUyQlIxUU4zckNxcFVRS2hSRDE2Z1UwTENtZFB2UnI3R0daRVBpcVBoQlNRTFpZTXF2NkRkS24lMkZ2dFhMWWFuQjd2Z0x6cHglMkY&cw=1&lsw=1&gdprString=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1

tls, http2

chrome.exe

2.9kB
5.4kB
15
14

HTTP Request

OPTIONS https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.ldplayer.net%2F&domain=www.ldplayer.net&cw=1&lsw=1&gdprString=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1

HTTP Response

200

HTTP Request

OPTIONS https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.ldplayer.net%2F&domain=www.ldplayer.net&bundle=ZPhKRV9KJTJCTGVFNG5FdXpsanoyVFMwZWlzQmV5ZVFVajNBcXhCYlQ5NzNjMnV3WW5LUVNOWW5uNmFwU252JTJCSSUyQlIxUU4zckNxcFVRS2hSRDE2Z1UwTENtZFB2UnI3R0daRVBpcVBoQlNRTFpZTXF2NkRkS24lMkZ2dFhMWWFuQjd2Z0x6cHglMkY&cw=1&lsw=1&gdprString=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1

HTTP Response

200
141.95.98.64:443

https://id5-sync.com/api/config/prebid

tls, http2

chrome.exe

1.9kB
3.7kB
14
13

HTTP Request

POST https://id5-sync.com/api/config/prebid

HTTP Response

200
172.67.68.162:443

prebid-stag.setupad.net

tls, http2

chrome.exe

1.0kB
3.2kB
8
6
172.67.68.162:443

https://prebid-stag.setupad.net/openrtb2/auction

tls, http2

chrome.exe

18.4kB
12.9kB
42
38

HTTP Request

POST https://prebid-stag.setupad.net/cookie_sync

HTTP Request

POST https://prebid-stag.setupad.net/openrtb2/auction

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gpp=&gpp_sid=&f=i&uid=5498570646921517865

HTTP Response

200

HTTP Request

GET https://prebid-stag.setupad.net/setuid?bidder=smartadserver&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gpp=&gpp_sid=&f=i&uid=63258396398534972

HTTP Response

200

HTTP Request

POST https://prebid-stag.setupad.net/cookie_sync

HTTP Request

POST https://prebid-stag.setupad.net/openrtb2/auction

HTTP Response

200

HTTP Response

200
185.184.8.90:443

https://prebid-eu.creativecdn.com/bidder/prebid/bids

tls, http2

chrome.exe

6.1kB
5.3kB
19
18

HTTP Request

POST https://prebid-eu.creativecdn.com/bidder/prebid/bids

HTTP Response

204

HTTP Request

POST https://prebid-eu.creativecdn.com/bidder/prebid/bids

HTTP Response

204
37.157.5.132:443

https://adx.adform.net/adx/openrtb

tls, http2

chrome.exe

5.6kB
7.3kB
19
21

HTTP Request

POST https://adx.adform.net/adx/openrtb

HTTP Response

204

HTTP Request

POST https://adx.adform.net/adx/openrtb

HTTP Response

204
35.227.252.103:443

https://rtb.openx.net/openrtbb/prebidjs

tls, http2

chrome.exe

13.1kB
5.9kB
27
27

HTTP Request

POST https://rtb.openx.net/openrtbb/prebidjs

HTTP Request

POST https://rtb.openx.net/openrtbb/prebidjs
163.5.194.33:443

https://prebid.a-mo.net/a/c

tls, http2

chrome.exe

8.8kB
7.5kB
20
20

HTTP Request

POST https://prebid.a-mo.net/a/c

HTTP Response

200

HTTP Request

POST https://prebid.a-mo.net/a/c

HTTP Response

200
178.32.197.48:443

https://prg.smartadserver.com/prebid/v1

tls, http

chrome.exe

12.4kB
15.1kB
24
24

HTTP Request

POST https://prg.smartadserver.com/prebid/v1

HTTP Response

200

HTTP Request

POST https://prg.smartadserver.com/prebid/v1

HTTP Response

200
178.250.1.11:443

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.ldplayer.net%2F&domain=www.ldplayer.net&bundle=ZPhKRV9KJTJCTGVFNG5FdXpsanoyVFMwZWlzQmV5ZVFVajNBcXhCYlQ5NzNjMnV3WW5LUVNOWW5uNmFwU252JTJCSSUyQlIxUU4zckNxcFVRS2hSRDE2Z1UwTENtZFB2UnI3R0daRVBpcVBoQlNRTFpZTXF2NkRkS24lMkZ2dFhMWWFuQjd2Z0x6cHglMkY&cw=1&lsw=1&gdprString=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1

tls, http2

chrome.exe

3.2kB
6.6kB
15
15

HTTP Request

GET https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.ldplayer.net%2F&domain=www.ldplayer.net&cw=1&lsw=1&gdprString=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1

HTTP Response

200

HTTP Request

GET https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.ldplayer.net%2F&domain=www.ldplayer.net&bundle=ZPhKRV9KJTJCTGVFNG5FdXpsanoyVFMwZWlzQmV5ZVFVajNBcXhCYlQ5NzNjMnV3WW5LUVNOWW5uNmFwU252JTJCSSUyQlIxUU4zckNxcFVRS2hSRDE2Z1UwTENtZFB2UnI3R0daRVBpcVBoQlNRTFpZTXF2NkRkS24lMkZ2dFhMWWFuQjd2Z0x6cHglMkY&cw=1&lsw=1&gdprString=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1

HTTP Response

200
162.19.138.119:443

https://lb.eu-1-id5-sync.com/lb/v1

tls, http2

chrome.exe

1.8kB
4.8kB
15
18

HTTP Request

GET https://lb.eu-1-id5-sync.com/lb/v1

HTTP Response

200

HTTP Request

GET https://lb.eu-1-id5-sync.com/lb/v1

HTTP Response

200
142.250.180.3:443

https://www.google.co.uk/pagead/1p-conversion/11033320454/?random=378433955&cv=11&fst=1728814188370&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v897883683z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=R1qjCJGAzoMYEIa4jI0p&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&pscrd=IhMI1-SB3Y6LiQMVrF4dCR3AxwhkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYk1jbDV1Y1V3QXZJajhTWUd3b3FIeVY3b2hHTUl2UlZqZFFxTGxxdG1mazRBR1paM3VubW1E&is_vtc=1&cid=CAQSKQDpaXnfWCs79jTg3YfA2JmjtUcv8WHo6hZrda0vo-R_5yC7uYicJs8C&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfECq7NKZ65uHFTDRsYx-2aztzrj3NIvXiR8&random=4107108362&ipr=y&ezwbk=AZuM4hDmPxcB2dcn2nXb9axAHjpXco3sjG8LkwY3caRetpkq-QzEoZ5kuIP0wWTpRDzlZzoRwdKw3_7CmxpYO17ach8q

tls, http2

chrome.exe

11.0kB
8.9kB
38
48

HTTP Request

GET https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-NETEW036PS&cid=791018054.1728814178&gtm=45je4a90v897214331za200zb811059450&aip=1&dma=1&dma_cps=syphamo&gcs=G111&gcd=13n3n3n3n5l1&npa=0&frm=0&tag_exp=101671035~101686685~101836706&z=286350044

HTTP Request

GET https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-59PCK5ER57&cid=791018054.1728814178&gtm=45je4a90v890351567za200zb811059450&aip=1&dma=1&dma_cps=syphamo&gcs=G111&gcd=13n3n3n3n5l1&npa=0&frm=0&tag_exp=101533421~101671035~101686685&z=1047751020

HTTP Request

GET https://www.google.co.uk/pagead/1p-conversion/11055607299/?random=83265790&cv=11&fst=1728814188338&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9101366724z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=iH1YCPXq_IkYEIPc3Jcp&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&pscrd=IhMI_6qA3Y6LiQMVCV4dCR3ZyTyAMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYUtaNElYXzZIdzdzREZfXzMtcndQZjFkenZmNUJHUzNYMmRwSE9PdnNwaEZWMjh1Y1phcXhD&is_vtc=1&cid=CAQSKQDpaXnfpzUcsY38xaqbM_HHcU1WOT9mxbSt2tUahDPWuZomScqqmZL4&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEDoQ-TFwY0HpJ3YPRAZMo3rtR5B6lsj0-g&random=1784264614&ipr=y&ezwbk=AZuM4hB2BGOPcH5eeW_-px2kitpN8gcu81Jbg875b79yoyzzfRyQL7RupqCGZlq3MiCFajSjx7AQ5t4ARy9OWQ3ryc3H

HTTP Request

GET https://www.google.co.uk/pagead/1p-conversion/691667572/?random=225797198&cv=11&fst=1728814188267&bg=ffffff&guid=ON&async=1&gtm=45be4a90v877717752z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=aQ7aCOrdo7UBEPSE6MkC&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCMPJsQIoAQ&pscrd=IhMIrpT83I6LiQMV5kYdCR0q9goUMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYnB4ckNueVVwdHN2NHZObFo0WDVrbHNIRldqa3lscE5CWDJfQW9GZDJhdFVOZnkxVDZYOHpU&is_vtc=1&cid=CAQSKQDpaXnfvpYm_MMgcuDIQfKXaNgtU5BwF5MF-V8g4EbO8uLs_6c07k0R&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEBA3ilSyNAN9q67JZj6oT7_5-c6ztJxleE&random=3832946140&ipr=y&ezwbk=AZuM4hDPSjyljimeoiojROTPfW3h6BU3Gy-koj5YjjvWwcOdvThVEwNhcnwHXnuG8v5gacvvamteH5rGWZO1ufH0V1NI

HTTP Request

GET https://www.google.co.uk/pagead/1p-conversion/11081818434/?random=1236900797&cv=11&fst=1728814188299&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9101879777z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=828MCJfU_4kYEMLCnKQp&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECCMPJsQIoAQ&pscrd=IhMIw5f-3I6LiQMV9UgdCR1G-SYTMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYXlxdlJhUG9MZWRCY3dyNFhjSkh0bWpLLUthNkJwVFZRcmpEU05EbFZRektBS3V0eEZrS093&is_vtc=1&cid=CAQSKQDpaXnfdj9fkHYS5qTWsF5Q323vaJaYAUuxyQuKL6JPWVJUazW7XXsW&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEBvBoJYg1N1Sgb0Ua0-eGz4vZM_ymi-c5A&random=1164820918&ipr=y&ezwbk=AZuM4hBSEOWU0qLgG1Oimqf3BzSLZ94seg0HgCtMzT7YYHI460zdUI9rtfI2fBhpj0tpD9nrw5Rg1QQ1n8XBDlhN6lVY

HTTP Request

GET https://www.google.co.uk/pagead/1p-conversion/11033320454/?random=1990341734&cv=11&fst=1728814188370&bg=ffffff&guid=ON&async=1&gtm=45be4a90v897883683z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=R1qjCJGAzoMYEIa4jI0p&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&pscrd=IhMIntKB3Y6LiQMVmkcdCR1WIz1cMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zWTQ5MVpoVjdCVWtackc0Y0x3a0E2VURCNkhtM05qVG44X291cHRfelJTZnUxRGJRLUpCdWhP&is_vtc=1&cid=CAQSKQDpaXnfCSHrhN1AMV9YDJKmxUoHqCKuuLamLa1WwUqd6-PLP22KO2IF&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfEAeu4CoqAB776HI5nHCRF2SdmxdSN6QUPo&random=2606352208&ipr=y&ezwbk=AZuM4hBsp-sieqecMQiI3OJogLguLGn-JvyRgZT-fbNkXqnnfnZPe8gqn-dgok8eGph0q5LGfGBnTOc_P-O5kqKJfI_R

HTTP Request

GET https://www.google.co.uk/pagead/1p-conversion/11033320454/?random=378433955&cv=11&fst=1728814188370&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v897883683z8811059450za201zb811059450&gcs=G111&gcd=13n3n3n3n5l1&dma_cps=syphamo&dma=1&tcfd=15X5a&tag_exp=101671035~101686685&u_w=1280&u_h=720&url=https%3A%2F%2Fwww.ldplayer.net%2F&ref=https%3A%2F%2Fwww.google.com%2F&label=R1qjCJGAzoMYEIa4jI0p&hn=www.googleadservices.com&frm=0&tiba=LDPlayer%20-%20Lightweight%20%26%20Fast%20Android%20Emulator%20for%20PC&value=0&did=dNzg2MD&gdid=dNzg2MD&edid=dNzg2MD&npa=0&us_privacy=1---&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&pscdl=noapi&auid=9255158.1728814180&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.123%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.123&uamb=0&uam=&uap=Windows&uapv=14.0.0&uaw=0&fdr=QA&data=ads_data_redaction%3Dfalse&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECKAE&pscrd=IhMI1-SB3Y6LiQMVrF4dCR3AxwhkMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5sZHBsYXllci5uZXQvQlhDaEVJOE4tdHVBWVFxdWpKMmF2cHdKMjZBUkl0QUp6cm8zYk1jbDV1Y1V3QXZJajhTWUd3b3FIeVY3b2hHTUl2UlZqZFFxTGxxdG1mazRBR1paM3VubW1E&is_vtc=1&cid=CAQSKQDpaXnfWCs79jTg3YfA2JmjtUcv8WHo6hZrda0vo-R_5yC7uYicJs8C&eitems=ChEI8N-tuAYQ_orz-t2J_MrVARIdAJCPfECq7NKZ65uHFTDRsYx-2aztzrj3NIvXiR8&random=4107108362&ipr=y&ezwbk=AZuM4hDmPxcB2dcn2nXb9axAHjpXco3sjG8LkwY3caRetpkq-QzEoZ5kuIP0wWTpRDzlZzoRwdKw3_7CmxpYO17ach8q
142.250.180.3:443

www.google.co.uk

tls, http2

chrome.exe

1.1kB
5.6kB
9
8
65.9.98.75:443

https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js

tls, http2

chrome.exe

1.9kB
10.1kB
16
17

HTTP Request

GET https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js

HTTP Response

200
65.9.95.30:443

https://config.aps.amazon-adsystem.com/configs/d14c8d3d-c09a-40c7-8c08-b5d7cd1d7fac

tls, http2

chrome.exe

1.8kB
7.8kB
15
17

HTTP Request

GET https://config.aps.amazon-adsystem.com/configs/d14c8d3d-c09a-40c7-8c08-b5d7cd1d7fac

HTTP Response

200
65.9.9.197:443

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.ldplayer.net%2Fdownload%2Finstall&pr=https%3A%2F%2Fwww.google.com%2F&pid=SDXiQMdAhoh5e&cb=0&ws=300x150&v=24.827.1552&t=2500&slots=%5B%7B%22sd%22%3A%22ldplayer_net_1000x100_desktop_anchor%22%2C%22s%22%3A%5B%221000x100%22%2C%22970x90%22%2C%22728x90%22%2C%22990x90%22%2C%22970x50%22%2C%22960x90%22%2C%22950x90%22%2C%22980x90%22%5D%2C%22sn%22%3A%22%2F22857857566%2Fldplayer.net_1000x100_desktop_anchor%22%7D%5D&schain=1.0%2C1%21setupad.com%2C2346%2C1%2C%2C%2C&pubid=d14c8d3d-c09a-40c7-8c08-b5d7cd1d7fac&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

tls, http2

chrome.exe

2.8kB
8.0kB
16
17

HTTP Request

GET https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&pr=https%3A%2F%2Fwww.google.com%2F&pid=NaXGCICgkS20s&cb=0&ws=300x150&v=24.827.1552&t=2500&slots=%5B%7B%22sd%22%3A%22ldplayer_net_1000x100_desktop_anchor%22%2C%22s%22%3A%5B%221000x100%22%2C%22970x90%22%2C%22728x90%22%2C%22990x90%22%2C%22970x50%22%2C%22960x90%22%2C%22950x90%22%2C%22980x90%22%5D%2C%22sn%22%3A%22%2F22857857566%2Fldplayer.net_1000x100_desktop_anchor%22%7D%5D&schain=1.0%2C1%21setupad.com%2C2346%2C1%2C%2C%2C&pubid=d14c8d3d-c09a-40c7-8c08-b5d7cd1d7fac&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

HTTP Response

200

HTTP Request

GET https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.ldplayer.net%2Fdownload%2Finstall&pr=https%3A%2F%2Fwww.google.com%2F&pid=SDXiQMdAhoh5e&cb=0&ws=300x150&v=24.827.1552&t=2500&slots=%5B%7B%22sd%22%3A%22ldplayer_net_1000x100_desktop_anchor%22%2C%22s%22%3A%5B%221000x100%22%2C%22970x90%22%2C%22728x90%22%2C%22990x90%22%2C%22970x50%22%2C%22960x90%22%2C%22950x90%22%2C%22980x90%22%5D%2C%22sn%22%3A%22%2F22857857566%2Fldplayer.net_1000x100_desktop_anchor%22%7D%5D&schain=1.0%2C1%21setupad.com%2C2346%2C1%2C%2C%2C&pubid=d14c8d3d-c09a-40c7-8c08-b5d7cd1d7fac&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

HTTP Response

200
104.22.53.86:443

https://cdn.id5-sync.com/api/1.0/id5-api.js

tls, http2

chrome.exe

2.5kB
34.8kB
32
42

HTTP Request

GET https://cdn.id5-sync.com/api/1.0/id5-api.js

HTTP Response

200
65.9.95.6:443

https://tags.crwdcntrl.net/lt/c/16576/sync.min.js

tls, http2

chrome.exe

2.2kB
19.0kB
23
22

HTTP Request

GET https://tags.crwdcntrl.net/lt/c/16576/sync.min.js

HTTP Response

200
104.22.53.173:443

https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fwww.ldplayer.net%2Fdownload%2Finstall&ref=https%3A%2F%2Fwww.ldplayer.net%2Fdownload%2Finstall&_it=amazon&partner_id=533

tls, http2

chrome.exe

2.8kB
28.8kB
31
40

HTTP Request

GET https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&ref=https%3A%2F%2Fwww.ldplayer.net%2Fgames%2Ftree-of-savior-neverland-on-pc.html%3Fn%3D22233333&_it=amazon&partner_id=533

HTTP Response

200

HTTP Request

GET https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fwww.ldplayer.net%2Fdownload%2Finstall&ref=https%3A%2F%2Fwww.ldplayer.net%2Fdownload%2Finstall&_it=amazon&partner_id=533

HTTP Response

200
104.78.175.230:443

secure.cdn.fastclick.net

tls

chrome.exe

1.1kB
4.7kB
10
10
104.78.175.230:443

https://secure.cdn.fastclick.net/js/cnvr-coreid/latest/coreid.min.js

tls, http2

chrome.exe

4.4kB
116.9kB
67
99

HTTP Request

GET https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher-stub.min.js

HTTP Request

GET https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher.min.js

HTTP Response

200

HTTP Request

GET https://secure.cdn.fastclick.net/js/cnvr-coreid/latest/coreid.min.js

HTTP Response

200
35.244.159.8:443

https://setupad-d.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

tls, http2

chrome.exe

7.0kB
10.0kB
29
33

HTTP Request

GET https://u.openx.net/w/1.0/cm?id=891039ac-a916-42bb-a651-4be9e3b201da&ph=a3aece0c-9e80-4316-8deb-faf804779bd1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&r=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%7BOPENX_ID%7D

HTTP Request

GET https://u.openx.net/w/1.0/cm?cc=1&id=891039ac-a916-42bb-a651-4be9e3b201da&ph=a3aece0c-9e80-4316-8deb-faf804779bd1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&r=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%7BOPENX_ID%7D

HTTP Request

GET https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEP_gLW7lLe9PLmIsLeOCSNg&google_cver=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Request

GET https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5498570646921517865&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Request

GET https://eu-u.openx.net/w/1.0/sd?id=537072399&val=1804086296972189491&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Request

GET https://setupad-d.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
141.95.98.64:443

https://id5-sync.com/c/481/203/2/7.gif?puid=96e49b9f-17f7-4075-adff-8f2566676145&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

tls, http2

chrome.exe

11.1kB
23.7kB
37
38

HTTP Request

POST https://id5-sync.com/g/v2/481.json

HTTP Response

200

HTTP Request

GET https://id5-sync.com/bounce

HTTP Response

200

HTTP Request

POST https://id5-sync.com/gm/v3

HTTP Response

200

HTTP Request

GET https://id5-sync.com/i/481/8.gif?o=api&id5id=ID5*aUgrxEcEvRi3J6ojL385C1V7EiY0SaTEXc5LYBGCI3DPxdFkkq_NwnB5PkaVex6Nzjv1fUYklDJ4k5Acgr0WoM5A9tedDmx9JnUlUzj07FnORiieSuZupiGC9pHMUPX2zmEUaYD9cvmE51sCyxxGas5rsiK7lAEsAzEIWUbX7ZvOdjRRF0-1tuFkynRXQuCW&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=true

HTTP Response

302

HTTP Request

GET https://id5-sync.com/c/481/112/7/2.gif?puid=67313F132FAA6369&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302

HTTP Request

GET https://id5-sync.com/k/264.gif?puid=525afc59-365a-4c22-b996-8aef5f081ed5&ttl=%%TTL%%

HTTP Response

302

HTTP Request

GET https://id5-sync.com/cq/481/124/5/4.gif?puid=c411efce-3c94-4294-8d63-f04e7774b69c&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302

HTTP Request

GET https://id5-sync.com/c/481/441/4/5.gif?puid=e_79613006-4514-4e21-bd19-c30878d7864a&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302

HTTP Request

GET https://id5-sync.com/c/481/224/3/6.gif?puid=8253851969742705294&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302

HTTP Request

GET https://id5-sync.com/c/481/203/2/7.gif?puid=96e49b9f-17f7-4075-adff-8f2566676145&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302
142.250.187.225:443

https://tpc.googlesyndication.com/sodar/sodar2/232/runner.html

tls, http2

chrome.exe

4.8kB
70.9kB
60
62

HTTP Request

GET https://tpc.googlesyndication.com/simgad/11371347373267810223?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qmVBGA7nxhVrjk8u1NNWAfkNwvP3Q

HTTP Request

GET https://tpc.googlesyndication.com/pagead/js/r20241009/r20110914/client/qs_click_protection_fy2021.js

HTTP Request

GET https://tpc.googlesyndication.com/pagead/js/r20241009/r20110914/client/one_click_handler_one_afma_fy2021.js

HTTP Request

GET https://tpc.googlesyndication.com/pagead/js/r20241009/r20110914/abg_lite_fy2021.js

HTTP Request

GET https://tpc.googlesyndication.com/pagead/js/r20241009/r20110914/client/window_focus_fy2021.js

HTTP Request

GET https://tpc.googlesyndication.com/sodar/sodar2/232/runner.html
142.250.187.225:443

tpc.googlesyndication.com

tls, http2

chrome.exe

1.1kB
5.6kB
9
8
142.250.187.225:443

tpc.googlesyndication.com

tls, http2

chrome.exe

1.0kB
5.6kB
9
8
142.250.187.225:443

tpc.googlesyndication.com

tls, http2

chrome.exe

1.1kB
5.6kB
9
8
142.250.187.225:443

tpc.googlesyndication.com

tls, http2

chrome.exe

1.1kB
5.6kB
9
8
172.67.68.162:443

https://prebid-stag.setupad.net/setuid?bidder=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gpp=&gpp_sid=&f=b&uid=12c472b8-a118-0c52-240d-74e7b9fb52b2

tls, http2

chrome.exe

2.3kB
4.2kB
13
11

HTTP Request

GET https://prebid-stag.setupad.net/setuid?bidder=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gpp=&gpp_sid=&f=b&uid=12c472b8-a118-0c52-240d-74e7b9fb52b2

HTTP Response

200
178.250.1.10:443

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=m9ikE7j5RPAGmAKH-lcYAgAAAKjIJG_IpGesSDERzOk22GcQaJwLZ-EaCysQrO3bMWoAABIAAAoKQVFVREFRRUJBUf5nvgKWdWP9UBFeeaz9OaY&wp=ZwucaAALb7cIaCZIAB4_Xr-j6f2zFXu6lssbgQ

tls, http2

chrome.exe

2.3kB
4.9kB
15
14

HTTP Request

GET https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=m9ikE4k1rAL6AYf6VxgCAAAAatrBfiLwPJBIMRHM6TbYZxBnnAtnYmliLhGH25NtigAAEgAACgpBUVVCQVFFQkFR_me-ApZ1Y_1QEV55rP05pg&wp=ZwucZwAMniwIaBMnAAiaqJFtO5eRjsXcFWb49A

HTTP Response

200

HTTP Request

GET https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=m9ikE7j5RPAGmAKH-lcYAgAAAKjIJG_IpGesSDERzOk22GcQaJwLZ-EaCysQrO3bMWoAABIAAAoKQVFVREFRRUJBUf5nvgKWdWP9UBFeeaz9OaY&wp=ZwucaAALb7cIaCZIAB4_Xr-j6f2zFXu6lssbgQ

HTTP Response

200
178.250.1.17:443

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZwucaAALb7cIaCZIAB4_Xr-j6f2zFXu6lssbgQ&u=%7C0WvgLuiqHm36C0on7qUZuMX7Qlz09KIP4NECdQ3ffsE%3D%7C&c1=Dcz_gsP0hEuJH1VnunqGy22nFndhAq5zqxOFeYpI4zX0dmXFAPLSZ0srdx7UTnzHgX5kFuYWeT7tKy5DOP-PyPPx27EBNSsAZbYddhTm6q7hPGlNnu6GPf0arufmmQ1fWNVlu-I_lRfv1Yq6Ki_yGyqIvUIpcht656JNRdwUD5YPMO-EJPk5XVAjJipTbkwzWJCSVHWyFsnZCX3ancynjbIZdmAN5qjTDhPfAtdiXygWUiXZoRaIT4wtxy_QalK9SnfDBBVITZe49ph6ERYVMrcp3I3i-Y625YCYooV_EjiyO7BbcOp1rKRW3XOyvfOD6BotVOfkzOoC3ElynwAPN1VC3fF_3iyFS4Q_xcdsQ-XBYrcf_5mxs1CjI-CrHfwNS_sEMbbAYkOlx9LENYpbsvNoAkv2sZ6qARP7bNPawyrvygeJmAtXFlQaAtA5YLQWe2cTLQb1zmy3E5DLcBK1cjHKuJhx84FoBLjs77GXkwlKuHA_9PyS7xJHM8BRS5lKhXoDXK_T__cctZAwTv67MM7cZ0VwxdO4YFY4sS1Xik2G0n0C60S1usBvXWlykBY5R5FFjSxZpvGs7bCr-oeVR2EzUS8VWaWf8oWwY0Ph9nWmRIRig3MEijt8YQ7y6QstDyDjP-Fe1gbyEUM740evB_OZfmQh5UplTNCtCGf-F3LZk4xBKcjwveL9lt4lGY8CmkAYCYIr0ydyEF4BF92u7IJeSf094PpM-zGHuMArhRt54EUhCKDuk9PXGwi2HE9yFGTYhuJQeKkLbLYdVzD12ocRiFr0DbHKp9s7jSsF2z4g6pnSJVSvoNBZOhErxdQBFpqxg2PwEumbrre9BFIRBs6aPQfdMm9oAzZpAKbk1c1H5bsRBUT8m_8OzzvFtddbea6XhIXBHJwxrsbUYw-wIR9WVOZcm5IIQHOnIXMMhsSKxMIqlvdgraT3LAk2Wj3uL2jNajx2Sa3-JDnPFqukhHJDRToamcKZnvdjXsLV1XRIaXTiZcljukLxYA0wOp2cr_2KyE96UAapq-uZpNxUaI_E5ri_6biGubc-zb2jHXBPrMW6q1d08Tlyg_9DyRRftMv3k31g9md6h7_EuiAKoAoKragdHZxDuvJb8ywBkfCmhx8UAYz3fiIEaMzEFUqW2uvMXDl6K0rsWD6Z0UO4pq6zPHejReLzDp97pxZ4SUmR9YNEFiuvoKGfv8SS4KTh1eQC1IjDbob_cB7que40S6-__MAZOqV-2JqIs8A6-zkg5771BAfcAY0pInXgp9pBBm2b3OTgPw8wGV10CSQpW40WGlltFTs0XWjcOibq5paxsmgL-sRe63QUA9QPgD4yQ2mEDnK7IlEYKQ0vDxXZ4Pc6MgAm-iWPvre3eBlwZ1hvH_yhxez0UHspoCTBXyB2DW9A-BRTlkvowY0M6k-ZHTqE8Nf1UMBMZzhJQqhAR4e5FnNLqvlNJLboLktfbuu_OwxQWLQkPgOQoLJUdgWM22SH2sUkPBuF6dMddtdAvqjYl39bkTAA1X2XuIfcQV8gMQBBKQ411YyQKU_ruX1fFbMstZEloMfoOlgHRvQrNtE7nKcK9KR1VKunY3pzmxtXLmYI7-gIYxBM123mypzgl1smzRiveZjcWM3pc65oUcWW37XDlU7Kumm-aovH_dxFvm1XTzuxwgEMSEKIYCp8YewaYCibuzFZmH_bmLJJsWcOT-yyCxLAaRyrp_-PKAmv9_0BZfyrBot_CuebwCAGB8B7WMCTudmyg9RAey_DGPy42Pm1bOFFRrJUlY4NV--58lGGWDNsYmiCr2xgTxBzxfWmz5JvCP9g5skNO_BvfqbfmKTxiJk1mwj4OCziIuMOzgdZ-rimcollcfy3uklbROwx0hLxNljwtJRnG8IGQ__t1idAXKYuSU8pyssGVpiqXLI-LLNF-xVCbnEmkcHuYLefNz08MDM7n2fgAB0EPv9-Gw7OAa8nSms3ahZ6oyezzn7jUyTStOqtiAYPGqNgbyP2-6CPaOGS2DCAO4kKvxUNA4FEI4wLlUA1dyxlA0pApO3J8nzzQ3uxWq0N7p4idTki6CjJ5EvjMUluj1-HpGY8boWuhj_JUAkU6lKfXwRuUX78U1vMLORO7JkMd5wWkseNefpiEIb7AWkoF8PiTOF98Xv_EcmDf3abNWhTrJuhmbqKaEpl9i0uRv9d6dRXWMv24b8xuNQorCNRi2Io8qiGBFOAVo1ApeEpuOPLQqzTHRZaKi55Yxph-NryEUGjLQjovFTM-MUKwLd6Q4S2m3Jsd-t6OC_ppqje--YebUspEOLq88C7CH3EIfRU1ckIuQOZ7b98j5Tx6lOXAlr1rEz3tvG6nCnldvAtx3qDJNiffRMqG-BJZhMd44SPntNG8JqDkg_w0DrWABm1zn2L3DMNYfazjwse7-GAow4nG0nzraJvd12Qx-74VMbWOuS48iVXpwKo38gHm2uphUW3zrDaob1596qVdoHlxej3j3lv1U6oJFDtcAT-Q-NsEEVW1PeZqHAcSvll-r4b5JophIdH5qEuQ2pCUPQlTzCGwE6D79owvzSQOlScjnAqzPxViIz3yKqrwo-tjGgPY3JMxLpKkt9js8zpuWrMb2-nmc1lj8NiZt8WbrSTX1R_dDgwHbwZMG2ZSKvX5zWiFIHOmC0vxhlmQF1PlJBlsxUN2YzXpPwNv7ccHZyg8dIBI_JeMkpRzYGJPD9fT99zegRvCfxl1OPNOCsp1-rZvN_2qPzUjbicZeZ7NKuFotDxlcZeuJA8W1GpQWklu2cvoNkSIByc-7lW7z7-8g0HXrRuQV0SDqvPF-GQJfZXM1kS4bYL2PtIn8r-dDSXW6Wv8Yuye0727Qz1PiKWi_ZmopoSPPPBAO1Nesu-l0hqHy-ooZM0UELKRVVGY21ySeNoydDVrWFJbBC7v2_OfdHa1BWIMMgwnPVYKoX3ffnXdKtzW4vCYvg90yAEG_0Moq9boAva82Z5CVkstmQn_HDt5NI54OE9CV6JFqB9TdxF1P3avMq8oM5vQf1FxnRJm4IDoCDVUlYiGuRkCXvXuNGhWMXScJow-189GUaQlLGwcZtGxCKh58SCTnwTEIXzzPUrfX1Nu16cbvTLw0fvyYUpO1KPdlu8Xt6Q8aYWa3I924Lo7VswOpiYaw4TBcjyqKpusyzAk59p6THo9ApfeZCr34fOaKcrZD8GGDPIVNzEpXR6FaOeu0fMkv8KZbpdlHqAq4qYZ0kPgBJQNqvQimwUV9xKf0nIgIw_M7sc3PwzT_HWXHpmv8b9u5ccN5w2EBeop4ZZsToyfUD9oepg0-mgSi1WjAiyeHYY8QH8Uv0QPLNZV_3EOqHEsVGwqa7b58nLmNwxrl2cdPgF3MMqQ7yh8b7eEKJPJaTaI9AGX_kZ9vimmLeSSkTmPPG3eAXwylf-ncIiTQB0Fk_jZqWUTifuXjtV3RFQy4-6fzcUPefyduTxzcpqwSJDZxMrT5KtHMrDtvAEMQOfjXafbT2hasuRl49UNl_4_SWNMGz8-EpTcmE86nvscNcbbglK6YJqTASMKsQh0YBqrZyCz_2WuEg6Y7fPo0DBnDZyxcbLwB6uXXtMEIHUxji9K2FEzLaQpcOnqdiP3qUgQ530ZuN78LNhTCU-tNbWS5b5s11bA_kIcIOeMYRnhPWExWP71ZVNYjf92BCjPdOTYZHmfs0ghbIhmaWrFZ8iJtlmmfWX3zWapT6dLv5TRl0aFDiFgL9MvNKkzCh8iYqGVFGfkpdcfbHMKPA4CVvheWyHGAVutWczioL2Ft7tbtixB239lzj_6JiRR1r-_e-0m-nTJh0BlgL6I7DPHJNPfEviIrkIAVgmtVLvy-PFR4tPn-xez3jWYWFgX-lP7Rlr2j6at3bTF9T5Qb-5Nj37KkEmQq-0V7Z-4yrDdigSLfnr6HMQ85ThVDizAoAqUCULjW9XvyrutBEVFJTWMsskaTLT4ULuWY5X4lrdM6XP_YoIfJTHKwhH46hXkBZYI4Zvs5PZDkieGibFh4wNH3mVdkaGM4_6KxLKudMtxfKclFdmOUTdAY3bm9g55f1nOmlwXv2IFa37nFK6mm5OkzSTLOsUjuxubPq74_ijd8tRbkA7_HtwCMksUMy6I-VFs-8xpwHPXsuzc42ouYywEf_8fGu9cdBQe0Xb4ggV8XpbdICAyWk_Rtpa89jENuMxCu_gY1akrQT_jYAQj77JU7N1iXAyeWvPLr8XUkYjhXaPEbXGx7LVbwuipAHin2Ef0jN7rGUHchnEQVcs6M8-fR_7FFYHfdvIV9gnnm2tGkakA0nOKQsHXejHoEjWjrsdr8hZVnh5XeGcCn5piOihyWdF1OgsQN-i5V1khPdJ2y1ZYeFuivzGh-YZkJlE7HG3RaiBTN285sf-Q89lWOWwzfQroSPVSSNll7MqYmsgact7LWLFB6_TeVVppENC_ifNVjwlXkWAx3-DlBm8L9jxlE1MqP6a97_LMmhWf3wYBf20Iu-vcIfo7VoZJnDcvpuR10QKoUSRNBMCmnnoZq7J5Js00A-C5qPq6qby6m_aLCud-LHadL-2NGHWElemdY50vi-zI1kWB-9JLr8dKW3YmNh5XP0KeruS_ltroXMkZmEK_S2tUul-74uyqSFW0LMmnmfug4_UI5st4vJLPc64l1GzUamihVekrZiG8CcJgonW0hYUIeNoSz-Vrd2GQL6XJjuFMVbfUkBvCRu5gshgyXbmsBIQD7YCV5UP-h3kytErT1x01MzfvQpzZTF00bhJDaoIRkI_2Xc_sw_YNbn7UQjWTtgwbGWqEuK5d10BctCmj8uwUVgFUZ44EzKnEBhR1QUuuVSYQdBZPDLGrsvR-kvpOfxqJDJo_LsG0UwE3kjhW4IgFcYkNTtUjmv8iyV2-jIfu5hFW6pGmQ0nDTNy3PplyzztE7lzgSP62cXE2wYZJ17PWZ6zjc0TH136ug5gocun83dHfxTM1U4tBIWM8t5pZOtGxDzuL4AgjFwXIjN78EPIcTQ2EgOhft_NESkj-1yU3ljEZ-my4aps6qzThZloJi9gmq5bfyGzvwjDESl1Xce3WSwwHd2Gu7hQXH6kpzzXSpxkXA6NCReqeg_acFprzpmVXttYrgUTNYGI019iSs0AaPhTyiSeSRIrs3vLR1MM_Td_e0vBZ3JX1Nt561wxLhuA-z9OeJJV1PZj99o5Vxb_k3lYbaCJKBrdx4FT_Xqi4UdnO_0naYMId5h-a675VyxiOIVFe1pPFVrW99hyuMLAfCGYJg_Hfas8C35cTvK_eecaX9vLpNmmi9Rdbvh7-NxUpw1sI0piZkMTegtGmKfw9Oc8ICl3LAcbtMPt_y06U9atXZFAPt50mh_T-JZDxvUpv85ZerF7_0RcckW21U0O93vHtdjEpUoifKVDL94qPp-RrgcQ65lW_ndsMUJMhfoNAc8kzAX2LNDD1NXCSg8O8AhfBfRiT4NsejLhB5TMQ7ug1d8zIAyVh13h8EHtvy6lnJoLhDAqfD_NyqN358VfSE4572wJgU_7CmFOSxqRaFIJ9vynpjqN5G3gcjcKbxxLiwN6YDDHkBxiH9ysAnr1W5bFNeNj2GReNU-0l7znwSkcdSANStfWUAiD09xgbEUlFkqAvOuujzablEOWGqclfiCTADmX7RrDyFYGNKPVfoxI5-xw8g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEGAoaJwLZ7ffLcjMoPMP3v742A_kj9KxXL_b_YiIAcCNtwEQASAAYLu-roPQCoIBF2NhLXB1Yi0zNTkzODYxNTgzNzA3MzM4yAEJqQJkqfGvIuy1PqgDAcgDAqoEgwJP0OASyJ8t231R-NV0kE82zan-0EI26GYSQ6QHQVf3x7v7YE2cUzL3IcnRMsOMByLTZLHzEvOqeNV0VE-o4Qo0eXWH8t1D_Amy3h41A9um6HsthdJ-TwaVGjd-mPMmtE98K692JKQPwAZHT52mvoMuMRk53-UwGF3dbppQteac1yzA4-rOeOWv3XVI7_6Wynw7LDQjTUc5gnoF4ta5L1enBY5x9BKlFiEf31uzFJB4NyyNGeMMTn21YVuvujud0nLaIiIhbDq9C4UgpRrrZ5oyggwduBD1RtHB4ia8nDO5TNq2NttAzqfWCHkcEdszKOAq4K8zF9p8z-8u6lum4ujDAH0dgAa7hqj6s_jMlEegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggsCIDhgBAQATIHqoKA4J-AAToMgMADgICEgICUruADSL39wTpY7ozy2o6LiQP6CwIIAYAMAdAVAYAXAbIXLhIqEigIy6eQm92Ew5JBEhZTSU1VTEFURURfRE9NQUlOX1BVQjFQGAEgA0glGAw%26num%3D1%26sig%3DAOD64_0TAibB-y0jeIKGCTDh7lf9x5O3xA%26client%3Dca-pub-3593861583707338%26adurl%3D

tls, http2

chrome.exe

14.8kB
110.9kB
63
89

HTTP Request

GET https://ads.eu.criteo.com/delivery/r/afr.php?z=ZwucZwAMniwIaBMnAAiaqJFtO5eRjsXcFWb49A&u=%7CPbl2aZ%2BfKiniswZyoJZQ9QvWp1b%2BTtpNkeVde5kD1GU%3D%7C&c1=Dcz_gsP0hEuJH1VnunqGy22nFndhAq5zqxOFeYpI4zX0dmXFAPLSZ6NRX06d3_MpRpwL2lyW2lS8aHW4g-CwDTiZXgxLreErLSHF3O7e6Tpuv_QjhAEFIg8zEblteKEs5Rg3xKnRyT7R5_e0qkDWNCmu9A3KkH398sZTZQ6IDMKw78TCzdRpqyaw5t7ECiXVzRj8P3wQZJ7G1ArjTbPhmI2zoVZzJDQASxLwGsHUc6OWkbvhlf78pENJx-j5xPiwDZY5Jh60FUdASM5en48RxXhUIOzDs4-tPkd1pynRUkCjuwMkSdd1sT9ICxKsgHbdOSzlZCGuWXho0--t_ZHkE3WZNQQ0XJTWbA9Sl0vDlwTdrLezCqVvx69PVS2dnmSrmIVss7Q5Unpo47IKXys9wottc0FKI5w-Dw2tQMjSJWnZqmKIaHEqoDobjS1EH0C9119LAmw4y4xLbzN2rDxVHFxTPzjPPeMrIih8uhsP2_6ziOFDElbP8MZh7SZ-Jcnm8mxIrORAuV56JOeJczWOzzRojrf0zK7gYs4KEbGu13mDRU4ET8bFkBxyfA68F7mubWmVCWTNQn5hfUmQoOyBomI2iVRskGAOJWeqdXCe1aAzn66SkxyaVay451edZMzzu6JT5UO-0klfq-jaFmfcqfDOJsxgh1OFIirsVYov30mP0YlmQwI_9xJ7nJxMB4Ml-PCYkzw6UQzgwmHR-hKM0v7vP50Iah787s08W50Te85kzFcH5Dg0_ZM6bpul8GMZO-85FiWdrtAJSSvenUju4XsOdMPqAWzMLJzqVDz52i_Ba-NH4dkoKSh_nmBO-eDpmUj8fprBQQHWNsVDrlBwxYMiOapD-nyjq6o0FIbla53AbL9acQkTMn1-1qtENnosFp2ikPwMGiIFMaSsquczBAN1ysshi1nutBZuHpKbV57ETtOPCKiznUZdCL4SkSe_K7ERxg5eVlceZjmt9MYqMxJIJu4IEPVTNPJWVWCORIfhvZKLo7a5emZeJp5Rxa1IHkHo1hQpWqj_QEhU1BVvzqo-L2pj6GE6SEsIECMvfRqca9B8ZCT2_R5fIzow1W46v6aCGuzhtUy27SD4MQgugJPIwx0AIAWUwMkKYOuFbIT29J2pvB6uYJ_ClFGR6fN2Ii-knK1OYk5I1276yJUtsCEn8P_1mvK7puPufo6MdH8RAmtxkxT-hUNz5Ats_yT2X5JtCFrsBhoPiQIW7b5zk4QKVQPc0LAl3dTSpfplauKL9qIF9CJARajIOOr_-K6v4lHW9god1Oe5J1pqQcAKjL6790cZULRYXZzgjepSXOKSk82RKXfaVp-pKE07g092iTHoNRxfVVAt6nvXuX3OmsRH2WBowiWv_Smf0fg9ipxTBFeW1kOpJ3C93Th-vSUwu-fF0rWS6UHVQYW3o7h1CCcgVXHgNDIscq7CQKJPhKhMaPBEFqCCEqf8lXdD6LhuOiXqibVeH_VTe30urp_43Hhg4XEYqU8hMsheyF4qq9miU8LkqNW6WG6QOVjiHPZGgcLuQJrN7TbsBfUh8b5ZYVy74UimWC0hUGJz8R8b9_YkHrQ-lJdJj-bMvzaDwCrghmz8eqGSQbSC2ZQKv8FcEkhrXBQ0-oGWunwSN2S38UEe4_-5uq94JdW4319rZipyom3nbMn--L8goENEt8QjsL4y2pBUQAlt1fXUNhK3Y_N5q2LDqGxyOjrc7FHwxCTOMyvOhCyjY6ZWlA4sm1Cjjn3bvf79Y4csDAbe092n6FhOICA9KCm3gaXhOP7JdcPjRds2c-Z8Ln3UY6WPUMG2opGZtK2gb4AcavtW1n3v54amr6eTXNmKGTmnSjrW9mmW_3IG9eHsjtMEj0fS21pCoGXbdzpAWN-LVOj9MaUrtrRVlZQfJc0f0L8GJNSbjNLV2E539vmsEhXLdXHyh4pwaHrcjDz83F4YDKPuAjcAW2ScveyFEEL5kARioMnLJEPJvZQqANKuKBfmyLY_KICa5hcuwS5wv-DdvOPm3W8d150J4cTOq-OOj03VIvan-ozQC5qY81ES_N4GIPdP7WD0CrQcaKhDj6mKUYY2sOn8fPmGmhfUtzZZt3kkRlHlHyvbltNzyywXCQSa8qrhgwQJycVlzxpMYfXDkTXLjPa2Sgq6tK81P_OyWvd_5pY4DRN1Oxbz2gjzBnvqGBTWA4n9I87GROcdr6EcGZbJuFyVJ33TT6zAoVLfY33nTMKyYM4ptb02HhuQCf61WZgm_9QoCrdN8SKzrH6vTsrLOl1EjxUETt8vIb8dyt8rhI7ScCYiKMI5OW4tAljICGVaYsCKHETehCRW5UoINIkQjgzzzwwp0L15BbCHGASguHK2b8pslOiMPp1BnjFZ6GPKUdCEdkJc2izfPTG6lguLuiYwom0HwrPP-6r8puH7D7ECM9nEXN8vPdSRafu_6IM-OQQd8Lue_dY-tWiR0XFOFzBnVgoukM2clotNI219HmwsM7PvTps59_ylOdcXNxHMvfjWAXFg63xFElP6vkg-qPwYAgWlLGAn-9TfYDW-LnwM81iKwUG2GwLfp0RDyKghPwO-MAN09jBy_I0PlwoJcjbVQNhPb8Y7H382N0hPmAR1Zz6Q-vx8cncgAhiMHErcrs7CBElhSxA0grANl7TefBYS2GGRGhWPoGb_WG8EdDz0Q--yjkNdp_xaFZg2irRQy8_caDu8X1VUWxzNWN4kWRion8qWO-WBp9KrSVRTYoYP45rIJ2RTlvyGojj1XzwnCXMSJj3foW6_XePRb9gcXG8RGYMhNfm-qb1A2ee87udVs-hXVDVsDho3EkXc1bZa3PghpIUKAhkwMuXD6EqDW6AErT9SrxB_KS_CP5Ft1X5M5qVdt4zWBRIOSN-i4FEa5R3Q18OG35Gdl7lPtyQ8Ped_vQ6iscZ_j4n7gqn6ndFyplXK7RefnSFGGyPbc9rELltQ-Cl3l3AI81oqUQUlqNhtODIN9xi0XystFIg_zBGfJ8nVISSrjVIsfJk5IGP_tOA4MZNLSpBEYVWCk35hxvu_x1B-DFgYVzhKBPcbeT3CBAMDWVu-vF619b33X7tefsaPvB5S-dEVhGE26wl1VjTgpH5j14cAXg1PuSBZcWcTAJWXMspY7kvU1MojAgqbkvBL3gkcTy-CbL1dh4U7pMSydclhrt-SA4GlYGxje6cu7FK8ib2v33fiM2qPmMfXjErOl8iGjcZ3OENnV69wSc52FxaNOioGc6EOLjWi3FsrnbZd_VD7yWtOmxR62RjLZXEN_iDHG6tStIVGbvzAEMeKBm0teSXGSvywiBi-fRWrsiaoex12wb5Dw0K_ZBjNIgTfInCruWvpIeF4dTLUyvghaxCUhczB1Ra2ZVlRCxg06NeGgC6ExorOuEMejDXXLVuoc_O-OBhYGADiKf844iC-Mg1xvRt7uehGUw-ljZ7o1HykXJ_Ip_E_7J2ExiyWizYJnMCzZb8cMJzZXEahnFVUGa0RxX8McDG-nfJIXwbAGQQridBndkJRNr_z2-uXQM3_hlqPLN9RrtJgERZEnlyUELkMjcFlg_RrBrRYBTgD6lFuv2YrQ_x9W1OUJUej234gbKXcJUhalNd2Mst0fSxEbt5lttDfFseznTGwTiOPC-U5lEAPD7cewlnYyA7JHKxrXw308UUzMZlfFOLGKm8J16OEiVWv2MjCNgpD84pZzoN-Pfs42Oq3pH7k687za0ejAac56yLdBpPr2wHiK3uGCQlefIhKkj_JyplzNHZBThA6Xsa1dOuWIEmqlNjt0Sg4GsnYlM6l6YdrSR5yTYP4RhkO0kL33G2zkbN1csWfzRV13Cc0V7c4duMOS-0hZfBMma1m0CVAwL9eFhoe7gitcy7C7r6Si-vPrnrLaCFRHtYYqgYU5ER-DqlZvp03QDLy9oL0fQDlAfj1V1TdBUtrWnR8JMb4rYojASlHLF8miV4_O4Pu1nhxNj0MMNaUse23P6YxdkP-VKIjdc6aKQgOUPQaA6oKNZ-sm9Ot0fN_NhljZWbeH3n5L3_3LnM9Ggy2OKW3aal1fBjJNCPxvYVKzDw2XOvlAQQLSgznKrkOzUGxYDZYwHq2mtD5rhBgri8C7bzxjjFZ-505HjuEiGzN8HrW-B8tEIqPWWzqXyC4PUoqisG8pqCKq885i_z4F9NiSOd398yGIAfMaAJre6-dfSv1Lt6anMRPknqcoVkktQUSBa0S6RlAY1pLq06mhN4AKBVUNSGsChjRHwzTwA6IknG3YtG3-07G8JrgNkC0OFjDEgAuxvfhB71Wc-0_2-in6oCfhwWyMUdL0v_ycTKHoR4RW0tyEeHvngFKbgoso3VkcxRjSFWEHiLJf7ugSS4F8N2VFJqQnTQY4bLe5lfbu57Q27Dt9Y9aY0nyKQ1th7ok6lZRbyu00VpSVmJh4ejMrFBn3RmE2yTA-MFChyhZRWkgtWLIiS0BdAoJ6nA6HyLrHA5Z430lsYH6ty4MJay-nagrrV-p8BBh4c6a-H-3SLRPvQjfpAqT5DLzntpX_vjsFYLtQmxYHQ41K07S3s6mZEK4Ras3jURznoTCRiCFlRdljywkCliDO8VT9IW9uqbDpN0bfk1iVkWJ2Jg1h6P_eusBgR4txHvHQ_xTaJ8oVC_UTEqCdC3gFarM5B7kPzskNOC7_GS4FQ6z6zdYipKyE34i0kVAYPRKueOC2cI35weO-mReVzpEtHBwjmntULuRlus0va6kfMtM0Nr5ld1_GNXi_Q8LfvlzQrM5GQCIBQWutJAbGQ-xGQfiqriM1ybD3i_dhSJxyl8kmkjs1ff0k_qM5lviHu6f3cf8Ij_MzdvpBlUUUJ3mz2dPAKp5QIQp5xD2pt2cqE5tDCUxGObGEiWJZ7OowEpwKWQ2GvkHONTUhvmvXptG9xOwXD1fZHCfrYg1C2LdUkvGQLR9VSy-UdI8Rsvks-Pdkd9o7c4jZyIiwLkm-hTZCsn3LTRIuslY9HkSD-436-kPcTi8hd7Jfg_yu-i0FI4d-pa9__5HZhdTS_vVNjcHHLJm9L06rTjbi8gwI1O_m6gAIt8yQdEL0gKJ3mt--ZeRvfK2TfTqcVY796QOCL-Rct7_EHKIiHX6Ey-9O3KZQNWJmoCq-tarCQwXBv1cFIVYce0KpJ19okd6s4ta2Wa4Rfp02-GmR8P5A9_x_b-sBREVWIjzs4PBvcVntYqTmyudBLg2PLo-n0vL3Z3Xa3xHhBxPMqHF-6xP0k_krojWKyrHhKX1gmA9UaeSGl2cZfp7qq3nT5itMWuX-4zWmCyE29HW2rwCqfhi_eg30prnqrwyo4JXIFXQ0PBLJqQjNsW5eL95k9rYBSeQ3_rYWV99YNKp-vYK4PMUGZsdoyX0HPQFOoV5MMPR8DIbJQTPJ_iPhJDmpx5Or1CMwHEnCs6HpuiWGFpnNN48emB2GWfuO15Sd1ETwqaWLvfe8w3suORxvU4fME_U46mBSBneGGYeTsR5qEY5jB7MxM8C0JKO4EO5lsCmCc5w9dMHy39KS7XjL0aY8-bvT7kWtZ15Kd_jq2r64njcZPZFyLeZnFfCyF1tBYc5A75uA2hiMHqkkSg_RyOhkmqROFY3e78-WhoKnfwiTZu7raRQiB9Z2va-T9oNPCrCKoz62VIX72Iy4JL-A4uuWvJeJeo9toZxq1GFxA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCwQ_-Z5wLZ6y8MqemoPMPqLWimAPkj9KxXKeS4YiIAcCNtwEQASAAYLu-roPQCoIBF2NhLXB1Yi0zNTkzODYxNTgzNzA3MzM4yAEJqQJkqfGvIuy1PqgDAcgDAqoEgwJP0CRspnujmbizoaIA_5-suPoCUVyiqieNsh_6qySzDgt4RAWw8uQglwkMxsWoPXkqxxIkZwD-I3kxUSYLOqruQhUV0sgknHUl9hhe9MNF7dpWSHh9UfGO2BEpSDTvrfGkKCSj90evwNEZ2KGlDOWsv1Na8INW34Mr_A9WHqRSMoMs40gCgUquozYuh00fL9d_IOyYCqSwvy81mRJdpDqa8Vps0j_cFrkP71XPd9Qq8exMqKM1_c51eO5dzTwX3WlqdemRwcz3nrkTHjqPNBQjLpONYrttNW9ljwzczqqrgorW-74jhYT_-NP3XXmtXKH6HtRQVpiQZTNd33VWcrGmUl5tgAa7hqj6s_jMlEegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggsCIDhgBAQATIHqoKA4J-AAToMgMADgICEgICUruADSL39wTpYvuu52o6LiQP6CwIIAYAMAdAVAYAXAbIXAhgM%26num%3D1%26sig%3DAOD64_3FRYBwLxpd9-YPv-vvWsIrrdlt_w%26client%3Dca-pub-3593861583707338%26adurl%3D

HTTP Response

200

HTTP Request

GET https://ads.eu.criteo.com/delivery/r/afr.php?z=ZwucaAALb7cIaCZIAB4_Xr-j6f2zFXu6lssbgQ&u=%7C0WvgLuiqHm36C0on7qUZuMX7Qlz09KIP4NECdQ3ffsE%3D%7C&c1=Dcz_gsP0hEuJH1VnunqGy22nFndhAq5zqxOFeYpI4zX0dmXFAPLSZ0srdx7UTnzHgX5kFuYWeT7tKy5DOP-PyPPx27EBNSsAZbYddhTm6q7hPGlNnu6GPf0arufmmQ1fWNVlu-I_lRfv1Yq6Ki_yGyqIvUIpcht656JNRdwUD5YPMO-EJPk5XVAjJipTbkwzWJCSVHWyFsnZCX3ancynjbIZdmAN5qjTDhPfAtdiXygWUiXZoRaIT4wtxy_QalK9SnfDBBVITZe49ph6ERYVMrcp3I3i-Y625YCYooV_EjiyO7BbcOp1rKRW3XOyvfOD6BotVOfkzOoC3ElynwAPN1VC3fF_3iyFS4Q_xcdsQ-XBYrcf_5mxs1CjI-CrHfwNS_sEMbbAYkOlx9LENYpbsvNoAkv2sZ6qARP7bNPawyrvygeJmAtXFlQaAtA5YLQWe2cTLQb1zmy3E5DLcBK1cjHKuJhx84FoBLjs77GXkwlKuHA_9PyS7xJHM8BRS5lKhXoDXK_T__cctZAwTv67MM7cZ0VwxdO4YFY4sS1Xik2G0n0C60S1usBvXWlykBY5R5FFjSxZpvGs7bCr-oeVR2EzUS8VWaWf8oWwY0Ph9nWmRIRig3MEijt8YQ7y6QstDyDjP-Fe1gbyEUM740evB_OZfmQh5UplTNCtCGf-F3LZk4xBKcjwveL9lt4lGY8CmkAYCYIr0ydyEF4BF92u7IJeSf094PpM-zGHuMArhRt54EUhCKDuk9PXGwi2HE9yFGTYhuJQeKkLbLYdVzD12ocRiFr0DbHKp9s7jSsF2z4g6pnSJVSvoNBZOhErxdQBFpqxg2PwEumbrre9BFIRBs6aPQfdMm9oAzZpAKbk1c1H5bsRBUT8m_8OzzvFtddbea6XhIXBHJwxrsbUYw-wIR9WVOZcm5IIQHOnIXMMhsSKxMIqlvdgraT3LAk2Wj3uL2jNajx2Sa3-JDnPFqukhHJDRToamcKZnvdjXsLV1XRIaXTiZcljukLxYA0wOp2cr_2KyE96UAapq-uZpNxUaI_E5ri_6biGubc-zb2jHXBPrMW6q1d08Tlyg_9DyRRftMv3k31g9md6h7_EuiAKoAoKragdHZxDuvJb8ywBkfCmhx8UAYz3fiIEaMzEFUqW2uvMXDl6K0rsWD6Z0UO4pq6zPHejReLzDp97pxZ4SUmR9YNEFiuvoKGfv8SS4KTh1eQC1IjDbob_cB7que40S6-__MAZOqV-2JqIs8A6-zkg5771BAfcAY0pInXgp9pBBm2b3OTgPw8wGV10CSQpW40WGlltFTs0XWjcOibq5paxsmgL-sRe63QUA9QPgD4yQ2mEDnK7IlEYKQ0vDxXZ4Pc6MgAm-iWPvre3eBlwZ1hvH_yhxez0UHspoCTBXyB2DW9A-BRTlkvowY0M6k-ZHTqE8Nf1UMBMZzhJQqhAR4e5FnNLqvlNJLboLktfbuu_OwxQWLQkPgOQoLJUdgWM22SH2sUkPBuF6dMddtdAvqjYl39bkTAA1X2XuIfcQV8gMQBBKQ411YyQKU_ruX1fFbMstZEloMfoOlgHRvQrNtE7nKcK9KR1VKunY3pzmxtXLmYI7-gIYxBM123mypzgl1smzRiveZjcWM3pc65oUcWW37XDlU7Kumm-aovH_dxFvm1XTzuxwgEMSEKIYCp8YewaYCibuzFZmH_bmLJJsWcOT-yyCxLAaRyrp_-PKAmv9_0BZfyrBot_CuebwCAGB8B7WMCTudmyg9RAey_DGPy42Pm1bOFFRrJUlY4NV--58lGGWDNsYmiCr2xgTxBzxfWmz5JvCP9g5skNO_BvfqbfmKTxiJk1mwj4OCziIuMOzgdZ-rimcollcfy3uklbROwx0hLxNljwtJRnG8IGQ__t1idAXKYuSU8pyssGVpiqXLI-LLNF-xVCbnEmkcHuYLefNz08MDM7n2fgAB0EPv9-Gw7OAa8nSms3ahZ6oyezzn7jUyTStOqtiAYPGqNgbyP2-6CPaOGS2DCAO4kKvxUNA4FEI4wLlUA1dyxlA0pApO3J8nzzQ3uxWq0N7p4idTki6CjJ5EvjMUluj1-HpGY8boWuhj_JUAkU6lKfXwRuUX78U1vMLORO7JkMd5wWkseNefpiEIb7AWkoF8PiTOF98Xv_EcmDf3abNWhTrJuhmbqKaEpl9i0uRv9d6dRXWMv24b8xuNQorCNRi2Io8qiGBFOAVo1ApeEpuOPLQqzTHRZaKi55Yxph-NryEUGjLQjovFTM-MUKwLd6Q4S2m3Jsd-t6OC_ppqje--YebUspEOLq88C7CH3EIfRU1ckIuQOZ7b98j5Tx6lOXAlr1rEz3tvG6nCnldvAtx3qDJNiffRMqG-BJZhMd44SPntNG8JqDkg_w0DrWABm1zn2L3DMNYfazjwse7-GAow4nG0nzraJvd12Qx-74VMbWOuS48iVXpwKo38gHm2uphUW3zrDaob1596qVdoHlxej3j3lv1U6oJFDtcAT-Q-NsEEVW1PeZqHAcSvll-r4b5JophIdH5qEuQ2pCUPQlTzCGwE6D79owvzSQOlScjnAqzPxViIz3yKqrwo-tjGgPY3JMxLpKkt9js8zpuWrMb2-nmc1lj8NiZt8WbrSTX1R_dDgwHbwZMG2ZSKvX5zWiFIHOmC0vxhlmQF1PlJBlsxUN2YzXpPwNv7ccHZyg8dIBI_JeMkpRzYGJPD9fT99zegRvCfxl1OPNOCsp1-rZvN_2qPzUjbicZeZ7NKuFotDxlcZeuJA8W1GpQWklu2cvoNkSIByc-7lW7z7-8g0HXrRuQV0SDqvPF-GQJfZXM1kS4bYL2PtIn8r-dDSXW6Wv8Yuye0727Qz1PiKWi_ZmopoSPPPBAO1Nesu-l0hqHy-ooZM0UELKRVVGY21ySeNoydDVrWFJbBC7v2_OfdHa1BWIMMgwnPVYKoX3ffnXdKtzW4vCYvg90yAEG_0Moq9boAva82Z5CVkstmQn_HDt5NI54OE9CV6JFqB9TdxF1P3avMq8oM5vQf1FxnRJm4IDoCDVUlYiGuRkCXvXuNGhWMXScJow-189GUaQlLGwcZtGxCKh58SCTnwTEIXzzPUrfX1Nu16cbvTLw0fvyYUpO1KPdlu8Xt6Q8aYWa3I924Lo7VswOpiYaw4TBcjyqKpusyzAk59p6THo9ApfeZCr34fOaKcrZD8GGDPIVNzEpXR6FaOeu0fMkv8KZbpdlHqAq4qYZ0kPgBJQNqvQimwUV9xKf0nIgIw_M7sc3PwzT_HWXHpmv8b9u5ccN5w2EBeop4ZZsToyfUD9oepg0-mgSi1WjAiyeHYY8QH8Uv0QPLNZV_3EOqHEsVGwqa7b58nLmNwxrl2cdPgF3MMqQ7yh8b7eEKJPJaTaI9AGX_kZ9vimmLeSSkTmPPG3eAXwylf-ncIiTQB0Fk_jZqWUTifuXjtV3RFQy4-6fzcUPefyduTxzcpqwSJDZxMrT5KtHMrDtvAEMQOfjXafbT2hasuRl49UNl_4_SWNMGz8-EpTcmE86nvscNcbbglK6YJqTASMKsQh0YBqrZyCz_2WuEg6Y7fPo0DBnDZyxcbLwB6uXXtMEIHUxji9K2FEzLaQpcOnqdiP3qUgQ530ZuN78LNhTCU-tNbWS5b5s11bA_kIcIOeMYRnhPWExWP71ZVNYjf92BCjPdOTYZHmfs0ghbIhmaWrFZ8iJtlmmfWX3zWapT6dLv5TRl0aFDiFgL9MvNKkzCh8iYqGVFGfkpdcfbHMKPA4CVvheWyHGAVutWczioL2Ft7tbtixB239lzj_6JiRR1r-_e-0m-nTJh0BlgL6I7DPHJNPfEviIrkIAVgmtVLvy-PFR4tPn-xez3jWYWFgX-lP7Rlr2j6at3bTF9T5Qb-5Nj37KkEmQq-0V7Z-4yrDdigSLfnr6HMQ85ThVDizAoAqUCULjW9XvyrutBEVFJTWMsskaTLT4ULuWY5X4lrdM6XP_YoIfJTHKwhH46hXkBZYI4Zvs5PZDkieGibFh4wNH3mVdkaGM4_6KxLKudMtxfKclFdmOUTdAY3bm9g55f1nOmlwXv2IFa37nFK6mm5OkzSTLOsUjuxubPq74_ijd8tRbkA7_HtwCMksUMy6I-VFs-8xpwHPXsuzc42ouYywEf_8fGu9cdBQe0Xb4ggV8XpbdICAyWk_Rtpa89jENuMxCu_gY1akrQT_jYAQj77JU7N1iXAyeWvPLr8XUkYjhXaPEbXGx7LVbwuipAHin2Ef0jN7rGUHchnEQVcs6M8-fR_7FFYHfdvIV9gnnm2tGkakA0nOKQsHXejHoEjWjrsdr8hZVnh5XeGcCn5piOihyWdF1OgsQN-i5V1khPdJ2y1ZYeFuivzGh-YZkJlE7HG3RaiBTN285sf-Q89lWOWwzfQroSPVSSNll7MqYmsgact7LWLFB6_TeVVppENC_ifNVjwlXkWAx3-DlBm8L9jxlE1MqP6a97_LMmhWf3wYBf20Iu-vcIfo7VoZJnDcvpuR10QKoUSRNBMCmnnoZq7J5Js00A-C5qPq6qby6m_aLCud-LHadL-2NGHWElemdY50vi-zI1kWB-9JLr8dKW3YmNh5XP0KeruS_ltroXMkZmEK_S2tUul-74uyqSFW0LMmnmfug4_UI5st4vJLPc64l1GzUamihVekrZiG8CcJgonW0hYUIeNoSz-Vrd2GQL6XJjuFMVbfUkBvCRu5gshgyXbmsBIQD7YCV5UP-h3kytErT1x01MzfvQpzZTF00bhJDaoIRkI_2Xc_sw_YNbn7UQjWTtgwbGWqEuK5d10BctCmj8uwUVgFUZ44EzKnEBhR1QUuuVSYQdBZPDLGrsvR-kvpOfxqJDJo_LsG0UwE3kjhW4IgFcYkNTtUjmv8iyV2-jIfu5hFW6pGmQ0nDTNy3PplyzztE7lzgSP62cXE2wYZJ17PWZ6zjc0TH136ug5gocun83dHfxTM1U4tBIWM8t5pZOtGxDzuL4AgjFwXIjN78EPIcTQ2EgOhft_NESkj-1yU3ljEZ-my4aps6qzThZloJi9gmq5bfyGzvwjDESl1Xce3WSwwHd2Gu7hQXH6kpzzXSpxkXA6NCReqeg_acFprzpmVXttYrgUTNYGI019iSs0AaPhTyiSeSRIrs3vLR1MM_Td_e0vBZ3JX1Nt561wxLhuA-z9OeJJV1PZj99o5Vxb_k3lYbaCJKBrdx4FT_Xqi4UdnO_0naYMId5h-a675VyxiOIVFe1pPFVrW99hyuMLAfCGYJg_Hfas8C35cTvK_eecaX9vLpNmmi9Rdbvh7-NxUpw1sI0piZkMTegtGmKfw9Oc8ICl3LAcbtMPt_y06U9atXZFAPt50mh_T-JZDxvUpv85ZerF7_0RcckW21U0O93vHtdjEpUoifKVDL94qPp-RrgcQ65lW_ndsMUJMhfoNAc8kzAX2LNDD1NXCSg8O8AhfBfRiT4NsejLhB5TMQ7ug1d8zIAyVh13h8EHtvy6lnJoLhDAqfD_NyqN358VfSE4572wJgU_7CmFOSxqRaFIJ9vynpjqN5G3gcjcKbxxLiwN6YDDHkBxiH9ysAnr1W5bFNeNj2GReNU-0l7znwSkcdSANStfWUAiD09xgbEUlFkqAvOuujzablEOWGqclfiCTADmX7RrDyFYGNKPVfoxI5-xw8g&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCEGAoaJwLZ7ffLcjMoPMP3v742A_kj9KxXL_b_YiIAcCNtwEQASAAYLu-roPQCoIBF2NhLXB1Yi0zNTkzODYxNTgzNzA3MzM4yAEJqQJkqfGvIuy1PqgDAcgDAqoEgwJP0OASyJ8t231R-NV0kE82zan-0EI26GYSQ6QHQVf3x7v7YE2cUzL3IcnRMsOMByLTZLHzEvOqeNV0VE-o4Qo0eXWH8t1D_Amy3h41A9um6HsthdJ-TwaVGjd-mPMmtE98K692JKQPwAZHT52mvoMuMRk53-UwGF3dbppQteac1yzA4-rOeOWv3XVI7_6Wynw7LDQjTUc5gnoF4ta5L1enBY5x9BKlFiEf31uzFJB4NyyNGeMMTn21YVuvujud0nLaIiIhbDq9C4UgpRrrZ5oyggwduBD1RtHB4ia8nDO5TNq2NttAzqfWCHkcEdszKOAq4K8zF9p8z-8u6lum4ujDAH0dgAa7hqj6s_jMlEegBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggsCIDhgBAQATIHqoKA4J-AAToMgMADgICEgICUruADSL39wTpY7ozy2o6LiQP6CwIIAYAMAdAVAYAXAbIXLhIqEigIy6eQm92Ew5JBEhZTSU1VTEFURURfRE9NQUlOX1BVQjFQGAEgA0glGAw%26num%3D1%26sig%3DAOD64_0TAibB-y0jeIKGCTDh7lf9x5O3xA%26client%3Dca-pub-3593861583707338%26adurl%3D

HTTP Response

200
142.250.200.4:443

https://www.google.com/pagead/drt/ui

tls, http2

chrome.exe

2.4kB
6.7kB
18
23

HTTP Request

GET https://www.google.com/pagead/drt/ui

HTTP Request

GET https://www.google.com/pagead/drt/ui
142.250.179.226:443

cm.g.doubleclick.net

tls, http2

chrome.exe

1.1kB
5.8kB
9
8
142.250.179.226:443

https://cm.g.doubleclick.net/pixel?google_nid=open&google_hm=9Ex3S7EBhpWp9fhF67mqhQ==&ox_sc=1&ox_init=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

tls, http2

chrome.exe

3.9kB
10.1kB
22
26

HTTP Request

GET https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MDc3NTJlYmQtZDFmMC02MTFmLTVhNjEtZWU0YmYyNDI1ZTVm&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Request

GET https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Request

GET https://cm.g.doubleclick.net/pixel?google_nid=open&google_hm=9Ex3S7EBhpWp9fhF67mqhQ==&ox_sc=1&ox_init=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
52.223.40.198:443

https://match.adsrvr.org/track/cmb/openx?oxid=2b1afd77-1887-3fbb-4f81-b4f238a0903f&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

tls, http2

chrome.exe

3.1kB
9.6kB
18
22

HTTP Request

GET https://match.adsrvr.org/track/cmf/openx?oxid=2b1afd77-1887-3fbb-4f81-b4f238a0903f&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302

HTTP Request

GET https://match.adsrvr.org/track/cmb/openx?oxid=2b1afd77-1887-3fbb-4f81-b4f238a0903f&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302
52.95.122.74:443

https://aax-eu.amazon-adsystem.com/s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=73cc810a-042d-8441-8f8f-366550935bdf&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&dcc=t

tls, http

chrome.exe

3.9kB
9.8kB
17
19

HTTP Request

GET https://aax-eu.amazon-adsystem.com/s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=73cc810a-042d-8441-8f8f-366550935bdf&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302

HTTP Request

GET https://aax-eu.amazon-adsystem.com/s/dcm?pid=fa457a28-e898-4449-9a1d-2b11dd13a271&id=73cc810a-042d-8441-8f8f-366550935bdf&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&dcc=t

HTTP Response

200
37.157.5.87:443

https://c1.adform.net/serving/cookie/match?CC=1&party=22&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

tls, http2

chrome.exe

2.9kB
8.4kB
17
17

HTTP Request

GET https://c1.adform.net/serving/cookie/match?party=22&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302

HTTP Request

GET https://c1.adform.net/serving/cookie/match?CC=1&party=22&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302
37.252.171.21:443

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dappnexus%26uid%3D%24UID

tls, http2

chrome.exe

3.3kB
7.9kB
19
18

HTTP Request

GET https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

307

HTTP Request

GET https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072399%26val%3D%24UID%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302

HTTP Request

GET https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dappnexus%26uid%3D%24UID

HTTP Response

302
172.67.23.234:443

https://id.hadron.ad.gt/v1/hadron.json?_it=amazon&partner_id=533&sync=0&domain=www.ldplayer.net&url=https://www.ldplayer.net/games/tree-of-savior-neverland-on-pc.html?n=22233333

tls, http2

chrome.exe

2.1kB
4.1kB
14
13

HTTP Request

OPTIONS https://id.hadron.ad.gt/v1/hadron.json?_it=amazon&partner_id=533&sync=0&domain=www.ldplayer.net&url=https://www.ldplayer.net/games/tree-of-savior-neverland-on-pc.html?n=22233333

HTTP Response

200

HTTP Request

GET https://id.hadron.ad.gt/v1/hadron.json?_it=amazon&partner_id=533&sync=0&domain=www.ldplayer.net&url=https://www.ldplayer.net/games/tree-of-savior-neverland-on-pc.html?n=22233333

HTTP Response

200
99.80.212.73:443

https://bcp.crwdcntrl.net/6/map

tls, http2

chrome.exe

3.0kB
5.9kB
15
16

HTTP Request

POST https://bcp.crwdcntrl.net/6/map

HTTP Response

200
63.215.202.146:443

https://proc.ad.cpe.dotomi.com/cvx/client/direct/launcher?version=1.1.1&lid=681

tls, http2

chrome.exe

1.9kB
5.2kB
14
13

HTTP Request

GET https://proc.ad.cpe.dotomi.com/cvx/client/direct/launcher?version=1.1.1&lid=681

HTTP Response

200
178.250.1.6:443

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=FVUtrW0fk5ihiE3ybSadM_TYVAzSBg_4kO1ugW8v-xQeCliCZnE_7wH6aP9w93jneJveg7oc3S2l9IE56yE-Eogz9ycZwrtKzNgG-X2NopiRC5-G9gKp7cTqAW9uCxjIrkL9ZyEdDgCxXuQp0n2pUmIWyKtRdVPJ73do5XHi_WP7aPD7rWYA5mLk9-VufffLgIIFEyD41RdcOpVpxIjwXKbii4GxiFUNessBVHcAWz_xCbfO9A0ASp2ca1vTxNVO1ebvj8o3HLsVh-6iWDB73U2cM1_xW6Ev2lyseGyBlZN4wxVR6Wwld7-rCsL8_t_xKJHeNWkO5iHbEx9LEurnLyIPQA_4kNCyBwkbJQ4M_26sR6ke6IVz7UBRw81hw_OATORQNqLhHcar-mm60ChwudUexHsXHShtNxJ3X3NcQ4tSmpjJDhO1154BUgfuAwG8qf9_FppLzKdjuIsFsdPRzLJJOGO9hhvGQvla2nO-7k69iW7w2O_OqDkSQ3LAddz4gvOVgk83XrFbFgJq4Q1lkHCrhseHSTAd_P2qU9s9CmM31zKdWkcpqd8tq3JZ6XDnHUIG_bsMTzAfoJ2qrQyGaWAXcXc

tls, http2

chrome.exe

3.0kB
5.4kB
15
15

HTTP Request

GET https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=wRgpjCycPVPw3dmzQTHnJu90zQSYcOxYM2PdnLMIu3Gxam-PoiVsDhij4paAHHTw6IDcT3gVjLdgVR83Tmuebi37d3GXcq4f56a5wXHQGMBDdl7Ty6QTi3p3DXuUjGUPY51SBqp_PlEkzzPB1VHAoQPbnfzChll9kQN8nd22jrmnMeK1tf0pV6ef6xSf1q5hIC-pJs1oF9FxcqXfKc881kJvhIYK6omt8mumpVFP8ZuPsqCUW7mDwrLJOjcmXMtjK5HexZIEKZsiq-itIEUZc4cu_wtL0wgxWIaw94GlGXRmX1T-9qPU8I8ZfcOpc2tCBYbhHWNejCoVtIcEoec5HPQKzbJafXIypcN36fUzkS0alB9npvgYjxyv9FmaGG9XWCyep1BxGMf5Fn3NsKcthZDPm47wjRIkmSnJ8uI45PhQw4qp7J1P2sOJr7p5G1_XqGBAuUE5A25tW4u1W_usKi0lbHYcgyGQCOhz1GDOWqKvchM1TUrkIRtnOG7OM7IhhS26ES81g0Vnnx7pAmJwHBdwRoOr84RUkjzveBbD_VYOKNZOFQ632poTupXL_tNk4xsLWg

HTTP Response

200

HTTP Request

GET https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=FVUtrW0fk5ihiE3ybSadM_TYVAzSBg_4kO1ugW8v-xQeCliCZnE_7wH6aP9w93jneJveg7oc3S2l9IE56yE-Eogz9ycZwrtKzNgG-X2NopiRC5-G9gKp7cTqAW9uCxjIrkL9ZyEdDgCxXuQp0n2pUmIWyKtRdVPJ73do5XHi_WP7aPD7rWYA5mLk9-VufffLgIIFEyD41RdcOpVpxIjwXKbii4GxiFUNessBVHcAWz_xCbfO9A0ASp2ca1vTxNVO1ebvj8o3HLsVh-6iWDB73U2cM1_xW6Ev2lyseGyBlZN4wxVR6Wwld7-rCsL8_t_xKJHeNWkO5iHbEx9LEurnLyIPQA_4kNCyBwkbJQ4M_26sR6ke6IVz7UBRw81hw_OATORQNqLhHcar-mm60ChwudUexHsXHShtNxJ3X3NcQ4tSmpjJDhO1154BUgfuAwG8qf9_FppLzKdjuIsFsdPRzLJJOGO9hhvGQvla2nO-7k69iW7w2O_OqDkSQ3LAddz4gvOVgk83XrFbFgJq4Q1lkHCrhseHSTAd_P2qU9s9CmM31zKdWkcpqd8tq3JZ6XDnHUIG_bsMTzAfoJ2qrQyGaWAXcXc

HTTP Response

200
178.250.1.3:443

https://static.criteo.net/design/googlefont/opensans/opensans-700.css

tls, http2

chrome.exe

3.1kB
19.7kB
29
29

HTTP Request

GET https://static.criteo.net/flash/icon/close_button.svg

HTTP Request

GET https://static.criteo.net/flash/icon/privacy_small.svg

HTTP Request

GET https://static.criteo.net/flash/icon/adchoices_en.svg

HTTP Request

GET https://static.criteo.net/animejs/animejs.js

HTTP Request

GET https://static.criteo.net/flash/icon/back_button2.svg

HTTP Request

GET https://static.criteo.net/flash/icon/criteo_logo_2021.svg

HTTP Request

GET https://static.criteo.net/flash/icon/privacy.svg

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://static.criteo.net/design/googlefont/opensans/opensans-400.css

HTTP Request

GET https://static.criteo.net/design/googlefont/opensans/opensans-700.css

HTTP Response

200

HTTP Response

200
178.250.1.3:443

static.criteo.net

tls

chrome.exe

1.1kB
4.2kB
10
8
178.250.1.3:443

static.criteo.net

tls

chrome.exe

1.1kB
4.2kB
10
8
178.250.1.3:443

static.criteo.net

tls

chrome.exe

937 B
3.4kB
8
5
178.250.1.3:443

static.criteo.net

tls

chrome.exe

943 B
4.2kB
8
9
178.250.1.17:443

ads.eu.criteo.com

tls

chrome.exe

963 B
4.2kB
8
9
104.17.25.14:443

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

tls, http2

chrome.exe

1.9kB
8.9kB
17
17

HTTP Request

GET https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

HTTP Response

200
178.250.1.15:443

https://imageproxy.eu.criteo.net/v1/002tRV1vMvfSnR93MTRwDyyGD4FN1hF7joPb9W1aWkYBPPJsP861BYeju9tVIkDhZwJvXnVxhNdvTz9YKs5cHMLQBGeUTbmvEjRYrokEXRMrBV6H7IgEFKb2TMZsSfSceLDYeCpHhAcetLxNqXfQfXcf

tls, http2

chrome.exe

12.1kB
415.3kB
192
307

HTTP Request

GET https://imageproxy.eu.criteo.net/v1/001hdn2P9oK8GkuZWWt1IHeAgymFcnasreHwHQktXgtjnYzHBNcbzP2A7SaMczllqChmDlVFh8KiPyOZgsIgCJgbPDizJRyyOJjkCzrOgNtTkCGB0dWpr6jzRJKQKaAw4w8YkSIgXtXHdDNYuhVznXweRTC4IJuppbSGFZIqYz8LfY9zLW8?b=400

HTTP Request

GET https://imageproxy.eu.criteo.net/v1/0006tOtUUQdN6AsdVKtjhOMweHZ6fri9my6kmLsZooPhZij6qvplxJxE5jtpt6ql6WR8DnB6IypimvSxi28Z7NkZsinlpcNglncPS3THo7IxV1aDOKrc6DK46maTJWJgWaqpHTDBP7lXxC6LGd4ObeRxFB9rAzgu5FCg9182M4bnZrRz8DePRL9w0femxOJva62PXOOFvBFEZFfCvpuM7de8n2ZFe0lO

HTTP Request

GET https://imageproxy.eu.criteo.net/v1/001V2eOG9OsSH50Seex9XCw4OllgcPAuRwBW7L5bukNS9F9PAaawJXyn8ahb4t6IWTQCdTzLUXXOeX1YlYNrsw14uolGeOnSNuYiKBeT6TsniHcjV67DI9mhdw61lmUm7rOt2mJOKj1hHwGwnlt19fBUKHgm630tSZGEUVlfxRl7gdM?b=400

HTTP Request

GET https://imageproxy.eu.criteo.net/v1/002tRV1vMvfSnR934ItthCBGQXVa3bffGi1Z3bsiP5yIQqDy4wgPQRAkjPYCqq4XCOTcCVUJbLZ0YTf8VZYC1ScpAsMeyd1dDSgM0ptzgEaHlCmcqqH1N0QFqDTU0m0MVeCMz6NmwrNIo8mnvupnd5bB

HTTP Request

GET https://imageproxy.eu.criteo.net/v1/002tRV1vMvfSnR92m8LrAPOGe0ln5W6CnbdWxhjqHROPSH83klGnfJglYfCuOvvMoqdIrDSfVJU5cyAigH0llYuEAU4pTeGLCBv99r3kp1niKeMZoVR54tYLCBhuwBEP8WN9wP8pOG22fuBFpwGthPJT

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://imageproxy.eu.criteo.net/v1/0006tOtUUQdN6AsdVKtjhOMweHZ6fri9my6kmLsZooPhZij6qvplxJxE5jtpt6ql6WR8DnB6IypimvSxi28Z7NkZsinlpcNglncPS3THo7IxV1aDOKrc6DK46maTJWJgWaqpHTDBP7lXxC6LGd4ObeRxFB9rAzgu5FCg918L24Lsk2qKKHuQhHD5gS073qGdaaMyG1BCcvmnxOXgzSbBy3akCvctKx63

HTTP Request

GET https://imageproxy.eu.criteo.net/v1/001hdn2P9oK8GkuZWWt1IHeAgymFcnasrivpKexh1faR95cZtL4hjKLI6aVoyKeHkHaMKQ4UfvXSHly0ZhXEJypLiPgJJ7JZDrXSq4QdqKcSZKmgUMvj9z9OjP4MtBZaePeHUmnS03gjLmYw8W1xC3aWpn6vMHVCGm9w3iaJ1Scr8AHs70I?b=400

HTTP Request

GET https://imageproxy.eu.criteo.net/v1/001hdn2P9oK8GkuZWWt1IHeAgymFcnasreG39x6h6yqNmMsyXOhYVfUY4BBPQLpGm7wYilGsM99EnKvPUq1z4t1uy71txIZJP4AQVS2SH5PIr0DHxVPSSWAaeogLhqffJuTeKO8RLDjqVyfcgPSSzri9c24aFVaiAg7klvXcEzlQbKAjFmj?b=400

HTTP Request

GET https://imageproxy.eu.criteo.net/v1/001hdn2P9oK8GkuZWWt1IHeAgymFcnasrZZVrTF09e5s44SNXq1tbIMkN2ODhCeE86P3TdHGYO9F1hqoYYJRXGi5WyPqwkxLR6gS25fFimQE3oS0zioUfMGUGVknclKdcjrrg445Km0oTe6BqvNtGydwn6Vz7FOe1Un7tezzJzh592k4u4y?b=400

HTTP Request

GET https://imageproxy.eu.criteo.net/v1/001hdn2P9oK8GkuZWWt1IHeAgymFcnasrfndODOWRh4ISxcAnMv0N7Ud4yDW7Wh1xmzp9RcUrkSzOTDsmEIfN1ihWG4HZ4SCYYalVuJhFSqwtUiu9LEj8504hS9eHFBl7WPoiMzdwxe6VVnAfZVPZqkQR77TynfYetfVn27jYQ2UCqJD247?b=400

HTTP Request

GET https://imageproxy.eu.criteo.net/v1/002tRV1vMvfSnR93MTRwDyyGD4FN1hF7joPb9W1aWkYBPPJsP861BYeju9tVIkDhZwJvXnVxhNdvTz9YKs5cHMLQBGeUTbmvEjRYrokEXRMrBV6H7IgEFKb2TMZsSfSceLDYeCpHhAcetLxNqXfQfXcf

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
178.250.1.15:443

imageproxy.eu.criteo.net

tls

chrome.exe

1.1kB
4.2kB
10
8
178.250.1.15:443

imageproxy.eu.criteo.net

tls

chrome.exe

1.1kB
4.2kB
10
8
178.250.1.15:443

imageproxy.eu.criteo.net

tls

chrome.exe

1.1kB
4.2kB
10
8
178.250.1.15:443

imageproxy.eu.criteo.net

tls

chrome.exe

1.0kB
4.2kB
10
8
178.250.1.22:443

https://staticassets-creator-design.criteo.net/design/dt/11894/1727885168/cc36f1bc0d9a4de3a2549ddcf2bafc7c_cpn_300x250_1.jpeg

tls, http2

chrome.exe

3.0kB
61.0kB
39
51

HTTP Request

GET https://staticassets-creator-design.criteo.net/design/dt/11894/1727885168/cc36f1bc0d9a4de3a2549ddcf2bafc7c_cpn_300x250_1.jpeg

HTTP Response

200
172.67.23.234:443

https://a.ad.gt/api/v1/u/matches/533?_it=amazon

tls, http2

chrome.exe

1.8kB
8.1kB
16
16

HTTP Request

GET https://a.ad.gt/api/v1/u/matches/533?_it=amazon

HTTP Response

200
178.250.1.25:443

https://csm.eu.criteo.net/all?cppv=3&cpp=KOwNDCUDT_zswEzpTGxUPayOixgevdsmStrI0GZe0BFaxJIsP9hTtktbj7IXGoeF6vrTUzWRZBISrrfYp7NKyVYUKDmZbkTjp5OT-7BRDi_g-cRW9n5_-qlPqXsLz3vbrr_pQUv4hNKhPYq8e0VI16qfBT4nDXwG1DH_fd_0Pd6WYScFtXz26mqZGScRJUGphLaUZdCtXxjOrB8ieSDOsJQFc1gkXlI0ECCo4ic7joWJf2bHEkb1lSD4T-ok_awVJY5jBQ&sds=2&rev=95235&sendBeacon=true

tls, http2

chrome.exe

2.6kB
5.1kB
18
18

HTTP Request

POST https://csm.eu.criteo.net/all?cppv=3&cpp=0omK5SUDT_zswEzpGLoWN4MnpE49UjYZy1MQGuOyvk0y9YkV8qIhyGXrgeziQoOxraVVLw_4OhAeQxWcbV7bveYKhZomSJRT_2WpvbgB-0ktxnjdZtDIowVpitc897OryxqoG7RprXrNX0V6cNiZVqSD60ScWTXg5c9ksyFQ_pw4TzwXekQiC8J8jk1oA7yJflR11i5Rz-yUH-BM0uJZ8Xj7vmqoWmCpvpC06xqN_mNRmeSUehzq7yIg6CFMPexGIsjYAA&sds=2&rev=95275&sendBeacon=true

HTTP Response

200

HTTP Request

POST https://csm.eu.criteo.net/all?cppv=3&cpp=KOwNDCUDT_zswEzpTGxUPayOixgevdsmStrI0GZe0BFaxJIsP9hTtktbj7IXGoeF6vrTUzWRZBISrrfYp7NKyVYUKDmZbkTjp5OT-7BRDi_g-cRW9n5_-qlPqXsLz3vbrr_pQUv4hNKhPYq8e0VI16qfBT4nDXwG1DH_fd_0Pd6WYScFtXz26mqZGScRJUGphLaUZdCtXxjOrB8ieSDOsJQFc1gkXlI0ECCo4ic7joWJf2bHEkb1lSD4T-ok_awVJY5jBQ&sds=2&rev=95235&sendBeacon=true

HTTP Response

200
37.157.2.233:443

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID

tls, http2

chrome.exe

2.3kB
6.7kB
14
15

HTTP Request

GET https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID

HTTP Response

302
178.250.1.3:443

https://static.criteo.net/design/googlefont/opensans/opensans-700-latin.woff2

tls, http2

chrome.exe

2.9kB
39.4kB
34
36

HTTP Request

GET https://static.criteo.net/design/googlefont/opensans/opensans-400-latin.woff2

HTTP Request

GET https://static.criteo.net/design/googlefont/opensans/opensans-700-latin.woff2

HTTP Response

200

HTTP Response

200
77.243.51.121:443

https://uipglob.semasio.net/id5/1/get2?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F481%2F112%2F7%2F2.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

tls, http

chrome.exe

4.8kB
6.7kB
16
15

HTTP Request

GET https://uipglob.semasio.net/id5/1/get?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F481%2F112%2F7%2F2.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302

HTTP Request

GET https://uipglob.semasio.net/id5/1/get2?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F481%2F112%2F7%2F2.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302
159.89.25.223:443

https://node.setupad.com/node/node.php

tls, http2

chrome.exe

3.4kB
5.4kB
17
23

HTTP Request

POST https://node.setupad.com/node/node.php

HTTP Response

200

HTTP Request

POST https://node.setupad.com/node/node.php

HTTP Response

200
5.135.209.100:443

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=&redirectUri=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsmartadserver%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%5Bssb_sync_pid%5D

tls, http2

chrome.exe

3.0kB
5.6kB
14
14

HTTP Request

GET https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=&redirectUri=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsmartadserver%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%5Bssb_sync_pid%5D

HTTP Response

302
52.223.40.198:443

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

tls, http2

chrome.exe

2.4kB
5.7kB
14
15

HTTP Request

GET https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302
54.75.14.246:443

https://ice.360yield.com/ul_cb/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-5d55Gyij6esLtNJzUyf6CVcM12hlujUB4lWRTa49gQ&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F481%2F124%2F5%2F4.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

tls, http2

chrome.exe

4.0kB
9.2kB
18
18

HTTP Request

GET https://ice.360yield.com/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-5d55Gyij6esLtNJzUyf6CVcM12hlujUB4lWRTa49gQ&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F481%2F124%2F5%2F4.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302

HTTP Request

GET https://ice.360yield.com/ul_cb/match?publisher_dsp_id=313&dsp_callback=1&external_user_id=ID5-5d55Gyij6esLtNJzUyf6CVcM12hlujUB4lWRTa49gQ&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F481%2F124%2F5%2F4.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302
54.171.108.50:443

https://rtb.gumgum.com/getuid/id5?r=https%3A%2F%2Fid5-sync.com%2Fc%2F481%2F441%2F4%2F5.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

tls, http2

chrome.exe

2.7kB
7.2kB
14
14

HTTP Request

GET https://rtb.gumgum.com/getuid/id5?r=https%3A%2F%2Fid5-sync.com%2Fc%2F481%2F441%2F4%2F5.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302
142.250.187.225:443

tpc.googlesyndication.com

tls

chrome.exe

886 B
4.6kB
8
7
142.250.187.225:443

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

tls, http2

chrome.exe

2.4kB
12.8kB
22
21

HTTP Request

GET https://tpc.googlesyndication.com/simgad/2129369376341000121/14763004658117789537?w=100&h=100&tw=1&q=75

HTTP Request

GET https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

HTTP Request

GET https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
142.250.187.225:443

tpc.googlesyndication.com

tls

chrome.exe

991 B
4.6kB
9
7
142.250.200.33:443

https://cdn.ampproject.org/rtv/012406241625000/v0/amp-form-0.1.mjs

tls, http2

chrome.exe

5.6kB
124.9kB
89
98

HTTP Request

GET https://cdn.ampproject.org/rtv/012406241625000/amp4ads-v0.mjs

HTTP Request

GET https://cdn.ampproject.org/rtv/012406241625000/v0/amp-ad-exit-0.1.mjs

HTTP Request

GET https://cdn.ampproject.org/rtv/012406241625000/v0/amp-analytics-0.1.mjs

HTTP Request

GET https://cdn.ampproject.org/rtv/012406241625000/v0/amp-fit-text-0.1.mjs

HTTP Request

GET https://cdn.ampproject.org/rtv/012406241625000/v0/amp-form-0.1.mjs
142.250.200.33:443

cdn.ampproject.org

tls

chrome.exe

1.2kB
11.8kB
14
12
142.250.200.33:443

cdn.ampproject.org

tls

chrome.exe

977 B
11.8kB
10
12
142.250.200.33:443

cdn.ampproject.org

tls

chrome.exe

998 B
11.8kB
10
12
142.250.200.33:443

cdn.ampproject.org

tls

chrome.exe

998 B
11.8kB
10
12
46.228.164.13:443

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODM4ODY2Ni90LzI/dpuid/ID5-5d55Gyij6esLtNJzUyf6CVcM12hlujUB4lWRTa49gQ/url/https%3A%2F%2Fid5-sync.com%2Fc%2F481%2F224%2F3%2F6.gif%3Fpuid%3D%24%21%7BTURN_UUID%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

tls, http2

chrome.exe

3.0kB
8.7kB
20
19

HTTP Request

GET https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODM4ODY2Ni90LzI/dpuid/ID5-5d55Gyij6esLtNJzUyf6CVcM12hlujUB4lWRTa49gQ/url/https%3A%2F%2Fid5-sync.com%2Fc%2F481%2F224%2F3%2F6.gif%3Fpuid%3D%24%21%7BTURN_UUID%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302
178.250.1.9:443

https://dis.eu.criteo.com/dis/usersync.aspx?r=30&p=59&cp=id5&cu=1&url=https%3A%2F%2Fid5-sync.com%2Fc%2F481%2F203%2F2%2F7.gif%3Fpuid%3D%40%40CRITEO_USERID%40%40%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

tls, http2

chrome.exe

2.4kB
5.5kB
12
12

HTTP Request

GET https://dis.eu.criteo.com/dis/usersync.aspx?r=30&p=59&cp=id5&cu=1&url=https%3A%2F%2Fid5-sync.com%2Fc%2F481%2F203%2F2%2F7.gif%3Fpuid%3D%40%40CRITEO_USERID%40%40%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302
37.252.171.21:443

ib.adnxs.com

tls, http2

chrome.exe

1.0kB
3.4kB
9
9
163.181.154.242:443

https://res.ldrescdn.com/download/LDPlayer9.exe?n=LDPlayer9_ens_1001_ld.exe

tls, http2

chrome.exe

60.9kB
2.1MB
1091
1523

HTTP Request

GET https://res.ldrescdn.com/download/LDPlayer9.exe?n=LDPlayer9_ens_1001_ld.exe

HTTP Response

200
37.252.171.52:443

https://secure.adnxs.com/getuid?https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D86%26partneruserid%3D$UID&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

tls, http2

chrome.exe

2.4kB
5.2kB
14
14

HTTP Request

GET https://secure.adnxs.com/getuid?https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D86%26partneruserid%3D$UID&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302
34.1.230.204:443

https://csync.loopme.me/?redirect=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D124%26partneruserid%3D%7Bdevice_id%7D&pubid=5679&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

tls, http2

chrome.exe

2.2kB
5.2kB
12
12

HTTP Request

GET https://csync.loopme.me/?redirect=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D124%26partneruserid%3D%7Bdevice_id%7D&pubid=5679&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

307
80.82.210.217:443

https://dsp-cookie.adfarm1.adition.com/?ssp=5&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

tls, http2

chrome.exe

2.2kB
4.9kB
12
13

HTTP Request

GET https://dsp-cookie.adfarm1.adition.com/?ssp=5&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302
163.5.194.36:443

https://sync.a-mo.net/setuid?A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=pubmatic&uid=C20D49AD-A6E1-4704-8E6C-C419F2D16BFD

tls, http2

chrome.exe

7.5kB
8.5kB
30
26

HTTP Request

GET https://sync.a-mo.net/isyn?__st=iframe&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&_e=CoACShB3d3cubGRwbGF5ZXIubmV0UgthYXMtOTQ2YzZmZFoIcGJhMS4zLjNqEHd3dy5sZHBsYXllci5uZXT6AQY4LjI3LjDoAgGIA-i4rrgGqAMK6gMkNTczNTFmODItMjUxMC00ZTQxLWJhMzUtOTMyNjY3MTNjOTBiogQpaHR0cHM6Ly93d3cubGRwbGF5ZXIubmV0L2Rvd25sb2FkL2luc3RhbGyqBANEQ0iyBQNVU0TqBQdkZXNrdG9w-gUDbmxkwAYByAYBqgcDd2ViygcMbGRwbGF5ZXIubmV04AcBgggMbGRwbGF5ZXIubmV0iggGY2hyb21lmQgAAwAAAAgAAA

HTTP Response

200

HTTP Request

GET https://sync.a-mo.net/setuid?A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=openx&uid=12c472b8-a118-0c52-240d-74e7b9fb52b2

HTTP Request

GET https://sync.a-mo.net/setuid?A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=appnexus&uid=1804086296972189491

HTTP Response

204

HTTP Response

204

HTTP Request

GET https://prebid.a-mo.net/setuid/magnite?uid=M27FC0QD-28-LN8E&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---

HTTP Request

GET https://prebid.a-mo.net/cjoin/1?cb=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Damx_com%26uid%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8&uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&?us_privacy=1---&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1

HTTP Request

GET https://sync.a-mo.net/setuid?A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=smartadserver&uid=63258396398534972

HTTP Request

GET https://sync.a-mo.net/setuid?A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=adform&uid=5498570646921517865

HTTP Response

421

HTTP Response

421

HTTP Response

204

HTTP Response

204

HTTP Request

GET https://sync.a-mo.net/setuid?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=index_rtb&uid=ZwuccbmqPjYAABz5AFzYNwAA%264432

HTTP Response

204

HTTP Request

GET https://sync.a-mo.net/setuid?A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=amx_com&uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8

HTTP Response

204

HTTP Request

GET https://pb-am.a-mo.net/setuid?bidder=bid_switch&uid=119bd3cd-8272-4f61-9cc2-15763f29355e&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=

HTTP Response

421

HTTP Request

GET https://sync.a-mo.net/setuid?A=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&bidder=pubmatic&uid=C20D49AD-A6E1-4704-8E6C-C419F2D16BFD

HTTP Response

204
89.149.193.89:443

https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESECaBa8YCjaoF0zm_iuIqNs0&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&google_cver=1

tls, http

chrome.exe

7.8kB
7.2kB
20
16

HTTP Request

GET https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=160&partneruserid=1&redirurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsmartrtb_dbm%26google_cm%26google_sc%26google_hm%3DSMART_USER_ID_B64&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302

HTTP Request

GET https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=124&partneruserid=6ce3dde3-6270-4f0f-8341-3f3bd8939f99&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1

HTTP Response

200

HTTP Request

GET https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=49&partneruserid=7425200415547586921&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

200

HTTP Request

GET https://rtb-csync.smartadserver.com/redir/?partnerid=76&partneruserid=CAESECaBa8YCjaoF0zm_iuIqNs0&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&google_cver=1

HTTP Response

200
63.215.202.172:443

https://equativ-match.dotomi.com/match/bounce/current?DotomiTest=43a422cb140516d7&is_secure=true&networkId=9252325&version=1&nuid=SMART_USER_ID&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

tls, http2

chrome.exe

2.8kB
6.0kB
13
11

HTTP Request

GET https://equativ-match.dotomi.com/match/bounce/current?networkId=9252325&version=1&nuid=SMART_USER_ID&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302

HTTP Request

GET https://equativ-match.dotomi.com/match/bounce/current?DotomiTest=43a422cb140516d7&is_secure=true&networkId=9252325&version=1&nuid=SMART_USER_ID&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302
35.227.252.103:443

https://rtb.openx.net/sync/dds?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

tls, http2

chrome.exe

2.9kB
5.3kB
14
13

HTTP Request

GET https://rtb.openx.net/sync/dds?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Request

GET https://rtb.openx.net/sync/dds?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
35.214.136.108:443

https://x.bidswitch.net/sync?dsp_id=429&user_id=0d6c49c7-386c-521f-9a6f-d529fd644958&ssp=adaptmx&expires=30&user_group=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

tls, http2

chrome.exe

6.3kB
10.3kB
28
24

HTTP Request

GET https://x.bidswitch.net/sync?ssp=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Request

GET https://x.bidswitch.net/sync?ssp=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Request

GET https://x.bidswitch.net/ul_cb/sync?ssp=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Request

GET https://x.bidswitch.net/ul_cb/sync?ssp=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Request

GET https://x.bidswitch.net/sync?ssp=adaptmx&user_id=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---

HTTP Request

GET https://x.bidswitch.net/sync?dsp_id=283&user_id=eed3597a-536d-4940-a699-955bbf388f92&expires=1&user_group=2&ssp=openx&bsw_param=119bd3cd-8272-4f61-9cc2-15763f29355e&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr_pd=

HTTP Request

GET https://x.bidswitch.net/sync?dsp_id=4&user_id=0eb988fc-5a9f-4f10-a22a-af7190f87c0c&ssp=openx&expires=30&user_group=5&bsw_param=6705e482-1006-4c29-8180-4596b7287470

HTTP Request

GET https://x.bidswitch.net/sync?dsp_id=429&user_id=0d6c49c7-386c-521f-9a6f-d529fd644958&ssp=adaptmx&expires=30&user_group=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
34.96.105.8:443

https://tr.blismedia.com/v1/api/sync/openx?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

tls, http2

chrome.exe

2.9kB
6.2kB
15
17

HTTP Request

GET https://tr.blismedia.com/v1/api/sync/openx?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Request

GET https://tr.blismedia.com/v1/api/sync/openx?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
34.249.211.147:443

https://pr-bh.ybp.yahoo.com/sync/openx/bfdd9b33-882b-adf2-7e56-a207c7f75d76?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

tls, http2

chrome.exe

2.9kB
5.7kB
15
14

HTTP Request

GET https://pr-bh.ybp.yahoo.com/sync/openx/bfdd9b33-882b-adf2-7e56-a207c7f75d76?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

200

HTTP Request

GET https://pr-bh.ybp.yahoo.com/sync/openx/bfdd9b33-882b-adf2-7e56-a207c7f75d76?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

200
185.184.8.90:443

https://creativecdn.com/cm-notify?pi=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&tc=1

tls, http2

chrome.exe

3.9kB
8.7kB
18
15

HTTP Request

GET https://creativecdn.com/cm-notify?pi=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302

HTTP Request

GET https://creativecdn.com/cm-notify?pi=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Request

GET https://creativecdn.com/cm-notify?pi=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&tc=1

HTTP Response

302

HTTP Response

302

HTTP Request

GET https://creativecdn.com/cm-notify?pi=openx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&tc=1

HTTP Response

302
91.228.74.200:443

https://cms.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

tls, http2

chrome.exe

2.7kB
5.5kB
14
12

HTTP Request

GET https://cms.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302

HTTP Request

GET https://cms.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302
142.250.179.226:443

https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_sc&google_hm=NjMyNTgzOTYzOTg1MzQ5NzI=&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

tls, http2

chrome.exe

2.4kB
8.0kB
15
16

HTTP Request

GET https://cm.g.doubleclick.net/pixel?google_nid=smartrtb_dbm&google_cm&google_sc&google_hm=NjMyNTgzOTYzOTg1MzQ5NzI=&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
89.149.193.89:443

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=155&partneruserid=AQAJHE2j9UILfAIZMDxnAQEBAQEBAQCThFoYMgEBAJOEWhgy&expiration=1728900592&nuid=SMART_USER_ID&is_secure=true&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1

tls, http

chrome.exe

4.7kB
1.9kB
14
10

HTTP Request

GET https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=1804086296972189491&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

200

HTTP Request

GET https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=155&partneruserid=AQAJHE2j9UILfAIZMDxnAQEBAQEBAQCThFoYMgEBAJOEWhgy&expiration=1728900592&nuid=SMART_USER_ID&is_secure=true&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1

HTTP Response

200
89.149.193.89:443

rtb-csync.smartadserver.com

tls, http

chrome.exe

1.2kB
1.1kB
7
6

HTTP Response

408
104.19.158.19:443

https://assets.a-mo.net/js/cframe.js

tls, http2

chrome.exe

1.9kB
9.3kB
15
16

HTTP Request

GET https://assets.a-mo.net/js/cframe.js

HTTP Response

200
37.157.2.233:443

https://cm.adform.net/cookie?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&redirect_url=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dadform%26uid%3D%24UID

tls, http2

chrome.exe

2.3kB
6.2kB
13
13

HTTP Request

GET https://cm.adform.net/cookie?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&redirect_url=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dadform%26uid%3D%24UID

HTTP Response

302
5.135.209.100:443

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&redirectUri=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dsmartadserver%26uid%3D%5Bssb_sync_pid%5D

tls, http2

chrome.exe

2.5kB
5.1kB
13
14

HTTP Request

GET https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&redirectUri=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dsmartadserver%26uid%3D%5Bssb_sync_pid%5D

HTTP Response

302
69.173.156.148:443

https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-adaptmx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---

tls, http

chrome.exe

2.6kB
9.8kB
16
22

HTTP Request

GET https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-adaptmx&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---

HTTP Response

302
198.47.127.18:443

https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=${US_PRIVACY}

tls, http2

chrome.exe

4.1kB
10.6kB
17
21

HTTP Request

GET https://image8.pubmatic.com/AdServer/ImgSync?p=158355&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D158355%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fsync.a-mo.net%252Fsetuid%253FA%253D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%2526bidder%253Dpubmatic%2526uid%253D%2523PMUID

HTTP Response

302

HTTP Request

GET https://image8.pubmatic.com/AdServer/ImgSync?p=158355&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D158355%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fsync.a-mo.net%252Fsetuid%253FA%253D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%2526bidder%253Dpubmatic%2526uid%253D%2523PMUID&rdf=1

HTTP Response

302

HTTP Request

GET https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=${US_PRIVACY}

HTTP Response

302
104.18.36.155:443

https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3Fgdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA%26A%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dindex_rtb%26uid%3D&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&s=191503&us_privacy=1---&C=1

tls, http2

chrome.exe

3.4kB
6.0kB
14
12

HTTP Request

GET https://ssum.casalemedia.com/usermatchredir?s=191503&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&cb=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dindex_rtb%26uid%3D

HTTP Response

302

HTTP Request

GET https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3Fgdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA%26A%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dindex_rtb%26uid%3D&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&s=191503&us_privacy=1---&C=1

HTTP Response

302
52.48.236.83:443

https://ap.lijit.com/pixel?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&redir=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dsovrn%26uid%3D%24UID

tls, http2

chrome.exe

2.2kB
6.5kB
13
14

HTTP Request

GET https://ap.lijit.com/pixel?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&redir=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dsovrn%26uid%3D%24UID

HTTP Response

204
79.127.227.46:443

https://id.a-mx.com/sync?tao=1&&uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8

tls, http

chrome.exe

3.2kB
8.7kB
14
13

HTTP Request

GET https://id.a-mx.com/u?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---&cb=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Damx_com%26uid%3D

HTTP Response

302

HTTP Request

GET https://id.a-mx.com/sync?tao=1&&uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8

HTTP Response

200
35.214.241.248:443

https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=openx&bsw_custom_parameter=6705e482-1006-4c29-8180-4596b7287470&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

tls, http2

chrome.exe

2.9kB
5.7kB
15
12

HTTP Request

GET https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=openx&bsw_custom_parameter=6705e482-1006-4c29-8180-4596b7287470&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Request

GET https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=openx&bsw_custom_parameter=6705e482-1006-4c29-8180-4596b7287470&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA
51.255.68.171:443

https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=openx&bsw_custom_parameter=119bd3cd-8272-4f61-9cc2-15763f29355e&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr_pd=&us_privacy=

tls, http

chrome.exe

2.5kB
6.4kB
13
14

HTTP Request

GET https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=openx&bsw_custom_parameter=119bd3cd-8272-4f61-9cc2-15763f29355e&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr_pd=&us_privacy=

HTTP Response

302
188.42.189.197:443

https://ads.betweendigital.com/match?bidder_id=43092&gdpr=1&consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dadaptmx%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&crf=1&rts=4183004200302975065

tls, http2

chrome.exe

4.1kB
9.1kB
18
14

HTTP Request

GET https://ads.betweendigital.com/match?bidder_id=43092&gdpr=1&consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dadaptmx%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA

HTTP Response

302

HTTP Request

GET https://ads.betweendigital.com/match?bidder_id=43092&gdpr=1&consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dadaptmx%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D1%26gdpr_consent%3DCQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&crf=1&rts=4183004200302975065

HTTP Response

302
163.5.194.33:443

https://prebid.a-mo.net/cjoin/1?cb=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Damx_com%26uid%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8&uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&?us_privacy=1---&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1

tls, http2

chrome.exe

3.1kB
7.2kB
16
15

HTTP Request

GET https://prebid.a-mo.net/setuid/magnite?uid=M27FC0QD-28-LN8E&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---

HTTP Request

GET https://prebid.a-mo.net/cjoin/1?cb=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Damx_com%26uid%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8&uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&?us_privacy=1---&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&gdpr=1

HTTP Response

302

HTTP Response

204
163.5.194.33:443

prebid.a-mo.net

tls

chrome.exe

967 B
3.3kB
8
6
185.64.191.210:443

https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&piggybackCookie=CAESEKPKjEunpJrgEhZYwXiHSJw&google_cver=1

tls, http2

chrome.exe

2.5kB
6.1kB
13
14

HTTP Request

GET https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&piggybackCookie=CAESEKPKjEunpJrgEhZYwXiHSJw&google_cver=1

HTTP Response

302
163.5.194.36:443

https://pb-am.a-mo.net/setuid?bidder=bid_switch&uid=119bd3cd-8272-4f61-9cc2-15763f29355e&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=

tls, http2

chrome.exe

2.3kB
5.7kB
13
12

HTTP Request

GET https://pb-am.a-mo.net/setuid?bidder=bid_switch&uid=119bd3cd-8272-4f61-9cc2-15763f29355e&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=

HTTP Response

204
198.47.127.20:443

https://image4.pubmatic.com/AdServer/SPug?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&p=158355&pmc=1&pr=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dpubmatic%26uid%3DC20D49AD-A6E1-4704-8E6C-C419F2D16BFD&us_privacy=%24%7BUS_PRIVACY%7D

tls, http2

chrome.exe

2.5kB
5.6kB
13
15

HTTP Request

GET https://image4.pubmatic.com/AdServer/SPug?gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&p=158355&pmc=1&pr=https%3A%2F%2Fsync.a-mo.net%2Fsetuid%3FA%3D75d2d10c-50d4-49d8-9fb0-70edaf3398b8%26bidder%3Dpubmatic%26uid%3DC20D49AD-A6E1-4704-8E6C-C419F2D16BFD&us_privacy=%24%7BUS_PRIVACY%7D

HTTP Response

302
185.89.208.11:443

https://prebid.adnxs.com/pbs/v1/setuid?bidder=amx&uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&gdpr=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---

tls, http

chrome.exe

2.6kB
7.6kB
12
14

HTTP Request

GET https://prebid.adnxs.com/pbs/v1/setuid?bidder=amx&uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&gdpr=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---

HTTP Response

200
185.64.190.84:443

https://ow.pubmatic.com/setuid?bidder=amx&uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&gdpr=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---

tls, http2

chrome.exe

2.4kB
5.4kB
13
14

HTTP Request

GET https://ow.pubmatic.com/setuid?bidder=amx&uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&gdpr=1&gdpr=1&gdpr_consent=CQGbocAQGbocAF7ADBENBKFsAP_gAEPgAA5QKZtV9G__bWlr8H73aftkeYVP91h77sQhBhPJE-4FzLvW_IwXx2ExNA36tqIKmRIAsXZBIQNlGBBUTVCgaogVryDIaEGcoTNKJaBECFMRM2ZYCB5vmwtj-QCY5Pr901cx2B-p7dr8zdziz4VHm3a59mK0WJCdA5-tDfv8bRKb-9IGZ_x0v4v8_EfrA2_eT1l_tUup5B9-ctM7eXW89_efd_9Ln-6sB_-_gpkASQaFRAGWBISEGgYQQIAVBWEBFAgAAAAIGiAgBMGBTsDAJdYSIAQAoABggBAACBIAEAAAEACEQAQAFAgAAgECgAAAAgGAgAIEAAEAFgIBAACA6BCmBBAIFgAkZARCmBCEAkEBLJUIJAECCqEIRQ4BEAiJgoAAAAACoAAAFgsDCCQEKEggS4g2gAAIAEAggACAEnBgACAM0SoPBk2jK0wDR8wCAaYBkAAA.f_wACHwAAAAA&us_privacy=1---

HTTP Response

200
79.127.216.47:443

https://id.rtb.mx/rum?uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&d=1728814192719

tls, http

chrome.exe

1.9kB
7.2kB
12
11

HTTP Request

POST https://id.rtb.mx/rum?uid=75d2d10c-50d4-49d8-9fb0-70edaf3398b8&d=1728814192719

HTTP Response

204
111.45.11.83:443

hm.baidu.com

chrome.exe

260 B
5
111.45.11.83:443

hm.baidu.com

chrome.exe

260 B
5
4.153.129.168:443

https://b.clarity.ms/collect

tls, http

chrome.exe

4.0kB
6.8kB
16
14

HTTP Request

POST https://b.clarity.ms/collect

HTTP Response

204

HTTP Request

POST https://b.clarity.ms/collect

HTTP Response

204
14.215.183.79:443

hm.baidu.com

chrome.exe

208 B
4
14.215.183.79:443

hm.baidu.com

chrome.exe

208 B
4
4.153.129.168:443

https://b.clarity.ms/collect

tls, http

chrome.exe

3.8kB
6.7kB
13
13

HTTP Request

POST https://b.clarity.ms/collect

HTTP Response

204

HTTP Request

POST https://b.clarity.ms/collect

HTTP Response

204
2.18.66.65:443

www.bing.com

tls

18.2kB
3.1kB
40
24
172.202.65.254:443

arc-ring.msedge.net

tls

2.1kB
8.6kB
21
20
13.107.226.254:443

t-ring-fallback-s2.msedge.net

tls

2.6kB
9.5kB
21
16
150.171.64.254:443

ev2-ring.msedge.net

tls

2.1kB
8.6kB
21
20
150.171.73.254:443

bx-ring.msedge.net

tls

2.1kB
8.6kB
21
20
40.101.70.18:443

https://c0f488aa5dced54740a0f1891a1b6ede.nrb.footprintdns.com/apc/trans.gif?7dc5bc75523039593643ded5033d602b

tls, http2

1.8kB
5.9kB
17
12

HTTP Request

GET https://c0f488aa5dced54740a0f1891a1b6ede.nrb.footprintdns.com/apc/trans.gif?6dd432eb2f1206713c53b0191d9bedc5

HTTP Response

200

HTTP Request

GET https://c0f488aa5dced54740a0f1891a1b6ede.nrb.footprintdns.com/apc/trans.gif?7dc5bc75523039593643ded5033d602b

HTTP Response

200
20.44.10.122:443

browser.pipe.aria.microsoft.com

tls

3.2kB
7.6kB
19
15
150.171.28.10:443

tse1.mm.bing.net

tls

1.6kB
7.3kB
17
15
150.171.28.10:443

tse1.mm.bing.net

tls

1.6kB
7.3kB
17
15
150.171.28.10:443

tse1.mm.bing.net

tls

95.6kB
2.5MB
1849
1843
150.171.28.10:443

tse1.mm.bing.net

tls

1.6kB
7.3kB
17
15
150.171.28.10:443

tse1.mm.bing.net

tls

1.6kB
7.3kB
17
15

224.0.0.251:5353

chrome.exe

937 B
14
142.250.200.36:443

www.google.com

https

chrome.exe

33.0kB
1.1MB
224
923
142.250.180.10:443

ogads-pa.googleapis.com

https

chrome.exe

4.0kB
7.5kB
12
14
142.250.179.238:443

apis.google.com

https

chrome.exe

4.8kB
52.6kB
28
46
8.8.8.8:53

36.200.250.142.in-addr.arpa

dns

1.2kB
2.1kB
18
17

DNS Request

36.200.250.142.in-addr.arpa

DNS Request

www.googleadservices.com

DNS Response

216.58.212.194

DNS Request

ctldl.windowsupdate.com

DNS Response

199.232.214.172

199.232.210.172

DNS Request

179.31.115.190.in-addr.arpa

DNS Request

static.doubleclick.net

DNS Response

142.250.179.230

DNS Request

230.179.250.142.in-addr.arpa

DNS Request

disqus.com

DNS Response

151.101.64.134

151.101.0.134

151.101.192.134

151.101.128.134

DNS Request

63.208.239.18.in-addr.arpa

DNS Request

10.200.250.142.in-addr.arpa

DNS Request

73.79.16.104.in-addr.arpa

DNS Request

transferbox.cfd

DNS Response

172.67.154.60

104.21.4.233

DNS Request

4.200.250.142.in-addr.arpa

DNS Request

translate.googleapis.com

DNS Response

172.217.169.10

DNS Request

117.150.17.104.in-addr.arpa

DNS Request

google.com

DNS Response

172.217.169.14

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

fp.msedge.net

DNS Request

fp.msedge.net

DNS Response

204.79.197.222
8.8.8.8:53

3.178.250.142.in-addr.arpa

dns

1.5kB
2.7kB
22
22

DNS Request

3.178.250.142.in-addr.arpa

DNS Request

play.google.com

DNS Response

216.58.201.110

DNS Request

67.204.58.216.in-addr.arpa

DNS Request

172.214.232.199.in-addr.arpa

DNS Request

3.76.0.192.in-addr.arpa

DNS Request

googleads.g.doubleclick.net

DNS Response

216.58.213.2

DNS Request

2.213.58.216.in-addr.arpa

DNS Request

s.w.org

DNS Response

192.0.77.48

DNS Request

141.150.67.172.in-addr.arpa

DNS Request

realtime.services.disqus.com

DNS Response

52.5.112.135

54.227.133.51

54.227.95.54

34.233.138.108

DNS Request

static.cloudflareinsights.com

DNS Response

104.16.79.73

104.16.80.73

DNS Request

directtransfer.cfd

DNS Response

104.21.95.242

172.67.149.166

DNS Request

137.2.101.151.in-addr.arpa

DNS Request

cdn.amplitude.com

DNS Response

65.9.95.77

65.9.95.107

65.9.95.70

65.9.95.31

DNS Request

translate-pa.googleapis.com

DNS Response

142.250.179.234

142.250.200.42

172.217.16.234

216.58.204.74

142.250.200.10

216.58.201.106

142.250.187.202

142.250.187.234

172.217.169.42

216.58.212.234

142.250.180.10

172.217.169.10

216.58.212.202

142.250.178.10

DNS Request

195.187.250.142.in-addr.arpa

DNS Request

id.google.com

DNS Response

142.250.187.195

DNS Request

67.169.217.172.in-addr.arpa

DNS Request

222.197.79.204.in-addr.arpa

DNS Request

42.200.250.142.in-addr.arpa

DNS Request

ocsp.pki.goog

DNS Request

ocsp.pki.goog

DNS Response

142.250.178.3

DNS Response

142.250.178.3
8.8.8.8:53

238.179.250.142.in-addr.arpa

dns

1.4kB
3.1kB
21
21

DNS Request

238.179.250.142.in-addr.arpa

DNS Request

fonts.gstatic.com

DNS Response

216.58.204.67

DNS Request

157.34.239.216.in-addr.arpa

DNS Request

www.youtube.com

DNS Response

216.58.201.110

216.58.213.14

142.250.200.46

172.217.169.78

142.250.178.14

172.217.16.238

142.250.179.238

142.250.187.238

142.250.180.14

172.217.169.14

142.250.187.206

142.250.200.14

216.58.204.78

DNS Request

i.ytimg.com

DNS Response

142.250.200.54

216.58.204.86

142.250.179.246

216.58.201.118

142.250.180.22

172.217.169.86

172.217.169.22

142.250.187.214

142.250.200.22

216.58.212.214

142.250.178.22

216.58.212.246

142.250.187.246

172.217.16.246

DNS Request

2.77.0.192.in-addr.arpa

DNS Request

torrent-stats.info

DNS Response

87.98.254.167

DNS Request

c.disquscdn.com

DNS Response

18.239.208.63

18.239.208.19

18.239.208.121

18.239.208.52

DNS Request

48.77.0.192.in-addr.arpa

DNS Request

a.disquscdn.com

DNS Response

199.232.194.49

199.232.198.49

DNS Request

challenges.cloudflare.com

DNS Response

104.18.94.41

104.18.95.41

DNS Request

242.95.21.104.in-addr.arpa

DNS Request

www.google.com

DNS Response

142.250.200.4

DNS Request

static.mediafire.com

DNS Response

104.17.150.117

104.17.151.117

DNS Request

www.google.co.uk

DNS Response

142.250.187.195

DNS Request

232.16.217.172.in-addr.arpa

DNS Request

129.155.91.199.in-addr.arpa

DNS Request

ocsp.digicert.com

DNS Response

192.229.221.95

DNS Request

168.128.123.92.in-addr.arpa

DNS Request

ogads-pa.googleapis.com

DNS Request

ogads-pa.googleapis.com

DNS Response

142.250.200.42

142.250.187.202

216.58.204.74

142.250.180.10

172.217.169.74

216.58.213.10

142.250.179.234

142.250.200.10

216.58.212.234

142.250.178.10

216.58.201.106

172.217.16.234

142.250.187.234

DNS Response

172.217.169.74

216.58.204.74

142.250.180.10

142.250.187.202

142.250.187.234

142.250.178.10

142.250.200.42

216.58.213.10

216.58.212.234

142.250.179.234

142.250.200.10

216.58.201.106

172.217.16.234
8.8.8.8:53

10.180.250.142.in-addr.arpa

dns

1.3kB
2.3kB
19
19

DNS Request

10.180.250.142.in-addr.arpa

DNS Request

78.169.217.172.in-addr.arpa

DNS Request

194.212.58.216.in-addr.arpa

DNS Request

stats.wp.com

DNS Response

192.0.76.3

DNS Request

content-autofill.googleapis.com

DNS Response

142.250.178.10

142.250.187.234

216.58.201.106

172.217.169.42

142.250.180.10

142.250.179.234

142.250.200.10

216.58.212.202

216.58.213.10

142.250.187.202

216.58.204.74

172.217.169.10

172.217.16.234

142.250.200.42

DNS Request

54.200.250.142.in-addr.arpa

DNS Request

s01.riotpixels.net

DNS Response

172.67.150.141

104.21.30.45

DNS Request

17.61.146.82.in-addr.arpa

DNS Request

135.112.5.52.in-addr.arpa

DNS Request

214.72.67.172.in-addr.arpa

DNS Request

60.154.67.172.in-addr.arpa

DNS Request

beacons.gcp.gvt2.com

DNS Response

172.217.169.3

DNS Request

www.google-analytics.com

DNS Response

142.250.178.14

DNS Request

77.95.9.65.in-addr.arpa

DNS Request

238.16.217.172.in-addr.arpa

DNS Request

3.180.250.142.in-addr.arpa

DNS Request

clientservices.googleapis.com

DNS Response

216.58.201.99

DNS Request

clients2.google.com

DNS Request

clients2.google.com

DNS Response

172.217.169.78

DNS Response

172.217.169.78
216.58.201.110:443

www.youtube.com

https

chrome.exe

4.1kB
7.8kB
11
12
172.217.169.78:443

clients2.google.com

https

chrome.exe

3.9kB
9.7kB
14
16
142.250.180.10:443

content-autofill.googleapis.com

https

chrome.exe

3.4kB
8.0kB
9
11
216.58.201.110:443

www.youtube.com

https

chrome.exe

76.9kB
139.5kB
164
191
216.58.213.2:443

googleads.g.doubleclick.net

https

chrome.exe

4.4kB
9.0kB
20
25
172.217.169.74:443

ogads-pa.googleapis.com

https

chrome.exe

12.4kB
102.2kB
67
103
142.250.200.54:443

i.ytimg.com

https

chrome.exe

2.9kB
6.8kB
5
8
192.0.76.3:443

stats.wp.com

https

chrome.exe

6.4kB
9.3kB
39
39
172.67.150.141:443

s01.riotpixels.net

https

chrome.exe

3.0kB
5.5kB
7
9
8.8.8.8:53

134.64.101.151.in-addr.arpa

dns

986 B
1.9kB
15
15

DNS Request

134.64.101.151.in-addr.arpa

DNS Request

fonts.googleapis.com

DNS Response

142.250.200.10

DNS Request

paste.fitgirl-repacks.site

DNS Response

190.115.31.179

DNS Request

senditfast.cloud

DNS Response

104.21.15.162

172.67.163.30

DNS Request

code.jquery.com

DNS Response

151.101.2.137

151.101.66.137

151.101.194.137

151.101.130.137

DNS Request

www.googletagmanager.com

DNS Response

172.217.16.232

DNS Request

region1.analytics.google.com

DNS Response

216.239.34.36

216.239.32.36

DNS Request

10.169.217.172.in-addr.arpa

DNS Request

play.google.com

DNS Response

172.217.16.238

DNS Request

www.google.co.uk

DNS Response

142.250.180.3

DNS Request

173.128.123.92.in-addr.arpa

DNS Request

play.google.com

DNS Response

172.217.169.46

DNS Request

c.pki.goog

DNS Response

142.250.178.3

DNS Request

media.tenor.com

DNS Request

media.tenor.com

DNS Response

142.250.179.234

216.58.212.202

142.250.180.10

216.58.204.74

142.250.200.42

216.58.201.106

142.250.178.10

172.217.169.10

172.217.169.74

142.250.187.234

172.217.16.234

142.250.200.10

142.250.187.202

172.217.169.42

DNS Response

142.250.180.10

172.217.169.42

172.217.169.10

142.250.179.234

142.250.200.42

216.58.212.202

172.217.169.74

172.217.16.234

142.250.178.10

142.250.200.10

142.250.187.202

142.250.187.234

216.58.201.106

216.58.204.74
172.67.72.214:443

fuckingfast.co

https

chrome.exe

7.0kB
6.6kB
14
14
104.18.94.41:443

challenges.cloudflare.com

https

chrome.exe

1.8kB
4.3kB
7
8
104.21.15.162:443

senditfast.cloud

https

chrome.exe

1.8kB
5.5kB
7
10
104.21.95.242:443

directtransfer.cfd

https

chrome.exe

5.1kB
10.8kB
17
20
172.67.154.60:443

transferbox.cfd

https

chrome.exe

4.6kB
35.5kB
23
38
142.250.200.4:443

www.google.com

https

chrome.exe

3.5kB
42.6kB
27
42
142.250.180.10:443

media.tenor.com

https

chrome.exe

2.4kB
3.1kB
8
9
216.58.201.110:443

www.youtube.com

https

chrome.exe

4.1kB
2.8kB
9
8
104.17.150.117:443

static.mediafire.com

https

chrome.exe

29.9kB
14.8kB
42
30
8.8.8.8:53

84.112.203.54.in-addr.arpa

dns

402 B
1.2kB
6
6

DNS Request

84.112.203.54.in-addr.arpa

DNS Request

163.68.195.51.in-addr.arpa

DNS Request

17.173.189.20.in-addr.arpa

DNS Request

99.201.58.216.in-addr.arpa

DNS Request

g.tenor.com

DNS Request

g.tenor.com

DNS Response

216.58.213.10

142.250.180.10

216.58.201.106

142.250.200.10

142.250.187.234

216.58.212.234

142.250.200.42

172.217.169.74

216.58.212.202

172.217.16.234

172.217.169.10

142.250.178.10

216.58.204.74

142.250.187.202

142.250.179.234

DNS Response

216.58.204.74

142.250.187.202

216.58.212.202

216.58.213.10

216.58.201.106

142.250.178.10

142.250.187.234

142.250.179.234

216.58.212.234

142.250.200.10

172.217.169.74

142.250.180.10

172.217.16.234

172.217.169.10

142.250.200.42
8.8.8.8:53

234.179.250.142.in-addr.arpa

dns

744 B
1.4kB
11
11

DNS Request

234.179.250.142.in-addr.arpa

DNS Request

www.win-rar.com

DNS Response

51.195.68.163

DNS Request

self.events.data.microsoft.com

DNS Response

20.189.173.17

DNS Request

www.google.com

DNS Response

142.250.200.4

DNS Request

46.169.217.172.in-addr.arpa

DNS Request

o.pki.goog

DNS Response

142.250.178.3

DNS Request

inputsuggestions.msdxcdn.microsoft.com

DNS Response

13.107.246.64

DNS Request

64.246.107.13.in-addr.arpa

DNS Request

www.googleadservices.com

DNS Response

216.58.212.194

DNS Request

id.google.com

DNS Response

142.250.200.35

DNS Request

id.google.com

DNS Response

142.250.200.35
8.8.8.8:53

36.34.239.216.in-addr.arpa

dns

72 B
132 B
1
1

DNS Request

36.34.239.216.in-addr.arpa
8.8.8.8:53

154.206.125.74.in-addr.arpa

dns

219 B
285 B
3
3

DNS Request

154.206.125.74.in-addr.arpa

DNS Request

googleads.g.doubleclick.net

DNS Request

googleads.g.doubleclick.net

DNS Response

172.217.16.226

DNS Response

172.217.16.226
216.239.34.36:443

region1.analytics.google.com

https

chrome.exe

1.6kB
6.5kB
4
8
172.217.169.10:443

g.tenor.com

https

chrome.exe

2.9kB
6.5kB
5
8
216.58.201.110:443

www.youtube.com

https

chrome.exe

5.6kB
3.4kB
12
13
142.250.200.4:443

www.google.com

https

chrome.exe

25.0kB
595.7kB
169
548
142.250.180.10:443

g.tenor.com

https

chrome.exe

3.6kB
3.2kB
8
8
216.58.201.110:443

www.youtube.com

https

chrome.exe

4.0kB
2.8kB
8
7
142.250.180.10:443

g.tenor.com

https

chrome.exe

2.4kB
3.1kB
8
9
172.217.16.238:443

play.google.com

https

chrome.exe

1.6kB
6.7kB
4
8
172.217.169.3:443

beacons.gcp.gvt2.com

https

chrome.exe

1.6kB
6.3kB
4
7
172.217.16.226:443

googleads.g.doubleclick.net

https

chrome.exe

2.8kB
4.4kB
15
18
172.217.169.14:443

www.youtube.com

https

chrome.exe

2.9kB
7.1kB
5
8
216.58.201.110:443

www.youtube.com

https

chrome.exe

8.7kB
4.3kB
21
21
172.217.169.67:443

beacons.gcp.gvt2.com

https

chrome.exe

2.9kB
3.5kB
13
13
172.217.169.67:443

beacons.gcp.gvt2.com

https

chrome.exe

1.7kB
6.3kB
5
7
216.239.34.36:443

region1.analytics.google.com

https

chrome.exe

2.9kB
3.3kB
8
10
142.250.180.3:443

www.google.co.uk

https

chrome.exe

3.8kB
5.1kB
3
4
142.250.200.4:443

www.google.com

https

chrome.exe

4.6kB
48.9kB
33
48
142.250.200.42:443

g.tenor.com

https

chrome.exe

4.8kB
8.9kB
17
18
172.217.169.46:443

play.google.com

https

chrome.exe

5.4kB
7.2kB
10
10
172.217.169.78:443

clients2.google.com

https

chrome.exe

5.4kB
9.7kB
16
16
142.250.200.4:443

www.google.com

https

chrome.exe

25.6kB
608.2kB
169
559
142.250.200.35:443

id.google.com

https

chrome.exe

4.1kB
8.2kB
11
12
8.8.8.8:53

dns-tunnel-check.googlezip.net

dns

chrome.exe

462 B
1.1kB
7
7

DNS Request

dns-tunnel-check.googlezip.net

DNS Response

216.239.34.159

DNS Request

www.gstatic.com

DNS Response

142.250.178.3

DNS Request

www.youtube.com

DNS Response

142.250.187.238

172.217.169.78

216.58.201.110

142.250.187.206

216.58.213.14

142.250.178.14

172.217.16.238

142.250.200.14

142.250.179.238

142.250.200.46

216.58.204.78

142.250.180.14

172.217.169.46

216.58.212.238

216.58.212.206

172.217.169.14

DNS Request

jnn-pa.googleapis.com

DNS Response

142.250.180.10

142.250.187.202

142.250.200.10

216.58.204.74

142.250.187.234

172.217.169.74

172.217.16.234

142.250.179.234

216.58.213.10

142.250.178.10

216.58.201.106

172.217.169.10

142.250.200.42

172.217.169.42

DNS Request

34.200.250.142.in-addr.arpa

DNS Request

cmp.setupcmp.com

DNS Request

cmp.setupcmp.com

DNS Response

172.67.70.36

104.26.5.6

104.26.4.6

DNS Response

104.26.4.6

172.67.70.36

104.26.5.6
142.250.200.42:443

jnn-pa.googleapis.com

https

chrome.exe

2.7kB
7.4kB
10
15
8.8.8.8:53

i.ytimg.com

dns

chrome.exe

396 B
1.1kB
6
6

DNS Request

i.ytimg.com

DNS Response

216.58.201.118

142.250.200.54

142.250.180.22

142.250.178.22

142.250.200.22

142.250.187.214

172.217.169.86

216.58.204.86

172.217.169.54

172.217.16.246

142.250.179.246

142.250.187.246

216.58.212.214

216.58.212.246

DNS Request

118.201.58.216.in-addr.arpa

DNS Request

static.doubleclick.net

DNS Response

142.250.200.38

DNS Request

238.187.250.142.in-addr.arpa

DNS Request

www.ldplayer.net

DNS Request

www.ldplayer.net

DNS Response

163.181.154.242

163.181.154.240

163.181.154.243

163.181.154.238

163.181.154.244

163.181.154.239

163.181.154.237

163.181.154.241

DNS Response

163.181.154.239

163.181.154.240

163.181.154.243

163.181.154.237

163.181.154.242

163.181.154.241

163.181.154.238

163.181.154.244
142.250.187.238:443

www.youtube.com

https

chrome.exe

3.4kB
8.6kB
9
11
142.250.187.238:443

www.youtube.com

https

chrome.exe

16.4kB
44.8kB
36
48
172.217.169.46:443

www.youtube.com

https

chrome.exe

5.3kB
7.2kB
8
10
142.250.200.34:443

googleads.g.doubleclick.net

https

chrome.exe

2.9kB
6.5kB
5
8
142.250.180.10:443

jnn-pa.googleapis.com

https

chrome.exe

5.3kB
9.0kB
15
19
8.8.8.8:53

38.200.250.142.in-addr.arpa

dns

205 B
275 B
3
3

DNS Request

38.200.250.142.in-addr.arpa

DNS Request

fonts.googleapis.com

DNS Request

fonts.googleapis.com

DNS Response

172.217.169.42

DNS Response

172.217.169.42
172.217.169.46:443

www.youtube.com

https

chrome.exe

7.3kB
9.0kB
15
17
8.8.8.8:53

cdn.ldplayer.net

dns

chrome.exe

124 B
244 B
2
2

DNS Request

cdn.ldplayer.net

DNS Request

cdn.ldplayer.net

DNS Response

79.133.176.186

DNS Response

79.133.176.186
8.8.8.8:53

res.ldrescdn.com

dns

chrome.exe

204 B
496 B
3
3

DNS Request

res.ldrescdn.com

DNS Response

163.181.154.242

163.181.154.243

163.181.154.239

163.181.154.240

163.181.154.238

163.181.154.244

163.181.154.241

163.181.154.237

DNS Request

36.70.67.172.in-addr.arpa

DNS Request

36.70.67.172.in-addr.arpa
8.8.8.8:53

42.169.217.172.in-addr.arpa

dns

411 B
664 B
6
6

DNS Request

42.169.217.172.in-addr.arpa

DNS Request

fundingchoicesmessages.google.com

DNS Response

172.217.169.78

DNS Request

apis.google.com

DNS Response

172.217.16.238

DNS Request

www.googletagmanager.com

DNS Response

172.217.16.232

DNS Request

apien.ldplayer.net

DNS Request

apien.ldplayer.net

DNS Response

79.133.176.174

DNS Response

79.133.176.174
172.217.169.78:443

fundingchoicesmessages.google.com

https

chrome.exe

4.1kB
9.0kB
12
14
8.8.8.8:53

content-autofill.googleapis.com

dns

chrome.exe

203 B
589 B
3
3

DNS Request

content-autofill.googleapis.com

DNS Response

142.250.187.234

216.58.204.74

216.58.213.10

216.58.201.106

142.250.178.10

142.250.180.10

142.250.200.42

142.250.179.234

172.217.16.234

216.58.212.202

142.250.187.202

142.250.200.10

DNS Request

usersdk.ldmnq.com

DNS Request

usersdk.ldmnq.com

DNS Response

47.236.4.49

8.222.254.73

DNS Response

8.222.254.73

47.236.4.49
172.217.16.238:443

apis.google.com

https

chrome.exe

4.3kB
9.3kB
13
14
8.8.8.8:53

bat.bing.com

dns

chrome.exe

327 B
740 B
5
5

DNS Request

bat.bing.com

DNS Response

150.171.28.10

150.171.27.10

DNS Request

242.154.181.163.in-addr.arpa

DNS Request

accounts.google.com

DNS Response

173.194.69.84

DNS Request

invite.ldplayer.net

DNS Request

invite.ldplayer.net

DNS Response

47.245.114.192

8.219.96.60

8.219.66.74

DNS Response

47.245.114.192

8.219.96.60

8.219.66.74
8.8.8.8:53

www.clarity.ms

dns

chrome.exe

403 B
723 B
6
6

DNS Request

www.clarity.ms

DNS Response

13.107.246.64

DNS Request

186.176.133.79.in-addr.arpa

DNS Request

84.69.194.173.in-addr.arpa

DNS Request

stpd.cloud

DNS Response

104.18.31.49

104.18.30.49

DNS Request

www.googletagservices.com

DNS Response

142.250.200.2

DNS Request

www.googletagservices.com

DNS Response

142.250.200.2
8.8.8.8:53

hm.baidu.com

dns

chrome.exe

116 B
328 B
2
2

DNS Request

hm.baidu.com

DNS Request

hm.baidu.com

DNS Response

183.240.98.228

111.45.11.83

14.215.183.79

111.45.3.198

14.215.182.140

DNS Response

14.215.182.140

111.45.3.198

14.215.183.79

111.45.11.83

183.240.98.228
172.217.169.78:443

fundingchoicesmessages.google.com

https

chrome.exe

4.6kB
80.1kB
38
71
8.8.8.8:53

234.187.250.142.in-addr.arpa

dns

190 B
391 B
3
3

DNS Request

234.187.250.142.in-addr.arpa

DNS Request

b.clarity.ms

DNS Request

b.clarity.ms

DNS Response

4.153.129.168

DNS Response

4.153.129.168
8.8.8.8:53

174.176.133.79.in-addr.arpa

dns

717 B
1.3kB
10
10

DNS Request

174.176.133.79.in-addr.arpa

DNS Request

168.129.153.4.in-addr.arpa

DNS Request

play-lh.googleusercontent.com

DNS Response

142.250.179.246

DNS Request

66f7aa179543774b3f297a30a3931951.safeframe.googlesyndication.com

DNS Response

142.250.180.1

DNS Request

tagan.adlightning.com

DNS Response

65.9.95.35

65.9.95.16

65.9.95.22

65.9.95.20

DNS Request

adx.adform.net

DNS Response

37.157.5.132

37.157.5.133

37.157.5.84

37.157.4.28

37.157.5.87

37.157.4.29

DNS Request

cdn.hadronid.net

DNS Response

104.22.53.173

172.67.36.110

104.22.52.173

DNS Request

aax-eu.amazon-adsystem.com

DNS Response

52.95.122.74

DNS Request

static.criteo.net

DNS Request

static.criteo.net

DNS Response

178.250.1.3

DNS Response

178.250.1.3
8.8.8.8:53

66.169.217.172.in-addr.arpa

dns

257 B
543 B
4
4

DNS Request

66.169.217.172.in-addr.arpa

DNS Request

adservice.google.com

DNS Response

142.250.187.226

DNS Request

api.ldshop.gg

DNS Request

api.ldshop.gg

DNS Response

8.222.160.10

8.222.229.130

8.222.176.52

DNS Response

8.222.229.130

8.222.160.10

8.222.176.52
8.8.8.8:53

49.4.236.47.in-addr.arpa

dns

140 B
282 B
2
2

DNS Request

49.4.236.47.in-addr.arpa

DNS Request

49.4.236.47.in-addr.arpa
8.8.8.8:53

10.28.171.150.in-addr.arpa

dns

298 B
454 B
4
4

DNS Request

10.28.171.150.in-addr.arpa

DNS Request

226.187.250.142.in-addr.arpa

DNS Request

securepubads.g.doubleclick.net

DNS Response

216.58.204.66

DNS Request

securepubads.g.doubleclick.net

DNS Response

216.58.204.66
173.194.69.84:443

accounts.google.com

https

chrome.exe

1.9kB
7.2kB
9
9
142.250.200.34:443

googleads.g.doubleclick.net

https

chrome.exe

2.9kB
6.5kB
5
8
142.250.179.246:443

play-lh.googleusercontent.com

https

chrome.exe

2.7kB
23.7kB
14
24
216.58.204.66:443

securepubads.g.doubleclick.net

https

chrome.exe

32.1kB
153.1kB
97
158
142.250.200.34:443

googleads.g.doubleclick.net

https

chrome.exe

22.6kB
77.4kB
70
100
8.8.8.8:53

c.amazon-adsystem.com

dns

chrome.exe

736 B
1.7kB
11
11

DNS Request

c.amazon-adsystem.com

DNS Response

65.9.98.75

DNS Request

prg.smartadserver.com

DNS Response

178.32.197.48

149.202.238.97

5.135.209.96

91.134.110.129

5.196.111.64

217.182.178.224

178.32.210.226

164.132.25.177

5.196.111.65

149.202.238.96

5.135.209.97

178.32.210.227

51.178.195.209

91.134.110.128

178.32.197.49

217.182.178.225

164.132.25.176

51.178.195.208

DNS Request

tpc.googlesyndication.com

DNS Response

142.250.187.225

DNS Request

id.hadron.ad.gt

DNS Response

172.67.23.234

104.22.5.69

104.22.4.69

DNS Request

35.95.9.65.in-addr.arpa

DNS Request

imageproxy.eu.criteo.net

DNS Response

178.250.1.15

DNS Request

14.25.17.104.in-addr.arpa

DNS Request

d.turn.com

DNS Response

46.228.164.13

DNS Request

dsp-cookie.adfarm1.adition.com

DNS Response

80.82.210.217

DNS Request

cms.quantserve.com

DNS Request

cms.quantserve.com

DNS Response

91.228.74.200

91.228.74.244

91.228.74.159

91.228.74.166

DNS Response

91.228.74.166

91.228.74.244

91.228.74.159

91.228.74.200
8.8.8.8:53

cdn.jsdelivr.net

dns

chrome.exe

399 B
998 B
6
6

DNS Request

cdn.jsdelivr.net

DNS Response

151.101.65.229

151.101.193.229

151.101.129.229

151.101.1.229

DNS Request

prebid-stag.setupad.net

DNS Response

172.67.68.162

104.26.8.178

104.26.9.178

DNS Request

secure.cdn.fastclick.net

DNS Response

104.78.175.230

DNS Request

match.adsrvr.org

DNS Response

52.223.40.198

15.197.193.217

3.33.220.150

35.71.131.137

DNS Request

proc.ad.cpe.dotomi.com

DNS Response

63.215.202.146

89.207.16.210

63.215.202.178

64.158.223.146

89.207.16.146

DNS Request

proc.ad.cpe.dotomi.com

DNS Response

63.215.202.178

89.207.16.146

64.158.223.146

63.215.202.146

89.207.16.210
8.8.8.8:53

49.31.18.104.in-addr.arpa

dns

509 B
934 B
8
8

DNS Request

49.31.18.104.in-addr.arpa

DNS Request

rtb.openx.net

DNS Response

35.227.252.103

35.186.253.211

DNS Request

cdn.id5-sync.com

DNS Response

104.22.53.86

172.67.38.106

104.22.52.86

DNS Request

c1.adform.net

DNS Response

37.157.5.87

37.157.4.29

37.157.5.132

37.157.4.28

37.157.5.133

37.157.5.84

DNS Request

cat.nl3.eu.criteo.com

DNS Response

178.250.1.6

DNS Request

64.98.95.141.in-addr.arpa

DNS Request

us-u.openx.net

DNS Response

34.98.64.218

35.244.159.8

DNS Request

us-u.openx.net

DNS Response

34.98.64.218

35.244.159.8
8.8.8.8:53

246.179.250.142.in-addr.arpa

dns

424 B
855 B
6
6

DNS Request

246.179.250.142.in-addr.arpa

DNS Request

prebid-eu.creativecdn.com

DNS Response

185.184.8.90

DNS Request

tags.crwdcntrl.net

DNS Response

65.9.95.6

65.9.95.74

65.9.95.19

65.9.95.100

DNS Request

ib.adnxs.com

DNS Response

37.252.171.21

37.252.171.52

37.252.171.85

37.252.171.53

37.252.173.215

37.252.172.123

37.252.171.149

DNS Request

229.65.101.151.in-addr.arpa

DNS Request

staticassets-creator-design.criteo.net

DNS Response

178.250.1.22
8.8.8.8:53

id5-sync.com

dns

chrome.exe

388 B
897 B
6
6

DNS Request

id5-sync.com

DNS Response

141.95.98.64

141.95.33.120

162.19.138.120

162.19.138.118

162.19.138.83

162.19.138.116

141.95.98.65

162.19.138.82

162.19.138.117

162.19.138.119

DNS Request

config.aps.amazon-adsystem.com

DNS Response

65.9.95.30

65.9.95.29

65.9.95.83

65.9.95.3

DNS Request

rtb.nl3.eu.criteo.com

DNS Response

178.250.1.10

DNS Request

bcp.crwdcntrl.net

DNS Response

99.80.212.73

54.229.139.118

54.72.167.29

34.255.22.73

52.214.114.199

54.77.205.105

DNS Request

11.1.250.178.in-addr.arpa

DNS Request

a.ad.gt

DNS Response

172.67.23.234

104.22.4.69

104.22.5.69
8.8.8.8:53

192.114.245.47.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

192.114.245.47.in-addr.arpa
8.8.8.8:53

gum.criteo.com

dns

chrome.exe

192 B
559 B
3
3

DNS Request

gum.criteo.com

DNS Response

178.250.1.11

DNS Request

lb.eu-1-id5-sync.com

DNS Request

lb.eu-1-id5-sync.com

DNS Response

162.19.138.119

141.95.98.64

162.19.138.116

162.19.138.117

141.95.98.65

141.95.33.120

162.19.138.83

162.19.138.118

162.19.138.82

162.19.138.120

DNS Response

141.95.98.64

162.19.138.117

141.95.98.65

162.19.138.83

162.19.138.116

162.19.138.119

141.95.33.120

162.19.138.120

162.19.138.118

162.19.138.82
8.8.8.8:53

66.204.58.216.in-addr.arpa

dns

769 B
1.5kB
11
11

DNS Request

66.204.58.216.in-addr.arpa

DNS Request

prebid.a-mo.net

DNS Response

163.5.194.33

163.5.194.36

163.5.194.30

163.5.194.31

163.5.194.32

163.5.194.34

163.5.194.37

163.5.194.35

DNS Request

u.openx.net

DNS Response

35.244.159.8

34.98.64.218

DNS Request

cm.g.doubleclick.net

DNS Response

142.250.179.226

DNS Request

2fbf12eaa8a49eada63f10cc12fc1285.safeframe.googlesyndication.com

DNS Response

142.250.180.1

DNS Request

75.98.9.65.in-addr.arpa

DNS Request

eu-u.openx.net

DNS Response

35.244.159.8

34.98.64.218

DNS Request

15.1.250.178.in-addr.arpa

DNS Request

dis.eu.criteo.com

DNS Response

178.250.1.9

DNS Request

equativ-match.dotomi.com

DNS Request

equativ-match.dotomi.com

DNS Response

63.215.202.172

DNS Response

89.207.16.137
8.8.8.8:53

10.160.222.8.in-addr.arpa

dns

142 B
284 B
2
2

DNS Request

10.160.222.8.in-addr.arpa

DNS Request

10.160.222.8.in-addr.arpa
8.8.8.8:53

2.200.250.142.in-addr.arpa

dns

267 B
531 B
4
4

DNS Request

2.200.250.142.in-addr.arpa

DNS Request

aax.amazon-adsystem.com

DNS Response

65.9.9.197

DNS Request

ads.eu.criteo.com

DNS Response

178.250.1.17

DNS Request

ads.eu.criteo.com

DNS Response

178.250.1.17
8.8.8.8:53

1.180.250.142.in-addr.arpa

dns

220 B
322 B
3
3

DNS Request

1.180.250.142.in-addr.arpa

DNS Request

region1.analytics.google.com

DNS Response

216.239.34.36

216.239.32.36

DNS Request

region1.analytics.google.com

DNS Response

216.239.34.36

216.239.32.36
216.239.34.36:443

region1.analytics.google.com

https

chrome.exe

14.6kB
9.6kB
42
46
35.244.159.8:443

eu-u.openx.net

https

chrome.exe

6.8kB
6.6kB
19
21
142.250.200.4:443

www.google.com

https

chrome.exe

3.2kB
9.2kB
13
18
8.8.8.8:53

162.68.67.172.in-addr.arpa

dns

657 B
1.3kB
10
10

DNS Request

162.68.67.172.in-addr.arpa

DNS Request

uipglob.semasio.net

DNS Response

77.243.51.121

77.243.51.122

DNS Request

233.2.157.37.in-addr.arpa

DNS Request

33.200.250.142.in-addr.arpa

DNS Request

csync.loopme.me

DNS Response

34.1.230.204

35.214.166.54

34.1.239.132

35.214.135.128

35.214.174.183

35.214.185.177

35.214.219.142

DNS Request

creativecdn.com

DNS Response

185.184.8.90

DNS Request

52.171.252.37.in-addr.arpa

DNS Request

dsp.nrich.ai

DNS Response

51.255.68.171

DNS Request

prebid.adnxs.com

DNS Request

prebid.adnxs.com

DNS Response

185.89.208.11

DNS Response

185.89.208.11
8.8.8.8:53

103.252.227.35.in-addr.arpa

dns

427 B
699 B
5
5

DNS Request

103.252.227.35.in-addr.arpa

DNS Request

csm.eu.criteo.net

DNS Response

178.250.1.25

DNS Request

22.1.250.178.in-addr.arpa

DNS Request

06134f23dbc458b93bea8afca61e22c8.safeframe.googlesyndication.com

DNS Request

06134f23dbc458b93bea8afca61e22c8.safeframe.googlesyndication.com

DNS Response

142.250.180.1

DNS Response

142.250.180.1
8.8.8.8:53

90.8.184.185.in-addr.arpa

dns

545 B
1.1kB
8
8

DNS Request

90.8.184.185.in-addr.arpa

DNS Request

cm.adform.net

DNS Response

37.157.2.233

37.157.3.26

37.157.2.228

37.157.2.229

37.157.2.230

DNS Request

25.1.250.178.in-addr.arpa

DNS Request

50.108.171.54.in-addr.arpa

DNS Request

x.bidswitch.net

DNS Response

35.214.136.108

DNS Request

204.230.1.34.in-addr.arpa

DNS Request

ads.creative-serving.com

DNS Request

ads.creative-serving.com

DNS Response

35.214.241.248

DNS Response

35.214.241.248
8.8.8.8:53

33.194.5.163.in-addr.arpa

dns

323 B
803 B
5
5

DNS Request

33.194.5.163.in-addr.arpa

DNS Request

node.setupad.com

DNS Response

159.89.25.223

DNS Request

121.51.243.77.in-addr.arpa

DNS Request

sync.a-mo.net

DNS Response

163.5.194.36

163.5.194.35

163.5.194.33

163.5.194.34

163.5.194.30

163.5.194.31

163.5.194.32

163.5.194.37

DNS Request

sync.a-mo.net

DNS Response

163.5.194.32

163.5.194.35

163.5.194.33

163.5.194.31

163.5.194.36

163.5.194.30

163.5.194.37

163.5.194.34
8.8.8.8:53

132.5.157.37.in-addr.arpa

dns

227 B
1.0kB
3
3

DNS Request

132.5.157.37.in-addr.arpa

DNS Request

ssbsync-global.smartadserver.com

DNS Request

ssbsync-global.smartadserver.com

DNS Response

5.135.209.100

51.178.195.213

91.134.110.132

217.182.178.228

178.32.210.231

164.132.25.180

149.202.238.101

5.196.111.68

5.196.111.69

149.202.238.100

164.132.25.181

178.32.210.230

178.32.197.53

178.32.197.52

51.178.195.212

217.182.178.229

91.134.110.133

5.135.209.101

DNS Response

149.202.238.100

5.135.209.100

5.196.111.69

217.182.178.229

178.32.210.230

164.132.25.180

164.132.25.181

149.202.238.101

91.134.110.133

178.32.210.231

51.178.195.213

91.134.110.132

178.32.197.53

51.178.195.212

5.196.111.68

217.182.178.228

5.135.209.101

178.32.197.52
8.8.8.8:53

48.197.32.178.in-addr.arpa

dns

535 B
1.2kB
8
8

DNS Request

48.197.32.178.in-addr.arpa

DNS Request

6.1.250.178.in-addr.arpa

DNS Request

cdn.ampproject.org

DNS Response

142.250.200.33

DNS Request

secure.adnxs.com

DNS Response

37.252.171.52

37.252.171.21

37.252.173.215

37.252.172.123

37.252.171.149

37.252.171.85

37.252.171.53

DNS Request

pr-bh.ybp.yahoo.com

DNS Response

34.249.211.147

34.255.52.126

52.31.116.215

34.249.222.253

DNS Request

89.193.149.89.in-addr.arpa

DNS Request

image8.pubmatic.com

DNS Request

image8.pubmatic.com

DNS Response

198.47.127.18

DNS Response

198.47.127.18
8.8.8.8:53

119.138.19.162.in-addr.arpa

dns

884 B
1.9kB
12
12

DNS Request

119.138.19.162.in-addr.arpa

DNS Request

ice.360yield.com

DNS Response

54.75.14.246

54.229.250.166

54.72.215.169

34.249.121.67

108.128.214.95

54.76.230.133

34.245.251.238

52.213.241.4

DNS Request

223.25.89.159.in-addr.arpa

DNS Request

13.164.228.46.in-addr.arpa

DNS Request

tr.blismedia.com

DNS Response

34.96.105.8

DNS Request

217.210.82.80.in-addr.arpa

DNS Request

ads.betweendigital.com

DNS Response

188.42.189.197

188.42.34.64

188.42.196.115

188.42.191.196

188.42.189.231

188.42.34.65

DNS Request

ow.pubmatic.com

DNS Response

185.64.190.84

DNS Request

18.127.47.198.in-addr.arpa

DNS Request

47.216.127.79.in-addr.arpa

DNS Request

c0f488aa5dced54740a0f1891a1b6ede.nrb.footprintdns.com

DNS Request

c0f488aa5dced54740a0f1891a1b6ede.nrb.footprintdns.com

DNS Response

40.101.70.18

52.97.148.210

40.101.69.34

52.97.141.82

52.97.159.210

40.101.70.194

52.97.154.162

40.101.69.194

DNS Response

52.97.159.210

40.101.70.194

52.97.128.2

52.97.142.2

52.97.174.2

40.101.76.162

52.97.176.98

40.99.220.18
8.8.8.8:53

30.95.9.65.in-addr.arpa

dns

69 B
123 B
1
1

DNS Request

30.95.9.65.in-addr.arpa
8.8.8.8:53

197.9.9.65.in-addr.arpa

dns

69 B
123 B
1
1

DNS Request

197.9.9.65.in-addr.arpa
8.8.8.8:53

86.53.22.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

86.53.22.104.in-addr.arpa
8.8.8.8:53

173.53.22.104.in-addr.arpa

dns

539 B
1.1kB
8
8

DNS Request

173.53.22.104.in-addr.arpa

DNS Request

3.1.250.178.in-addr.arpa

DNS Request

rtb.gumgum.com

DNS Response

54.171.108.50

52.51.194.191

63.34.183.238

52.210.179.202

52.19.105.179

54.73.12.34

52.214.64.207

54.194.165.207

DNS Request

setupad-d.openx.net

DNS Response

35.244.159.8

34.98.64.218

DNS Request

assets.a-mo.net

DNS Response

104.19.158.19

104.19.159.19

DNS Request

36.194.5.163.in-addr.arpa

DNS Request

pixel.rubiconproject.com

DNS Request

pixel.rubiconproject.com

DNS Response

69.173.156.148

69.173.156.149

DNS Response

69.173.156.148

69.173.156.149
8.8.8.8:53

230.175.78.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

230.175.78.104.in-addr.arpa
8.8.8.8:53

6.95.9.65.in-addr.arpa

dns

68 B
121 B
1
1

DNS Request

6.95.9.65.in-addr.arpa
8.8.8.8:53

8.159.244.35.in-addr.arpa

dns

71 B
122 B
1
1

DNS Request

8.159.244.35.in-addr.arpa
8.8.8.8:53

225.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

225.187.250.142.in-addr.arpa
8.8.8.8:53

10.1.250.178.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

10.1.250.178.in-addr.arpa
8.8.8.8:53

17.1.250.178.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

17.1.250.178.in-addr.arpa
8.8.8.8:53

226.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

226.179.250.142.in-addr.arpa
8.8.8.8:53

198.40.223.52.in-addr.arpa

dns

72 B
128 B
1
1

DNS Request

198.40.223.52.in-addr.arpa
8.8.8.8:53

87.5.157.37.in-addr.arpa

dns

70 B
130 B
1
1

DNS Request

87.5.157.37.in-addr.arpa
8.8.8.8:53

21.171.252.37.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

21.171.252.37.in-addr.arpa
8.8.8.8:53

74.122.95.52.in-addr.arpa

dns

71 B
142 B
1
1

DNS Request

74.122.95.52.in-addr.arpa
8.8.8.8:53

234.23.67.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

234.23.67.172.in-addr.arpa
8.8.8.8:53

73.212.80.99.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

73.212.80.99.in-addr.arpa
8.8.8.8:53

146.202.215.63.in-addr.arpa

dns

73 B
117 B
1
1

DNS Request

146.202.215.63.in-addr.arpa
8.8.8.8:53

cdnjs.cloudflare.com

dns

chrome.exe

66 B
98 B
1
1

DNS Request

cdnjs.cloudflare.com

DNS Response

104.17.25.14

104.17.24.14
8.8.8.8:53

100.209.135.5.in-addr.arpa

dns

288 B
1.1kB
4
4

DNS Request

100.209.135.5.in-addr.arpa

DNS Request

9.1.250.178.in-addr.arpa

DNS Request

rtb-csync.smartadserver.com

DNS Request

rtb-csync.smartadserver.com

DNS Response

89.149.193.89

89.149.193.104

81.17.55.116

89.149.193.105

81.17.55.173

81.17.55.172

89.149.193.88

81.17.55.106

89.149.193.120

89.149.192.73

89.149.193.121

81.17.55.117

89.149.192.201

81.17.55.97

89.149.192.74

89.149.192.200

DNS Response

89.149.193.88

81.17.55.172

81.17.55.97

89.149.193.105

89.149.192.74

89.149.192.73

89.149.193.89

81.17.55.117

81.17.55.106

89.149.192.201

89.149.193.120

89.149.193.104

81.17.55.116

81.17.55.173

89.149.193.121

89.149.192.200
8.8.8.8:53

246.14.75.54.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

246.14.75.54.in-addr.arpa
142.250.187.225:443

tpc.googlesyndication.com

https

chrome.exe

2.4kB
13.9kB
12
16
142.250.200.34:443

googleads.g.doubleclick.net

https

chrome.exe

1.6kB
6.5kB
4
8
142.250.200.4:443

www.google.com

https

chrome.exe

2.9kB
7.1kB
5
8
142.250.180.3:443

www.google.co.uk

https

chrome.exe

3.3kB
7.5kB
11
8
35.227.252.103:443

rtb.openx.net

https

chrome.exe

1.6kB
3.9kB
4
6
142.250.187.225:443

tpc.googlesyndication.com

https

chrome.exe

3.7kB
7.9kB
9
12
35.227.252.103:443

rtb.openx.net

https

chrome.exe

3.6kB
4.6kB
10
12
142.250.179.226:443

cm.g.doubleclick.net

https

chrome.exe

5.5kB
11.5kB
19
22
34.96.105.8:443

tr.blismedia.com

https

chrome.exe

1.7kB
5.1kB
5
7
8.8.8.8:53

172.202.215.63.in-addr.arpa

dns

825 B
1.6kB
12
11

DNS Request

172.202.215.63.in-addr.arpa

DNS Request

image2.pubmatic.com

DNS Response

185.64.191.210

DNS Request

155.36.18.104.in-addr.arpa

DNS Request

11.208.89.185.in-addr.arpa

DNS Request

254.4.107.13.in-addr.arpa

DNS Request

68.159.190.20.in-addr.arpa

DNS Request

92.129.74.13.in-addr.arpa

DNS Request

132.194.113.52.in-addr.arpa

DNS Request

arc.msn.com

DNS Response

20.199.58.43

DNS Request

arc.msn.com

DNS Response

20.74.47.205

DNS Request

205.47.74.20.in-addr.arpa

DNS Request

205.47.74.20.in-addr.arpa
8.8.8.8:53

8.105.96.34.in-addr.arpa

dns

140 B
240 B
2
2

DNS Request

8.105.96.34.in-addr.arpa

DNS Request

8.105.96.34.in-addr.arpa
8.8.8.8:53

108.136.214.35.in-addr.arpa

dns

241 B
660 B
4
4

DNS Request

108.136.214.35.in-addr.arpa

DNS Request

ap.lijit.com

DNS Response

52.48.236.83

34.250.210.82

63.34.78.4

52.214.82.84

54.76.198.232

52.17.212.168

34.252.62.212

52.50.239.198

DNS Request

id.rtb.mx

DNS Request

id.rtb.mx

DNS Response

79.127.216.47

79.127.227.46

DNS Response

79.127.216.47

79.127.227.46
8.8.8.8:53

147.211.249.34.in-addr.arpa

dns

187 B
315 B
3
3

DNS Request

147.211.249.34.in-addr.arpa

DNS Request

id.a-mx.com

DNS Request

id.a-mx.com

DNS Response

79.127.227.46

79.127.216.47

DNS Response

79.127.227.46

79.127.216.47
8.8.8.8:53

200.74.228.91.in-addr.arpa

dns

268 B
516 B
4
4

DNS Request

200.74.228.91.in-addr.arpa

DNS Request

ssum.casalemedia.com

DNS Response

104.18.36.155

172.64.151.101

DNS Request

image4.pubmatic.com

DNS Request

image4.pubmatic.com

DNS Response

198.47.127.20

DNS Response

198.47.127.20
8.8.8.8:53

19.158.19.104.in-addr.arpa

dns

192 B
510 B
3
3

DNS Request

19.158.19.104.in-addr.arpa

DNS Request

pb-am.a-mo.net

DNS Request

pb-am.a-mo.net

DNS Response

163.5.194.36

163.5.194.35

163.5.194.31

163.5.194.37

163.5.194.33

163.5.194.30

163.5.194.32

163.5.194.34

DNS Response

163.5.194.30

163.5.194.37

163.5.194.32

163.5.194.31

163.5.194.34

163.5.194.33

163.5.194.36

163.5.194.35
35.214.136.108:443

x.bidswitch.net

https

chrome.exe

1.3kB
1
104.18.36.155:443

ssum.casalemedia.com

https

chrome.exe

1.8kB
4.2kB
7
8
35.214.241.248:443

ads.creative-serving.com

https

chrome.exe

1.3kB
1
8.8.8.8:53

148.156.173.69.in-addr.arpa

dns

351 B
706 B
5
5

DNS Request

148.156.173.69.in-addr.arpa

DNS Request

c-ring.msedge.net

DNS Response

13.107.4.254

DNS Request

254.73.171.150.in-addr.arpa

DNS Request

122.10.44.20.in-addr.arpa

DNS Request

122.10.44.20.in-addr.arpa
8.8.8.8:53

46.227.127.79.in-addr.arpa

dns

337 B
1.1kB
5
5

DNS Request

46.227.127.79.in-addr.arpa

DNS Request

84.190.64.185.in-addr.arpa

DNS Request

254.226.107.13.in-addr.arpa

DNS Request

login.live.com

DNS Request

login.live.com

DNS Response

20.190.159.68

20.190.159.0

20.190.159.2

20.190.159.4

20.190.159.71

20.190.159.64

40.126.31.67

40.126.31.69

DNS Response

40.126.32.68

40.126.32.133

40.126.32.72

20.190.160.20

40.126.32.76

20.190.160.22

20.190.160.17

20.190.160.14
8.8.8.8:53

248.241.214.35.in-addr.arpa

dns

203 B
434 B
3
3

DNS Request

248.241.214.35.in-addr.arpa

DNS Request

ev2-ring.msedge.net

DNS Request

ev2-ring.msedge.net

DNS Response

150.171.64.254

150.171.31.254

DNS Response

150.171.31.254

150.171.64.254
8.8.8.8:53

83.236.48.52.in-addr.arpa

dns

142 B
266 B
2
2

DNS Request

83.236.48.52.in-addr.arpa

DNS Request

83.236.48.52.in-addr.arpa
8.8.8.8:53

171.68.255.51.in-addr.arpa

dns

202 B
419 B
3
3

DNS Request

171.68.255.51.in-addr.arpa

DNS Request

arc-ring.msedge.net

DNS Request

arc-ring.msedge.net

DNS Response

172.202.65.254

172.202.64.254

DNS Response

172.202.65.254

172.202.64.254
8.8.8.8:53

197.189.42.188.in-addr.arpa

dns

469 B
1.4kB
7
7

DNS Request

197.189.42.188.in-addr.arpa

DNS Request

t-ring-fallback-s2.msedge.net

DNS Response

13.107.226.254

DNS Request

254.64.171.150.in-addr.arpa

DNS Request

g.live.com

DNS Response

13.74.129.92

DNS Request

21.197.219.23.in-addr.arpa

DNS Request

login.live.com

DNS Request

login.live.com

DNS Response

40.126.32.74

40.126.32.133

20.190.160.20

20.190.160.17

20.190.160.14

40.126.32.136

40.126.32.138

40.126.32.68

DNS Response

40.126.32.134

40.126.32.72

40.126.32.74

20.190.160.22

40.126.32.68

40.126.32.140

20.190.160.20

40.126.32.76
8.8.8.8:53

210.191.64.185.in-addr.arpa

dns

608 B
1.5kB
9
9

DNS Request

210.191.64.185.in-addr.arpa

DNS Request

bx-ring.msedge.net

DNS Response

150.171.73.254

150.171.74.254

DNS Request

18.70.101.40.in-addr.arpa

DNS Request

oneclient.sfx.ms

DNS Response

23.219.197.21

DNS Request

config.teams.microsoft.com

DNS Response

52.113.194.132

DNS Request

74.32.126.40.in-addr.arpa

DNS Request

43.58.199.20.in-addr.arpa

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

150.171.28.10

150.171.27.10

DNS Response

150.171.27.10

150.171.28.10
8.8.8.8:53

20.127.47.198.in-addr.arpa

dns

299 B
687 B
4
4

DNS Request

20.127.47.198.in-addr.arpa

DNS Request

254.65.202.172.in-addr.arpa

DNS Request

browser.pipe.aria.microsoft.com

DNS Request

browser.pipe.aria.microsoft.com

DNS Response

20.44.10.122

DNS Response

20.44.10.122
216.239.34.36:443

region1.analytics.google.com

https

chrome.exe

1.4kB
5.4kB
3
5
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

128 B
331 B
2
2

DNS Request

55.36.223.20.in-addr.arpa

DNS Request

arc.msn.com

DNS Response

20.103.156.88
8.8.8.8:53

54.120.234.20.in-addr.arpa

dns

144 B
316 B
2
2

DNS Request

54.120.234.20.in-addr.arpa

DNS Request

88.156.103.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

System Information Discovery